diff options
| author | Daniil Baturin <daniil@vyos.io> | 2023-03-16 14:09:57 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-16 14:09:57 +0000 |
| commit | cbf85a93a98302dd2a536de0188f66c7c1254c40 (patch) | |
| tree | 25575b15818be38b34514b7529efd48b4e7a4276 | |
| parent | 73319ed73e3072f07552c3c7a9866e74a2f8c91a (diff) | |
| parent | b6b1887c063438cd8981031f0a3326db2f0f32cf (diff) | |
| download | vyatta-cfg-vpn-cbf85a93a98302dd2a536de0188f66c7c1254c40.tar.gz vyatta-cfg-vpn-cbf85a93a98302dd2a536de0188f66c7c1254c40.zip | |
Merge pull request #57 from aapostoliuk/T4925-equuleus1.3.3-epa11.3.3
ipsec: T4925: Added PRF into IKE group
| -rwxr-xr-x | scripts/vpn-config.pl | 4 | ||||
| -rw-r--r-- | templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/prf/node.def | 11 |
2 files changed, 15 insertions, 0 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index b0aae42..c7e72dc 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -683,6 +683,7 @@ if ($vcVPN->exists('ipsec')) { my $encryption = $vcVPN->returnValue("ipsec ike-group $ike_group proposal $ike_proposal encryption"); my $hash = $vcVPN->returnValue("ipsec ike-group $ike_group proposal $ike_proposal hash"); my $dh_group = $vcVPN->returnValue("ipsec ike-group $ike_group proposal $ike_proposal dh-group"); + my $prf = $vcVPN->returnValue("ipsec ike-group $ike_group proposal $ike_proposal prf"); # # Write separator if not first proposal @@ -698,6 +699,9 @@ if ($vcVPN->exists('ipsec')) { # if (defined($encryption) && defined($hash)) { $genout .= "$encryption-$hash"; + if (defined($prf) && $prf ne "") { + $genout .= "-$prf"; + } if (defined($dh_group)) { my $cipher_out = get_dh_cipher_result($dh_group); if ($cipher_out eq 'unknown') { diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/prf/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/prf/node.def new file mode 100644 index 0000000..6689d3d --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/prf/node.def @@ -0,0 +1,11 @@ +help: Pseudo-Random Function +type: txt +allowed: echo "prfmd5 prfsha1 prfaesxcbc prfaescmac prfsha256 prfsha384 prfsha512" +syntax:expression: $VAR(@) in "prfmd5", "prfsha1", "prfsha256", "prfsha384", "prfsha512", "prfaesxcbc", "prfaescmac"; "Wrong Pseudo-Random Function" +val_help: prfmd5; MD5 PRF +val_help: prfsha1; SHA1 PRF +val_help: prfsha256; SHA2_256 PRF +val_help: prfsha384; SHA2_384 PRF +val_help: prfsha512; SHA2_512 PRF +val_help: prfaesxcbc; AES XCBC PRF +val_help: prfaescmac; AES CMAC PRF |