From b6b1887c063438cd8981031f0a3326db2f0f32cf Mon Sep 17 00:00:00 2001
From: aapostoliuk <a.apostoliuk@vyos.io>
Date: Mon, 13 Mar 2023 12:45:30 +0200
Subject: ipsec: T4925: Added PRF into IKE group

Added the possibility to configure Pseudo-Random Functions (PRF) in IKE group
set vpn ipsec ike-group <Ike-grp> proposal <number> prf <PRF>
Backport from 1.4
---
 scripts/vpn-config.pl | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'scripts')

diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl
index b0aae42..c7e72dc 100755
--- a/scripts/vpn-config.pl
+++ b/scripts/vpn-config.pl
@@ -683,6 +683,7 @@ if ($vcVPN->exists('ipsec')) {
                     my $encryption = $vcVPN->returnValue("ipsec ike-group $ike_group proposal $ike_proposal encryption");
                     my $hash = $vcVPN->returnValue("ipsec ike-group $ike_group proposal $ike_proposal hash");
                     my $dh_group = $vcVPN->returnValue("ipsec ike-group $ike_group proposal $ike_proposal dh-group");
+                    my $prf = $vcVPN->returnValue("ipsec ike-group $ike_group proposal $ike_proposal prf");
 
                     #
                     # Write separator if not first proposal
@@ -698,6 +699,9 @@ if ($vcVPN->exists('ipsec')) {
                     #
                     if (defined($encryption) && defined($hash)) {
                         $genout .= "$encryption-$hash";
+                        if (defined($prf) && $prf ne "") {
+                            $genout .= "-$prf";
+                        }
                         if (defined($dh_group)) {
                             my $cipher_out = get_dh_cipher_result($dh_group);
                             if ($cipher_out eq 'unknown') {
-- 
cgit v1.2.3