From c5bf01d089278cbc07b24a35a183d63ab0684362 Mon Sep 17 00:00:00 2001 From: 7u83 <7u83@mail.ru> Date: Wed, 28 Feb 2018 19:49:56 +0100 Subject: [PATCH] multiple encryption and hash algos for p2 --- templates/racoon/racoon.conf.erb | 5 +++-- templates/strongswan/ipsec.conf.tunnel.erb | 5 ++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/templates/racoon/racoon.conf.erb b/templates/racoon/racoon.conf.erb index 0630e49..8806206 100644 --- a/templates/racoon/racoon.conf.erb +++ b/templates/racoon/racoon.conf.erb @@ -25,8 +25,9 @@ remote <%= @remote_ip %> { sainfo address <%= net['local'] %> <%= @netproto %> address <%= net['remote'] %> <%= @netproto %> { pfs_group <%= @pfs_group %>; - encryption_algorithm <%= @saencryption %>; - authentication_algorithm hmac_<%= @p2hash %>; + encryption_algorithm <%= @saencryption.join(",") %>; + <%- @komma="" -%> + authentication_algorithm <%- @p2hash.each do |hmalgo| -%><%=@komma -%>hmac_<%= hmalgo -%> <%- @komma=',' -%> <%- end -%>; compression_algorithm deflate; lifetime time <%= @salifetime %>; } diff --git a/templates/strongswan/ipsec.conf.tunnel.erb b/templates/strongswan/ipsec.conf.tunnel.erb index 81a984c..c162cf7 100644 --- a/templates/strongswan/ipsec.conf.tunnel.erb +++ b/templates/strongswan/ipsec.conf.tunnel.erb @@ -10,7 +10,10 @@ conn "<%= @title %>" right=<%= @remote_ip %> rightsubnet=<%= net['remote'] %> ike=<%= @encryption %>-<%= @hash %>-<%= @dh_group %> - esp=<%= @saencryption %>-<%= @p2hash %>-<%= @pfs_group %> + <%- @komma='' -%> + esp= <%- @saencryption.each do |saenc| -%> <%- @p2hash.each do |p2h| -%><%= @komma -%><%= saenc %>-<%= p2h %>-<%= @pfs_group -%> <%- @komma=',' %><%- end -%> <%- end -%> + + auto=start authby=secret keyexchange=ikev1