vpnmain.cgi: Fix writing ESP settings for PFS ciphers

The changes introduced due to #12091 caused IPsec ESP
to be invalid if PFS ciphers were selected. Code has
to read "!$pfs" instead of just "$pfs", as it should trigger
for ciphers _without_ Perfect Forward Secrecy.

Fixes #12099

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index fbc2749191692352152e0df0a9678a80addf2f11..750b69b1dc1a8b871a5be996dcb09d66a4d7c652 100644 (file)
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -3338,7 +3338,7 @@ sub make_algos($$$$$) {
                                                push(@algo, $int);
                                        }
 
-                                       if ($pfs || $grp eq "none") {
+                                       if (!$pfs || $grp eq "none") {
                                                # noop
                                        } elsif ($grp =~ m/^e(.*)$/) {
                                                push(@algo, "ecp$1");