diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/etc/inc/ipsec.inc | 3 | ||||
-rw-r--r-- | src/usr/local/www/vpn_ipsec_phase1.php | 4 |
2 files changed, 7 insertions, 0 deletions
diff --git a/src/etc/inc/ipsec.inc b/src/etc/inc/ipsec.inc index f60e639..a77e485 100644 --- a/src/etc/inc/ipsec.inc +++ b/src/etc/inc/ipsec.inc @@ -101,6 +101,9 @@ $ipsec_idhandling = array( global $p1_ealgos; $p1_ealgos = array( 'aes' => array('name' => 'AES', 'keysel' => array('lo' => 128, 'hi' => 256, 'step' => 64)), + 'aes128gcm' => array('name' => 'AES128-GCM', 'keysel' => array('lo' => 64, 'hi' => 128, 'step' => 32)), + 'aes192gcm' => array('name' => 'AES192-GCM', 'keysel' => array('lo' => 64, 'hi' => 128, 'step' => 32)), + 'aes256gcm' => array('name' => 'AES256-GCM', 'keysel' => array('lo' => 64, 'hi' => 128, 'step' => 32)), 'blowfish' => array('name' => 'Blowfish', 'keysel' => array('lo' => 128, 'hi' => 256, 'step' => 64)), '3des' => array('name' => '3DES'), 'cast128' => array('name' => 'CAST128') diff --git a/src/usr/local/www/vpn_ipsec_phase1.php b/src/usr/local/www/vpn_ipsec_phase1.php index 3bdfd38..a9fb081 100644 --- a/src/usr/local/www/vpn_ipsec_phase1.php +++ b/src/usr/local/www/vpn_ipsec_phase1.php @@ -391,6 +391,10 @@ if ($_POST) { $input_errors[] = gettext("Valid arguments for IKE type are v1, v2 or auto"); } + if (preg_match("/aes\d+gcm/", $_POST['ealgo']) && $_POST['iketype'] != "ikev2") { + $input_errors[] = gettext("Encryption Algorithm AES-GCM can only be used with IKEv2"); + } + if (!empty($_POST['ealgo']) && isset($config['system']['crypto_hardware'])) { if ($config['system']['crypto_hardware'] == "glxsb") { if ($_POST['ealgo'] == "aes" && $_POST['ealgo_keylen'] != "128") { |