diff options
Diffstat (limited to 'data/templates/openvpn')
| -rw-r--r-- | data/templates/openvpn/server.conf.j2 | 25 |
1 files changed, 12 insertions, 13 deletions
diff --git a/data/templates/openvpn/server.conf.j2 b/data/templates/openvpn/server.conf.j2 index 236584387..be811f45e 100644 --- a/data/templates/openvpn/server.conf.j2 +++ b/data/templates/openvpn/server.conf.j2 @@ -11,11 +11,11 @@ dev-type {{ device_type }} dev {{ ifname }} persist-key {% if protocol is vyos_defined('tcp-active') %} -proto tcp-client +proto tcp{{ protocol_modifier }}-client {% elif protocol is vyos_defined('tcp-passive') %} -proto tcp-server +proto tcp{{ protocol_modifier }}-server {% else %} -proto udp +proto udp{{ protocol_modifier }} {% endif %} {% if local_host is vyos_defined %} local {{ local_host }} @@ -63,6 +63,9 @@ nobind # # OpenVPN Server mode # +{% if ip_version is vyos_defined('ipv6') %} +bind ipv6only +{% endif %} mode server tls-server {% if server is vyos_defined %} @@ -131,6 +134,9 @@ plugin "{{ plugin_dir }}/openvpn-otp.so" "otp_secrets=/config/auth/openvpn/{{ if # # OpenVPN site-2-site mode # +{% if ip_version is vyos_defined('ipv6') %} +bind ipv6only +{% endif %} ping {{ keep_alive.interval }} ping-restart {{ keep_alive.failure_count }} @@ -207,19 +213,12 @@ tls-server {% if encryption is vyos_defined %} {% if encryption.cipher is vyos_defined %} cipher {{ encryption.cipher | openvpn_cipher }} -{% if encryption.cipher is vyos_defined('bf128') %} -keysize 128 -{% elif encryption.cipher is vyos_defined('bf256') %} -keysize 256 -{% endif %} {% endif %} -{% if encryption.ncp_ciphers is vyos_defined %} -data-ciphers {{ encryption.ncp_ciphers | openvpn_ncp_ciphers }} +{% if encryption.data_ciphers is vyos_defined %} +data-ciphers {{ encryption.data_ciphers | openvpn_data_ciphers }} {% endif %} {% endif %} -# https://vyos.dev/T5027 -# Required to support BF-CBC (default ciphername when none given) -providers legacy default +providers default {% if hash is vyos_defined %} auth {{ hash }} |