diff options
author | jim-p <jimp@pfsense.org> | 2012-08-02 12:29:16 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-08-02 12:38:29 -0400 |
commit | 665340db1142980ca40d49b9dddf1b07e07da3b8 (patch) | |
tree | 506f7bbbb6100e692a1ced4481f4be4c1a9346c6 /etc/inc/ipsec.inc | |
parent | 919d450395b1cc5f7267c40f7ccc4c64fc27a749 (diff) | |
download | pfsense-665340db1142980ca40d49b9dddf1b07e07da3b8.zip pfsense-665340db1142980ca40d49b9dddf1b07e07da3b8.tar.gz |
Activate more Hash, DH, and PFS options that are available in racoon now. Note that SHA256-512 are RFC4868 compliant in FreeBSD, may break with other incompatible stacks.
Diffstat (limited to 'etc/inc/ipsec.inc')
-rw-r--r-- | etc/inc/ipsec.inc | 37 |
1 files changed, 31 insertions, 6 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index a2bf219..cf2caa2 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -67,12 +67,31 @@ $p2_ealgos = array( 'des' => array( 'name' => 'DES' )); $p1_halgos = array( + 'md5' => 'MD5', 'sha1' => 'SHA1', - 'md5' => 'MD5'); + 'sha256' => 'SHA256', + 'sha384' => 'SHA384', + 'sha512' => 'SHA512' +); + +$p1_dhgroups = array( + 1 => '1 (768 bit)', + 2 => '2 (1024 bit)', + 5 => '5 (1536 bit)', + 14 => '14 (2048 bit)', + 15 => '15 (3072 bit)', + 16 => '16 (4096 bit)', + 17 => '17 (6144 bit)', + 18 => '18 (8192 bit)' +); $p2_halgos = array( + 'hmac_md5' => 'MD5', 'hmac_sha1' => 'SHA1', - 'hmac_md5' => 'MD5'); + 'hmac_sha256' => 'SHA256', + 'hmac_sha384' => 'SHA384', + 'hmac_sha512' => 'SHA512' +); $p1_authentication_methods = array( 'hybrid_rsa_server' => array( 'name' => 'Hybrid RSA + Xauth', 'mobile' => true ), @@ -91,10 +110,16 @@ $p2_protos = array( 'ah' => 'AH'); $p2_pfskeygroups = array( - '0' => 'off', - '1' => '1', - '2' => '2', - '5' => '5'); + 0 => 'off', + 1 => '1 (768 bit)', + 2 => '2 (1024 bit)', + 5 => '5 (1536 bit)', + 14 => '14 (2048 bit)', + 15 => '15 (3072 bit)', + 16 => '16 (4096 bit)', + 17 => '17 (6144 bit)', + 18 => '18 (8192 bit)' +); /* * ikeid management functions |