1 files changed, 8 insertions, 3 deletions

diff --git a/src/conf_mode/interfaces_openvpn.py b/src/conf_mode/interfaces_openvpn.py
index 45569dd21..0ecffd3be 100755
--- a/src/conf_mode/interfaces_openvpn.py
+++ b/src/conf_mode/interfaces_openvpn.py
@@ -16,7 +16,6 @@
 
 import os
 import re
-import tempfile
 
 from cryptography.hazmat.primitives.asymmetric import ec
 from glob import glob
@@ -26,7 +25,6 @@ from ipaddress import IPv4Network
 from ipaddress import IPv6Address
 from ipaddress import IPv6Network
 from ipaddress import summarize_address_range
-from netifaces import interfaces
 from secrets import SystemRandom
 from shutil import rmtree
 
@@ -63,6 +61,7 @@ from vyos.utils.process import call
 from vyos.utils.permission import chown
 from vyos.utils.process import cmd
 from vyos.utils.network import is_addr_assigned
+from vyos.utils.network import interface_exists
 
 from vyos import ConfigError
 from vyos import airbag
@@ -199,6 +198,12 @@ def verify_pki(openvpn):
                 raise ConfigError(f'Cannot use encrypted private key on openvpn interface {interface}')
 
         if 'dh_params' in tls:
+            if 'dh' not in pki:
+                raise ConfigError(f'pki dh is not configured')
+            proposed_dh = tls['dh_params']
+            if proposed_dh not in pki['dh'].keys():
+                raise ConfigError(f"pki dh '{proposed_dh}' is not configured")
+
             pki_dh = pki['dh'][tls['dh_params']]
             dh_params = load_dh_parameters(pki_dh['parameters'])
             dh_numbers = dh_params.parameter_numbers()
@@ -683,7 +688,7 @@ def apply(openvpn):
             if os.path.isfile(cleanup_file):
                 os.unlink(cleanup_file)
 
-        if interface in interfaces():
+        if interface_exists(interface):
             VTunIf(interface).remove()
 
     # dynamically load/unload DCO Kernel extension if requested