From 6b7b19c93f90839549dd668116c4da2f38cfdc66 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Fri, 25 Jun 2021 19:38:50 +0200
Subject: openvpn: T1704: drop deprecated disable-ncp option

---
 data/templates/openvpn/server.conf.tmpl          | 2 --
 interface-definitions/interfaces-openvpn.xml.in  | 6 ------
 smoketest/scripts/cli/test_interfaces_openvpn.py | 8 --------
 src/conf_mode/interfaces-openvpn.py              | 6 ------
 4 files changed, 22 deletions(-)

diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index d7e7faf61..c5d665c0b 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -247,8 +247,6 @@ cipher aes-256-cbc
 {%       endif %}
 {%     endfor %}
 ncp-ciphers {{ cipher_list | join(':') }}:{{ cipher_list | join(':') | upper }}
-{%   elif encryption.disable_ncp is defined %}
-ncp-disable
 {%   endif %}
 {% endif %}
 
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index effbdd674..681290570 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -163,12 +163,6 @@
                   <multi/>
                 </properties>
               </leafNode>
-              <leafNode name="disable-ncp">
-                <properties>
-                  <help>Disable support for ncp-ciphers</help>
-                  <valueless/>
-                </properties>
-              </leafNode>
             </children>
           </node>
           #include <include/interface/interface-ipv6-options.xml.i>
diff --git a/smoketest/scripts/cli/test_interfaces_openvpn.py b/smoketest/scripts/cli/test_interfaces_openvpn.py
index 655ee770d..68c61b98c 100755
--- a/smoketest/scripts/cli/test_interfaces_openvpn.py
+++ b/smoketest/scripts/cli/test_interfaces_openvpn.py
@@ -76,16 +76,8 @@ class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase):
         interface = 'vtun2000'
         path = base_path + [interface]
         self.cli_set(path + ['mode', 'client'])
-
-        # check validate() - cannot specify both "encryption disable-ncp" and
-        # "encryption ncp-ciphers" at the same time
-        self.cli_set(path + ['encryption', 'disable-ncp'])
         self.cli_set(path + ['encryption', 'ncp-ciphers', 'aes192gcm'])
 
-        with self.assertRaises(ConfigSessionError):
-            self.cli_commit()
-        self.cli_delete(path + ['encryption', 'ncp-ciphers'])
-
         # check validate() - cannot specify local-port in client mode
         self.cli_set(path + ['local-port', '5000'])
         with self.assertRaises(ConfigSessionError):
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 4afb85526..0256ad62a 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -92,12 +92,6 @@ def verify(openvpn):
     if 'mode' not in openvpn:
         raise ConfigError('Must specify OpenVPN operation mode!')
 
-    # Check if we have disabled ncp and at the same time specified ncp-ciphers
-    if 'encryption' in openvpn:
-        if {'disable_ncp', 'ncp_ciphers'} <= set(openvpn.get('encryption')):
-            raise ConfigError('Can not specify both "encryption disable-ncp" '\
-                              'and "encryption ncp-ciphers"')
-
     #
     # OpenVPN client mode - VERIFY
     #
-- 
cgit v1.2.3