767,797c767,770
<                             if ($dh_group eq '2') {
<                                 $genout .= '-modp1024';
<                             } elsif ($dh_group eq '5') {
<                                 $genout .= '-modp1536';
<                             } elsif ($dh_group eq '14') {
<                                 $genout .= '-modp2048';
<                             } elsif ($dh_group eq '15') {
<                                 $genout .= '-modp3072';
<                             } elsif ($dh_group eq '16') {
<                                 $genout .= '-modp4096';
<                             } elsif ($dh_group eq '17') {
<                                 $genout .= '-modp6144';
<                             } elsif ($dh_group eq '18') {
<                                 $genout .= '-modp8192';
<                             } elsif ($dh_group eq '19') {
<                                 $genout .= '-ecp256';
<                             } elsif ($dh_group eq '20') {
<                                 $genout .= '-ecp384';
<                             } elsif ($dh_group eq '21') {
<                                 $genout .= '-ecp521';
<                             } elsif ($dh_group eq '22') {
<                                 $genout .= '-modp1024s160';
<                             } elsif ($dh_group eq '23') {
<                                 $genout .= '-modp2048s224';
<                             } elsif ($dh_group eq '24') {
<                                 $genout .= '-modp2048s256';
<                             } elsif ($dh_group eq '25') {
<                                 $genout .= '-ecp192';
<                             } elsif ($dh_group eq '26') {
<                                 $genout .= '-ecp224';
<                             } elsif ($dh_group ne '') {
---
>                             my $cipher_out = get_dh_cipher_result($dh_group);
>                             if ($dh_group ne 'unknown') {
>                                 $genout .= "-$cipher_out";
>                             } else {
895c868
<                     # Get encryption, hash
---
>                     # Get encryption, hash 
898a872,873
>                     my $key_exchange = $vcVPN->returnValue("ipsec ike-group $ike_group key-exchange");
>                     my $pfs = $vcVPN->returnValue("ipsec esp-group $esp_group pfs");
908a884,895
>                     if (defined($pfs)) {
>                         if ($pfs eq 'enable') {
>                             # Get the first IKE group's dh-group and use that as our PFS setting                             
>                             my $default_pfs = $vcVPN->returnValue("ipsec ike-group $ike_group proposal 1 dh-group");
>                             $pfs = get_dh_cipher_result($default_pfs);
>                         } elsif ($pfs eq 'disable') {
>                             undef $pfs;
>                         } else {
>                             $pfs = get_dh_cipher_result($pfs);
>                         }
>                     }
> 
913a901,903
>                         if (defined($pfs) && defined($key_exchange) && $key_exchange eq 'ikev2') {
>                            $genout .= "-$pfs";
>                         }
964,985c954,955
<                     } elsif ($pfs eq 'dh-group2') {
<                         $genout .= "\tpfs=yes\n";
<                         $genout .= "\tpfsgroup=modp1024\n";
<                     } elsif ($pfs eq 'dh-group5') {
<                         $genout .= "\tpfs=yes\n";
<                         $genout .= "\tpfsgroup=modp1536\n";
<                     } elsif ($pfs eq 'dh-group14') {
<                         $genout .= "\tpfs=yes\n";
<                         $genout .= "\tpfsgroup=modp2048\n";
<                     } elsif ($pfs eq 'dh-group15') {
<                         $genout .= "\tpfs=yes\n";
<                         $genout .= "\tpfsgroup=modp3072\n";
<                     } elsif ($pfs eq 'dh-group16') {
<                         $genout .= "\tpfs=yes\n";
<                         $genout .= "\tpfsgroup=modp4096\n";
<                     } elsif ($pfs eq 'dh-group17') {
<                         $genout .= "\tpfs=yes\n";
<                         $genout .= "\tpfsgroup=modp6144\n";
<                     } elsif ($pfs eq 'dh-group18') {
<                         $genout .= "\tpfs=yes\n";
<                         $genout .= "\tpfsgroup=modp8192\n";
<                     } elsif ($pfs eq 'dh-group19') {
---
>                     } elsif ($pfs ne 'disable') {
>                         my $pfsgroup = get_dh_cipher_result($pfs);
987,1008c957
<                         $genout .= "\tpfsgroup=ecp256\n";
<                     } elsif ($pfs eq 'dh-group20') {
<                         $genout .= "\tpfs=yes\n";
<                         $genout .= "\tpfsgroup=ecp384\n";
<                     } elsif ($pfs eq 'dh-group21') {
<                         $genout .= "\tpfs=yes\n";
<                         $genout .= "\tpfsgroup=ecp521\n";
<                     } elsif ($pfs eq 'dh-group22') {
<                         $genout .= "\tpfs=yes\n";
<                         $genout .= "\tpfsgroup=modp1024s160\n";
<                     } elsif ($pfs eq 'dh-group23') {
<                         $genout .= "\tpfs=yes\n";
<                         $genout .= "\tpfsgroup=modp2048s224\n";
<                     } elsif ($pfs eq 'dh-group24') {
<                         $genout .= "\tpfs=yes\n";
<                         $genout .= "\tpfsgroup=modp2048s256\n";
<                     } elsif ($pfs eq 'dh-group25') {
<                         $genout .= "\tpfs=yes\n";
<                         $genout .= "\tpfsgroup=ecp192\n";
<                     } elsif ($pfs eq 'dh-group26') {
<                         $genout .= "\tpfs=yes\n";
<                         $genout .= "\tpfsgroup=ecp224\n";
---
>                         $genout .= "\tpfsgroup=$pfsgroup\n";
1554a1504,1542
> }
> 
> sub get_dh_cipher_result { 
>     my ($cipher) = @_;
>     my $ciph_out;
>     if ($cipher eq '2' || $cipher eq 'dh-group2') {
>         $ciph_out = 'modp1024';
>     } elsif ($cipher eq '5' || $cipher eq 'dh-group5') {
>         $ciph_out = 'modp1536';
>     } elsif ($cipher eq '14' || $cipher eq 'dh-group14') {
>         $ciph_out = 'modp2048';
>     } elsif ($cipher eq '15' || $cipher eq 'dh-group15') {
>         $ciph_out = 'modp3072';
>     } elsif ($cipher eq '16' || $cipher eq 'dh-group16') {
>         $ciph_out = 'modp4096';
>     } elsif ($cipher eq '17' || $cipher eq 'dh-group17') {
>         $ciph_out = 'modp6144';
>     } elsif ($cipher eq '18' || $cipher eq 'dh-group18') {
>         $ciph_out = 'modp8192';
>     } elsif ($cipher eq '19' || $cipher eq 'dh-group19') {
>         $ciph_out = 'ecp256';
>     } elsif ($cipher eq '20' || $cipher eq 'dh-group20') {
>         $ciph_out = 'ecp384';
>     } elsif ($cipher eq '21' || $cipher eq 'dh-group21') {
>         $ciph_out = 'ecp521';
>     } elsif ($cipher eq '22' || $cipher eq 'dh-group22') {
>         $ciph_out = 'modp1024s160';
>     } elsif ($cipher eq '23' || $cipher eq 'dh-group23') {
>         $ciph_out = 'modp2048s224';
>     } elsif ($cipher eq '24' || $cipher eq 'dh-group24') {
>         $ciph_out = 'modp2048s256';
>     } elsif ($cipher eq '25' || $cipher eq 'dh-group25') {
>         $ciph_out = 'ecp192';
>     } elsif ($cipher eq '26' || $cipher eq 'dh-group26') {
>         $ciph_out = 'ecp224';
>     } else {
>         $ciph_out = 'unknown';
>     }
>     return $ciph_out;