diff options
author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2008-07-01 15:00:55 +0000 |
---|---|---|
committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2008-07-01 15:00:55 +0000 |
commit | ec17add7bc79551b55da5b3f390fa5e620127244 (patch) | |
tree | d6dd3dac752697b62aeac06e0d235f2631a6fcfd /regress/sbin/ipsecctl/ike58.ok | |
parent | 9c78cb2146f35e6ffd5b0e0a09831b3f586c8f15 (diff) |
Isakmpd acquire mode did not work with a config generated from
ipsec.conf. The config created by isakmpd dynamically was different
from the config that ipsecctl generated out of ipsec.conf.
Both config formats are changed so that they match. One needs a
passive ike line and a require flow line with the same parameters
in the ipsec.conf. Then the acquire message generated by the kernel
will trigger isakmpd to generate a config that matches the one that
ipsecctl generated from the ike line.
ok hshoexer, 'sounds good' todd
Diffstat (limited to 'regress/sbin/ipsecctl/ike58.ok')
-rw-r--r-- | regress/sbin/ipsecctl/ike58.ok | 102 |
1 files changed, 51 insertions, 51 deletions
diff --git a/regress/sbin/ipsecctl/ike58.ok b/regress/sbin/ipsecctl/ike58.ok index 55716265dd3..bc2f331a252 100644 --- a/regress/sbin/ipsecctl/ike58.ok +++ b/regress/sbin/ipsecctl/ike58.ok @@ -1,57 +1,57 @@ C set [Phase 1]:Default=peer-default force C set [peer-default]:Phase=1 force -C set [peer-default]:Configuration=mm-default force -C set [mm-default]:EXCHANGE_TYPE=ID_PROT force -C add [mm-default]:Transforms=AES-SHA-RSA_SIG force -C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Phase=2 force -C set [IPsec-0.0.0.0/0-0.0.0.0/0]:ISAKMP-peer=peer-default force -C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Configuration=qm-0.0.0.0/0-0.0.0.0/0 force -C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Local-ID=lid-0.0.0.0/0 force -C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force -C set [qm-0.0.0.0/0-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force -C set [qm-0.0.0.0/0-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force -C set [lid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force -C set [lid-0.0.0.0/0]:Network=0.0.0.0 force -C set [lid-0.0.0.0/0]:Netmask=0.0.0.0 force -C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force -C set [rid-0.0.0.0/0]:Network=0.0.0.0 force -C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force -C add [Phase 2]:Connections=IPsec-0.0.0.0/0-0.0.0.0/0 +C set [peer-default]:Configuration=phase1-peer-default force +C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force +C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force +C set [from-0.0.0.0/0-to-0.0.0.0/0]:Phase=2 force +C set [from-0.0.0.0/0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force +C set [from-0.0.0.0/0-to-0.0.0.0/0]:Configuration=phase2-from-0.0.0.0/0-to-0.0.0.0/0 force +C set [from-0.0.0.0/0-to-0.0.0.0/0]:Local-ID=from-0.0.0.0/0 force +C set [from-0.0.0.0/0-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force +C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force +C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force +C set [from-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force +C set [from-0.0.0.0/0]:Network=0.0.0.0 force +C set [from-0.0.0.0/0]:Netmask=0.0.0.0 force +C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force +C set [to-0.0.0.0/0]:Network=0.0.0.0 force +C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force +C add [Phase 2]:Connections=from-0.0.0.0/0-to-0.0.0.0/0 C set [Phase 1]:Default=peer-default force C set [peer-default]:Phase=1 force -C set [peer-default]:Configuration=mm-default force -C set [mm-default]:EXCHANGE_TYPE=ID_PROT force -C add [mm-default]:Transforms=AES-SHA-RSA_SIG force -C set [IPsec-::/0-::/0]:Phase=2 force -C set [IPsec-::/0-::/0]:ISAKMP-peer=peer-default force -C set [IPsec-::/0-::/0]:Configuration=qm-::/0-::/0 force -C set [IPsec-::/0-::/0]:Local-ID=lid-::/0 force -C set [IPsec-::/0-::/0]:Remote-ID=rid-::/0 force -C set [qm-::/0-::/0]:EXCHANGE_TYPE=QUICK_MODE force -C set [qm-::/0-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force -C set [lid-::/0]:ID-type=IPV6_ADDR_SUBNET force -C set [lid-::/0]:Network=:: force -C set [lid-::/0]:Netmask=:: force -C set [rid-::/0]:ID-type=IPV6_ADDR_SUBNET force -C set [rid-::/0]:Network=:: force -C set [rid-::/0]:Netmask=:: force -C add [Phase 2]:Connections=IPsec-::/0-::/0 +C set [peer-default]:Configuration=phase1-peer-default force +C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force +C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force +C set [from-::/0-to-::/0]:Phase=2 force +C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force +C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force +C set [from-::/0-to-::/0]:Local-ID=from-::/0 force +C set [from-::/0-to-::/0]:Remote-ID=to-::/0 force +C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force +C set [phase2-from-::/0-to-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force +C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force +C set [from-::/0]:Network=:: force +C set [from-::/0]:Netmask=:: force +C set [to-::/0]:ID-type=IPV6_ADDR_SUBNET force +C set [to-::/0]:Network=:: force +C set [to-::/0]:Netmask=:: force +C add [Phase 2]:Connections=from-::/0-to-::/0 C set [Phase 1]:Default=peer-default force C set [peer-default]:Phase=1 force -C set [peer-default]:Configuration=mm-default force -C set [mm-default]:EXCHANGE_TYPE=ID_PROT force -C add [mm-default]:Transforms=AES-SHA-RSA_SIG force -C set [IPsec-::/0-::/0]:Phase=2 force -C set [IPsec-::/0-::/0]:ISAKMP-peer=peer-default force -C set [IPsec-::/0-::/0]:Configuration=qm-::/0-::/0 force -C set [IPsec-::/0-::/0]:Local-ID=lid-::/0 force -C set [IPsec-::/0-::/0]:Remote-ID=rid-::/0 force -C set [qm-::/0-::/0]:EXCHANGE_TYPE=QUICK_MODE force -C set [qm-::/0-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force -C set [lid-::/0]:ID-type=IPV6_ADDR_SUBNET force -C set [lid-::/0]:Network=:: force -C set [lid-::/0]:Netmask=:: force -C set [rid-::/0]:ID-type=IPV6_ADDR_SUBNET force -C set [rid-::/0]:Network=:: force -C set [rid-::/0]:Netmask=:: force -C add [Phase 2]:Connections=IPsec-::/0-::/0 +C set [peer-default]:Configuration=phase1-peer-default force +C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force +C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force +C set [from-::/0-to-::/0]:Phase=2 force +C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force +C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force +C set [from-::/0-to-::/0]:Local-ID=from-::/0 force +C set [from-::/0-to-::/0]:Remote-ID=to-::/0 force +C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force +C set [phase2-from-::/0-to-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force +C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force +C set [from-::/0]:Network=:: force +C set [from-::/0]:Netmask=:: force +C set [to-::/0]:ID-type=IPV6_ADDR_SUBNET force +C set [to-::/0]:Network=:: force +C set [to-::/0]:Netmask=:: force +C add [Phase 2]:Connections=from-::/0-to-::/0 |