diff options
| -rwxr-xr-x | scripts/vpn-config.pl | 6 | ||||
| -rw-r--r-- | templates/vpn/ipsec/esp-group/node.tag/pfs/node.def | 12 |
2 files changed, 13 insertions, 5 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index 370c62c..58b4c1d 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -818,6 +818,12 @@ if ( $vcVPN->exists('ipsec') ) { if ( defined($pfs) ) { if ( $pfs eq 'enable' ) { $genout .= "\tpfs=yes\n"; + } elsif ( $pfs eq 'dh-group2' ) { + $genout .= "\tpfs=yes\n"; + $genout .= "\tpfsgroup=modp1024\n"; + } elsif ( $pfs eq 'dh-group5' ) { + $genout .= "\tpfs=yes\n"; + $genout .= "\tpfsgroup=modp1536\n"; } else { $genout .= "\tpfs=no\n"; } diff --git a/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def b/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def index 2623cad..82ce8db 100644 --- a/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def +++ b/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def @@ -1,7 +1,9 @@ -help: Set ESP PFS -type: txt +help: Set ESP Perfect Forward Secrecy +type: txt default: "enable" -syntax:expression: $VAR(@) in "enable", "disable"; "must be enable or disable" +syntax:expression: $VAR(@) in "enable", "disable", "dh-group2", "dh-group5"; "must be enable, disable, dh-group2 or dh-group5" comp_help: possible completions - enable Set Perfect Forward Secrecy enabled (default) - disable Set Perfect Forward Secrecy disabled + enable Enable PFS. Use ike-group's dh-group (default) + dh-group2 Enable PFS. Use Diffie-Hellman group 2 + dh-group5 Enable PFS. Use Diffie-Hellman group 5 + disable Disable PFS |