diff options
| -rw-r--r-- | data/templates/openvpn/server.conf.tmpl | 4 | ||||
| -rw-r--r-- | interface-definitions/interfaces-openvpn.xml.in | 16 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 8 |
3 files changed, 22 insertions, 6 deletions
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl index 401f8e04b..8a1ac6bd8 100644 --- a/data/templates/openvpn/server.conf.tmpl +++ b/data/templates/openvpn/server.conf.tmpl @@ -196,7 +196,9 @@ tls-server # Encryption options {%- if encryption %} -{% if encryption == 'des' -%} +{% if encryption == 'none' -%} +cipher none +{%- elif encryption == 'des' -%} cipher des-cbc {%- elif encryption == '3des' -%} cipher des-ede3-cbc diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index 905c76507..5675379d5 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -63,9 +63,13 @@ <properties> <help>Standard Data Encryption Algorithm</help> <completionHelp> - <list>des 3des bf128 bf256 aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list> + <list>none des 3des bf128 bf256 aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list> </completionHelp> <valueHelp> + <format>none</format> + <description>Disable encryption</description> + </valueHelp> + <valueHelp> <format>des</format> <description>DES algorithm</description> </valueHelp> @@ -106,7 +110,7 @@ <description>AES algorithm with 256-bit key GCM</description> </valueHelp> <constraint> - <regex>(des|3des|bf128|bf256|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex> + <regex>(none|des|3des|bf128|bf256|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex> </constraint> </properties> </leafNode> @@ -114,9 +118,13 @@ <properties> <help>Cipher negotiation list for use in server or client mode</help> <completionHelp> - <list>des 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list> + <list>none des 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list> </completionHelp> <valueHelp> + <format>none</format> + <description>Disable encryption</description> + </valueHelp> + <valueHelp> <format>des</format> <description>DES algorithm</description> </valueHelp> @@ -149,7 +157,7 @@ <description>AES algorithm with 256-bit key GCM</description> </valueHelp> <constraint> - <regex>(des|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex> + <regex>(none|des|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex> </constraint> <multi/> </properties> diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index f83590209..518dbdc0e 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -257,7 +257,10 @@ def get_config(config=None): if conf.exists('encryption ncp-ciphers'): _ncp_ciphers = [] for enc in conf.return_values('encryption ncp-ciphers'): - if enc == 'des': + if enc == 'none': + _ncp_ciphers.append('none') + _ncp_ciphers.append('NONE') + elif enc == 'des': _ncp_ciphers.append('des-cbc') _ncp_ciphers.append('DES-CBC') elif enc == '3des': @@ -944,6 +947,9 @@ def verify(openvpn): else: print('Diffie-Hellman prime file is unspecified, assuming ECDH') + if openvpn['encryption'] == 'none': + print('Warning: "encryption none" was specified. NO encryption will be performed and tunnelled data WILL be transmitted in clear text over the network!') + # # Auth user/pass # |