From 01f9e71912ef5ad7a41e3ec7d648371879d0d918 Mon Sep 17 00:00:00 2001 From: "Quentin McGaw (desktop)" Date: Tue, 1 Jun 2021 13:52:57 +0000 Subject: [PATCH] Fix: none encryption preset for PIA - Set cipher and auth to `none` - Add `ncp-disable` OpenVPN option in every case --- .../provider/privateinternetaccess/openvpnconf.go | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/internal/provider/privateinternetaccess/openvpnconf.go b/internal/provider/privateinternetaccess/openvpnconf.go index f1b2e220..54eb72bf 100644 --- a/internal/provider/privateinternetaccess/openvpnconf.go +++ b/internal/provider/privateinternetaccess/openvpnconf.go @@ -2,7 +2,6 @@ package privateinternetaccess import ( "strconv" - "strings" "github.com/qdm12/gluetun/internal/configuration" "github.com/qdm12/gluetun/internal/constants" @@ -25,8 +24,8 @@ func (p *PIA) BuildConf(connection models.OpenVPNConnection, X509CRL = constants.PiaX509CRLStrong certificate = constants.PIACertificateStrong default: // no encryption preset - defaultCipher = "" - defaultAuth = "" + defaultCipher = "none" + defaultAuth = "none" X509CRL = constants.PiaX509CRLNormal certificate = constants.PIACertificateNormal } @@ -49,7 +48,8 @@ func (p *PIA) BuildConf(connection models.OpenVPNConnection, // PIA specific "reneg-sec 0", "disable-occ", - "compress", // allow PIA server to choose the compression to use + "compress", // allow PIA server to choose the compression to use + "ncp-disable", // prevent from auto-upgrading cipher to aes-256-gcm // Added constant values "auth-nocache", @@ -73,10 +73,6 @@ func (p *PIA) BuildConf(connection models.OpenVPNConnection, lines = append(lines, "auth "+settings.Auth) } - if strings.HasSuffix(settings.Cipher, "-gcm") { - lines = append(lines, "ncp-disable") - } - if !settings.Root { lines = append(lines, "user "+username) }