diff options
| author | Ryan Riske <ryanriske@gmail.com> | 2014-05-24 15:57:22 -0500 |
|---|---|---|
| committer | Ryan Riske <ryanriske@gmail.com> | 2014-05-24 17:10:31 -0500 |
| commit | c441788f58587c5ecd2de1d988c200a18d5a27f4 (patch) | |
| tree | e8ad66d4727e12b547b1af90c9bda481f6ce66c4 /templates/vpn/ipsec | |
| parent | 86fa605e0f2bd5289e135162fb43afb366eeee64 (diff) | |
| download | vyatta-cfg-vpn-c441788f58587c5ecd2de1d988c200a18d5a27f4.tar.gz vyatta-cfg-vpn-c441788f58587c5ecd2de1d988c200a18d5a27f4.zip | |
Add support for DH groups 14-26
Diffstat (limited to 'templates/vpn/ipsec')
| -rw-r--r-- | templates/vpn/ipsec/esp-group/node.tag/pfs/node.def | 16 | ||||
| -rw-r--r-- | templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def | 19 |
2 files changed, 29 insertions, 6 deletions
diff --git a/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def b/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def index 7185c27..53648a6 100644 --- a/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def +++ b/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def @@ -1,8 +1,18 @@ help: ESP Perfect Forward Secrecy type: txt default: "enable" -syntax:expression: $VAR(@) in "enable", "disable", "dh-group2", "dh-group5"; "must be enable, disable, dh-group2 or dh-group5" +syntax:expression: $VAR(@) in "enable", "disable", "dh-group2", "dh-group5", "dh-group14", "dh-group15", "dh-group16", "dh-group17", "dh-group18", "dh-group19", "dh-group20", "dh-group21", "dh-group25", "dh-group26"; "must be enable, disable, dh-group2, dh-group5, dh-group14, dh-group15, dh-group16, dh-group17, dh-group18, dh-group19, dh-group20, dh-group21, dh-group25 or dh-group26" val_help: enable; Enable PFS. Use ike-group's dh-group (default) -val_help: dh-group2; Enable PFS. Use Diffie-Hellman group 2 -val_help: dh-group5; Enable PFS. Use Diffie-Hellman group 5 +val_help: dh-group2; Enable PFS. Use Diffie-Hellman group 2 (modp1024) +val_help: dh-group5; Enable PFS. Use Diffie-Hellman group 5 (modp1536) +val_help: dh-group14; Enable PFS. Use Diffie-Hellman group 14 (modp2048) +val_help: dh-group15; Enable PFS. Use Diffie-Hellman group 15 (modp3072) +val_help: dh-group16; Enable PFS. Use Diffie-Hellman group 16 (modp4096) +val_help: dh-group17; Enable PFS. Use Diffie-Hellman group 17 (modp6144) +val_help: dh-group18; Enable PFS. Use Diffie-Hellman group 18 (modp8192) +val_help: dh-group19; Enable PFS. Use Diffie-Hellman group 19 (ecp256) +val_help: dh-group20; Enable PFS. Use Diffie-Hellman group 20 (ecp384) +val_help: dh-group21; Enable PFS. Use Diffie-Hellman group 21 (ecp521) +val_help: dh-group25; Enable PFS. Use Diffie-Hellman group 25 (ecp192) +val_help: dh-group26; Enable PFS. Use Diffie-Hellman group 26 (ecp224) val_help: disable; Disable PFS diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def index d7c2fd5..307dc09 100644 --- a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def +++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def @@ -1,5 +1,18 @@ help: Diffie-Hellman (DH) key exchange group type: u32 -syntax:expression: ($VAR(@) == 2 || $VAR(@) == 5); "must be 2 or 5" -val_help: 2; DH group 2 -val_help: 5; DH group 5 +syntax:expression: ($VAR(@) == 2 || $VAR(@) == 5 || ($VAR(@) >= 14 && $VAR(@) <= 26)); "must be 2, 5 or 14 through 26" +val_help: 2; DH group 2 (modp1024) +val_help: 5; DH group 5 (modp1536) +val_help: 14; DH group 14 (modp2048) +val_help: 15; DH group 15 (modp3072) +val_help: 16; DH group 16 (modp4096) +val_help: 17; DH group 17 (modp6144) +val_help: 18; DH group 18 (modp8192) +val_help: 19; DH group 19 (ecp256) +val_help: 20; DH group 20 (ecp384) +val_help: 21; DH group 21 (ecp521) +val_help: 22; DH group 22 (modp1024s160) +val_help: 23; DH group 23 (modp2048s224) +val_help: 24; DH group 24 (modp2048s256) +val_help: 25; DH group 25 (ecp192) +val_help: 26; DH group 26 (ecp224) |