[OpenVPN]: T1688: Added check to see if encryption gcm is used in combination with shared-secret-key-file, which is not supported (OpenVPN throws error message)

author: vindenesen <vindenesen@gmail.com> 2019-09-30 20:12:06 +0200
committer: vindenesen <vindenesen@gmail.com> 2019-09-30 20:23:46 +0200
commit: 9a4f89ad6752d9ad859ae124c97e3e4657f81aad (patch)
tree: 8281a110b487367bda223373077e9e7c6e34686d
parent: 387f9bb2f8f11af872f6f78f4b12d7cd20ea8c58 (diff)
download: vyos-1x-9a4f89ad6752d9ad859ae124c97e3e4657f81aad.tar.gz
vyos-1x-9a4f89ad6752d9ad859ae124c97e3e4657f81aad.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py
index d00671a85..5345bf7a2 100755
--- a/src/conf_mode/interface-openvpn.py
+++ b/src/conf_mode/interface-openvpn.py
@@ -735,6 +735,9 @@ def verify(openvpn):
     # TLS/encryption
     #
     if openvpn['shared_secret_file']:
+        if openvpn['encryption'] in ['aes128gcm', 'aes192gcm', 'aes256gcm']:
+            raise ConfigError('GCM encryption with shared-secret-key-file is not supported')
+        
         if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']):
             raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file']))
author	vindenesen <vindenesen@gmail.com>	2019-09-30 20:12:06 +0200
committer	vindenesen <vindenesen@gmail.com>	2019-09-30 20:23:46 +0200
commit	9a4f89ad6752d9ad859ae124c97e3e4657f81aad (patch)
tree	8281a110b487367bda223373077e9e7c6e34686d
parent	387f9bb2f8f11af872f6f78f4b12d7cd20ea8c58 (diff)
download	vyos-1x-9a4f89ad6752d9ad859ae124c97e3e4657f81aad.tar.gz vyos-1x-9a4f89ad6752d9ad859ae124c97e3e4657f81aad.zip