]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blobdiff - html/cgi-bin/vpnmain.cgi
projects / people / pmueller / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
vpnmain.cgi: Fix wrong cipher suite generation when PFS is disabled
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / vpnmain.cgi
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 00282d50b2d9c8eefa93157345c05e22ca86d9b3..4b737b3a8265911fb5581c2906749dc89861f707 100644 (file)
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1363,6 +1363,10 @@ END
                        $cgiparams{'MODE'} = "tunnel";
                }
 
+               if ($cgiparams{'INTERFACE_MTU'} eq "") {
+                       $cgiparams{'INTERFACE_MTU'} = 1500;
+               }
+
        } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
                $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
                if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
@@ -3327,14 +3331,14 @@ sub make_algos($$$$$) {
                                                push(@algo, "modp$grp");
                                        }
 
-                               } elsif ($mode eq "esp" && $pfs) {
+                               } elsif ($mode eq "esp") {
                                        my $is_aead = ($enc =~ m/[cg]cm/);
 
                                        if (!$is_aead) {
                                                push(@algo, $int);
                                        }
 
-                                       if ($grp eq "none") {
+                                       if ($pfs || $grp eq "none") {
                                                # noop
                                        } elsif ($grp =~ m/^e(.*)$/) {
                                                push(@algo, "ecp$1");
Peter's tree of IPFire 2.x