ipsec: Set IKE/IPsec lifetime to strongswan defaults.

As suggested by Tom Rymes:
https://bugzilla.ipfire.org/show_bug.cgi?id=10346

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 161df4d6e6fc73f61bdba8aed4c6a85a0c0a08c1..bda49a3e7ba567d78788e3fbb6922ea421ac0edb 100644 (file)
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1832,11 +1832,11 @@ END
        $cgiparams{'IKE_ENCRYPTION'} = 'aes256|aes192|aes128|3des';     #[18];
        $cgiparams{'IKE_INTEGRITY'}  = 'sha2_256|sha|md5';      #[19];
        $cgiparams{'IKE_GROUPTYPE'}  = '8192|6144|4096|3072|2048|1536|1024';            #[20];
        $cgiparams{'IKE_ENCRYPTION'} = 'aes256|aes192|aes128|3des';     #[18];
        $cgiparams{'IKE_INTEGRITY'}  = 'sha2_256|sha|md5';      #[19];
        $cgiparams{'IKE_GROUPTYPE'}  = '8192|6144|4096|3072|2048|1536|1024';            #[20];

-       $cgiparams{'IKE_LIFETIME'}   = '1';             #[16];
+       $cgiparams{'IKE_LIFETIME'}   = '3';             #[16];

        $cgiparams{'ESP_ENCRYPTION'} = 'aes256|aes192|aes128|3des';     #[21];
        $cgiparams{'ESP_INTEGRITY'}  = 'sha2_256|sha1|md5';     #[22];
        $cgiparams{'ESP_GROUPTYPE'}  = '';              #[23];
        $cgiparams{'ESP_ENCRYPTION'} = 'aes256|aes192|aes128|3des';     #[21];
        $cgiparams{'ESP_INTEGRITY'}  = 'sha2_256|sha1|md5';     #[22];
        $cgiparams{'ESP_GROUPTYPE'}  = '';              #[23];

-       $cgiparams{'ESP_KEYLIFE'}    = '8';             #[17];
+       $cgiparams{'ESP_KEYLIFE'}    = '1';             #[17];

        $cgiparams{'COMPRESSION'}    = 'on';            #[13];
        $cgiparams{'ONLY_PROPOSED'}  = 'off';           #[24];
        $cgiparams{'PFS'}            = 'on';            #[28];
        $cgiparams{'COMPRESSION'}    = 'on';            #[13];
        $cgiparams{'ONLY_PROPOSED'}  = 'off';           #[24];
        $cgiparams{'PFS'}            = 'on';            #[28];