IPsec: Apple: Enable PFS on client when enabled

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 09acbdaabccd3660731714eb01be8845aafa2442..9ff5f62b08be6d04dae6b22504e8b1e4230e29ce 100644 (file)
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1257,6 +1257,13 @@ END
        print "                                 <key>RemoteAddress</key>\n";
        print "                                 <string>$endpoint</string>\n";
 
+       # PFS
+       my $pfs = $confighash{$key}[28];
+       if ($pfs eq "on") {
+               print "                                 <key>EnablePFS</key>\n";
+               print "                                 <true/>\n";
+       }
+
        # Left ID
        if ($confighash{$key}[9]) {
                print "                                 <key>LocalIdentifier</key>\n";