From 56d5efa7c528809be333ffab7ea8a39383ac4425 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 21 Jul 2017 22:43:39 +0200
Subject: [PATCH] security-policies: Add new "performance" policy

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 Makefile.am                              | 1 +
 config/vpn/security-policies/performance | 7 +++++++
 2 files changed, 8 insertions(+)
 create mode 100644 config/vpn/security-policies/performance

diff --git a/Makefile.am b/Makefile.am
index 560b65c9..761e849e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -277,6 +277,7 @@ EXTRA_DIST += \
 systemconfig_vpndir = $(systemconfigdir)/vpn
 
 dist_systemconfig_vpn_security_policies_DATA = \
+	config/vpn/security-policies/performance \
 	config/vpn/security-policies/system
 
 systemconfig_vpn_security_policiesdir = $(systemconfig_vpndir)/security-policies
diff --git a/config/vpn/security-policies/performance b/config/vpn/security-policies/performance
new file mode 100644
index 00000000..a40b454c
--- /dev/null
+++ b/config/vpn/security-policies/performance
@@ -0,0 +1,7 @@
+CIPHER="AES128-GCM128 AES128-CBC"
+COMPRESSION="off"
+GROUP_TYPE="ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519"
+INTEGRITY="SHA256"
+KEY_EXCHANGE="ikev2"
+LIFETIME="28800"
+PFS="on"
-- 
2.47.3