diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2012-09-17 20:40:50 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2012-09-17 20:40:50 +0000 |
commit | 2b7a5c358870817d18a452b0676d88d9ba98c567 (patch) | |
tree | 07440a8ab7ea57237fa01a4384a8163195c53039 /regress/sbin/ipsecctl | |
parent | 752fa1cc83f784cf43ad570b1a443c92d5d84021 (diff) |
sync with transform-name-fix
Diffstat (limited to 'regress/sbin/ipsecctl')
61 files changed, 1401 insertions, 1401 deletions
diff --git a/regress/sbin/ipsecctl/ike1.ok b/regress/sbin/ipsecctl/ike1.ok index 5327beb6b08..95dc6f78ec2 100644 --- a/regress/sbin/ipsecctl/ike1.ok +++ b/regress/sbin/ipsecctl/ike1.ok @@ -3,13 +3,13 @@ C set [peer-131.188.33.29]:Phase=1 force C set [peer-131.188.33.29]:Address=131.188.33.29 force C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-131.188.33.51-to-131.188.33.29]:Phase=2 force C set [from-131.188.33.51-to-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force C set [from-131.188.33.51-to-131.188.33.29]:Configuration=phase2-from-131.188.33.51-to-131.188.33.29 force @@ -19,13 +19,13 @@ C set [phase2-from-131.188.33.51-to-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE forc C set [phase2-from-131.188.33.51-to-131.188.33.29]:Suites=phase2-suite-from-131.188.33.51-to-131.188.33.29 force C set [phase2-suite-from-131.188.33.51-to-131.188.33.29]:Protocols=phase2-protocol-from-131.188.33.51-to-131.188.33.29 force C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:Transforms=phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:Transforms=phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-131.188.33.51]:ID-type=IPV4_ADDR force C set [from-131.188.33.51]:Address=131.188.33.51 force C set [to-131.188.33.29]:ID-type=IPV4_ADDR force diff --git a/regress/sbin/ipsecctl/ike10.ok b/regress/sbin/ipsecctl/ike10.ok index a560e3a97c8..71e61095461 100644 --- a/regress/sbin/ipsecctl/ike10.ok +++ b/regress/sbin/ipsecctl/ike10.ok @@ -3,13 +3,13 @@ C set [peer-192.168.200.1]:Phase=1 force C set [peer-192.168.200.1]:Address=192.168.200.1 force C set [peer-192.168.200.1]:Configuration=phase1-peer-192.168.200.1 force C set [phase1-peer-192.168.200.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-192.168.200.1]:Transforms=phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-192.168.200.1]:Transforms=phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-192.168.200.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-192.168.100.1=97-to-192.168.200.1=97]:Phase=2 force C set [from-192.168.100.1=97-to-192.168.200.1=97]:ISAKMP-peer=peer-192.168.200.1 force C set [from-192.168.100.1=97-to-192.168.200.1=97]:Configuration=phase2-from-192.168.100.1=97-to-192.168.200.1=97 force @@ -19,13 +19,13 @@ C set [phase2-from-192.168.100.1=97-to-192.168.200.1=97]:EXCHANGE_TYPE=QUICK_MOD C set [phase2-from-192.168.100.1=97-to-192.168.200.1=97]:Suites=phase2-suite-from-192.168.100.1=97-to-192.168.200.1=97 force C set [phase2-suite-from-192.168.100.1=97-to-192.168.200.1=97]:Protocols=phase2-protocol-from-192.168.100.1=97-to-192.168.200.1=97 force C set [phase2-protocol-from-192.168.100.1=97-to-192.168.200.1=97]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-192.168.100.1=97-to-192.168.200.1=97]:Transforms=phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-192.168.100.1=97-to-192.168.200.1=97]:Transforms=phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-192.168.100.1=97-to-192.168.200.1=97-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-192.168.100.1=97]:ID-type=IPV4_ADDR force C set [from-192.168.100.1=97]:Address=192.168.100.1 force C set [to-192.168.200.1=97]:ID-type=IPV4_ADDR force diff --git a/regress/sbin/ipsecctl/ike11.ok b/regress/sbin/ipsecctl/ike11.ok index cc33c77f4e0..3fcf1da3c51 100644 --- a/regress/sbin/ipsecctl/ike11.ok +++ b/regress/sbin/ipsecctl/ike11.ok @@ -4,13 +4,13 @@ C set [peer-192.168.3.1-local-192.168.3.2]:Address=192.168.3.1 force C set [peer-192.168.3.1-local-192.168.3.2]:Local-address=192.168.3.2 force C set [peer-192.168.3.1-local-192.168.3.2]:Configuration=phase1-peer-192.168.3.1-local-192.168.3.2 force C set [phase1-peer-192.168.3.1-local-192.168.3.2]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1-local-192.168.3.2 force C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force @@ -20,13 +20,13 @@ C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=phase2-suite-from-1.1.1.1-to-0.0.0.0/0 force C set [phase2-suite-from-1.1.1.1-to-0.0.0.0/0]:Protocols=phase2-protocol-from-1.1.1.1-to-0.0.0.0/0 force C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-1.1.1.1]:ID-type=IPV4_ADDR force C set [from-1.1.1.1]:Address=1.1.1.1 force C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force @@ -39,13 +39,13 @@ C set [peer-192.168.3.1-local-192.168.3.2]:Address=192.168.3.1 force C set [peer-192.168.3.1-local-192.168.3.2]:Local-address=192.168.3.2 force C set [peer-192.168.3.1-local-192.168.3.2]:Configuration=phase1-peer-192.168.3.1-local-192.168.3.2 force C set [phase1-peer-192.168.3.1-local-192.168.3.2]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1-local-192.168.3.2 force C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force @@ -55,13 +55,13 @@ C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=phase2-suite-from-1.1.1.1-to-0.0.0.0/0 force C set [phase2-suite-from-1.1.1.1-to-0.0.0.0/0]:Protocols=phase2-protocol-from-1.1.1.1-to-0.0.0.0/0 force C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-1.1.1.1]:ID-type=IPV4_ADDR force C set [from-1.1.1.1]:Address=1.1.1.1 force C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force diff --git a/regress/sbin/ipsecctl/ike12.ok b/regress/sbin/ipsecctl/ike12.ok index 1dc863e0829..1c29fc3c2f9 100644 --- a/regress/sbin/ipsecctl/ike12.ok +++ b/regress/sbin/ipsecctl/ike12.ok @@ -4,13 +4,13 @@ C set [peer-5.5.5.5]:Phase=1 force C set [peer-5.5.5.5]:Address=5.5.5.5 force C set [peer-5.5.5.5]:Configuration=phase1-peer-5.5.5.5 force C set [phase1-peer-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-5.5.5.5]:Transforms=phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-5.5.5.5]:Transforms=phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-1.1.1.1-to-2.2.2.0/24]:Phase=2 force C set [from-1.1.1.1-to-2.2.2.0/24]:ISAKMP-peer=peer-5.5.5.5 force C set [from-1.1.1.1-to-2.2.2.0/24]:Configuration=phase2-from-1.1.1.1-to-2.2.2.0/24 force @@ -20,13 +20,13 @@ C set [phase2-from-1.1.1.1-to-2.2.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-1.1.1.1-to-2.2.2.0/24]:Suites=phase2-suite-from-1.1.1.1-to-2.2.2.0/24 force C set [phase2-suite-from-1.1.1.1-to-2.2.2.0/24]:Protocols=phase2-protocol-from-1.1.1.1-to-2.2.2.0/24 force C set [phase2-protocol-from-1.1.1.1-to-2.2.2.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-1.1.1.1-to-2.2.2.0/24]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-1.1.1.1-to-2.2.2.0/24]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-1.1.1.1]:ID-type=IPV4_ADDR force C set [from-1.1.1.1]:Address=1.1.1.1 force C set [to-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force @@ -38,13 +38,13 @@ C set [peer-5.5.5.5]:Phase=1 force C set [peer-5.5.5.5]:Address=5.5.5.5 force C set [peer-5.5.5.5]:Configuration=phase1-peer-5.5.5.5 force C set [phase1-peer-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-5.5.5.5]:Transforms=phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-5.5.5.5]:Transforms=phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-1.1.1.1-to-3.3.3.0/24]:Phase=2 force C set [from-1.1.1.1-to-3.3.3.0/24]:ISAKMP-peer=peer-5.5.5.5 force C set [from-1.1.1.1-to-3.3.3.0/24]:Configuration=phase2-from-1.1.1.1-to-3.3.3.0/24 force @@ -54,13 +54,13 @@ C set [phase2-from-1.1.1.1-to-3.3.3.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-1.1.1.1-to-3.3.3.0/24]:Suites=phase2-suite-from-1.1.1.1-to-3.3.3.0/24 force C set [phase2-suite-from-1.1.1.1-to-3.3.3.0/24]:Protocols=phase2-protocol-from-1.1.1.1-to-3.3.3.0/24 force C set [phase2-protocol-from-1.1.1.1-to-3.3.3.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-1.1.1.1-to-3.3.3.0/24]:Transforms=phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-1.1.1.1-to-3.3.3.0/24]:Transforms=phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-1.1.1.1]:ID-type=IPV4_ADDR force C set [from-1.1.1.1]:Address=1.1.1.1 force C set [to-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force @@ -72,13 +72,13 @@ C set [peer-5.5.5.5]:Phase=1 force C set [peer-5.5.5.5]:Address=5.5.5.5 force C set [peer-5.5.5.5]:Configuration=phase1-peer-5.5.5.5 force C set [phase1-peer-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-5.5.5.5]:Transforms=phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-5.5.5.5]:Transforms=phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-1.1.1.1-to-4.4.4.0/24]:Phase=2 force C set [from-1.1.1.1-to-4.4.4.0/24]:ISAKMP-peer=peer-5.5.5.5 force C set [from-1.1.1.1-to-4.4.4.0/24]:Configuration=phase2-from-1.1.1.1-to-4.4.4.0/24 force @@ -88,13 +88,13 @@ C set [phase2-from-1.1.1.1-to-4.4.4.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-1.1.1.1-to-4.4.4.0/24]:Suites=phase2-suite-from-1.1.1.1-to-4.4.4.0/24 force C set [phase2-suite-from-1.1.1.1-to-4.4.4.0/24]:Protocols=phase2-protocol-from-1.1.1.1-to-4.4.4.0/24 force C set [phase2-protocol-from-1.1.1.1-to-4.4.4.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-1.1.1.1-to-4.4.4.0/24]:Transforms=phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-1.1.1.1-to-4.4.4.0/24]:Transforms=phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-1.1.1.1]:ID-type=IPV4_ADDR force C set [from-1.1.1.1]:Address=1.1.1.1 force C set [to-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force diff --git a/regress/sbin/ipsecctl/ike13.ok b/regress/sbin/ipsecctl/ike13.ok index 3af68e7a7a9..d5630128a60 100644 --- a/regress/sbin/ipsecctl/ike13.ok +++ b/regress/sbin/ipsecctl/ike13.ok @@ -4,13 +4,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-2.2.2.0/24-to-1.1.1.1]:Phase=2 force C set [from-2.2.2.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force C set [from-2.2.2.0/24-to-1.1.1.1]:Configuration=phase2-from-2.2.2.0/24-to-1.1.1.1 force @@ -20,13 +20,13 @@ C set [phase2-from-2.2.2.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-2.2.2.0/24-to-1.1.1.1]:Suites=phase2-suite-from-2.2.2.0/24-to-1.1.1.1 force C set [phase2-suite-from-2.2.2.0/24-to-1.1.1.1]:Protocols=phase2-protocol-from-2.2.2.0/24-to-1.1.1.1 force C set [phase2-protocol-from-2.2.2.0/24-to-1.1.1.1]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-2.2.2.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-2.2.2.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-2.2.2.0/24]:Network=2.2.2.0 force C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force @@ -38,13 +38,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3.3.3.0/24-to-1.1.1.1]:Phase=2 force C set [from-3.3.3.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force C set [from-3.3.3.0/24-to-1.1.1.1]:Configuration=phase2-from-3.3.3.0/24-to-1.1.1.1 force @@ -54,13 +54,13 @@ C set [phase2-from-3.3.3.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3.3.3.0/24-to-1.1.1.1]:Suites=phase2-suite-from-3.3.3.0/24-to-1.1.1.1 force C set [phase2-suite-from-3.3.3.0/24-to-1.1.1.1]:Protocols=phase2-protocol-from-3.3.3.0/24-to-1.1.1.1 force C set [phase2-protocol-from-3.3.3.0/24-to-1.1.1.1]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3.3.3.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3.3.3.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-3.3.3.0/24]:Network=3.3.3.0 force C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force @@ -72,13 +72,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-4.4.4.0/24-to-1.1.1.1]:Phase=2 force C set [from-4.4.4.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force C set [from-4.4.4.0/24-to-1.1.1.1]:Configuration=phase2-from-4.4.4.0/24-to-1.1.1.1 force @@ -88,13 +88,13 @@ C set [phase2-from-4.4.4.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-4.4.4.0/24-to-1.1.1.1]:Suites=phase2-suite-from-4.4.4.0/24-to-1.1.1.1 force C set [phase2-suite-from-4.4.4.0/24-to-1.1.1.1]:Protocols=phase2-protocol-from-4.4.4.0/24-to-1.1.1.1 force C set [phase2-protocol-from-4.4.4.0/24-to-1.1.1.1]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-4.4.4.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-4.4.4.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-4.4.4.0/24]:Network=4.4.4.0 force C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force diff --git a/regress/sbin/ipsecctl/ike14.ok b/regress/sbin/ipsecctl/ike14.ok index b3f3346aa45..26af648f21c 100644 --- a/regress/sbin/ipsecctl/ike14.ok +++ b/regress/sbin/ipsecctl/ike14.ok @@ -5,13 +5,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-2.2.2.0/24-to-5.5.5.0/24]:Phase=2 force C set [from-2.2.2.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force C set [from-2.2.2.0/24-to-5.5.5.0/24]:Configuration=phase2-from-2.2.2.0/24-to-5.5.5.0/24 force @@ -21,13 +21,13 @@ C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:Suites=phase2-suite-from-2.2.2.0/24-to-5.5.5.0/24 force C set [phase2-suite-from-2.2.2.0/24-to-5.5.5.0/24]:Protocols=phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24 force C set [phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-2.2.2.0/24]:Network=2.2.2.0 force C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force @@ -40,13 +40,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-2.2.2.0/24-to-6.6.6.0/24]:Phase=2 force C set [from-2.2.2.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force C set [from-2.2.2.0/24-to-6.6.6.0/24]:Configuration=phase2-from-2.2.2.0/24-to-6.6.6.0/24 force @@ -56,13 +56,13 @@ C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:Suites=phase2-suite-from-2.2.2.0/24-to-6.6.6.0/24 force C set [phase2-suite-from-2.2.2.0/24-to-6.6.6.0/24]:Protocols=phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24 force C set [phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-2.2.2.0/24]:Network=2.2.2.0 force C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force @@ -75,13 +75,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-2.2.2.0/24-to-7.7.7.0/24]:Phase=2 force C set [from-2.2.2.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force C set [from-2.2.2.0/24-to-7.7.7.0/24]:Configuration=phase2-from-2.2.2.0/24-to-7.7.7.0/24 force @@ -91,13 +91,13 @@ C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:Suites=phase2-suite-from-2.2.2.0/24-to-7.7.7.0/24 force C set [phase2-suite-from-2.2.2.0/24-to-7.7.7.0/24]:Protocols=phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24 force C set [phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-2.2.2.0/24]:Network=2.2.2.0 force C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force @@ -110,13 +110,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3.3.3.0/24-to-5.5.5.0/24]:Phase=2 force C set [from-3.3.3.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force C set [from-3.3.3.0/24-to-5.5.5.0/24]:Configuration=phase2-from-3.3.3.0/24-to-5.5.5.0/24 force @@ -126,13 +126,13 @@ C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:Suites=phase2-suite-from-3.3.3.0/24-to-5.5.5.0/24 force C set [phase2-suite-from-3.3.3.0/24-to-5.5.5.0/24]:Protocols=phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24 force C set [phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-3.3.3.0/24]:Network=3.3.3.0 force C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force @@ -145,13 +145,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3.3.3.0/24-to-6.6.6.0/24]:Phase=2 force C set [from-3.3.3.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force C set [from-3.3.3.0/24-to-6.6.6.0/24]:Configuration=phase2-from-3.3.3.0/24-to-6.6.6.0/24 force @@ -161,13 +161,13 @@ C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:Suites=phase2-suite-from-3.3.3.0/24-to-6.6.6.0/24 force C set [phase2-suite-from-3.3.3.0/24-to-6.6.6.0/24]:Protocols=phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24 force C set [phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-3.3.3.0/24]:Network=3.3.3.0 force C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force @@ -180,13 +180,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3.3.3.0/24-to-7.7.7.0/24]:Phase=2 force C set [from-3.3.3.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force C set [from-3.3.3.0/24-to-7.7.7.0/24]:Configuration=phase2-from-3.3.3.0/24-to-7.7.7.0/24 force @@ -196,13 +196,13 @@ C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:Suites=phase2-suite-from-3.3.3.0/24-to-7.7.7.0/24 force C set [phase2-suite-from-3.3.3.0/24-to-7.7.7.0/24]:Protocols=phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24 force C set [phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-3.3.3.0/24]:Network=3.3.3.0 force C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force @@ -215,13 +215,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-4.4.4.0/24-to-5.5.5.0/24]:Phase=2 force C set [from-4.4.4.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force C set [from-4.4.4.0/24-to-5.5.5.0/24]:Configuration=phase2-from-4.4.4.0/24-to-5.5.5.0/24 force @@ -231,13 +231,13 @@ C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:Suites=phase2-suite-from-4.4.4.0/24-to-5.5.5.0/24 force C set [phase2-suite-from-4.4.4.0/24-to-5.5.5.0/24]:Protocols=phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24 force C set [phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-4.4.4.0/24]:Network=4.4.4.0 force C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force @@ -250,13 +250,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-4.4.4.0/24-to-6.6.6.0/24]:Phase=2 force C set [from-4.4.4.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force C set [from-4.4.4.0/24-to-6.6.6.0/24]:Configuration=phase2-from-4.4.4.0/24-to-6.6.6.0/24 force @@ -266,13 +266,13 @@ C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:Suites=phase2-suite-from-4.4.4.0/24-to-6.6.6.0/24 force C set [phase2-suite-from-4.4.4.0/24-to-6.6.6.0/24]:Protocols=phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24 force C set [phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-4.4.4.0/24]:Network=4.4.4.0 force C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force @@ -285,13 +285,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-4.4.4.0/24-to-7.7.7.0/24]:Phase=2 force C set [from-4.4.4.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force C set [from-4.4.4.0/24-to-7.7.7.0/24]:Configuration=phase2-from-4.4.4.0/24-to-7.7.7.0/24 force @@ -301,13 +301,13 @@ C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:Suites=phase2-suite-from-4.4.4.0/24-to-7.7.7.0/24 force C set [phase2-suite-from-4.4.4.0/24-to-7.7.7.0/24]:Protocols=phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24 force C set [phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-4.4.4.0/24]:Network=4.4.4.0 force C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force diff --git a/regress/sbin/ipsecctl/ike15.ok b/regress/sbin/ipsecctl/ike15.ok index 333f86d8c0e..8eef09e9f03 100644 --- a/regress/sbin/ipsecctl/ike15.ok +++ b/regress/sbin/ipsecctl/ike15.ok @@ -3,13 +3,13 @@ C set [peer-3ffe::1]:Phase=1 force C set [peer-3ffe::1]:Address=3ffe::1 force C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [peer-3ffe::1]:ID=id-sharleena.as10.net force C set [id-sharleena.as10.net]:ID-type=FQDN force C set [id-sharleena.as10.net]:Name=sharleena.as10.net force @@ -25,13 +25,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.1.1.0/24]:Network=10.1.1.0 force C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force diff --git a/regress/sbin/ipsecctl/ike16.ok b/regress/sbin/ipsecctl/ike16.ok index 0f189162083..40293f6fda5 100644 --- a/regress/sbin/ipsecctl/ike16.ok +++ b/regress/sbin/ipsecctl/ike16.ok @@ -42,13 +42,13 @@ C set [peer-3ffe::29]:Phase=1 force C set [peer-3ffe::29]:Address=3ffe::29 force C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force C set [peer-3ffe::29]:ID=id-sharleena.as10.net force C set [id-sharleena.as10.net]:ID-type=FQDN force C set [id-sharleena.as10.net]:Name=sharleena.as10.net force @@ -64,13 +64,13 @@ C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=phase2-suite-from-3ffe::51-to-3ffe::29 force C set [phase2-suite-from-3ffe::51-to-3ffe::29]:Protocols=phase2-protocol-from-3ffe::51-to-3ffe::29 force C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe::51]:ID-type=IPV6_ADDR force C set [from-3ffe::51]:Address=3ffe::51 force C set [to-3ffe::29]:ID-type=IPV6_ADDR force diff --git a/regress/sbin/ipsecctl/ike17.ok b/regress/sbin/ipsecctl/ike17.ok index a43456aa0ac..e6ed8596290 100644 --- a/regress/sbin/ipsecctl/ike17.ok +++ b/regress/sbin/ipsecctl/ike17.ok @@ -3,13 +3,13 @@ C set [peer-3ffe::29]:Phase=1 force C set [peer-3ffe::29]:Address=3ffe::29 force C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::29 force C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force @@ -19,13 +19,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.1.1.0/24]:Network=10.1.1.0 force C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force @@ -38,13 +38,13 @@ C set [peer-3ffe::29]:Phase=1 force C set [peer-3ffe::29]:Address=3ffe::29 force C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3ffe::51-to-3ffe::29]:Phase=2 force C set [from-3ffe::51-to-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force C set [from-3ffe::51-to-3ffe::29]:Configuration=phase2-from-3ffe::51-to-3ffe::29 force @@ -54,13 +54,13 @@ C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=phase2-suite-from-3ffe::51-to-3ffe::29 force C set [phase2-suite-from-3ffe::51-to-3ffe::29]:Protocols=phase2-protocol-from-3ffe::51-to-3ffe::29 force C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe::51]:ID-type=IPV6_ADDR force C set [from-3ffe::51]:Address=3ffe::51 force C set [to-3ffe::29]:ID-type=IPV6_ADDR force diff --git a/regress/sbin/ipsecctl/ike18.ok b/regress/sbin/ipsecctl/ike18.ok index 0072cba47cc..e8b3cc934b6 100644 --- a/regress/sbin/ipsecctl/ike18.ok +++ b/regress/sbin/ipsecctl/ike18.ok @@ -3,13 +3,13 @@ C set [peer-3ffe::51]:Phase=1 force C set [peer-3ffe::51]:Address=3ffe::51 force C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-10.1.2.0/24-to-10.1.1.0/24]:Phase=2 force C set [from-10.1.2.0/24-to-10.1.1.0/24]:ISAKMP-peer=peer-3ffe::51 force C set [from-10.1.2.0/24-to-10.1.1.0/24]:Configuration=phase2-from-10.1.2.0/24-to-10.1.1.0/24 force @@ -19,13 +19,13 @@ C set [phase2-from-10.1.2.0/24-to-10.1.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.1.2.0/24-to-10.1.1.0/24]:Suites=phase2-suite-from-10.1.2.0/24-to-10.1.1.0/24 force C set [phase2-suite-from-10.1.2.0/24-to-10.1.1.0/24]:Protocols=phase2-protocol-from-10.1.2.0/24-to-10.1.1.0/24 force C set [phase2-protocol-from-10.1.2.0/24-to-10.1.1.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.1.2.0/24-to-10.1.1.0/24]:Transforms=phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.1.2.0/24-to-10.1.1.0/24]:Transforms=phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.1.2.0/24]:Network=10.1.2.0 force C set [from-10.1.2.0/24]:Netmask=255.255.255.0 force @@ -38,13 +38,13 @@ C set [peer-3ffe::51]:Phase=1 force C set [peer-3ffe::51]:Address=3ffe::51 force C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3ffe::29-to-3ffe::51]:Phase=2 force C set [from-3ffe::29-to-3ffe::51]:ISAKMP-peer=peer-3ffe::51 force C set [from-3ffe::29-to-3ffe::51]:Configuration=phase2-from-3ffe::29-to-3ffe::51 force @@ -54,13 +54,13 @@ C set [phase2-from-3ffe::29-to-3ffe::51]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe::29-to-3ffe::51]:Suites=phase2-suite-from-3ffe::29-to-3ffe::51 force C set [phase2-suite-from-3ffe::29-to-3ffe::51]:Protocols=phase2-protocol-from-3ffe::29-to-3ffe::51 force C set [phase2-protocol-from-3ffe::29-to-3ffe::51]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe::29-to-3ffe::51]:Transforms=phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe::29-to-3ffe::51]:Transforms=phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe::29]:ID-type=IPV6_ADDR force C set [from-3ffe::29]:Address=3ffe::29 force C set [to-3ffe::51]:ID-type=IPV6_ADDR force diff --git a/regress/sbin/ipsecctl/ike19.ok b/regress/sbin/ipsecctl/ike19.ok index 87b85622004..e24eff85a39 100644 --- a/regress/sbin/ipsecctl/ike19.ok +++ b/regress/sbin/ipsecctl/ike19.ok @@ -3,13 +3,13 @@ C set [peer-3ffe::1]:Phase=1 force C set [peer-3ffe::1]:Address=3ffe::1 force C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-3ffe::1 force C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force @@ -19,13 +19,13 @@ C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=phase2-suite-from-1.1.1.1-to-0.0.0.0/0 force C set [phase2-suite-from-1.1.1.1-to-0.0.0.0/0]:Protocols=phase2-protocol-from-1.1.1.1-to-0.0.0.0/0 force C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-1.1.1.1]:ID-type=IPV4_ADDR force C set [from-1.1.1.1]:Address=1.1.1.1 force C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force diff --git a/regress/sbin/ipsecctl/ike2.ok b/regress/sbin/ipsecctl/ike2.ok index d57ec668691..8b549493505 100644 --- a/regress/sbin/ipsecctl/ike2.ok +++ b/regress/sbin/ipsecctl/ike2.ok @@ -3,13 +3,13 @@ C set [peer-131.188.33.29]:Phase=1 force C set [peer-131.188.33.29]:Address=131.188.33.29 force C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force @@ -19,13 +19,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.1.1.0/24]:Network=10.1.1.0 force C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force diff --git a/regress/sbin/ipsecctl/ike20.ok b/regress/sbin/ipsecctl/ike20.ok index cc33c77f4e0..3fcf1da3c51 100644 --- a/regress/sbin/ipsecctl/ike20.ok +++ b/regress/sbin/ipsecctl/ike20.ok @@ -4,13 +4,13 @@ C set [peer-192.168.3.1-local-192.168.3.2]:Address=192.168.3.1 force C set [peer-192.168.3.1-local-192.168.3.2]:Local-address=192.168.3.2 force C set [peer-192.168.3.1-local-192.168.3.2]:Configuration=phase1-peer-192.168.3.1-local-192.168.3.2 force C set [phase1-peer-192.168.3.1-local-192.168.3.2]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1-local-192.168.3.2 force C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force @@ -20,13 +20,13 @@ C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=phase2-suite-from-1.1.1.1-to-0.0.0.0/0 force C set [phase2-suite-from-1.1.1.1-to-0.0.0.0/0]:Protocols=phase2-protocol-from-1.1.1.1-to-0.0.0.0/0 force C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-1.1.1.1]:ID-type=IPV4_ADDR force C set [from-1.1.1.1]:Address=1.1.1.1 force C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force @@ -39,13 +39,13 @@ C set [peer-192.168.3.1-local-192.168.3.2]:Address=192.168.3.1 force C set [peer-192.168.3.1-local-192.168.3.2]:Local-address=192.168.3.2 force C set [peer-192.168.3.1-local-192.168.3.2]:Configuration=phase1-peer-192.168.3.1-local-192.168.3.2 force C set [phase1-peer-192.168.3.1-local-192.168.3.2]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1-local-192.168.3.2 force C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force @@ -55,13 +55,13 @@ C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=phase2-suite-from-1.1.1.1-to-0.0.0.0/0 force C set [phase2-suite-from-1.1.1.1-to-0.0.0.0/0]:Protocols=phase2-protocol-from-1.1.1.1-to-0.0.0.0/0 force C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-1.1.1.1]:ID-type=IPV4_ADDR force C set [from-1.1.1.1]:Address=1.1.1.1 force C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force diff --git a/regress/sbin/ipsecctl/ike21.ok b/regress/sbin/ipsecctl/ike21.ok index 82129e7b32b..505df1a7267 100644 --- a/regress/sbin/ipsecctl/ike21.ok +++ b/regress/sbin/ipsecctl/ike21.ok @@ -3,13 +3,13 @@ C set [peer-3ffe::2]:Phase=1 force C set [peer-3ffe::2]:Address=3ffe::2 force C set [peer-3ffe::2]:Configuration=phase1-peer-3ffe::2 force C set [phase1-peer-3ffe::2]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::2]:Transforms=phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::2]:Transforms=phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3ffe::1-to-3ffe::2]:Phase=2 force C set [from-3ffe::1-to-3ffe::2]:ISAKMP-peer=peer-3ffe::2 force C set [from-3ffe::1-to-3ffe::2]:Configuration=phase2-from-3ffe::1-to-3ffe::2 force @@ -19,13 +19,13 @@ C set [phase2-from-3ffe::1-to-3ffe::2]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe::1-to-3ffe::2]:Suites=phase2-suite-from-3ffe::1-to-3ffe::2 force C set [phase2-suite-from-3ffe::1-to-3ffe::2]:Protocols=phase2-protocol-from-3ffe::1-to-3ffe::2 force C set [phase2-protocol-from-3ffe::1-to-3ffe::2]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe::1-to-3ffe::2]:Transforms=phase2-transform-from-3ffe::1-to-3ffe::2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe::1-to-3ffe::2]:Transforms=phase2-transform-from-3ffe::1-to-3ffe::2-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe::1-to-3ffe::2-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe::1]:ID-type=IPV6_ADDR force C set [from-3ffe::1]:Address=3ffe::1 force C set [to-3ffe::2]:ID-type=IPV6_ADDR force diff --git a/regress/sbin/ipsecctl/ike22.ok b/regress/sbin/ipsecctl/ike22.ok index fd79a87762a..973928442a3 100644 --- a/regress/sbin/ipsecctl/ike22.ok +++ b/regress/sbin/ipsecctl/ike22.ok @@ -3,13 +3,13 @@ C set [peer-3ffe::1]:Phase=1 force C set [peer-3ffe::1]:Address=3ffe::1 force C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::1 force C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force @@ -19,13 +19,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.1.1.0/24]:Network=10.1.1.0 force C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force diff --git a/regress/sbin/ipsecctl/ike23.ok b/regress/sbin/ipsecctl/ike23.ok index c8383af0264..e2099673b68 100644 --- a/regress/sbin/ipsecctl/ike23.ok +++ b/regress/sbin/ipsecctl/ike23.ok @@ -3,13 +3,13 @@ C set [peer-3ffe::29]:Phase=1 force C set [peer-3ffe::29]:Address=3ffe::29 force C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [peer-3ffe::29]:ID=id-sharleena.as10.net force C set [id-sharleena.as10.net]:ID-type=FQDN force C set [id-sharleena.as10.net]:Name=sharleena.as10.net force @@ -25,13 +25,13 @@ C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=phase2-suite-from-3ffe::51-to-3ffe::29 force C set [phase2-suite-from-3ffe::51-to-3ffe::29]:Protocols=phase2-protocol-from-3ffe::51-to-3ffe::29 force C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe::51]:ID-type=IPV6_ADDR force C set [from-3ffe::51]:Address=3ffe::51 force C set [to-3ffe::29]:ID-type=IPV6_ADDR force diff --git a/regress/sbin/ipsecctl/ike29.ok b/regress/sbin/ipsecctl/ike29.ok index 97d7d1c4e7d..88106922067 100644 --- a/regress/sbin/ipsecctl/ike29.ok +++ b/regress/sbin/ipsecctl/ike29.ok @@ -5,13 +5,13 @@ C set [peer-3ffe:2::1]:Phase=1 force C set [peer-3ffe:2::1]:Address=3ffe:2::1 force C set [peer-3ffe:2::1]:Configuration=phase1-peer-3ffe:2::1 force C set [phase1-peer-3ffe:2::1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe:2::1]:Transforms=phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe:2::1]:Transforms=phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe:2::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [peer-3ffe:2::1]:ID=id-noname.my.domain force C set [id-noname.my.domain]:ID-type=FQDN force C set [id-noname.my.domain]:Name=noname.my.domain force @@ -24,13 +24,13 @@ C set [phase2-from-3ffe:3::/64-to-3ffe:4::/64]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe:3::/64-to-3ffe:4::/64]:Suites=phase2-suite-from-3ffe:3::/64-to-3ffe:4::/64 force C set [phase2-suite-from-3ffe:3::/64-to-3ffe:4::/64]:Protocols=phase2-protocol-from-3ffe:3::/64-to-3ffe:4::/64 force C set [phase2-protocol-from-3ffe:3::/64-to-3ffe:4::/64]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe:3::/64-to-3ffe:4::/64]:Transforms=phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe:3::/64-to-3ffe:4::/64]:Transforms=phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe:3::/64-to-3ffe:4::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe:3::/64]:ID-type=IPV6_ADDR_SUBNET force C set [from-3ffe:3::/64]:Network=3ffe:3:: force C set [from-3ffe:3::/64]:Netmask=ffff:ffff:ffff:ffff:: force diff --git a/regress/sbin/ipsecctl/ike3.ok b/regress/sbin/ipsecctl/ike3.ok index 7a330295d00..bc029af79ce 100644 --- a/regress/sbin/ipsecctl/ike3.ok +++ b/regress/sbin/ipsecctl/ike3.ok @@ -3,13 +3,13 @@ C set [peer-131.188.33.29]:Phase=1 force C set [peer-131.188.33.29]:Address=131.188.33.29 force C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [peer-131.188.33.29]:ID=id-sharleena.as10.net force C set [id-sharleena.as10.net]:ID-type=FQDN force C set [id-sharleena.as10.net]:Name=sharleena.as10.net force @@ -25,13 +25,13 @@ C set [phase2-from-131.188.33.51-to-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE forc C set [phase2-from-131.188.33.51-to-131.188.33.29]:Suites=phase2-suite-from-131.188.33.51-to-131.188.33.29 force C set [phase2-suite-from-131.188.33.51-to-131.188.33.29]:Protocols=phase2-protocol-from-131.188.33.51-to-131.188.33.29 force C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:Transforms=phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:Transforms=phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-131.188.33.51]:ID-type=IPV4_ADDR force C set [from-131.188.33.51]:Address=131.188.33.51 force C set [to-131.188.33.29]:ID-type=IPV4_ADDR force diff --git a/regress/sbin/ipsecctl/ike30.ok b/regress/sbin/ipsecctl/ike30.ok index c3e572ecf06..78c50d841ca 100644 --- a/regress/sbin/ipsecctl/ike30.ok +++ b/regress/sbin/ipsecctl/ike30.ok @@ -3,13 +3,13 @@ C set [peer-3ffe::2]:Phase=1 force C set [peer-3ffe::2]:Address=3ffe::2 force C set [peer-3ffe::2]:Configuration=phase1-peer-3ffe::2 force C set [phase1-peer-3ffe::2]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::2]:Transforms=phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::2]:Transforms=phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3ffe::1=97-to-3ffe::2=97]:Phase=2 force C set [from-3ffe::1=97-to-3ffe::2=97]:ISAKMP-peer=peer-3ffe::2 force C set [from-3ffe::1=97-to-3ffe::2=97]:Configuration=phase2-from-3ffe::1=97-to-3ffe::2=97 force @@ -19,13 +19,13 @@ C set [phase2-from-3ffe::1=97-to-3ffe::2=97]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe::1=97-to-3ffe::2=97]:Suites=phase2-suite-from-3ffe::1=97-to-3ffe::2=97 force C set [phase2-suite-from-3ffe::1=97-to-3ffe::2=97]:Protocols=phase2-protocol-from-3ffe::1=97-to-3ffe::2=97 force C set [phase2-protocol-from-3ffe::1=97-to-3ffe::2=97]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe::1=97-to-3ffe::2=97]:Transforms=phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe::1=97-to-3ffe::2=97]:Transforms=phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe::1=97-to-3ffe::2=97-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe::1=97]:ID-type=IPV6_ADDR force C set [from-3ffe::1=97]:Address=3ffe::1 force C set [to-3ffe::2=97]:ID-type=IPV6_ADDR force diff --git a/regress/sbin/ipsecctl/ike31.ok b/regress/sbin/ipsecctl/ike31.ok index ca4dc31573e..36d7d45f0d8 100644 --- a/regress/sbin/ipsecctl/ike31.ok +++ b/regress/sbin/ipsecctl/ike31.ok @@ -3,13 +3,13 @@ C set [peer-3ffe::1]:Phase=1 force C set [peer-3ffe::1]:Address=3ffe::1 force C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3ffe:2::1-to-::/0]:Phase=2 force C set [from-3ffe:2::1-to-::/0]:ISAKMP-peer=peer-3ffe::1 force C set [from-3ffe:2::1-to-::/0]:Configuration=phase2-from-3ffe:2::1-to-::/0 force @@ -19,13 +19,13 @@ C set [phase2-from-3ffe:2::1-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe:2::1-to-::/0]:Suites=phase2-suite-from-3ffe:2::1-to-::/0 force C set [phase2-suite-from-3ffe:2::1-to-::/0]:Protocols=phase2-protocol-from-3ffe:2::1-to-::/0 force C set [phase2-protocol-from-3ffe:2::1-to-::/0]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe:2::1-to-::/0]:Transforms=phase2-transform-from-3ffe:2::1-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe:2::1-to-::/0]:Transforms=phase2-transform-from-3ffe:2::1-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe:2::1-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe:2::1]:ID-type=IPV6_ADDR force C set [from-3ffe:2::1]:Address=3ffe:2::1 force C set [to-::/0]:ID-type=IPV6_ADDR_SUBNET force diff --git a/regress/sbin/ipsecctl/ike32.ok b/regress/sbin/ipsecctl/ike32.ok index 887452b5689..41a78b3e687 100644 --- a/regress/sbin/ipsecctl/ike32.ok +++ b/regress/sbin/ipsecctl/ike32.ok @@ -3,13 +3,13 @@ C set [peer-2.2.2.2]:Phase=1 force C set [peer-2.2.2.2]:Address=2.2.2.2 force C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force @@ -19,15 +19,15 @@ C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=phase2-suite-from-1.1.1.1-to-2.2.2.2 force C set [phase2-suite-from-1.1.1.1-to-2.2.2.2]:Protocols=phase2-protocol-from-1.1.1.1-to-2.2.2.2 force C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL-life force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL-life]:LIFE_TYPE=SECONDS force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL-life]:LIFE_DURATION=1200 force +C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL-life force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL-life]:LIFE_TYPE=SECONDS force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL-life]:LIFE_DURATION=1200 force C set [from-1.1.1.1]:ID-type=IPV4_ADDR force C set [from-1.1.1.1]:Address=1.1.1.1 force C set [to-2.2.2.2]:ID-type=IPV4_ADDR force diff --git a/regress/sbin/ipsecctl/ike33.ok b/regress/sbin/ipsecctl/ike33.ok index c0770218246..06f98411438 100644 --- a/regress/sbin/ipsecctl/ike33.ok +++ b/regress/sbin/ipsecctl/ike33.ok @@ -3,15 +3,15 @@ C set [peer-2.2.2.2]:Phase=1 force C set [peer-2.2.2.2]:Address=2.2.2.2 force C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024-life force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024-life]:LIFE_TYPE=SECONDS force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024-life]:LIFE_DURATION=3600 force +C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024-life force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024-life]:LIFE_TYPE=SECONDS force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024-life]:LIFE_DURATION=3600 force C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force @@ -21,13 +21,13 @@ C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=phase2-suite-from-1.1.1.1-to-2.2.2.2 force C set [phase2-suite-from-1.1.1.1-to-2.2.2.2]:Protocols=phase2-protocol-from-1.1.1.1-to-2.2.2.2 force C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-1.1.1.1]:ID-type=IPV4_ADDR force C set [from-1.1.1.1]:Address=1.1.1.1 force C set [to-2.2.2.2]:ID-type=IPV4_ADDR force diff --git a/regress/sbin/ipsecctl/ike34.ok b/regress/sbin/ipsecctl/ike34.ok index ec8c1b60f07..f01eab50f01 100644 --- a/regress/sbin/ipsecctl/ike34.ok +++ b/regress/sbin/ipsecctl/ike34.ok @@ -3,13 +3,13 @@ C set [peer-1.2.3.4]:Phase=1 force C set [peer-1.2.3.4]:Address=1.2.3.4 force C set [peer-1.2.3.4]:Configuration=phase1-peer-1.2.3.4 force C set [phase1-peer-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.2.3.4]:Transforms=phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.2.3.4]:Transforms=phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3ffe::1/24-to-3ffe:2::/24]:Phase=2 force C set [from-3ffe::1/24-to-3ffe:2::/24]:ISAKMP-peer=peer-1.2.3.4 force C set [from-3ffe::1/24-to-3ffe:2::/24]:Configuration=phase2-from-3ffe::1/24-to-3ffe:2::/24 force @@ -19,13 +19,13 @@ C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:Suites=phase2-suite-from-3ffe::1/24-to-3ffe:2::/24 force C set [phase2-suite-from-3ffe::1/24-to-3ffe:2::/24]:Protocols=phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24 force C set [phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24]:Transforms=phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24]:Transforms=phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force C set [from-3ffe::1/24]:Network=3ffe::1 force C set [from-3ffe::1/24]:Netmask=ffff:ff00:: force diff --git a/regress/sbin/ipsecctl/ike35.ok b/regress/sbin/ipsecctl/ike35.ok index fe824b483a5..ace64d54549 100644 --- a/regress/sbin/ipsecctl/ike35.ok +++ b/regress/sbin/ipsecctl/ike35.ok @@ -3,13 +3,13 @@ C set [peer-1.2.3.4]:Phase=1 force C set [peer-1.2.3.4]:Address=1.2.3.4 force C set [peer-1.2.3.4]:Configuration=phase1-peer-1.2.3.4 force C set [phase1-peer-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.2.3.4]:Transforms=phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.2.3.4]:Transforms=phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3ffe:2::/24-to-3ffe::1/24]:Phase=2 force C set [from-3ffe:2::/24-to-3ffe::1/24]:ISAKMP-peer=peer-1.2.3.4 force C set [from-3ffe:2::/24-to-3ffe::1/24]:Configuration=phase2-from-3ffe:2::/24-to-3ffe::1/24 force @@ -19,13 +19,13 @@ C set [phase2-from-3ffe:2::/24-to-3ffe::1/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe:2::/24-to-3ffe::1/24]:Suites=phase2-suite-from-3ffe:2::/24-to-3ffe::1/24 force C set [phase2-suite-from-3ffe:2::/24-to-3ffe::1/24]:Protocols=phase2-protocol-from-3ffe:2::/24-to-3ffe::1/24 force C set [phase2-protocol-from-3ffe:2::/24-to-3ffe::1/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe:2::/24-to-3ffe::1/24]:Transforms=phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe:2::/24-to-3ffe::1/24]:Transforms=phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe:2::/24-to-3ffe::1/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe:2::/24]:ID-type=IPV6_ADDR_SUBNET force C set [from-3ffe:2::/24]:Network=3ffe:2:: force C set [from-3ffe:2::/24]:Netmask=ffff:ff00:: force diff --git a/regress/sbin/ipsecctl/ike36.ok b/regress/sbin/ipsecctl/ike36.ok index 6029ca8df1b..17884bde069 100644 --- a/regress/sbin/ipsecctl/ike36.ok +++ b/regress/sbin/ipsecctl/ike36.ok @@ -3,13 +3,13 @@ C set [peer-3ffe::1]:Phase=1 force C set [peer-3ffe::1]:Address=3ffe::1 force C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3ffe::3-to-3ffe::4]:Phase=2 force C set [from-3ffe::3-to-3ffe::4]:ISAKMP-peer=peer-3ffe::1 force C set [from-3ffe::3-to-3ffe::4]:Configuration=phase2-from-3ffe::3-to-3ffe::4 force @@ -19,13 +19,13 @@ C set [phase2-from-3ffe::3-to-3ffe::4]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe::3-to-3ffe::4]:Suites=phase2-suite-from-3ffe::3-to-3ffe::4 force C set [phase2-suite-from-3ffe::3-to-3ffe::4]:Protocols=phase2-protocol-from-3ffe::3-to-3ffe::4 force C set [phase2-protocol-from-3ffe::3-to-3ffe::4]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe::3-to-3ffe::4]:Transforms=phase2-transform-from-3ffe::3-to-3ffe::4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe::3-to-3ffe::4]:Transforms=phase2-transform-from-3ffe::3-to-3ffe::4-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe::3-to-3ffe::4-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe::3]:ID-type=IPV6_ADDR force C set [from-3ffe::3]:Address=3ffe::3 force C set [to-3ffe::4]:ID-type=IPV6_ADDR force diff --git a/regress/sbin/ipsecctl/ike37.ok b/regress/sbin/ipsecctl/ike37.ok index 991a95b89a2..5959777dec3 100644 --- a/regress/sbin/ipsecctl/ike37.ok +++ b/regress/sbin/ipsecctl/ike37.ok @@ -3,13 +3,13 @@ C set [peer-3ffe::1]:Phase=1 force C set [peer-3ffe::1]:Address=3ffe::1 force C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [peer-3ffe::1]:ID=id-sharleena.as10.net force C set [id-sharleena.as10.net]:ID-type=FQDN force C set [id-sharleena.as10.net]:Name=sharleena.as10.net force @@ -25,13 +25,13 @@ C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:Suites=phase2-suite-from-3ffe:1::/64-to-3ffe:2::/64 force C set [phase2-suite-from-3ffe:1::/64-to-3ffe:2::/64]:Protocols=phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64 force C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:Transforms=phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:Transforms=phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force C set [from-3ffe:1::/64]:Network=3ffe:1:: force C set [from-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force diff --git a/regress/sbin/ipsecctl/ike38.ok b/regress/sbin/ipsecctl/ike38.ok index 85794a82250..88bcd8c9bf3 100644 --- a/regress/sbin/ipsecctl/ike38.ok +++ b/regress/sbin/ipsecctl/ike38.ok @@ -42,13 +42,13 @@ C set [peer-3ffe::29]:Phase=1 force C set [peer-3ffe::29]:Address=3ffe::29 force C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force C set [peer-3ffe::29]:ID=id-sharleena.as10.net force C set [id-sharleena.as10.net]:ID-type=FQDN force C set [id-sharleena.as10.net]:Name=sharleena.as10.net force @@ -64,13 +64,13 @@ C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=phase2-suite-from-3ffe::51-to-3ffe::29 force C set [phase2-suite-from-3ffe::51-to-3ffe::29]:Protocols=phase2-protocol-from-3ffe::51-to-3ffe::29 force C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe::51]:ID-type=IPV6_ADDR force C set [from-3ffe::51]:Address=3ffe::51 force C set [to-3ffe::29]:ID-type=IPV6_ADDR force diff --git a/regress/sbin/ipsecctl/ike39.ok b/regress/sbin/ipsecctl/ike39.ok index 45c9b36d4f6..1283a3c1aa5 100644 --- a/regress/sbin/ipsecctl/ike39.ok +++ b/regress/sbin/ipsecctl/ike39.ok @@ -3,13 +3,13 @@ C set [peer-3ffe::29]:Phase=1 force C set [peer-3ffe::29]:Address=3ffe::29 force C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3ffe:1::/64-to-3ffe:2::/64]:Phase=2 force C set [from-3ffe:1::/64-to-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::29 force C set [from-3ffe:1::/64-to-3ffe:2::/64]:Configuration=phase2-from-3ffe:1::/64-to-3ffe:2::/64 force @@ -19,13 +19,13 @@ C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:Suites=phase2-suite-from-3ffe:1::/64-to-3ffe:2::/64 force C set [phase2-suite-from-3ffe:1::/64-to-3ffe:2::/64]:Protocols=phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64 force C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:Transforms=phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:Transforms=phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force C set [from-3ffe:1::/64]:Network=3ffe:1:: force C set [from-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force @@ -38,13 +38,13 @@ C set [peer-3ffe::29]:Phase=1 force C set [peer-3ffe::29]:Address=3ffe::29 force C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::29]:Transforms=phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3ffe::51-to-3ffe::29]:Phase=2 force C set [from-3ffe::51-to-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force C set [from-3ffe::51-to-3ffe::29]:Configuration=phase2-from-3ffe::51-to-3ffe::29 force @@ -54,13 +54,13 @@ C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=phase2-suite-from-3ffe::51-to-3ffe::29 force C set [phase2-suite-from-3ffe::51-to-3ffe::29]:Protocols=phase2-protocol-from-3ffe::51-to-3ffe::29 force C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe::51-to-3ffe::29]:Transforms=phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe::51-to-3ffe::29-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe::51]:ID-type=IPV6_ADDR force C set [from-3ffe::51]:Address=3ffe::51 force C set [to-3ffe::29]:ID-type=IPV6_ADDR force diff --git a/regress/sbin/ipsecctl/ike4.ok b/regress/sbin/ipsecctl/ike4.ok index 78a487c7ad7..78981f41617 100644 --- a/regress/sbin/ipsecctl/ike4.ok +++ b/regress/sbin/ipsecctl/ike4.ok @@ -3,13 +3,13 @@ C set [peer-131.188.33.29]:Phase=1 force C set [peer-131.188.33.29]:Address=131.188.33.29 force C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [peer-131.188.33.29]:ID=id-sharleena.as10.net force C set [id-sharleena.as10.net]:ID-type=FQDN force C set [id-sharleena.as10.net]:Name=sharleena.as10.net force @@ -25,13 +25,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.1.1.0/24]:Network=10.1.1.0 force C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force diff --git a/regress/sbin/ipsecctl/ike40.ok b/regress/sbin/ipsecctl/ike40.ok index 95edd980ea5..6cbfd06d233 100644 --- a/regress/sbin/ipsecctl/ike40.ok +++ b/regress/sbin/ipsecctl/ike40.ok @@ -3,13 +3,13 @@ C set [peer-3ffe::51]:Phase=1 force C set [peer-3ffe::51]:Address=3ffe::51 force C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3ffe:1::/64-to-3ffe:2::/64]:Phase=2 force C set [from-3ffe:1::/64-to-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::51 force C set [from-3ffe:1::/64-to-3ffe:2::/64]:Configuration=phase2-from-3ffe:1::/64-to-3ffe:2::/64 force @@ -19,13 +19,13 @@ C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:Suites=phase2-suite-from-3ffe:1::/64-to-3ffe:2::/64 force C set [phase2-suite-from-3ffe:1::/64-to-3ffe:2::/64]:Protocols=phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64 force C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:Transforms=phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:Transforms=phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force C set [from-3ffe:1::/64]:Network=3ffe:1:: force C set [from-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force @@ -38,13 +38,13 @@ C set [peer-3ffe::51]:Phase=1 force C set [peer-3ffe::51]:Address=3ffe::51 force C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3ffe::29-to-3ffe::51]:Phase=2 force C set [from-3ffe::29-to-3ffe::51]:ISAKMP-peer=peer-3ffe::51 force C set [from-3ffe::29-to-3ffe::51]:Configuration=phase2-from-3ffe::29-to-3ffe::51 force @@ -54,13 +54,13 @@ C set [phase2-from-3ffe::29-to-3ffe::51]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe::29-to-3ffe::51]:Suites=phase2-suite-from-3ffe::29-to-3ffe::51 force C set [phase2-suite-from-3ffe::29-to-3ffe::51]:Protocols=phase2-protocol-from-3ffe::29-to-3ffe::51 force C set [phase2-protocol-from-3ffe::29-to-3ffe::51]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe::29-to-3ffe::51]:Transforms=phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe::29-to-3ffe::51]:Transforms=phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe::29-to-3ffe::51-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe::29]:ID-type=IPV6_ADDR force C set [from-3ffe::29]:Address=3ffe::29 force C set [to-3ffe::51]:ID-type=IPV6_ADDR force diff --git a/regress/sbin/ipsecctl/ike41.ok b/regress/sbin/ipsecctl/ike41.ok index 4cbda02ca48..c9c4cef4323 100644 --- a/regress/sbin/ipsecctl/ike41.ok +++ b/regress/sbin/ipsecctl/ike41.ok @@ -3,15 +3,15 @@ C set [peer-2.2.2.2]:Phase=1 force C set [peer-2.2.2.2]:Address=2.2.2.2 force C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024-life force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024-life]:LIFE_TYPE=SECONDS force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024-life]:LIFE_DURATION=3600 force +C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024-life force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024-life]:LIFE_TYPE=SECONDS force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024-life]:LIFE_DURATION=3600 force C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force @@ -21,15 +21,15 @@ C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=phase2-suite-from-1.1.1.1-to-2.2.2.2 force C set [phase2-suite-from-1.1.1.1-to-2.2.2.2]:Protocols=phase2-protocol-from-1.1.1.1-to-2.2.2.2 force C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL-life force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL-life]:LIFE_TYPE=SECONDS force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL-life]:LIFE_DURATION=1200 force +C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL-life force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL-life]:LIFE_TYPE=SECONDS force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL-life]:LIFE_DURATION=1200 force C set [from-1.1.1.1]:ID-type=IPV4_ADDR force C set [from-1.1.1.1]:Address=1.1.1.1 force C set [to-2.2.2.2]:ID-type=IPV4_ADDR force diff --git a/regress/sbin/ipsecctl/ike42.ok b/regress/sbin/ipsecctl/ike42.ok index d32d99f24e8..10f2f5d661b 100644 --- a/regress/sbin/ipsecctl/ike42.ok +++ b/regress/sbin/ipsecctl/ike42.ok @@ -3,13 +3,13 @@ C set [peer-2.2.2.2]:Phase=1 force C set [peer-2.2.2.2]:Address=2.2.2.2 force C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-1.1.1.1=17:123-to-2.2.2.2=17]:Phase=2 force C set [from-1.1.1.1=17:123-to-2.2.2.2=17]:ISAKMP-peer=peer-2.2.2.2 force C set [from-1.1.1.1=17:123-to-2.2.2.2=17]:Configuration=phase2-from-1.1.1.1=17:123-to-2.2.2.2=17 force @@ -19,13 +19,13 @@ C set [phase2-from-1.1.1.1=17:123-to-2.2.2.2=17]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-1.1.1.1=17:123-to-2.2.2.2=17]:Suites=phase2-suite-from-1.1.1.1=17:123-to-2.2.2.2=17 force C set [phase2-suite-from-1.1.1.1=17:123-to-2.2.2.2=17]:Protocols=phase2-protocol-from-1.1.1.1=17:123-to-2.2.2.2=17 force C set [phase2-protocol-from-1.1.1.1=17:123-to-2.2.2.2=17]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-1.1.1.1=17:123-to-2.2.2.2=17]:Transforms=phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-1.1.1.1=17:123-to-2.2.2.2=17]:Transforms=phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-1.1.1.1=17:123-to-2.2.2.2=17-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-1.1.1.1=17:123]:ID-type=IPV4_ADDR force C set [from-1.1.1.1=17:123]:Address=1.1.1.1 force C set [to-2.2.2.2=17]:ID-type=IPV4_ADDR force diff --git a/regress/sbin/ipsecctl/ike43.ok b/regress/sbin/ipsecctl/ike43.ok index 0f1dbbb1b09..11cb2a72012 100644 --- a/regress/sbin/ipsecctl/ike43.ok +++ b/regress/sbin/ipsecctl/ike43.ok @@ -3,13 +3,13 @@ C set [peer-3ffe::2]:Phase=1 force C set [peer-3ffe::2]:Address=3ffe::2 force C set [peer-3ffe::2]:Configuration=phase1-peer-3ffe::2 force C set [phase1-peer-3ffe::2]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::2]:Transforms=phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::2]:Transforms=phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3ffe::1=6:2022-to-3ffe::2=6:22]:Phase=2 force C set [from-3ffe::1=6:2022-to-3ffe::2=6:22]:ISAKMP-peer=peer-3ffe::2 force C set [from-3ffe::1=6:2022-to-3ffe::2=6:22]:Configuration=phase2-from-3ffe::1=6:2022-to-3ffe::2=6:22 force @@ -19,13 +19,13 @@ C set [phase2-from-3ffe::1=6:2022-to-3ffe::2=6:22]:EXCHANGE_TYPE=QUICK_MODE forc C set [phase2-from-3ffe::1=6:2022-to-3ffe::2=6:22]:Suites=phase2-suite-from-3ffe::1=6:2022-to-3ffe::2=6:22 force C set [phase2-suite-from-3ffe::1=6:2022-to-3ffe::2=6:22]:Protocols=phase2-protocol-from-3ffe::1=6:2022-to-3ffe::2=6:22 force C set [phase2-protocol-from-3ffe::1=6:2022-to-3ffe::2=6:22]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe::1=6:2022-to-3ffe::2=6:22]:Transforms=phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe::1=6:2022-to-3ffe::2=6:22]:Transforms=phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe::1=6:2022-to-3ffe::2=6:22-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe::1=6:2022]:ID-type=IPV6_ADDR force C set [from-3ffe::1=6:2022]:Address=3ffe::1 force C set [to-3ffe::2=6:22]:ID-type=IPV6_ADDR force diff --git a/regress/sbin/ipsecctl/ike46.ok b/regress/sbin/ipsecctl/ike46.ok index d0e0d6a94b9..6c28251fab1 100644 --- a/regress/sbin/ipsecctl/ike46.ok +++ b/regress/sbin/ipsecctl/ike46.ok @@ -3,13 +3,13 @@ C set [peer-2.2.2.2]:Phase=1 force C set [peer-2.2.2.2]:Address=2.2.2.2 force C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force @@ -19,13 +19,13 @@ C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=phase2-suite-from-1.1.1.1-to-2.2.2.2 force C set [phase2-suite-from-1.1.1.1-to-2.2.2.2]:Protocols=phase2-protocol-from-1.1.1.1-to-2.2.2.2 force C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-1.1.1.1]:ID-type=IPV4_ADDR force C set [from-1.1.1.1]:Address=1.1.1.1 force C set [to-2.2.2.2]:ID-type=IPV4_ADDR force @@ -36,13 +36,13 @@ C set [peer-2.2.2.2]:Phase=1 force C set [peer-2.2.2.2]:Address=2.2.2.2 force C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force @@ -52,13 +52,13 @@ C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=phase2-suite-from-1.1.1.1-to-2.2.2.2 force C set [phase2-suite-from-1.1.1.1-to-2.2.2.2]:Protocols=phase2-protocol-from-1.1.1.1-to-2.2.2.2 force C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TRANSPORT force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TRANSPORT]:TRANSFORM_ID=AES force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TRANSPORT]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TRANSPORT]:ENCAPSULATION_MODE=TRANSPORT force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TRANSPORT]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TRANSPORT]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TRANSPORT]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TRANSPORT force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TRANSPORT]:TRANSFORM_ID=AES force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TRANSPORT]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TRANSPORT]:ENCAPSULATION_MODE=TRANSPORT force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TRANSPORT]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TRANSPORT]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TRANSPORT]:Life=LIFE_QUICK_MODE force C set [from-1.1.1.1]:ID-type=IPV4_ADDR force C set [from-1.1.1.1]:Address=1.1.1.1 force C set [to-2.2.2.2]:ID-type=IPV4_ADDR force diff --git a/regress/sbin/ipsecctl/ike47.ok b/regress/sbin/ipsecctl/ike47.ok index 6864daba509..c7ae94d0eac 100644 --- a/regress/sbin/ipsecctl/ike47.ok +++ b/regress/sbin/ipsecctl/ike47.ok @@ -2,13 +2,13 @@ C set [Phase 1]:Default=peer-default force C set [peer-default]:Phase=1 force C set [peer-default]:Configuration=phase1-peer-default force C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-0.0.0.0/0-to-0.0.0.0/0]:Phase=2 force C set [from-0.0.0.0/0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force C set [from-0.0.0.0/0-to-0.0.0.0/0]:Configuration=phase2-from-0.0.0.0/0-to-0.0.0.0/0 force @@ -18,13 +18,13 @@ C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:Suites=phase2-suite-from-0.0.0.0/0-to-0.0.0.0/0 force C set [phase2-suite-from-0.0.0.0/0-to-0.0.0.0/0]:Protocols=phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0 force C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:Transforms=phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:Transforms=phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force C set [from-0.0.0.0/0]:Network=0.0.0.0 force C set [from-0.0.0.0/0]:Netmask=0.0.0.0 force @@ -36,13 +36,13 @@ C set [Phase 1]:Default=peer-default force C set [peer-default]:Phase=1 force C set [peer-default]:Configuration=phase1-peer-default force C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-::/0-to-::/0]:Phase=2 force C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force @@ -52,13 +52,13 @@ C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-::/0-to-::/0]:Suites=phase2-suite-from-::/0-to-::/0 force C set [phase2-suite-from-::/0-to-::/0]:Protocols=phase2-protocol-from-::/0-to-::/0 force C set [phase2-protocol-from-::/0-to-::/0]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force C set [from-::/0]:Network=:: force C set [from-::/0]:Netmask=:: force diff --git a/regress/sbin/ipsecctl/ike48.ok b/regress/sbin/ipsecctl/ike48.ok index 928f1557cb0..276b159e6c0 100644 --- a/regress/sbin/ipsecctl/ike48.ok +++ b/regress/sbin/ipsecctl/ike48.ok @@ -3,13 +3,13 @@ C set [peer-default]:Phase=1 force C set [peer-default]:Authentication=mekmitasdigoat force C set [peer-default]:Configuration=phase1-peer-default force C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=PRE_SHARED force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=PRE_SHARED force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-0.0.0.0/0-to-0.0.0.0/0]:Phase=2 force C set [from-0.0.0.0/0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force C set [from-0.0.0.0/0-to-0.0.0.0/0]:Configuration=phase2-from-0.0.0.0/0-to-0.0.0.0/0 force @@ -19,13 +19,13 @@ C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:Suites=phase2-suite-from-0.0.0.0/0-to-0.0.0.0/0 force C set [phase2-suite-from-0.0.0.0/0-to-0.0.0.0/0]:Protocols=phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0 force C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:Transforms=phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:Transforms=phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force C set [from-0.0.0.0/0]:Network=0.0.0.0 force C set [from-0.0.0.0/0]:Netmask=0.0.0.0 force @@ -38,13 +38,13 @@ C set [peer-default]:Phase=1 force C set [peer-default]:Authentication=mekmitasdigoat force C set [peer-default]:Configuration=phase1-peer-default force C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=PRE_SHARED force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=PRE_SHARED force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-::/0-to-::/0]:Phase=2 force C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force @@ -54,13 +54,13 @@ C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-::/0-to-::/0]:Suites=phase2-suite-from-::/0-to-::/0 force C set [phase2-suite-from-::/0-to-::/0]:Protocols=phase2-protocol-from-::/0-to-::/0 force C set [phase2-protocol-from-::/0-to-::/0]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force C set [from-::/0]:Network=:: force C set [from-::/0]:Netmask=:: force diff --git a/regress/sbin/ipsecctl/ike49.ok b/regress/sbin/ipsecctl/ike49.ok index b368b79c6e3..6dc957d9ca3 100644 --- a/regress/sbin/ipsecctl/ike49.ok +++ b/regress/sbin/ipsecctl/ike49.ok @@ -3,13 +3,13 @@ C set [peer-default]:Phase=1 force C set [peer-default]:Authentication=mekmitasdigoat force C set [peer-default]:Configuration=phase1-peer-default force C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=PRE_SHARED force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=PRE_SHARED force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-default force C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force @@ -19,13 +19,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.1.1.0/24]:Network=10.1.1.0 force C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force diff --git a/regress/sbin/ipsecctl/ike5.ok b/regress/sbin/ipsecctl/ike5.ok index 9b6a4d9cadd..35e539869ab 100644 --- a/regress/sbin/ipsecctl/ike5.ok +++ b/regress/sbin/ipsecctl/ike5.ok @@ -42,13 +42,13 @@ C set [peer-131.188.33.29]:Phase=1 force C set [peer-131.188.33.29]:Address=131.188.33.29 force C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_3072 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_3072]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_3072 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force C set [peer-131.188.33.29]:ID=id-sharleena.as10.net force C set [id-sharleena.as10.net]:ID-type=FQDN force C set [id-sharleena.as10.net]:Name=sharleena.as10.net force @@ -64,13 +64,13 @@ C set [phase2-from-131.188.33.51-to-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE forc C set [phase2-from-131.188.33.51-to-131.188.33.29]:Suites=phase2-suite-from-131.188.33.51-to-131.188.33.29 force C set [phase2-suite-from-131.188.33.51-to-131.188.33.29]:Protocols=phase2-protocol-from-131.188.33.51-to-131.188.33.29 force C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:Transforms=phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:Transforms=phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_3072-TUNNEL force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-131.188.33.51]:ID-type=IPV4_ADDR force C set [from-131.188.33.51]:Address=131.188.33.51 force C set [to-131.188.33.29]:ID-type=IPV4_ADDR force diff --git a/regress/sbin/ipsecctl/ike50.ok b/regress/sbin/ipsecctl/ike50.ok index 70d57ad6880..871a1f53632 100644 --- a/regress/sbin/ipsecctl/ike50.ok +++ b/regress/sbin/ipsecctl/ike50.ok @@ -3,13 +3,13 @@ C set [peer-default]:Phase=1 force C set [peer-default]:Local-address=1.1.1.1 force C set [peer-default]:Configuration=phase1-peer-default force C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-10.1.1.0/24-to-10.2.2.0/24]:Phase=2 force C set [from-10.1.1.0/24-to-10.2.2.0/24]:ISAKMP-peer=peer-default force C set [from-10.1.1.0/24-to-10.2.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.2.2.0/24 force @@ -19,13 +19,13 @@ C set [phase2-from-10.1.1.0/24-to-10.2.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.1.1.0/24-to-10.2.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.2.2.0/24 force C set [phase2-suite-from-10.1.1.0/24-to-10.2.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.2.2.0/24 force C set [phase2-protocol-from-10.1.1.0/24-to-10.2.2.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.1.1.0/24-to-10.2.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.1.1.0/24-to-10.2.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.1.1.0/24]:Network=10.1.1.0 force C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force diff --git a/regress/sbin/ipsecctl/ike51.ok b/regress/sbin/ipsecctl/ike51.ok index 850f9f97050..10ceb65ddbf 100644 --- a/regress/sbin/ipsecctl/ike51.ok +++ b/regress/sbin/ipsecctl/ike51.ok @@ -3,13 +3,13 @@ C set [peer-default]:Phase=1 force C set [peer-default]:Authentication=mekmitasdigoat force C set [peer-default]:Configuration=phase1-peer-default force C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=PRE_SHARED force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=PRE_SHARED force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3ffe::1/24-to-3ffe:2::/24]:Phase=2 force C set [from-3ffe::1/24-to-3ffe:2::/24]:ISAKMP-peer=peer-default force C set [from-3ffe::1/24-to-3ffe:2::/24]:Configuration=phase2-from-3ffe::1/24-to-3ffe:2::/24 force @@ -19,13 +19,13 @@ C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:Suites=phase2-suite-from-3ffe::1/24-to-3ffe:2::/24 force C set [phase2-suite-from-3ffe::1/24-to-3ffe:2::/24]:Protocols=phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24 force C set [phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24]:Transforms=phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24]:Transforms=phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force C set [from-3ffe::1/24]:Network=3ffe::1 force C set [from-3ffe::1/24]:Netmask=ffff:ff00:: force diff --git a/regress/sbin/ipsecctl/ike52.ok b/regress/sbin/ipsecctl/ike52.ok index c1133ec487c..562996496db 100644 --- a/regress/sbin/ipsecctl/ike52.ok +++ b/regress/sbin/ipsecctl/ike52.ok @@ -3,13 +3,13 @@ C set [peer-default]:Phase=1 force C set [peer-default]:Local-address=3ffe::3 force C set [peer-default]:Configuration=phase1-peer-default force C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3ffe::1/24-to-3ffe:2::/24]:Phase=2 force C set [from-3ffe::1/24-to-3ffe:2::/24]:ISAKMP-peer=peer-default force C set [from-3ffe::1/24-to-3ffe:2::/24]:Configuration=phase2-from-3ffe::1/24-to-3ffe:2::/24 force @@ -19,13 +19,13 @@ C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:Suites=phase2-suite-from-3ffe::1/24-to-3ffe:2::/24 force C set [phase2-suite-from-3ffe::1/24-to-3ffe:2::/24]:Protocols=phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24 force C set [phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24]:Transforms=phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe::1/24-to-3ffe:2::/24]:Transforms=phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe::1/24-to-3ffe:2::/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force C set [from-3ffe::1/24]:Network=3ffe::1 force C set [from-3ffe::1/24]:Netmask=ffff:ff00:: force diff --git a/regress/sbin/ipsecctl/ike53.ok b/regress/sbin/ipsecctl/ike53.ok index f5e7dba9ee2..9b2b6c34c06 100644 --- a/regress/sbin/ipsecctl/ike53.ok +++ b/regress/sbin/ipsecctl/ike53.ok @@ -3,13 +3,13 @@ C set [peer-2.2.2.2]:Phase=1 force C set [peer-2.2.2.2]:Address=2.2.2.2 force C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force diff --git a/regress/sbin/ipsecctl/ike54.ok b/regress/sbin/ipsecctl/ike54.ok index 96d8c623b62..a10621c0c9f 100644 --- a/regress/sbin/ipsecctl/ike54.ok +++ b/regress/sbin/ipsecctl/ike54.ok @@ -2,13 +2,13 @@ C set [Phase 1]:Default=peer-default force C set [peer-default]:Phase=1 force C set [peer-default]:Configuration=phase1-peer-default force C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-1.1.1.1=17:123-to-0.0.0.0/0=17]:Phase=2 force C set [from-1.1.1.1=17:123-to-0.0.0.0/0=17]:ISAKMP-peer=peer-default force C set [from-1.1.1.1=17:123-to-0.0.0.0/0=17]:Configuration=phase2-from-1.1.1.1=17:123-to-0.0.0.0/0=17 force diff --git a/regress/sbin/ipsecctl/ike55.ok b/regress/sbin/ipsecctl/ike55.ok index 3ed6116e3e5..36c66fff34b 100644 --- a/regress/sbin/ipsecctl/ike55.ok +++ b/regress/sbin/ipsecctl/ike55.ok @@ -3,13 +3,13 @@ C set [peer-2.2.2.2]:Phase=1 force C set [peer-2.2.2.2]:Address=2.2.2.2 force C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force diff --git a/regress/sbin/ipsecctl/ike56.ok b/regress/sbin/ipsecctl/ike56.ok index ae63ab58aa7..ff6c1baea85 100644 --- a/regress/sbin/ipsecctl/ike56.ok +++ b/regress/sbin/ipsecctl/ike56.ok @@ -3,13 +3,13 @@ C set [peer-127.0.0.1]:Phase=1 force C set [peer-127.0.0.1]:Address=127.0.0.1 force C set [peer-127.0.0.1]:Configuration=phase1-peer-127.0.0.1 force C set [phase1-peer-127.0.0.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-127.0.0.1]:Transforms=phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-127.0.0.1]:Transforms=phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-127.0.0.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-127.0.0.1-to-127.0.0.1]:Phase=2 force C set [from-127.0.0.1-to-127.0.0.1]:ISAKMP-peer=peer-127.0.0.1 force C set [from-127.0.0.1-to-127.0.0.1]:Configuration=phase2-from-127.0.0.1-to-127.0.0.1 force @@ -19,13 +19,13 @@ C set [phase2-from-127.0.0.1-to-127.0.0.1]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-127.0.0.1-to-127.0.0.1]:Suites=phase2-suite-from-127.0.0.1-to-127.0.0.1 force C set [phase2-suite-from-127.0.0.1-to-127.0.0.1]:Protocols=phase2-protocol-from-127.0.0.1-to-127.0.0.1 force C set [phase2-protocol-from-127.0.0.1-to-127.0.0.1]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-127.0.0.1-to-127.0.0.1]:Transforms=phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-127.0.0.1-to-127.0.0.1]:Transforms=phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-127.0.0.1-to-127.0.0.1-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-127.0.0.1]:ID-type=IPV4_ADDR force C set [from-127.0.0.1]:Address=127.0.0.1 force C set [to-127.0.0.1]:ID-type=IPV4_ADDR force diff --git a/regress/sbin/ipsecctl/ike57.ok b/regress/sbin/ipsecctl/ike57.ok index cb2d4508eca..44c527f008a 100644 --- a/regress/sbin/ipsecctl/ike57.ok +++ b/regress/sbin/ipsecctl/ike57.ok @@ -3,13 +3,13 @@ C set [peer-192.168.0.1]:Phase=1 force C set [peer-192.168.0.1]:Address=192.168.0.1 force C set [peer-192.168.0.1]:Configuration=phase1-peer-192.168.0.1 force C set [phase1-peer-192.168.0.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-192.168.0.1]:Transforms=phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-192.168.0.1]:Transforms=phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [peer-192.168.0.1]:ID=id-me@example.com force C set [id-me@example.com]:ID-type=USER_FQDN force C set [id-me@example.com]:Name=me@example.com force @@ -25,13 +25,13 @@ C set [phase2-from-10.0.0.0/24-to-10.0.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.0.0.0/24-to-10.0.1.0/24]:Suites=phase2-suite-from-10.0.0.0/24-to-10.0.1.0/24 force C set [phase2-suite-from-10.0.0.0/24-to-10.0.1.0/24]:Protocols=phase2-protocol-from-10.0.0.0/24-to-10.0.1.0/24 force C set [phase2-protocol-from-10.0.0.0/24-to-10.0.1.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.0.0.0/24-to-10.0.1.0/24]:Transforms=phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.0.0.0/24-to-10.0.1.0/24]:Transforms=phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.0.0.0/24]:Network=10.0.0.0 force C set [from-10.0.0.0/24]:Netmask=255.255.255.0 force @@ -44,13 +44,13 @@ C set [peer-192.168.0.2]:Phase=1 force C set [peer-192.168.0.2]:Address=192.168.0.2 force C set [peer-192.168.0.2]:Configuration=phase1-peer-192.168.0.2 force C set [phase1-peer-192.168.0.2]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-192.168.0.2]:Transforms=phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-192.168.0.2]:Transforms=phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [peer-192.168.0.2]:ID=id-me@example.com force C set [id-me@example.com]:ID-type=USER_FQDN force C set [id-me@example.com]:Name=me@example.com force @@ -66,13 +66,13 @@ C set [phase2-from-10.0.0.0/24-to-10.0.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.0.0.0/24-to-10.0.2.0/24]:Suites=phase2-suite-from-10.0.0.0/24-to-10.0.2.0/24 force C set [phase2-suite-from-10.0.0.0/24-to-10.0.2.0/24]:Protocols=phase2-protocol-from-10.0.0.0/24-to-10.0.2.0/24 force C set [phase2-protocol-from-10.0.0.0/24-to-10.0.2.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.0.0.0/24-to-10.0.2.0/24]:Transforms=phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.0.0.0/24-to-10.0.2.0/24]:Transforms=phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.0.0.0/24]:Network=10.0.0.0 force C set [from-10.0.0.0/24]:Netmask=255.255.255.0 force @@ -85,13 +85,13 @@ C set [peer-192.168.0.3]:Phase=1 force C set [peer-192.168.0.3]:Address=192.168.0.3 force C set [peer-192.168.0.3]:Configuration=phase1-peer-192.168.0.3 force C set [phase1-peer-192.168.0.3]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-192.168.0.3]:Transforms=phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-192.168.0.3]:Transforms=phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [peer-192.168.0.3]:ID=id-me.example.com force C set [id-me.example.com]:ID-type=FQDN force C set [id-me.example.com]:Name=me.example.com force @@ -107,13 +107,13 @@ C set [phase2-from-10.0.0.0/24-to-10.0.3.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.0.0.0/24-to-10.0.3.0/24]:Suites=phase2-suite-from-10.0.0.0/24-to-10.0.3.0/24 force C set [phase2-suite-from-10.0.0.0/24-to-10.0.3.0/24]:Protocols=phase2-protocol-from-10.0.0.0/24-to-10.0.3.0/24 force C set [phase2-protocol-from-10.0.0.0/24-to-10.0.3.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.0.0.0/24-to-10.0.3.0/24]:Transforms=phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.0.0.0/24-to-10.0.3.0/24]:Transforms=phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.0.0.0/24]:Network=10.0.0.0 force C set [from-10.0.0.0/24]:Netmask=255.255.255.0 force diff --git a/regress/sbin/ipsecctl/ike58.ok b/regress/sbin/ipsecctl/ike58.ok index 8b37caf2d61..67248b24169 100644 --- a/regress/sbin/ipsecctl/ike58.ok +++ b/regress/sbin/ipsecctl/ike58.ok @@ -2,13 +2,13 @@ C set [Phase 1]:Default=peer-default force C set [peer-default]:Phase=1 force C set [peer-default]:Configuration=phase1-peer-default force C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-0.0.0.0/0-to-0.0.0.0/0]:Phase=2 force C set [from-0.0.0.0/0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force C set [from-0.0.0.0/0-to-0.0.0.0/0]:Configuration=phase2-from-0.0.0.0/0-to-0.0.0.0/0 force @@ -18,13 +18,13 @@ C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:Suites=phase2-suite-from-0.0.0.0/0-to-0.0.0.0/0 force C set [phase2-suite-from-0.0.0.0/0-to-0.0.0.0/0]:Protocols=phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0 force C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:Transforms=phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:Transforms=phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force C set [from-0.0.0.0/0]:Network=0.0.0.0 force C set [from-0.0.0.0/0]:Netmask=0.0.0.0 force @@ -36,13 +36,13 @@ C set [Phase 1]:Default=peer-default force C set [peer-default]:Phase=1 force C set [peer-default]:Configuration=phase1-peer-default force C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-::/0-to-::/0]:Phase=2 force C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force @@ -52,13 +52,13 @@ C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-::/0-to-::/0]:Suites=phase2-suite-from-::/0-to-::/0 force C set [phase2-suite-from-::/0-to-::/0]:Protocols=phase2-protocol-from-::/0-to-::/0 force C set [phase2-protocol-from-::/0-to-::/0]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force C set [from-::/0]:Network=:: force C set [from-::/0]:Netmask=:: force @@ -70,13 +70,13 @@ C set [Phase 1]:Default=peer-default force C set [peer-default]:Phase=1 force C set [peer-default]:Configuration=phase1-peer-default force C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-::/0-to-::/0]:Phase=2 force C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force @@ -86,13 +86,13 @@ C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-::/0-to-::/0]:Suites=phase2-suite-from-::/0-to-::/0 force C set [phase2-suite-from-::/0-to-::/0]:Protocols=phase2-protocol-from-::/0-to-::/0 force C set [phase2-protocol-from-::/0-to-::/0]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-::/0-to-::/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force C set [from-::/0]:Network=:: force C set [from-::/0]:Netmask=:: force diff --git a/regress/sbin/ipsecctl/ike59.ok b/regress/sbin/ipsecctl/ike59.ok index ee0634bcb95..07fc92f2609 100644 --- a/regress/sbin/ipsecctl/ike59.ok +++ b/regress/sbin/ipsecctl/ike59.ok @@ -3,13 +3,13 @@ C set [peer-1.2.3.4]:Phase=1 force C set [peer-1.2.3.4]:Address=1.2.3.4 force C set [peer-1.2.3.4]:Configuration=phase1-peer-1.2.3.4 force C set [phase1-peer-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.2.3.4]:Transforms=phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.2.3.4]:Transforms=phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.2.3.4-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-10.0.0.1/32-to-10.0.0.2/32]:Phase=2 force C set [from-10.0.0.1/32-to-10.0.0.2/32]:ISAKMP-peer=peer-1.2.3.4 force C set [from-10.0.0.1/32-to-10.0.0.2/32]:Configuration=phase2-from-10.0.0.1/32-to-10.0.0.2/32 force @@ -19,13 +19,13 @@ C set [phase2-from-10.0.0.1/32-to-10.0.0.2/32]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.0.0.1/32-to-10.0.0.2/32]:Suites=phase2-suite-from-10.0.0.1/32-to-10.0.0.2/32 force C set [phase2-suite-from-10.0.0.1/32-to-10.0.0.2/32]:Protocols=phase2-protocol-from-10.0.0.1/32-to-10.0.0.2/32 force C set [phase2-protocol-from-10.0.0.1/32-to-10.0.0.2/32]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.0.0.1/32-to-10.0.0.2/32]:Transforms=phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.0.0.1/32-to-10.0.0.2/32]:Transforms=phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.0.0.1/32-to-10.0.0.2/32-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.0.0.1/32]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.0.0.1/32]:Network=10.0.0.1 force C set [from-10.0.0.1/32]:Netmask=255.255.255.255 force diff --git a/regress/sbin/ipsecctl/ike6.ok b/regress/sbin/ipsecctl/ike6.ok index 6c493238ab3..5bae27ded77 100644 --- a/regress/sbin/ipsecctl/ike6.ok +++ b/regress/sbin/ipsecctl/ike6.ok @@ -3,13 +3,13 @@ C set [peer-131.188.33.29]:Phase=1 force C set [peer-131.188.33.29]:Address=131.188.33.29 force C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force @@ -19,13 +19,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.1.1.0/24]:Network=10.1.1.0 force C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force @@ -38,13 +38,13 @@ C set [peer-131.188.33.29]:Phase=1 force C set [peer-131.188.33.29]:Address=131.188.33.29 force C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-131.188.33.29]:Transforms=phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-131.188.33.29-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-131.188.33.51-to-131.188.33.29]:Phase=2 force C set [from-131.188.33.51-to-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force C set [from-131.188.33.51-to-131.188.33.29]:Configuration=phase2-from-131.188.33.51-to-131.188.33.29 force @@ -54,13 +54,13 @@ C set [phase2-from-131.188.33.51-to-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE forc C set [phase2-from-131.188.33.51-to-131.188.33.29]:Suites=phase2-suite-from-131.188.33.51-to-131.188.33.29 force C set [phase2-suite-from-131.188.33.51-to-131.188.33.29]:Protocols=phase2-protocol-from-131.188.33.51-to-131.188.33.29 force C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:Transforms=phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-131.188.33.51-to-131.188.33.29]:Transforms=phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-131.188.33.51-to-131.188.33.29-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-131.188.33.51]:ID-type=IPV4_ADDR force C set [from-131.188.33.51]:Address=131.188.33.51 force C set [to-131.188.33.29]:ID-type=IPV4_ADDR force diff --git a/regress/sbin/ipsecctl/ike60.ok b/regress/sbin/ipsecctl/ike60.ok index 8df2195e099..f524ea8c1df 100644 --- a/regress/sbin/ipsecctl/ike60.ok +++ b/regress/sbin/ipsecctl/ike60.ok @@ -2,13 +2,13 @@ C set [Phase 1]:Default=peer-default force C set [peer-default]:Phase=1 force C set [peer-default]:Configuration=phase1-peer-default force C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:128-MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:128-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:128-MODP_1024]:KEY_LENGTH=128,128:128 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:128-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:128 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-10.0.0.1-to-0.0.0.0/0]:Phase=2 force C set [from-10.0.0.1-to-0.0.0.0/0]:ISAKMP-peer=peer-default force C set [from-10.0.0.1-to-0.0.0.0/0]:Configuration=phase2-from-10.0.0.1-to-0.0.0.0/0 force @@ -18,13 +18,13 @@ C set [phase2-from-10.0.0.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.0.0.1-to-0.0.0.0/0]:Suites=phase2-suite-from-10.0.0.1-to-0.0.0.0/0 force C set [phase2-suite-from-10.0.0.1-to-0.0.0.0/0]:Protocols=phase2-protocol-from-10.0.0.1-to-0.0.0.0/0 force C set [phase2-protocol-from-10.0.0.1-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.0.0.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128,128:128-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128,128:128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128,128:128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:128 force -C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128,128:128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128,128:128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128,128:128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128,128:128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.0.0.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:128 force +C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.0.0.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.0.0.1]:ID-type=IPV4_ADDR force C set [from-10.0.0.1]:Address=10.0.0.1 force C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force @@ -35,13 +35,13 @@ C set [Phase 1]:Default=peer-default force C set [peer-default]:Phase=1 force C set [peer-default]:Configuration=phase1-peer-default force C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES192,192:192-MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192,192:192-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192,192:192-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192,192:192-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192,192:192-MODP_1024]:KEY_LENGTH=192,192:192 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192,192:192-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192,192:192-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES192-MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192-MODP_1024]:KEY_LENGTH=192,192:192 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES192-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-10.0.0.2-to-0.0.0.0/0]:Phase=2 force C set [from-10.0.0.2-to-0.0.0.0/0]:ISAKMP-peer=peer-default force C set [from-10.0.0.2-to-0.0.0.0/0]:Configuration=phase2-from-10.0.0.2-to-0.0.0.0/0 force @@ -51,13 +51,13 @@ C set [phase2-from-10.0.0.2-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.0.0.2-to-0.0.0.0/0]:Suites=phase2-suite-from-10.0.0.2-to-0.0.0.0/0 force C set [phase2-suite-from-10.0.0.2-to-0.0.0.0/0]:Protocols=phase2-protocol-from-10.0.0.2-to-0.0.0.0/0 force C set [phase2-protocol-from-10.0.0.2-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.0.0.2-to-0.0.0.0/0]:Transforms=phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192,192:192-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192,192:192-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192,192:192-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=192,192:192 force -C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192,192:192-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192,192:192-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192,192:192-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192,192:192-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.0.0.2-to-0.0.0.0/0]:Transforms=phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=192,192:192 force +C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.0.0.2-to-0.0.0.0/0-AES192-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.0.0.2]:ID-type=IPV4_ADDR force C set [from-10.0.0.2]:Address=10.0.0.2 force C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force @@ -68,13 +68,13 @@ C set [Phase 1]:Default=peer-default force C set [peer-default]:Phase=1 force C set [peer-default]:Configuration=phase1-peer-default force C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES256,256:256-MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256,256:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256,256:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256,256:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256,256:256-MODP_1024]:KEY_LENGTH=256,256:256 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256,256:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256,256:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES256-MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256-MODP_1024]:KEY_LENGTH=256,256:256 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES256-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-10.0.0.3-to-0.0.0.0/0]:Phase=2 force C set [from-10.0.0.3-to-0.0.0.0/0]:ISAKMP-peer=peer-default force C set [from-10.0.0.3-to-0.0.0.0/0]:Configuration=phase2-from-10.0.0.3-to-0.0.0.0/0 force @@ -84,13 +84,13 @@ C set [phase2-from-10.0.0.3-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.0.0.3-to-0.0.0.0/0]:Suites=phase2-suite-from-10.0.0.3-to-0.0.0.0/0 force C set [phase2-suite-from-10.0.0.3-to-0.0.0.0/0]:Protocols=phase2-protocol-from-10.0.0.3-to-0.0.0.0/0 force C set [phase2-protocol-from-10.0.0.3-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.0.0.3-to-0.0.0.0/0]:Transforms=phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256,256:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256,256:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256,256:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=256,256:256 force -C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256,256:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256,256:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256,256:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256,256:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.0.0.3-to-0.0.0.0/0]:Transforms=phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=256,256:256 force +C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.0.0.3-to-0.0.0.0/0-AES256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.0.0.3]:ID-type=IPV4_ADDR force C set [from-10.0.0.3]:Address=10.0.0.3 force C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force diff --git a/regress/sbin/ipsecctl/ike61.ok b/regress/sbin/ipsecctl/ike61.ok index 0857b1cf06c..85c68a36a36 100644 --- a/regress/sbin/ipsecctl/ike61.ok +++ b/regress/sbin/ipsecctl/ike61.ok @@ -5,13 +5,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-2.2.2.0/24-to-5.5.5.0/24]:Phase=2 force C set [from-2.2.2.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force C set [from-2.2.2.0/24-to-5.5.5.0/24]:Configuration=phase2-from-2.2.2.0/24-to-5.5.5.0/24 force @@ -22,13 +22,13 @@ C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:Suites=phase2-suite-from-2.2.2.0/24-to-5.5.5.0/24 force C set [phase2-suite-from-2.2.2.0/24-to-5.5.5.0/24]:Protocols=phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24 force C set [phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-2.2.2.0/24]:Network=2.2.2.0 force C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force @@ -44,13 +44,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-2.2.2.0/24-to-6.6.6.0/24]:Phase=2 force C set [from-2.2.2.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force C set [from-2.2.2.0/24-to-6.6.6.0/24]:Configuration=phase2-from-2.2.2.0/24-to-6.6.6.0/24 force @@ -61,13 +61,13 @@ C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:Suites=phase2-suite-from-2.2.2.0/24-to-6.6.6.0/24 force C set [phase2-suite-from-2.2.2.0/24-to-6.6.6.0/24]:Protocols=phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24 force C set [phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-2.2.2.0/24]:Network=2.2.2.0 force C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force @@ -83,13 +83,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-2.2.2.0/24-to-7.7.7.0/24]:Phase=2 force C set [from-2.2.2.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force C set [from-2.2.2.0/24-to-7.7.7.0/24]:Configuration=phase2-from-2.2.2.0/24-to-7.7.7.0/24 force @@ -100,13 +100,13 @@ C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:Suites=phase2-suite-from-2.2.2.0/24-to-7.7.7.0/24 force C set [phase2-suite-from-2.2.2.0/24-to-7.7.7.0/24]:Protocols=phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24 force C set [phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-2.2.2.0/24]:Network=2.2.2.0 force C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force @@ -122,13 +122,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3.3.3.0/24-to-5.5.5.0/24]:Phase=2 force C set [from-3.3.3.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force C set [from-3.3.3.0/24-to-5.5.5.0/24]:Configuration=phase2-from-3.3.3.0/24-to-5.5.5.0/24 force @@ -138,13 +138,13 @@ C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:Suites=phase2-suite-from-3.3.3.0/24-to-5.5.5.0/24 force C set [phase2-suite-from-3.3.3.0/24-to-5.5.5.0/24]:Protocols=phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24 force C set [phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-3.3.3.0/24]:Network=3.3.3.0 force C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force @@ -157,13 +157,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3.3.3.0/24-to-6.6.6.0/24]:Phase=2 force C set [from-3.3.3.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force C set [from-3.3.3.0/24-to-6.6.6.0/24]:Configuration=phase2-from-3.3.3.0/24-to-6.6.6.0/24 force @@ -173,13 +173,13 @@ C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:Suites=phase2-suite-from-3.3.3.0/24-to-6.6.6.0/24 force C set [phase2-suite-from-3.3.3.0/24-to-6.6.6.0/24]:Protocols=phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24 force C set [phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-3.3.3.0/24]:Network=3.3.3.0 force C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force @@ -192,13 +192,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3.3.3.0/24-to-7.7.7.0/24]:Phase=2 force C set [from-3.3.3.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force C set [from-3.3.3.0/24-to-7.7.7.0/24]:Configuration=phase2-from-3.3.3.0/24-to-7.7.7.0/24 force @@ -208,13 +208,13 @@ C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:Suites=phase2-suite-from-3.3.3.0/24-to-7.7.7.0/24 force C set [phase2-suite-from-3.3.3.0/24-to-7.7.7.0/24]:Protocols=phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24 force C set [phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-3.3.3.0/24]:Network=3.3.3.0 force C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force @@ -227,13 +227,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-4.4.4.0/24-to-5.5.5.0/24]:Phase=2 force C set [from-4.4.4.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force C set [from-4.4.4.0/24-to-5.5.5.0/24]:Configuration=phase2-from-4.4.4.0/24-to-5.5.5.0/24 force @@ -244,13 +244,13 @@ C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:Suites=phase2-suite-from-4.4.4.0/24-to-5.5.5.0/24 force C set [phase2-suite-from-4.4.4.0/24-to-5.5.5.0/24]:Protocols=phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24 force C set [phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-4.4.4.0/24]:Network=4.4.4.0 force C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force @@ -266,13 +266,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-4.4.4.0/24-to-6.6.6.0/24]:Phase=2 force C set [from-4.4.4.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force C set [from-4.4.4.0/24-to-6.6.6.0/24]:Configuration=phase2-from-4.4.4.0/24-to-6.6.6.0/24 force @@ -283,13 +283,13 @@ C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:Suites=phase2-suite-from-4.4.4.0/24-to-6.6.6.0/24 force C set [phase2-suite-from-4.4.4.0/24-to-6.6.6.0/24]:Protocols=phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24 force C set [phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-4.4.4.0/24]:Network=4.4.4.0 force C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force @@ -305,13 +305,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-4.4.4.0/24-to-7.7.7.0/24]:Phase=2 force C set [from-4.4.4.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force C set [from-4.4.4.0/24-to-7.7.7.0/24]:Configuration=phase2-from-4.4.4.0/24-to-7.7.7.0/24 force @@ -322,13 +322,13 @@ C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:Suites=phase2-suite-from-4.4.4.0/24-to-7.7.7.0/24 force C set [phase2-suite-from-4.4.4.0/24-to-7.7.7.0/24]:Protocols=phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24 force C set [phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-4.4.4.0/24]:Network=4.4.4.0 force C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force @@ -344,13 +344,13 @@ C set [peer-3ffe::51]:Phase=1 force C set [peer-3ffe::51]:Address=3ffe::51 force C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::51]:Transforms=phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::51-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3ffe:1::/64-to-3ffe:2::/64]:Phase=2 force C set [from-3ffe:1::/64-to-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::51 force C set [from-3ffe:1::/64-to-3ffe:2::/64]:Configuration=phase2-from-3ffe:1::/64-to-3ffe:2::/64 force @@ -361,13 +361,13 @@ C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:Suites=phase2-suite-from-3ffe:1::/64-to-3ffe:2::/64 force C set [phase2-suite-from-3ffe:1::/64-to-3ffe:2::/64]:Protocols=phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64 force C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:Transforms=phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3ffe:1::/64-to-3ffe:2::/64]:Transforms=phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3ffe:1::/64-to-3ffe:2::/64-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force C set [from-3ffe:1::/64]:Network=3ffe:1:: force C set [from-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force diff --git a/regress/sbin/ipsecctl/ike62.ok b/regress/sbin/ipsecctl/ike62.ok index a911875e107..d202191a1d1 100644 --- a/regress/sbin/ipsecctl/ike62.ok +++ b/regress/sbin/ipsecctl/ike62.ok @@ -3,13 +3,13 @@ C set [peer-2.2.2.2]:Phase=1 force C set [peer-2.2.2.2]:Address=2.2.2.2 force C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force @@ -19,13 +19,13 @@ C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=phase2-suite-from-1.1.1.1-to-2.2.2.2 force C set [phase2-suite-from-1.1.1.1-to-2.2.2.2]:Protocols=phase2-protocol-from-1.1.1.1-to-2.2.2.2 force C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-1.1.1.1-to-2.2.2.2]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-1.1.1.1-to-2.2.2.2-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-1.1.1.1]:ID-type=IPV4_ADDR force C set [from-1.1.1.1]:Address=1.1.1.1 force C set [to-2.2.2.2]:ID-type=IPV4_ADDR force @@ -35,13 +35,13 @@ C set [Phase 1]:Default=peer-default force C set [peer-default]:Phase=1 force C set [peer-default]:Configuration=phase1-peer-default force C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-3.3.3.3-to-4.4.4.4]:Phase=2 force C set [from-3.3.3.3-to-4.4.4.4]:ISAKMP-peer=peer-default force C set [from-3.3.3.3-to-4.4.4.4]:Configuration=phase2-from-3.3.3.3-to-4.4.4.4 force @@ -51,13 +51,13 @@ C set [phase2-from-3.3.3.3-to-4.4.4.4]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3.3.3.3-to-4.4.4.4]:Suites=phase2-suite-from-3.3.3.3-to-4.4.4.4 force C set [phase2-suite-from-3.3.3.3-to-4.4.4.4]:Protocols=phase2-protocol-from-3.3.3.3-to-4.4.4.4 force C set [phase2-protocol-from-3.3.3.3-to-4.4.4.4]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3.3.3.3-to-4.4.4.4]:Transforms=phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3.3.3.3-to-4.4.4.4]:Transforms=phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3.3.3.3-to-4.4.4.4-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3.3.3.3]:ID-type=IPV4_ADDR force C set [from-3.3.3.3]:Address=3.3.3.3 force C set [to-4.4.4.4]:ID-type=IPV4_ADDR force @@ -68,13 +68,13 @@ C set [peer-9.9.9.9]:Phase=1 force C set [peer-9.9.9.9]:Address=9.9.9.9 force C set [peer-9.9.9.9]:Configuration=phase1-peer-9.9.9.9 force C set [phase1-peer-9.9.9.9]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-9.9.9.9]:Transforms=phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-9.9.9.9]:Transforms=phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-9.9.9.9-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-5.5.5.5-to-6.6.6.6]:Phase=2 force C set [from-5.5.5.5-to-6.6.6.6]:ISAKMP-peer=peer-9.9.9.9 force C set [from-5.5.5.5-to-6.6.6.6]:Configuration=phase2-from-5.5.5.5-to-6.6.6.6 force @@ -84,13 +84,13 @@ C set [phase2-from-5.5.5.5-to-6.6.6.6]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-5.5.5.5-to-6.6.6.6]:Suites=phase2-suite-from-5.5.5.5-to-6.6.6.6 force C set [phase2-suite-from-5.5.5.5-to-6.6.6.6]:Protocols=phase2-protocol-from-5.5.5.5-to-6.6.6.6 force C set [phase2-protocol-from-5.5.5.5-to-6.6.6.6]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-5.5.5.5-to-6.6.6.6]:Transforms=phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-5.5.5.5-to-6.6.6.6]:Transforms=phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-5.5.5.5-to-6.6.6.6-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-5.5.5.5]:ID-type=IPV4_ADDR force C set [from-5.5.5.5]:Address=5.5.5.5 force C set [to-6.6.6.6]:ID-type=IPV4_ADDR force diff --git a/regress/sbin/ipsecctl/ike63.ok b/regress/sbin/ipsecctl/ike63.ok index fbd21f2e585..ea01bbd4519 100644 --- a/regress/sbin/ipsecctl/ike63.ok +++ b/regress/sbin/ipsecctl/ike63.ok @@ -3,13 +3,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [peer-1.1.1.1]:ID=id-2.2.2.2 force C set [id-2.2.2.2]:ID-type=IPV4_ADDR force C set [id-2.2.2.2]:Address=2.2.2.2 force @@ -22,13 +22,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.1.1.0/24]:Network=10.1.1.0 force C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force diff --git a/regress/sbin/ipsecctl/ike64.ok b/regress/sbin/ipsecctl/ike64.ok index 5b27be9d3c8..658ca038101 100644 --- a/regress/sbin/ipsecctl/ike64.ok +++ b/regress/sbin/ipsecctl/ike64.ok @@ -3,13 +3,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [peer-1.1.1.1]:Remote-ID=id-1.1.1.1 force C set [id-1.1.1.1]:ID-type=IPV4_ADDR force C set [id-1.1.1.1]:Address=1.1.1.1 force @@ -22,13 +22,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.1.1.0/24]:Network=10.1.1.0 force C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force diff --git a/regress/sbin/ipsecctl/ike65.ok b/regress/sbin/ipsecctl/ike65.ok index e1f4cedc748..14950ad5b19 100644 --- a/regress/sbin/ipsecctl/ike65.ok +++ b/regress/sbin/ipsecctl/ike65.ok @@ -3,13 +3,13 @@ C set [peer-1.1.1.1]:Phase=1 force C set [peer-1.1.1.1]:Address=1.1.1.1 force C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [peer-1.1.1.1]:ID=id-2.2.2.2 force C set [id-2.2.2.2]:ID-type=IPV4_ADDR force C set [id-2.2.2.2]:Address=2.2.2.2 force @@ -25,13 +25,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.1.1.0/24]:Network=10.1.1.0 force C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force diff --git a/regress/sbin/ipsecctl/ike66.ok b/regress/sbin/ipsecctl/ike66.ok index c1de5e109fd..feec4f32da4 100644 --- a/regress/sbin/ipsecctl/ike66.ok +++ b/regress/sbin/ipsecctl/ike66.ok @@ -3,13 +3,13 @@ C set [peer-3ffe::1]:Phase=1 force C set [peer-3ffe::1]:Address=3ffe::1 force C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [peer-3ffe::1]:ID=id-3ffe::2 force C set [id-3ffe::2]:ID-type=IPV6_ADDR force C set [id-3ffe::2]:Address=3ffe::2 force @@ -22,13 +22,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.1.1.0/24]:Network=10.1.1.0 force C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force diff --git a/regress/sbin/ipsecctl/ike67.ok b/regress/sbin/ipsecctl/ike67.ok index 5c8889a6b9b..74b9890f033 100644 --- a/regress/sbin/ipsecctl/ike67.ok +++ b/regress/sbin/ipsecctl/ike67.ok @@ -3,13 +3,13 @@ C set [peer-3ffe::1]:Phase=1 force C set [peer-3ffe::1]:Address=3ffe::1 force C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [peer-3ffe::1]:Remote-ID=id-3ffe::1 force C set [id-3ffe::1]:ID-type=IPV6_ADDR force C set [id-3ffe::1]:Address=3ffe::1 force @@ -22,13 +22,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.1.1.0/24]:Network=10.1.1.0 force C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force diff --git a/regress/sbin/ipsecctl/ike68.ok b/regress/sbin/ipsecctl/ike68.ok index 704f67791ac..a0242ee4c05 100644 --- a/regress/sbin/ipsecctl/ike68.ok +++ b/regress/sbin/ipsecctl/ike68.ok @@ -3,13 +3,13 @@ C set [peer-3ffe::1]:Phase=1 force C set [peer-3ffe::1]:Address=3ffe::1 force C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-3ffe::1]:Transforms=phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-3ffe::1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [peer-3ffe::1]:ID=id-3ffe::2 force C set [id-3ffe::2]:ID-type=IPV6_ADDR force C set [id-3ffe::2]:Address=3ffe::2 force @@ -25,13 +25,13 @@ C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.1.1.0/24]:Network=10.1.1.0 force C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force diff --git a/regress/sbin/ipsecctl/ike7.ok b/regress/sbin/ipsecctl/ike7.ok index 40409913418..567f2e4f0df 100644 --- a/regress/sbin/ipsecctl/ike7.ok +++ b/regress/sbin/ipsecctl/ike7.ok @@ -3,13 +3,13 @@ C set [peer-131.188.33.51]:Phase=1 force C set [peer-131.188.33.51]:Address=131.188.33.51 force C set [peer-131.188.33.51]:Configuration=phase1-peer-131.188.33.51 force C set [phase1-peer-131.188.33.51]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-131.188.33.51]:Transforms=phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-131.188.33.51]:Transforms=phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-10.1.2.0/24-to-10.1.1.0/24]:Phase=2 force C set [from-10.1.2.0/24-to-10.1.1.0/24]:ISAKMP-peer=peer-131.188.33.51 force C set [from-10.1.2.0/24-to-10.1.1.0/24]:Configuration=phase2-from-10.1.2.0/24-to-10.1.1.0/24 force @@ -19,13 +19,13 @@ C set [phase2-from-10.1.2.0/24-to-10.1.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-10.1.2.0/24-to-10.1.1.0/24]:Suites=phase2-suite-from-10.1.2.0/24-to-10.1.1.0/24 force C set [phase2-suite-from-10.1.2.0/24-to-10.1.1.0/24]:Protocols=phase2-protocol-from-10.1.2.0/24-to-10.1.1.0/24 force C set [phase2-protocol-from-10.1.2.0/24-to-10.1.1.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-10.1.2.0/24-to-10.1.1.0/24]:Transforms=phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-10.1.2.0/24-to-10.1.1.0/24]:Transforms=phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-10.1.2.0/24-to-10.1.1.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-10.1.2.0/24]:Network=10.1.2.0 force C set [from-10.1.2.0/24]:Netmask=255.255.255.0 force @@ -38,13 +38,13 @@ C set [peer-131.188.33.51]:Phase=1 force C set [peer-131.188.33.51]:Address=131.188.33.51 force C set [peer-131.188.33.51]:Configuration=phase1-peer-131.188.33.51 force C set [phase1-peer-131.188.33.51]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-131.188.33.51]:Transforms=phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-131.188.33.51]:Transforms=phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-131.188.33.51-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-131.188.33.29-to-131.188.33.51]:Phase=2 force C set [from-131.188.33.29-to-131.188.33.51]:ISAKMP-peer=peer-131.188.33.51 force C set [from-131.188.33.29-to-131.188.33.51]:Configuration=phase2-from-131.188.33.29-to-131.188.33.51 force @@ -54,13 +54,13 @@ C set [phase2-from-131.188.33.29-to-131.188.33.51]:EXCHANGE_TYPE=QUICK_MODE forc C set [phase2-from-131.188.33.29-to-131.188.33.51]:Suites=phase2-suite-from-131.188.33.29-to-131.188.33.51 force C set [phase2-suite-from-131.188.33.29-to-131.188.33.51]:Protocols=phase2-protocol-from-131.188.33.29-to-131.188.33.51 force C set [phase2-protocol-from-131.188.33.29-to-131.188.33.51]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-131.188.33.29-to-131.188.33.51]:Transforms=phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-131.188.33.29-to-131.188.33.51]:Transforms=phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-131.188.33.29-to-131.188.33.51-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-131.188.33.29]:ID-type=IPV4_ADDR force C set [from-131.188.33.29]:Address=131.188.33.29 force C set [to-131.188.33.51]:ID-type=IPV4_ADDR force diff --git a/regress/sbin/ipsecctl/ike8.ok b/regress/sbin/ipsecctl/ike8.ok index bd0849627ed..c471d476d35 100644 --- a/regress/sbin/ipsecctl/ike8.ok +++ b/regress/sbin/ipsecctl/ike8.ok @@ -3,13 +3,13 @@ C set [peer-192.168.3.1]:Phase=1 force C set [peer-192.168.3.1]:Address=192.168.3.1 force C set [peer-192.168.3.1]:Configuration=phase1-peer-192.168.3.1 force C set [phase1-peer-192.168.3.1]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-192.168.3.1]:Transforms=phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-192.168.3.1]:Transforms=phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-192.168.3.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1 force C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force @@ -19,13 +19,13 @@ C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=phase2-suite-from-1.1.1.1-to-0.0.0.0/0 force C set [phase2-suite-from-1.1.1.1-to-0.0.0.0/0]:Protocols=phase2-protocol-from-1.1.1.1-to-0.0.0.0/0 force C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-1.1.1.1]:ID-type=IPV4_ADDR force C set [from-1.1.1.1]:Address=1.1.1.1 force C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force diff --git a/regress/sbin/ipsecctl/ike9.ok b/regress/sbin/ipsecctl/ike9.ok index 1d6c6209b61..c848b888d8a 100644 --- a/regress/sbin/ipsecctl/ike9.ok +++ b/regress/sbin/ipsecctl/ike9.ok @@ -5,13 +5,13 @@ C set [peer-2.2.2.2]:Phase=1 force C set [peer-2.2.2.2]:Address=2.2.2.2 force C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force -C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force +C add [phase1-peer-2.2.2.2]:Transforms=phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase1-transform-peer-2.2.2.2-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force C set [peer-2.2.2.2]:ID=id-noname.my.domain force C set [id-noname.my.domain]:ID-type=FQDN force C set [id-noname.my.domain]:Name=noname.my.domain force @@ -24,13 +24,13 @@ C set [phase2-from-3.3.3.0/24-to-4.4.4.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-3.3.3.0/24-to-4.4.4.0/24]:Suites=phase2-suite-from-3.3.3.0/24-to-4.4.4.0/24 force C set [phase2-suite-from-3.3.3.0/24-to-4.4.4.0/24]:Protocols=phase2-protocol-from-3.3.3.0/24-to-4.4.4.0/24 force C set [phase2-protocol-from-3.3.3.0/24-to-4.4.4.0/24]:PROTOCOL_ID=IPSEC_ESP force -C set [phase2-protocol-from-3.3.3.0/24-to-4.4.4.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force -C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force -C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force -C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force -C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force -C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force -C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force +C set [phase2-protocol-from-3.3.3.0/24-to-4.4.4.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force +C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force +C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force +C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force +C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force +C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force +C set [phase2-transform-from-3.3.3.0/24-to-4.4.4.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-3.3.3.0/24]:Network=3.3.3.0 force C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force |