ipsec: Only allow strict use of security policies

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/functions/functions.ipsec b/src/functions/functions.ipsec
index 03aefcdde2e184c8c35ce1888f868d35f002daf9..5e496ff5c9c187554cfc7e7d575b096a16323f81 100644 (file)
--- a/src/functions/functions.ipsec
+++ b/src/functions/functions.ipsec
@@ -1011,7 +1011,7 @@ _ipsec_connection_to_strongswan_connection() {
 
        # IKE Proposals
        print_indent 2 "# IKE Proposals"
-       print_indent 2 "proposals = $(vpn_security_policies_make_ah_proposal ${SECURITY_POLICY})"
+       print_indent 2 "proposals = $(vpn_security_policies_make_ah_proposal ${SECURITY_POLICY})!"
        print
 
        # DPD Settings
@@ -1073,7 +1073,7 @@ _ipsec_connection_to_strongswan_connection() {
        print_indent 3 "${connection} {"
 
        print_indent 4 "# ESP Proposals"
-       print_indent 4 "esp_proposals = $(vpn_security_policies_make_esp_proposal ${SECURITY_POLICY})"
+       print_indent 4 "esp_proposals = $(vpn_security_policies_make_esp_proposal ${SECURITY_POLICY})!"
        print
 
        # Traffic Selectors