From 3c2ad5d6b3c53f27d747bbde7b6ff81dc4bb7e5f Mon Sep 17 00:00:00 2001
From: Stephan de Wit <stephan.de.wit@deciso.com>
Date: Fri, 25 Apr 2025 09:43:59 +0200
Subject: [PATCH] ipsec: add DH Group 2 for basic Azure VPN gateway
 compatibility

While insecure, this is the best possible proposal combination out
of the list provided by Microsoft: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#ike-phase-1-main-mode-parameters
---
 .../app/models/OPNsense/IPsec/FieldTypes/IPsecProposalField.php  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/opnsense/mvc/app/models/OPNsense/IPsec/FieldTypes/IPsecProposalField.php b/src/opnsense/mvc/app/models/OPNsense/IPsec/FieldTypes/IPsecProposalField.php
index aac2bb2a1..14950fd66 100644
--- a/src/opnsense/mvc/app/models/OPNsense/IPsec/FieldTypes/IPsecProposalField.php
+++ b/src/opnsense/mvc/app/models/OPNsense/IPsec/FieldTypes/IPsecProposalField.php
@@ -122,6 +122,7 @@ class IPsecProposalField extends BaseListField
                 'aes128-sha1-modp2048' => 'aes128-sha1-modp2048 [DH14]',
                 'aes256-sha1-modp4096' => 'aes256-sha1-modp4096 [DH16]',
                 'aes256-sha1-ecp521' => 'aes256-sha1-ecp521 [DH21, NIST EC]',
+                'aes256-sha256-modp1024' => 'aes256-sha256-modp1024 [DH2]',
                 'aes256-sha512-modp1024' => 'aes256-sha512-modp1024 [DH2]',
                 'aes256-sha256' => 'aes256-sha256',
                 'null' => gettext('null (testing only, no encryption and no integrity checking!)')