Hello Michael, could you merge the change into "next", too? So it won't be overwritten with the next Core Update... Thanks, and best regards, Peter Müller > Oops. Yes. > > Weirdly, someone confirmed that this patch works for them… > >> On 17 Jun 2019, at 15:08, Peter Müller wrote: >> >> The changes introduced due to #12091 caused IPsec ESP >> to be invalid if PFS ciphers were selected. Code has >> to read "!$pfs" instead of just "$pfs", as it should trigger >> for ciphers _without_ Perfect Forward Secrecy. >> >> Fixes #12099 >> >> Signed-off-by: Peter Müller >> Cc: Michael Tremer >> --- >> html/cgi-bin/vpnmain.cgi | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi >> index fbc274919..750b69b1d 100644 >> --- a/html/cgi-bin/vpnmain.cgi >> +++ b/html/cgi-bin/vpnmain.cgi >> @@ -3338,7 +3338,7 @@ sub make_algos($$$$$) { >> push(@algo, $int); >> } >> >> - if ($pfs || $grp eq "none") { >> + if (!$pfs || $grp eq "none") { >> # noop >> } elsif ($grp =~ m/^e(.*)$/) { >> push(@algo, "ecp$1"); >> -- >> 2.16.4 > -- The road to Hades is easy to travel. -- Bion of Borysthenes