wireless: T2306: Add new cipher suites to the WiFi configuration

    Yet, VyOS knows these two encryption schemes for WiFi:

        1. CCMP = AES in Counter mode with CBC-MAC (CCMP-128)
        2. TKIP = Temporal Key Integrity Protocol

    These encryption schemes are new and especially the Galois counter mode
    cipher suites are very desirable!

        1. CCMP-256 = AES in Counter mode with CBC-MAC with 256-bit key
        2. GCMP = Galois/counter mode protocol (GCMP-128)
        3. GCMP-256 = Galois/counter mode protocol with 256-bit key

    CCMP is supported by all WPA2 compatible NICs, so this remains the
    default cipher for bidirectional and group packets while using WPA2.

    Use 'iw list' to figure out which cipher suites your cards support
    prior to configuring other cipher suites than CCMP. AP NICs and
    STA NICs must both support at least one common cipher in a given
    list in order to associate successfully.

1 files changed, 4 insertions, 0 deletions

diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py
index 498c24df0..1964af6e1 100755
--- a/src/conf_mode/interfaces-wireless.py
+++ b/src/conf_mode/interfaces-wireless.py
@@ -442,6 +442,10 @@ def get_config():
             wifi['sec_wpa_cipher'].append('CCMP')
             wifi['sec_wpa_cipher'].append('TKIP')
 
+    # WPA Group Cipher suite
+    if conf.exists('security wpa group-cipher'):
+        wifi['sec_wpa_group_cipher'] = conf.return_values('security wpa group-cipher')
+
     # WPA personal shared pass phrase
     if conf.exists('security wpa passphrase'):
         wifi['sec_wpa_passphrase'] = conf.return_value('security wpa passphrase')