summaryrefslogtreecommitdiff
path: root/src/conf_mode/interface-openvpn.py
diff options
context:
space:
mode:
authorhagbard <vyosdev@derith.de>2019-10-09 09:24:40 -0700
committerhagbard <vyosdev@derith.de>2019-10-09 09:24:40 -0700
commitf8be18fbc549bc574746991bd0bb1de9b424745e (patch)
tree681026f10f4a02f707a1cec037935e20716fdb51 /src/conf_mode/interface-openvpn.py
parentc4dbaa158c9b5c6e3c4ff3fe2f9f17d095732547 (diff)
parent21fe962befb2ebd1625eb7a6c28cb3e9005fe37e (diff)
downloadvyos-1x-f8be18fbc549bc574746991bd0bb1de9b424745e.tar.gz
vyos-1x-f8be18fbc549bc574746991bd0bb1de9b424745e.zip
Merge branch 'current' into equuleus
Diffstat (limited to 'src/conf_mode/interface-openvpn.py')
-rwxr-xr-xsrc/conf_mode/interface-openvpn.py9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py
index a988e1ab1..5345bf7a2 100755
--- a/src/conf_mode/interface-openvpn.py
+++ b/src/conf_mode/interface-openvpn.py
@@ -207,10 +207,16 @@ keysize 128
{%- elif 'bf256' in encryption %}
cipher bf-cbc
keysize 25
+{%- elif 'aes128gcm' in encryption %}
+cipher aes-128-gcm
{%- elif 'aes128' in encryption %}
cipher aes-128-cbc
+{%- elif 'aes192gcm' in encryption %}
+cipher aes-192-gcm
{%- elif 'aes192' in encryption %}
cipher aes-192-cbc
+{%- elif 'aes256gcm' in encryption %}
+cipher aes-256-gcm
{%- elif 'aes256' in encryption %}
cipher aes-256-cbc
{% endif %}
@@ -729,6 +735,9 @@ def verify(openvpn):
# TLS/encryption
#
if openvpn['shared_secret_file']:
+ if openvpn['encryption'] in ['aes128gcm', 'aes192gcm', 'aes256gcm']:
+ raise ConfigError('GCM encryption with shared-secret-key-file is not supported')
+
if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']):
raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file']))
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-25 08:06:13 +0000