summaryrefslogtreecommitdiff
path: root/python/vyos
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2021-07-21 14:36:48 +0200
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2021-07-21 22:48:18 +0200
commita9e9c4acfa90fc15a8a4b6b5ea6e1c2814ce940e (patch)
treef42f7d9f65cdbf0b832373e68fd71e253a69f452 /python/vyos
parent936b36fdf180fce830dbc388ec5e8fc35feb9474 (diff)
downloadvyos-1x-a9e9c4acfa90fc15a8a4b6b5ea6e1c2814ce940e.tar.gz
vyos-1x-a9e9c4acfa90fc15a8a4b6b5ea6e1c2814ce940e.zip
pki: openvpn: T3642: Migrate OpenVPN to PKI and refactor
Diffstat (limited to 'python/vyos')
-rw-r--r--python/vyos/pki.py5
-rw-r--r--python/vyos/template.py29
2 files changed, 34 insertions, 0 deletions
diff --git a/python/vyos/pki.py b/python/vyos/pki.py
index 1c6282d84..68ad73bf2 100644
--- a/python/vyos/pki.py
+++ b/python/vyos/pki.py
@@ -43,6 +43,8 @@ CSR_BEGIN='-----BEGIN CERTIFICATE REQUEST-----\n'
CSR_END='\n-----END CERTIFICATE REQUEST-----'
DH_BEGIN='-----BEGIN DH PARAMETERS-----\n'
DH_END='\n-----END DH PARAMETERS-----'
+OVPN_BEGIN = '-----BEGIN OpenVPN Static key V{0}-----\n'
+OVPN_END = '\n-----END OpenVPN Static key V{0}-----'
# Print functions
@@ -227,6 +229,9 @@ def wrap_crl(raw_data):
def wrap_dh_parameters(raw_data):
return DH_BEGIN + raw_data + DH_END
+def wrap_openvpn_key(raw_data, version='1'):
+ return OVPN_BEGIN.format(version) + raw_data + OVPN_END.format(version)
+
# Load functions
def load_public_key(raw_data, wrap_tags=True):
diff --git a/python/vyos/template.py b/python/vyos/template.py
index 0d2bd39e7..6902d3720 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -439,3 +439,32 @@ def get_uuid(interface):
""" Get interface IP addresses"""
from uuid import uuid1
return uuid1()
+
+openvpn_translate = {
+ 'des': 'des-cbc',
+ '3des': 'des-ede3-cbc',
+ 'bf128': 'bf-cbc',
+ 'bf256': 'bf-cbc',
+ 'aes128gcm': 'aes-128-gcm',
+ 'aes128': 'aes-128-cbc',
+ 'aes192gcm': 'aes-192-gcm',
+ 'aes192': 'aes-192-cbc',
+ 'aes256gcm': 'aes-256-gcm',
+ 'aes256': 'aes-256-cbc'
+}
+
+@register_filter('openvpn_cipher')
+def get_openvpn_cipher(cipher):
+ if cipher in openvpn_translate:
+ return openvpn_translate[cipher].upper()
+ return cipher.upper()
+
+@register_filter('openvpn_ncp_ciphers')
+def get_openvpn_ncp_ciphers(ciphers):
+ out = []
+ for cipher in ciphers:
+ if cipher in openvpn_translate:
+ out.append(openvpn_translate[cipher])
+ else:
+ out.append(cipher)
+ return ':'.join(out).upper()