Oops. Yes.
Weirdly, someone confirmed that this patch works for them…
On 17 Jun 2019, at 15:08, Peter Müller peter.mueller@ipfire.org wrote:
The changes introduced due to #12091 caused IPsec ESP to be invalid if PFS ciphers were selected. Code has to read "!$pfs" instead of just "$pfs", as it should trigger for ciphers _without_ Perfect Forward Secrecy.
Fixes #12099
Signed-off-by: Peter Müller peter.mueller@ipfire.org Cc: Michael Tremer michael.tremer@ipfire.org
html/cgi-bin/vpnmain.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index fbc274919..750b69b1d 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -3338,7 +3338,7 @@ sub make_algos($$$$$) { push(@algo, $int); }
if ($pfs || $grp eq "none") {
if (!$pfs || $grp eq "none") { # noop } elsif ($grp =~ m/^e(.*)$/) { push(@algo, "ecp$1");-- 2.16.4