From 50b7a62f323d1ef6dfb3fe45500d44f8290a0569 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 3 Aug 2017 12:08:04 +0000
Subject: [PATCH] ipsec: Disable compression in system policy

Compression in IPsec is slow (strongSwan only supports
DEFLATE) and there are security concerns about it
revealing information about the plaintext.

So for a little gain in bandwith, it does not seem to
be right to take that risk right now.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/vpn/security-policies/system | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/vpn/security-policies/system b/config/vpn/security-policies/system
index f2120a22..311dd9ea 100644
--- a/config/vpn/security-policies/system
+++ b/config/vpn/security-policies/system
@@ -4,4 +4,4 @@ INTEGRITY="SHA512 SHA384 SHA256"
 GROUP_TYPE="MODP8192 MODP6144 MODP4096 MODP2048 ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519"
 LIFETIME="28800"
 PFS="on"
-COMPRESSION="on"
+COMPRESSION="off"
-- 
2.47.2