summaryrefslogtreecommitdiff
path: root/regress/sbin/ipsecctl/ike12.ok
diff options
context:
space:
mode:
Diffstat (limited to 'regress/sbin/ipsecctl/ike12.ok')
-rw-r--r--regress/sbin/ipsecctl/ike12.ok57
1 files changed, 51 insertions, 6 deletions
diff --git a/regress/sbin/ipsecctl/ike12.ok b/regress/sbin/ipsecctl/ike12.ok
index 2d00da756cf..1dc863e0829 100644
--- a/regress/sbin/ipsecctl/ike12.ok
+++ b/regress/sbin/ipsecctl/ike12.ok
@@ -4,14 +4,29 @@ C set [peer-5.5.5.5]:Phase=1 force
C set [peer-5.5.5.5]:Address=5.5.5.5 force
C set [peer-5.5.5.5]:Configuration=phase1-peer-5.5.5.5 force
C set [phase1-peer-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-5.5.5.5]:Transforms=AES-SHA-RSA_SIG force
+C add [phase1-peer-5.5.5.5]:Transforms=phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-2.2.2.0/24]:Phase=2 force
C set [from-1.1.1.1-to-2.2.2.0/24]:ISAKMP-peer=peer-5.5.5.5 force
C set [from-1.1.1.1-to-2.2.2.0/24]:Configuration=phase2-from-1.1.1.1-to-2.2.2.0/24 force
C set [from-1.1.1.1-to-2.2.2.0/24]:Local-ID=from-1.1.1.1 force
C set [from-1.1.1.1-to-2.2.2.0/24]:Remote-ID=to-2.2.2.0/24 force
C set [phase2-from-1.1.1.1-to-2.2.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [phase2-from-1.1.1.1-to-2.2.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [phase2-from-1.1.1.1-to-2.2.2.0/24]:Suites=phase2-suite-from-1.1.1.1-to-2.2.2.0/24 force
+C set [phase2-suite-from-1.1.1.1-to-2.2.2.0/24]:Protocols=phase2-protocol-from-1.1.1.1-to-2.2.2.0/24 force
+C set [phase2-protocol-from-1.1.1.1-to-2.2.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
+C set [phase2-protocol-from-1.1.1.1-to-2.2.2.0/24]:Transforms=phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1-to-2.2.2.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
@@ -23,14 +38,29 @@ C set [peer-5.5.5.5]:Phase=1 force
C set [peer-5.5.5.5]:Address=5.5.5.5 force
C set [peer-5.5.5.5]:Configuration=phase1-peer-5.5.5.5 force
C set [phase1-peer-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-5.5.5.5]:Transforms=AES-SHA-RSA_SIG force
+C add [phase1-peer-5.5.5.5]:Transforms=phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-3.3.3.0/24]:Phase=2 force
C set [from-1.1.1.1-to-3.3.3.0/24]:ISAKMP-peer=peer-5.5.5.5 force
C set [from-1.1.1.1-to-3.3.3.0/24]:Configuration=phase2-from-1.1.1.1-to-3.3.3.0/24 force
C set [from-1.1.1.1-to-3.3.3.0/24]:Local-ID=from-1.1.1.1 force
C set [from-1.1.1.1-to-3.3.3.0/24]:Remote-ID=to-3.3.3.0/24 force
C set [phase2-from-1.1.1.1-to-3.3.3.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [phase2-from-1.1.1.1-to-3.3.3.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [phase2-from-1.1.1.1-to-3.3.3.0/24]:Suites=phase2-suite-from-1.1.1.1-to-3.3.3.0/24 force
+C set [phase2-suite-from-1.1.1.1-to-3.3.3.0/24]:Protocols=phase2-protocol-from-1.1.1.1-to-3.3.3.0/24 force
+C set [phase2-protocol-from-1.1.1.1-to-3.3.3.0/24]:PROTOCOL_ID=IPSEC_ESP force
+C set [phase2-protocol-from-1.1.1.1-to-3.3.3.0/24]:Transforms=phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1-to-3.3.3.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
@@ -42,14 +72,29 @@ C set [peer-5.5.5.5]:Phase=1 force
C set [peer-5.5.5.5]:Address=5.5.5.5 force
C set [peer-5.5.5.5]:Configuration=phase1-peer-5.5.5.5 force
C set [phase1-peer-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-5.5.5.5]:Transforms=AES-SHA-RSA_SIG force
+C add [phase1-peer-5.5.5.5]:Transforms=phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024 force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase1-transform-peer-5.5.5.5-RSA_SIG-SHA-AES128,128:256-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-4.4.4.0/24]:Phase=2 force
C set [from-1.1.1.1-to-4.4.4.0/24]:ISAKMP-peer=peer-5.5.5.5 force
C set [from-1.1.1.1-to-4.4.4.0/24]:Configuration=phase2-from-1.1.1.1-to-4.4.4.0/24 force
C set [from-1.1.1.1-to-4.4.4.0/24]:Local-ID=from-1.1.1.1 force
C set [from-1.1.1.1-to-4.4.4.0/24]:Remote-ID=to-4.4.4.0/24 force
C set [phase2-from-1.1.1.1-to-4.4.4.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [phase2-from-1.1.1.1-to-4.4.4.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [phase2-from-1.1.1.1-to-4.4.4.0/24]:Suites=phase2-suite-from-1.1.1.1-to-4.4.4.0/24 force
+C set [phase2-suite-from-1.1.1.1-to-4.4.4.0/24]:Protocols=phase2-protocol-from-1.1.1.1-to-4.4.4.0/24 force
+C set [phase2-protocol-from-1.1.1.1-to-4.4.4.0/24]:PROTOCOL_ID=IPSEC_ESP force
+C set [phase2-protocol-from-1.1.1.1-to-4.4.4.0/24]:Transforms=phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
+C set [phase2-transform-from-1.1.1.1-to-4.4.4.0/24-AES128,128:256-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-21 04:28:37 +0000