[BUG] (patch) IPsec VPN AH config missing hash algorithm

mfedv · October 05, 2020, 04:42:52 PM

on opnsense 20.7.3, in VPN / IPsec / Tunnel Settings:

using AH instead of ESP leads to a syntax error in
/usr/local/etc/ipsec.conf:

ah = -modp2048!

the selected hash algorithm is missing. There is a typo in
/usr/local/etc/inc/plugins.inc.d/ipsec.inc, where the DH group config
overwrites the config string instead of appending to it.

patch is attached

Also, for AH connections, the tunnel settings overview displays
encryption settings (not used with AH). Not sure if this is a bug in the
display code (not checking for AH) or if these settings should not be
put into XML config for AH connections.

Best regards
Matthias Ferdinand

[BUG] (patch) IPsec VPN AH config missing hash algorithm

mfedv

October 05, 2020, 04:42:52 PM