Skip to content

Commit

Permalink
openvpn: T6374: ensure that TLS role is configured for site-to-site w…
Browse files Browse the repository at this point in the history 
…ith TLS

(cherry picked from commit 380e998)
  • Loading branch information
@dmbaturin @mergify
dmbaturin authored and mergify[bot] committed May 28, 2024
1 parent 9d0a453 commit a3763a2
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions src/conf_mode/interfaces_openvpn.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -260,6 +260,11 @@ def verify(openvpn):
# OpenVPN site-to-site - VERIFY
#
elif openvpn['mode'] == 'site-to-site':
# XXX: site-to-site is the only mode that still can work without TLS,
# so we need to make sure that if TLS is used, then TLS role is also specified
if 'shared_secret_key' not in openvpn['tls'] and 'role' not in openvpn['tls']:
raise ConfigError('"tls role" is required for site-to-site OpenVPN with TLS')

if 'local_address' not in openvpn and 'is_bridge_member' not in openvpn:
raise ConfigError('Must specify "local-address" or add interface to bridge')

Expand Down

0 comments on commit a3763a2

Please sign in to comment.