[07/16] IPsec: Apple: Enable PFS on client when enabled

Message ID 20200528175850.12638-8-michael.tremer@ipfire.org
State New
Headers show
Series
  • [01/16] IPsec: Use sane defaults for certificate lifetimes
Related show

Commit Message

Michael Tremer May 28, 2020, 5:58 p.m. UTC
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/vpnmain.cgi | 7 +++++++
 1 file changed, 7 insertions(+)

Patch

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index f5b1186a8..816136c92 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1257,6 +1257,13 @@  END
 	print "					<key>RemoteAddress</key>\n";
 	print "					<string>$endpoint</string>\n";
 
+	# PFS
+	my $pfs = $confighash{$key}[28];
+	if ($pfs eq "on") {
+		print "					<key>EnablePFS</key>\n";
+		print "					<true/>\n";
+	}
+
 	# Left ID
 	if ($confighash{$key}[9]) {
 		print "					<key>LocalIdentifier</key>\n";