diff options
| author | Christian Breunig <christian@breunig.cc> | 2025-03-06 22:53:05 +0100 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2025-03-06 22:53:05 +0100 |
| commit | c31df5a5b5c1d1dfee063fe63a610c8bf71271f0 (patch) | |
| tree | 59e1573c154165a4d6c14977c1cb6f66b79966ad | |
| parent | 117e9edef844492ff5fd608036a4fecede337f45 (diff) | |
| download | vyos-1x-c31df5a5b5c1d1dfee063fe63a610c8bf71271f0.tar.gz vyos-1x-c31df5a5b5c1d1dfee063fe63a610c8bf71271f0.zip | |
ipsec: T7225: fix dynamic generation of IKE DiffieHellmanGroup in iOS profile
Commit e97d86e ("T6617: T6618: vpn ipsec remote-access: fix profile generators")
added a bug when working with DiffieHellmanGroup, it started becoming a boolead
and no longer referencing the DH groups itself.
This has been fixed.
| -rw-r--r-- | data/templates/ipsec/ios_profile.j2 | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/data/templates/ipsec/ios_profile.j2 b/data/templates/ipsec/ios_profile.j2 index 68e02b498..6993f82bf 100644 --- a/data/templates/ipsec/ios_profile.j2 +++ b/data/templates/ipsec/ios_profile.j2 @@ -78,9 +78,9 @@ <string>{{ esp_encryption.encryption }}</string> <key>IntegrityAlgorithm</key> <string>{{ esp_encryption.hash }}</string> -{% if esp_encryption.pfs is vyos_defined %} +{% if ike_encryption.dh_group is vyos_defined %} <key>DiffieHellmanGroup</key> - <integer>{{ esp_encryption.pfs }}</integer> + <integer>{{ ike_encryption.dh_group }}</integer> {% endif %} </dict> <!-- Controls whether the client offers Perfect Forward Secrecy (PFS). This should be set to match the server. --> |