change(openvpn): Openvpn 2.4 no longer supported
This commit is contained in:
Quentin McGaw
@@ -2,25 +2,15 @@ package utils
|
||||
|
||||
import (
|
||||
"strings"
|
||||
|
||||
"github.com/qdm12/gluetun/internal/constants/openvpn"
|
||||
)
|
||||
|
||||
func CipherLines(ciphers []string, version string) (lines []string) {
|
||||
func CipherLines(ciphers []string) (lines []string) {
|
||||
if len(ciphers) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
switch version {
|
||||
case openvpn.Openvpn24:
|
||||
return []string{
|
||||
"cipher " + ciphers[0],
|
||||
"ncp-ciphers " + strings.Join(ciphers, ":"),
|
||||
}
|
||||
default: // 2.5 and above
|
||||
return []string{
|
||||
"data-ciphers-fallback " + ciphers[0],
|
||||
"data-ciphers " + strings.Join(ciphers, ":"),
|
||||
}
|
||||
return []string{
|
||||
"data-ciphers-fallback " + ciphers[0],
|
||||
"data-ciphers " + strings.Join(ciphers, ":"),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -20,14 +20,6 @@ func Test_CipherLines(t *testing.T) {
|
||||
"data-ciphers AES",
|
||||
},
|
||||
},
|
||||
"2.4": {
|
||||
ciphers: []string{"AES", "CBC"},
|
||||
version: "2.4",
|
||||
lines: []string{
|
||||
"cipher AES",
|
||||
"ncp-ciphers AES:CBC",
|
||||
},
|
||||
},
|
||||
"2.5": {
|
||||
ciphers: []string{"AES", "CBC"},
|
||||
version: "2.5",
|
||||
@@ -42,7 +34,7 @@ func Test_CipherLines(t *testing.T) {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
lines := CipherLines(testCase.ciphers, testCase.version)
|
||||
lines := CipherLines(testCase.ciphers)
|
||||
|
||||
assert.Equal(t, testCase.lines, lines)
|
||||
})
|
||||
|
||||
@@ -119,7 +119,7 @@ func OpenVPNConfig(provider OpenVPNProviderSettings,
|
||||
}
|
||||
|
||||
ciphers := defaultStringSlice(settings.Ciphers, provider.Ciphers)
|
||||
cipherLines := CipherLines(ciphers, settings.Version)
|
||||
cipherLines := CipherLines(ciphers)
|
||||
lines.addLines(cipherLines)
|
||||
|
||||
auth := defaultString(*settings.Auth, provider.Auth)
|
||||
@@ -198,16 +198,14 @@ func OpenVPNConfig(provider OpenVPNProviderSettings,
|
||||
|
||||
if *settings.EncryptedKey != "" {
|
||||
encryptedBase64DERKey := *settings.EncryptedKey
|
||||
if settings.Version != openvpn.Openvpn24 {
|
||||
// OpenVPN above 2.4 does not support old encryption schemes such as
|
||||
// DES-CBC, so decrypt and reencrypt the key.
|
||||
// This is a workaround for VPN secure.
|
||||
var err error
|
||||
encryptedBase64DERKey, err = pkcs8.UpgradeEncryptedKey(encryptedBase64DERKey, *settings.KeyPassphrase)
|
||||
if err != nil {
|
||||
// TODO return an error instead.
|
||||
panic(fmt.Sprintf("upgrading encrypted key: %s", err))
|
||||
}
|
||||
// OpenVPN above 2.4 does not support old encryption schemes such as
|
||||
// DES-CBC, so decrypt and reencrypt the key.
|
||||
// This is a workaround for VPN secure.
|
||||
var err error
|
||||
encryptedBase64DERKey, err = pkcs8.UpgradeEncryptedKey(encryptedBase64DERKey, *settings.KeyPassphrase)
|
||||
if err != nil {
|
||||
// TODO return an error instead.
|
||||
panic(fmt.Sprintf("upgrading encrypted key: %s", err))
|
||||
}
|
||||
lines.add("askpass", openvpn.AskPassPath)
|
||||
lines.addLines(WrapOpenvpnEncryptedKey(encryptedBase64DERKey))
|
||||
|
||||
Reference in New Issue
Block a user