Fix Bug 5087 add support to specify PFS group when PFS is enabled

author: Mohit Mehta <mohit.mehta@vyatta.com> 2010-03-18 14:50:00 -0700
committer: Mohit Mehta <mohit.mehta@vyatta.com> 2010-03-18 14:50:00 -0700
commit: 4f4b9bab6eb7a9ff817a04ca2c61c3cfbe60fadb (patch)
tree: 84153d215d2eb392c5b686466b01a38cf879ac5c /scripts/vpn-config.pl
parent: 494766535604195a29b7e8228238c4b11bac2097 (diff)
download: vyatta-cfg-vpn-4f4b9bab6eb7a9ff817a04ca2c61c3cfbe60fadb.tar.gz
vyatta-cfg-vpn-4f4b9bab6eb7a9ff817a04ca2c61c3cfbe60fadb.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl
index 370c62c..58b4c1d 100755
--- a/scripts/vpn-config.pl
+++ b/scripts/vpn-config.pl
@@ -818,6 +818,12 @@ if ( $vcVPN->exists('ipsec') ) {
         if ( defined($pfs) ) {
           if ( $pfs eq 'enable' ) {
             $genout .= "\tpfs=yes\n";
+          } elsif ( $pfs eq 'dh-group2' ) {
+            $genout .= "\tpfs=yes\n";
+            $genout .= "\tpfsgroup=modp1024\n";
+          } elsif ( $pfs eq 'dh-group5' ) {
+            $genout .= "\tpfs=yes\n";
+            $genout .= "\tpfsgroup=modp1536\n";
           } else {
             $genout .= "\tpfs=no\n";
           }
author	Mohit Mehta <mohit.mehta@vyatta.com>	2010-03-18 14:50:00 -0700
committer	Mohit Mehta <mohit.mehta@vyatta.com>	2010-03-18 14:50:00 -0700
commit	4f4b9bab6eb7a9ff817a04ca2c61c3cfbe60fadb (patch)
tree	84153d215d2eb392c5b686466b01a38cf879ac5c /scripts/vpn-config.pl
parent	494766535604195a29b7e8228238c4b11bac2097 (diff)
download	vyatta-cfg-vpn-4f4b9bab6eb7a9ff817a04ca2c61c3cfbe60fadb.tar.gz vyatta-cfg-vpn-4f4b9bab6eb7a9ff817a04ca2c61c3cfbe60fadb.zip