From 2c58d0cb3bb3e3a5b714ffac940500efbe5303ca Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Fri, 11 Nov 2022 10:40:21 +0100 Subject: [PATCH] if_ovpn: fix AES-128-GCM support We need to explicitly list AES-128-GCM as an allowed cipher for that mode to work. While here also add AES-192-GCM. That brings our supported cipher list in line with other openvpn/dco platforms. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/net/if_ovpn.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c index e3db105a94d..94d12fa25f1 100644 --- a/sys/net/if_ovpn.c +++ b/sys/net/if_ovpn.c @@ -694,7 +694,9 @@ ovpn_create_kkey_dir(struct ovpn_kkey_dir **kdirp, if (strcmp(ciphername, "none") == 0) cipher = OVPN_CIPHER_ALG_NONE; - else if (strcmp(ciphername, "AES-256-GCM") == 0) + else if (strcmp(ciphername, "AES-256-GCM") == 0 || + strcmp(ciphername, "AES-192-GCM") == 0 || + strcmp(ciphername, "AES-128-GCM") == 0) cipher = OVPN_CIPHER_ALG_AES_GCM; else if (strcmp(ciphername, "CHACHA20-POLY1305") == 0) cipher = OVPN_CIPHER_ALG_CHACHA20_POLY1305;