openvpn: T3117: fix generated ncp-ciphers in server config

1 files changed, 23 insertions, 1 deletions

diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index a1daaa078..9fc281afc 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -227,7 +227,29 @@ cipher aes-256-cbc
 {%     endif %}
 {%   endif %}
 {%   if encryption.ncp_ciphers is defined and encryption.ncp_ciphers is not none %}
-ncp-ciphers {{ encryption.ncp_ciphers | join(':') }}
+{%     set cipher_list = [] %}
+{%     for cipher in encryption.ncp_ciphers %}
+{%       if cipher == 'none' %}
+{%         set cipher_list = cipher_list.append('none') %}
+{%       elif cipher == 'des' %}
+{%         set cipher_list = cipher_list.append('des-cbc') %}
+{%       elif cipher == '3des' %}
+{%         set cipher_list = cipher_list.append('des-ede3-cbc') %}
+{%       elif cipher == 'aes128' %}
+{%         set cipher_list = cipher_list.append('aes-128-cbc') %}
+{%       elif cipher == 'aes128gcm' %}
+{%         set cipher_list = cipher_list.append('aes-128-gcm') %}
+{%       elif cipher == 'aes192' %}
+{%         set cipher_list = cipher_list.append('aes-192-cbc') %}
+{%       elif cipher == 'aes192gcm' %}
+{%         set cipher_list = cipher_list.append('aes-192-gcm') %}
+{%       elif cipher == 'aes256' %}
+{%         set cipher_list = cipher_list.append('aes-256-cbc') %}
+{%       elif cipher == 'aes256gcm' %}
+{%         set cipher_list = cipher_list.append('aes-256-gcm') %}
+{%       endif %}
+{%     endfor %}
+ncp-ciphers {{ cipher_list | join(':') }}:{{ cipher_list | join(':') | upper }}
 {%   elif encryption.disable_ncp is defined %}
 ncp-disable
 {%   endif %}