Add env file option

- Add an env file option VPN_ENABLE_MODP1536=yes - Users who need to enable the less secure modp1536 (DH group 5) can set this option, then re-create the Docker container. - Note that it is NOT recommended to enable modp1536 because it is less secure and not commonly used by VPN clients. - Ref: b1a600f
mutadecheng · Oct 23, 2022 · 601ffaf · 601ffaf
1 parent ec9464c
commit 601ffaf
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/run.sh b/run.sh
@@ -177,6 +177,10 @@ if [ -n "$VPN_ENABLE_MODP1024" ]; then
   VPN_ENABLE_MODP1024=$(nospaces "$VPN_ENABLE_MODP1024")
   VPN_ENABLE_MODP1024=$(noquotes "$VPN_ENABLE_MODP1024")
 fi
+if [ -n "$VPN_ENABLE_MODP1536" ]; then
+  VPN_ENABLE_MODP1536=$(nospaces "$VPN_ENABLE_MODP1536")
+  VPN_ENABLE_MODP1536=$(noquotes "$VPN_ENABLE_MODP1536")
+fi
 if [ -n "$VPN_L2TP_NET" ]; then
   VPN_L2TP_NET=$(nospaces "$VPN_L2TP_NET")
   VPN_L2TP_NET=$(noquotes "$VPN_L2TP_NET")
@@ -315,12 +319,20 @@ case $VPN_IKEV2_ONLY in
     ;;
 esac
 ike_algs="aes256-sha2;modp2048,aes128-sha2;modp2048,aes256-sha1;modp2048,aes128-sha1;modp2048"
-ike_algs_addl=",aes256-sha2;modp1024,aes128-sha1;modp1024"
+ike_algs_addl_1=",aes256-sha2;modp1024,aes128-sha1;modp1024"
+ike_algs_addl_2=",aes256-sha2;modp1536,aes128-sha1;modp1536"
 case $VPN_ENABLE_MODP1024 in
   [yY][eE][sS])
     echo
     echo "Enabling modp1024 in ipsec.conf..."
-    ike_algs="$ike_algs$ike_algs_addl"
+    ike_algs="$ike_algs$ike_algs_addl_1"
+    ;;
+esac
+case $VPN_ENABLE_MODP1536 in
+  [yY][eE][sS])
+    echo
+    echo "Enabling modp1536 in ipsec.conf..."
+    ike_algs="$ike_algs$ike_algs_addl_2"
     ;;
 esac