webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-21 00:12:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ipsec' into next

Browse Source
This commit is contained in:
Michael Tremer
2019-02-25 00:48:08 +00:00
parent b5ef99df2c 8be516b3bc
commit 50d1bbf0f5
32 changed files with 973 additions and 265 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
config/firewall/firewall-lib.pl
View File

@@ -169,6 +169,15 @@ sub get_ipsec_host_ip
}
}
}
sub get_ipsec_id {
my $val = shift;
foreach my $key (keys %ipsecconf) {
if ($ipsecconf{$key}[1] eq $val) {
return $key;
}
}
}
sub get_ovpn_n2n_ip
{
my $val=shift;
@@ -399,10 +408,16 @@ sub get_address
my @parts = split(/\|/, $value);
push(@ret, [$parts[1], ""]);
}else{
my $network_address = &get_ipsec_net_ip($value, 11);
my @nets = split(/\|/, $network_address);
foreach my $net (@nets) {
push(@ret, [$net, ""]);
my $interface_mode = &get_ipsec_net_ip($value, 36);
if ($interface_mode ~~ ["gre", "vti"]) {
my $id = &get_ipsec_id($value);
push(@ret, ["0.0.0.0/0", "${interface_mode}${id}"]);
} else {
my $network_address = &get_ipsec_net_ip($value, 11);
my @nets = split(/\|/, $network_address);
foreach my $net (@nets) {
push(@ret, [$net, ""]);
}
}
}

57
config/firewall/ipsec-block → config/firewall/ipsec-policy
View File

@@ -21,6 +21,15 @@
VPN_CONFIG="/var/ipfire/vpn/config"
eval $(/usr/local/bin/readhash /var/ipfire/vpn/settings)
VARS=(
id status name lefthost type ctype psk local local_id leftsubnets
remote_id remote rightsubnets x3 x4 x5 x6 x7 x8 x9 x10 x11 x12
x13 x14 x15 x16 x17 x18 x19 proto x20 x21 x22
route x23 mode interface_mode interface_address interface_mtu rest
)
block_subnet() {
local subnet="${1}"
local action="${2}"
@@ -45,27 +54,55 @@ block_subnet() {
return 0
}
block_ipsec() {
# Flush all exists rules
install_policy() {
# Flush existing rules
iptables -F IPSECINPUT
iptables -F IPSECOUTPUT
iptables -F IPSECBLOCK
local action
# We are done when IPsec is not enabled
[ "${ENABLED}" = "on" ] || exit 0
local vars="id status name lefthost type ctype x1 x2 x3 leftsubnets"
vars="${vars} x4 righthost rightsubnets x5 x6 x7 x8 x9 x10 x11 x12"
vars="${vars} x13 x14 x15 x16 x17 x18 x19 x20 x21 proto x22 x23 x24"
vars="${vars} route rest"
# IKE
iptables -A IPSECINPUT -p udp --dport 500 -j ACCEPT
iptables -A IPSECOUTPUT -p udp --dport 500 -j ACCEPT
# IKE NAT
iptables -A IPSECINPUT -p udp --dport 4500 -j ACCEPT
iptables -A IPSECOUTPUT -p udp --dport 4500 -j ACCEPT
# Register local variables
local ${vars}
local "${VARS[@]}"
local action
while IFS="," read -r ${vars}; do
while IFS="," read -r "${VARS[@]}"; do
# Check if the connection is enabled
[ "${status}" = "on" ] || continue
# Check if this a net-to-net connection
[ "${type}" = "net" ] || continue
# Default local to 0.0.0.0/0
if [ "${local}" = "" -o "${local}" = "off" ]; then
local="0.0.0.0/0"
fi
# Install permissions for GRE traffic
case "${interface_mode}" in
gre)
if [ -n "${remote}" ]; then
iptables -A IPSECINPUT -p gre \
-s "${remote}" -d "${local}" -j ACCEPT
iptables -A IPSECOUTPUT -p gre \
-s "${local}" -d "${remote}" -j ACCEPT
fi
;;
esac
# Install firewall rules only for interfaces without interface
[ -n "${interface_mode}" ] && continue
# Split multiple subnets
rightsubnets="${rightsubnets//\|/ }"
@@ -85,4 +122,4 @@ block_ipsec() {
done < "${VPN_CONFIG}"
}
block_ipsec || exit $?
install_policy || exit $?

3
config/rootfiles/common/aarch64/stage2
View File

@@ -76,7 +76,7 @@ usr/bin/captive-cleanup
#usr/lib
usr/lib/firewall
usr/lib/firewall/firewall-lib.pl
usr/lib/firewall/ipsec-block
usr/lib/firewall/ipsec-policy
usr/lib/firewall/rules.pl
#usr/lib/libgcc_s.so
usr/lib/libgcc_s.so.1
@@ -93,6 +93,7 @@ usr/local/bin/connscheduler
usr/local/bin/consort.sh
usr/local/bin/convert-ovpn
usr/local/bin/hddshutdown
usr/local/bin/ipsec-interfaces
usr/local/bin/makegraphs
usr/local/bin/qosd
usr/local/bin/readhash

3
config/rootfiles/common/stage2
View File

@@ -75,7 +75,7 @@ usr/bin/captive-cleanup
#usr/lib
usr/lib/firewall
usr/lib/firewall/firewall-lib.pl
usr/lib/firewall/ipsec-block
usr/lib/firewall/ipsec-policy
usr/lib/firewall/rules.pl
#usr/lib/libgcc_s.so
usr/lib/libgcc_s.so.1
@@ -91,6 +91,7 @@ usr/local/bin/connscheduler
usr/local/bin/consort.sh
usr/local/bin/convert-ovpn
usr/local/bin/hddshutdown
usr/local/bin/ipsec-interfaces
usr/local/bin/makegraphs
usr/local/bin/qosd
usr/local/bin/readhash

3
config/rootfiles/common/x86_64/stage2
View File

@@ -76,7 +76,7 @@ usr/bin/captive-cleanup
#usr/lib
usr/lib/firewall
usr/lib/firewall/firewall-lib.pl
usr/lib/firewall/ipsec-block
usr/lib/firewall/ipsec-policy
usr/lib/firewall/rules.pl
#usr/lib/libgcc_s.so
usr/lib/libgcc_s.so.1
@@ -93,6 +93,7 @@ usr/local/bin/connscheduler
usr/local/bin/consort.sh
usr/local/bin/convert-ovpn
usr/local/bin/hddshutdown
usr/local/bin/ipsec-interfaces
usr/local/bin/makegraphs
usr/local/bin/qosd
usr/local/bin/readhash

2
config/strongswan/charon.conf
View File

@@ -86,7 +86,7 @@ charon {
# Install routes into a separate routing table for established IPsec
# tunnels.
# install_routes = yes
install_routes = no
# Install virtual IP addresses.
# install_virtual_ip = yes

22
doc/language_issues.de
View File

@@ -417,7 +417,6 @@ WARNING: translation string unused: messages logging
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
@@ -713,11 +712,14 @@ WARNING: translation string unused: use dov
WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
WARNING: translation string unused: vpn delayed start
WARNING: translation string unused: vpn delayed start help
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
WARNING: translation string unused: vpn on orange
WARNING: translation string unused: vpn red name
WARNING: translation string unused: vpn watch
WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
@@ -734,6 +736,7 @@ WARNING: untranslated string: addons = Addons
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: community rules = Snort/VRT GPLv2 Community Rules
WARNING: untranslated string: dead peer detection = Dead Peer Detection
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules
WARNING: untranslated string: fwhost cust geoipgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
@@ -775,6 +778,21 @@ WARNING: untranslated string: guardian service = unknown string
WARNING: untranslated string: guardian watch snort alertfile = unknown string
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
WARNING: untranslated string: info messages = unknown string
WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: ipsec connection = IPsec Connection
WARNING: untranslated string: ipsec interface mode gre = GRE
WARNING: untranslated string: ipsec interface mode none = - None (Default) -
WARNING: untranslated string: ipsec interface mode vti = VTI
WARNING: untranslated string: ipsec mode transport = Transport
WARNING: untranslated string: ipsec mode tunnel = Tunnel
WARNING: untranslated string: ipsec settings = IPsec Settings
WARNING: untranslated string: local ip address = Local IP Address
WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: none = none
WARNING: untranslated string: qos add subclass = Add subclass
@@ -783,5 +801,7 @@ WARNING: untranslated string: routing config added = unknown string
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: routing table = unknown string
WARNING: untranslated string: show tls-auth key = Show tls-auth key
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: vpn force mobike = Force using MOBIKE (only IKEv2)
WARNING: untranslated string: vpn statistics n2n = unknown string

26
doc/language_issues.en
View File

@@ -529,6 +529,7 @@ WARNING: untranslated string: dead peer detection = Dead Peer Detection
WARNING: untranslated string: december = December
WARNING: untranslated string: def lease time = Default Lease Time
WARNING: untranslated string: default = Default
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: default lease time = Default lease time (mins):
WARNING: untranslated string: default renewal time = Default Renewal Time
WARNING: untranslated string: delete = Delete
@@ -1051,6 +1052,7 @@ WARNING: untranslated string: install = Install
WARNING: untranslated string: instant update = Instant Update
WARNING: untranslated string: integrity = Integrity:
WARNING: untranslated string: interface = Interface
WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: interfaces = Interfaces
WARNING: untranslated string: internet = INTERNET
WARNING: untranslated string: intrusion detection = Intrusion Detection
@@ -1079,10 +1081,15 @@ WARNING: untranslated string: invalid input for esp keylife = Invalid input for
WARNING: untranslated string: invalid input for hostname = Invalid input for hostname.
WARNING: untranslated string: invalid input for ike lifetime = Invalid input for IKE lifetime
WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
WARNING: untranslated string: invalid input for keepalive 1 = Invalid input for Keepalive ping
WARNING: untranslated string: invalid input for keepalive 1:2 = Invalid input for Keepalive use at least a ratio of 1:2
WARNING: untranslated string: invalid input for keepalive 2 = Invalid input for Keepalive ping-restart
WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
WARNING: untranslated string: invalid input for max clients = Invalid input for Max Clients
WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid input for name = Invalid input for user's full name or system hostname
WARNING: untranslated string: invalid input for oink code = Invalid input for Oink code
WARNING: untranslated string: invalid input for organization = Invalid input for organization
@@ -1126,7 +1133,14 @@ WARNING: untranslated string: ipfire side is invalid = IPFire side is invalid.
WARNING: untranslated string: ipfires hostname = IPFire's Hostname
WARNING: untranslated string: ipinfo = IP info
WARNING: untranslated string: ipsec = IPsec
WARNING: untranslated string: ipsec connection = IPsec Connection
WARNING: untranslated string: ipsec interface mode gre = GRE
WARNING: untranslated string: ipsec interface mode none = - None (Default) -
WARNING: untranslated string: ipsec interface mode vti = VTI
WARNING: untranslated string: ipsec mode transport = Transport
WARNING: untranslated string: ipsec mode tunnel = Tunnel
WARNING: untranslated string: ipsec network = IPsec network
WARNING: untranslated string: ipsec settings = IPsec Settings
WARNING: untranslated string: iptmangles = IPTable Mangles
WARNING: untranslated string: iptnats = IPTable Network Address Translation
WARNING: untranslated string: ipts = iptables
@@ -1145,6 +1159,7 @@ WARNING: untranslated string: legend = Legend
WARNING: untranslated string: lifetime = Lifetime:
WARNING: untranslated string: linkq = Link Quality
WARNING: untranslated string: load printer = Load Printer
WARNING: untranslated string: local ip address = Local IP Address
WARNING: untranslated string: local master = Local Master
WARNING: untranslated string: local ntp server specified but not enabled = Local NTP server specified but not enabled
WARNING: untranslated string: local subnet = Local subnet:
@@ -1230,6 +1245,7 @@ WARNING: untranslated string: minimum = Minimum
WARNING: untranslated string: minute = Minute
WARNING: untranslated string: minutes = Minutes
WARNING: untranslated string: misc-options = Miscellaneous options
WARNING: untranslated string: mode = Mode
WARNING: untranslated string: model = Model
WARNING: untranslated string: modem = Modem
WARNING: untranslated string: modem configuration = Modem configuration
@@ -1262,6 +1278,7 @@ WARNING: untranslated string: mpfire scanning = Scan for new files
WARNING: untranslated string: mpfire search = MPFire Search
WARNING: untranslated string: mpfire songs = MPFire songlist
WARNING: untranslated string: mpfire webradio = MPFire Webradio
WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: my new share = My new share
WARNING: untranslated string: name = Name
WARNING: untranslated string: name is invalid = Name is invalid
@@ -1630,6 +1647,7 @@ WARNING: untranslated string: stop = Stop
WARNING: untranslated string: stop ovpn server = Stop OpenVPN Server
WARNING: untranslated string: stopped = STOPPED
WARNING: untranslated string: subject = Subject
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: subscripted user rules = Sourcefire VRT rules with subscription
WARNING: untranslated string: summaries kept = Keep summaries for
WARNING: untranslated string: sunday = Sunday
@@ -1711,6 +1729,7 @@ WARNING: untranslated string: tor use exit nodes = Use only these exit nodes (on
WARNING: untranslated string: total hits for log section = Total hits for log section
WARNING: untranslated string: traffic on = Traffic on
WARNING: untranslated string: traffics = Utilization-overview
WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: tuesday = Tuesday
WARNING: untranslated string: twelve hours = 12 Hours
WARNING: untranslated string: two weeks = Two Weeks
@@ -2033,8 +2052,6 @@ WARNING: untranslated string: vpn altname syntax = SubjectAltName is a comma sep
WARNING: untranslated string: vpn auth-dn = Peer is identified by either IPV4_ADDR, FQDN, USER_FQDN or DER_ASN1_DN string in remote ID field
WARNING: untranslated string: vpn broken = Broken
WARNING: untranslated string: vpn connecting = CONNECTING
WARNING: untranslated string: vpn delayed start = Delay before launching VPN (seconds)
WARNING: untranslated string: vpn delayed start help = If required, this delay can be used to allow dynamic DNS updates to propagate properly. 60 is a common value when RED is a dynamic IP.
WARNING: untranslated string: vpn force mobike = Force using MOBIKE (only IKEv2)
WARNING: untranslated string: vpn inactivity timeout = Inactivity Timeout
WARNING: untranslated string: vpn keyexchange = Keyexchange
@@ -2043,14 +2060,13 @@ WARNING: untranslated string: vpn missing remote id = You must specify a correct
WARNING: untranslated string: vpn no full pki = missing private key to generate cert
WARNING: untranslated string: vpn on-demand = ON-DEMAND
WARNING: untranslated string: vpn payload compression = Negotiate payload compression
WARNING: untranslated string: vpn red name = Public IP or FQDN for RED interface or <%defaultroute>
WARNING: untranslated string: vpn remote id = Remote ID
WARNING: untranslated string: vpn start action = Start Action
WARNING: untranslated string: vpn start action add = Wait for connection initiation
WARNING: untranslated string: vpn start action route = On Demand
WARNING: untranslated string: vpn start action start = Always On
WARNING: untranslated string: vpn statistic n2n = OpenVPN Net-to-Net Statistics
WARNING: untranslated string: vpn statistic rw = OpenVPN Roadwarrior Statistics
WARNING: untranslated string: vpn statistic n2n = VPN: Net-to-Net Statistics
WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn subjectaltname = Subject Alt Name
WARNING: untranslated string: vpn wait = WAITING

26
doc/language_issues.es
View File

@@ -365,7 +365,6 @@ WARNING: translation string unused: messages logging
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
@@ -634,11 +633,14 @@ WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
WARNING: translation string unused: vpn configuration main
WARNING: translation string unused: vpn delayed start
WARNING: translation string unused: vpn delayed start help
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
WARNING: translation string unused: vpn on orange
WARNING: translation string unused: vpn red name
WARNING: translation string unused: vpn watch
WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
@@ -761,6 +763,7 @@ WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
WARNING: untranslated string: dead peer detection = Dead Peer Detection
WARNING: untranslated string: default = Default
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: deprecated fs warn = Deprecated filesystem! Newer kernel drop the support. Backup and reformat!
WARNING: untranslated string: details = Details
WARNING: untranslated string: dh = Diffie-Hellman parameters
@@ -1050,17 +1053,31 @@ WARNING: untranslated string: incoming firewall access = Incoming Firewall Acces
WARNING: untranslated string: incoming overhead in bytes per second = Incoming Overhead
WARNING: untranslated string: info messages = unknown string
WARNING: untranslated string: integrity = Integrity:
WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: invalid input for dpd delay = Invalid input for DPD delay
WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout
WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
WARNING: untranslated string: ipsec = IPsec
WARNING: untranslated string: ipsec connection = IPsec Connection
WARNING: untranslated string: ipsec interface mode gre = GRE
WARNING: untranslated string: ipsec interface mode none = - None (Default) -
WARNING: untranslated string: ipsec interface mode vti = VTI
WARNING: untranslated string: ipsec mode transport = Transport
WARNING: untranslated string: ipsec mode tunnel = Tunnel
WARNING: untranslated string: ipsec network = IPsec network
WARNING: untranslated string: ipsec settings = IPsec Settings
WARNING: untranslated string: last = Last
WARNING: untranslated string: least preferred = least preferred
WARNING: untranslated string: lifetime = Lifetime:
WARNING: untranslated string: local ip address = Local IP Address
WARNING: untranslated string: log server protocol = protocol:
WARNING: untranslated string: mac filter = MAC filter
WARNING: untranslated string: masquerade blue = Masquerade BLUE
@@ -1088,6 +1105,7 @@ WARNING: untranslated string: modem sim information = SIM Information
WARNING: untranslated string: modem status = Modem Status
WARNING: untranslated string: monitor interface = Monitor Interface
WARNING: untranslated string: most preferred = most preferred
WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: nameserver = Nameserver
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: none = none
@@ -1166,6 +1184,7 @@ WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
WARNING: untranslated string: static routes = Static Routes
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: support donation = Support the IPFire project with your donation
WARNING: untranslated string: system has rdrand = This system has support for Intel(R) RDRAND.
WARNING: untranslated string: system information = System Information
@@ -1221,6 +1240,7 @@ WARNING: untranslated string: tor traffic limit hard = Traffic limit has been re
WARNING: untranslated string: tor traffic limit soft = Traffic limit almost reached. Not accepting any new connections.
WARNING: untranslated string: tor traffic read written = Total traffic (read/written)
WARNING: untranslated string: tor use exit nodes = Use only these exit nodes (one per line)
WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: twelve hours = 12 Hours
WARNING: untranslated string: two weeks = Two Weeks
WARNING: untranslated string: udp less overhead = UDP (less overhead)
@@ -1245,8 +1265,8 @@ WARNING: untranslated string: vpn start action = Start Action
WARNING: untranslated string: vpn start action add = Wait for connection initiation
WARNING: untranslated string: vpn start action route = On Demand
WARNING: untranslated string: vpn start action start = Always On
WARNING: untranslated string: vpn statistic n2n = OpenVPN Net-to-Net Statistics
WARNING: untranslated string: vpn statistic rw = OpenVPN Roadwarrior Statistics
WARNING: untranslated string: vpn statistic n2n = VPN: Net-to-Net Statistics
WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING
WARNING: untranslated string: vpn weak = Weak

22
doc/language_issues.fr
View File

@@ -445,7 +445,6 @@ WARNING: translation string unused: messages logging
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
@@ -751,11 +750,14 @@ WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
WARNING: translation string unused: vpn configuration main
WARNING: translation string unused: vpn delayed start
WARNING: translation string unused: vpn delayed start help
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
WARNING: translation string unused: vpn on orange
WARNING: translation string unused: vpn red name
WARNING: translation string unused: vpn watch
WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
@@ -770,6 +772,7 @@ WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Captive clients = unknown string
WARNING: untranslated string: Scan for Songs = unknown string
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: dnsforward forward_servers = Nameservers
WARNING: untranslated string: fwhost cust geoipgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
@@ -810,11 +813,28 @@ WARNING: untranslated string: guardian service = unknown string
WARNING: untranslated string: guardian watch snort alertfile = unknown string
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
WARNING: untranslated string: info messages = unknown string
WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
WARNING: untranslated string: ipsec connection = IPsec Connection
WARNING: untranslated string: ipsec interface mode gre = GRE
WARNING: untranslated string: ipsec interface mode none = - None (Default) -
WARNING: untranslated string: ipsec interface mode vti = VTI
WARNING: untranslated string: ipsec mode transport = Transport
WARNING: untranslated string: ipsec mode tunnel = Tunnel
WARNING: untranslated string: ipsec settings = IPsec Settings
WARNING: untranslated string: local ip address = Local IP Address
WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: pakfire ago = ago.
WARNING: untranslated string: route config changed = unknown string
WARNING: untranslated string: routing config added = unknown string
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: routing table = unknown string
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: vpn statistics n2n = unknown string

26
doc/language_issues.it
View File

@@ -417,7 +417,6 @@ WARNING: translation string unused: messages logging
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
@@ -723,11 +722,14 @@ WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
WARNING: translation string unused: vpn configuration main
WARNING: translation string unused: vpn delayed start
WARNING: translation string unused: vpn delayed start help
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
WARNING: translation string unused: vpn on orange
WARNING: translation string unused: vpn red name
WARNING: translation string unused: vpn watch
WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
@@ -789,6 +791,7 @@ WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: check all = Check all
WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
WARNING: untranslated string: dhcp dns key name = Key Name:
WARNING: untranslated string: dhcp dns update = DNS Update
@@ -884,10 +887,24 @@ WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unk
WARNING: untranslated string: incoming compression in bytes per second = Incoming Compression
WARNING: untranslated string: incoming overhead in bytes per second = Incoming Overhead
WARNING: untranslated string: info messages = unknown string
WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
WARNING: untranslated string: ipsec connection = IPsec Connection
WARNING: untranslated string: ipsec interface mode gre = GRE
WARNING: untranslated string: ipsec interface mode none = - None (Default) -
WARNING: untranslated string: ipsec interface mode vti = VTI
WARNING: untranslated string: ipsec mode transport = Transport
WARNING: untranslated string: ipsec mode tunnel = Tunnel
WARNING: untranslated string: ipsec settings = IPsec Settings
WARNING: untranslated string: local ip address = Local IP Address
WARNING: untranslated string: log server protocol = protocol:
WARNING: untranslated string: masquerade blue = Masquerade BLUE
WARNING: untranslated string: masquerade green = Masquerade GREEN
@@ -896,6 +913,7 @@ WARNING: untranslated string: masquerading = Masquerading
WARNING: untranslated string: masquerading disabled = Masquerading disabled
WARNING: untranslated string: masquerading enabled = Masquerading enabled
WARNING: untranslated string: messages = Messages
WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: none = none
WARNING: untranslated string: one hour = One Hour
@@ -924,9 +942,11 @@ WARNING: untranslated string: ssh active sessions = Active logins
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: tcp more reliable = TCP (more reliable)
WARNING: untranslated string: ten minutes = 10 Minutes
WARNING: untranslated string: thirty minutes = 30 Minutes
WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: twelve hours = 12 Hours
WARNING: untranslated string: two weeks = Two Weeks
WARNING: untranslated string: udp less overhead = UDP (less overhead)
@@ -944,8 +964,8 @@ WARNING: untranslated string: vpn start action = Start Action
WARNING: untranslated string: vpn start action add = Wait for connection initiation
WARNING: untranslated string: vpn start action route = On Demand
WARNING: untranslated string: vpn start action start = Always On
WARNING: untranslated string: vpn statistic n2n = OpenVPN Net-to-Net Statistics
WARNING: untranslated string: vpn statistic rw = OpenVPN Roadwarrior Statistics
WARNING: untranslated string: vpn statistic n2n = VPN: Net-to-Net Statistics
WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING
WARNING: untranslated string: vpn weak = Weak

26
doc/language_issues.nl
View File

@@ -415,7 +415,6 @@ WARNING: translation string unused: messages logging
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
@@ -718,11 +717,14 @@ WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
WARNING: translation string unused: vpn configuration main
WARNING: translation string unused: vpn delayed start
WARNING: translation string unused: vpn delayed start help
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
WARNING: translation string unused: vpn on orange
WARNING: translation string unused: vpn red name
WARNING: translation string unused: vpn watch
WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
@@ -787,6 +789,7 @@ WARNING: untranslated string: check all = Check all
WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
WARNING: untranslated string: default = Default
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: dh = Diffie-Hellman parameters
WARNING: untranslated string: dh key move failed = Diffie-Hellman parameters move failed.
WARNING: untranslated string: dh key warn = Creating DH-parameters with a length of 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.
@@ -898,10 +901,24 @@ WARNING: untranslated string: imsi = IMSI
WARNING: untranslated string: incoming compression in bytes per second = Incoming Compression
WARNING: untranslated string: incoming overhead in bytes per second = Incoming Overhead
WARNING: untranslated string: info messages = unknown string
WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
WARNING: untranslated string: ipsec connection = IPsec Connection
WARNING: untranslated string: ipsec interface mode gre = GRE
WARNING: untranslated string: ipsec interface mode none = - None (Default) -
WARNING: untranslated string: ipsec interface mode vti = VTI
WARNING: untranslated string: ipsec mode transport = Transport
WARNING: untranslated string: ipsec mode tunnel = Tunnel
WARNING: untranslated string: ipsec settings = IPsec Settings
WARNING: untranslated string: local ip address = Local IP Address
WARNING: untranslated string: log server protocol = protocol:
WARNING: untranslated string: masquerade blue = Masquerade BLUE
WARNING: untranslated string: masquerade green = Masquerade GREEN
@@ -924,6 +941,7 @@ WARNING: untranslated string: modem no connection message = No connection to the
WARNING: untranslated string: modem sim information = SIM Information
WARNING: untranslated string: modem status = Modem Status
WARNING: untranslated string: monitor interface = Monitor Interface
WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: nameserver = Nameserver
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: none = none
@@ -967,10 +985,12 @@ WARNING: untranslated string: ssh active sessions = Active logins
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: ta key = TLS-Authentification-Key
WARNING: untranslated string: tcp more reliable = TCP (more reliable)
WARNING: untranslated string: ten minutes = 10 Minutes
WARNING: untranslated string: thirty minutes = 30 Minutes
WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: twelve hours = 12 Hours
WARNING: untranslated string: two weeks = Two Weeks
WARNING: untranslated string: udp less overhead = UDP (less overhead)
@@ -990,8 +1010,8 @@ WARNING: untranslated string: vpn start action = Start Action
WARNING: untranslated string: vpn start action add = Wait for connection initiation
WARNING: untranslated string: vpn start action route = On Demand
WARNING: untranslated string: vpn start action start = Always On
WARNING: untranslated string: vpn statistic n2n = OpenVPN Net-to-Net Statistics
WARNING: untranslated string: vpn statistic rw = OpenVPN Roadwarrior Statistics
WARNING: untranslated string: vpn statistic n2n = VPN: Net-to-Net Statistics
WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING
WARNING: untranslated string: vpn weak = Weak

26
doc/language_issues.pl
View File

@@ -365,7 +365,6 @@ WARNING: translation string unused: messages logging
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
@@ -634,11 +633,14 @@ WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
WARNING: translation string unused: vpn configuration main
WARNING: translation string unused: vpn delayed start
WARNING: translation string unused: vpn delayed start help
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
WARNING: translation string unused: vpn on orange
WARNING: translation string unused: vpn red name
WARNING: translation string unused: vpn watch
WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
@@ -761,6 +763,7 @@ WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
WARNING: untranslated string: dead peer detection = Dead Peer Detection
WARNING: untranslated string: default = Default
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: deprecated fs warn = Deprecated filesystem! Newer kernel drop the support. Backup and reformat!
WARNING: untranslated string: details = Details
WARNING: untranslated string: dh = Diffie-Hellman parameters
@@ -1050,17 +1053,31 @@ WARNING: untranslated string: incoming firewall access = Incoming Firewall Acces
WARNING: untranslated string: incoming overhead in bytes per second = Incoming Overhead
WARNING: untranslated string: info messages = unknown string
WARNING: untranslated string: integrity = Integrity:
WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: invalid input for dpd delay = Invalid input for DPD delay
WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout
WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
WARNING: untranslated string: ipsec = IPsec
WARNING: untranslated string: ipsec connection = IPsec Connection
WARNING: untranslated string: ipsec interface mode gre = GRE
WARNING: untranslated string: ipsec interface mode none = - None (Default) -
WARNING: untranslated string: ipsec interface mode vti = VTI
WARNING: untranslated string: ipsec mode transport = Transport
WARNING: untranslated string: ipsec mode tunnel = Tunnel
WARNING: untranslated string: ipsec network = IPsec network
WARNING: untranslated string: ipsec settings = IPsec Settings
WARNING: untranslated string: last = Last
WARNING: untranslated string: least preferred = least preferred
WARNING: untranslated string: lifetime = Lifetime:
WARNING: untranslated string: local ip address = Local IP Address
WARNING: untranslated string: log server protocol = protocol:
WARNING: untranslated string: mac filter = MAC filter
WARNING: untranslated string: masquerade blue = Masquerade BLUE
@@ -1088,6 +1105,7 @@ WARNING: untranslated string: modem sim information = SIM Information
WARNING: untranslated string: modem status = Modem Status
WARNING: untranslated string: monitor interface = Monitor Interface
WARNING: untranslated string: most preferred = most preferred
WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: nameserver = Nameserver
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: none = none
@@ -1166,6 +1184,7 @@ WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
WARNING: untranslated string: static routes = Static Routes
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: support donation = Support the IPFire project with your donation
WARNING: untranslated string: system has rdrand = This system has support for Intel(R) RDRAND.
WARNING: untranslated string: system information = System Information
@@ -1221,6 +1240,7 @@ WARNING: untranslated string: tor traffic limit hard = Traffic limit has been re
WARNING: untranslated string: tor traffic limit soft = Traffic limit almost reached. Not accepting any new connections.
WARNING: untranslated string: tor traffic read written = Total traffic (read/written)
WARNING: untranslated string: tor use exit nodes = Use only these exit nodes (one per line)
WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: twelve hours = 12 Hours
WARNING: untranslated string: two weeks = Two Weeks
WARNING: untranslated string: udp less overhead = UDP (less overhead)
@@ -1245,8 +1265,8 @@ WARNING: untranslated string: vpn start action = Start Action
WARNING: untranslated string: vpn start action add = Wait for connection initiation
WARNING: untranslated string: vpn start action route = On Demand
WARNING: untranslated string: vpn start action start = Always On
WARNING: untranslated string: vpn statistic n2n = OpenVPN Net-to-Net Statistics
WARNING: untranslated string: vpn statistic rw = OpenVPN Roadwarrior Statistics
WARNING: untranslated string: vpn statistic n2n = VPN: Net-to-Net Statistics
WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING
WARNING: untranslated string: vpn weak = Weak

26
doc/language_issues.ru
View File

@@ -358,7 +358,6 @@ WARNING: translation string unused: messages logging
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
@@ -637,11 +636,14 @@ WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
WARNING: translation string unused: vpn configuration main
WARNING: translation string unused: vpn delayed start
WARNING: translation string unused: vpn delayed start help
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
WARNING: translation string unused: vpn on orange
WARNING: translation string unused: vpn red name
WARNING: translation string unused: vpn watch
WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
@@ -764,6 +766,7 @@ WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
WARNING: untranslated string: dead peer detection = Dead Peer Detection
WARNING: untranslated string: default = Default
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: deprecated fs warn = Deprecated filesystem! Newer kernel drop the support. Backup and reformat!
WARNING: untranslated string: details = Details
WARNING: untranslated string: dh = Diffie-Hellman parameters
@@ -1052,17 +1055,31 @@ WARNING: untranslated string: incoming overhead in bytes per second = Incoming O
WARNING: untranslated string: incoming traffic in bytes per second = Incoming Traffic
WARNING: untranslated string: info messages = unknown string
WARNING: untranslated string: integrity = Integrity:
WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: invalid input for dpd delay = Invalid input for DPD delay
WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout
WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
WARNING: untranslated string: ipsec = IPsec
WARNING: untranslated string: ipsec connection = IPsec Connection
WARNING: untranslated string: ipsec interface mode gre = GRE
WARNING: untranslated string: ipsec interface mode none = - None (Default) -
WARNING: untranslated string: ipsec interface mode vti = VTI
WARNING: untranslated string: ipsec mode transport = Transport
WARNING: untranslated string: ipsec mode tunnel = Tunnel
WARNING: untranslated string: ipsec network = IPsec network
WARNING: untranslated string: ipsec settings = IPsec Settings
WARNING: untranslated string: last = Last
WARNING: untranslated string: least preferred = least preferred
WARNING: untranslated string: lifetime = Lifetime:
WARNING: untranslated string: local ip address = Local IP Address
WARNING: untranslated string: log server protocol = protocol:
WARNING: untranslated string: mac filter = MAC filter
WARNING: untranslated string: masquerade blue = Masquerade BLUE
@@ -1090,6 +1107,7 @@ WARNING: untranslated string: modem sim information = SIM Information
WARNING: untranslated string: modem status = Modem Status
WARNING: untranslated string: monitor interface = Monitor Interface
WARNING: untranslated string: most preferred = most preferred
WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: nameserver = Nameserver
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: none = none
@@ -1162,6 +1180,7 @@ WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
WARNING: untranslated string: static routes = Static Routes
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: support donation = Support the IPFire project with your donation
WARNING: untranslated string: system has rdrand = This system has support for Intel(R) RDRAND.
WARNING: untranslated string: ta key = TLS-Authentification-Key
@@ -1216,6 +1235,7 @@ WARNING: untranslated string: tor traffic limit hard = Traffic limit has been re
WARNING: untranslated string: tor traffic limit soft = Traffic limit almost reached. Not accepting any new connections.
WARNING: untranslated string: tor traffic read written = Total traffic (read/written)
WARNING: untranslated string: tor use exit nodes = Use only these exit nodes (one per line)
WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: twelve hours = 12 Hours
WARNING: untranslated string: two weeks = Two Weeks
WARNING: untranslated string: udp less overhead = UDP (less overhead)
@@ -1240,8 +1260,8 @@ WARNING: untranslated string: vpn start action = Start Action
WARNING: untranslated string: vpn start action add = Wait for connection initiation
WARNING: untranslated string: vpn start action route = On Demand
WARNING: untranslated string: vpn start action start = Always On
WARNING: untranslated string: vpn statistic n2n = OpenVPN Net-to-Net Statistics
WARNING: untranslated string: vpn statistic rw = OpenVPN Roadwarrior Statistics
WARNING: untranslated string: vpn statistic n2n = VPN: Net-to-Net Statistics
WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING
WARNING: untranslated string: vpn weak = Weak

22
doc/language_issues.tr
View File

@@ -445,7 +445,6 @@ WARNING: translation string unused: messages logging
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
@@ -751,11 +750,14 @@ WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
WARNING: translation string unused: vpn configuration main
WARNING: translation string unused: vpn delayed start
WARNING: translation string unused: vpn delayed start help
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
WARNING: translation string unused: vpn on orange
WARNING: translation string unused: vpn red name
WARNING: translation string unused: vpn watch
WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
@@ -772,6 +774,7 @@ WARNING: untranslated string: Scan for Songs = unknown string
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: dnsforward forward_servers = Nameservers
WARNING: untranslated string: fwdfw all subnets = All subnets
WARNING: untranslated string: fwhost cust geoipgrp = unknown string
@@ -813,7 +816,22 @@ WARNING: untranslated string: guardian service = unknown string
WARNING: untranslated string: guardian watch snort alertfile = unknown string
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
WARNING: untranslated string: info messages = unknown string
WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
WARNING: untranslated string: ipsec connection = IPsec Connection
WARNING: untranslated string: ipsec interface mode gre = GRE
WARNING: untranslated string: ipsec interface mode none = - None (Default) -
WARNING: untranslated string: ipsec interface mode vti = VTI
WARNING: untranslated string: ipsec mode transport = Transport
WARNING: untranslated string: ipsec mode tunnel = Tunnel
WARNING: untranslated string: ipsec settings = IPsec Settings
WARNING: untranslated string: local ip address = Local IP Address
WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: ovpn error dh = The Diffie-Hellman parameter needs to be in minimum 2048 bit! <br>Please generate or upload a new Diffie-Hellman parameter, this can be made below in the section "Diffie-Hellman parameters options".</br>
WARNING: untranslated string: ovpn error md5 = You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
@@ -826,6 +844,8 @@ WARNING: untranslated string: ssh active sessions = Active logins
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: vpn start action add = Wait for connection initiation
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING

152
doc/language_missings
View File

@@ -28,7 +28,9 @@
< choose media
< community rules
< could not connect to www ipfire org
< cryptographic settings
< dead peer detection
< default IP address
< dhcp server disabled on blue interface
< dhcp server enabled on blue interface
< dh name is invalid
@@ -38,6 +40,21 @@
< g.lite
< guardian
< insert removable device
< interface mode
< invalid input for interface address
< invalid input for interface mode
< invalid input for interface mtu
< invalid input for local ip address
< invalid input for mode
< ipsec connection
< ipsec interface mode gre
< ipsec interface mode none
< ipsec interface mode vti
< ipsec mode transport
< ipsec mode tunnel
< ipsec settings
< local ip address
< mtu
< none
< notes
< qos add subclass
@@ -46,9 +63,11 @@
< show areas
< show lines
< show tls-auth key
< subnet mask
< teovpn_fragment
< tor bridge enabled
< tor errmsg invalid node id
< transport mode does not support vti
< updxlrtr used by
< upload fcdsl.o
< vpn configuration main
@@ -186,10 +205,12 @@
< countrycode
< country codes and flags
< crypto error
< cryptographic settings
< crypto warning
< dead peer detection
< default
< default ip
< default IP address
< deprecated fs warn
< details
< dh
@@ -490,18 +511,32 @@
< incoming firewall access
< incoming overhead in bytes per second
< integrity
< interface mode
< invalid input for dpd delay
< invalid input for dpd timeout
< invalid input for inactivity timeout
< invalid input for interface address
< invalid input for interface mode
< invalid input for interface mtu
< invalid input for local ip address
< invalid input for mode
< invalid input for valid till days
< invalid ip or hostname
< invalid logserver protocol
< ipsec
< ipsec connection
< ipsec interface mode gre
< ipsec interface mode none
< ipsec interface mode vti
< ipsec mode transport
< ipsec mode tunnel
< ipsec network
< ipsec no connections
< ipsec settings
< last
< least preferred
< lifetime
< local ip address
< log server protocol
< mac filter
< masquerade blue
@@ -531,6 +566,7 @@
< modem status
< monitor interface
< most preferred
< mtu
< MTU settings
< nameserver
< never
@@ -632,6 +668,7 @@
< ssh no active logins
< ssh username
< static routes
< subnet mask
< support donation
< system has hwrng
< system has rdrand
@@ -696,6 +733,7 @@
< tor traffic limit soft
< tor traffic read written
< tor use exit nodes
< transport mode does not support vti
< twelve hours
< two weeks
< udp less overhead
@@ -782,8 +820,27 @@
############################################################################
# Checking cgi-bin translations for language: fr #
############################################################################
< cryptographic settings
< default IP address
< dnsforward forward_servers
< interface mode
< invalid input for interface address
< invalid input for interface mode
< invalid input for interface mtu
< invalid input for local ip address
< invalid input for mode
< invalid ip or hostname
< ipsec connection
< ipsec interface mode gre
< ipsec interface mode none
< ipsec interface mode vti
< ipsec mode transport
< ipsec mode tunnel
< ipsec settings
< local ip address
< mtu
< subnet mask
< transport mode does not support vti
############################################################################
# Checking cgi-bin translations for language: it #
############################################################################
@@ -853,7 +910,9 @@
< Captive wrong ext
< check all
< crypto error
< cryptographic settings
< crypto warning
< default IP address
< dhcp dns enable update
< dhcp dns key name
< dhcp dns update
@@ -918,10 +977,24 @@
< guardian
< incoming compression in bytes per second
< incoming overhead in bytes per second
< interface mode
< invalid input for inactivity timeout
< invalid input for interface address
< invalid input for interface mode
< invalid input for interface mtu
< invalid input for local ip address
< invalid input for mode
< invalid input for valid till days
< invalid ip or hostname
< invalid logserver protocol
< ipsec connection
< ipsec interface mode gre
< ipsec interface mode none
< ipsec interface mode vti
< ipsec mode transport
< ipsec mode tunnel
< ipsec settings
< local ip address
< log server protocol
< masquerade blue
< masquerade green
@@ -930,6 +1003,7 @@
< masquerading disabled
< masquerading enabled
< messages
< mtu
< MTU settings
< none
< Number of Countries for the pie chart
@@ -955,9 +1029,11 @@
< ssh login time
< ssh no active logins
< ssh username
< subnet mask
< tcp more reliable
< ten minutes
< thirty minutes
< transport mode does not support vti
< twelve hours
< two weeks
< udp less overhead
@@ -1070,8 +1146,10 @@
< Captive wrong ext
< check all
< crypto error
< cryptographic settings
< crypto warning
< default
< default IP address
< dh
< dhcp dns enable update
< dhcp dns key name
@@ -1154,10 +1232,24 @@
< imsi
< incoming compression in bytes per second
< incoming overhead in bytes per second
< interface mode
< invalid input for inactivity timeout
< invalid input for interface address
< invalid input for interface mode
< invalid input for interface mtu
< invalid input for local ip address
< invalid input for mode
< invalid input for valid till days
< invalid ip or hostname
< invalid logserver protocol
< ipsec connection
< ipsec interface mode gre
< ipsec interface mode none
< ipsec interface mode vti
< ipsec mode transport
< ipsec mode tunnel
< ipsec settings
< local ip address
< log server protocol
< masquerade blue
< masquerade green
@@ -1180,6 +1272,7 @@
< modem sim information
< modem status
< monitor interface
< mtu
< MTU settings
< nameserver
< never
@@ -1223,11 +1316,13 @@
< ssh login time
< ssh no active logins
< ssh username
< subnet mask
< ta key
< tcp more reliable
< ten minutes
< teovpn_fragment
< thirty minutes
< transport mode does not support vti
< twelve hours
< two weeks
< udp less overhead
@@ -1403,10 +1498,12 @@
< countrycode
< country codes and flags
< crypto error
< cryptographic settings
< crypto warning
< dead peer detection
< default
< default ip
< default IP address
< deprecated fs warn
< details
< dh
@@ -1709,18 +1806,32 @@
< incoming firewall access
< incoming overhead in bytes per second
< integrity
< interface mode
< invalid input for dpd delay
< invalid input for dpd timeout
< invalid input for inactivity timeout
< invalid input for interface address
< invalid input for interface mode
< invalid input for interface mtu
< invalid input for local ip address
< invalid input for mode
< invalid input for valid till days
< invalid ip or hostname
< invalid logserver protocol
< ipsec
< ipsec connection
< ipsec interface mode gre
< ipsec interface mode none
< ipsec interface mode vti
< ipsec mode transport
< ipsec mode tunnel
< ipsec network
< ipsec no connections
< ipsec settings
< last
< least preferred
< lifetime
< local ip address
< log server protocol
< mac filter
< masquerade blue
@@ -1750,6 +1861,7 @@
< modem status
< monitor interface
< most preferred
< mtu
< MTU settings
< nameserver
< never
@@ -1836,6 +1948,7 @@
< ssh no active logins
< ssh username
< static routes
< subnet mask
< support donation
< system has hwrng
< system has rdrand
@@ -1899,6 +2012,7 @@
< tor traffic limit soft
< tor traffic read written
< tor use exit nodes
< transport mode does not support vti
< twelve hours
< two weeks
< udp less overhead
@@ -2116,11 +2230,13 @@
< countrycode
< country codes and flags
< crypto error
< cryptographic settings
< crypto warning
< day-graph
< dead peer detection
< default
< default ip
< default IP address
< deprecated fs warn
< details
< dh
@@ -2428,18 +2544,32 @@
< incoming overhead in bytes per second
< incoming traffic in bytes per second
< integrity
< interface mode
< invalid input for dpd delay
< invalid input for dpd timeout
< invalid input for inactivity timeout
< invalid input for interface address
< invalid input for interface mode
< invalid input for interface mtu
< invalid input for local ip address
< invalid input for mode
< invalid input for valid till days
< invalid ip or hostname
< invalid logserver protocol
< ipsec
< ipsec connection
< ipsec interface mode gre
< ipsec interface mode none
< ipsec interface mode vti
< ipsec mode transport
< ipsec mode tunnel
< ipsec network
< ipsec no connections
< ipsec settings
< last
< least preferred
< lifetime
< local ip address
< log server protocol
< mac filter
< masquerade blue
@@ -2470,6 +2600,7 @@
< monitor interface
< month-graph
< most preferred
< mtu
< MTU settings
< nameserver
< never
@@ -2553,6 +2684,7 @@
< ssh no active logins
< ssh username
< static routes
< subnet mask
< support donation
< system has hwrng
< system has rdrand
@@ -2616,6 +2748,7 @@
< tor traffic limit soft
< tor traffic read written
< tor use exit nodes
< transport mode does not support vti
< twelve hours
< two weeks
< udp less overhead
@@ -2705,10 +2838,27 @@
# Checking cgi-bin translations for language: tr #
############################################################################
< crypto error
< cryptographic settings
< crypto warning
< default IP address
< dnsforward forward_servers
< fwdfw all subnets
< interface mode
< invalid input for interface address
< invalid input for interface mode
< invalid input for interface mtu
< invalid input for local ip address
< invalid input for mode
< invalid ip or hostname
< ipsec connection
< ipsec interface mode gre
< ipsec interface mode none
< ipsec interface mode vti
< ipsec mode transport
< ipsec mode tunnel
< ipsec settings
< local ip address
< mtu
< ovpn error dh
< ovpn error md5
< ovpn warning rfc3280
@@ -2716,6 +2866,8 @@
< ssh login time
< ssh no active logins
< ssh username
< subnet mask
< transport mode does not support vti
< vpn start action add
< vpn wait
< wlanap neighbor scan

3
html/cgi-bin/index.cgi
View File

@@ -367,13 +367,12 @@ END
}
#check if IPSEC is running
if ( $vpnsettings{'ENABLED'} eq 'on' || $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {
my $ipsecip = $vpnsettings{'VPN_IP'};
print<<END;
<tr>
<td style='width:25%; text-align:center; background-color:$Header::colourvpn;'>
<a href='/cgi-bin/vpnmain.cgi' style='color:white'><b>$Lang::tr{'ipsec'}</b></a>
</td>
<td style='width:30%; text-align:center;'>$ipsecip</td>
<td style='width:30%; text-align:center;'></td>
<td style='width:45%; text-align:center; color:$Header::colourgreen;'>Online</td>
</tr>
END

26
html/cgi-bin/netovpnsrv.cgi
View File

@@ -35,8 +35,20 @@ my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
my %vpnsettings = ();
&General::readhasharray("${General::swroot}/vpn/config", \%vpnsettings);
my @vpns=();
# Make list of all IPsec graphs
my %ipsecgraphs = ();
foreach my $key (sort {$vpnsettings{$a}[1] <=> $vpnsettings{$b}[1]} keys %vpnsettings) {
my $interface_mode = $vpnsettings{$key}[36];
next unless ($interface_mode);
$ipsecgraphs{$vpnsettings{$key}[1]} = "${interface_mode}${key}";
}
my @querry = split(/\?/,$ENV{'QUERY_STRING'});
$querry[0] = '' unless defined $querry[0];
$querry[1] = 'week' unless defined $querry[1];
@@ -44,7 +56,11 @@ $querry[1] = 'week' unless defined $querry[1];
if ( $querry[0] ne ""){
print "Content-type: image/png\n\n";
binmode(STDOUT);
&Graphs::updatevpnn2ngraph($querry[0],$querry[1]);
if (grep { $_ eq $querry[0] } values %ipsecgraphs) {
&Graphs::updateifgraph($querry[0],$querry[1]);
} else {
&Graphs::updatevpnn2ngraph($querry[0],$querry[1]);
}
}else{
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'vpn statistic n2n'}, 1, '');
@@ -56,7 +72,13 @@ if ( $querry[0] ne ""){
push(@vpns,$2);
}
}
if (@vpns){
if (@vpns || %ipsecgraphs) {
foreach my $name (sort keys %ipsecgraphs) {
&Header::openbox('100%', 'center', "$Lang::tr{'ipsec connection'}: $name");
&Graphs::makegraphbox("netovpnsrv.cgi", $ipsecgraphs{$name}, "day");
&Header::closebox();
}
foreach (@vpns) {
&Header::openbox('100%', 'center', "$_ $Lang::tr{'graph'}");
&Graphs::makegraphbox("netovpnsrv.cgi",$_, "day");

308
html/cgi-bin/vpnmain.cgi
View File

@@ -69,6 +69,10 @@ my %INACTIVITY_TIMEOUTS = (
0 => "- $Lang::tr{'unlimited'} -",
);
# Load aliases
my %aliases;
&General::get_aliases(\%aliases);
my $col="";
$cgiparams{'ENABLED'} = 'off';
@@ -81,6 +85,7 @@ $cgiparams{'ADVANCED'} = '';
$cgiparams{'NAME'} = '';
$cgiparams{'LOCAL_SUBNET'} = '';
$cgiparams{'REMOTE_SUBNET'} = '';
$cgiparams{'LOCAL'} = '';
$cgiparams{'REMOTE'} = '';
$cgiparams{'LOCAL_ID'} = '';
$cgiparams{'REMOTE_ID'} = '';
@@ -109,8 +114,12 @@ $cgiparams{'RW_NET'} = '';
$cgiparams{'DPD_DELAY'} = '30';
$cgiparams{'DPD_TIMEOUT'} = '120';
$cgiparams{'FORCE_MOBIKE'} = 'off';
$cgiparams{'START_ACTION'} = 'start';
$cgiparams{'INACTIVITY_TIMEOUT'} = 900;
$cgiparams{'START_ACTION'} = 'route';
$cgiparams{'INACTIVITY_TIMEOUT'} = 1800;
$cgiparams{'MODE'} = "tunnel";
$cgiparams{'INTERFACE_MODE'} = "";
$cgiparams{'INTERFACE_ADDRESS'} = "";
$cgiparams{'INTERFACE_MTU'} = 1500;
&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
###
@@ -280,26 +289,43 @@ sub writeipsecfiles {
#remote peer is not set? => use '%any'
$lconfighash{$key}[10] = '%any' if ($lconfighash{$key}[10] eq '');
my $localside;
if ($lconfighash{$key}[26] eq 'BLUE') {
$localside = $netsettings{'BLUE_ADDRESS'};
} elsif ($lconfighash{$key}[26] eq 'GREEN') {
$localside = $netsettings{'GREEN_ADDRESS'};
} elsif ($lconfighash{$key}[26] eq 'ORANGE') {
$localside = $netsettings{'ORANGE_ADDRESS'};
} else { # it is RED
$localside = $lvpnsettings{'VPN_IP'};
# Field 6 might be "off" on old installations
if ($lconfighash{$key}[6] eq "off") {
$lconfighash{$key}[6] = $lvpnsettings{"VPN_IP"};
}
my $localside;
if ($lconfighash{$key}[6]) {
$localside = $lconfighash{$key}[6];
} else {
$localside = "%defaultroute";
}
my $interface_mode = $lconfighash{$key}[36];
print CONF "conn $lconfighash{$key}[1]\n";
print CONF "\tleft=$localside\n";
print CONF "\tleftsubnet=" . &make_subnets($lconfighash{$key}[8]) . "\n";
if ($interface_mode eq "gre") {
print CONF "\tleftprotoport=gre\n";
} elsif ($interface_mode eq "vti") {
print CONF "\tleftsubnet=0.0.0.0/0\n";
} else {
print CONF "\tleftsubnet=" . &make_subnets("left", $lconfighash{$key}[8]) . "\n";
}
print CONF "\tleftfirewall=yes\n";
print CONF "\tlefthostaccess=yes\n";
print CONF "\tright=$lconfighash{$key}[10]\n";
if ($lconfighash{$key}[3] eq 'net') {
print CONF "\trightsubnet=" . &make_subnets($lconfighash{$key}[11]) . "\n";
if ($interface_mode eq "gre") {
print CONF "\trightprotoport=gre\n";
} elsif ($interface_mode eq "vti") {
print CONF "\trightsubnet=0.0.0.0/0\n";
} else {
print CONF "\trightsubnet=" . &make_subnets("right", $lconfighash{$key}[11]) . "\n";
}
}
# Local Cert and Remote Cert (unless auth is DN dn-auth)
@@ -312,6 +338,18 @@ sub writeipsecfiles {
print CONF "\tleftid=\"$lconfighash{$key}[7]\"\n" if ($lconfighash{$key}[7]);
print CONF "\trightid=\"$lconfighash{$key}[9]\"\n" if ($lconfighash{$key}[9]);
# Set mode
if ($lconfighash{$key}[35] eq "transport") {
print CONF "\ttype=transport\n";
} else {
print CONF "\ttype=tunnel\n";
}
# Add mark for VTI
if ($interface_mode eq "vti") {
print CONF "\tmark=$key\n";
}
# Is PFS enabled?
my $pfs = $lconfighash{$key}[28] eq 'on' ? 'on' : 'off';
@@ -467,25 +505,12 @@ if ($ENV{"REMOTE_ADDR"} eq "") {
if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
&General::readhash("${General::swroot}/vpn/settings", \%vpnsettings);
unless (&General::validfqdn($cgiparams{'VPN_IP'}) || &General::validip($cgiparams{'VPN_IP'})
|| $cgiparams{'VPN_IP'} eq '%defaultroute' ) {
$errormessage = $Lang::tr{'invalid input for hostname'};
goto SAVE_ERROR;
}
unless ($cgiparams{'VPN_DELAYED_START'} =~ /^[0-9]{1,3}$/ ) { #allow 0-999 seconds !
$errormessage = $Lang::tr{'invalid time period'};
goto SAVE_ERROR;
}
if ( $cgiparams{'RW_NET'} ne '' and !&General::validipandmask($cgiparams{'RW_NET'}) ) {
$errormessage = $Lang::tr{'urlfilter invalid ip or mask error'};
goto SAVE_ERROR;
}
$vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
$vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
$vpnsettings{'VPN_DELAYED_START'} = $cgiparams{'VPN_DELAYED_START'};
$vpnsettings{'RW_NET'} = $cgiparams{'RW_NET'};
&General::writehash("${General::swroot}/vpn/settings", \%vpnsettings);
&writeipsecfiles();
@@ -1287,7 +1312,7 @@ END
$cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
$cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
$cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
#$cgiparams{'free'} = $confighash{$cgiparams{'KEY'}}[6];
$cgiparams{'LOCAL'} = $confighash{$cgiparams{'KEY'}}[6];
$cgiparams{'LOCAL_ID'} = $confighash{$cgiparams{'KEY'}}[7];
my @local_subnets = split(",", $confighash{$cgiparams{'KEY'}}[8]);
$cgiparams{'LOCAL_SUBNET'} = join(/\|/, @local_subnets);
@@ -1316,6 +1341,10 @@ END
$cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31];
$cgiparams{'FORCE_MOBIKE'} = $confighash{$cgiparams{'KEY'}}[32];
$cgiparams{'INACTIVITY_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[34];
$cgiparams{'MODE'} = $confighash{$cgiparams{'KEY'}}[35];
$cgiparams{'INTERFACE_MODE'} = $confighash{$cgiparams{'KEY'}}[36];
$cgiparams{'INTERFACE_ADDRESS'} = $confighash{$cgiparams{'KEY'}}[37];
$cgiparams{'INTERFACE_MTU'} = $confighash{$cgiparams{'KEY'}}[38];
if (!$cgiparams{'DPD_DELAY'}) {
$cgiparams{'DPD_DELAY'} = 30;
@@ -1329,6 +1358,10 @@ END
$cgiparams{'INACTIVITY_TIMEOUT'} = 900;
}
if ($cgiparams{'MODE'} eq "") {
$cgiparams{'MODE'} = "tunnel";
}
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
@@ -1366,6 +1399,13 @@ END
goto VPNCONF_ERROR;
}
if ($cgiparams{'LOCAL'}) {
if (($cgiparams{'LOCAL'} ne "") && (!&General::validip($cgiparams{'LOCAL'}))) {
$errormessage = $Lang::tr{'invalid input for local ip address'};
goto VPNCONF_ERROR;
}
}
if ($cgiparams{'REMOTE'}) {
if (($cgiparams{'REMOTE'} ne '%any') && (! &General::validip($cgiparams{'REMOTE'}))) {
if (! &General::validfqdn ($cgiparams{'REMOTE'})) {
@@ -1407,6 +1447,31 @@ END
goto VPNCONF_ERROR;
}
}
if ($cgiparams{'MODE'} !~ /^(tunnel|transport)$/) {
$errormessage = $Lang::tr{'invalid input for mode'};
goto VPNCONF_ERROR;
}
if ($cgiparams{'INTERFACE_MODE'} !~ /^(|gre|vti)$/) {
$errormessage = $Lang::tr{'invalid input for interface mode'};
goto VPNCONF_ERROR;
}
if (($cgiparams{'INTERFACE_MODE'} eq "vti") && ($cgiparams{'MODE'} eq "transport")) {
$errormessage = $Lang::tr{'transport mode does not support vti'};
goto VPNCONF_ERROR;
}
if (($cgiparams{'INTERFACE_MODE'} ne "") && !&Network::check_subnet($cgiparams{'INTERFACE_ADDRESS'})) {
$errormessage = $Lang::tr{'invalid input for interface address'};
goto VPNCONF_ERROR;
}
if ($cgiparams{'INTERFACE_MTU'} !~ /^\d+$/) {
$errormessage = $Lang::tr{'invalid input for interface mtu'};
goto VPNCONF_ERROR;
}
}
if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
@@ -1811,7 +1876,7 @@ END
my $key = $cgiparams{'KEY'};
if (! $key) {
$key = &General::findhasharraykey (\%confighash);
foreach my $i (0 .. 34) { $confighash{$key}[$i] = "";}
foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";}
}
$confighash{$key}[0] = $cgiparams{'ENABLED'};
$confighash{$key}[1] = $cgiparams{'NAME'};
@@ -1829,6 +1894,7 @@ END
my @remote_subnets = split(",", $cgiparams{'REMOTE_SUBNET'});
$confighash{$key}[11] = join('|', @remote_subnets);
}
$confighash{$key}[6] = $cgiparams{'LOCAL'};
$confighash{$key}[7] = $cgiparams{'LOCAL_ID'};
my @local_subnets = split(",", $cgiparams{'LOCAL_SUBNET'});
$confighash{$key}[8] = join('|', @local_subnets);
@@ -1856,9 +1922,12 @@ END
$confighash{$key}[31] = $cgiparams{'DPD_DELAY'};
$confighash{$key}[32] = $cgiparams{'FORCE_MOBIKE'};
$confighash{$key}[34] = $cgiparams{'INACTIVITY_TIMEOUT'};
$confighash{$key}[35] = $cgiparams{'MODE'};
$confighash{$key}[36] = $cgiparams{'INTERFACE_MODE'};
$confighash{$key}[37] = $cgiparams{'INTERFACE_ADDRESS'};
$confighash{$key}[38] = $cgiparams{'INTERFACE_MTU'};
# free unused fields!
$confighash{$key}[6] = 'off';
$confighash{$key}[15] = 'off';
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
@@ -1881,7 +1950,12 @@ END
} else {
$cgiparams{'AUTH'} = 'certgen';
}
$cgiparams{'LOCAL_SUBNET'} = "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
if ($netsettings{"GREEN_NETADDRESS"} && $netsettings{"GREEN_NETMASK"}) {
$cgiparams{"LOCAL_SUBNET"} = $netsettings{'GREEN_NETADDRESS'} . "/" . $netsettings{'GREEN_NETMASK'};
} else {
$cgiparams{"LOCAL_SUBNET"} = "";
}
$cgiparams{'CERT_EMAIL'} = $vpnsettings{'ROOTCERT_EMAIL'};
$cgiparams{'CERT_OU'} = $vpnsettings{'ROOTCERT_OU'};
$cgiparams{'CERT_ORGANIZATION'} = $vpnsettings{'ROOTCERT_ORGANIZATION'};
@@ -1930,6 +2004,10 @@ END
$cgiparams{'ONLY_PROPOSED'} = 'on'; #[24];
$cgiparams{'PFS'} = 'on'; #[28];
$cgiparams{'INACTIVITY_TIMEOUT'} = 900;
$cgiparams{'MODE'} = "tunnel";
$cgiparams{'INTERFACE_MODE'} = "";
$cgiparams{'INTERFACE_ADDRESS'} = "";
$cgiparams{'INTERFACE_MTU'} = 1500;
}
VPNCONF_ERROR:
@@ -1949,6 +2027,23 @@ VPNCONF_ERROR:
$checked{'AUTH'}{'auth-dn'} = '';
$checked{'AUTH'}{$cgiparams{'AUTH'}} = "checked='checked'";
$selected{'MODE'}{'tunnel'} = '';
$selected{'MODE'}{'transport'} = '';
$selected{'MODE'}{$cgiparams{'MODE'}} = "selected='selected'";
$selected{'INTERFACE_MODE'}{''} = '';
$selected{'INTERFACE_MODE'}{'gre'} = '';
$selected{'INTERFACE_MODE'}{'vti'} = '';
$selected{'INTERFACE_MODE'}{$cgiparams{'INTERFACE_MODE'}} = "selected='selected'";
$selected{'LOCAL'}{''} = '';
foreach my $alias (sort keys %aliases) {
my $address = $aliases{$alias}{'IPT'};
$selected{'LOCAL'}{$address} = '';
}
$selected{'LOCAL'}{$cgiparams{'LOCAL'}} = "selected='selected'";
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'ipsec'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
@@ -1985,6 +2080,7 @@ VPNCONF_ERROR:
<input type='hidden' name='DPD_DELAY' value='$cgiparams{'DPD_DELAY'}' />
<input type='hidden' name='DPD_TIMEOUT' value='$cgiparams{'DPD_TIMEOUT'}' />
<input type='hidden' name='FORCE_MOBIKE' value='$cgiparams{'FORCE_MOBIKE'}' />
<input type='hidden' name='INACTIVITY_TIMEOUT' value='$cgiparams{'INACTIVITY_TIMEOUT'}' />
END
;
if ($cgiparams{'KEY'}) {
@@ -2021,25 +2117,44 @@ EOF
my @remote_subnets = split(/\|/, $cgiparams{'REMOTE_SUBNET'});
my $remote_subnets = join(",", @remote_subnets);
print <<END
print <<END;
<tr>
<td width='20%'>$Lang::tr{'enabled'}</td>
<td width='30%'>
<input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} />
</td>
<td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'local subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
<td width='30%'>
<input type='text' name='LOCAL_SUBNET' value='$local_subnets' />
</td>
<td colspan="2"></td>
</tr>
<tr>
<td class='boldbase' width='20%'>$Lang::tr{'local ip address'}:</td>
<td width='30%'>
<select name="LOCAL">
<option value="" $selected{'LOCAL'}{''}>- $Lang::tr{'default IP address'} -</option>
END
foreach my $alias (sort keys %aliases) {
my $address = $aliases{$alias}{'IPT'};
print <<END;
<option value="$address" $selected{'LOCAL'}{$address}>$alias ($address)</option>
END
}
print <<END;
</select>
</td>
<td class='boldbase' width='20%'>$Lang::tr{'remote host/ip'}:&nbsp;$blob</td>
<td width='30%'>
<input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size="25" />
</td>
</tr>
<tr>
<td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'local subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
<td width='30%'>
<input type='text' name='LOCAL_SUBNET' value='$local_subnets' size="25" />
</td>
<td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'remote subnet'}&nbsp;$blob</td>
<td width='30%'>
<input $disabled type='text' name='REMOTE_SUBNET' value='$remote_subnets' />
<input $disabled type='text' name='REMOTE_SUBNET' value='$remote_subnets' size="25" />
</td>
</tr>
<tr>
@@ -2067,6 +2182,51 @@ END
print "</table>";
&Header::closebox();
if ($cgiparams{'TYPE'} eq 'net') {
&Header::openbox('100%', 'left', $Lang::tr{'ipsec settings'});
print <<EOF;
<table width='100%'>
<tbody>
<tr>
<td class='boldbase' width='20%'>$Lang::tr{'mode'}:</td>
<td width='30%'>
<select name='MODE'>
<option value='tunnel' $selected{'MODE'}{'tunnel'}>$Lang::tr{'ipsec mode tunnel'}</option>
<option value='transport' $selected{'MODE'}{'transport'}>$Lang::tr{'ipsec mode transport'}</option>
</select>
</td>
<td colspan='2'></td>
</tr>
<tr>
<td class='boldbase' width='20%'>$Lang::tr{'interface mode'}:</td>
<td width='30%'>
<select name='INTERFACE_MODE'>
<option value='' $selected{'INTERFACE_MODE'}{''}>$Lang::tr{'ipsec interface mode none'}</option>
<option value='gre' $selected{'INTERFACE_MODE'}{'gre'}>$Lang::tr{'ipsec interface mode gre'}</option>
<option value='vti' $selected{'INTERFACE_MODE'}{'vti'}>$Lang::tr{'ipsec interface mode vti'}</option>
</select>
</td>
<td class='boldbase' width='20%'>$Lang::tr{'ip address'}/$Lang::tr{'subnet mask'}:</td>
<td width='30%'>
<input type="text" name="INTERFACE_ADDRESS" value="$cgiparams{'INTERFACE_ADDRESS'}">
</td>
</tr>
<tr>
<td class='boldbase' width='20%'>$Lang::tr{'mtu'}:</td>
<td width='30%'>
<input type="number" name="INTERFACE_MTU" value="$cgiparams{'INTERFACE_MTU'}" min="576" max="9000">
</td>
<td colspan='2'></td>
</tr>
</tbody>
</table>
EOF
&Header::closebox();
}
if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') {
&Header::openbox('100%', 'left', $Lang::tr{'authentication'});
print <<END
@@ -2327,6 +2487,10 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$cgiparams{'FORCE_MOBIKE'} = $confighash{$cgiparams{'KEY'}}[32];
$cgiparams{'START_ACTION'} = $confighash{$cgiparams{'KEY'}}[33];
$cgiparams{'INACTIVITY_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[34];
$cgiparams{'MODE'} = $confighash{$cgiparams{'KEY'}}[35];
$cgiparams{'INTERFACE_MODE'} = $confighash{$cgiparams{'KEY'}}[36];
$cgiparams{'INTERFACE_ADDRESS'} = $confighash{$cgiparams{'KEY'}}[37];
$cgiparams{'INTERFACE_MTU'} = $confighash{$cgiparams{'KEY'}}[38];
if (!$cgiparams{'DPD_DELAY'}) {
$cgiparams{'DPD_DELAY'} = 30;
@@ -2343,6 +2507,10 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
if ($cgiparams{'INACTIVITY_TIMEOUT'} eq "") {
$cgiparams{'INACTIVITY_TIMEOUT'} = 900; # 15 min
}
if ($cgiparams{'MODE'} eq "") {
$cgiparams{'MODE'} = "tunnel";
}
}
ADVANCED_ERROR:
@@ -2739,22 +2907,6 @@ EOF
my @status = `/usr/local/bin/ipsecctrl I 2>/dev/null`;
# suggest a default name for this side
if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
my $ipaddr = <IPADDR>;
close IPADDR;
chomp ($ipaddr);
$cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
if ($cgiparams{'VPN_IP'} eq '') {
$cgiparams{'VPN_IP'} = $ipaddr;
}
}
}
# no IP found, use %defaultroute
$cgiparams{'VPN_IP'} ='%defaultroute' if ($cgiparams{'VPN_IP'} eq '');
$cgiparams{'VPN_DELAYED_START'} = 0 if (! defined ($cgiparams{'VPN_DELAYED_START'}));
$checked{'ENABLED'} = $cgiparams{'ENABLED'} eq 'on' ? "checked='checked'" : '';
&Header::showhttpheaders();
@@ -2782,35 +2934,21 @@ EOF
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
<tr>
<td width='20%' class='base' nowrap='nowrap'>$Lang::tr{'vpn red name'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
<td width='20%'><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' /></td>
<td width='20%' class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'} /></td>
</tr>
END
;
print <<END
<tr>
<td class='base' nowrap='nowrap'>$Lang::tr{'vpn delayed start'}:&nbsp;<img src='/blob.gif' alt='*' /><img src='/blob.gif' alt='*' /></td>
<td ><input type='text' name='VPN_DELAYED_START' value='$cgiparams{'VPN_DELAYED_START'}' /></td>
</tr>
<tr>
<td class='base' nowrap='nowrap'>$Lang::tr{'host to net vpn'}:</td>
<td ><input type='text' name='RW_NET' value='$cgiparams{'RW_NET'}' /></td>
</tr>
</table>
<br>
<hr />
<table width='100%'>
<tr>
<td class='base' valign='top'><img src='/blob.gif' alt='*' /></td>
<td width='70%' class='base' valign='top'>$Lang::tr{'required field'}</td><td width='30%' align='right' class='base'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
</tr>
<tr>
<td class='base' valign='top' nowrap='nowrap'><img src='/blob.gif' alt='*' /><img src='/blob.gif' alt='*' />&nbsp;</td>
<td class='base'> <font class='base'>$Lang::tr{'vpn delayed start help'}</font></td>
<td></td>
</tr>
<tr>
<td width='60%' class='base'>
$Lang::tr{'enabled'}
</td>
<td width="40%">
<input type='checkbox' name='ENABLED' $checked{'ENABLED'} />
</td>
</tr>
<tr>
<td class='base' nowrap='nowrap' width="60%">$Lang::tr{'host to net vpn'}:</td>
<td width="40%"><input type='text' name='RW_NET' value='$cgiparams{'RW_NET'}' /></td>
</tr>
<tr>
<td width='100%' colspan="2" align='right' class='base'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
</tr>
</table>
END
;
@@ -3212,13 +3350,19 @@ sub make_algos($$$$$) {
return &array_unique(\@algos);
}
sub make_subnets($) {
sub make_subnets($$) {
my $direction = shift;
my $subnets = shift;
my @nets = split(/\|/, $subnets);
my @cidr_nets = ();
foreach my $net (@nets) {
my $cidr_net = &General::ipcidr($net);
# Skip 0.0.0.0/0 for remote because this renders the
# while system inaccessible
next if (($direction eq "right") && ($cidr_net eq "0.0.0.0/0"));
push(@cidr_nets, $cidr_net);
}

4
langs/de/cgi-bin/de.pl
View File

@@ -2717,8 +2717,8 @@
'vpn start action add' => 'Auf Verbindungseingang warten',
'vpn start action route' => 'Bei Bedarf',
'vpn start action start' => 'Immer An',
'vpn statistic n2n' => 'OpenVPN-Netz-zu-Netz-Statistik',
'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik',
'vpn statistic n2n' => 'VPN: Netz-zu-Netz-Statistik',
'vpn statistic rw' => 'VPN: Roadwarrior-Statistik',
'vpn subjectaltname' => 'Subjekt Alternativer Name',
'vpn wait' => 'WARTE',
'vpn watch' => 'Netz-zu-Netz VPN neu starten, wenn sich Remote-IP ändert (DynDNS).',

23
langs/en/cgi-bin/en.pl
View File

@@ -684,6 +684,7 @@
'cron server' => 'CRON Server',
'crypto error' => 'Cryptographic error',
'crypto warning' => 'Cryptographic warning',
'cryptographic settings' => 'Cryptographic Settings',
'current' => 'Current',
'current aliases' => 'Current aliases',
'current class' => 'Current class',
@@ -725,6 +726,7 @@
'deep scan directories' => 'Scan recursive',
'def lease time' => 'Default Lease Time',
'default' => 'Default',
'default IP address' => 'Default IP Address',
'default ip' => 'Default IP address',
'default lease time' => 'Default lease time (mins):',
'default networks' => 'Default networks',
@@ -1392,6 +1394,7 @@
'instant update' => 'Instant Update',
'integrity' => 'Integrity:',
'interface' => 'Interface',
'interface mode' => 'Interface',
'interfaces' => 'Interfaces',
'internet' => 'INTERNET',
'intrusion detection' => 'Intrusion Detection',
@@ -1425,10 +1428,15 @@
'invalid input for hostname' => 'Invalid input for hostname.',
'invalid input for ike lifetime' => 'Invalid input for IKE lifetime',
'invalid input for inactivity timeout' => 'Invalid input for Inactivity Timeout',
'invalid input for interface address' => 'Invalid input for interface address',
'invalid input for interface mode' => 'Invalid input for interface mode',
'invalid input for interface mtu' => 'Invalid input to interface MTU',
'invalid input for keepalive 1' => 'Invalid input for Keepalive ping',
'invalid input for keepalive 1:2' => 'Invalid input for Keepalive use at least a ratio of 1:2',
'invalid input for keepalive 2' => 'Invalid input for Keepalive ping-restart',
'invalid input for local ip address' => 'Invalid input for local IP address',
'invalid input for max clients' => 'Invalid input for Max Clients',
'invalid input for mode' => 'Invalid input for mode',
'invalid input for name' => 'Invalid input for user\'s full name or system hostname',
'invalid input for oink code' => 'Invalid input for Oink code',
'invalid input for organization' => 'Invalid input for organization',
@@ -1481,8 +1489,15 @@
'ipfires hostname' => 'IPFire\'s Hostname',
'ipinfo' => 'IP info',
'ipsec' => 'IPsec',
'ipsec connection' => 'IPsec Connection',
'ipsec interface mode gre' => 'GRE',
'ipsec interface mode none' => '- None (Default) -',
'ipsec interface mode vti' => 'VTI',
'ipsec mode transport' => 'Transport',
'ipsec mode tunnel' => 'Tunnel',
'ipsec network' => 'IPsec network',
'ipsec no connections' => 'No active IPsec connections',
'ipsec settings' => 'IPsec Settings',
'iptable rules' => 'IPTable rules',
'iptmangles' => 'IPTable Mangles',
'iptnats' => 'IPTable Network Address Translation',
@@ -1518,6 +1533,7 @@
'load printer' => 'Load Printer',
'loaded modules' => 'Loaded modules:',
'local hard disk' => 'Hard disk',
'local ip address' => 'Local IP Address',
'local master' => 'Local Master',
'local ntp server specified but not enabled' => 'Local NTP server specified but not enabled',
'local subnet' => 'Local subnet:',
@@ -1684,6 +1700,7 @@
'mpfire search' => 'MPFire Search',
'mpfire songs' => 'MPFire songlist',
'mpfire webradio' => 'MPFire Webradio',
'mtu' => 'MTU',
'mtu QoS' => 'This does not change the global MTU, it only sets MTU for QoS.',
'my new share' => 'My new share',
'name' => 'Name',
@@ -2239,6 +2256,7 @@
'subject warn' => 'Warning - warnlevel reached',
'subnet' => 'Subnet',
'subnet is invalid' => 'Netmask is invalid',
'subnet mask' => 'Subnet Mask',
'subscripted user rules' => 'Sourcefire VRT rules with subscription',
'successfully refreshed updates list' => 'Successfully refreshed updates list.',
'summaries kept' => 'Keep summaries for',
@@ -2371,6 +2389,7 @@
'trafficto' => 'To',
'transfer limits' => 'Transfer limits',
'transparent on' => 'Transparent on',
'transport mode does not support vti' => 'VTI is not support in transport mode',
'tripwire' => 'Tripwire',
'tripwire cronjob' => 'tripwire cronjob',
'tripwire functions' => 'tripwire functions',
@@ -2762,8 +2781,8 @@
'vpn start action add' => 'Wait for connection initiation',
'vpn start action route' => 'On Demand',
'vpn start action start' => 'Always On',
'vpn statistic n2n' => 'OpenVPN Net-to-Net Statistics',
'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics',
'vpn statistic n2n' => 'VPN: Net-to-Net Statistics',
'vpn statistic rw' => 'VPN: Roadwarrior Statistics',
'vpn subjectaltname' => 'Subject Alt Name',
'vpn wait' => 'WAITING',
'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).',

4
langs/fr/cgi-bin/fr.pl
View File

@@ -2761,8 +2761,8 @@
'vpn start action add' => 'Attendre l\'initialisation de la connexion',
'vpn start action route' => 'A la demande',
'vpn start action start' => 'Toujours démarré',
'vpn statistic n2n' => 'Stats OpenVPN (site-à-site)',
'vpn statistic rw' => 'Stats OpenVPN (client nomade)',
'vpn statistic n2n' => 'Stats VPN (site-à-site)',
'vpn statistic rw' => 'Stats VPN (client nomade)',
'vpn subjectaltname' => 'Subject Alt Name',
'vpn wait' => 'ATTENTE',
'vpn watch' => 'Redémarrer le VPN site-à-site si l\'IP hôte distant change (dyndns).',

4
langs/tr/cgi-bin/tr.pl
View File

@@ -2750,8 +2750,8 @@
'vpn start action' => 'Hareketi Başlat',
'vpn start action route' => 'İstek Üzerine',
'vpn start action start' => 'Her Zaman',
'vpn statistic n2n' => 'Ağdan Ağa OpenVPN İstatistiği',
'vpn statistic rw' => 'Roadwarrior OpenVPN İstatistiği',
'vpn statistic n2n' => 'Ağdan Ağa VPN İstatistiği',
'vpn statistic rw' => 'Roadwarrior VPN İstatistiği',
'vpn subjectaltname' => 'Alternatif konu adı',
'vpn watch' => 'Karşı eş IP değiştirdiğinde (dyndns) ağdan-ağa VPN bağlantısını yeniden başlat. Bu DPD ye yardımcı olur.',
'vpn weak' => 'Hafta',

1
lfs/configroot
View File

@@ -111,7 +111,6 @@ $(TARGET) :
cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices.default
# Oneliner configfiles
echo "ENABLED=off" > $(CONFIG_ROOT)/vpn/settings
echo "VPN_DELAYED_START=0" >>$(CONFIG_ROOT)/vpn/settings
echo "01" > $(CONFIG_ROOT)/certs/serial
echo "nameserver 1.2.3.4" > $(CONFIG_ROOT)/ppp/fake-resolv.conf
echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings

4
lfs/stage2
View File

@@ -115,8 +115,8 @@ endif
/usr/lib/firewall/rules.pl
install -m 644 $(DIR_SRC)/config/firewall/firewall-lib.pl \
/usr/lib/firewall/firewall-lib.pl
install -m 755 $(DIR_SRC)/config/firewall/ipsec-block \
/usr/lib/firewall/ipsec-block
install -m 755 $(DIR_SRC)/config/firewall/ipsec-policy \
/usr/lib/firewall/ipsec-policy
# Nobody user
-mkdir -p /home/nobody

1
lfs/strongswan
View File

@@ -72,6 +72,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-disable-ipv6.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-ipfire.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-ipfire-interfaces.patch
cd $(DIR_APP) && ./configure \
--prefix="/usr" \

6
src/initscripts/networking/red.up/50-ipsec
View File

@@ -1,7 +1,3 @@
#!/bin/bash
eval $(/usr/local/bin/readhash /var/ipfire/vpn/settings)
sleep $VPN_DELAYED_START && /usr/local/bin/ipsecctrl S &
exit 0
exec /usr/local/bin/ipsecctrl S

4
src/initscripts/system/firewall
View File

@@ -360,8 +360,8 @@ iptables_init() {
iptables -t nat -N REDNAT
iptables -t nat -A POSTROUTING -j REDNAT
# Populate IPsec block chain
/usr/lib/firewall/ipsec-block
# Populate IPsec chains
/usr/lib/firewall/ipsec-policy
# Apply OpenVPN firewall rules
/usr/local/bin/openvpnctrl --firewall-rules

3
src/initscripts/system/network
View File

@@ -63,6 +63,9 @@ case "${DO}" in
fi
fi
# Create IPsec interfaces
/usr/local/bin/ipsec-interfaces
/etc/rc.d/init.d/static-routes start
;;

138
src/misc-progs/ipsecctrl.c
View File

@@ -52,42 +52,6 @@ static void ipsec_reload() {
safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
}
/*
ACCEPT the ipsec protocol ah, esp & udp (for nat traversal) on the specified interface
*/
void open_physical (char *interface, int nat_traversal_port) {
char str[STRING_SIZE];
// IKE
sprintf(str, "/sbin/iptables --wait -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
safe_system(str);
sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface);
safe_system(str);
sprintf(str, "/sbin/iptables --wait -D IPSECOUTPUT -p udp -o %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
safe_system(str);
sprintf(str, "/sbin/iptables --wait -A IPSECOUTPUT -p udp -o %s --dport 500 -j ACCEPT", interface);
safe_system(str);
if (! nat_traversal_port)
return;
sprintf(str, "/sbin/iptables --wait -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port);
safe_system(str);
sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
safe_system(str);
sprintf(str, "/sbin/iptables --wait -D IPSECOUTPUT -p udp -o %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port);
safe_system(str);
sprintf(str, "/sbin/iptables --wait -A IPSECOUTPUT -p udp -o %s --dport %i -j ACCEPT", interface, nat_traversal_port);
safe_system(str);
}
void ipsec_norules() {
/* clear input rules */
safe_system("/sbin/iptables --wait -F IPSECINPUT");
safe_system("/sbin/iptables --wait -F IPSECFORWARD");
safe_system("/sbin/iptables --wait -F IPSECOUTPUT");
}
/*
return values from the vpn config file or false if not 'on'
*/
@@ -152,15 +116,18 @@ void turn_connection_on(char *name, char *type) {
"/usr/sbin/ipsec down %s >/dev/null", name);
safe_system(command);
// Reload the IPsec block chain
safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
// Reload the IPsec firewall policy
safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
// Create or destroy interfaces
safe_system("/usr/local/bin/ipsec-interfaces >/dev/null");
// Reload the configuration into the daemon (#10339).
ipsec_reload();
// Bring the connection up again.
snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec up %s >/dev/null", name);
"/usr/sbin/ipsec stroke up-nb %s >/dev/null", name);
safe_system(command);
}
@@ -182,13 +149,14 @@ void turn_connection_off (char *name) {
// Reload, so the connection is dropped.
ipsec_reload();
// Reload the IPsec block chain
safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
// Reload the IPsec firewall policy
safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
// Create or destroy interfaces
safe_system("/usr/local/bin/ipsec-interfaces >/dev/null");
}
int main(int argc, char *argv[]) {
char configtype[STRING_SIZE];
char redtype[STRING_SIZE] = "";
struct keyvalue *kv = NULL;
if (argc < 2) {
@@ -197,9 +165,8 @@ int main(int argc, char *argv[]) {
}
if (!(initsetuid()))
exit(1);
FILE *file = NULL;
FILE *file = NULL;
if (strcmp(argv[1], "I") == 0) {
safe_system("/usr/sbin/ipsec status");
@@ -219,7 +186,8 @@ int main(int argc, char *argv[]) {
if (argc == 2) {
if (strcmp(argv[1], "D") == 0) {
safe_system("/usr/sbin/ipsec stop >/dev/null 2>&1");
ipsec_norules();
safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
safe_system("/usr/local/bin/ipsec-interfaces >/dev/null");
exit(0);
}
}
@@ -241,82 +209,12 @@ int main(int argc, char *argv[]) {
exit(0);
}
/* read interface settings */
kv=initkeyvalues();
if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))
{
fprintf(stderr, "Cannot read ethernet settings\n");
exit(1);
}
if (!findkey(kv, "CONFIG_TYPE", configtype))
{
fprintf(stderr, "Cannot read CONFIG_TYPE\n");
exit(1);
}
findkey(kv, "RED_TYPE", redtype);
/* Loop through the config file to find physical interface that will accept IPSEC */
int enable_red=0; // states 0: not used
int enable_green=0; // 1: error condition
int enable_orange=0; // 2: good
int enable_blue=0;
char if_red[STRING_SIZE] = "";
char if_green[STRING_SIZE] = "";
char if_orange[STRING_SIZE] = "";
char if_blue[STRING_SIZE] = "";
char s[STRING_SIZE];
// when RED is up, find interface name in special file
FILE *ifacefile = NULL;
if ((ifacefile = fopen(CONFIG_ROOT "/red/iface", "r"))) {
if (fgets(if_red, STRING_SIZE, ifacefile)) {
if (if_red[strlen(if_red) - 1] == '\n')
if_red[strlen(if_red) - 1] = '\0';
}
fclose (ifacefile);
if (VALID_DEVICE(if_red))
enable_red++;
}
// Check if GREEN is enabled.
findkey(kv, "GREEN_DEV", if_green);
if (VALID_DEVICE(if_green))
enable_green++;
// Check if ORANGE is enabled.
findkey(kv, "ORANGE_DEV", if_orange);
if (VALID_DEVICE(if_orange))
enable_orange++;
// Check if BLUE is enabled.
findkey(kv, "BLUE_DEV", if_blue);
if (VALID_DEVICE(if_blue))
enable_blue++;
freekeyvalues(kv);
// exit if nothing to do
if ((enable_red+enable_green+enable_orange+enable_blue) == 0)
exit(0);
// open needed ports
if (enable_red > 0)
open_physical(if_red, 4500);
if (enable_green > 0)
open_physical(if_green, 4500);
if (enable_orange > 0)
open_physical(if_orange, 4500);
if (enable_blue > 0)
open_physical(if_blue, 4500);
// start the system
// start the system
if ((argc == 2) && strcmp(argv[1], "S") == 0) {
safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
safe_system("/usr/local/bin/ipsec-interfaces >/dev/null");
safe_system("/usr/sbin/ipsec restart >/dev/null");
exit(0);
}

72
src/patches/strongswan-ipfire-interfaces.patch Normal file
View File

@@ -0,0 +1,72 @@
--- strongswan-5.7.0/src/_updown/_updown.in.bak 2019-02-06 18:19:25.723893992 +0000
+++ strongswan-5.7.0/src/_updown/_updown.in 2019-02-06 18:28:21.520560665 +0000
@@ -130,6 +130,13 @@
# address family.
#
+VARS=(
+ id status name lefthost type ctype psk local local_id leftsubnets
+ remote_id remote rightsubnets x3 x4 x5 x6 x7 x8 x9 x10 x11 x12
+ x13 x14 x15 x16 x17 x18 x19 proto x20 x21 x22
+ route x23 mode interface_mode interface_address interface_mtu rest
+)
+
function ip_encode() {
local IFS=.
@@ -319,6 +326,13 @@
fi
;;
up-client:iptables)
+ # Read IPsec configuration
+ while IFS="," read -r "${VARS[@]}"; do
+ if [ "${PLUTO_CONNECTION}" = "${name}" ]; then
+ break
+ fi
+ done < /var/ipfire/vpn/config
+
# connection to client subnet, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
@@ -383,23 +397,25 @@
"tunnel+ $PLUTO_PEER -- $PLUTO_ME"
fi
- # Add source nat so also the gateway can access the other nets
- eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
- for _src in ${GREEN_ADDRESS} ${BLUE_ADDRESS} ${ORANGE_ADDRESS}; do
- ip_in_subnet "${_src}" "${PLUTO_MY_CLIENT}"
- if [ $? -eq 0 ]; then
- src=${_src}
- break
+ if [ -z "${interface_mode}" ]; then
+ # Add source nat so also the gateway can access the other nets
+ eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+ for _src in ${GREEN_ADDRESS} ${BLUE_ADDRESS} ${ORANGE_ADDRESS}; do
+ ip_in_subnet "${_src}" "${PLUTO_MY_CLIENT}"
+ if [ $? -eq 0 ]; then
+ src=${_src}
+ break
+ fi
+ done
+
+ if [ -n "${src}" ]; then
+ iptables --wait -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
+ logger -t $TAG -p $FAC_PRIO \
+ "snat+ $PLUTO_INTERFACE-$PLUTO_ME : $PLUTO_PEER_CLIENT - $src"
+ else
+ logger -t $TAG -p $FAC_PRIO \
+ "Cannot create NAT rule because no IP of the IPFire does match the subnet. $PLUTO_MY_CLIENT"
fi
- done
-
- if [ -n "${src}" ]; then
- iptables --wait -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
- logger -t $TAG -p $FAC_PRIO \
- "snat+ $PLUTO_INTERFACE-$PLUTO_ME : $PLUTO_PEER_CLIENT - $src"
- else
- logger -t $TAG -p $FAC_PRIO \
- "Cannot create NAT rule because no IP of the IPFire does match the subnet. $PLUTO_MY_CLIENT"
fi
# Flush routing cache

172
src/scripts/ipsec-interfaces Normal file
View File

@@ -0,0 +1,172 @@
#!/bin/bash
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2015 IPFire Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
shopt -s nullglob
VPN_CONFIG="/var/ipfire/vpn/config"
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
eval $(/usr/local/bin/readhash /var/ipfire/vpn/settings)
VARS=(
id status name lefthost type ctype psk local local_id leftsubnets
remote_id remote rightsubnets x3 x4 x5 x6 x7 x8 x9 x10 x11 x12
x13 x14 x15 x16 x17 x18 x19 proto x20 x21 x22
route x23 mode interface_mode interface_address interface_mtu rest
)
log() {
logger -t ipsec "$@"
}
resolve_hostname() {
local hostname="${1}"
dig +short A "${hostname}" | tail -n1
}
main() {
# Register local variables
local "${VARS[@]}"
local action
local interfaces=()
# We are done when IPsec is not enabled
if [ "${ENABLED}" = "on" ]; then
while IFS="," read -r "${VARS[@]}"; do
# Check if the connection is enabled
[ "${status}" = "on" ] || continue
# Check if this a net-to-net connection
[ "${type}" = "net" ] || continue
# Determine the interface name
case "${interface_mode}" in
gre|vti)
local intf="${interface_mode}${id}"
;;
*)
continue
;;
esac
# Add the interface to the list of all interfaces
interfaces+=( "${intf}" )
# Compat for older connections
if [ "${local}" = "off" ]; then
if [ "${VPN_IP}" = "%defaultroute" ]; then
local=""
else
local="${VPN_IP}"
fi
fi
# Handle %defaultroute
if [ -z "${local}" ]; then
if [ -r "/var/ipfire/red/local-ipaddress" ]; then
local="$(</var/ipfire/red/local-ipaddress)"
elif [ "${RED_TYPE}" = "STATIC" -a -n "${RED_ADDRESS}" ]; then
local="${RED_ADDRESS}"
fi
fi
# Resolve any hostnames
if [[ ! ${remote} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
remote="$(resolve_hostname "${remote}")"
fi
local args=(
"local" "${local}"
"remote" "${remote}"
)
case "${interface_mode}" in
gre)
# Add TTL
args+=( "ttl" "255" )
;;
vti)
# Add key for VTI
args+=( "key" "${id}" )
;;
esac
# Update the settings when the interface already exists
if [ -d "/sys/class/net/${intf}" ]; then
ip link change dev "${intf}" \
type "${interface_mode}" "${args[@]}" &>/dev/null
# Create a new interface and bring it up
else
log "Creating interface ${intf}"
if ! ip link add name "${intf}" type "${interface_mode}" "${args[@]}"; then
log "Could not create interface ${intf}"
continue
fi
fi
# Add an IP address
ip addr flush dev "${intf}"
ip addr add "${interface_address}" dev "${intf}"
# Set MTU
ip link set dev "${intf}" mtu "${interface_mtu}"
# Bring up the interface
ip link set dev "${intf}" up
done < "${VPN_CONFIG}"
fi
# Delete all other interfaces
local intf
for intf in /sys/class/net/gre[0-9]* /sys/class/net/vti[0-9]*; do
intf="$(basename "${intf}")"
# Ignore a couple of interfaces that cannot be deleted
case "${intf}" in
gre0|gretap0)
continue
;;
esac
# Check if interface is on the list
local i found="false"
for i in ${interfaces[@]}; do
if [ "${intf}" = "${i}" ]; then
found="true"
break
fi
done
# Nothing to do if interface was found
${found} && continue
# Delete the interface
log "Deleting interface ${intf}"
ip link del "${intf}" &>/dev/null
done
}
main || exit $?