--- /opt/vyatta/sbin/vpn-config.pl 2017-08-02 20:54:46.850570179 +0000 +++ /root/vpn-config.pl 2017-08-02 20:54:17.330991323 +0000 @@ -911,6 +911,40 @@ # if (defined($encryption) && defined($hash)) { $genout .= "$encryption-$hash"; + my $pfs = $vcVPN->returnValue("ipsec esp-group $esp_group pfs"); + if (defined($pfs)) { + if ($pfs eq 'dh-group2') { + $genout .= "\-modp1024"; + } elsif ($pfs eq 'dh-group5') { + $genout .= "\-modp1536"; + } elsif ($pfs eq 'dh-group14') { + $genout .= "\-modp2048"; + } elsif ($pfs eq 'dh-group15') { + $genout .= "\-modp3072"; + } elsif ($pfs eq 'dh-group16') { + $genout .= "\-modp4096"; + } elsif ($pfs eq 'dh-group17') { + $genout .= "\-modp6144"; + } elsif ($pfs eq 'dh-group18') { + $genout .= "\-modp8192"; + } elsif ($pfs eq 'dh-group19') { + $genout .= "\-ecp256"; + } elsif ($pfs eq 'dh-group20') { + $genout .= "\-ecp384"; + } elsif ($pfs eq 'dh-group21') { + $genout .= "\-ecp521"; + } elsif ($pfs eq 'dh-group22') { + $genout .= "\-modp1024s160"; + } elsif ($pfs eq 'dh-group23') { + $genout .= "\-modp2048s224"; + } elsif ($pfs eq 'dh-group24') { + $genout .= "\-modp2048s256"; + } elsif ($pfs eq 'dh-group25') { + $genout .= "\-ecp192"; + } elsif ($pfs eq 'dh-group26') { + $genout .= "\-ecp224"; + } + } } } $genout .= "!\n";