summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-06-25 19:38:50 +0200
committerChristian Poessinger <christian@poessinger.com>2021-06-25 19:41:00 +0200
commit23cb8c338ad3de4ead79dbad79a0195c91862fcc (patch)
tree1a44b4b60be8adec92df1b71db8d620255a2db18
parent150b1760230b6d7be3b7afd479f05e6bc5d861f7 (diff)
downloadvyos-1x-23cb8c338ad3de4ead79dbad79a0195c91862fcc.tar.gz
vyos-1x-23cb8c338ad3de4ead79dbad79a0195c91862fcc.zip
openvpn: T1704: drop deprecated disable-ncp option
(cherry picked from commit 6b7b19c93f90839549dd668116c4da2f38cfdc66) VyOS 1.3 will ship OpenVPN 2.5.1 and thus it is the perfect timing to still remove this option before introducing it in a new LTS release.
-rw-r--r--data/templates/openvpn/server.conf.tmpl2
-rw-r--r--interface-definitions/interfaces-openvpn.xml.in6
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_openvpn.py8
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py6
4 files changed, 0 insertions, 22 deletions
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index 79288e40f..7b1361764 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -248,8 +248,6 @@ cipher aes-256-cbc
{% endif %}
{% endfor %}
ncp-ciphers {{ cipher_list | join(':') }}:{{ cipher_list | join(':') | upper }}
-{% elif encryption.disable_ncp is defined %}
-ncp-disable
{% endif %}
{% endif %}
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index effbdd674..681290570 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -163,12 +163,6 @@
<multi/>
</properties>
</leafNode>
- <leafNode name="disable-ncp">
- <properties>
- <help>Disable support for ncp-ciphers</help>
- <valueless/>
- </properties>
- </leafNode>
</children>
</node>
#include <include/interface/interface-ipv6-options.xml.i>
diff --git a/smoketest/scripts/cli/test_interfaces_openvpn.py b/smoketest/scripts/cli/test_interfaces_openvpn.py
index 00db3f667..c9376b032 100755
--- a/smoketest/scripts/cli/test_interfaces_openvpn.py
+++ b/smoketest/scripts/cli/test_interfaces_openvpn.py
@@ -76,16 +76,8 @@ class TestInterfacesOpenVPN(unittest.TestCase):
interface = 'vtun2000'
path = base_path + [interface]
self.session.set(path + ['mode', 'client'])
-
- # check validate() - cannot specify both "encryption disable-ncp" and
- # "encryption ncp-ciphers" at the same time
- self.session.set(path + ['encryption', 'disable-ncp'])
self.session.set(path + ['encryption', 'ncp-ciphers', 'aes192gcm'])
- with self.assertRaises(ConfigSessionError):
- self.session.commit()
- self.session.delete(path + ['encryption', 'ncp-ciphers'])
-
# check validate() - cannot specify local-port in client mode
self.session.set(path + ['local-port', '5000'])
with self.assertRaises(ConfigSessionError):
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index ee6f05fcd..1c1c844d0 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -92,12 +92,6 @@ def verify(openvpn):
if 'mode' not in openvpn:
raise ConfigError('Must specify OpenVPN operation mode!')
- # Check if we have disabled ncp and at the same time specified ncp-ciphers
- if 'encryption' in openvpn:
- if {'disable_ncp', 'ncp_ciphers'} <= set(openvpn.get('encryption')):
- raise ConfigError('Can not specify both "encryption disable-ncp" '\
- 'and "encryption ncp-ciphers"')
-
#
# OpenVPN client mode - VERIFY
#