aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBill Nottingham <notting@redhat.com>2008-01-10 19:32:53 +0000
committerBill Nottingham <notting@redhat.com>2008-01-10 19:32:53 +0000
commit73ab7a1e36bf96f52352f6f83927c3da90f114fd (patch)
tree170a2133b7fed91d2944e60589c5a0e13af16d26
parentac5703b96f655a74f3b74c53f2e90b35d9d29823 (diff)
downloadinitscripts-73ab7a1e36bf96f52352f6f83927c3da90f114fd.tar
initscripts-73ab7a1e36bf96f52352f6f83927c3da90f114fd.tar.gz
initscripts-73ab7a1e36bf96f52352f6f83927c3da90f114fd.tar.bz2
initscripts-73ab7a1e36bf96f52352f6f83927c3da90f114fd.tar.xz
initscripts-73ab7a1e36bf96f52352f6f83927c3da90f114fd.zip
add support for overriding IKE dh group (#251506, <stijn.tintel@x-tend.be>)
Diffstat
-rwxr-xr-xsysconfig/network-scripts/ifup-ipsec7
1 files changed, 4 insertions, 3 deletions
diff --git a/sysconfig/network-scripts/ifup-ipsec b/sysconfig/network-scripts/ifup-ipsec
index ebad848c..13a883b7 100755
--- a/sysconfig/network-scripts/ifup-ipsec
+++ b/sysconfig/network-scripts/ifup-ipsec
@@ -102,6 +102,7 @@ if [ "$KEYING" = "manual" ]; then
[ -n "$KEY_ESP_IN" ] && SPD_ESP_IN=yes
[ -n "$KEY_ESP_OUT" ] && SPD_ESP_OUT=yes
else
+ [ -z "$IKE_DHGROUP" ] && IKE_DHGROUP=2
[ -z "$AH_PROTO" ] && AH_PROTO=sha1
[ -z "$ESP_PROTO" ] && ESP_PROTO=3des
@@ -179,7 +180,7 @@ EOF
encryption_algorithm $ESP_PROTO;
hash_algorithm $AH_PROTO;
authentication_method pre_shared_key;
- dh_group 2 ;
+ dh_group $IKE_DHGROUP;
}
}
EOF
@@ -201,7 +202,7 @@ EOF
encryption_algorithm $ESP_PROTO;
hash_algorithm $AH_PROTO;
authentication_method rsasig;
- dh_group 2;
+ dh_group $IKE_DHGROUP;
}
}
EOF
@@ -213,7 +214,7 @@ EOF
encryption_algorithm $ESP_PROTO;
hash_algorithm $AH_PROTO;
authentication_method gssapi_krb;
- dh_group 2 ;
+ dh_group $IKE_DHGROUP;
}
}
EOF
generated by cgit v1.2.1 (git 2.21.0) at 2024-06-08 23:31:56 +0000