VPN/OpenVPN - reintroduce "cipher" keyword for older clients. closes https://github.com/opnsense/core/issues/6420 partly reverts 1e28d5b352 , only remove "none" cipher for now and assure its not being set by default for new connections.

2026-03-17 18:14:42 +00:00 · 2023-03-16 09:37:06 +01:00 · 2023-03-16 09:37:06 +01:00 · 4b2b600509
commit 4b2b600509
parent 9f771860a7
3 changed files with 5 additions and 5 deletions
--- a/src/etc/inc/plugins.inc.d/openvpn.inc
+++ b/src/etc/inc/plugins.inc.d/openvpn.inc
@ -528,7 +528,7 @@ function openvpn_reconfigure($mode, $settings, $device_only = false)
    $conf .= "persist-key\n";
    $conf .= "proto {$proto}\n";
    if (!empty($cipher) && $cipher != 'none') {
-        $conf .= "data-ciphers-fallback {$cipher}\n";
+        $conf .= "cipher {$cipher}\n";
    }
    $conf .= "auth {$digest}\n";
    $conf .= "up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup\n";
--- a/src/www/vpn_openvpn_client.php
+++ b/src/www/vpn_openvpn_client.php
@ -916,7 +916,7 @@ $( document ).ready(function() {
            </td>
          </tr>
          <tr>
-            <td><a id="help_for_crypto" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Encryption algorithm (fallback)"); ?></td>
+            <td><a id="help_for_crypto" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Encryption algorithm (deprecated)"); ?></td>
            <td>
              <select name="crypto" class="form-control">
 <?php
@ -927,7 +927,7 @@ $( document ).ready(function() {
              endforeach; ?>
              </select>
              <div class="hidden" data-for="help_for_crypto">
-                <?= gettext('Fallback cipher selection in case none of the default data-ciphers is supported by the client. Only preserved for backwards compatibility reasons.') ?>
+                <?= gettext('Cipher selection for older clients. Only preserved for backwards compatibility reasons.') ?>
              </div>
            </td>
          </tr>
--- a/src/www/vpn_openvpn_server.php
+++ b/src/www/vpn_openvpn_server.php
@ -992,7 +992,7 @@ $( document ).ready(function() {
                      </td>
                    </tr>
                    <tr>
-                      <td><a id="help_for_crypto" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Encryption algorithm (fallback)"); ?></td>
+                      <td><a id="help_for_crypto" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Encryption algorithm (deprecated)"); ?></td>
                      <td>
                        <select name="crypto" class="selectpicker">
 <?php
@ -1005,7 +1005,7 @@ $( document ).ready(function() {
                        endforeach; ?>
                        </select>
                        <div class="hidden" data-for="help_for_crypto">
-                          <?= gettext('Fallback cipher selection in case none of the default data-ciphers is supported by the client. Only preserved for backwards compatibility reasons.') ?>
+                          <?= gettext('Cipher selection for older clients. Only preserved for backwards compatibility reasons.') ?>
                        </div>
                      </td>
                    </tr>