Page MenuHomeVyOS Platform

OpenVPN: Rename the CLI node option "ncp-ciphers" to "data-ciphers"
Closed, ResolvedPublic

Description

Rename the CLI node option "ncp-ciphers" with "data-ciphers"

Reason for request: This option was called --ncp-ciphers in OpenVPN 2.4 but has been renamed to --data-ciphers in OpenVPN 2.5 to more accurately reflect its meaning.

From:

vyos@testing# set int openvpn vtun10 encryption ncp-ciphers
Possible completions:
   none                 Disable encryption
   3des                 DES algorithm with triple encryption
   aes128               AES algorithm with 128-bit key CBC
   aes128gcm            AES algorithm with 128-bit key GCM

To:

vyos@testing# set int openvpn vtun10 encryption data-ciphers
Possible completions:
   none                 Disable encryption
   3des                 DES algorithm with triple encryption
   aes128               AES algorithm with 128-bit key CBC
   aes128gcm            AES algorithm with 128-bit key GCM

In this script, its called as data-ciphers
https://github.com/vyos/vyos-1x/blob/d386072c2b34ad33b667c00f21062cf1c6defa3d/data/templates/openvpn/server.conf.j2#L210

https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/#options

Details

Version
1.5-rolling-202407100021
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

dmbaturin renamed this task from OpenVPN: Rename the CLI node option "ncp-ciphers" with "data-ciphers" to OpenVPN: Rename the CLI node option "ncp-ciphers" to "data-ciphers".Aug 11 2024, 2:18 PM

Tested in the latest version 1.5-rolling-202408200022, the renaming migration works and the configuration:

vyos@vyos# set int openvpn vtun20 encryption
Possible completions:
   cipher               Standard Data Encryption Algorithm
+  data-ciphers         Cipher negotiation list for use in server or client mode


vyos@vyos# run sh conf comm | grep openvpn
set interfaces openvpn vtun20 encryption data-ciphers 'aes256gcm'
set interfaces openvpn vtun20 hash 'sha512'
set interfaces openvpn vtun20 local-host '172.18.201.10'
set interfaces openvpn vtun20 local-port '1194'
set interfaces openvpn vtun20 mode 'server'
set interfaces openvpn vtun20 persistent-tunnel
set interfaces openvpn vtun20 protocol 'udp'
set interfaces openvpn vtun20 server subnet '10.10.0.0/24'
set interfaces openvpn vtun20 server topology 'subnet'
set interfaces openvpn vtun20 tls ca-certificate 'server_ca'
set interfaces openvpn vtun20 tls certificate 'server_cert'
set interfaces openvpn vtun20 tls dh-params 'openvpn-dh'
set interfaces openvpn vtun20 use-lzo-compression
set pki dh openvpn-dh parameters 'MIIBCAKCAQEAyDWUddXslHTrFiMgEZnnL8/aX8V5rajKL'