diff options
| author | Kim Hagen <kim.sidney@gmail.com> | 2016-02-11 08:54:39 -0500 |
|---|---|---|
| committer | Kim Hagen <kim.sidney@gmail.com> | 2016-02-11 08:54:39 -0500 |
| commit | 8353f0f8fc746c69d6006e5bba9baf45afe16385 (patch) | |
| tree | a5304794ad5960264a593a87e5b1cbdc66ce5e79 /templates | |
| parent | fbddff7f2b6b485c93b5d3cf4d60a75f84c3a2b6 (diff) | |
| download | vyatta-cfg-vpn-8353f0f8fc746c69d6006e5bba9baf45afe16385.tar.gz vyatta-cfg-vpn-8353f0f8fc746c69d6006e5bba9baf45afe16385.zip | |
Set default pfs and ike dh group. (required by strongswan charon)
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/vpn/ipsec/esp-group/node.tag/pfs/node.def | 7 | ||||
| -rw-r--r-- | templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def | 5 |
2 files changed, 6 insertions, 6 deletions
diff --git a/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def b/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def index 59a46ec..cda2169 100644 --- a/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def +++ b/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def @@ -1,11 +1,10 @@ help: ESP Perfect Forward Secrecy type: txt -default: "enable" -syntax:expression: $VAR(@) in "enable", "disable", "dh-group2", "dh-group5", "dh-group14", "dh-group15", "dh-group16", "dh-group17", "dh-group18", "dh-group19", "dh-group20", "dh-group21", "dh-group22", "dh-group23", "dh-group24", "dh-group25", "dh-group26"; "must be enable, disable, dh-group2, dh-group5, dh-group14, dh-group15, dh-group16, dh-group17, dh-group18, dh-group19, dh-group20, dh-group21, dh-group22, dh-group23, dh-group24, dh-group25 or dh-group26" -val_help: enable; Enable PFS. Use ike-group's dh-group (default) +default: "dh-group14" +syntax:expression: $VAR(@) in "disable", "dh-group2", "dh-group5", "dh-group14", "dh-group15", "dh-group16", "dh-group17", "dh-group18", "dh-group19", "dh-group20", "dh-group21", "dh-group22", "dh-group23", "dh-group24", "dh-group25", "dh-group26"; "must be enable, disable, dh-group2, dh-group5, dh-group14, dh-group15, dh-group16, dh-group17, dh-group18, dh-group19, dh-group20, dh-group21, dh-group22, dh-group23, dh-group24, dh-group25 or dh-group26" val_help: dh-group2; Enable PFS. Use Diffie-Hellman group 2 (modp1024) val_help: dh-group5; Enable PFS. Use Diffie-Hellman group 5 (modp1536) -val_help: dh-group14; Enable PFS. Use Diffie-Hellman group 14 (modp2048) +val_help: dh-group14; Enable PFS. Use Diffie-Hellman group 14 (modp2048) (default) val_help: dh-group15; Enable PFS. Use Diffie-Hellman group 15 (modp3072) val_help: dh-group16; Enable PFS. Use Diffie-Hellman group 16 (modp4096) val_help: dh-group17; Enable PFS. Use Diffie-Hellman group 17 (modp6144) diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def index 307dc09..3ff5646 100644 --- a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def +++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def @@ -1,9 +1,10 @@ -help: Diffie-Hellman (DH) key exchange group +help: Diffie-Hellman (DH) key exchange group [REQUIRED] type: u32 +default: 14 syntax:expression: ($VAR(@) == 2 || $VAR(@) == 5 || ($VAR(@) >= 14 && $VAR(@) <= 26)); "must be 2, 5 or 14 through 26" val_help: 2; DH group 2 (modp1024) val_help: 5; DH group 5 (modp1536) -val_help: 14; DH group 14 (modp2048) +val_help: 14; DH group 14 (modp2048) (default) val_help: 15; DH group 15 (modp3072) val_help: 16; DH group 16 (modp4096) val_help: 17; DH group 17 (modp6144) |