summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2020-07-30 21:57:28 +0700
committerGitHub <noreply@github.com>2020-07-30 21:57:28 +0700
commit66a3c73455d80adc920d4120fb31a9b0070b4158 (patch)
treec0cbb5136755894d3048a7b6c54522a06fab4b67
parent9b27f7fd624a69a242f84f73a8b085587fb18d0b (diff)
parentc56ddd91ac9a99bb410c872a4d777e962c08f36d (diff)
downloadvyatta-cfg-vpn-66a3c73455d80adc920d4120fb31a9b0070b4158.tar.gz
vyatta-cfg-vpn-66a3c73455d80adc920d4120fb31a9b0070b4158.zip
Merge pull request #34 from zdc/T2701
ESP: T2701: Fixed "pfs enable" option usage
Diffstat
-rwxr-xr-xscripts/vpn-config.pl4
1 files changed, 3 insertions, 1 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl
index 7f51fc1..582e3a7 100755
--- a/scripts/vpn-config.pl
+++ b/scripts/vpn-config.pl
@@ -868,8 +868,10 @@ if ($vcVPN->exists('ipsec')) {
}
if (defined($pfs)) {
if ($pfs eq 'enable') {
+ # Get list of IKE proposals
+ my @ike_proposals = $vcVPN->listNodes("ipsec ike-group $ike_group proposal");
# Get the first IKE group's dh-group and use that as our PFS setting
- my $default_pfs = $vcVPN->returnValue("ipsec ike-group $ike_group proposal 1 dh-group");
+ my $default_pfs = $vcVPN->returnValue("ipsec ike-group $ike_group proposal $ike_proposals[0] dh-group");
$pfs = get_dh_cipher_result($default_pfs);
} elsif ($pfs eq 'disable') {
undef $pfs;
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-19 08:20:22 +0000