Slightly alter aggressive mode selection logic

If the user defines main mode, the config script will always enable
aggressive mode. Fix the logic to correctly disable aggressive mode
when main mode is asked for in IKEv1 connections.

1 files changed, 4 insertions, 1 deletions

diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl
index 613f40f..41e2a35 100755
--- a/scripts/vpn-config.pl
+++ b/scripts/vpn-config.pl
@@ -813,8 +813,11 @@ if ($vcVPN->exists('ipsec')) {
                 if (defined($aggressive_mode)) {
                   if (defined($key_exchange) && $key_exchange eq 'ikev2') {
                     vpn_die(["vpn","ipsec","ike-group", $ike_group, "mode"], "$vpn_cfg_err Selection of Main/Aggressive modes is only valid for IKEv1 configurations");
-                  } else {
+                  } 
+                  if ($aggressive_mode eq 'aggressive') {
                     $genout .= "\taggressive=yes\n";
+                  } else {
+                    $genout .= "\taggressive=no\n";
                   }
                 }
                 my $t_ikelifetime =$vcVPN->returnValue("ipsec ike-group $ike_group lifetime");