diff --git a/plugins/module_utils/openvpn_server.py b/plugins/module_utils/openvpn_server.py index 20011efb..981e39f1 100644 --- a/plugins/module_utils/openvpn_server.py +++ b/plugins/module_utils/openvpn_server.py @@ -15,6 +15,7 @@ OPENVPN_SERVER_ARGUMENT_SPEC = dict( name=dict(required=True, type='str'), mode=dict(type='str', choices=['p2p_tls', 'p2p_shared_key', 'server_tls', 'server_tls_user', 'server_user']), + dco=dict(default=False, required=False, type='bool'), authmode=dict(default=list(), required=False, type='list', elements='str'), state=dict(default='present', choices=['present', 'absent']), custom_options=dict(default=None, required=False, type='str'), @@ -213,6 +214,15 @@ def _params_to_obj(self): if self.params['mode'] == 'p2p_shared_key': obj['shared_key'] = self.params['shared_key'] + if not self.pfsense.is_ce_version(): + self._get_ansible_param_bool(obj, 'dco', force=True, value='enabled', value_false='disabled') + if self.params['dco']: + #these are requirements for DCO + obj['allow_compression'] = 'no' + obj['data_ciphers_fallback'] = 'AES-256-GCM' + obj.pop('compression') + obj.pop('compression_push') + return obj def _validate_params(self): diff --git a/plugins/module_utils/pfsense.py b/plugins/module_utils/pfsense.py index 339d7f4f..3646903f 100644 --- a/plugins/module_utils/pfsense.py +++ b/plugins/module_utils/pfsense.py @@ -744,9 +744,13 @@ def get_version(): return version @staticmethod - def is_ce_version(version): + def is_ce_version(version=None): """ return True if version is a CE version (for now, we only have 2.x patterns) """ - return version[0] == 2 + if type(version) is list: + return version[0] == 2 + if version is None: + version = PFSenseModule.get_version() + return len(version.split('.')[0]) == 1 def is_version(self, version, or_more=True): """ check target pfSense version """