ipsec-tools: update parameters to provide more secured connections.

Change-Id: I6cd6e31810bfad16bc15b83ba49647fd96ba9794
author: Chia-chi Yeh <chiachi@android.com> 2011-07-13 18:07:54 -0700
committer: Chia-chi Yeh <chiachi@android.com> 2011-07-13 18:07:54 -0700
commit: f82b8262b2f1f72a4361878acfa07161bed78f9a (patch)
tree: c17e3fa0af4db4e713aee5507a6901c4b47a7fce
parent: 12f449335c62c731f6eb33db7e27ce331f423f71 (diff)
download: ipsec-tools-f82b8262b2f1f72a4361878acfa07161bed78f9a.tar.gz
1 files changed, 11 insertions, 6 deletions
diff --git a/setup.c b/setup.c
index 2aa0427..4d11e8c 100644
--- a/setup.c
+++ b/setup.c
@@ -143,9 +143,10 @@ static void set_globals(char *interfaze, char *server)
     sainfo.lifebyte = IPSECDOI_ATTR_SA_LD_KB_MAX;
     add_sainfo_algorithm(algclass_ipsec_auth, IPSECDOI_ATTR_AUTH_HMAC_SHA1, 0);
     add_sainfo_algorithm(algclass_ipsec_auth, IPSECDOI_ATTR_AUTH_HMAC_MD5, 0);
+    add_sainfo_algorithm(algclass_ipsec_enc, IPSECDOI_ESP_AES, 256);
+    add_sainfo_algorithm(algclass_ipsec_enc, IPSECDOI_ESP_AES, 128);
     add_sainfo_algorithm(algclass_ipsec_enc, IPSECDOI_ESP_3DES, 0);
     add_sainfo_algorithm(algclass_ipsec_enc, IPSECDOI_ESP_DES, 0);
-    add_sainfo_algorithm(algclass_ipsec_enc, IPSECDOI_ESP_AES, 128);
 }
 
 /*****************************************************************************/
@@ -377,7 +378,7 @@ void setup(int argc, char **argv)
         remoteconf->etypes = racoon_calloc(1, sizeof(struct etypes));
         remoteconf->etypes->type = ISAKMP_ETYPE_IDENT;
         remoteconf->ike_frag = TRUE;
-        remoteconf->pcheck_level = PROP_CHECK_OBEY;
+        remoteconf->pcheck_level = PROP_CHECK_CLAIM;
         remoteconf->gen_policy = TRUE;
         remoteconf->nat_traversal = TRUE;
         remoteconf->remote = dupsaddr(targets[0]);
@@ -436,6 +437,14 @@ void setup(int argc, char **argv)
 
     /* Add proposals. */
     add_proposal(remoteconf, auth,
+            OAKLEY_ATTR_HASH_ALG_SHA, OAKLEY_ATTR_ENC_ALG_AES, 256);
+    add_proposal(remoteconf, auth,
+            OAKLEY_ATTR_HASH_ALG_MD5, OAKLEY_ATTR_ENC_ALG_AES, 256);
+    add_proposal(remoteconf, auth,
+            OAKLEY_ATTR_HASH_ALG_SHA, OAKLEY_ATTR_ENC_ALG_AES, 128);
+    add_proposal(remoteconf, auth,
+            OAKLEY_ATTR_HASH_ALG_MD5, OAKLEY_ATTR_ENC_ALG_AES, 128);
+    add_proposal(remoteconf, auth,
             OAKLEY_ATTR_HASH_ALG_SHA, OAKLEY_ATTR_ENC_ALG_3DES, 0);
     add_proposal(remoteconf, auth,
             OAKLEY_ATTR_HASH_ALG_MD5, OAKLEY_ATTR_ENC_ALG_3DES, 0);
@@ -443,10 +452,6 @@ void setup(int argc, char **argv)
             OAKLEY_ATTR_HASH_ALG_SHA, OAKLEY_ATTR_ENC_ALG_DES, 0);
     add_proposal(remoteconf, auth,
             OAKLEY_ATTR_HASH_ALG_MD5, OAKLEY_ATTR_ENC_ALG_DES, 0);
-    add_proposal(remoteconf, auth,
-            OAKLEY_ATTR_HASH_ALG_SHA, OAKLEY_ATTR_ENC_ALG_AES, 128);
-    add_proposal(remoteconf, auth,
-            OAKLEY_ATTR_HASH_ALG_MD5, OAKLEY_ATTR_ENC_ALG_AES, 128);
 
     /* Install remote configuration. */
     insrmconf(remoteconf);
author	Chia-chi Yeh <chiachi@android.com>	2011-07-13 18:07:54 -0700
committer	Chia-chi Yeh <chiachi@android.com>	2011-07-13 18:07:54 -0700
commit	f82b8262b2f1f72a4361878acfa07161bed78f9a (patch)
tree	c17e3fa0af4db4e713aee5507a6901c4b47a7fce
parent	12f449335c62c731f6eb33db7e27ce331f423f71 (diff)
download	ipsec-tools-f82b8262b2f1f72a4361878acfa07161bed78f9a.tar.gz