From f47e4cb729dda914f15f9ed66ab16081c0382031 Mon Sep 17 00:00:00 2001
From: Mykola Baibuz <mykola.baibuz@gmail.com>
Date: Fri, 7 Feb 2025 12:58:37 +0200
Subject: [PATCH] Enable PFS for Linux IPSec

---
 client/server_scripts/ipsec/template.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/client/server_scripts/ipsec/template.conf b/client/server_scripts/ipsec/template.conf
index d8cf6b1f..eb9291f9 100644
--- a/client/server_scripts/ipsec/template.conf
+++ b/client/server_scripts/ipsec/template.conf
@@ -21,6 +21,7 @@ conn ikev2-vpn
     rightsendcert=never
     eap_identity=%identity
     encapsulation=yes 
+    pfs=yes 
     ike=aes256-sha256-modp2048,aes256-sha1-modp1024,3des-sha1-modp1024
     esp=aes256-sha256,aes256-sha1,3des-sha1