diff options
| author | Ermal LUÇI <eri@pfsense.org> | 2015-05-19 18:41:18 +0200 |
|---|---|---|
| committer | Ermal LUÇI <eri@pfsense.org> | 2015-05-19 18:41:18 +0200 |
| commit | 4ed45f24f2aee07b6e21a0ab27bce36503604274 (patch) | |
| tree | 9993e99da74ee1f250961d654bc8f51895c7a4e9 | |
| parent | 2f8d3544ffb0cffbfa735869df220d5f2fdf5970 (diff) | |
| parent | 10439116597e3c2d590191c9be182155b27aa98b (diff) | |
| download | pfsense-4ed45f24f2aee07b6e21a0ab27bce36503604274.zip pfsense-4ed45f24f2aee07b6e21a0ab27bce36503604274.tar.gz | |
Merge pull request #1649 from baxeno/master
| -rw-r--r-- | etc/inc/ipsec.inc | 18 | ||||
| -rw-r--r-- | etc/inc/vpn.inc | 11 |
2 files changed, 25 insertions, 4 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 5196236..d766ade 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -69,6 +69,9 @@ $ipsec_idhandling = array( global $p1_ealgos; $p1_ealgos = array( 'aes' => array( 'name' => 'AES', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ), + 'aes128gcm' => array( 'name' => 'AES128-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ), + 'aes192gcm' => array( 'name' => 'AES192-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ), + 'aes256gcm' => array( 'name' => 'AES256-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ), 'blowfish' => array( 'name' => 'Blowfish', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ), '3des' => array( 'name' => '3DES' ), 'cast128' => array( 'name' => 'CAST128' ), @@ -110,7 +113,10 @@ $p1_dhgroups = array( 21 => '21 (nist ecp521)', 22 => '22 (1024(sub 160) bit)', 23 => '23 (2048(sub 224) bit)', - 24 => '24 (2048(sub 256) bit)' + 24 => '24 (2048(sub 256) bit)', + 28 => '28 (brainpool ecp256)', + 29 => '29 (brainpool ecp384)', + 30 => '30 (brainpool ecp512)' ); global $p2_halgos; @@ -161,7 +167,13 @@ $p2_pfskeygroups = array( 15 => '15 (3072 bit)', 16 => '16 (4096 bit)', 17 => '17 (6144 bit)', - 18 => '18 (8192 bit)' + 18 => '18 (8192 bit)', + 19 => '19 (nist ecp256)', + 20 => '20 (nist ecp384)', + 21 => '21 (nist ecp521)', + 28 => '28 (brainpool ecp256)', + 29 => '29 (brainpool ecp384)', + 30 => '30 (brainpool ecp512)' ); /* @@ -707,7 +719,7 @@ function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) { break; case 'keyid tag': $thisid_type = 'keyid'; - $thisid_data = "{$thisid_data}"; + $thisid_data = "{$id_data}"; break; case 'user_fqdn': $thisid_type = 'userfqdn'; diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index ebd17ca..23e636a 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -98,7 +98,16 @@ function vpn_ipsec_convert_to_modp($index) $convertion = "ecp384"; break; case '21': - $convertion = "ecp512"; + $convertion = "ecp521"; + break; + case '28': + $convertion = "ecp256bp"; + break; + case '29': + $convertion = "ecp384bp"; + break; + case '30': + $convertion = "ecp512bp"; break; } |
