This is an automated email from the ASF dual-hosted git repository.
sureshanaparti pushed a commit to branch 4.22
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.22 by this push:
new 0b169920f34 make dh group 31 default, support 22-24+31 (#12764)
0b169920f34 is described below
commit 0b169920f34c815fc169d5a105f330949c8e5259
Author: dahn <[email protected]>
AuthorDate: Mon Apr 27 09:13:58 2026 +0100
make dh group 31 default, support 22-24+31 (#12764)
---
ui/src/views/network/CreateVpnCustomerGateway.vue | 16 ++++++++++------
utils/src/main/java/com/cloud/utils/net/NetUtils.java | 2 +-
.../src/test/java/com/cloud/utils/net/NetUtilsTest.java | 4 ++++
3 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/ui/src/views/network/CreateVpnCustomerGateway.vue
b/ui/src/views/network/CreateVpnCustomerGateway.vue
index f71fc4709e8..bacc04cae31 100644
--- a/ui/src/views/network/CreateVpnCustomerGateway.vue
+++ b/ui/src/views/network/CreateVpnCustomerGateway.vue
@@ -258,9 +258,13 @@ export default {
'Group 15': 'modp3072',
'Group 16': 'modp4096',
'Group 17': 'modp6144',
- 'Group 18': 'modp8192'
+ 'Group 18': 'modp8192',
+ 'Group 22': 'modp1024s160',
+ 'Group 23': 'modp2048s224',
+ 'Group 24': 'modp2048s256',
+ 'Group 31': 'curve25519'
},
- ikeDhGroupInitialValue: 'Group 5(modp1536)',
+ ikeDhGroupInitialValue: 'Group 31(curve25519)',
isSubmitted: false,
ikeversion: 'ike'
}
@@ -275,12 +279,12 @@ export default {
initForm () {
this.formRef = ref()
this.form = reactive({
- ikeEncryption: 'aes128',
+ ikeEncryption: 'aes256',
ikeHash: 'sha1',
ikeversion: 'ike',
- ikeDh: 'Group 5(modp1536)',
- espEncryption: 'aes128',
- espHash: 'sha1',
+ ikeDh: 'Group 31(curve 25519)',
+ espEncryption: 'aes256',
+ espHash: 'sha256',
perfectForwardSecrecy: 'None',
ikelifetime: '86400',
esplifetime: '3600',
diff --git a/utils/src/main/java/com/cloud/utils/net/NetUtils.java
b/utils/src/main/java/com/cloud/utils/net/NetUtils.java
index 65878e055e7..d89d9fa2d93 100644
--- a/utils/src/main/java/com/cloud/utils/net/NetUtils.java
+++ b/utils/src/main/java/com/cloud/utils/net/NetUtils.java
@@ -1265,7 +1265,7 @@ public class NetUtils {
if (group == null && policyType.toLowerCase().matches("ike")) {
return false; // StrongSwan requires a DH group for the IKE
policy
}
- if (group != null &&
!group.matches("modp1024|modp1536|modp2048|modp3072|modp4096|modp6144|modp8192"))
{
+ if (group != null &&
!group.matches("modp1024|modp1536|modp2048|modp3072|modp4096|modp6144|modp8192|modp1024s160|modp2048s224|modp2048s256|curve25519"))
{
return false;
}
}
diff --git a/utils/src/test/java/com/cloud/utils/net/NetUtilsTest.java
b/utils/src/test/java/com/cloud/utils/net/NetUtilsTest.java
index 4495a123b07..5c9d41f90a2 100644
--- a/utils/src/test/java/com/cloud/utils/net/NetUtilsTest.java
+++ b/utils/src/test/java/com/cloud/utils/net/NetUtilsTest.java
@@ -131,6 +131,10 @@ public class NetUtilsTest {
assertTrue(NetUtils.isValidS2SVpnPolicy("ike", "3des-md5;modp1024"));
assertTrue(NetUtils.isValidS2SVpnPolicy("ike",
"3des-sha1;modp3072,aes128-sha1;modp1536"));
assertTrue(NetUtils.isValidS2SVpnPolicy("ike",
"3des-sha256;modp3072,aes128-sha512;modp1536"));
+ assertTrue(NetUtils.isValidS2SVpnPolicy("ike",
"aes256-sha256;modp1024s160"));
+ assertTrue(NetUtils.isValidS2SVpnPolicy("ike",
"aes256-sha256;modp2048s224"));
+ assertTrue(NetUtils.isValidS2SVpnPolicy("ike",
"aes256-sha256;modp2048s256"));
+ assertTrue(NetUtils.isValidS2SVpnPolicy("ike",
"aes256-sha256;curve25519"));
assertFalse(NetUtils.isValidS2SVpnPolicy("ike", "aes128-sha1"));
assertFalse(NetUtils.isValidS2SVpnPolicy("ike", "3des-sha1"));
assertFalse(NetUtils.isValidS2SVpnPolicy("ike",
"3des-sha1,aes256-sha1"));
