summaryrefslogtreecommitdiff
path: root/src/conf_mode/interfaces_openvpn.py
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-01-04 11:17:27 +0100
committerGitHub <noreply@github.com>2024-01-04 11:17:27 +0100
commit598fed91068401d5ed259ea742820248d851d246 (patch)
tree14ad877fe86882f8325f6bda83471197aecc6c45 /src/conf_mode/interfaces_openvpn.py
parent1cc70ce273cbddb5ea9eb4148808c6c2aaf3d28f (diff)
parent706fdbb234202723e02f93ad8eb724649181a60a (diff)
downloadvyos-1x-598fed91068401d5ed259ea742820248d851d246.tar.gz
vyos-1x-598fed91068401d5ed259ea742820248d851d246.zip
Merge pull request #2751 from vyos/mergify/bp/sagitta/pr-2750
configdict: T5894: add get_config_dict() flag with_pki (backport #2750)
Diffstat (limited to 'src/conf_mode/interfaces_openvpn.py')
-rwxr-xr-xsrc/conf_mode/interfaces_openvpn.py16
1 files changed, 6 insertions, 10 deletions
diff --git a/src/conf_mode/interfaces_openvpn.py b/src/conf_mode/interfaces_openvpn.py
index 85905fd9a..5795ce0bc 100755
--- a/src/conf_mode/interfaces_openvpn.py
+++ b/src/conf_mode/interfaces_openvpn.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2019-2023 VyOS maintainers and contributors
+# Copyright (C) 2019-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -89,16 +89,12 @@ def get_config(config=None):
conf = Config()
base = ['interfaces', 'openvpn']
- ifname, openvpn = get_interface_dict(conf, base)
+ ifname, openvpn = get_interface_dict(conf, base, with_pki=True)
openvpn['auth_user_pass_file'] = '/run/openvpn/{ifname}.pw'.format(**openvpn)
if 'deleted' in openvpn:
return openvpn
- openvpn['pki'] = conf.get_config_dict(['pki'], key_mangling=('-', '_'),
- get_first_key=True,
- no_tag_node_value_mangle=True)
-
if is_node_changed(conf, base + [ifname, 'openvpn-option']):
openvpn.update({'restart_required': {}})
if is_node_changed(conf, base + [ifname, 'enable-dco']):
@@ -167,9 +163,10 @@ def verify_pki(openvpn):
raise ConfigError(f'Invalid shared-secret on openvpn interface {interface}')
# If PSK settings are correct, warn about its deprecation
- DeprecationWarning("OpenVPN shared-secret support will be removed in future VyOS versions.\n\
- Please migrate your site-to-site tunnels to TLS.\n\
- You can use self-signed certificates with peer fingerprint verification, consult the documentation for details.")
+ DeprecationWarning('OpenVPN shared-secret support will be removed in future '\
+ 'VyOS versions. Please migrate your site-to-site tunnels to '\
+ 'TLS. You can use self-signed certificates with peer fingerprint '\
+ 'verification, consult the documentation for details.')
if tls:
if (mode in ['server', 'client']) and ('ca_certificate' not in tls):
@@ -728,4 +725,3 @@ if __name__ == '__main__':
except ConfigError as e:
print(e)
exit(1)
-