diff options
author | Daniil Baturin <daniil@vyos.io> | 2024-09-18 12:38:36 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-09-18 12:38:36 +0100 |
commit | 0444795e3798f2ec51e40bef67a0920f892769b8 (patch) | |
tree | 5c0ba6fb3c4b6579e5ab7a6e2eeedd52241bbdb0 /src | |
parent | 19ac59d02da196c8bc34c706ca72fc960e8ebb1c (diff) | |
parent | 087c33f09237ca8d47b4d84ab52b466c3a141d8c (diff) | |
download | vyos-1x-0444795e3798f2ec51e40bef67a0920f892769b8.tar.gz vyos-1x-0444795e3798f2ec51e40bef67a0920f892769b8.zip |
Merge pull request #4082 from vyos/mergify/bp/circinus/pr-3823
OpenVPN CLI-option: T6571: rename ncp-ciphers with data-ciphers (backport #3823)
Diffstat (limited to 'src')
-rwxr-xr-x | src/conf_mode/interfaces_openvpn.py | 6 | ||||
-rw-r--r-- | src/migration-scripts/openvpn/3-to-4 | 30 |
2 files changed, 33 insertions, 3 deletions
diff --git a/src/conf_mode/interfaces_openvpn.py b/src/conf_mode/interfaces_openvpn.py index d2665d9e5..9105ce1f8 100755 --- a/src/conf_mode/interfaces_openvpn.py +++ b/src/conf_mode/interfaces_openvpn.py @@ -322,8 +322,8 @@ def verify(openvpn): if v4addr in openvpn['local_address'] and 'subnet_mask' not in openvpn['local_address'][v4addr]: raise ConfigError('Must specify IPv4 "subnet-mask" for local-address') - if dict_search('encryption.ncp_ciphers', openvpn): - raise ConfigError('NCP ciphers can only be used in client or server mode') + if dict_search('encryption.data_ciphers', openvpn): + raise ConfigError('Cipher negotiation can only be used in client or server mode') else: # checks for client-server or site-to-site bridged @@ -536,7 +536,7 @@ def verify(openvpn): if dict_search('encryption.cipher', openvpn): raise ConfigError('"encryption cipher" option is deprecated for TLS mode. ' - 'Use "encryption ncp-ciphers" instead') + 'Use "encryption data-ciphers" instead') if dict_search('encryption.cipher', openvpn) == 'none': print('Warning: "encryption none" was specified!') diff --git a/src/migration-scripts/openvpn/3-to-4 b/src/migration-scripts/openvpn/3-to-4 new file mode 100644 index 000000000..d3c76c7d3 --- /dev/null +++ b/src/migration-scripts/openvpn/3-to-4 @@ -0,0 +1,30 @@ +#!/usr/bin/env python3 +# Copyright 2024 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library. If not, see <http://www.gnu.org/licenses/>. +# Renames ncp-ciphers option to data-ciphers + +from vyos.configtree import ConfigTree + +def migrate(config: ConfigTree) -> None: + if not config.exists(['interfaces', 'openvpn']): + # Nothing to do + return + + ovpn_intfs = config.list_nodes(['interfaces', 'openvpn']) + for i in ovpn_intfs: + #Rename 'encryption ncp-ciphers' with 'encryption data-ciphers' + ncp_cipher_path = ['interfaces', 'openvpn', i, 'encryption', 'ncp-ciphers'] + if config.exists(ncp_cipher_path): + config.rename(ncp_cipher_path, 'data-ciphers') |