T5270: generate 'dh none' unconditionally when dh-params is no present

The condition is useless since OpenVPN simply switches to ECDH in all modes when the classic DH prime is not specified
author: Daniil Baturin <daniil@baturin.org> 2023-08-15 19:47:26 +0100
committer: Daniil Baturin <daniil@baturin.org> 2023-08-15 19:47:26 +0100
commit: 4bc012d2b2418ad3313fe5476b1e18a057cc6b7d (patch)
tree: e069ce3a7807b3e67911fbf3b2c9039eb90eff75
parent: f67614c66d6570c06be199ffffe439a589a06d4b (diff)
download: vyos-1x-4bc012d2b2418ad3313fe5476b1e18a057cc6b7d.tar.gz
vyos-1x-4bc012d2b2418ad3313fe5476b1e18a057cc6b7d.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/data/templates/openvpn/server.conf.j2 b/data/templates/openvpn/server.conf.j2
index a9bd45370..cee83077f 100644
--- a/data/templates/openvpn/server.conf.j2
+++ b/data/templates/openvpn/server.conf.j2
@@ -185,7 +185,7 @@ tls-version-min {{ tls.tls_version_min }}
 {%     endif %}
 {%     if tls.dh_params is vyos_defined %}
 dh /run/openvpn/{{ ifname }}_dh.pem
-{%     elif mode is vyos_defined('server') and tls.private_key is vyos_defined %}
+{%     else %}
 dh none
 {%     endif %}
 {%     if tls.auth_key is vyos_defined %}
author	Daniil Baturin <daniil@baturin.org>	2023-08-15 19:47:26 +0100
committer	Daniil Baturin <daniil@baturin.org>	2023-08-15 19:47:26 +0100
commit	4bc012d2b2418ad3313fe5476b1e18a057cc6b7d (patch)
tree	e069ce3a7807b3e67911fbf3b2c9039eb90eff75
parent	f67614c66d6570c06be199ffffe439a589a06d4b (diff)
download	vyos-1x-4bc012d2b2418ad3313fe5476b1e18a057cc6b7d.tar.gz vyos-1x-4bc012d2b2418ad3313fe5476b1e18a057cc6b7d.zip