diff options
author | aapostoliuk <a.apostoliuk@vyos.io> | 2023-03-13 12:45:30 +0200 |
---|---|---|
committer | aapostoliuk <a.apostoliuk@vyos.io> | 2023-03-14 11:10:21 +0200 |
commit | b6b1887c063438cd8981031f0a3326db2f0f32cf (patch) | |
tree | 25575b15818be38b34514b7529efd48b4e7a4276 /scripts/vpn-config.pl | |
parent | 73319ed73e3072f07552c3c7a9866e74a2f8c91a (diff) | |
download | vyatta-cfg-vpn-b6b1887c063438cd8981031f0a3326db2f0f32cf.tar.gz vyatta-cfg-vpn-b6b1887c063438cd8981031f0a3326db2f0f32cf.zip |
ipsec: T4925: Added PRF into IKE group
Added the possibility to configure Pseudo-Random Functions (PRF) in IKE group
set vpn ipsec ike-group <Ike-grp> proposal <number> prf <PRF>
Backport from 1.4
Diffstat (limited to 'scripts/vpn-config.pl')
-rwxr-xr-x | scripts/vpn-config.pl | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index b0aae42..c7e72dc 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -683,6 +683,7 @@ if ($vcVPN->exists('ipsec')) { my $encryption = $vcVPN->returnValue("ipsec ike-group $ike_group proposal $ike_proposal encryption"); my $hash = $vcVPN->returnValue("ipsec ike-group $ike_group proposal $ike_proposal hash"); my $dh_group = $vcVPN->returnValue("ipsec ike-group $ike_group proposal $ike_proposal dh-group"); + my $prf = $vcVPN->returnValue("ipsec ike-group $ike_group proposal $ike_proposal prf"); # # Write separator if not first proposal @@ -698,6 +699,9 @@ if ($vcVPN->exists('ipsec')) { # if (defined($encryption) && defined($hash)) { $genout .= "$encryption-$hash"; + if (defined($prf) && $prf ne "") { + $genout .= "-$prf"; + } if (defined($dh_group)) { my $cipher_out = get_dh_cipher_result($dh_group); if ($cipher_out eq 'unknown') { |