diff options
author | srividya0208 <a.srividya@vyos.io> | 2024-07-15 06:30:00 -0400 |
---|---|---|
committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-09-18 10:35:50 +0000 |
commit | 087c33f09237ca8d47b4d84ab52b466c3a141d8c (patch) | |
tree | 98aad533eb5293c9bcfb791ed742b05e4c1dec21 /src | |
parent | 87611cccbcb89bcf0fb3316afd7064a7d2f66b5b (diff) | |
download | vyos-1x-087c33f09237ca8d47b4d84ab52b466c3a141d8c.tar.gz vyos-1x-087c33f09237ca8d47b4d84ab52b466c3a141d8c.zip |
OpenVPN CLI-option: T6571: rename ncp-ciphers with data-ciphers
(cherry picked from commit b62b2f5f8a9c4f0a7dc26bce1f15843651119256)
Diffstat (limited to 'src')
-rwxr-xr-x | src/conf_mode/interfaces_openvpn.py | 6 | ||||
-rw-r--r-- | src/migration-scripts/openvpn/3-to-4 | 30 |
2 files changed, 33 insertions, 3 deletions
diff --git a/src/conf_mode/interfaces_openvpn.py b/src/conf_mode/interfaces_openvpn.py index d2665d9e5..9105ce1f8 100755 --- a/src/conf_mode/interfaces_openvpn.py +++ b/src/conf_mode/interfaces_openvpn.py @@ -322,8 +322,8 @@ def verify(openvpn): if v4addr in openvpn['local_address'] and 'subnet_mask' not in openvpn['local_address'][v4addr]: raise ConfigError('Must specify IPv4 "subnet-mask" for local-address') - if dict_search('encryption.ncp_ciphers', openvpn): - raise ConfigError('NCP ciphers can only be used in client or server mode') + if dict_search('encryption.data_ciphers', openvpn): + raise ConfigError('Cipher negotiation can only be used in client or server mode') else: # checks for client-server or site-to-site bridged @@ -536,7 +536,7 @@ def verify(openvpn): if dict_search('encryption.cipher', openvpn): raise ConfigError('"encryption cipher" option is deprecated for TLS mode. ' - 'Use "encryption ncp-ciphers" instead') + 'Use "encryption data-ciphers" instead') if dict_search('encryption.cipher', openvpn) == 'none': print('Warning: "encryption none" was specified!') diff --git a/src/migration-scripts/openvpn/3-to-4 b/src/migration-scripts/openvpn/3-to-4 new file mode 100644 index 000000000..d3c76c7d3 --- /dev/null +++ b/src/migration-scripts/openvpn/3-to-4 @@ -0,0 +1,30 @@ +#!/usr/bin/env python3 +# Copyright 2024 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library. If not, see <http://www.gnu.org/licenses/>. +# Renames ncp-ciphers option to data-ciphers + +from vyos.configtree import ConfigTree + +def migrate(config: ConfigTree) -> None: + if not config.exists(['interfaces', 'openvpn']): + # Nothing to do + return + + ovpn_intfs = config.list_nodes(['interfaces', 'openvpn']) + for i in ovpn_intfs: + #Rename 'encryption ncp-ciphers' with 'encryption data-ciphers' + ncp_cipher_path = ['interfaces', 'openvpn', i, 'encryption', 'ncp-ciphers'] + if config.exists(ncp_cipher_path): + config.rename(ncp_cipher_path, 'data-ciphers') |