diff options
| author | Jeff Leung <jleung@v10networks.ca> | 2015-01-27 00:51:46 -0800 |
|---|---|---|
| committer | Jeff Leung <jleung@v10networks.ca> | 2015-01-27 01:27:02 -0800 |
| commit | 9d20c1dc27d91e362e79221dd773dd9418d5af99 (patch) | |
| tree | c342ee3359e6e6aab488f295d194dd0d6bfe6078 /scripts/vpn-config.pl | |
| parent | d1618604bde40ae38ba3b587e655f16948212917 (diff) | |
| download | vyatta-cfg-vpn-9d20c1dc27d91e362e79221dd773dd9418d5af99.tar.gz vyatta-cfg-vpn-9d20c1dc27d91e362e79221dd773dd9418d5af99.zip | |
Removing pfs and pfsgroup parameter generation
In strongSwan 5.0.0 and later series, pfs= and pfsgroup= parameters have
now been removed.
Diffstat (limited to 'scripts/vpn-config.pl')
| -rwxr-xr-x | scripts/vpn-config.pl | 57 |
1 files changed, 0 insertions, 57 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index dfc9e97..725f945 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -940,63 +940,6 @@ if ($vcVPN->exists('ipsec')) { $genout .= "\ttype=$espmode\n"; # - # Perfect Forward Secrecy - # - my $pfs = $vcVPN->returnValue("ipsec esp-group $esp_group pfs"); - if (defined($pfs)) { - if ($pfs eq 'enable') { - $genout .= "\tpfs=yes\n"; - } elsif ($pfs eq 'dh-group2') { - $genout .= "\tpfs=yes\n"; - $genout .= "\tpfsgroup=modp1024\n"; - } elsif ($pfs eq 'dh-group5') { - $genout .= "\tpfs=yes\n"; - $genout .= "\tpfsgroup=modp1536\n"; - } elsif ($pfs eq 'dh-group14') { - $genout .= "\tpfs=yes\n"; - $genout .= "\tpfsgroup=modp2048\n"; - } elsif ($pfs eq 'dh-group15') { - $genout .= "\tpfs=yes\n"; - $genout .= "\tpfsgroup=modp3072\n"; - } elsif ($pfs eq 'dh-group16') { - $genout .= "\tpfs=yes\n"; - $genout .= "\tpfsgroup=modp4096\n"; - } elsif ($pfs eq 'dh-group17') { - $genout .= "\tpfs=yes\n"; - $genout .= "\tpfsgroup=modp6144\n"; - } elsif ($pfs eq 'dh-group18') { - $genout .= "\tpfs=yes\n"; - $genout .= "\tpfsgroup=modp8192\n"; - } elsif ($pfs eq 'dh-group19') { - $genout .= "\tpfs=yes\n"; - $genout .= "\tpfsgroup=ecp256\n"; - } elsif ($pfs eq 'dh-group20') { - $genout .= "\tpfs=yes\n"; - $genout .= "\tpfsgroup=ecp384\n"; - } elsif ($pfs eq 'dh-group21') { - $genout .= "\tpfs=yes\n"; - $genout .= "\tpfsgroup=ecp521\n"; - } elsif ($pfs eq 'dh-group22') { - $genout .= "\tpfs=yes\n"; - $genout .= "\tpfsgroup=modp1024s160\n"; - } elsif ($pfs eq 'dh-group23') { - $genout .= "\tpfs=yes\n"; - $genout .= "\tpfsgroup=modp2048s224\n"; - } elsif ($pfs eq 'dh-group24') { - $genout .= "\tpfs=yes\n"; - $genout .= "\tpfsgroup=modp2048s256\n"; - } elsif ($pfs eq 'dh-group25') { - $genout .= "\tpfs=yes\n"; - $genout .= "\tpfsgroup=ecp192\n"; - } elsif ($pfs eq 'dh-group26') { - $genout .= "\tpfs=yes\n"; - $genout .= "\tpfsgroup=ecp224\n"; - } else { - $genout .= "\tpfs=no\n"; - } - } - - # # Compression # my $compression =$vcVPN->returnValue("ipsec esp-group $esp_group compression"); |