summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorMarcus Hoff <marcus.hoff@ring2.dk>2020-09-22 19:44:24 +0200
committerGitHub <noreply@github.com>2020-09-22 19:44:24 +0200
commitb2c61e2127d83cc0a0e27092462b62c2e8e7eaa1 (patch)
tree2bcf29142ed12494ecb57af8c72c26a3763e4d43 /src/conf_mode
parente7f8285d670829270a82a3ed7e603a6e8791bfe2 (diff)
downloadvyos-1x-b2c61e2127d83cc0a0e27092462b62c2e8e7eaa1.tar.gz
vyos-1x-b2c61e2127d83cc0a0e27092462b62c2e8e7eaa1.zip
openvpn: T2907: add 'none' encryption option to not encrypt any data
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index f83590209..518dbdc0e 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -257,7 +257,10 @@ def get_config(config=None):
if conf.exists('encryption ncp-ciphers'):
_ncp_ciphers = []
for enc in conf.return_values('encryption ncp-ciphers'):
- if enc == 'des':
+ if enc == 'none':
+ _ncp_ciphers.append('none')
+ _ncp_ciphers.append('NONE')
+ elif enc == 'des':
_ncp_ciphers.append('des-cbc')
_ncp_ciphers.append('DES-CBC')
elif enc == '3des':
@@ -944,6 +947,9 @@ def verify(openvpn):
else:
print('Diffie-Hellman prime file is unspecified, assuming ECDH')
+ if openvpn['encryption'] == 'none':
+ print('Warning: "encryption none" was specified. NO encryption will be performed and tunnelled data WILL be transmitted in clear text over the network!')
+
#
# Auth user/pass
#