Use more sensible transforms in example config.

diff --git a/sbin/iked/iked.conf.5 b/sbin/iked/iked.conf.5
index dd89bef..a584060 100644 (file)
--- a/sbin/iked/iked.conf.5
+++ b/sbin/iked/iked.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: iked.conf.5,v 1.89 2021/11/05 22:51:56 tobhe Exp $
+.\" $OpenBSD: iked.conf.5,v 1.90 2021/11/09 22:38:25 tobhe Exp $
 .\"
 .\" Copyright (c) 2010 - 2014 Reyk Floeter <reyk@openbsd.org>
 .\" Copyright (c) 2004 Mathieu Sauve-Frankel  All rights reserved.
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: November 5 2021 $
+.Dd $Mdocdate: November 9 2021 $
 .Dt IKED.CONF 5
 .Os
 .Sh NAME
@@ -1071,13 +1071,13 @@ ikev2 "big test" \e
        from 192.168.1.1 to 192.168.2.2 \e
        peer any local any \e
        ikesa \e
-               enc 3des auth hmac-sha2-256 \e
-               group ecp256 group modp1024 \e
+               enc aes-128-gcm \e
+               group ecp256 group curve25519 \e
        ikesa \e
-               enc 3des auth hmac-sha1 \e
-               group ecp256 group modp1024 \e
-       childsa enc aes-128 auth hmac-sha2-256 \e
-       childsa enc aes-128 auth hmac-sha1 \e
+               enc aes-128 auth hmac-sha2-256 \e
+               group ecp256 group curve25519 \e
+       childsa enc aes-128-gcm \e
+       childsa enc aes-128 auth hmac-sha2-256  \e
        srcid host.example.com \e
        dstid 192.168.0.254 \e
        psk "foobar"