From f0dfdef139b415ac4396417b452344cf6b06882f Mon Sep 17 00:00:00 2001
From: Slair1 <slair@ippathways.com>
Date: Thu, 7 Apr 2016 23:37:33 -0500
Subject: [PATCH] PFS not being set correctly

Bug in code set PFS to the same value (yes/no) as DPD.
---
 systemvm/patches/debian/config/opt/cloud/bin/configure.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index ab134fcfca71..e2b635c0380f 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -528,7 +528,10 @@ def configure_ipsec(self, obj):
         file.addeq(" ikelifetime=%s" % self.convert_sec_to_h(obj['ike_lifetime']))
         file.addeq(" esp=%s" % obj['esp_policy'])
         file.addeq(" salifetime=%s" % self.convert_sec_to_h(obj['esp_lifetime']))
-        file.addeq(" pfs=%s" % CsHelper.bool_to_yn(obj['dpd']))
+        if "modp" in obj['esp_policy']:
+            file.addeq(" pfs=yes")
+        else:
+            file.addeq(" pfs=no")
         file.addeq(" keyingtries=2")
         file.addeq(" auto=start")
         file.addeq(" forceencaps=%s" % CsHelper.bool_to_yn(obj['encap']))