diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2022-11-11 09:40:21 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2022-11-11 10:17:39 +0000 |
| commit | 2c58d0cb3bb3e3a5b714ffac940500efbe5303ca (patch) | |
| tree | 16947a0fca2270cba879c505d307e952effd6b06 | |
| parent | 8cc44a1e59f648eb5bea5afe6d9aa1d7f927c9d7 (diff) | |
| download | src-2c58d0cb3bb3e3a5b714ffac940500efbe5303ca.tar.gz src-2c58d0cb3bb3e3a5b714ffac940500efbe5303ca.zip | |
if_ovpn: fix AES-128-GCM support
We need to explicitly list AES-128-GCM as an allowed cipher for that
mode to work. While here also add AES-192-GCM. That brings our supported
cipher list in line with other openvpn/dco platforms.
Sponsored by: Rubicon Communications, LLC ("Netgate")
| -rw-r--r-- | sys/net/if_ovpn.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c index e3db105a94d2..94d12fa25f1a 100644 --- a/sys/net/if_ovpn.c +++ b/sys/net/if_ovpn.c @@ -694,7 +694,9 @@ ovpn_create_kkey_dir(struct ovpn_kkey_dir **kdirp, if (strcmp(ciphername, "none") == 0) cipher = OVPN_CIPHER_ALG_NONE; - else if (strcmp(ciphername, "AES-256-GCM") == 0) + else if (strcmp(ciphername, "AES-256-GCM") == 0 || + strcmp(ciphername, "AES-192-GCM") == 0 || + strcmp(ciphername, "AES-128-GCM") == 0) cipher = OVPN_CIPHER_ALG_AES_GCM; else if (strcmp(ciphername, "CHACHA20-POLY1305") == 0) cipher = OVPN_CIPHER_ALG_CHACHA20_POLY1305; |