summaryrefslogtreecommitdiff
path: root/src/conf_mode/interface-openvpn.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2019-09-30 20:30:00 +0200
committerGitHub <noreply@github.com>2019-09-30 20:30:00 +0200
commit9a4eab94d76c2a5609cc84a5fb6f73561cc4678b (patch)
tree8281a110b487367bda223373077e9e7c6e34686d /src/conf_mode/interface-openvpn.py
parent41aa7bc4c804c0eba36ba6ec10b49b303e8c1df4 (diff)
parent9a4f89ad6752d9ad859ae124c97e3e4657f81aad (diff)
downloadvyos-1x-9a4eab94d76c2a5609cc84a5fb6f73561cc4678b.tar.gz
vyos-1x-9a4eab94d76c2a5609cc84a5fb6f73561cc4678b.zip
Merge pull request #143 from vindenesen/current-T1688
[OpenVPN]: T1688: Add support for using encryption aes128gcm, aes192gcm and aes25gcm
Diffstat (limited to 'src/conf_mode/interface-openvpn.py')
-rwxr-xr-xsrc/conf_mode/interface-openvpn.py9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py
index a988e1ab1..5345bf7a2 100755
--- a/src/conf_mode/interface-openvpn.py
+++ b/src/conf_mode/interface-openvpn.py
@@ -207,10 +207,16 @@ keysize 128
{%- elif 'bf256' in encryption %}
cipher bf-cbc
keysize 25
+{%- elif 'aes128gcm' in encryption %}
+cipher aes-128-gcm
{%- elif 'aes128' in encryption %}
cipher aes-128-cbc
+{%- elif 'aes192gcm' in encryption %}
+cipher aes-192-gcm
{%- elif 'aes192' in encryption %}
cipher aes-192-cbc
+{%- elif 'aes256gcm' in encryption %}
+cipher aes-256-gcm
{%- elif 'aes256' in encryption %}
cipher aes-256-cbc
{% endif %}
@@ -729,6 +735,9 @@ def verify(openvpn):
# TLS/encryption
#
if openvpn['shared_secret_file']:
+ if openvpn['encryption'] in ['aes128gcm', 'aes192gcm', 'aes256gcm']:
+ raise ConfigError('GCM encryption with shared-secret-key-file is not supported')
+
if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']):
raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file']))