summaryrefslogtreecommitdiff
path: root/regress/sbin/ipsecctl
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2012-09-17 20:40:50 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2012-09-17 20:40:50 +0000
commit2b7a5c358870817d18a452b0676d88d9ba98c567 (patch)
tree07440a8ab7ea57237fa01a4384a8163195c53039 /regress/sbin/ipsecctl
parent752fa1cc83f784cf43ad570b1a443c92d5d84021 (diff)
sync with transform-name-fix
Diffstat (limited to 'regress/sbin/ipsecctl')
-rw-r--r--regress/sbin/ipsecctl/ike1.ok28
-rw-r--r--regress/sbin/ipsecctl/ike10.ok28
-rw-r--r--regress/sbin/ipsecctl/ike11.ok56
-rw-r--r--regress/sbin/ipsecctl/ike12.ok84
-rw-r--r--regress/sbin/ipsecctl/ike13.ok84
-rw-r--r--regress/sbin/ipsecctl/ike14.ok252
-rw-r--r--regress/sbin/ipsecctl/ike15.ok28
-rw-r--r--regress/sbin/ipsecctl/ike16.ok28
-rw-r--r--regress/sbin/ipsecctl/ike17.ok56
-rw-r--r--regress/sbin/ipsecctl/ike18.ok56
-rw-r--r--regress/sbin/ipsecctl/ike19.ok28
-rw-r--r--regress/sbin/ipsecctl/ike2.ok28
-rw-r--r--regress/sbin/ipsecctl/ike20.ok56
-rw-r--r--regress/sbin/ipsecctl/ike21.ok28
-rw-r--r--regress/sbin/ipsecctl/ike22.ok28
-rw-r--r--regress/sbin/ipsecctl/ike23.ok28
-rw-r--r--regress/sbin/ipsecctl/ike29.ok28
-rw-r--r--regress/sbin/ipsecctl/ike3.ok28
-rw-r--r--regress/sbin/ipsecctl/ike30.ok28
-rw-r--r--regress/sbin/ipsecctl/ike31.ok28
-rw-r--r--regress/sbin/ipsecctl/ike32.ok32
-rw-r--r--regress/sbin/ipsecctl/ike33.ok32
-rw-r--r--regress/sbin/ipsecctl/ike34.ok28
-rw-r--r--regress/sbin/ipsecctl/ike35.ok28
-rw-r--r--regress/sbin/ipsecctl/ike36.ok28
-rw-r--r--regress/sbin/ipsecctl/ike37.ok28
-rw-r--r--regress/sbin/ipsecctl/ike38.ok28
-rw-r--r--regress/sbin/ipsecctl/ike39.ok56
-rw-r--r--regress/sbin/ipsecctl/ike4.ok28
-rw-r--r--regress/sbin/ipsecctl/ike40.ok56
-rw-r--r--regress/sbin/ipsecctl/ike41.ok36
-rw-r--r--regress/sbin/ipsecctl/ike42.ok28
-rw-r--r--regress/sbin/ipsecctl/ike43.ok28
-rw-r--r--regress/sbin/ipsecctl/ike46.ok56
-rw-r--r--regress/sbin/ipsecctl/ike47.ok56
-rw-r--r--regress/sbin/ipsecctl/ike48.ok56
-rw-r--r--regress/sbin/ipsecctl/ike49.ok28
-rw-r--r--regress/sbin/ipsecctl/ike5.ok28
-rw-r--r--regress/sbin/ipsecctl/ike50.ok28
-rw-r--r--regress/sbin/ipsecctl/ike51.ok28
-rw-r--r--regress/sbin/ipsecctl/ike52.ok28
-rw-r--r--regress/sbin/ipsecctl/ike53.ok14
-rw-r--r--regress/sbin/ipsecctl/ike54.ok14
-rw-r--r--regress/sbin/ipsecctl/ike55.ok14
-rw-r--r--regress/sbin/ipsecctl/ike56.ok28
-rw-r--r--regress/sbin/ipsecctl/ike57.ok84
-rw-r--r--regress/sbin/ipsecctl/ike58.ok84
-rw-r--r--regress/sbin/ipsecctl/ike59.ok28
-rw-r--r--regress/sbin/ipsecctl/ike6.ok56
-rw-r--r--regress/sbin/ipsecctl/ike60.ok84
-rw-r--r--regress/sbin/ipsecctl/ike61.ok280
-rw-r--r--regress/sbin/ipsecctl/ike62.ok84
-rw-r--r--regress/sbin/ipsecctl/ike63.ok28
-rw-r--r--regress/sbin/ipsecctl/ike64.ok28
-rw-r--r--regress/sbin/ipsecctl/ike65.ok28
-rw-r--r--regress/sbin/ipsecctl/ike66.ok28
-rw-r--r--regress/sbin/ipsecctl/ike67.ok28
-rw-r--r--regress/sbin/ipsecctl/ike68.ok28
-rw-r--r--regress/sbin/ipsecctl/ike7.ok56
-rw-r--r--regress/sbin/ipsecctl/ike8.ok28
-rw-r--r--regress/sbin/ipsecctl/ike9.ok28
61 files changed, 1401 insertions, 1401 deletions
diff --git a/regress/sbin/ipsecctl/ike1.ok b/regress/sbin/ipsecctl/ike1.ok
index 5327beb6b08..95dc6f78ec2 100644
--- a/regress/sbin/ipsecctl/ike1.ok
+++ b/regress/sbin/ipsecctl/ike1.ok
@@ -3,13 +3,13 @@ C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-131.188.33.51-to-131.188.33.29]:Phase=2 force
C set [from-131.188.33.51-to-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
C set [from-131.188.33.51-to-131.188.33.29]:Configuration=phase2-from-131.188.33.51-to-131.188.33.29 force
@@ -19,13 +19,13 @@ C set [phase2-from-131.188.33.51-to-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE forc
C set [phase2-from-131.188.33.51-to-131.188.33.29]:Suites=phase2-suite-from-131.188.33.51-to-131.188.33.29 force
C set [phase2-suite-from-131.188.33.51-to-131.188.33.29]:Protocols=phase2-protocol-from-131.188.33.51-to-131.188.33.29 force
C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:Transforms=phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:Transforms=phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-131.188.33.51]:ID-type=IPV4_ADDR force
C set [from-131.188.33.51]:Address=131.188.33.51 force
C set [to-131.188.33.29]:ID-type=IPV4_ADDR force
diff --git a/regress/sbin/ipsecctl/ike10.ok b/regress/sbin/ipsecctl/ike10.ok
index a560e3a97c8..71e61095461 100644
--- a/regress/sbin/ipsecctl/ike10.ok
+++ b/regress/sbin/ipsecctl/ike10.ok
@@ -3,13 +3,13 @@ C set [peer-192.168.200.1]:Phase=1 force
C set [peer-192.168.200.1]:Address=192.168.200.1 force
C set [peer-192.168.200.1]:Configuration=phase1-peer-192.168.200.1 force
C set [phase1-peer-192.168.200.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-192.168.200.1]:Transforms=phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-192.168.200.1]:Transforms=phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-192.168.100.1=97-to-192.168.200.1=97]:Phase=2 force
C set [from-192.168.100.1=97-to-192.168.200.1=97]:ISAKMP-peer=peer-192.168.200.1 force
C set [from-192.168.100.1=97-to-192.168.200.1=97]:Configuration=phase2-from-192.168.100.1=97-to-192.168.200.1=97 force
@@ -19,13 +19,13 @@ C set [phase2-from-192.168.100.1=97-to-192.168.200.1=97]:EXCHANGE_TYPE=QUICK_MOD
C set [phase2-from-192.168.100.1=97-to-192.168.200.1=97]:Suites=phase2-suite-from-192.168.100.1=97-to-192.168.200.1=97 force
C set [phase2-suite-from-192.168.100.1=97-to-192.168.200.1=97]:Protocols=phase2-protocol-from-192.168.100.1=97-to-192.168.200.1=97 force
C set [phase2-protocol-from-192.168.100.1=97-to-192.168.200.1=97]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-192.168.100.1=97-to-192.168.200.1=97]:Transforms=phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-192.168.100.1=97-to-192.168.200.1=97]:Transforms=phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-192.168.100.1=97]:ID-type=IPV4_ADDR force
C set [from-192.168.100.1=97]:Address=192.168.100.1 force
C set [to-192.168.200.1=97]:ID-type=IPV4_ADDR force
diff --git a/regress/sbin/ipsecctl/ike11.ok b/regress/sbin/ipsecctl/ike11.ok
index cc33c77f4e0..3fcf1da3c51 100644
--- a/regress/sbin/ipsecctl/ike11.ok
+++ b/regress/sbin/ipsecctl/ike11.ok
@@ -4,13 +4,13 @@ C set [peer-192.168.3.1-local-192.168.3.2]:Address=192.168.3.1 force
C set [peer-192.168.3.1-local-192.168.3.2]:Local-address=192.168.3.2 force
C set [peer-192.168.3.1-local-192.168.3.2]:Configuration=phase1-peer-192.168.3.1-local-192.168.3.2 force
C set [phase1-peer-192.168.3.1-local-192.168.3.2]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1-local-192.168.3.2 force
C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
@@ -20,13 +20,13 @@ C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=phase2-suite-from-1.1.1.1-to-0.0.0.0/0 force
C set [phase2-suite-from-1.1.1.1-to-0.0.0.0/0]:Protocols=phase2-protocol-from-1.1.1.1-to-0.0.0.0/0 force
C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
@@ -39,13 +39,13 @@ C set [peer-192.168.3.1-local-192.168.3.2]:Address=192.168.3.1 force
C set [peer-192.168.3.1-local-192.168.3.2]:Local-address=192.168.3.2 force
C set [peer-192.168.3.1-local-192.168.3.2]:Configuration=phase1-peer-192.168.3.1-local-192.168.3.2 force
C set [phase1-peer-192.168.3.1-local-192.168.3.2]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1-local-192.168.3.2 force
C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
@@ -55,13 +55,13 @@ C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=phase2-suite-from-1.1.1.1-to-0.0.0.0/0 force
C set [phase2-suite-from-1.1.1.1-to-0.0.0.0/0]:Protocols=phase2-protocol-from-1.1.1.1-to-0.0.0.0/0 force
C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
diff --git a/regress/sbin/ipsecctl/ike12.ok b/regress/sbin/ipsecctl/ike12.ok
index 1dc863e0829..1c29fc3c2f9 100644
--- a/regress/sbin/ipsecctl/ike12.ok
+++ b/regress/sbin/ipsecctl/ike12.ok
@@ -4,13 +4,13 @@ C set [peer-5.5.5.5]:Phase=1 force
C set [peer-5.5.5.5]:Address=5.5.5.5 force
C set [peer-5.5.5.5]:Configuration=phase1-peer-5.5.5.5 force
C set [phase1-peer-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-5.5.5.5]:Transforms=phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-5.5.5.5]:Transforms=phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-2.2.2.0/24]:Phase=2 force
C set [from-1.1.1.1-to-2.2.2.0/24]:ISAKMP-peer=peer-5.5.5.5 force
C set [from-1.1.1.1-to-2.2.2.0/24]:Configuration=phase2-from-1.1.1.1-to-2.2.2.0/24 force
@@ -20,13 +20,13 @@ C set [phase2-from-1.1.1.1-to-2.2.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-1.1.1.1-to-2.2.2.0/24]:Suites=phase2-suite-from-1.1.1.1-to-2.2.2.0/24 force
C set [phase2-suite-from-1.1.1.1-to-2.2.2.0/24]:Protocols=phase2-protocol-from-1.1.1.1-to-2.2.2.0/24 force
C set [phase2-protocol-from-1.1.1.1-to-2.2.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-1.1.1.1-to-2.2.2.0/24]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-1.1.1.1-to-2.2.2.0/24]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
@@ -38,13 +38,13 @@ C set [peer-5.5.5.5]:Phase=1 force
C set [peer-5.5.5.5]:Address=5.5.5.5 force
C set [peer-5.5.5.5]:Configuration=phase1-peer-5.5.5.5 force
C set [phase1-peer-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-5.5.5.5]:Transforms=phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-5.5.5.5]:Transforms=phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-3.3.3.0/24]:Phase=2 force
C set [from-1.1.1.1-to-3.3.3.0/24]:ISAKMP-peer=peer-5.5.5.5 force
C set [from-1.1.1.1-to-3.3.3.0/24]:Configuration=phase2-from-1.1.1.1-to-3.3.3.0/24 force
@@ -54,13 +54,13 @@ C set [phase2-from-1.1.1.1-to-3.3.3.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-1.1.1.1-to-3.3.3.0/24]:Suites=phase2-suite-from-1.1.1.1-to-3.3.3.0/24 force
C set [phase2-suite-from-1.1.1.1-to-3.3.3.0/24]:Protocols=phase2-protocol-from-1.1.1.1-to-3.3.3.0/24 force
C set [phase2-protocol-from-1.1.1.1-to-3.3.3.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-1.1.1.1-to-3.3.3.0/24]:Transforms=phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-1.1.1.1-to-3.3.3.0/24]:Transforms=phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
@@ -72,13 +72,13 @@ C set [peer-5.5.5.5]:Phase=1 force
C set [peer-5.5.5.5]:Address=5.5.5.5 force
C set [peer-5.5.5.5]:Configuration=phase1-peer-5.5.5.5 force
C set [phase1-peer-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-5.5.5.5]:Transforms=phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-5.5.5.5]:Transforms=phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-4.4.4.0/24]:Phase=2 force
C set [from-1.1.1.1-to-4.4.4.0/24]:ISAKMP-peer=peer-5.5.5.5 force
C set [from-1.1.1.1-to-4.4.4.0/24]:Configuration=phase2-from-1.1.1.1-to-4.4.4.0/24 force
@@ -88,13 +88,13 @@ C set [phase2-from-1.1.1.1-to-4.4.4.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-1.1.1.1-to-4.4.4.0/24]:Suites=phase2-suite-from-1.1.1.1-to-4.4.4.0/24 force
C set [phase2-suite-from-1.1.1.1-to-4.4.4.0/24]:Protocols=phase2-protocol-from-1.1.1.1-to-4.4.4.0/24 force
C set [phase2-protocol-from-1.1.1.1-to-4.4.4.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-1.1.1.1-to-4.4.4.0/24]:Transforms=phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-1.1.1.1-to-4.4.4.0/24]:Transforms=phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
diff --git a/regress/sbin/ipsecctl/ike13.ok b/regress/sbin/ipsecctl/ike13.ok
index 3af68e7a7a9..d5630128a60 100644
--- a/regress/sbin/ipsecctl/ike13.ok
+++ b/regress/sbin/ipsecctl/ike13.ok
@@ -4,13 +4,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-2.2.2.0/24-to-1.1.1.1]:Phase=2 force
C set [from-2.2.2.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-2.2.2.0/24-to-1.1.1.1]:Configuration=phase2-from-2.2.2.0/24-to-1.1.1.1 force
@@ -20,13 +20,13 @@ C set [phase2-from-2.2.2.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-2.2.2.0/24-to-1.1.1.1]:Suites=phase2-suite-from-2.2.2.0/24-to-1.1.1.1 force
C set [phase2-suite-from-2.2.2.0/24-to-1.1.1.1]:Protocols=phase2-protocol-from-2.2.2.0/24-to-1.1.1.1 force
C set [phase2-protocol-from-2.2.2.0/24-to-1.1.1.1]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-2.2.2.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-2.2.2.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-2.2.2.0/24]:Network=2.2.2.0 force
C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
@@ -38,13 +38,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3.3.3.0/24-to-1.1.1.1]:Phase=2 force
C set [from-3.3.3.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-3.3.3.0/24-to-1.1.1.1]:Configuration=phase2-from-3.3.3.0/24-to-1.1.1.1 force
@@ -54,13 +54,13 @@ C set [phase2-from-3.3.3.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3.3.3.0/24-to-1.1.1.1]:Suites=phase2-suite-from-3.3.3.0/24-to-1.1.1.1 force
C set [phase2-suite-from-3.3.3.0/24-to-1.1.1.1]:Protocols=phase2-protocol-from-3.3.3.0/24-to-1.1.1.1 force
C set [phase2-protocol-from-3.3.3.0/24-to-1.1.1.1]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3.3.3.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3.3.3.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-3.3.3.0/24]:Network=3.3.3.0 force
C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
@@ -72,13 +72,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-4.4.4.0/24-to-1.1.1.1]:Phase=2 force
C set [from-4.4.4.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-4.4.4.0/24-to-1.1.1.1]:Configuration=phase2-from-4.4.4.0/24-to-1.1.1.1 force
@@ -88,13 +88,13 @@ C set [phase2-from-4.4.4.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-4.4.4.0/24-to-1.1.1.1]:Suites=phase2-suite-from-4.4.4.0/24-to-1.1.1.1 force
C set [phase2-suite-from-4.4.4.0/24-to-1.1.1.1]:Protocols=phase2-protocol-from-4.4.4.0/24-to-1.1.1.1 force
C set [phase2-protocol-from-4.4.4.0/24-to-1.1.1.1]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-4.4.4.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-4.4.4.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-4.4.4.0/24]:Network=4.4.4.0 force
C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
diff --git a/regress/sbin/ipsecctl/ike14.ok b/regress/sbin/ipsecctl/ike14.ok
index b3f3346aa45..26af648f21c 100644
--- a/regress/sbin/ipsecctl/ike14.ok
+++ b/regress/sbin/ipsecctl/ike14.ok
@@ -5,13 +5,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-2.2.2.0/24-to-5.5.5.0/24]:Phase=2 force
C set [from-2.2.2.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-2.2.2.0/24-to-5.5.5.0/24]:Configuration=phase2-from-2.2.2.0/24-to-5.5.5.0/24 force
@@ -21,13 +21,13 @@ C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:Suites=phase2-suite-from-2.2.2.0/24-to-5.5.5.0/24 force
C set [phase2-suite-from-2.2.2.0/24-to-5.5.5.0/24]:Protocols=phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24 force
C set [phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-2.2.2.0/24]:Network=2.2.2.0 force
C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
@@ -40,13 +40,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-2.2.2.0/24-to-6.6.6.0/24]:Phase=2 force
C set [from-2.2.2.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-2.2.2.0/24-to-6.6.6.0/24]:Configuration=phase2-from-2.2.2.0/24-to-6.6.6.0/24 force
@@ -56,13 +56,13 @@ C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:Suites=phase2-suite-from-2.2.2.0/24-to-6.6.6.0/24 force
C set [phase2-suite-from-2.2.2.0/24-to-6.6.6.0/24]:Protocols=phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24 force
C set [phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-2.2.2.0/24]:Network=2.2.2.0 force
C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
@@ -75,13 +75,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-2.2.2.0/24-to-7.7.7.0/24]:Phase=2 force
C set [from-2.2.2.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-2.2.2.0/24-to-7.7.7.0/24]:Configuration=phase2-from-2.2.2.0/24-to-7.7.7.0/24 force
@@ -91,13 +91,13 @@ C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:Suites=phase2-suite-from-2.2.2.0/24-to-7.7.7.0/24 force
C set [phase2-suite-from-2.2.2.0/24-to-7.7.7.0/24]:Protocols=phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24 force
C set [phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-2.2.2.0/24]:Network=2.2.2.0 force
C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
@@ -110,13 +110,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3.3.3.0/24-to-5.5.5.0/24]:Phase=2 force
C set [from-3.3.3.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-3.3.3.0/24-to-5.5.5.0/24]:Configuration=phase2-from-3.3.3.0/24-to-5.5.5.0/24 force
@@ -126,13 +126,13 @@ C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:Suites=phase2-suite-from-3.3.3.0/24-to-5.5.5.0/24 force
C set [phase2-suite-from-3.3.3.0/24-to-5.5.5.0/24]:Protocols=phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24 force
C set [phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-3.3.3.0/24]:Network=3.3.3.0 force
C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
@@ -145,13 +145,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3.3.3.0/24-to-6.6.6.0/24]:Phase=2 force
C set [from-3.3.3.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-3.3.3.0/24-to-6.6.6.0/24]:Configuration=phase2-from-3.3.3.0/24-to-6.6.6.0/24 force
@@ -161,13 +161,13 @@ C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:Suites=phase2-suite-from-3.3.3.0/24-to-6.6.6.0/24 force
C set [phase2-suite-from-3.3.3.0/24-to-6.6.6.0/24]:Protocols=phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24 force
C set [phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-3.3.3.0/24]:Network=3.3.3.0 force
C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
@@ -180,13 +180,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3.3.3.0/24-to-7.7.7.0/24]:Phase=2 force
C set [from-3.3.3.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-3.3.3.0/24-to-7.7.7.0/24]:Configuration=phase2-from-3.3.3.0/24-to-7.7.7.0/24 force
@@ -196,13 +196,13 @@ C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:Suites=phase2-suite-from-3.3.3.0/24-to-7.7.7.0/24 force
C set [phase2-suite-from-3.3.3.0/24-to-7.7.7.0/24]:Protocols=phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24 force
C set [phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-3.3.3.0/24]:Network=3.3.3.0 force
C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
@@ -215,13 +215,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-4.4.4.0/24-to-5.5.5.0/24]:Phase=2 force
C set [from-4.4.4.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-4.4.4.0/24-to-5.5.5.0/24]:Configuration=phase2-from-4.4.4.0/24-to-5.5.5.0/24 force
@@ -231,13 +231,13 @@ C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:Suites=phase2-suite-from-4.4.4.0/24-to-5.5.5.0/24 force
C set [phase2-suite-from-4.4.4.0/24-to-5.5.5.0/24]:Protocols=phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24 force
C set [phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-4.4.4.0/24]:Network=4.4.4.0 force
C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
@@ -250,13 +250,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-4.4.4.0/24-to-6.6.6.0/24]:Phase=2 force
C set [from-4.4.4.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-4.4.4.0/24-to-6.6.6.0/24]:Configuration=phase2-from-4.4.4.0/24-to-6.6.6.0/24 force
@@ -266,13 +266,13 @@ C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:Suites=phase2-suite-from-4.4.4.0/24-to-6.6.6.0/24 force
C set [phase2-suite-from-4.4.4.0/24-to-6.6.6.0/24]:Protocols=phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24 force
C set [phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-4.4.4.0/24]:Network=4.4.4.0 force
C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
@@ -285,13 +285,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-4.4.4.0/24-to-7.7.7.0/24]:Phase=2 force
C set [from-4.4.4.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-4.4.4.0/24-to-7.7.7.0/24]:Configuration=phase2-from-4.4.4.0/24-to-7.7.7.0/24 force
@@ -301,13 +301,13 @@ C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:Suites=phase2-suite-from-4.4.4.0/24-to-7.7.7.0/24 force
C set [phase2-suite-from-4.4.4.0/24-to-7.7.7.0/24]:Protocols=phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24 force
C set [phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-4.4.4.0/24]:Network=4.4.4.0 force
C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
diff --git a/regress/sbin/ipsecctl/ike15.ok b/regress/sbin/ipsecctl/ike15.ok
index 333f86d8c0e..8eef09e9f03 100644
--- a/regress/sbin/ipsecctl/ike15.ok
+++ b/regress/sbin/ipsecctl/ike15.ok
@@ -3,13 +3,13 @@ C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [peer-3ffe::1]:ID=id-sharleena.as10.net force
C set [id-sharleena.as10.net]:ID-type=FQDN force
C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
@@ -25,13 +25,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.1.1.0/24]:Network=10.1.1.0 force
C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
diff --git a/regress/sbin/ipsecctl/ike16.ok b/regress/sbin/ipsecctl/ike16.ok
index 0f189162083..40293f6fda5 100644
--- a/regress/sbin/ipsecctl/ike16.ok
+++ b/regress/sbin/ipsecctl/ike16.ok
@@ -42,13 +42,13 @@ C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
C set [peer-3ffe::29]:ID=id-sharleena.as10.net force
C set [id-sharleena.as10.net]:ID-type=FQDN force
C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
@@ -64,13 +64,13 @@ C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=phase2-suite-from-3ffe::51-to-3ffe::29 force
C set [phase2-suite-from-3ffe::51-to-3ffe::29]:Protocols=phase2-protocol-from-3ffe::51-to-3ffe::29 force
C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe::51]:ID-type=IPV6_ADDR force
C set [from-3ffe::51]:Address=3ffe::51 force
C set [to-3ffe::29]:ID-type=IPV6_ADDR force
diff --git a/regress/sbin/ipsecctl/ike17.ok b/regress/sbin/ipsecctl/ike17.ok
index a43456aa0ac..e6ed8596290 100644
--- a/regress/sbin/ipsecctl/ike17.ok
+++ b/regress/sbin/ipsecctl/ike17.ok
@@ -3,13 +3,13 @@ C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::29 force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
@@ -19,13 +19,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.1.1.0/24]:Network=10.1.1.0 force
C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
@@ -38,13 +38,13 @@ C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3ffe::51-to-3ffe::29]:Phase=2 force
C set [from-3ffe::51-to-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
C set [from-3ffe::51-to-3ffe::29]:Configuration=phase2-from-3ffe::51-to-3ffe::29 force
@@ -54,13 +54,13 @@ C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=phase2-suite-from-3ffe::51-to-3ffe::29 force
C set [phase2-suite-from-3ffe::51-to-3ffe::29]:Protocols=phase2-protocol-from-3ffe::51-to-3ffe::29 force
C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe::51]:ID-type=IPV6_ADDR force
C set [from-3ffe::51]:Address=3ffe::51 force
C set [to-3ffe::29]:ID-type=IPV6_ADDR force
diff --git a/regress/sbin/ipsecctl/ike18.ok b/regress/sbin/ipsecctl/ike18.ok
index 0072cba47cc..e8b3cc934b6 100644
--- a/regress/sbin/ipsecctl/ike18.ok
+++ b/regress/sbin/ipsecctl/ike18.ok
@@ -3,13 +3,13 @@ C set [peer-3ffe::51]:Phase=1 force
C set [peer-3ffe::51]:Address=3ffe::51 force
C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force
C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-10.1.2.0/24-to-10.1.1.0/24]:Phase=2 force
C set [from-10.1.2.0/24-to-10.1.1.0/24]:ISAKMP-peer=peer-3ffe::51 force
C set [from-10.1.2.0/24-to-10.1.1.0/24]:Configuration=phase2-from-10.1.2.0/24-to-10.1.1.0/24 force
@@ -19,13 +19,13 @@ C set [phase2-from-10.1.2.0/24-to-10.1.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.1.2.0/24-to-10.1.1.0/24]:Suites=phase2-suite-from-10.1.2.0/24-to-10.1.1.0/24 force
C set [phase2-suite-from-10.1.2.0/24-to-10.1.1.0/24]:Protocols=phase2-protocol-from-10.1.2.0/24-to-10.1.1.0/24 force
C set [phase2-protocol-from-10.1.2.0/24-to-10.1.1.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.1.2.0/24-to-10.1.1.0/24]:Transforms=phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.1.2.0/24-to-10.1.1.0/24]:Transforms=phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.1.2.0/24]:Network=10.1.2.0 force
C set [from-10.1.2.0/24]:Netmask=255.255.255.0 force
@@ -38,13 +38,13 @@ C set [peer-3ffe::51]:Phase=1 force
C set [peer-3ffe::51]:Address=3ffe::51 force
C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force
C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3ffe::29-to-3ffe::51]:Phase=2 force
C set [from-3ffe::29-to-3ffe::51]:ISAKMP-peer=peer-3ffe::51 force
C set [from-3ffe::29-to-3ffe::51]:Configuration=phase2-from-3ffe::29-to-3ffe::51 force
@@ -54,13 +54,13 @@ C set [phase2-from-3ffe::29-to-3ffe::51]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe::29-to-3ffe::51]:Suites=phase2-suite-from-3ffe::29-to-3ffe::51 force
C set [phase2-suite-from-3ffe::29-to-3ffe::51]:Protocols=phase2-protocol-from-3ffe::29-to-3ffe::51 force
C set [phase2-protocol-from-3ffe::29-to-3ffe::51]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe::29-to-3ffe::51]:Transforms=phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe::29-to-3ffe::51]:Transforms=phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe::29]:ID-type=IPV6_ADDR force
C set [from-3ffe::29]:Address=3ffe::29 force
C set [to-3ffe::51]:ID-type=IPV6_ADDR force
diff --git a/regress/sbin/ipsecctl/ike19.ok b/regress/sbin/ipsecctl/ike19.ok
index 87b85622004..e24eff85a39 100644
--- a/regress/sbin/ipsecctl/ike19.ok
+++ b/regress/sbin/ipsecctl/ike19.ok
@@ -3,13 +3,13 @@ C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-3ffe::1 force
C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
@@ -19,13 +19,13 @@ C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=phase2-suite-from-1.1.1.1-to-0.0.0.0/0 force
C set [phase2-suite-from-1.1.1.1-to-0.0.0.0/0]:Protocols=phase2-protocol-from-1.1.1.1-to-0.0.0.0/0 force
C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
diff --git a/regress/sbin/ipsecctl/ike2.ok b/regress/sbin/ipsecctl/ike2.ok
index d57ec668691..8b549493505 100644
--- a/regress/sbin/ipsecctl/ike2.ok
+++ b/regress/sbin/ipsecctl/ike2.ok
@@ -3,13 +3,13 @@ C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
@@ -19,13 +19,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.1.1.0/24]:Network=10.1.1.0 force
C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
diff --git a/regress/sbin/ipsecctl/ike20.ok b/regress/sbin/ipsecctl/ike20.ok
index cc33c77f4e0..3fcf1da3c51 100644
--- a/regress/sbin/ipsecctl/ike20.ok
+++ b/regress/sbin/ipsecctl/ike20.ok
@@ -4,13 +4,13 @@ C set [peer-192.168.3.1-local-192.168.3.2]:Address=192.168.3.1 force
C set [peer-192.168.3.1-local-192.168.3.2]:Local-address=192.168.3.2 force
C set [peer-192.168.3.1-local-192.168.3.2]:Configuration=phase1-peer-192.168.3.1-local-192.168.3.2 force
C set [phase1-peer-192.168.3.1-local-192.168.3.2]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1-local-192.168.3.2 force
C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
@@ -20,13 +20,13 @@ C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=phase2-suite-from-1.1.1.1-to-0.0.0.0/0 force
C set [phase2-suite-from-1.1.1.1-to-0.0.0.0/0]:Protocols=phase2-protocol-from-1.1.1.1-to-0.0.0.0/0 force
C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
@@ -39,13 +39,13 @@ C set [peer-192.168.3.1-local-192.168.3.2]:Address=192.168.3.1 force
C set [peer-192.168.3.1-local-192.168.3.2]:Local-address=192.168.3.2 force
C set [peer-192.168.3.1-local-192.168.3.2]:Configuration=phase1-peer-192.168.3.1-local-192.168.3.2 force
C set [phase1-peer-192.168.3.1-local-192.168.3.2]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1-local-192.168.3.2 force
C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
@@ -55,13 +55,13 @@ C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=phase2-suite-from-1.1.1.1-to-0.0.0.0/0 force
C set [phase2-suite-from-1.1.1.1-to-0.0.0.0/0]:Protocols=phase2-protocol-from-1.1.1.1-to-0.0.0.0/0 force
C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
diff --git a/regress/sbin/ipsecctl/ike21.ok b/regress/sbin/ipsecctl/ike21.ok
index 82129e7b32b..505df1a7267 100644
--- a/regress/sbin/ipsecctl/ike21.ok
+++ b/regress/sbin/ipsecctl/ike21.ok
@@ -3,13 +3,13 @@ C set [peer-3ffe::2]:Phase=1 force
C set [peer-3ffe::2]:Address=3ffe::2 force
C set [peer-3ffe::2]:Configuration=phase1-peer-3ffe::2 force
C set [phase1-peer-3ffe::2]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::2]:Transforms=phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::2]:Transforms=phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3ffe::1-to-3ffe::2]:Phase=2 force
C set [from-3ffe::1-to-3ffe::2]:ISAKMP-peer=peer-3ffe::2 force
C set [from-3ffe::1-to-3ffe::2]:Configuration=phase2-from-3ffe::1-to-3ffe::2 force
@@ -19,13 +19,13 @@ C set [phase2-from-3ffe::1-to-3ffe::2]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe::1-to-3ffe::2]:Suites=phase2-suite-from-3ffe::1-to-3ffe::2 force
C set [phase2-suite-from-3ffe::1-to-3ffe::2]:Protocols=phase2-protocol-from-3ffe::1-to-3ffe::2 force
C set [phase2-protocol-from-3ffe::1-to-3ffe::2]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe::1-to-3ffe::2]:Transforms=phase2-transform-from-3ffe::1-to-3ffe::2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe::1-to-3ffe::2]:Transforms=phase2-transform-from-3ffe::1-to-3ffe::2-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe::1]:ID-type=IPV6_ADDR force
C set [from-3ffe::1]:Address=3ffe::1 force
C set [to-3ffe::2]:ID-type=IPV6_ADDR force
diff --git a/regress/sbin/ipsecctl/ike22.ok b/regress/sbin/ipsecctl/ike22.ok
index fd79a87762a..973928442a3 100644
--- a/regress/sbin/ipsecctl/ike22.ok
+++ b/regress/sbin/ipsecctl/ike22.ok
@@ -3,13 +3,13 @@ C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::1 force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
@@ -19,13 +19,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.1.1.0/24]:Network=10.1.1.0 force
C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
diff --git a/regress/sbin/ipsecctl/ike23.ok b/regress/sbin/ipsecctl/ike23.ok
index c8383af0264..e2099673b68 100644
--- a/regress/sbin/ipsecctl/ike23.ok
+++ b/regress/sbin/ipsecctl/ike23.ok
@@ -3,13 +3,13 @@ C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [peer-3ffe::29]:ID=id-sharleena.as10.net force
C set [id-sharleena.as10.net]:ID-type=FQDN force
C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
@@ -25,13 +25,13 @@ C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=phase2-suite-from-3ffe::51-to-3ffe::29 force
C set [phase2-suite-from-3ffe::51-to-3ffe::29]:Protocols=phase2-protocol-from-3ffe::51-to-3ffe::29 force
C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe::51]:ID-type=IPV6_ADDR force
C set [from-3ffe::51]:Address=3ffe::51 force
C set [to-3ffe::29]:ID-type=IPV6_ADDR force
diff --git a/regress/sbin/ipsecctl/ike29.ok b/regress/sbin/ipsecctl/ike29.ok
index 97d7d1c4e7d..88106922067 100644
--- a/regress/sbin/ipsecctl/ike29.ok
+++ b/regress/sbin/ipsecctl/ike29.ok
@@ -5,13 +5,13 @@ C set [peer-3ffe:2::1]:Phase=1 force
C set [peer-3ffe:2::1]:Address=3ffe:2::1 force
C set [peer-3ffe:2::1]:Configuration=phase1-peer-3ffe:2::1 force
C set [phase1-peer-3ffe:2::1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe:2::1]:Transforms=phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe:2::1]:Transforms=phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [peer-3ffe:2::1]:ID=id-noname.my.domain force
C set [id-noname.my.domain]:ID-type=FQDN force
C set [id-noname.my.domain]:Name=noname.my.domain force
@@ -24,13 +24,13 @@ C set [phase2-from-3ffe:3::/64-to-3ffe:4::/64]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe:3::/64-to-3ffe:4::/64]:Suites=phase2-suite-from-3ffe:3::/64-to-3ffe:4::/64 force
C set [phase2-suite-from-3ffe:3::/64-to-3ffe:4::/64]:Protocols=phase2-protocol-from-3ffe:3::/64-to-3ffe:4::/64 force
C set [phase2-protocol-from-3ffe:3::/64-to-3ffe:4::/64]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe:3::/64-to-3ffe:4::/64]:Transforms=phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe:3::/64-to-3ffe:4::/64]:Transforms=phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe:3::/64]:ID-type=IPV6_ADDR_SUBNET force
C set [from-3ffe:3::/64]:Network=3ffe:3:: force
C set [from-3ffe:3::/64]:Netmask=ffff:ffff:ffff:ffff:: force
diff --git a/regress/sbin/ipsecctl/ike3.ok b/regress/sbin/ipsecctl/ike3.ok
index 7a330295d00..bc029af79ce 100644
--- a/regress/sbin/ipsecctl/ike3.ok
+++ b/regress/sbin/ipsecctl/ike3.ok
@@ -3,13 +3,13 @@ C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [peer-131.188.33.29]:ID=id-sharleena.as10.net force
C set [id-sharleena.as10.net]:ID-type=FQDN force
C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
@@ -25,13 +25,13 @@ C set [phase2-from-131.188.33.51-to-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE forc
C set [phase2-from-131.188.33.51-to-131.188.33.29]:Suites=phase2-suite-from-131.188.33.51-to-131.188.33.29 force
C set [phase2-suite-from-131.188.33.51-to-131.188.33.29]:Protocols=phase2-protocol-from-131.188.33.51-to-131.188.33.29 force
C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:Transforms=phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:Transforms=phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-131.188.33.51]:ID-type=IPV4_ADDR force
C set [from-131.188.33.51]:Address=131.188.33.51 force
C set [to-131.188.33.29]:ID-type=IPV4_ADDR force
diff --git a/regress/sbin/ipsecctl/ike30.ok b/regress/sbin/ipsecctl/ike30.ok
index c3e572ecf06..78c50d841ca 100644
--- a/regress/sbin/ipsecctl/ike30.ok
+++ b/regress/sbin/ipsecctl/ike30.ok
@@ -3,13 +3,13 @@ C set [peer-3ffe::2]:Phase=1 force
C set [peer-3ffe::2]:Address=3ffe::2 force
C set [peer-3ffe::2]:Configuration=phase1-peer-3ffe::2 force
C set [phase1-peer-3ffe::2]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::2]:Transforms=phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::2]:Transforms=phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3ffe::1=97-to-3ffe::2=97]:Phase=2 force
C set [from-3ffe::1=97-to-3ffe::2=97]:ISAKMP-peer=peer-3ffe::2 force
C set [from-3ffe::1=97-to-3ffe::2=97]:Configuration=phase2-from-3ffe::1=97-to-3ffe::2=97 force
@@ -19,13 +19,13 @@ C set [phase2-from-3ffe::1=97-to-3ffe::2=97]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe::1=97-to-3ffe::2=97]:Suites=phase2-suite-from-3ffe::1=97-to-3ffe::2=97 force
C set [phase2-suite-from-3ffe::1=97-to-3ffe::2=97]:Protocols=phase2-protocol-from-3ffe::1=97-to-3ffe::2=97 force
C set [phase2-protocol-from-3ffe::1=97-to-3ffe::2=97]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe::1=97-to-3ffe::2=97]:Transforms=phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe::1=97-to-3ffe::2=97]:Transforms=phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe::1=97]:ID-type=IPV6_ADDR force
C set [from-3ffe::1=97]:Address=3ffe::1 force
C set [to-3ffe::2=97]:ID-type=IPV6_ADDR force
diff --git a/regress/sbin/ipsecctl/ike31.ok b/regress/sbin/ipsecctl/ike31.ok
index ca4dc31573e..36d7d45f0d8 100644
--- a/regress/sbin/ipsecctl/ike31.ok
+++ b/regress/sbin/ipsecctl/ike31.ok
@@ -3,13 +3,13 @@ C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3ffe:2::1-to-::/0]:Phase=2 force
C set [from-3ffe:2::1-to-::/0]:ISAKMP-peer=peer-3ffe::1 force
C set [from-3ffe:2::1-to-::/0]:Configuration=phase2-from-3ffe:2::1-to-::/0 force
@@ -19,13 +19,13 @@ C set [phase2-from-3ffe:2::1-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe:2::1-to-::/0]:Suites=phase2-suite-from-3ffe:2::1-to-::/0 force
C set [phase2-suite-from-3ffe:2::1-to-::/0]:Protocols=phase2-protocol-from-3ffe:2::1-to-::/0 force
C set [phase2-protocol-from-3ffe:2::1-to-::/0]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe:2::1-to-::/0]:Transforms=phase2-transform-from-3ffe:2::1-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe:2::1-to-::/0]:Transforms=phase2-transform-from-3ffe:2::1-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe:2::1]:ID-type=IPV6_ADDR force
C set [from-3ffe:2::1]:Address=3ffe:2::1 force
C set [to-::/0]:ID-type=IPV6_ADDR_SUBNET force
diff --git a/regress/sbin/ipsecctl/ike32.ok b/regress/sbin/ipsecctl/ike32.ok
index 887452b5689..41a78b3e687 100644
--- a/regress/sbin/ipsecctl/ike32.ok
+++ b/regress/sbin/ipsecctl/ike32.ok
@@ -3,13 +3,13 @@ C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
@@ -19,15 +19,15 @@ C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=phase2-suite-from-1.1.1.1-to-2.2.2.2 force
C set [phase2-suite-from-1.1.1.1-to-2.2.2.2]:Protocols=phase2-protocol-from-1.1.1.1-to-2.2.2.2 force
C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL-life force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL-life]:LIFE_TYPE=SECONDS force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL-life]:LIFE_DURATION=1200 force
+C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL-life force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL-life]:LIFE_TYPE=SECONDS force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL-life]:LIFE_DURATION=1200 force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
diff --git a/regress/sbin/ipsecctl/ike33.ok b/regress/sbin/ipsecctl/ike33.ok
index c0770218246..06f98411438 100644
--- a/regress/sbin/ipsecctl/ike33.ok
+++ b/regress/sbin/ipsecctl/ike33.ok
@@ -3,15 +3,15 @@ C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024-life force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024-life]:LIFE_TYPE=SECONDS force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024-life]:LIFE_DURATION=3600 force
+C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024-life force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024-life]:LIFE_TYPE=SECONDS force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024-life]:LIFE_DURATION=3600 force
C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
@@ -21,13 +21,13 @@ C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=phase2-suite-from-1.1.1.1-to-2.2.2.2 force
C set [phase2-suite-from-1.1.1.1-to-2.2.2.2]:Protocols=phase2-protocol-from-1.1.1.1-to-2.2.2.2 force
C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
diff --git a/regress/sbin/ipsecctl/ike34.ok b/regress/sbin/ipsecctl/ike34.ok
index ec8c1b60f07..f01eab50f01 100644
--- a/regress/sbin/ipsecctl/ike34.ok
+++ b/regress/sbin/ipsecctl/ike34.ok
@@ -3,13 +3,13 @@ C set [peer-1.2.3.4]:Phase=1 force
C set [peer-1.2.3.4]:Address=1.2.3.4 force
C set [peer-1.2.3.4]:Configuration=phase1-peer-1.2.3.4 force
C set [phase1-peer-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.2.3.4]:Transforms=phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.2.3.4]:Transforms=phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3ffe::1/24-to-3ffe:2::/24]:Phase=2 force
C set [from-3ffe::1/24-to-3ffe:2::/24]:ISAKMP-peer=peer-1.2.3.4 force
C set [from-3ffe::1/24-to-3ffe:2::/24]:Configuration=phase2-from-3ffe::1/24-to-3ffe:2::/24 force
@@ -19,13 +19,13 @@ C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:Suites=phase2-suite-from-3ffe::1/24-to-3ffe:2::/24 force
C set [phase2-suite-from-3ffe::1/24-to-3ffe:2::/24]:Protocols=phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24 force
C set [phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24]:Transforms=phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24]:Transforms=phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
C set [from-3ffe::1/24]:Network=3ffe::1 force
C set [from-3ffe::1/24]:Netmask=ffff:ff00:: force
diff --git a/regress/sbin/ipsecctl/ike35.ok b/regress/sbin/ipsecctl/ike35.ok
index fe824b483a5..ace64d54549 100644
--- a/regress/sbin/ipsecctl/ike35.ok
+++ b/regress/sbin/ipsecctl/ike35.ok
@@ -3,13 +3,13 @@ C set [peer-1.2.3.4]:Phase=1 force
C set [peer-1.2.3.4]:Address=1.2.3.4 force
C set [peer-1.2.3.4]:Configuration=phase1-peer-1.2.3.4 force
C set [phase1-peer-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.2.3.4]:Transforms=phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.2.3.4]:Transforms=phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3ffe:2::/24-to-3ffe::1/24]:Phase=2 force
C set [from-3ffe:2::/24-to-3ffe::1/24]:ISAKMP-peer=peer-1.2.3.4 force
C set [from-3ffe:2::/24-to-3ffe::1/24]:Configuration=phase2-from-3ffe:2::/24-to-3ffe::1/24 force
@@ -19,13 +19,13 @@ C set [phase2-from-3ffe:2::/24-to-3ffe::1/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe:2::/24-to-3ffe::1/24]:Suites=phase2-suite-from-3ffe:2::/24-to-3ffe::1/24 force
C set [phase2-suite-from-3ffe:2::/24-to-3ffe::1/24]:Protocols=phase2-protocol-from-3ffe:2::/24-to-3ffe::1/24 force
C set [phase2-protocol-from-3ffe:2::/24-to-3ffe::1/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe:2::/24-to-3ffe::1/24]:Transforms=phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe:2::/24-to-3ffe::1/24]:Transforms=phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe:2::/24]:ID-type=IPV6_ADDR_SUBNET force
C set [from-3ffe:2::/24]:Network=3ffe:2:: force
C set [from-3ffe:2::/24]:Netmask=ffff:ff00:: force
diff --git a/regress/sbin/ipsecctl/ike36.ok b/regress/sbin/ipsecctl/ike36.ok
index 6029ca8df1b..17884bde069 100644
--- a/regress/sbin/ipsecctl/ike36.ok
+++ b/regress/sbin/ipsecctl/ike36.ok
@@ -3,13 +3,13 @@ C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3ffe::3-to-3ffe::4]:Phase=2 force
C set [from-3ffe::3-to-3ffe::4]:ISAKMP-peer=peer-3ffe::1 force
C set [from-3ffe::3-to-3ffe::4]:Configuration=phase2-from-3ffe::3-to-3ffe::4 force
@@ -19,13 +19,13 @@ C set [phase2-from-3ffe::3-to-3ffe::4]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe::3-to-3ffe::4]:Suites=phase2-suite-from-3ffe::3-to-3ffe::4 force
C set [phase2-suite-from-3ffe::3-to-3ffe::4]:Protocols=phase2-protocol-from-3ffe::3-to-3ffe::4 force
C set [phase2-protocol-from-3ffe::3-to-3ffe::4]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe::3-to-3ffe::4]:Transforms=phase2-transform-from-3ffe::3-to-3ffe::4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe::3-to-3ffe::4]:Transforms=phase2-transform-from-3ffe::3-to-3ffe::4-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe::3]:ID-type=IPV6_ADDR force
C set [from-3ffe::3]:Address=3ffe::3 force
C set [to-3ffe::4]:ID-type=IPV6_ADDR force
diff --git a/regress/sbin/ipsecctl/ike37.ok b/regress/sbin/ipsecctl/ike37.ok
index 991a95b89a2..5959777dec3 100644
--- a/regress/sbin/ipsecctl/ike37.ok
+++ b/regress/sbin/ipsecctl/ike37.ok
@@ -3,13 +3,13 @@ C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [peer-3ffe::1]:ID=id-sharleena.as10.net force
C set [id-sharleena.as10.net]:ID-type=FQDN force
C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
@@ -25,13 +25,13 @@ C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:Suites=phase2-suite-from-3ffe:1::/64-to-3ffe:2::/64 force
C set [phase2-suite-from-3ffe:1::/64-to-3ffe:2::/64]:Protocols=phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64 force
C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:Transforms=phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:Transforms=phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
C set [from-3ffe:1::/64]:Network=3ffe:1:: force
C set [from-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
diff --git a/regress/sbin/ipsecctl/ike38.ok b/regress/sbin/ipsecctl/ike38.ok
index 85794a82250..88bcd8c9bf3 100644
--- a/regress/sbin/ipsecctl/ike38.ok
+++ b/regress/sbin/ipsecctl/ike38.ok
@@ -42,13 +42,13 @@ C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
C set [peer-3ffe::29]:ID=id-sharleena.as10.net force
C set [id-sharleena.as10.net]:ID-type=FQDN force
C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
@@ -64,13 +64,13 @@ C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=phase2-suite-from-3ffe::51-to-3ffe::29 force
C set [phase2-suite-from-3ffe::51-to-3ffe::29]:Protocols=phase2-protocol-from-3ffe::51-to-3ffe::29 force
C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe::51]:ID-type=IPV6_ADDR force
C set [from-3ffe::51]:Address=3ffe::51 force
C set [to-3ffe::29]:ID-type=IPV6_ADDR force
diff --git a/regress/sbin/ipsecctl/ike39.ok b/regress/sbin/ipsecctl/ike39.ok
index 45c9b36d4f6..1283a3c1aa5 100644
--- a/regress/sbin/ipsecctl/ike39.ok
+++ b/regress/sbin/ipsecctl/ike39.ok
@@ -3,13 +3,13 @@ C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3ffe:1::/64-to-3ffe:2::/64]:Phase=2 force
C set [from-3ffe:1::/64-to-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::29 force
C set [from-3ffe:1::/64-to-3ffe:2::/64]:Configuration=phase2-from-3ffe:1::/64-to-3ffe:2::/64 force
@@ -19,13 +19,13 @@ C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:Suites=phase2-suite-from-3ffe:1::/64-to-3ffe:2::/64 force
C set [phase2-suite-from-3ffe:1::/64-to-3ffe:2::/64]:Protocols=phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64 force
C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:Transforms=phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:Transforms=phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
C set [from-3ffe:1::/64]:Network=3ffe:1:: force
C set [from-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
@@ -38,13 +38,13 @@ C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3ffe::51-to-3ffe::29]:Phase=2 force
C set [from-3ffe::51-to-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
C set [from-3ffe::51-to-3ffe::29]:Configuration=phase2-from-3ffe::51-to-3ffe::29 force
@@ -54,13 +54,13 @@ C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=phase2-suite-from-3ffe::51-to-3ffe::29 force
C set [phase2-suite-from-3ffe::51-to-3ffe::29]:Protocols=phase2-protocol-from-3ffe::51-to-3ffe::29 force
C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe::51]:ID-type=IPV6_ADDR force
C set [from-3ffe::51]:Address=3ffe::51 force
C set [to-3ffe::29]:ID-type=IPV6_ADDR force
diff --git a/regress/sbin/ipsecctl/ike4.ok b/regress/sbin/ipsecctl/ike4.ok
index 78a487c7ad7..78981f41617 100644
--- a/regress/sbin/ipsecctl/ike4.ok
+++ b/regress/sbin/ipsecctl/ike4.ok
@@ -3,13 +3,13 @@ C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [peer-131.188.33.29]:ID=id-sharleena.as10.net force
C set [id-sharleena.as10.net]:ID-type=FQDN force
C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
@@ -25,13 +25,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.1.1.0/24]:Network=10.1.1.0 force
C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
diff --git a/regress/sbin/ipsecctl/ike40.ok b/regress/sbin/ipsecctl/ike40.ok
index 95edd980ea5..6cbfd06d233 100644
--- a/regress/sbin/ipsecctl/ike40.ok
+++ b/regress/sbin/ipsecctl/ike40.ok
@@ -3,13 +3,13 @@ C set [peer-3ffe::51]:Phase=1 force
C set [peer-3ffe::51]:Address=3ffe::51 force
C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force
C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3ffe:1::/64-to-3ffe:2::/64]:Phase=2 force
C set [from-3ffe:1::/64-to-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::51 force
C set [from-3ffe:1::/64-to-3ffe:2::/64]:Configuration=phase2-from-3ffe:1::/64-to-3ffe:2::/64 force
@@ -19,13 +19,13 @@ C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:Suites=phase2-suite-from-3ffe:1::/64-to-3ffe:2::/64 force
C set [phase2-suite-from-3ffe:1::/64-to-3ffe:2::/64]:Protocols=phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64 force
C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:Transforms=phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:Transforms=phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
C set [from-3ffe:1::/64]:Network=3ffe:1:: force
C set [from-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
@@ -38,13 +38,13 @@ C set [peer-3ffe::51]:Phase=1 force
C set [peer-3ffe::51]:Address=3ffe::51 force
C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force
C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3ffe::29-to-3ffe::51]:Phase=2 force
C set [from-3ffe::29-to-3ffe::51]:ISAKMP-peer=peer-3ffe::51 force
C set [from-3ffe::29-to-3ffe::51]:Configuration=phase2-from-3ffe::29-to-3ffe::51 force
@@ -54,13 +54,13 @@ C set [phase2-from-3ffe::29-to-3ffe::51]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe::29-to-3ffe::51]:Suites=phase2-suite-from-3ffe::29-to-3ffe::51 force
C set [phase2-suite-from-3ffe::29-to-3ffe::51]:Protocols=phase2-protocol-from-3ffe::29-to-3ffe::51 force
C set [phase2-protocol-from-3ffe::29-to-3ffe::51]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe::29-to-3ffe::51]:Transforms=phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe::29-to-3ffe::51]:Transforms=phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe::29]:ID-type=IPV6_ADDR force
C set [from-3ffe::29]:Address=3ffe::29 force
C set [to-3ffe::51]:ID-type=IPV6_ADDR force
diff --git a/regress/sbin/ipsecctl/ike41.ok b/regress/sbin/ipsecctl/ike41.ok
index 4cbda02ca48..c9c4cef4323 100644
--- a/regress/sbin/ipsecctl/ike41.ok
+++ b/regress/sbin/ipsecctl/ike41.ok
@@ -3,15 +3,15 @@ C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024-life force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024-life]:LIFE_TYPE=SECONDS force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024-life]:LIFE_DURATION=3600 force
+C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024-life force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024-life]:LIFE_TYPE=SECONDS force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024-life]:LIFE_DURATION=3600 force
C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
@@ -21,15 +21,15 @@ C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=phase2-suite-from-1.1.1.1-to-2.2.2.2 force
C set [phase2-suite-from-1.1.1.1-to-2.2.2.2]:Protocols=phase2-protocol-from-1.1.1.1-to-2.2.2.2 force
C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL-life force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL-life]:LIFE_TYPE=SECONDS force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL-life]:LIFE_DURATION=1200 force
+C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL-life force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL-life]:LIFE_TYPE=SECONDS force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL-life]:LIFE_DURATION=1200 force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
diff --git a/regress/sbin/ipsecctl/ike42.ok b/regress/sbin/ipsecctl/ike42.ok
index d32d99f24e8..10f2f5d661b 100644
--- a/regress/sbin/ipsecctl/ike42.ok
+++ b/regress/sbin/ipsecctl/ike42.ok
@@ -3,13 +3,13 @@ C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1=17:123-to-2.2.2.2=17]:Phase=2 force
C set [from-1.1.1.1=17:123-to-2.2.2.2=17]:ISAKMP-peer=peer-2.2.2.2 force
C set [from-1.1.1.1=17:123-to-2.2.2.2=17]:Configuration=phase2-from-1.1.1.1=17:123-to-2.2.2.2=17 force
@@ -19,13 +19,13 @@ C set [phase2-from-1.1.1.1=17:123-to-2.2.2.2=17]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-1.1.1.1=17:123-to-2.2.2.2=17]:Suites=phase2-suite-from-1.1.1.1=17:123-to-2.2.2.2=17 force
C set [phase2-suite-from-1.1.1.1=17:123-to-2.2.2.2=17]:Protocols=phase2-protocol-from-1.1.1.1=17:123-to-2.2.2.2=17 force
C set [phase2-protocol-from-1.1.1.1=17:123-to-2.2.2.2=17]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-1.1.1.1=17:123-to-2.2.2.2=17]:Transforms=phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-1.1.1.1=17:123-to-2.2.2.2=17]:Transforms=phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1=17:123]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1=17:123]:Address=1.1.1.1 force
C set [to-2.2.2.2=17]:ID-type=IPV4_ADDR force
diff --git a/regress/sbin/ipsecctl/ike43.ok b/regress/sbin/ipsecctl/ike43.ok
index 0f1dbbb1b09..11cb2a72012 100644
--- a/regress/sbin/ipsecctl/ike43.ok
+++ b/regress/sbin/ipsecctl/ike43.ok
@@ -3,13 +3,13 @@ C set [peer-3ffe::2]:Phase=1 force
C set [peer-3ffe::2]:Address=3ffe::2 force
C set [peer-3ffe::2]:Configuration=phase1-peer-3ffe::2 force
C set [phase1-peer-3ffe::2]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::2]:Transforms=phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::2]:Transforms=phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3ffe::1=6:2022-to-3ffe::2=6:22]:Phase=2 force
C set [from-3ffe::1=6:2022-to-3ffe::2=6:22]:ISAKMP-peer=peer-3ffe::2 force
C set [from-3ffe::1=6:2022-to-3ffe::2=6:22]:Configuration=phase2-from-3ffe::1=6:2022-to-3ffe::2=6:22 force
@@ -19,13 +19,13 @@ C set [phase2-from-3ffe::1=6:2022-to-3ffe::2=6:22]:EXCHANGE_TYPE=QUICK_MODE forc
C set [phase2-from-3ffe::1=6:2022-to-3ffe::2=6:22]:Suites=phase2-suite-from-3ffe::1=6:2022-to-3ffe::2=6:22 force
C set [phase2-suite-from-3ffe::1=6:2022-to-3ffe::2=6:22]:Protocols=phase2-protocol-from-3ffe::1=6:2022-to-3ffe::2=6:22 force
C set [phase2-protocol-from-3ffe::1=6:2022-to-3ffe::2=6:22]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe::1=6:2022-to-3ffe::2=6:22]:Transforms=phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe::1=6:2022-to-3ffe::2=6:22]:Transforms=phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe::1=6:2022]:ID-type=IPV6_ADDR force
C set [from-3ffe::1=6:2022]:Address=3ffe::1 force
C set [to-3ffe::2=6:22]:ID-type=IPV6_ADDR force
diff --git a/regress/sbin/ipsecctl/ike46.ok b/regress/sbin/ipsecctl/ike46.ok
index d0e0d6a94b9..6c28251fab1 100644
--- a/regress/sbin/ipsecctl/ike46.ok
+++ b/regress/sbin/ipsecctl/ike46.ok
@@ -3,13 +3,13 @@ C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
@@ -19,13 +19,13 @@ C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=phase2-suite-from-1.1.1.1-to-2.2.2.2 force
C set [phase2-suite-from-1.1.1.1-to-2.2.2.2]:Protocols=phase2-protocol-from-1.1.1.1-to-2.2.2.2 force
C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
@@ -36,13 +36,13 @@ C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
@@ -52,13 +52,13 @@ C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=phase2-suite-from-1.1.1.1-to-2.2.2.2 force
C set [phase2-suite-from-1.1.1.1-to-2.2.2.2]:Protocols=phase2-protocol-from-1.1.1.1-to-2.2.2.2 force
C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TRANSPORT force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TRANSPORT]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TRANSPORT]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TRANSPORT]:ENCAPSULATION_MODE=TRANSPORT force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TRANSPORT]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TRANSPORT]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TRANSPORT]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TRANSPORT force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TRANSPORT]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TRANSPORT]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TRANSPORT]:ENCAPSULATION_MODE=TRANSPORT force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TRANSPORT]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TRANSPORT]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TRANSPORT]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
diff --git a/regress/sbin/ipsecctl/ike47.ok b/regress/sbin/ipsecctl/ike47.ok
index 6864daba509..c7ae94d0eac 100644
--- a/regress/sbin/ipsecctl/ike47.ok
+++ b/regress/sbin/ipsecctl/ike47.ok
@@ -2,13 +2,13 @@ C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-0.0.0.0/0-to-0.0.0.0/0]:Phase=2 force
C set [from-0.0.0.0/0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
C set [from-0.0.0.0/0-to-0.0.0.0/0]:Configuration=phase2-from-0.0.0.0/0-to-0.0.0.0/0 force
@@ -18,13 +18,13 @@ C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:Suites=phase2-suite-from-0.0.0.0/0-to-0.0.0.0/0 force
C set [phase2-suite-from-0.0.0.0/0-to-0.0.0.0/0]:Protocols=phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0 force
C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:Transforms=phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:Transforms=phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
C set [from-0.0.0.0/0]:Network=0.0.0.0 force
C set [from-0.0.0.0/0]:Netmask=0.0.0.0 force
@@ -36,13 +36,13 @@ C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-::/0-to-::/0]:Phase=2 force
C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force
C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force
@@ -52,13 +52,13 @@ C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-::/0-to-::/0]:Suites=phase2-suite-from-::/0-to-::/0 force
C set [phase2-suite-from-::/0-to-::/0]:Protocols=phase2-protocol-from-::/0-to-::/0 force
C set [phase2-protocol-from-::/0-to-::/0]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force
C set [from-::/0]:Network=:: force
C set [from-::/0]:Netmask=:: force
diff --git a/regress/sbin/ipsecctl/ike48.ok b/regress/sbin/ipsecctl/ike48.ok
index 928f1557cb0..276b159e6c0 100644
--- a/regress/sbin/ipsecctl/ike48.ok
+++ b/regress/sbin/ipsecctl/ike48.ok
@@ -3,13 +3,13 @@ C set [peer-default]:Phase=1 force
C set [peer-default]:Authentication=mekmitasdigoat force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=PRE_SHARED force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=PRE_SHARED force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-0.0.0.0/0-to-0.0.0.0/0]:Phase=2 force
C set [from-0.0.0.0/0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
C set [from-0.0.0.0/0-to-0.0.0.0/0]:Configuration=phase2-from-0.0.0.0/0-to-0.0.0.0/0 force
@@ -19,13 +19,13 @@ C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:Suites=phase2-suite-from-0.0.0.0/0-to-0.0.0.0/0 force
C set [phase2-suite-from-0.0.0.0/0-to-0.0.0.0/0]:Protocols=phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0 force
C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:Transforms=phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:Transforms=phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
C set [from-0.0.0.0/0]:Network=0.0.0.0 force
C set [from-0.0.0.0/0]:Netmask=0.0.0.0 force
@@ -38,13 +38,13 @@ C set [peer-default]:Phase=1 force
C set [peer-default]:Authentication=mekmitasdigoat force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=PRE_SHARED force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=PRE_SHARED force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-::/0-to-::/0]:Phase=2 force
C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force
C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force
@@ -54,13 +54,13 @@ C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-::/0-to-::/0]:Suites=phase2-suite-from-::/0-to-::/0 force
C set [phase2-suite-from-::/0-to-::/0]:Protocols=phase2-protocol-from-::/0-to-::/0 force
C set [phase2-protocol-from-::/0-to-::/0]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force
C set [from-::/0]:Network=:: force
C set [from-::/0]:Netmask=:: force
diff --git a/regress/sbin/ipsecctl/ike49.ok b/regress/sbin/ipsecctl/ike49.ok
index b368b79c6e3..6dc957d9ca3 100644
--- a/regress/sbin/ipsecctl/ike49.ok
+++ b/regress/sbin/ipsecctl/ike49.ok
@@ -3,13 +3,13 @@ C set [peer-default]:Phase=1 force
C set [peer-default]:Authentication=mekmitasdigoat force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=PRE_SHARED force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=PRE_SHARED force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-default force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
@@ -19,13 +19,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.1.1.0/24]:Network=10.1.1.0 force
C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
diff --git a/regress/sbin/ipsecctl/ike5.ok b/regress/sbin/ipsecctl/ike5.ok
index 9b6a4d9cadd..35e539869ab 100644
--- a/regress/sbin/ipsecctl/ike5.ok
+++ b/regress/sbin/ipsecctl/ike5.ok
@@ -42,13 +42,13 @@ C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_3072 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_3072 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
C set [peer-131.188.33.29]:ID=id-sharleena.as10.net force
C set [id-sharleena.as10.net]:ID-type=FQDN force
C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
@@ -64,13 +64,13 @@ C set [phase2-from-131.188.33.51-to-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE forc
C set [phase2-from-131.188.33.51-to-131.188.33.29]:Suites=phase2-suite-from-131.188.33.51-to-131.188.33.29 force
C set [phase2-suite-from-131.188.33.51-to-131.188.33.29]:Protocols=phase2-protocol-from-131.188.33.51-to-131.188.33.29 force
C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:Transforms=phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:Transforms=phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_3072-TUNNEL force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-131.188.33.51]:ID-type=IPV4_ADDR force
C set [from-131.188.33.51]:Address=131.188.33.51 force
C set [to-131.188.33.29]:ID-type=IPV4_ADDR force
diff --git a/regress/sbin/ipsecctl/ike50.ok b/regress/sbin/ipsecctl/ike50.ok
index 70d57ad6880..871a1f53632 100644
--- a/regress/sbin/ipsecctl/ike50.ok
+++ b/regress/sbin/ipsecctl/ike50.ok
@@ -3,13 +3,13 @@ C set [peer-default]:Phase=1 force
C set [peer-default]:Local-address=1.1.1.1 force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-10.1.1.0/24-to-10.2.2.0/24]:Phase=2 force
C set [from-10.1.1.0/24-to-10.2.2.0/24]:ISAKMP-peer=peer-default force
C set [from-10.1.1.0/24-to-10.2.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.2.2.0/24 force
@@ -19,13 +19,13 @@ C set [phase2-from-10.1.1.0/24-to-10.2.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.1.1.0/24-to-10.2.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.2.2.0/24 force
C set [phase2-suite-from-10.1.1.0/24-to-10.2.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.2.2.0/24 force
C set [phase2-protocol-from-10.1.1.0/24-to-10.2.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.1.1.0/24-to-10.2.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.1.1.0/24-to-10.2.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.1.1.0/24]:Network=10.1.1.0 force
C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
diff --git a/regress/sbin/ipsecctl/ike51.ok b/regress/sbin/ipsecctl/ike51.ok
index 850f9f97050..10ceb65ddbf 100644
--- a/regress/sbin/ipsecctl/ike51.ok
+++ b/regress/sbin/ipsecctl/ike51.ok
@@ -3,13 +3,13 @@ C set [peer-default]:Phase=1 force
C set [peer-default]:Authentication=mekmitasdigoat force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=PRE_SHARED force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=PRE_SHARED force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3ffe::1/24-to-3ffe:2::/24]:Phase=2 force
C set [from-3ffe::1/24-to-3ffe:2::/24]:ISAKMP-peer=peer-default force
C set [from-3ffe::1/24-to-3ffe:2::/24]:Configuration=phase2-from-3ffe::1/24-to-3ffe:2::/24 force
@@ -19,13 +19,13 @@ C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:Suites=phase2-suite-from-3ffe::1/24-to-3ffe:2::/24 force
C set [phase2-suite-from-3ffe::1/24-to-3ffe:2::/24]:Protocols=phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24 force
C set [phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24]:Transforms=phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24]:Transforms=phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
C set [from-3ffe::1/24]:Network=3ffe::1 force
C set [from-3ffe::1/24]:Netmask=ffff:ff00:: force
diff --git a/regress/sbin/ipsecctl/ike52.ok b/regress/sbin/ipsecctl/ike52.ok
index c1133ec487c..562996496db 100644
--- a/regress/sbin/ipsecctl/ike52.ok
+++ b/regress/sbin/ipsecctl/ike52.ok
@@ -3,13 +3,13 @@ C set [peer-default]:Phase=1 force
C set [peer-default]:Local-address=3ffe::3 force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3ffe::1/24-to-3ffe:2::/24]:Phase=2 force
C set [from-3ffe::1/24-to-3ffe:2::/24]:ISAKMP-peer=peer-default force
C set [from-3ffe::1/24-to-3ffe:2::/24]:Configuration=phase2-from-3ffe::1/24-to-3ffe:2::/24 force
@@ -19,13 +19,13 @@ C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:Suites=phase2-suite-from-3ffe::1/24-to-3ffe:2::/24 force
C set [phase2-suite-from-3ffe::1/24-to-3ffe:2::/24]:Protocols=phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24 force
C set [phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24]:Transforms=phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24]:Transforms=phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
C set [from-3ffe::1/24]:Network=3ffe::1 force
C set [from-3ffe::1/24]:Netmask=ffff:ff00:: force
diff --git a/regress/sbin/ipsecctl/ike53.ok b/regress/sbin/ipsecctl/ike53.ok
index f5e7dba9ee2..9b2b6c34c06 100644
--- a/regress/sbin/ipsecctl/ike53.ok
+++ b/regress/sbin/ipsecctl/ike53.ok
@@ -3,13 +3,13 @@ C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
diff --git a/regress/sbin/ipsecctl/ike54.ok b/regress/sbin/ipsecctl/ike54.ok
index 96d8c623b62..a10621c0c9f 100644
--- a/regress/sbin/ipsecctl/ike54.ok
+++ b/regress/sbin/ipsecctl/ike54.ok
@@ -2,13 +2,13 @@ C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1=17:123-to-0.0.0.0/0=17]:Phase=2 force
C set [from-1.1.1.1=17:123-to-0.0.0.0/0=17]:ISAKMP-peer=peer-default force
C set [from-1.1.1.1=17:123-to-0.0.0.0/0=17]:Configuration=phase2-from-1.1.1.1=17:123-to-0.0.0.0/0=17 force
diff --git a/regress/sbin/ipsecctl/ike55.ok b/regress/sbin/ipsecctl/ike55.ok
index 3ed6116e3e5..36c66fff34b 100644
--- a/regress/sbin/ipsecctl/ike55.ok
+++ b/regress/sbin/ipsecctl/ike55.ok
@@ -3,13 +3,13 @@ C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
diff --git a/regress/sbin/ipsecctl/ike56.ok b/regress/sbin/ipsecctl/ike56.ok
index ae63ab58aa7..ff6c1baea85 100644
--- a/regress/sbin/ipsecctl/ike56.ok
+++ b/regress/sbin/ipsecctl/ike56.ok
@@ -3,13 +3,13 @@ C set [peer-127.0.0.1]:Phase=1 force
C set [peer-127.0.0.1]:Address=127.0.0.1 force
C set [peer-127.0.0.1]:Configuration=phase1-peer-127.0.0.1 force
C set [phase1-peer-127.0.0.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-127.0.0.1]:Transforms=phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-127.0.0.1]:Transforms=phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-127.0.0.1-to-127.0.0.1]:Phase=2 force
C set [from-127.0.0.1-to-127.0.0.1]:ISAKMP-peer=peer-127.0.0.1 force
C set [from-127.0.0.1-to-127.0.0.1]:Configuration=phase2-from-127.0.0.1-to-127.0.0.1 force
@@ -19,13 +19,13 @@ C set [phase2-from-127.0.0.1-to-127.0.0.1]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-127.0.0.1-to-127.0.0.1]:Suites=phase2-suite-from-127.0.0.1-to-127.0.0.1 force
C set [phase2-suite-from-127.0.0.1-to-127.0.0.1]:Protocols=phase2-protocol-from-127.0.0.1-to-127.0.0.1 force
C set [phase2-protocol-from-127.0.0.1-to-127.0.0.1]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-127.0.0.1-to-127.0.0.1]:Transforms=phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-127.0.0.1-to-127.0.0.1]:Transforms=phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-127.0.0.1]:ID-type=IPV4_ADDR force
C set [from-127.0.0.1]:Address=127.0.0.1 force
C set [to-127.0.0.1]:ID-type=IPV4_ADDR force
diff --git a/regress/sbin/ipsecctl/ike57.ok b/regress/sbin/ipsecctl/ike57.ok
index cb2d4508eca..44c527f008a 100644
--- a/regress/sbin/ipsecctl/ike57.ok
+++ b/regress/sbin/ipsecctl/ike57.ok
@@ -3,13 +3,13 @@ C set [peer-192.168.0.1]:Phase=1 force
C set [peer-192.168.0.1]:Address=192.168.0.1 force
C set [peer-192.168.0.1]:Configuration=phase1-peer-192.168.0.1 force
C set [phase1-peer-192.168.0.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-192.168.0.1]:Transforms=phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-192.168.0.1]:Transforms=phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [peer-192.168.0.1]:ID=id-me@example.com force
C set [id-me@example.com]:ID-type=USER_FQDN force
C set [id-me@example.com]:Name=me@example.com force
@@ -25,13 +25,13 @@ C set [phase2-from-10.0.0.0/24-to-10.0.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.0.0.0/24-to-10.0.1.0/24]:Suites=phase2-suite-from-10.0.0.0/24-to-10.0.1.0/24 force
C set [phase2-suite-from-10.0.0.0/24-to-10.0.1.0/24]:Protocols=phase2-protocol-from-10.0.0.0/24-to-10.0.1.0/24 force
C set [phase2-protocol-from-10.0.0.0/24-to-10.0.1.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.0.0.0/24-to-10.0.1.0/24]:Transforms=phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.0.0.0/24-to-10.0.1.0/24]:Transforms=phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.0.0.0/24]:Network=10.0.0.0 force
C set [from-10.0.0.0/24]:Netmask=255.255.255.0 force
@@ -44,13 +44,13 @@ C set [peer-192.168.0.2]:Phase=1 force
C set [peer-192.168.0.2]:Address=192.168.0.2 force
C set [peer-192.168.0.2]:Configuration=phase1-peer-192.168.0.2 force
C set [phase1-peer-192.168.0.2]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-192.168.0.2]:Transforms=phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-192.168.0.2]:Transforms=phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [peer-192.168.0.2]:ID=id-me@example.com force
C set [id-me@example.com]:ID-type=USER_FQDN force
C set [id-me@example.com]:Name=me@example.com force
@@ -66,13 +66,13 @@ C set [phase2-from-10.0.0.0/24-to-10.0.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.0.0.0/24-to-10.0.2.0/24]:Suites=phase2-suite-from-10.0.0.0/24-to-10.0.2.0/24 force
C set [phase2-suite-from-10.0.0.0/24-to-10.0.2.0/24]:Protocols=phase2-protocol-from-10.0.0.0/24-to-10.0.2.0/24 force
C set [phase2-protocol-from-10.0.0.0/24-to-10.0.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.0.0.0/24-to-10.0.2.0/24]:Transforms=phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.0.0.0/24-to-10.0.2.0/24]:Transforms=phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.0.0.0/24]:Network=10.0.0.0 force
C set [from-10.0.0.0/24]:Netmask=255.255.255.0 force
@@ -85,13 +85,13 @@ C set [peer-192.168.0.3]:Phase=1 force
C set [peer-192.168.0.3]:Address=192.168.0.3 force
C set [peer-192.168.0.3]:Configuration=phase1-peer-192.168.0.3 force
C set [phase1-peer-192.168.0.3]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-192.168.0.3]:Transforms=phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-192.168.0.3]:Transforms=phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [peer-192.168.0.3]:ID=id-me.example.com force
C set [id-me.example.com]:ID-type=FQDN force
C set [id-me.example.com]:Name=me.example.com force
@@ -107,13 +107,13 @@ C set [phase2-from-10.0.0.0/24-to-10.0.3.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.0.0.0/24-to-10.0.3.0/24]:Suites=phase2-suite-from-10.0.0.0/24-to-10.0.3.0/24 force
C set [phase2-suite-from-10.0.0.0/24-to-10.0.3.0/24]:Protocols=phase2-protocol-from-10.0.0.0/24-to-10.0.3.0/24 force
C set [phase2-protocol-from-10.0.0.0/24-to-10.0.3.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.0.0.0/24-to-10.0.3.0/24]:Transforms=phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.0.0.0/24-to-10.0.3.0/24]:Transforms=phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.0.0.0/24]:Network=10.0.0.0 force
C set [from-10.0.0.0/24]:Netmask=255.255.255.0 force
diff --git a/regress/sbin/ipsecctl/ike58.ok b/regress/sbin/ipsecctl/ike58.ok
index 8b37caf2d61..67248b24169 100644
--- a/regress/sbin/ipsecctl/ike58.ok
+++ b/regress/sbin/ipsecctl/ike58.ok
@@ -2,13 +2,13 @@ C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-0.0.0.0/0-to-0.0.0.0/0]:Phase=2 force
C set [from-0.0.0.0/0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
C set [from-0.0.0.0/0-to-0.0.0.0/0]:Configuration=phase2-from-0.0.0.0/0-to-0.0.0.0/0 force
@@ -18,13 +18,13 @@ C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:Suites=phase2-suite-from-0.0.0.0/0-to-0.0.0.0/0 force
C set [phase2-suite-from-0.0.0.0/0-to-0.0.0.0/0]:Protocols=phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0 force
C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:Transforms=phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:Transforms=phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
C set [from-0.0.0.0/0]:Network=0.0.0.0 force
C set [from-0.0.0.0/0]:Netmask=0.0.0.0 force
@@ -36,13 +36,13 @@ C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-::/0-to-::/0]:Phase=2 force
C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force
C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force
@@ -52,13 +52,13 @@ C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-::/0-to-::/0]:Suites=phase2-suite-from-::/0-to-::/0 force
C set [phase2-suite-from-::/0-to-::/0]:Protocols=phase2-protocol-from-::/0-to-::/0 force
C set [phase2-protocol-from-::/0-to-::/0]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force
C set [from-::/0]:Network=:: force
C set [from-::/0]:Netmask=:: force
@@ -70,13 +70,13 @@ C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-::/0-to-::/0]:Phase=2 force
C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force
C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force
@@ -86,13 +86,13 @@ C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-::/0-to-::/0]:Suites=phase2-suite-from-::/0-to-::/0 force
C set [phase2-suite-from-::/0-to-::/0]:Protocols=phase2-protocol-from-::/0-to-::/0 force
C set [phase2-protocol-from-::/0-to-::/0]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force
C set [from-::/0]:Network=:: force
C set [from-::/0]:Netmask=:: force
diff --git a/regress/sbin/ipsecctl/ike59.ok b/regress/sbin/ipsecctl/ike59.ok
index ee0634bcb95..07fc92f2609 100644
--- a/regress/sbin/ipsecctl/ike59.ok
+++ b/regress/sbin/ipsecctl/ike59.ok
@@ -3,13 +3,13 @@ C set [peer-1.2.3.4]:Phase=1 force
C set [peer-1.2.3.4]:Address=1.2.3.4 force
C set [peer-1.2.3.4]:Configuration=phase1-peer-1.2.3.4 force
C set [phase1-peer-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.2.3.4]:Transforms=phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.2.3.4]:Transforms=phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-10.0.0.1/32-to-10.0.0.2/32]:Phase=2 force
C set [from-10.0.0.1/32-to-10.0.0.2/32]:ISAKMP-peer=peer-1.2.3.4 force
C set [from-10.0.0.1/32-to-10.0.0.2/32]:Configuration=phase2-from-10.0.0.1/32-to-10.0.0.2/32 force
@@ -19,13 +19,13 @@ C set [phase2-from-10.0.0.1/32-to-10.0.0.2/32]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.0.0.1/32-to-10.0.0.2/32]:Suites=phase2-suite-from-10.0.0.1/32-to-10.0.0.2/32 force
C set [phase2-suite-from-10.0.0.1/32-to-10.0.0.2/32]:Protocols=phase2-protocol-from-10.0.0.1/32-to-10.0.0.2/32 force
C set [phase2-protocol-from-10.0.0.1/32-to-10.0.0.2/32]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.0.0.1/32-to-10.0.0.2/32]:Transforms=phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.0.0.1/32-to-10.0.0.2/32]:Transforms=phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.0.0.1/32]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.0.0.1/32]:Network=10.0.0.1 force
C set [from-10.0.0.1/32]:Netmask=255.255.255.255 force
diff --git a/regress/sbin/ipsecctl/ike6.ok b/regress/sbin/ipsecctl/ike6.ok
index 6c493238ab3..5bae27ded77 100644
--- a/regress/sbin/ipsecctl/ike6.ok
+++ b/regress/sbin/ipsecctl/ike6.ok
@@ -3,13 +3,13 @@ C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
@@ -19,13 +19,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.1.1.0/24]:Network=10.1.1.0 force
C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
@@ -38,13 +38,13 @@ C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-131.188.33.51-to-131.188.33.29]:Phase=2 force
C set [from-131.188.33.51-to-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
C set [from-131.188.33.51-to-131.188.33.29]:Configuration=phase2-from-131.188.33.51-to-131.188.33.29 force
@@ -54,13 +54,13 @@ C set [phase2-from-131.188.33.51-to-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE forc
C set [phase2-from-131.188.33.51-to-131.188.33.29]:Suites=phase2-suite-from-131.188.33.51-to-131.188.33.29 force
C set [phase2-suite-from-131.188.33.51-to-131.188.33.29]:Protocols=phase2-protocol-from-131.188.33.51-to-131.188.33.29 force
C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:Transforms=phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:Transforms=phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-131.188.33.51]:ID-type=IPV4_ADDR force
C set [from-131.188.33.51]:Address=131.188.33.51 force
C set [to-131.188.33.29]:ID-type=IPV4_ADDR force
diff --git a/regress/sbin/ipsecctl/ike60.ok b/regress/sbin/ipsecctl/ike60.ok
index 8df2195e099..f524ea8c1df 100644
--- a/regress/sbin/ipsecctl/ike60.ok
+++ b/regress/sbin/ipsecctl/ike60.ok
@@ -2,13 +2,13 @@ C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:128-MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:128-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:128-MODP_1024]:KEY_LENGTH=128,128:128 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:128-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:128 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-10.0.0.1-to-0.0.0.0/0]:Phase=2 force
C set [from-10.0.0.1-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
C set [from-10.0.0.1-to-0.0.0.0/0]:Configuration=phase2-from-10.0.0.1-to-0.0.0.0/0 force
@@ -18,13 +18,13 @@ C set [phase2-from-10.0.0.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.0.0.1-to-0.0.0.0/0]:Suites=phase2-suite-from-10.0.0.1-to-0.0.0.0/0 force
C set [phase2-suite-from-10.0.0.1-to-0.0.0.0/0]:Protocols=phase2-protocol-from-10.0.0.1-to-0.0.0.0/0 force
C set [phase2-protocol-from-10.0.0.1-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.0.0.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128,128:128-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128,128:128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128,128:128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:128 force
-C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128,128:128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128,128:128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128,128:128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128,128:128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.0.0.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:128 force
+C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.0.0.1]:ID-type=IPV4_ADDR force
C set [from-10.0.0.1]:Address=10.0.0.1 force
C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
@@ -35,13 +35,13 @@ C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES192,192:192-MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192,192:192-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192,192:192-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192,192:192-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192,192:192-MODP_1024]:KEY_LENGTH=192,192:192 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192,192:192-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192,192:192-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES192-MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192-MODP_1024]:KEY_LENGTH=192,192:192 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-10.0.0.2-to-0.0.0.0/0]:Phase=2 force
C set [from-10.0.0.2-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
C set [from-10.0.0.2-to-0.0.0.0/0]:Configuration=phase2-from-10.0.0.2-to-0.0.0.0/0 force
@@ -51,13 +51,13 @@ C set [phase2-from-10.0.0.2-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.0.0.2-to-0.0.0.0/0]:Suites=phase2-suite-from-10.0.0.2-to-0.0.0.0/0 force
C set [phase2-suite-from-10.0.0.2-to-0.0.0.0/0]:Protocols=phase2-protocol-from-10.0.0.2-to-0.0.0.0/0 force
C set [phase2-protocol-from-10.0.0.2-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.0.0.2-to-0.0.0.0/0]:Transforms=phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192,192:192-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192,192:192-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192,192:192-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=192,192:192 force
-C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192,192:192-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192,192:192-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192,192:192-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192,192:192-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.0.0.2-to-0.0.0.0/0]:Transforms=phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=192,192:192 force
+C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.0.0.2]:ID-type=IPV4_ADDR force
C set [from-10.0.0.2]:Address=10.0.0.2 force
C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
@@ -68,13 +68,13 @@ C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES256,256:256-MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256,256:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256,256:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256,256:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256,256:256-MODP_1024]:KEY_LENGTH=256,256:256 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256,256:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256,256:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES256-MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256-MODP_1024]:KEY_LENGTH=256,256:256 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-10.0.0.3-to-0.0.0.0/0]:Phase=2 force
C set [from-10.0.0.3-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
C set [from-10.0.0.3-to-0.0.0.0/0]:Configuration=phase2-from-10.0.0.3-to-0.0.0.0/0 force
@@ -84,13 +84,13 @@ C set [phase2-from-10.0.0.3-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.0.0.3-to-0.0.0.0/0]:Suites=phase2-suite-from-10.0.0.3-to-0.0.0.0/0 force
C set [phase2-suite-from-10.0.0.3-to-0.0.0.0/0]:Protocols=phase2-protocol-from-10.0.0.3-to-0.0.0.0/0 force
C set [phase2-protocol-from-10.0.0.3-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.0.0.3-to-0.0.0.0/0]:Transforms=phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256,256:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256,256:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256,256:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=256,256:256 force
-C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256,256:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256,256:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256,256:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256,256:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.0.0.3-to-0.0.0.0/0]:Transforms=phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=256,256:256 force
+C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.0.0.3]:ID-type=IPV4_ADDR force
C set [from-10.0.0.3]:Address=10.0.0.3 force
C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
diff --git a/regress/sbin/ipsecctl/ike61.ok b/regress/sbin/ipsecctl/ike61.ok
index 0857b1cf06c..85c68a36a36 100644
--- a/regress/sbin/ipsecctl/ike61.ok
+++ b/regress/sbin/ipsecctl/ike61.ok
@@ -5,13 +5,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-2.2.2.0/24-to-5.5.5.0/24]:Phase=2 force
C set [from-2.2.2.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-2.2.2.0/24-to-5.5.5.0/24]:Configuration=phase2-from-2.2.2.0/24-to-5.5.5.0/24 force
@@ -22,13 +22,13 @@ C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:Suites=phase2-suite-from-2.2.2.0/24-to-5.5.5.0/24 force
C set [phase2-suite-from-2.2.2.0/24-to-5.5.5.0/24]:Protocols=phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24 force
C set [phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-2.2.2.0/24]:Network=2.2.2.0 force
C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
@@ -44,13 +44,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-2.2.2.0/24-to-6.6.6.0/24]:Phase=2 force
C set [from-2.2.2.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-2.2.2.0/24-to-6.6.6.0/24]:Configuration=phase2-from-2.2.2.0/24-to-6.6.6.0/24 force
@@ -61,13 +61,13 @@ C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:Suites=phase2-suite-from-2.2.2.0/24-to-6.6.6.0/24 force
C set [phase2-suite-from-2.2.2.0/24-to-6.6.6.0/24]:Protocols=phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24 force
C set [phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-2.2.2.0/24]:Network=2.2.2.0 force
C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
@@ -83,13 +83,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-2.2.2.0/24-to-7.7.7.0/24]:Phase=2 force
C set [from-2.2.2.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-2.2.2.0/24-to-7.7.7.0/24]:Configuration=phase2-from-2.2.2.0/24-to-7.7.7.0/24 force
@@ -100,13 +100,13 @@ C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:Suites=phase2-suite-from-2.2.2.0/24-to-7.7.7.0/24 force
C set [phase2-suite-from-2.2.2.0/24-to-7.7.7.0/24]:Protocols=phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24 force
C set [phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-2.2.2.0/24]:Network=2.2.2.0 force
C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
@@ -122,13 +122,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3.3.3.0/24-to-5.5.5.0/24]:Phase=2 force
C set [from-3.3.3.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-3.3.3.0/24-to-5.5.5.0/24]:Configuration=phase2-from-3.3.3.0/24-to-5.5.5.0/24 force
@@ -138,13 +138,13 @@ C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:Suites=phase2-suite-from-3.3.3.0/24-to-5.5.5.0/24 force
C set [phase2-suite-from-3.3.3.0/24-to-5.5.5.0/24]:Protocols=phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24 force
C set [phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-3.3.3.0/24]:Network=3.3.3.0 force
C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
@@ -157,13 +157,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3.3.3.0/24-to-6.6.6.0/24]:Phase=2 force
C set [from-3.3.3.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-3.3.3.0/24-to-6.6.6.0/24]:Configuration=phase2-from-3.3.3.0/24-to-6.6.6.0/24 force
@@ -173,13 +173,13 @@ C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:Suites=phase2-suite-from-3.3.3.0/24-to-6.6.6.0/24 force
C set [phase2-suite-from-3.3.3.0/24-to-6.6.6.0/24]:Protocols=phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24 force
C set [phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-3.3.3.0/24]:Network=3.3.3.0 force
C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
@@ -192,13 +192,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3.3.3.0/24-to-7.7.7.0/24]:Phase=2 force
C set [from-3.3.3.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-3.3.3.0/24-to-7.7.7.0/24]:Configuration=phase2-from-3.3.3.0/24-to-7.7.7.0/24 force
@@ -208,13 +208,13 @@ C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:Suites=phase2-suite-from-3.3.3.0/24-to-7.7.7.0/24 force
C set [phase2-suite-from-3.3.3.0/24-to-7.7.7.0/24]:Protocols=phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24 force
C set [phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-3.3.3.0/24]:Network=3.3.3.0 force
C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
@@ -227,13 +227,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-4.4.4.0/24-to-5.5.5.0/24]:Phase=2 force
C set [from-4.4.4.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-4.4.4.0/24-to-5.5.5.0/24]:Configuration=phase2-from-4.4.4.0/24-to-5.5.5.0/24 force
@@ -244,13 +244,13 @@ C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:Suites=phase2-suite-from-4.4.4.0/24-to-5.5.5.0/24 force
C set [phase2-suite-from-4.4.4.0/24-to-5.5.5.0/24]:Protocols=phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24 force
C set [phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-4.4.4.0/24]:Network=4.4.4.0 force
C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
@@ -266,13 +266,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-4.4.4.0/24-to-6.6.6.0/24]:Phase=2 force
C set [from-4.4.4.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-4.4.4.0/24-to-6.6.6.0/24]:Configuration=phase2-from-4.4.4.0/24-to-6.6.6.0/24 force
@@ -283,13 +283,13 @@ C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:Suites=phase2-suite-from-4.4.4.0/24-to-6.6.6.0/24 force
C set [phase2-suite-from-4.4.4.0/24-to-6.6.6.0/24]:Protocols=phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24 force
C set [phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-4.4.4.0/24]:Network=4.4.4.0 force
C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
@@ -305,13 +305,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-4.4.4.0/24-to-7.7.7.0/24]:Phase=2 force
C set [from-4.4.4.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-4.4.4.0/24-to-7.7.7.0/24]:Configuration=phase2-from-4.4.4.0/24-to-7.7.7.0/24 force
@@ -322,13 +322,13 @@ C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:Suites=phase2-suite-from-4.4.4.0/24-to-7.7.7.0/24 force
C set [phase2-suite-from-4.4.4.0/24-to-7.7.7.0/24]:Protocols=phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24 force
C set [phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-4.4.4.0/24]:Network=4.4.4.0 force
C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
@@ -344,13 +344,13 @@ C set [peer-3ffe::51]:Phase=1 force
C set [peer-3ffe::51]:Address=3ffe::51 force
C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force
C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3ffe:1::/64-to-3ffe:2::/64]:Phase=2 force
C set [from-3ffe:1::/64-to-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::51 force
C set [from-3ffe:1::/64-to-3ffe:2::/64]:Configuration=phase2-from-3ffe:1::/64-to-3ffe:2::/64 force
@@ -361,13 +361,13 @@ C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:Suites=phase2-suite-from-3ffe:1::/64-to-3ffe:2::/64 force
C set [phase2-suite-from-3ffe:1::/64-to-3ffe:2::/64]:Protocols=phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64 force
C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:Transforms=phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:Transforms=phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
C set [from-3ffe:1::/64]:Network=3ffe:1:: force
C set [from-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
diff --git a/regress/sbin/ipsecctl/ike62.ok b/regress/sbin/ipsecctl/ike62.ok
index a911875e107..d202191a1d1 100644
--- a/regress/sbin/ipsecctl/ike62.ok
+++ b/regress/sbin/ipsecctl/ike62.ok
@@ -3,13 +3,13 @@ C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
@@ -19,13 +19,13 @@ C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=phase2-suite-from-1.1.1.1-to-2.2.2.2 force
C set [phase2-suite-from-1.1.1.1-to-2.2.2.2]:Protocols=phase2-protocol-from-1.1.1.1-to-2.2.2.2 force
C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
@@ -35,13 +35,13 @@ C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-3.3.3.3-to-4.4.4.4]:Phase=2 force
C set [from-3.3.3.3-to-4.4.4.4]:ISAKMP-peer=peer-default force
C set [from-3.3.3.3-to-4.4.4.4]:Configuration=phase2-from-3.3.3.3-to-4.4.4.4 force
@@ -51,13 +51,13 @@ C set [phase2-from-3.3.3.3-to-4.4.4.4]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3.3.3.3-to-4.4.4.4]:Suites=phase2-suite-from-3.3.3.3-to-4.4.4.4 force
C set [phase2-suite-from-3.3.3.3-to-4.4.4.4]:Protocols=phase2-protocol-from-3.3.3.3-to-4.4.4.4 force
C set [phase2-protocol-from-3.3.3.3-to-4.4.4.4]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3.3.3.3-to-4.4.4.4]:Transforms=phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3.3.3.3-to-4.4.4.4]:Transforms=phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3.3.3.3]:ID-type=IPV4_ADDR force
C set [from-3.3.3.3]:Address=3.3.3.3 force
C set [to-4.4.4.4]:ID-type=IPV4_ADDR force
@@ -68,13 +68,13 @@ C set [peer-9.9.9.9]:Phase=1 force
C set [peer-9.9.9.9]:Address=9.9.9.9 force
C set [peer-9.9.9.9]:Configuration=phase1-peer-9.9.9.9 force
C set [phase1-peer-9.9.9.9]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-9.9.9.9]:Transforms=phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-9.9.9.9]:Transforms=phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-5.5.5.5-to-6.6.6.6]:Phase=2 force
C set [from-5.5.5.5-to-6.6.6.6]:ISAKMP-peer=peer-9.9.9.9 force
C set [from-5.5.5.5-to-6.6.6.6]:Configuration=phase2-from-5.5.5.5-to-6.6.6.6 force
@@ -84,13 +84,13 @@ C set [phase2-from-5.5.5.5-to-6.6.6.6]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-5.5.5.5-to-6.6.6.6]:Suites=phase2-suite-from-5.5.5.5-to-6.6.6.6 force
C set [phase2-suite-from-5.5.5.5-to-6.6.6.6]:Protocols=phase2-protocol-from-5.5.5.5-to-6.6.6.6 force
C set [phase2-protocol-from-5.5.5.5-to-6.6.6.6]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-5.5.5.5-to-6.6.6.6]:Transforms=phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-5.5.5.5-to-6.6.6.6]:Transforms=phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-5.5.5.5]:ID-type=IPV4_ADDR force
C set [from-5.5.5.5]:Address=5.5.5.5 force
C set [to-6.6.6.6]:ID-type=IPV4_ADDR force
diff --git a/regress/sbin/ipsecctl/ike63.ok b/regress/sbin/ipsecctl/ike63.ok
index fbd21f2e585..ea01bbd4519 100644
--- a/regress/sbin/ipsecctl/ike63.ok
+++ b/regress/sbin/ipsecctl/ike63.ok
@@ -3,13 +3,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [peer-1.1.1.1]:ID=id-2.2.2.2 force
C set [id-2.2.2.2]:ID-type=IPV4_ADDR force
C set [id-2.2.2.2]:Address=2.2.2.2 force
@@ -22,13 +22,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.1.1.0/24]:Network=10.1.1.0 force
C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
diff --git a/regress/sbin/ipsecctl/ike64.ok b/regress/sbin/ipsecctl/ike64.ok
index 5b27be9d3c8..658ca038101 100644
--- a/regress/sbin/ipsecctl/ike64.ok
+++ b/regress/sbin/ipsecctl/ike64.ok
@@ -3,13 +3,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [peer-1.1.1.1]:Remote-ID=id-1.1.1.1 force
C set [id-1.1.1.1]:ID-type=IPV4_ADDR force
C set [id-1.1.1.1]:Address=1.1.1.1 force
@@ -22,13 +22,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.1.1.0/24]:Network=10.1.1.0 force
C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
diff --git a/regress/sbin/ipsecctl/ike65.ok b/regress/sbin/ipsecctl/ike65.ok
index e1f4cedc748..14950ad5b19 100644
--- a/regress/sbin/ipsecctl/ike65.ok
+++ b/regress/sbin/ipsecctl/ike65.ok
@@ -3,13 +3,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [peer-1.1.1.1]:ID=id-2.2.2.2 force
C set [id-2.2.2.2]:ID-type=IPV4_ADDR force
C set [id-2.2.2.2]:Address=2.2.2.2 force
@@ -25,13 +25,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.1.1.0/24]:Network=10.1.1.0 force
C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
diff --git a/regress/sbin/ipsecctl/ike66.ok b/regress/sbin/ipsecctl/ike66.ok
index c1de5e109fd..feec4f32da4 100644
--- a/regress/sbin/ipsecctl/ike66.ok
+++ b/regress/sbin/ipsecctl/ike66.ok
@@ -3,13 +3,13 @@ C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [peer-3ffe::1]:ID=id-3ffe::2 force
C set [id-3ffe::2]:ID-type=IPV6_ADDR force
C set [id-3ffe::2]:Address=3ffe::2 force
@@ -22,13 +22,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.1.1.0/24]:Network=10.1.1.0 force
C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
diff --git a/regress/sbin/ipsecctl/ike67.ok b/regress/sbin/ipsecctl/ike67.ok
index 5c8889a6b9b..74b9890f033 100644
--- a/regress/sbin/ipsecctl/ike67.ok
+++ b/regress/sbin/ipsecctl/ike67.ok
@@ -3,13 +3,13 @@ C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [peer-3ffe::1]:Remote-ID=id-3ffe::1 force
C set [id-3ffe::1]:ID-type=IPV6_ADDR force
C set [id-3ffe::1]:Address=3ffe::1 force
@@ -22,13 +22,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.1.1.0/24]:Network=10.1.1.0 force
C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
diff --git a/regress/sbin/ipsecctl/ike68.ok b/regress/sbin/ipsecctl/ike68.ok
index 704f67791ac..a0242ee4c05 100644
--- a/regress/sbin/ipsecctl/ike68.ok
+++ b/regress/sbin/ipsecctl/ike68.ok
@@ -3,13 +3,13 @@ C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [peer-3ffe::1]:ID=id-3ffe::2 force
C set [id-3ffe::2]:ID-type=IPV6_ADDR force
C set [id-3ffe::2]:Address=3ffe::2 force
@@ -25,13 +25,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.1.1.0/24]:Network=10.1.1.0 force
C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
diff --git a/regress/sbin/ipsecctl/ike7.ok b/regress/sbin/ipsecctl/ike7.ok
index 40409913418..567f2e4f0df 100644
--- a/regress/sbin/ipsecctl/ike7.ok
+++ b/regress/sbin/ipsecctl/ike7.ok
@@ -3,13 +3,13 @@ C set [peer-131.188.33.51]:Phase=1 force
C set [peer-131.188.33.51]:Address=131.188.33.51 force
C set [peer-131.188.33.51]:Configuration=phase1-peer-131.188.33.51 force
C set [phase1-peer-131.188.33.51]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-131.188.33.51]:Transforms=phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-131.188.33.51]:Transforms=phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-10.1.2.0/24-to-10.1.1.0/24]:Phase=2 force
C set [from-10.1.2.0/24-to-10.1.1.0/24]:ISAKMP-peer=peer-131.188.33.51 force
C set [from-10.1.2.0/24-to-10.1.1.0/24]:Configuration=phase2-from-10.1.2.0/24-to-10.1.1.0/24 force
@@ -19,13 +19,13 @@ C set [phase2-from-10.1.2.0/24-to-10.1.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.1.2.0/24-to-10.1.1.0/24]:Suites=phase2-suite-from-10.1.2.0/24-to-10.1.1.0/24 force
C set [phase2-suite-from-10.1.2.0/24-to-10.1.1.0/24]:Protocols=phase2-protocol-from-10.1.2.0/24-to-10.1.1.0/24 force
C set [phase2-protocol-from-10.1.2.0/24-to-10.1.1.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-10.1.2.0/24-to-10.1.1.0/24]:Transforms=phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-10.1.2.0/24-to-10.1.1.0/24]:Transforms=phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.1.2.0/24]:Network=10.1.2.0 force
C set [from-10.1.2.0/24]:Netmask=255.255.255.0 force
@@ -38,13 +38,13 @@ C set [peer-131.188.33.51]:Phase=1 force
C set [peer-131.188.33.51]:Address=131.188.33.51 force
C set [peer-131.188.33.51]:Configuration=phase1-peer-131.188.33.51 force
C set [phase1-peer-131.188.33.51]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-131.188.33.51]:Transforms=phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-131.188.33.51]:Transforms=phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-131.188.33.29-to-131.188.33.51]:Phase=2 force
C set [from-131.188.33.29-to-131.188.33.51]:ISAKMP-peer=peer-131.188.33.51 force
C set [from-131.188.33.29-to-131.188.33.51]:Configuration=phase2-from-131.188.33.29-to-131.188.33.51 force
@@ -54,13 +54,13 @@ C set [phase2-from-131.188.33.29-to-131.188.33.51]:EXCHANGE_TYPE=QUICK_MODE forc
C set [phase2-from-131.188.33.29-to-131.188.33.51]:Suites=phase2-suite-from-131.188.33.29-to-131.188.33.51 force
C set [phase2-suite-from-131.188.33.29-to-131.188.33.51]:Protocols=phase2-protocol-from-131.188.33.29-to-131.188.33.51 force
C set [phase2-protocol-from-131.188.33.29-to-131.188.33.51]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-131.188.33.29-to-131.188.33.51]:Transforms=phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-131.188.33.29-to-131.188.33.51]:Transforms=phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-131.188.33.29]:ID-type=IPV4_ADDR force
C set [from-131.188.33.29]:Address=131.188.33.29 force
C set [to-131.188.33.51]:ID-type=IPV4_ADDR force
diff --git a/regress/sbin/ipsecctl/ike8.ok b/regress/sbin/ipsecctl/ike8.ok
index bd0849627ed..c471d476d35 100644
--- a/regress/sbin/ipsecctl/ike8.ok
+++ b/regress/sbin/ipsecctl/ike8.ok
@@ -3,13 +3,13 @@ C set [peer-192.168.3.1]:Phase=1 force
C set [peer-192.168.3.1]:Address=192.168.3.1 force
C set [peer-192.168.3.1]:Configuration=phase1-peer-192.168.3.1 force
C set [phase1-peer-192.168.3.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-192.168.3.1]:Transforms=phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-192.168.3.1]:Transforms=phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1 force
C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
@@ -19,13 +19,13 @@ C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=phase2-suite-from-1.1.1.1-to-0.0.0.0/0 force
C set [phase2-suite-from-1.1.1.1-to-0.0.0.0/0]:Protocols=phase2-protocol-from-1.1.1.1-to-0.0.0.0/0 force
C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
diff --git a/regress/sbin/ipsecctl/ike9.ok b/regress/sbin/ipsecctl/ike9.ok
index 1d6c6209b61..c848b888d8a 100644
--- a/regress/sbin/ipsecctl/ike9.ok
+++ b/regress/sbin/ipsecctl/ike9.ok
@@ -5,13 +5,13 @@ C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [peer-2.2.2.2]:ID=id-noname.my.domain force
C set [id-noname.my.domain]:ID-type=FQDN force
C set [id-noname.my.domain]:Name=noname.my.domain force
@@ -24,13 +24,13 @@ C set [phase2-from-3.3.3.0/24-to-4.4.4.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3.3.3.0/24-to-4.4.4.0/24]:Suites=phase2-suite-from-3.3.3.0/24-to-4.4.4.0/24 force
C set [phase2-suite-from-3.3.3.0/24-to-4.4.4.0/24]:Protocols=phase2-protocol-from-3.3.3.0/24-to-4.4.4.0/24 force
C set [phase2-protocol-from-3.3.3.0/24-to-4.4.4.0/24]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3.3.3.0/24-to-4.4.4.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3.3.3.0/24-to-4.4.4.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-3.3.3.0/24]:Network=3.3.3.0 force
C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force