diff options
author | Marcus Hoff <marcus.hoff@ring2.dk> | 2020-09-22 19:44:24 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-09-22 19:44:24 +0200 |
commit | b2c61e2127d83cc0a0e27092462b62c2e8e7eaa1 (patch) | |
tree | 2bcf29142ed12494ecb57af8c72c26a3763e4d43 /src/conf_mode | |
parent | e7f8285d670829270a82a3ed7e603a6e8791bfe2 (diff) | |
download | vyos-1x-b2c61e2127d83cc0a0e27092462b62c2e8e7eaa1.tar.gz vyos-1x-b2c61e2127d83cc0a0e27092462b62c2e8e7eaa1.zip |
openvpn: T2907: add 'none' encryption option to not encrypt any data
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index f83590209..518dbdc0e 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -257,7 +257,10 @@ def get_config(config=None): if conf.exists('encryption ncp-ciphers'): _ncp_ciphers = [] for enc in conf.return_values('encryption ncp-ciphers'): - if enc == 'des': + if enc == 'none': + _ncp_ciphers.append('none') + _ncp_ciphers.append('NONE') + elif enc == 'des': _ncp_ciphers.append('des-cbc') _ncp_ciphers.append('DES-CBC') elif enc == '3des': @@ -944,6 +947,9 @@ def verify(openvpn): else: print('Diffie-Hellman prime file is unspecified, assuming ECDH') + if openvpn['encryption'] == 'none': + print('Warning: "encryption none" was specified. NO encryption will be performed and tunnelled data WILL be transmitted in clear text over the network!') + # # Auth user/pass # |