openvpn: T2907: add 'none' encryption option to not encrypt any data

author: Marcus Hoff <marcus.hoff@ring2.dk> 2020-09-22 19:44:24 +0200
committer: GitHub <noreply@github.com> 2020-09-22 19:44:24 +0200
commit: b2c61e2127d83cc0a0e27092462b62c2e8e7eaa1 (patch)
tree: 2bcf29142ed12494ecb57af8c72c26a3763e4d43 /src
parent: e7f8285d670829270a82a3ed7e603a6e8791bfe2 (diff)
download: vyos-1x-b2c61e2127d83cc0a0e27092462b62c2e8e7eaa1.tar.gz
vyos-1x-b2c61e2127d83cc0a0e27092462b62c2e8e7eaa1.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index f83590209..518dbdc0e 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -257,7 +257,10 @@ def get_config(config=None):
     if conf.exists('encryption ncp-ciphers'):
         _ncp_ciphers = []
         for enc in conf.return_values('encryption ncp-ciphers'):
-            if enc == 'des':
+            if enc == 'none':
+                _ncp_ciphers.append('none')
+                _ncp_ciphers.append('NONE')
+            elif enc == 'des':
                 _ncp_ciphers.append('des-cbc')
                 _ncp_ciphers.append('DES-CBC')
             elif enc == '3des':
@@ -944,6 +947,9 @@ def verify(openvpn):
             else:
                 print('Diffie-Hellman prime file is unspecified, assuming ECDH')
 
+    if openvpn['encryption'] == 'none':
+        print('Warning: "encryption none" was specified. NO encryption will be performed and tunnelled data WILL be transmitted in clear text over the network!')
+
     #
     # Auth user/pass
     #
author	Marcus Hoff <marcus.hoff@ring2.dk>	2020-09-22 19:44:24 +0200
committer	GitHub <noreply@github.com>	2020-09-22 19:44:24 +0200
commit	b2c61e2127d83cc0a0e27092462b62c2e8e7eaa1 (patch)
tree	2bcf29142ed12494ecb57af8c72c26a3763e4d43 /src
parent	e7f8285d670829270a82a3ed7e603a6e8791bfe2 (diff)
download	vyos-1x-b2c61e2127d83cc0a0e27092462b62c2e8e7eaa1.tar.gz vyos-1x-b2c61e2127d83cc0a0e27092462b62c2e8e7eaa1.zip