From 23cb8c338ad3de4ead79dbad79a0195c91862fcc Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 25 Jun 2021 19:38:50 +0200 Subject: openvpn: T1704: drop deprecated disable-ncp option (cherry picked from commit 6b7b19c93f90839549dd668116c4da2f38cfdc66) VyOS 1.3 will ship OpenVPN 2.5.1 and thus it is the perfect timing to still remove this option before introducing it in a new LTS release. --- data/templates/openvpn/server.conf.tmpl | 2 -- interface-definitions/interfaces-openvpn.xml.in | 6 ------ smoketest/scripts/cli/test_interfaces_openvpn.py | 8 -------- src/conf_mode/interfaces-openvpn.py | 6 ------ 4 files changed, 22 deletions(-) diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl index 79288e40f..7b1361764 100644 --- a/data/templates/openvpn/server.conf.tmpl +++ b/data/templates/openvpn/server.conf.tmpl @@ -248,8 +248,6 @@ cipher aes-256-cbc {% endif %} {% endfor %} ncp-ciphers {{ cipher_list | join(':') }}:{{ cipher_list | join(':') | upper }} -{% elif encryption.disable_ncp is defined %} -ncp-disable {% endif %} {% endif %} diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index effbdd674..681290570 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -163,12 +163,6 @@ - - - Disable support for ncp-ciphers - - - #include diff --git a/smoketest/scripts/cli/test_interfaces_openvpn.py b/smoketest/scripts/cli/test_interfaces_openvpn.py index 00db3f667..c9376b032 100755 --- a/smoketest/scripts/cli/test_interfaces_openvpn.py +++ b/smoketest/scripts/cli/test_interfaces_openvpn.py @@ -76,16 +76,8 @@ class TestInterfacesOpenVPN(unittest.TestCase): interface = 'vtun2000' path = base_path + [interface] self.session.set(path + ['mode', 'client']) - - # check validate() - cannot specify both "encryption disable-ncp" and - # "encryption ncp-ciphers" at the same time - self.session.set(path + ['encryption', 'disable-ncp']) self.session.set(path + ['encryption', 'ncp-ciphers', 'aes192gcm']) - with self.assertRaises(ConfigSessionError): - self.session.commit() - self.session.delete(path + ['encryption', 'ncp-ciphers']) - # check validate() - cannot specify local-port in client mode self.session.set(path + ['local-port', '5000']) with self.assertRaises(ConfigSessionError): diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index ee6f05fcd..1c1c844d0 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -92,12 +92,6 @@ def verify(openvpn): if 'mode' not in openvpn: raise ConfigError('Must specify OpenVPN operation mode!') - # Check if we have disabled ncp and at the same time specified ncp-ciphers - if 'encryption' in openvpn: - if {'disable_ncp', 'ncp_ciphers'} <= set(openvpn.get('encryption')): - raise ConfigError('Can not specify both "encryption disable-ncp" '\ - 'and "encryption ncp-ciphers"') - # # OpenVPN client mode - VERIFY # -- cgit v1.2.3