Commit 114a1763 authored by Killian Lufau's avatar Killian Lufau Committed by Julien Muchembled

Fix deactivation of encryption with recent OpenVPN

Passing `--cipher none` to OpenVPN is not enough anymore because
clients and servers can still negotiate the algorithm to use for
encryption (by default not empty). We pass the option `--ncp-disable`
to disable cipher negotiation.

/reviewed-on nexedi/re6stnet!12
parent 06974788
...@@ -19,7 +19,7 @@ def openvpn(iface, encrypt, *args, **kw): ...@@ -19,7 +19,7 @@ def openvpn(iface, encrypt, *args, **kw):
if ovpn_log: if ovpn_log:
args += '--log-append', os.path.join(ovpn_log, '%s.log' % iface), args += '--log-append', os.path.join(ovpn_log, '%s.log' % iface),
if not encrypt: if not encrypt:
args += '--cipher', 'none' args += '--cipher', 'none', '--ncp-disable'
logging.debug('%r', args) logging.debug('%r', args)
return utils.Popen(args, **kw) return utils.Popen(args, **kw)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment