Use Openvpn 2.4 only

2024-05-02 07:57:11 +00:00
parent ec284c17f4
commit 5f3301f3a3
13 changed files with 27 additions and 49 deletions
--- a/internal/provider/airvpn/openvpnconf.go
+++ b/internal/provider/airvpn/openvpnconf.go
@@ -28,6 +28,8 @@ func (p *Provider) OpenVPNConfig(connection models.Connection,
 	}

 	switch settings.Version {
+	case openvpn.Openvpn24:
+		providerSettings.Ciphers = []string{openvpn.AES256cbc}
 	case openvpn.Openvpn25, openvpn.Openvpn26:
 		providerSettings.Ciphers = []string{
 			openvpn.AES256gcm, openvpn.AES256cbc, openvpn.AES192gcm,
--- a/internal/provider/custom/openvpnconf_test.go
+++ b/internal/provider/custom/openvpnconf_test.go
@@ -64,8 +64,8 @@ func Test_modifyConfig(t *testing.T) {
 				"suppress-timestamps",
 				"auth-user-pass /etc/openvpn/auth.conf",
 				"verb 0",
-				"data-ciphers-fallback cipher",
-				"data-ciphers cipher",
+				"cipher cipher", //nolint:dupword
+				"ncp-ciphers cipher",
 				"auth sha512",
 				"mssfix 1000",
 				"pull-filter ignore \"route-ipv6\"",
--- a/internal/provider/slickvpn/openvpnconf.go
+++ b/internal/provider/slickvpn/openvpnconf.go
@@ -31,11 +31,5 @@ func (p *Provider) OpenVPNConfig(connection models.Connection,
 		},
 	}

-	// SlickVPN's certificate is sha1WithRSAEncryption and sha1 is now
-	// rejected by openssl 3.x.x which is used by OpenVPN >= 2.5.
-	// We lower the security level to 3 to allow this algorithm,
-	// see https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
-	providerSettings.TLSCipher = "DEFAULT:@SECLEVEL=0"
-
 	return utils.OpenVPNConfig(providerSettings, connection, settings, ipv6Supported)
 }
--- a/internal/provider/utils/cipher.go
+++ b/internal/provider/utils/cipher.go
@@ -10,7 +10,7 @@ func CipherLines(ciphers []string) (lines []string) {
 	}

 	return []string{
-		"data-ciphers-fallback " + ciphers[0],
-		"data-ciphers " + strings.Join(ciphers, ":"),
+		"cipher " + ciphers[0],
+		"ncp-ciphers " + strings.Join(ciphers, ":"),
 	}
 }
--- a/internal/provider/utils/cipher_test.go
+++ b/internal/provider/utils/cipher_test.go
@@ -16,16 +16,16 @@ func Test_CipherLines(t *testing.T) {
 		"empty version": {
 			ciphers: []string{"AES"},
 			lines: []string{
-				"data-ciphers-fallback AES",
-				"data-ciphers AES",
+				"cipher AES",
+				"ncp-ciphers AES",
 			},
 		},
-		"2.5": {
+		"2.4": {
 			ciphers: []string{"AES", "CBC"},
-			version: "2.5",
+			version: "2.4",
 			lines: []string{
-				"data-ciphers-fallback AES",
-				"data-ciphers AES:CBC",
+				"cipher AES",
+				"ncp-ciphers AES:CBC",
 			},
 		},
 	}