Actions
Bug #8543
closed
IKE Phase 1 configuration not working
Start date:
05/28/2018
Due date:
% Done:
100%
Estimated time:
0.50 h
Plus Target Version:
Release Notes:
Affected Version:
2.4.3_1
Affected Architecture:
All
Description
issue:
strongSwan uses only AES 128, because keylen is empty in the pfsense config file.
<phase1>
.....
<encryption>
<item>
<encryption-algorithm>
<name>aes</name>
<keylen></keylen>
</encryption-algorithm>
<hash-algorithm>sha256</hash-algorithm>
<dhgroup>14</dhgroup>
</item>
</encryption>A bug in /usr/local/www/vpn_ipsec_phase1.php causes an unselectable Phase 1 'key length' for all algorithms and prevents adding more Phase 1 Proposals.
line 1199:
// algorithm
$('[id^=ealgo_algo]select').change(function () {
id = getStringInt(this.id);
ealgosel_change(id, <?=$keyset?>);
});uses $keyset - which is not defined anywhere in this php file or any included file!. This leads in to the browser javascript call
ealgosel_change(0, );which causes a syntax error in the bowser javascript engine (missing the second parameter) - script processing is stopped and later parts are not executed.
solution:
change this part to
// algorithm
$('[id^=ealgo_algo]select').change(function () {
id = getStringInt(this.id);
ealgosel_change(id, 0);
});or set $keyset to 0 anywhere else in this php file, before it is used here.
IKE (strongSwan) itself and the GUI config dialog are working very well after this change.
Files
Updated by 
Updated by
Actions