Merge remote-tracking branch 'upstream/master'

pfsensible · Apr 25, 2023 · 0e13621 · 0e13621
2 parents 50d4cbf + 459adc0
commit 0e13621
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 11 deletions.
diff --git a/plugins/module_utils/interface.py b/plugins/module_utils/interface.py
@@ -387,27 +387,27 @@ def _get_interface_list(self):
             "$portlist = get_interface_list();"
             ""
             "/* add wireless clone interfaces */"
-            "if (is_array($config['wireless']['clone']) && count($config['wireless']['clone']))"
+            "if (is_array($config['wireless']) && is_array($config['wireless']['clone']) && count($config['wireless']['clone']))"
             "    foreach ($config['wireless']['clone'] as $clone)  $portlist[$clone['cloneif']] = $clone;"
             ""
             "/* add VLAN interfaces */"
-            "if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan']))"
+            "if (is_array($config['vlans']) && is_array($config['vlans']['vlan']) && count($config['vlans']['vlan']))"
             "    foreach ($config['vlans']['vlan'] as $vlan)  $portlist[$vlan['vlanif']] = $vlan;"
             ""
             "/* add Bridge interfaces */"
-            "if (is_array($config['bridges']['bridged']) && count($config['bridges']['bridged']))"
+            "if (is_array($config['bridges']) && is_array($config['bridges']['bridged']) && count($config['bridges']['bridged']))"
             "    foreach ($config['bridges']['bridged'] as $bridge) $portlist[$bridge['bridgeif']] = $bridge;"
             ""
             "/* add GIF interfaces */"
-            "if (is_array($config['gifs']['gif']) && count($config['gifs']['gif']))"
+            "if (is_array($config['gifs']) && is_array($config['gifs']['gif']) && count($config['gifs']['gif']))"
             "    foreach ($config['gifs']['gif'] as $gif) $portlist[$gif['gifif']] = $gif;"
             ""
             "/* add GRE interfaces */"
-            "if (is_array($config['gres']['gre']) && count($config['gres']['gre']))"
+            "if (is_array($config['gres']) && is_array($config['gres']['gre']) && count($config['gres']['gre']))"
             "    foreach ($config['gres']['gre'] as $gre) $portlist[$gre['greif']] = $gre;"
             ""
             "/* add LAGG interfaces */"
-            "if (is_array($config['laggs']['lagg']) && count($config['laggs']['lagg']))"
+            "if (is_array($config['laggs']) && is_array($config['laggs']['lagg']) && count($config['laggs']['lagg']))"
             "    foreach ($config['laggs']['lagg'] as $lagg) {"
             "        $portlist[$lagg['laggif']] = $lagg;"
             "        /* LAGG members cannot be assigned */"
@@ -417,7 +417,7 @@ def _get_interface_list(self):
             "    }"
             ""
             "/* add QinQ interfaces */"
-            "if (is_array($config['qinqs']['qinqentry']) && count($config['qinqs']['qinqentry']))"
+            "if (is_array($config['qinqs']) && is_array($config['qinqs']['qinqentry']) && count($config['qinqs']['qinqentry']))"
             "    foreach ($config['qinqs']['qinqentry'] as $qinq) {"
             "        $portlist[\"{$qinq['vlanif']}\"] = $qinq;"
             "        /* QinQ members */"
@@ -426,7 +426,7 @@ def _get_interface_list(self):
             "    }"
             ""
             "/* add PPP interfaces */"
-            "if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp']))"
+            "if (is_array($config['ppps']) && is_array($config['ppps']['ppp']) && count($config['ppps']['ppp']))"
             "    foreach ($config['ppps']['ppp'] as $pppid => $ppp) $portlist[$ppp['if']] = $ppp;"
             ""
             "if (is_array($config['openvpn'])) {"

diff --git a/templates/openvpn-server-config.ovpn.j2 b/templates/openvpn-server-config.ovpn.j2
@@ -1,4 +1,5 @@
 dev ovpns{{ openvpn_server.vpnid }}
+disable-dco
 verb {{ openvpn_server_args.verbosity_level if openvpn_server_args.verbosity_level is defined else '1' }}
 dev-type tun
 dev-node /dev/tun{{ openvpn_server.vpnid }}
@@ -55,22 +56,26 @@ push "dhcp-option DNS 10.10.10.11"
 route {{ openvpn_server_args.remote_network | ipaddr('network') }} {{ openvpn_server_args.remote_network | ipaddr('netmask') }}
 {% endif %}
 {% if 'shared_key' in openvpn_server_args.mode %}
-secret /var/etc/openvpn/server{{ openvpn_server.vpnid }}/secret
+secret /var/etc/openvpn/server{{ openvpn_server.vpnid }}/secret 
 {% endif %}
 {% if openvpn_server_args.gwredir is defined and openvpn_server_args.gwredir %}
 push "redirect-gateway def1"
 {% endif %}
 {% if 'tls' in openvpn_server_args.mode %}
 capath /var/etc/openvpn/server{{ openvpn_server.vpnid }}/ca
-cert /var/etc/openvpn/server{{ openvpn_server.vpnid }}/cert
-key /var/etc/openvpn/server{{ openvpn_server.vpnid }}/key
+cert /var/etc/openvpn/server{{ openvpn_server.vpnid }}/cert 
+key /var/etc/openvpn/server{{ openvpn_server.vpnid }}/key 
 dh /etc/dh-parameters.2048
 {% if openvpn_server_args.tls is defined %}
 tls-auth /var/etc/openvpn/server{{ openvpn_server.vpnid }}/tls-auth 0
 {% endif %}
 {% endif %}
+{% if 'p2p' in openvpn_server_args.mode %}
+cipher {{ openvpn_server_args.data_ciphers_fallback if openvpn_server_args.data_ciphers_fallback is defined else 'AES-256-CBC' }}
+{% else %}
 data-ciphers {{ openvpn_server_args.data_ciphers | join(':') if openvpn_server_args.data_ciphers is defined else 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC' }}
 data-ciphers-fallback {{ openvpn_server_args.data_ciphers_fallback if openvpn_server_args.data_ciphers_fallback is defined else 'AES-256-CBC' }}
+{% endif %}
 allow-compression no
 {% if openvpn_server_args.passtos %}
 passtos