From e80a559615d60427a7889b2b82cf4af33b2942cd Mon Sep 17 00:00:00 2001 From: Jared Hamlin Date: Sun, 28 Dec 2025 19:35:40 -0500 Subject: [PATCH 1/3] Improve is_ce_version to better handle CE vs Plus versioning --- plugins/module_utils/pfsense.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/plugins/module_utils/pfsense.py b/plugins/module_utils/pfsense.py index 339d7f4f..c6042f60 100644 --- a/plugins/module_utils/pfsense.py +++ b/plugins/module_utils/pfsense.py @@ -744,9 +744,11 @@ def get_version(): return version @staticmethod - def is_ce_version(version): + def is_ce_version(version=None): """ return True if version is a CE version (for now, we only have 2.x patterns) """ - return version[0] == 2 + if version is None: + version = PFSenseModule.get_version() + return len(version.split('.')[0]) == 1 def is_version(self, version, or_more=True): """ check target pfSense version """ From cb3c5980ceed075504902d00e0c2c2784986b308 Mon Sep 17 00:00:00 2001 From: Jared Hamlin Date: Sun, 28 Dec 2025 19:38:15 -0500 Subject: [PATCH 2/3] Add preliminary support for DCO in openvpn_server. --- plugins/module_utils/openvpn_server.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/plugins/module_utils/openvpn_server.py b/plugins/module_utils/openvpn_server.py index 20011efb..981e39f1 100644 --- a/plugins/module_utils/openvpn_server.py +++ b/plugins/module_utils/openvpn_server.py @@ -15,6 +15,7 @@ OPENVPN_SERVER_ARGUMENT_SPEC = dict( name=dict(required=True, type='str'), mode=dict(type='str', choices=['p2p_tls', 'p2p_shared_key', 'server_tls', 'server_tls_user', 'server_user']), + dco=dict(default=False, required=False, type='bool'), authmode=dict(default=list(), required=False, type='list', elements='str'), state=dict(default='present', choices=['present', 'absent']), custom_options=dict(default=None, required=False, type='str'), @@ -213,6 +214,15 @@ def _params_to_obj(self): if self.params['mode'] == 'p2p_shared_key': obj['shared_key'] = self.params['shared_key'] + if not self.pfsense.is_ce_version(): + self._get_ansible_param_bool(obj, 'dco', force=True, value='enabled', value_false='disabled') + if self.params['dco']: + #these are requirements for DCO + obj['allow_compression'] = 'no' + obj['data_ciphers_fallback'] = 'AES-256-GCM' + obj.pop('compression') + obj.pop('compression_push') + return obj def _validate_params(self): From 360e14f060c90eb04854a541b35d2752ac14cde7 Mon Sep 17 00:00:00 2001 From: Jared Hamlin Date: Sat, 3 Jan 2026 17:25:45 -0500 Subject: [PATCH 3/3] Handle existing list comparison functionality in pfsense.py. --- plugins/module_utils/pfsense.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/module_utils/pfsense.py b/plugins/module_utils/pfsense.py index c6042f60..3646903f 100644 --- a/plugins/module_utils/pfsense.py +++ b/plugins/module_utils/pfsense.py @@ -746,6 +746,8 @@ def get_version(): @staticmethod def is_ce_version(version=None): """ return True if version is a CE version (for now, we only have 2.x patterns) """ + if type(version) is list: + return version[0] == 2 if version is None: version = PFSenseModule.get_version() return len(version.split('.')[0]) == 1