Fixes #14499: Relax requirements for encryption/auth algorithms on IKE & IPSec proposals

2025-12-18 19:32:24 -06:00 · 2023-12-19 11:18:26 -05:00
parent 96878cfca6
commit b794bd6fb8
4 changed files with 24 additions and 7 deletions
--- a/netbox/vpn/migrations/0001_initial.py
+++ b/netbox/vpn/migrations/0001_initial.py
@@ -29,7 +29,7 @@ class Migration(migrations.Migration):
                ('name', models.CharField(max_length=100, unique=True)),
                ('authentication_method', models.CharField()),
                ('encryption_algorithm', models.CharField()),
-                ('authentication_algorithm', models.CharField()),
+                ('authentication_algorithm', models.CharField(blank=True)),
                ('group', models.PositiveSmallIntegerField()),
                ('sa_lifetime', models.PositiveIntegerField(blank=True, null=True)),
                ('tags', taggit.managers.TaggableManager(through='extras.TaggedItem', to='extras.Tag')),
@@ -82,8 +82,8 @@ class Migration(migrations.Migration):
                ('description', models.CharField(blank=True, max_length=200)),
                ('comments', models.TextField(blank=True)),
                ('name', models.CharField(max_length=100, unique=True)),
-                ('encryption_algorithm', models.CharField()),
-                ('authentication_algorithm', models.CharField()),
+                ('encryption_algorithm', models.CharField(blank=True)),
+                ('authentication_algorithm', models.CharField(blank=True)),
                ('sa_lifetime_seconds', models.PositiveIntegerField(blank=True, null=True)),
                ('sa_lifetime_data', models.PositiveIntegerField(blank=True, null=True)),
                ('tags', taggit.managers.TaggableManager(through='extras.TaggedItem', to='extras.Tag')),
--- a/netbox/vpn/models/crypto.py
+++ b/netbox/vpn/models/crypto.py
@@ -1,3 +1,4 @@
+from django.core.exceptions import ValidationError
 from django.db import models
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
@@ -34,7 +35,8 @@ class IKEProposal(PrimaryModel):
    )
    authentication_algorithm = models.CharField(
        verbose_name=_('authentication algorithm'),
-        choices=AuthenticationAlgorithmChoices
+        choices=AuthenticationAlgorithmChoices,
+        blank=True
    )
    group = models.PositiveSmallIntegerField(
        verbose_name=_('group'),
@@ -120,11 +122,13 @@ class IPSecProposal(PrimaryModel):
    )
    encryption_algorithm = models.CharField(
        verbose_name=_('encryption'),
-        choices=EncryptionAlgorithmChoices
+        choices=EncryptionAlgorithmChoices,
+        blank=True
    )
    authentication_algorithm = models.CharField(
        verbose_name=_('authentication'),
-        choices=AuthenticationAlgorithmChoices
+        choices=AuthenticationAlgorithmChoices,
+        blank=True
    )
    sa_lifetime_seconds = models.PositiveIntegerField(
        verbose_name=_('SA lifetime (seconds)'),
@@ -154,6 +158,13 @@ class IPSecProposal(PrimaryModel):
    def get_absolute_url(self):
        return reverse('vpn:ipsecproposal', args=[self.pk])

+    def clean(self):
+        super().clean()
+
+        # Encryption and/or authentication algorithm must be defined
+        if not self.encryption_algorithm and not self.authentication_algorithm:
+            raise ValidationError(_("Encryption and/or authentication algorithm must be defined"))
+

 class IPSecPolicy(PrimaryModel):
    name = models.CharField(