From ceb623bbd6583cf290b57a223851f178abb23d6f Mon Sep 17 00:00:00 2001
From: Viacheslav <v.gletenko@vyos.io>
Date: Fri, 13 Aug 2021 15:48:14 +0000
Subject: openvpn: T3738: Disable authentication option for server mode

(cherry picked from commit 655876f4c22c0f4ea839a81f4af09d6016e19197)
---
 src/conf_mode/interfaces-openvpn.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 981a45c88..0a420f7bf 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2019-2020 VyOS maintainers and contributors
+# Copyright (C) 2019-2021 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -188,6 +188,9 @@ def verify(openvpn):
         if openvpn['protocol'] == 'tcp-active':
             raise ConfigError('Protocol "tcp-active" is not valid in server mode')
 
+        if dict_search('authentication.username', openvpn) or dict_search('authentication.password', openvpn):
+            raise ConfigError('Cannot specify "authentication" in server mode')
+
         if 'remote_port' in openvpn:
             raise ConfigError('Cannot specify "remote-port" in server mode')
 
-- 
cgit v1.2.3