Allow AES-GCM for P1 where using IKEv2. Ticket #5990

author: Chris Buechler <cmb@pfsense.org> 2016-07-17 23:18:57 -0500
committer: Chris Buechler <cmb@pfsense.org> 2016-07-17 23:19:23 -0500
commit: 76a0eecb18f86a3497c65c5833037646a0008353 (patch)
tree: 29eb413441b8809a089f44f21c3c20035436940f /src/usr/local/www/vpn_ipsec_phase1.php
parent: cadcc89814e2c770c9d0eeb1987a73eaad9f3277 (diff)
download: pfsense-76a0eecb18f86a3497c65c5833037646a0008353.zip
pfsense-76a0eecb18f86a3497c65c5833037646a0008353.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/usr/local/www/vpn_ipsec_phase1.php b/src/usr/local/www/vpn_ipsec_phase1.php
index 5e4ad2d..22e8612 100644
--- a/src/usr/local/www/vpn_ipsec_phase1.php
+++ b/src/usr/local/www/vpn_ipsec_phase1.php
@@ -423,6 +423,10 @@ if ($_POST) {
 		$input_errors[] = gettext("Valid arguments for IKE type are v1, v2 or auto");
 	}
 
+	if (preg_match("/aes\d+gcm/", $_POST['ealgo']) && $_POST['iketype'] != "ikev2") {
+		$input_errors[] = gettext("Encryption Algorithm AES-GCM can only be used with IKEv2");
+	}
+
 	if (!empty($_POST['ealgo']) && isset($config['system']['crypto_hardware'])) {
 		if ($config['system']['crypto_hardware'] == "glxsb") {
 			if ($_POST['ealgo'] == "aes" && $_POST['ealgo_keylen'] != "128") {
author	Chris Buechler <cmb@pfsense.org>	2016-07-17 23:18:57 -0500
committer	Chris Buechler <cmb@pfsense.org>	2016-07-17 23:19:23 -0500
commit	76a0eecb18f86a3497c65c5833037646a0008353 (patch)
tree	29eb413441b8809a089f44f21c3c20035436940f /src/usr/local/www/vpn_ipsec_phase1.php
parent	cadcc89814e2c770c9d0eeb1987a73eaad9f3277 (diff)
download	pfsense-76a0eecb18f86a3497c65c5833037646a0008353.zip pfsense-76a0eecb18f86a3497c65c5833037646a0008353.tar.gz