From 3fd4d5b9c595b43dddbb75cf0748450b36a5610a Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Thu, 23 Feb 2023 11:07:46 +0000 Subject: T5027: Enable legacy provider to support current ciphers * We will need to remove insecure ciphers as a long-term solution (BF-CBC, DES...) --- data/templates/openvpn/server.conf.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/data/templates/openvpn/server.conf.j2 b/data/templates/openvpn/server.conf.j2 index 6dd4ef88d..af866f2a6 100644 --- a/data/templates/openvpn/server.conf.j2 +++ b/data/templates/openvpn/server.conf.j2 @@ -213,6 +213,9 @@ keysize 256 data-ciphers {{ encryption.ncp_ciphers | openvpn_ncp_ciphers }} {% endif %} {% endif %} +# https://vyos.dev/T5027 +# Required to support BF-CBC (default ciphername when none given) +providers legacy default {% if hash is vyos_defined %} auth {{ hash }} -- cgit v1.2.3