From 4bc012d2b2418ad3313fe5476b1e18a057cc6b7d Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@baturin.org>
Date: Tue, 15 Aug 2023 19:47:26 +0100
Subject: T5270: generate 'dh none' unconditionally when dh-params is no
 present

The condition is useless since OpenVPN simply switches to ECDH in all modes
when the classic DH prime is not specified
---
 data/templates/openvpn/server.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/templates/openvpn/server.conf.j2 b/data/templates/openvpn/server.conf.j2
index a9bd45370..cee83077f 100644
--- a/data/templates/openvpn/server.conf.j2
+++ b/data/templates/openvpn/server.conf.j2
@@ -185,7 +185,7 @@ tls-version-min {{ tls.tls_version_min }}
 {%     endif %}
 {%     if tls.dh_params is vyos_defined %}
 dh /run/openvpn/{{ ifname }}_dh.pem
-{%     elif mode is vyos_defined('server') and tls.private_key is vyos_defined %}
+{%     else %}
 dh none
 {%     endif %}
 {%     if tls.auth_key is vyos_defined %}
-- 
cgit v1.2.3