Activate more Hash, DH, and PFS options that are available in racoon now. Note that SHA256-512 are RFC4868 compliant in FreeBSD, may break with other incompatible stacks.

2 files changed, 2 insertions, 10 deletions

diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php
index ae62a47..9411b7d 100644
--- a/usr/local/www/vpn_ipsec_phase1.php
+++ b/usr/local/www/vpn_ipsec_phase1.php
@@ -753,16 +753,14 @@ function dpdchkbox_change() {
 						<td width="22%" valign="top" class="vncellreq"><?=gettext("DH key group"); ?></td>
 						<td width="78%" class="vtable">
 							<select name="dhgroup" class="formselect">
-							<?php $keygroups = explode(" ", "1 2 5"); foreach ($keygroups as $keygroup): ?>
+							<?php foreach ($p1_dhgroups as $keygroup => $keygroupname): ?>
 								<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['dhgroup']) echo "selected"; ?>>
-									<?=htmlspecialchars($keygroup);?>
+									<?=htmlspecialchars($keygroupname);?>
 								</option>
 							<?php endforeach; ?>
 							</select>
 							<br>
 							<span class="vexpl">
-								<em><?=gettext("1 = 768 bit, 2 = 1024 bit, 5 = 1536 bit"); ?></em>
-								<br>
 								<?=gettext("Must match the setting chosen on the remote side"); ?>.
 							</span>
 						</td>
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php
index 2bfd905..74d1359 100644
--- a/usr/local/www/vpn_ipsec_phase2.php
+++ b/usr/local/www/vpn_ipsec_phase2.php
@@ -624,12 +624,6 @@ function change_protocol() {
 							<?php endforeach; ?>
 							</select>
 							<br>
-							<span class="vexpl">
-								<em>
-									<?=gettext("1 = 768 bit, 2 = 1024 bit, 5 = 1536 bit"); ?>
-								</em>
-							</span>
-							
 							<?php else: ?>
 
 							<select class="formselect" disabled>