From 90507bec184d67ad2135e6302ef635b3f3fb5faa Mon Sep 17 00:00:00 2001
From: Peter Stehlin <peter.stehlin@crypto.ch>
Date: Mon, 25 Mar 2019 10:31:51 +0100
Subject: [PATCH] ipsec: added ikev2 dh group 31 / curve 25519

curve 25519 is supported in strongswan 5.7.1 and newer
---
 src/etc/inc/plugins.inc.d/ipsec.inc | 1 +
 src/www/vpn_ipsec.php               | 1 +
 src/www/vpn_ipsec_mobile.php        | 1 +
 src/www/vpn_ipsec_phase1.php        | 1 +
 src/www/vpn_ipsec_phase2.php        | 1 +
 5 files changed, 5 insertions(+)
 mode change 100644 => 100755 src/www/vpn_ipsec.php
 mode change 100644 => 100755 src/www/vpn_ipsec_mobile.php
 mode change 100644 => 100755 src/www/vpn_ipsec_phase1.php
 mode change 100644 => 100755 src/www/vpn_ipsec_phase2.php

diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc
index be0e2aa50..53d62c06c 100644
--- a/src/etc/inc/plugins.inc.d/ipsec.inc
+++ b/src/etc/inc/plugins.inc.d/ipsec.inc
@@ -618,6 +618,7 @@ function ipsec_convert_to_modp($index): string
         28 => 'ecp256bp',
         29 => 'ecp384bp',
         30 => 'ecp512bp',
+        31 => 'curve25519',
     ];
 
     if (!array_key_exists($index, $map)) {
diff --git a/src/www/vpn_ipsec.php b/src/www/vpn_ipsec.php
old mode 100644
new mode 100755
index b59b11dea..8e1ed5cbd
--- a/src/www/vpn_ipsec.php
+++ b/src/www/vpn_ipsec.php
@@ -206,6 +206,7 @@ $dhgroups = array(
     28 => '28 (Brainpool EC 256 bits)',
     29 => '29 (Brainpool EC 384 bits)',
     30 => '30 (Brainpool EC 512 bits)',
+    31 => '31 (Elliptic Curve 25519)',
 );
 
 ?>
diff --git a/src/www/vpn_ipsec_mobile.php b/src/www/vpn_ipsec_mobile.php
old mode 100644
new mode 100755
index a4e015ae8..c7b2aefb7
--- a/src/www/vpn_ipsec_mobile.php
+++ b/src/www/vpn_ipsec_mobile.php
@@ -524,6 +524,7 @@ endfor; ?>
                             28 => '28 (Brainpool EC 256 bits)',
                             29 => '29 (Brainpool EC 384 bits)',
                             30 => '30 (Brainpool EC 512 bits)',
+                            31 => '31 (Elliptic Curve 25519)',
                         );
                         foreach ($p2_dhgroups as $keygroup => $keygroupname): ?>
                           <option value="<?=$keygroup;
diff --git a/src/www/vpn_ipsec_phase1.php b/src/www/vpn_ipsec_phase1.php
old mode 100644
new mode 100755
index 6e7a35da9..eb82f5e83
--- a/src/www/vpn_ipsec_phase1.php
+++ b/src/www/vpn_ipsec_phase1.php
@@ -984,6 +984,7 @@ endforeach; ?>
                            28 => '28 (Brainpool EC 256 bits)',
                            29 => '29 (Brainpool EC 384 bits)',
                            30 => '30 (Brainpool EC 512 bits)',
+                           31 => '31 (Elliptic Curve 25519)',
                       );
                       foreach ($p1_dhgroups as $keygroup => $keygroupname):
 ?>
diff --git a/src/www/vpn_ipsec_phase2.php b/src/www/vpn_ipsec_phase2.php
old mode 100644
new mode 100755
index 63eb1be63..bbd5aabc7
--- a/src/www/vpn_ipsec_phase2.php
+++ b/src/www/vpn_ipsec_phase2.php
@@ -744,6 +744,7 @@ endif; ?>
                         28 => '28 (Brainpool EC 256 bits)',
                         29 => '29 (Brainpool EC 384 bits)',
                         30 => '30 (Brainpool EC 512 bits)',
+	                31 => '31 (Elliptic Curve 25519)',
                     );
                     foreach ($p2_dhgroups as $keygroup => $keygroupname): ?>
                       <option value="<?=$keygroup;?>" <?= $keygroup == $pconfig['pfsgroup'] ? "selected=\"selected\"" : "";?>>