diff options
author | Jeff Leung <jleung@v10networks.ca> | 2015-02-07 03:53:20 +0000 |
---|---|---|
committer | Jeff Leung <jleung@v10networks.ca> | 2015-02-07 03:53:20 +0000 |
commit | 82c41cedf5a295ebd2ad28700c4c9a5c9b5a91d3 (patch) | |
tree | eb5386bd663dbee14be331beb6cec145cf040631 /templates/vpn | |
parent | 91f54b8d8ca8565371006beb38e978c726192188 (diff) | |
download | vyatta-cfg-vpn-82c41cedf5a295ebd2ad28700c4c9a5c9b5a91d3.tar.gz vyatta-cfg-vpn-82c41cedf5a295ebd2ad28700c4c9a5c9b5a91d3.zip |
Remove the default value in ipsec ike-group $name mode
Setting this to a default value breaks ikev2 configurations since
aggressive mode is only applicable for ikev1 tunnels
Diffstat (limited to 'templates/vpn')
-rw-r--r-- | templates/vpn/ipsec/ike-group/node.tag/mode/node.def | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/templates/vpn/ipsec/ike-group/node.tag/mode/node.def b/templates/vpn/ipsec/ike-group/node.tag/mode/node.def index f302d3d..fad935f 100644 --- a/templates/vpn/ipsec/ike-group/node.tag/mode/node.def +++ b/templates/vpn/ipsec/ike-group/node.tag/mode/node.def @@ -1,6 +1,5 @@ help: IKEv1 Phase 1 Mode Selection type: txt -default: "main" syntax:expression: $VAR(@) in "main", "aggressive"; "must be main or aggressive" val_help: main; Use Main mode for Key Exchanges in the IKEv1 Protocol (Recommended Default) val_help: ikev2; Use Aggressive mode for Key Exchanges in the IKEv1 protocol - We do not recommend users to use aggressive mode as it is much more insecure compared to Main mode. |