diff options
author | Chia-chi Yeh <chiachi@android.com> | 2011-07-13 18:07:54 -0700 |
---|---|---|
committer | Chia-chi Yeh <chiachi@android.com> | 2011-07-13 18:07:54 -0700 |
commit | f82b8262b2f1f72a4361878acfa07161bed78f9a (patch) | |
tree | c17e3fa0af4db4e713aee5507a6901c4b47a7fce | |
parent | 12f449335c62c731f6eb33db7e27ce331f423f71 (diff) | |
download | ipsec-tools-f82b8262b2f1f72a4361878acfa07161bed78f9a.tar.gz |
ipsec-tools: update parameters to provide more secured connections.
Change-Id: I6cd6e31810bfad16bc15b83ba49647fd96ba9794
-rw-r--r-- | setup.c | 17 |
1 files changed, 11 insertions, 6 deletions
@@ -143,9 +143,10 @@ static void set_globals(char *interfaze, char *server) sainfo.lifebyte = IPSECDOI_ATTR_SA_LD_KB_MAX; add_sainfo_algorithm(algclass_ipsec_auth, IPSECDOI_ATTR_AUTH_HMAC_SHA1, 0); add_sainfo_algorithm(algclass_ipsec_auth, IPSECDOI_ATTR_AUTH_HMAC_MD5, 0); + add_sainfo_algorithm(algclass_ipsec_enc, IPSECDOI_ESP_AES, 256); + add_sainfo_algorithm(algclass_ipsec_enc, IPSECDOI_ESP_AES, 128); add_sainfo_algorithm(algclass_ipsec_enc, IPSECDOI_ESP_3DES, 0); add_sainfo_algorithm(algclass_ipsec_enc, IPSECDOI_ESP_DES, 0); - add_sainfo_algorithm(algclass_ipsec_enc, IPSECDOI_ESP_AES, 128); } /*****************************************************************************/ @@ -377,7 +378,7 @@ void setup(int argc, char **argv) remoteconf->etypes = racoon_calloc(1, sizeof(struct etypes)); remoteconf->etypes->type = ISAKMP_ETYPE_IDENT; remoteconf->ike_frag = TRUE; - remoteconf->pcheck_level = PROP_CHECK_OBEY; + remoteconf->pcheck_level = PROP_CHECK_CLAIM; remoteconf->gen_policy = TRUE; remoteconf->nat_traversal = TRUE; remoteconf->remote = dupsaddr(targets[0]); @@ -436,6 +437,14 @@ void setup(int argc, char **argv) /* Add proposals. */ add_proposal(remoteconf, auth, + OAKLEY_ATTR_HASH_ALG_SHA, OAKLEY_ATTR_ENC_ALG_AES, 256); + add_proposal(remoteconf, auth, + OAKLEY_ATTR_HASH_ALG_MD5, OAKLEY_ATTR_ENC_ALG_AES, 256); + add_proposal(remoteconf, auth, + OAKLEY_ATTR_HASH_ALG_SHA, OAKLEY_ATTR_ENC_ALG_AES, 128); + add_proposal(remoteconf, auth, + OAKLEY_ATTR_HASH_ALG_MD5, OAKLEY_ATTR_ENC_ALG_AES, 128); + add_proposal(remoteconf, auth, OAKLEY_ATTR_HASH_ALG_SHA, OAKLEY_ATTR_ENC_ALG_3DES, 0); add_proposal(remoteconf, auth, OAKLEY_ATTR_HASH_ALG_MD5, OAKLEY_ATTR_ENC_ALG_3DES, 0); @@ -443,10 +452,6 @@ void setup(int argc, char **argv) OAKLEY_ATTR_HASH_ALG_SHA, OAKLEY_ATTR_ENC_ALG_DES, 0); add_proposal(remoteconf, auth, OAKLEY_ATTR_HASH_ALG_MD5, OAKLEY_ATTR_ENC_ALG_DES, 0); - add_proposal(remoteconf, auth, - OAKLEY_ATTR_HASH_ALG_SHA, OAKLEY_ATTR_ENC_ALG_AES, 128); - add_proposal(remoteconf, auth, - OAKLEY_ATTR_HASH_ALG_MD5, OAKLEY_ATTR_ENC_ALG_AES, 128); /* Install remote configuration. */ insrmconf(remoteconf); |