ipsec: T7225: fix IKE DiffieHellmanGroup and ExtendedAuthEnabled in iOS profile

[c-po]

Change summary

Fix dynamic generation of IKE DiffieHellmanGroup in iOS profile

Commit e97d86e (T6617: T6618: vpn ipsec remote-access: fix profile generators) added a bug when working with
DiffieHellmanGroup, it started becoming a boolean and no longer referencing the DH groups itself. This has been fixed.

iOS18+ always requires ExtendedAuthEnabled to be set, if this is unset, loading the iOS VPN profile will error out on the device
giving:

Profile Installation Failed
configuration is invalid:
Missing identity

My first assumption was an empty string in LocalIdentifier for IKE, but turned out only adding this flag solved it.

This was made optional in commit e97d86e (T6617: T6618: vpn ipsec remote-access: fix profile generators) but got reverted now.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• Other (please describe):

Related Task(s)

• https://vyos.dev/T7225

Related PR(s)

• ipsec: T7225: "generate ipsec profile ios-remote-access" throws UndefinedError #4381

How to test / Smoketest result

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• I have run the components SMOKETESTS if applicable
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

[github-actions]

👍
No issues in PR Title / Commit Title

[github-actions]

CI integration 👍 passed!

Details

CI logs

• CLI Smoketests (no interfaces) 👍 passed
• CLI Smoketests (interfaces only) 👍 passed
• Config tests 👍 passed
• RAID1 tests 👍 passed
• TPM tests 👍 passed