From a48e4dd265d6256fdc3c5b2fc8e6b85ca4d40361 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 4 Aug 2017 13:30:31 +0000
Subject: [PATCH] ipsec: Only allow strict use of security policies

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/functions/functions.ipsec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/functions/functions.ipsec b/src/functions/functions.ipsec
index 03aefcdd..5e496ff5 100644
--- a/src/functions/functions.ipsec
+++ b/src/functions/functions.ipsec
@@ -1011,7 +1011,7 @@ _ipsec_connection_to_strongswan_connection() {
 
 	# IKE Proposals
 	print_indent 2 "# IKE Proposals"
-	print_indent 2 "proposals = $(vpn_security_policies_make_ah_proposal ${SECURITY_POLICY})"
+	print_indent 2 "proposals = $(vpn_security_policies_make_ah_proposal ${SECURITY_POLICY})!"
 	print
 
 	# DPD Settings
@@ -1073,7 +1073,7 @@ _ipsec_connection_to_strongswan_connection() {
 	print_indent 3 "${connection} {"
 
 	print_indent 4 "# ESP Proposals"
-	print_indent 4 "esp_proposals = $(vpn_security_policies_make_esp_proposal ${SECURITY_POLICY})"
+	print_indent 4 "esp_proposals = $(vpn_security_policies_make_esp_proposal ${SECURITY_POLICY})!"
 	print
 
 	# Traffic Selectors
-- 
2.47.3