summaryrefslogtreecommitdiff
path: root/src/conf_mode/interface-openvpn.py
diff options
context:
space:
mode:
authorvindenesen <vindenesen@gmail.com>2019-09-19 20:31:58 +0200
committervindenesen <vindenesen@gmail.com>2019-09-19 20:31:58 +0200
commit9334c9428c4dcf8d575bfb50d6a33d10b67b5e14 (patch)
tree4a62ec3ab04c4067c2cf3c620f5c9285fa479a2a /src/conf_mode/interface-openvpn.py
parent4a2a06f400593107393755777fdd42b57bbaa21b (diff)
downloadvyos-1x-9334c9428c4dcf8d575bfb50d6a33d10b67b5e14.tar.gz
vyos-1x-9334c9428c4dcf8d575bfb50d6a33d10b67b5e14.zip
OpenVPN - Added setting for minimum tls version
Diffstat (limited to 'src/conf_mode/interface-openvpn.py')
-rwxr-xr-xsrc/conf_mode/interface-openvpn.py9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py
index 34c094862..495ddfdf5 100755
--- a/src/conf_mode/interface-openvpn.py
+++ b/src/conf_mode/interface-openvpn.py
@@ -167,6 +167,10 @@ key {{ tls_key }}
crl-verify {{ tls_crl }}
{% endif %}
+{%- if tls_version_min %}
+tls-version-min {{tls_version_min}}
+{% endif %}
+
{%- if tls_dh %}
dh {{ tls_dh }}
{% endif %}
@@ -283,6 +287,7 @@ default_config_data = {
'tls_dh': '',
'tls_key': '',
'tls_role': '',
+ 'tls_version_min': '',
'type': 'tun',
'uid': user,
'gid': group,
@@ -562,6 +567,10 @@ def get_config():
openvpn['tls_role'] = conf.return_value('tls role')
openvpn['tls'] = True
+ # Minimum required TLS version
+ if conf.exists('tls minimum-tls-version'):
+ openvpn['tls_version_min'] = conf.return_value('tls minimum-tls-version')
+
if conf.exists('shared-secret-key-file'):
openvpn['shared_secret_file'] = conf.return_value('shared-secret-key-file')