diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2021-07-21 14:36:48 +0200 |
---|---|---|
committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2021-07-21 22:48:18 +0200 |
commit | a9e9c4acfa90fc15a8a4b6b5ea6e1c2814ce940e (patch) | |
tree | f42f7d9f65cdbf0b832373e68fd71e253a69f452 /python/vyos | |
parent | 936b36fdf180fce830dbc388ec5e8fc35feb9474 (diff) | |
download | vyos-1x-a9e9c4acfa90fc15a8a4b6b5ea6e1c2814ce940e.tar.gz vyos-1x-a9e9c4acfa90fc15a8a4b6b5ea6e1c2814ce940e.zip |
pki: openvpn: T3642: Migrate OpenVPN to PKI and refactor
Diffstat (limited to 'python/vyos')
-rw-r--r-- | python/vyos/pki.py | 5 | ||||
-rw-r--r-- | python/vyos/template.py | 29 |
2 files changed, 34 insertions, 0 deletions
diff --git a/python/vyos/pki.py b/python/vyos/pki.py index 1c6282d84..68ad73bf2 100644 --- a/python/vyos/pki.py +++ b/python/vyos/pki.py @@ -43,6 +43,8 @@ CSR_BEGIN='-----BEGIN CERTIFICATE REQUEST-----\n' CSR_END='\n-----END CERTIFICATE REQUEST-----' DH_BEGIN='-----BEGIN DH PARAMETERS-----\n' DH_END='\n-----END DH PARAMETERS-----' +OVPN_BEGIN = '-----BEGIN OpenVPN Static key V{0}-----\n' +OVPN_END = '\n-----END OpenVPN Static key V{0}-----' # Print functions @@ -227,6 +229,9 @@ def wrap_crl(raw_data): def wrap_dh_parameters(raw_data): return DH_BEGIN + raw_data + DH_END +def wrap_openvpn_key(raw_data, version='1'): + return OVPN_BEGIN.format(version) + raw_data + OVPN_END.format(version) + # Load functions def load_public_key(raw_data, wrap_tags=True): diff --git a/python/vyos/template.py b/python/vyos/template.py index 0d2bd39e7..6902d3720 100644 --- a/python/vyos/template.py +++ b/python/vyos/template.py @@ -439,3 +439,32 @@ def get_uuid(interface): """ Get interface IP addresses""" from uuid import uuid1 return uuid1() + +openvpn_translate = { + 'des': 'des-cbc', + '3des': 'des-ede3-cbc', + 'bf128': 'bf-cbc', + 'bf256': 'bf-cbc', + 'aes128gcm': 'aes-128-gcm', + 'aes128': 'aes-128-cbc', + 'aes192gcm': 'aes-192-gcm', + 'aes192': 'aes-192-cbc', + 'aes256gcm': 'aes-256-gcm', + 'aes256': 'aes-256-cbc' +} + +@register_filter('openvpn_cipher') +def get_openvpn_cipher(cipher): + if cipher in openvpn_translate: + return openvpn_translate[cipher].upper() + return cipher.upper() + +@register_filter('openvpn_ncp_ciphers') +def get_openvpn_ncp_ciphers(ciphers): + out = [] + for cipher in ciphers: + if cipher in openvpn_translate: + out.append(openvpn_translate[cipher]) + else: + out.append(cipher) + return ':'.join(out).upper() |