From 7b9b328f309f40497b17c5840b4f8b806c26089f Mon Sep 17 00:00:00 2001
From: Slair1 <slair@ippathways.com>
Date: Fri, 8 Apr 2016 13:08:58 -0500
Subject: [PATCH] CLOUDSTACK-9342: Site to Site VPN PFS not being set correctly

Bug in code set PFS to the same value (yes/no) as DPD.

file.addeq(" pfs=%s" % CsHelper.bool_to_yn(obj['dpd']))
---
 systemvm/patches/debian/config/opt/cloud/bin/configure.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index ab134fcfca7..e2b635c0380 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -528,7 +528,10 @@ class CsSite2SiteVpn(CsDataBag):
         file.addeq(" ikelifetime=%s" % self.convert_sec_to_h(obj['ike_lifetime']))
         file.addeq(" esp=%s" % obj['esp_policy'])
         file.addeq(" salifetime=%s" % self.convert_sec_to_h(obj['esp_lifetime']))
-        file.addeq(" pfs=%s" % CsHelper.bool_to_yn(obj['dpd']))
+        if "modp" in obj['esp_policy']:
+            file.addeq(" pfs=yes")
+        else:
+            file.addeq(" pfs=no")
         file.addeq(" keyingtries=2")
         file.addeq(" auto=start")
         file.addeq(" forceencaps=%s" % CsHelper.bool_to_yn(obj['encap']))