webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 11:13:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

OpenVPN: Replace existing Diffie-Hellman parameter with ffdhe4096

Browse Source 
Initial patch: https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=2ccc799f8bd6a12c3edab5f1a89fab4d2cd05ea8

Minor adjustments to make it apply to the current state of "next", and
removal of chown operation in OpenSSL's LFS file, which would have lead
to the Diffie-Hellman group file being writable by nobody, for which
there is no necessity.

Fixes: #12632
From: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
This commit is contained in:
Peter Müller
2022-11-11 12:14:37 +00:00
parent c899c04b11
commit 35494eac83
8 changed files with 11 additions and 260 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
langs/en/cgi-bin/en.pl
View File

@@ -794,12 +794,6 @@
'details' => 'Details',
'device' => 'Device',
'devices on blue' => 'Devices on BLUE',
'dh' => 'Diffie-Hellman parameters',
'dh key move failed' => 'Diffie-Hellman parameters move failed.',
'dh key warn' => 'Creating DH-parameters with a length of 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.',
'dh key warn1' => 'For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.',
'dh name is invalid' => 'Name is invalid, please use "dh1024.pem".',
'dh parameter' => 'Diffie-Hellman parameters',
'dhcp advopt add' => 'Add a DHCP option',
'dhcp advopt added' => 'DHCP option added',
'dhcp advopt blank value' => 'DHCP Option value cannot be empty.',
@@ -939,7 +933,6 @@
'download apple profile' => 'Download Apple Configuration Profile',
'download ca certificate' => 'Download CA certificate',
'download certificate' => 'Download file',
'download dh parameter' => 'Download Diffie-Hellman parameters',
'download host certificate' => 'Download host certificate',
'download new ruleset' => 'Download new ruleset',
'download pkcs12 file' => 'Download PKCS12 file',
@@ -1358,11 +1351,9 @@
'g.lite' => 'TO BE REMOVED',
'gateway' => 'Gateway',
'gateway ip' => 'Gateway IP',
'gen dh' => 'Generate new Diffie-Hellman parameters',
'gen static key' => 'Generate a static key',
'generate' => 'Generate root/host zertifikate',
'generate a certificate' => 'Generate a certificate:',
'generate dh key' => 'Generate Diffie-Hellman parameters',
'generate iso' => 'Generate ISO',
'generate ptr' => 'Generate PTR',
'generate root/host certificates' => 'Generate root/host certificates',
@@ -1911,7 +1902,6 @@
'nonetworkname' => 'No Network Name entered',
'noservicename' => 'No Service Name entered',
'not a valid ca certificate' => 'Not a valid CA certificate.',
'not a valid dh key' => 'Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format.',
'not affected' => 'Not Affected',
'not enough disk space' => 'Not enough disk space',
'not present' => '<b>Not</b> present',
@@ -2015,15 +2005,10 @@
'ovpn connection name' => 'Connection Name',
'ovpn crypt options' => 'Cryptographic options',
'ovpn device' => 'OpenVPN device:',
'ovpn dh' => 'Diffie-Hellman parameters length',
'ovpn dh new key' => 'Generate new Diffie-Hellman parameters',
'ovpn dh parameters' => 'Diffie-Hellman parameters options',
'ovpn dh upload' => 'Upload new Diffie-Hellman parameters',
'ovpn dl' => 'OVPN-Config Download',
'ovpn engines' => 'Crypto engine',
'ovpn errmsg green already pushed' => 'Route for green network is always set',
'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask',
'ovpn error dh' => 'The Diffie-Hellman parameter needs to be in minimum 2048 bit! <br>Please generate or upload a new Diffie-Hellman parameter, this can be made below in the section "Diffie-Hellman parameters options".</br>',
'ovpn error md5' => 'You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>',
'ovpn generating the root and host certificates' => 'Generating the root and host certificate can take a long time.',
'ovpn ha' => 'Hash algorithm',
@@ -2327,7 +2312,6 @@
'show ca certificate' => 'Show CA certificate',
'show certificate' => 'Show file',
'show crl' => 'Show certificate revocation list',
'show dh' => 'Show Diffie-Hellman parameters',
'show host certificate' => 'Show host certificate',
'show last x lines' => 'Show last x lines',
'show lines' => 'Show lines',
@@ -2710,7 +2694,6 @@
'upload a certificate' => 'Upload a certificate:',
'upload a certificate request' => 'Upload a certificate request:',
'upload ca certificate' => 'Upload CA certificate',
'upload dh key' => 'Upload Diffie-Hellman parameters',
'upload fcdsl.o' => 'TO BE REMOVED',
'upload file' => 'Upload file',
'upload new ruleset' => 'Upload new ruleset',