webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 11:43:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'ummeegge/openvpn' into next

Browse Source 
Conflicts:
	html/cgi-bin/ovpnmain.cgi
	langs/de/cgi-bin/de.pl
	langs/en/cgi-bin/en.pl
This commit is contained in:
Michael Tremer
2014-05-11 18:47:11 +02:00
parent b2e75449a9 49abe7afb1
commit 661cd276b6
13 changed files with 434 additions and 264 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
config/ovpn/openssl/ovpn.cnf
View File

@@ -20,8 +20,8 @@ private_key = $dir/ca/cakey.pem
RANDFILE = $dir/ca/.rand
x509_extensions = usr_cert
default_days = 999999
default_crl_days= 30
default_md = md5
default_crl_days = 30
default_md = sha256
preserve = no
policy = policy_match
email_in_dn = no
@@ -35,7 +35,7 @@ commonName = supplied
emailAddress = optional
[ req ]
default_bits = 1024
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
@@ -73,31 +73,31 @@ challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
basicConstraints=CA:FALSE
basicConstraints = CA:FALSE
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
basicConstraints = CA:FALSE
nsCertType = server
nsComment = "OpenSSL Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:true
[ crl_ext ]
authorityKeyIdentifier=keyid:always,issuer:always
authorityKeyIdentifier = keyid:always,issuer:always
[ engine ]
default = openssl

1
doc/language_issues.de
View File

@@ -410,7 +410,6 @@ WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn config
WARNING: translation string unused: ovpn dl
WARNING: translation string unused: ovpn engines
WARNING: translation string unused: ovpn log
WARNING: translation string unused: ovpn reneg sec
WARNING: translation string unused: ovpn_fastio

4
doc/language_issues.en
View File

@@ -145,6 +145,7 @@ WARNING: translation string unused: destination ip bad
WARNING: translation string unused: destination ip or net
WARNING: translation string unused: destination net
WARNING: translation string unused: destination port overlaps
WARNING: translation string unused: dh name is invalid
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
@@ -436,11 +437,9 @@ WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn config
WARNING: translation string unused: ovpn dl
WARNING: translation string unused: ovpn engines
WARNING: translation string unused: ovpn log
WARNING: translation string unused: ovpn reneg sec
WARNING: translation string unused: ovpn_fastio
WARNING: translation string unused: ovpn_fragment
WARNING: translation string unused: ovpn_mssfix
WARNING: translation string unused: ovpn_mtudisc
WARNING: translation string unused: ovpn_processprio
@@ -546,6 +545,7 @@ WARNING: translation string unused: successfully refreshed updates list
WARNING: translation string unused: system graphs
WARNING: translation string unused: system log viewer
WARNING: translation string unused: system status information
WARNING: translation string unused: teovpn_fragment
WARNING: translation string unused: test
WARNING: translation string unused: test email could not be sent
WARNING: translation string unused: test email was sent

6
doc/language_issues.es
View File

@@ -634,8 +634,9 @@ WARNING: untranslated string: dead peer detection
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: details
WARNING: untranslated string: dh
WARNING: untranslated string: dh key move failed
WARNING: untranslated string: dh key warn
WARNING: untranslated string: dh name is invalid
WARNING: untranslated string: dh key warn1
WARNING: untranslated string: dnat address
WARNING: untranslated string: dns servers
WARNING: untranslated string: dnsforward
@@ -873,7 +874,8 @@ WARNING: untranslated string: outgoing firewall p2p allow
WARNING: untranslated string: outgoing firewall p2p deny
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
WARNING: untranslated string: ovpn dh name
WARNING: untranslated string: ovpn dh upload
WARNING: untranslated string: ovpn engines
WARNING: untranslated string: ovpn errmsg green already pushed
WARNING: untranslated string: ovpn errmsg invalid ip or mask
WARNING: untranslated string: ovpn generating the root and host certificates

6
doc/language_issues.fr
View File

@@ -644,8 +644,9 @@ WARNING: untranslated string: dead peer detection
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: details
WARNING: untranslated string: dh
WARNING: untranslated string: dh key move failed
WARNING: untranslated string: dh key warn
WARNING: untranslated string: dh name is invalid
WARNING: untranslated string: dh key warn1
WARNING: untranslated string: dnat address
WARNING: untranslated string: dns address deleted txt
WARNING: untranslated string: dns servers
@@ -884,7 +885,8 @@ WARNING: untranslated string: other
WARNING: untranslated string: outgoing firewall access
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
WARNING: untranslated string: ovpn dh name
WARNING: untranslated string: ovpn dh upload
WARNING: untranslated string: ovpn engines
WARNING: untranslated string: ovpn generating the root and host certificates
WARNING: untranslated string: ovpn ha
WARNING: untranslated string: ovpn hmac

6
doc/language_issues.nl
View File

@@ -650,8 +650,9 @@ WARNING: untranslated string: atm device
WARNING: untranslated string: bytes
WARNING: untranslated string: capabilities
WARNING: untranslated string: dh
WARNING: untranslated string: dh key move failed
WARNING: untranslated string: dh key warn
WARNING: untranslated string: dh name is invalid
WARNING: untranslated string: dh key warn1
WARNING: untranslated string: dns servers
WARNING: untranslated string: drop outgoing
WARNING: untranslated string: firewall logs country
@@ -677,7 +678,8 @@ WARNING: untranslated string: monitor interface
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
WARNING: untranslated string: ovpn dh name
WARNING: untranslated string: ovpn dh upload
WARNING: untranslated string: ovpn engines
WARNING: untranslated string: ovpn generating the root and host certificates
WARNING: untranslated string: ovpn ha
WARNING: untranslated string: ovpn hmac

6
doc/language_issues.pl
View File

@@ -634,8 +634,9 @@ WARNING: untranslated string: dead peer detection
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: details
WARNING: untranslated string: dh
WARNING: untranslated string: dh key move failed
WARNING: untranslated string: dh key warn
WARNING: untranslated string: dh name is invalid
WARNING: untranslated string: dh key warn1
WARNING: untranslated string: dnat address
WARNING: untranslated string: dns servers
WARNING: untranslated string: dnsforward
@@ -873,7 +874,8 @@ WARNING: untranslated string: outgoing firewall p2p allow
WARNING: untranslated string: outgoing firewall p2p deny
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
WARNING: untranslated string: ovpn dh name
WARNING: untranslated string: ovpn dh upload
WARNING: untranslated string: ovpn engines
WARNING: untranslated string: ovpn errmsg green already pushed
WARNING: untranslated string: ovpn errmsg invalid ip or mask
WARNING: untranslated string: ovpn generating the root and host certificates

6
doc/language_issues.ru
View File

@@ -638,8 +638,9 @@ WARNING: untranslated string: dead peer detection
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: details
WARNING: untranslated string: dh
WARNING: untranslated string: dh key move failed
WARNING: untranslated string: dh key warn
WARNING: untranslated string: dh name is invalid
WARNING: untranslated string: dh key warn1
WARNING: untranslated string: disk access per
WARNING: untranslated string: dnat address
WARNING: untranslated string: dns servers
@@ -868,7 +869,8 @@ WARNING: untranslated string: outgoing firewall access
WARNING: untranslated string: outgoing traffic in bytes per second
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
WARNING: untranslated string: ovpn dh name
WARNING: untranslated string: ovpn dh upload
WARNING: untranslated string: ovpn engines
WARNING: untranslated string: ovpn generating the root and host certificates
WARNING: untranslated string: ovpn ha
WARNING: untranslated string: ovpn hmac

6
doc/language_issues.tr
View File

@@ -648,8 +648,9 @@ WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: bytes
WARNING: untranslated string: capabilities
WARNING: untranslated string: dh
WARNING: untranslated string: dh key move failed
WARNING: untranslated string: dh key warn
WARNING: untranslated string: dh name is invalid
WARNING: untranslated string: dh key warn1
WARNING: untranslated string: firewall logs country
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: gen dh
@@ -673,7 +674,8 @@ WARNING: untranslated string: monitor interface
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
WARNING: untranslated string: ovpn dh name
WARNING: untranslated string: ovpn dh upload
WARNING: untranslated string: ovpn engines
WARNING: untranslated string: ovpn generating the root and host certificates
WARNING: untranslated string: ovpn ha
WARNING: untranslated string: ovpn hmac

21
doc/language_missings
View File

@@ -6,6 +6,7 @@
############################################################################
< addon
< ccd maxclients
< ovpn_fragment
############################################################################
# Checking install/setup translations for language: fr #
############################################################################
@@ -79,8 +80,9 @@
< deprecated fs warn
< details
< dh
< dh key move failed
< dh key warn
< dh name is invalid
< dh key warn1
< dnat address
< dns address deleted txt
< dnsforward
@@ -362,7 +364,7 @@
< outgoing firewall access
< ovpn crypt options
< ovpn dh
< ovpn dh name
< ovpn dh upload
< ovpn engines
< ovpn generating the root and host certificates
< ovpn ha
@@ -591,8 +593,9 @@
< deprecated fs warn
< details
< dh
< dh key move failed
< dh key warn
< dh name is invalid
< dh key warn1
< dnat address
< dnsforward
< dnsforward add a new entry
@@ -885,7 +888,7 @@
< outgoing firewall view group
< ovpn crypt options
< ovpn dh
< ovpn dh name
< ovpn dh upload
< ovpn engines
< ovpn errmsg green already pushed
< ovpn errmsg invalid ip or mask
@@ -1094,8 +1097,9 @@
< deprecated fs warn
< details
< dh
< dh key move failed
< dh key warn
< dh name is invalid
< dh key warn1
< dnat address
< dnsforward
< dnsforward add a new entry
@@ -1366,7 +1370,7 @@
< outgoing firewall access
< ovpn crypt options
< ovpn dh
< ovpn dh name
< ovpn dh upload
< ovpn engines
< ovpn errmsg green already pushed
< ovpn errmsg invalid ip or mask
@@ -1575,8 +1579,9 @@
< deprecated fs warn
< details
< dh
< dh key move failed
< dh key warn
< dh name is invalid
< dh key warn1
< disk access per
< dnat address
< dnsforward
@@ -1854,7 +1859,7 @@
< outgoing traffic in bytes per second
< ovpn crypt options
< ovpn dh
< ovpn dh name
< ovpn dh upload
< ovpn engines
< ovpn generating the root and host certificates
< ovpn ha

299
html/cgi-bin/ovpnmain.cgi
View File

@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -19,7 +19,6 @@
# #
###############################################################################
###
# Based on IPFireCore 76
###
use CGI;
use CGI qw/:standard/;
@@ -90,8 +89,10 @@ $cgiparams{'DCOMPLZO'} = 'off';
$cgiparams{'MSSFIX'} = '';
$cgiparams{'number'} = '';
$cgiparams{'PMTU_DISCOVERY'} = '';
$cgiparams{'DAUTH'} = '';
$cgiparams{'DCIPHER'} = '';
$cgiparams{'DAUTH'} = '';
$cgiparams{'TLSAUTH'} = '';
$cgiparams{'ENGINES'} = '';
$routes_push_file = "${General::swroot}/ovpn/routes_push";
unless (-e $routes_push_file) { system("touch $routes_push_file"); }
unless (-e "${General::swroot}/ovpn/ccd.conf") { system("touch ${General::swroot}/ovpn/ccd.conf"); }
@@ -295,7 +296,7 @@ sub writeserverconf {
print CONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
print CONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
print CONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
print CONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n";
print CONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n";
my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'});
print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
#print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
@@ -362,7 +363,19 @@ sub writeserverconf {
print CONF "status-version 1\n";
print CONF "status /var/log/ovpnserver.log 30\n";
print CONF "cipher $sovpnsettings{DCIPHER}\n";
print CONF "auth $sovpnsettings{DAUTH}\n";
if ($sovpnsettings{'DAUTH'} eq '') {
print CONF "";
} else {
print CONF "auth $sovpnsettings{'DAUTH'}\n";
}
if ($sovpnsettings{'TLSAUTH'} eq 'on') {
print CONF "tls-auth ${General::swroot}/ovpn/ca/ta.key 0\n";
}
if ($sovpnsettings{ENGINES} eq 'disabled') {
print CONF "";
} else {
print CONF "engine $sovpnsettings{ENGINES}\n";
}
if ($sovpnsettings{DCOMPLZO} eq 'on') {
print CONF "comp-lzo\n";
}
@@ -782,6 +795,8 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
$vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
$vpnsettings{'PMTU_DISCOVERY'} = $cgiparams{'PMTU_DISCOVERY'};
$vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
$vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
$vpnsettings{'ENGINES'} = $cgiparams{'ENGINES'};
my @temp=();
if ($cgiparams{'FRAGMENT'} eq '') {
@@ -794,12 +809,20 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
$vpnsettings{'FRAGMENT'} = $cgiparams{'FRAGMENT'};
}
}
if ($cgiparams{'MSSFIX'} ne 'on') {
delete $vpnsettings{'MSSFIX'};
} else {
$vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
}
# Create ta.key for tls-auth if not presant
if ($cgiparams{'TLSAUTH'} eq 'on') {
if ( ! -e "${General::swroot}/ovpn/ca/ta.key") {
system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/ca/ta.key")
}
}
if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
@@ -976,11 +999,21 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n";
print SERVERCONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n";
print SERVERCONF "# Cipher\n";
print SERVERCONF "cipher $cgiparams{'DCIPHER'}\n";
if ($cgiparams{'DAUTH'} eq '') {
print SERVERCONF "auth SHA1\n";
} else {
print SERVERCONF "# HMAC algorithm\n";
print SERVERCONF "auth $cgiparams{'DAUTH'}\n";
}
if ($cgiparams{'ENGINES'} eq 'disabled') {
print SERVERCONF "";
} else {
print SERVERCONF "# Crypto engine\n";
print SERVERCONF "engine $cgiparams{'ENGINES'}\n";
}
if ($cgiparams{'COMPLZO'} eq 'on') {
print SERVERCONF "# Enable Compression\n";
print SERVERCONF "comp-lzo\r\n";
@@ -1069,9 +1102,19 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
print CLIENTCONF "tls-client\n";
print CLIENTCONF "# Cipher\n";
print CLIENTCONF "cipher $cgiparams{'DCIPHER'}\n";
print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n";
if ($cgiparams{'DAUTH'} eq '') {
print CLIENTCONF "auth SHA1\n";
} else {
print CLIENTCONF "# HMAC algorithm\n";
print CLIENTCONF "auth $cgiparams{'DAUTH'}\n";
print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n";
}
if ($cgiparams{'ENGINES'} eq 'disabled') {
print CLIENTCONF "";
} else {
print CLIENTCONF "# Crypto engine\n";
print CLIENTCONF "engine $cgiparams{'ENGINES'}\n";
}
if ($cgiparams{'COMPLZO'} eq 'on') {
print CLIENTCONF "# Enable Compression\n";
print CLIENTCONF "comp-lzo\r\n";
@@ -1205,13 +1248,13 @@ SETTINGS_ERROR:
}
}
while ($file = glob("${General::swroot}/ovpn/ca/*")) {
unlink $file
unlink $file;
}
while ($file = glob("${General::swroot}/ovpn/certs/*")) {
unlink $file
unlink $file;
}
while ($file = glob("${General::swroot}/ovpn/crls/*")) {
unlink $file
unlink $file;
}
&cleanssldatabase();
if (open(FILE, ">${General::swroot}/ovpn/caconfig")) {
@@ -1238,8 +1281,10 @@ SETTINGS_ERROR:
close FILE;
}
while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) {
system ("rm -rf $file")
system ("rm -rf $file");
}
#&writeserverconf();
###
### Reset all step 1
###
@@ -1255,6 +1300,7 @@ SETTINGS_ERROR:
<td align='center'>
<input type='hidden' name='AREUSURE' value='yes' />
<b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
<b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
$Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}</td>
</tr>
<tr>
@@ -1316,10 +1362,12 @@ END
</table>
<table width='100%'>
<tr>
<b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}:</font></b>
$Lang::tr{'dh key warn'}
</td>
<b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}: </font></b>$Lang::tr{'dh key warn'}
</tr>
<tr>
<td class='base'>$Lang::tr{'dh key warn1'}</td>
</tr>
<tr><td colspan='2'><br></td></tr>
<tr>
<td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
</form>
@@ -1338,10 +1386,6 @@ END
### Upload DH key
###
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload dh key'}) {
if ($cgiparams{'DH_NAME'} !~ /dh1024.pem/) {
$errormessage = $Lang::tr{'dh name is invalid'};
goto UPLOADCA_ERROR;
}
if (ref ($cgiparams{'FH'}) ne 'Fh') {
$errormessage = $Lang::tr{'there was no file upload'};
goto UPLOADCA_ERROR;
@@ -1364,13 +1408,12 @@ END
}
move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
if ($? ne 0) {
$errormessage = "$Lang::tr{'certificate file move failed'}: $!";
$errormessage = "$Lang::tr{'dh key move failed'}: $!";
unlink ($filename);
goto UPLOADCA_ERROR;
}
}
###
### Upload CA Certificate
###
@@ -1825,7 +1868,7 @@ END
}
} else { # child
unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
'-days', '999999', '-newkey', 'rsa:4096',
'-days', '999999', '-newkey', 'rsa:4096', '-sha512',
'-keyout', "${General::swroot}/ovpn/ca/cakey.pem",
'-out', "${General::swroot}/ovpn/ca/cacert.pem",
'-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
@@ -1985,17 +2028,20 @@ END
<td>&nbsp;</td><td>&nbsp;</td></tr>
<tr><td class='base' colspan='4' align='left'>
<img src='/blob.gif' valign='top' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
<tr><td colspan='4'><br><br></td></tr>
<tr><td class='base' colspan='4' align='center'>
<b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}:</font></b>
$Lang::tr{'ovpn generating the root and host certificates'}
</td>
<tr><td colspan='2'><br></td></tr>
<table width='100%'>
<tr>
<b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}: </font></b>$Lang::tr{'ovpn generating the root and host certificates'}
<td class='base'>$Lang::tr{'dh key warn'}</td>
</tr>
<tr><td class='base' colspan='4' align='center'>
$Lang::tr{'dh key warn'}
</td>
<tr>
<td class='base'>$Lang::tr{'dh key warn1'}</td>
</tr>
<tr><td colspan='2'><br></td></tr>
<tr>
</table>
<table width='100%'>
<tr><td colspan='4'><hr></td></tr>
<tr><td class='base' nowrap='nowrap'>$Lang::tr{'upload p12 file'}:</td>
<td nowrap='nowrap'><input type='file' name='FH' size='32'></td>
@@ -2147,12 +2193,17 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
print CLIENTCONF "tls-client\n";
print CLIENTCONF "# Cipher\n";
print CLIENTCONF "cipher $confighash{$cgiparams{'KEY'}}[40]\n";
print CLIENTCONF "# HMAC algorithm\n";
print CLIENTCONF "auth $confighash{$cgiparams{'KEY'}}[39]\n";
if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n";
$zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
}
if ($confighash{$cgiparams{'KEY'}}[39] eq '') {
print CLIENTCONF "# HMAC algorithm\n";
print CLIENTCONF "auth SHA1\n";
} else {
print CLIENTCONF "# HMAC algorithm\n";
print CLIENTCONF "auth $confighash{$cgiparams{'KEY'}}[39]\n";
}
if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') {
print CLIENTCONF "# Enable Compression\n";
print CLIENTCONF "comp-lzo\r\n";
@@ -2248,7 +2299,15 @@ else
$zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
}
print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
print CLIENTCONF "auth $vpnsettings{DAUTH}\r\n";
if ($vpnsettings{'DAUTH'} eq '') {
print CLIENTCONF "";
} else {
print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
}
if ($vpnsettings{'TLSAUTH'} eq 'on') {
print CLIENTCONF "tls-auth ta.key 1\r\n";
$zip->addFile( "${General::swroot}/ovpn/ca/ta.key", "ta.key") or die "Can't add file ta.key\n";
}
if ($vpnsettings{DCOMPLZO} eq 'on') {
print CLIENTCONF "comp-lzo\r\n";
}
@@ -2419,7 +2478,9 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show crl'}) {
# &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
if ( -f "${General::swroot}/ovpn/crls/cacrl.pem") {
if (! -e "${General::swroot}/ovpn/crls/cacrl.pem") {
$errormessage = $Lang::tr{'not present'};
} else {
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', '');
@@ -2469,6 +2530,15 @@ ADV_ERROR:
if ($cgiparams{'DAUTH'} eq '') {
$cgiparams{'DAUTH'} = 'SHA1';
}
if ($cgiparams{'DAUTH'} eq '') {
$cgiparams{'DAUTH'} = 'SHA1';
}
if ($cgiparams{'ENGINES'} eq '') {
$cgiparams{'ENGINES'} = 'disabled';
}
if ($cgiparams{'TLSAUTH'} eq '') {
$cgiparams{'TLSAUTH'} = 'off';
}
$checked{'CLIENT2CLIENT'}{'off'} = '';
$checked{'CLIENT2CLIENT'}{'on'} = '';
$checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
@@ -2479,6 +2549,7 @@ ADV_ERROR:
$checked{'MSSFIX'}{'on'} = '';
$checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
$checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
$selected{'LOG_VERB'}{'0'} = '';
$selected{'LOG_VERB'}{'1'} = '';
$selected{'LOG_VERB'}{'2'} = '';
$selected{'LOG_VERB'}{'3'} = '';
@@ -2490,15 +2561,22 @@ ADV_ERROR:
$selected{'LOG_VERB'}{'9'} = '';
$selected{'LOG_VERB'}{'10'} = '';
$selected{'LOG_VERB'}{'11'} = '';
$selected{'LOG_VERB'}{'0'} = '';
$selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
$selected{'DAUTH'}{'whirlpool'} = '';
$selected{'DAUTH'}{'SHA512'} = '';
$selected{'DAUTH'}{'SHA384'} = '';
$selected{'DAUTH'}{'SHA256'} = '';
$selected{'DAUTH'}{'ecdsa-with-SHA1'} = '';
$selected{'DAUTH'}{'SHA1'} = '';
$selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
$checked{'TLSAUTH'}{'off'} = '';
$checked{'TLSAUTH'}{'on'} = '';
$checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
$selected{'ENGINES'}{'cryptodev'} = '';
$selected{'ENGINES'}{'dynamic'} = '';
$selected{'ENGINES'}{'aesni'} = '';
$selected{'ENGINES'}{'padlock'} = '';
$selected{'ENGINES'}{'disabled'} = '';
$selected{'ENGINES'}{$cgiparams{'ENGINES'}} = 'SELECTED';
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'status ovpn'}, 1, '');
@@ -2584,7 +2662,9 @@ print <<END;
<tr>
<td class='base'>mssfix</td>
<td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
<td>$Lang::tr{'openvpn default'}: off</td>
</tr>
<tr>
<td class='base'>$Lang::tr{'ovpn mtu-disc'}</td>
<td><input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}</td>
@@ -2617,10 +2697,8 @@ print <<END;
<option value='9' $selected{'LOG_VERB'}{'9'}>9</option>
<option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
<option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
</select>
</td>
</tr>
</table>
</td></select>
</table>
<hr size='1'>
<table width='100%'>
@@ -2636,20 +2714,42 @@ print <<END;
<option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
<option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
<option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
<option value='ecdsa-with-SHA1' $selected{'DAUTH'}{'ecdsa-with-SHA1'}>ECDSA-SHA1 (160 $Lang::tr{'bit'})</option>
<option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'})</option>
</select>
</td>
<td>Default: <span class="base">SHA1 (160 $Lang::tr{'bit'})</span></td>
</table><hr>
</tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn engines'}</td>
<td><select name='ENGINES'>
<option value='cryptodev' $selected{'ENGINES'}{'cryptodev'}>Cryptodev</option>
<option value='dynamic' $selected{'ENGINES'}{'dynamic'}>Dynamic</option>
<option value='aesni' $selected{'ENGINES'}{'aesni'}>AES-NI</option>
<option value='padlock' $selected{'ENGINES'}{'padlock'}>Padlock</option>
<option value='disabled' $selected{'ENGINES'}{'disabled'}>$Lang::tr{'disabled'}</option>
</select>
</td>
<td>Default: <span class="base">$Lang::tr{'disabled'}</span></td>
</tr>
</table>
<table width='100%'>
<tr>
<td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
</tr>
<tr>
<td class='base'>HMAC tls-auth</td>
<td><input type='checkbox' name='TLSAUTH' $checked{'TLSAUTH'}{'on'} /></td>
</tr>
</table><hr>
END
if ( -e "/var/run/openvpn.pid"){
print" <br><b><font color='#990000'>$Lang::tr{'attention'}:</b></font><br>
$Lang::tr{'server restart'}<br><br>
<hr>";
print<<END
print<<END;
<table width='100%'>
<tr>
<td>&nbsp;</td>
@@ -2665,7 +2765,7 @@ END
}else{
print<<END
print<<END;
<table width='100%'>
<tr>
<td>&nbsp;</td>
@@ -2721,7 +2821,7 @@ if ($cgiparams{'ACTION'} eq "edit"){
&Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'});
print <<END;
<table width='100%' border=0>
<table width='100%' border='0'>
<tr><form method='post'>
<td width='10%' nowrap='nowrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
<td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' readonly /></td></tr>
@@ -3182,6 +3282,7 @@ my $complzoactive;
my $mssfixactive;
my $authactive;
my $n2nfragment;
my $authactive;
my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]);
my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
my @n2nproto = split(/-/, $n2nproto2[1]);
@@ -3201,7 +3302,7 @@ my @n2nmgmt = split(/ /, (grep { /^management/ } @firen2nconf)[0]);
my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]);
my @n2ncipher = split(/ /, (grep { /^cipher/ } @firen2nconf)[0]);
my @n2nauth = split(/ /, (grep { /^auth/ } @firen2nconf)[0]);
my @n2nengine = split(/ /, (grep { /^engine/ } @firen2nconf)[0]);;
###
# m.a.d delete CR and LF from arrays for this chomp doesnt work
@@ -3222,6 +3323,7 @@ $n2nmgmt[2] =~ s/\n|\r//g;
$n2nmtudisc[1] =~ s/\n|\r//g;
$n2ncipher[1] =~ s/\n|\r//g;
$n2nauth[1] =~ s/\n|\r//g;
$n2nengine[1] =~ s/\n|\r//g;
chomp ($complzoactive);
chomp ($mssfixactive);
@@ -3275,7 +3377,7 @@ foreach my $dkey (keys %confighash) {
$key = &General::findhasharraykey (\%confighash);
foreach my $i (0 .. 41) { $confighash{$key}[$i] = "";}
foreach my $i (0 .. 42) { $confighash{$key}[$i] = "";}
$confighash{$key}[0] = 'off';
$confighash{$key}[1] = $n2nname[0];
@@ -3299,6 +3401,7 @@ foreach my $dkey (keys %confighash) {
$confighash{$key}[38] = $n2nmtudisc[1];
$confighash{$key}[39] = $n2nauth[1];
$confighash{$key}[40] = $n2ncipher[1];
$confighash{$key}[41] = 'disabled';
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
@@ -3335,8 +3438,8 @@ foreach my $dkey (keys %confighash) {
<tr><td class='boldbase' nowrap='nowrap'>MSSFIX:</td><td><b>$confighash{$key}[23]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>Fragment:</td><td><b>$confighash{$key}[24]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}:</td><td><b>$confighash{$key}[38]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>Management Port:</td><td><b>$confighash{$key}[22]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td><td><b>$confighash{$key}[38]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn hmac'}:</td><td><b>$confighash{$key}[39]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td><td><b>$confighash{$key}[40]</b></td></tr>
<tr><td>&nbsp;</td><td>&nbsp;</td></tr>
@@ -3438,6 +3541,8 @@ if ($confighash{$cgiparams{'KEY'}}) {
$cgiparams{'PMTU_DISCOVERY'} = $confighash{$cgiparams{'KEY'}}[38];
$cgiparams{'DAUTH'} = $confighash{$cgiparams{'KEY'}}[39];
$cgiparams{'DCIPHER'} = $confighash{$cgiparams{'KEY'}}[40];
$cgiparams{'TLSAUTH'} = $confighash{$cgiparams{'KEY'}}[41];
$cgiparams{'ENGINES'} = $confighash{$cgiparams{'KEY'}}[42];
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
@@ -4117,7 +4222,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
if (! $key) {
$key = &General::findhasharraykey (\%confighash);
foreach my $i (0 .. 41) { $confighash{$key}[$i] = "";}
foreach my $i (0 .. 43) { $confighash{$key}[$i] = "";}
}
$confighash{$key}[0] = $cgiparams{'ENABLED'};
$confighash{$key}[1] = $cgiparams{'NAME'};
@@ -4163,6 +4268,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
$confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'};
$confighash{$key}[39] = $cgiparams{'DAUTH'};
$confighash{$key}[40] = $cgiparams{'DCIPHER'};
$confighash{$key}[42] = $cgiparams{'ENGINES'};
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
@@ -4274,6 +4380,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
$cgiparams{'FRAGMENT'} = '1300';
$cgiparams{'PMTU_DISCOVERY'} = 'off';
$cgiparams{'DAUTH'} = 'SHA1';
$cgiparams{'ENGINES'} = 'disabled';
###
# m.a.d n2n end
###
@@ -4338,14 +4445,6 @@ if ($cgiparams{'TYPE'} eq 'net') {
}
$checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
$selected{'DAUTH'}{'whirlpool'} = '';
$selected{'DAUTH'}{'SHA512'} = '';
$selected{'DAUTH'}{'SHA384'} = '';
$selected{'DAUTH'}{'SHA256'} = '';
$selected{'DAUTH'}{'ecdsa-with-SHA1'} = '';
$selected{'DAUTH'}{'SHA1'} = '';
$selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
$selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
$selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
$selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
@@ -4362,7 +4461,35 @@ if ($cgiparams{'TYPE'} eq 'net') {
$selected{'DCIPHER'}{'DES-CBC'} = '';
$selected{'DCIPHER'}{'RC2-64-CBC'} = '';
$selected{'DCIPHER'}{'RC2-40-CBC'} = '';
# If no cipher has been chossen yet, select
# the old default (AES-256-CBC) for compatiblity reasons.
if ($cgiparams{'DCIPHER'} eq '') {
$cgiparams{'DCIPHER'} = 'AES-256-CBC';
}
$selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
$selected{'DAUTH'}{'whirlpool'} = '';
$selected{'DAUTH'}{'SHA512'} = '';
$selected{'DAUTH'}{'SHA384'} = '';
$selected{'DAUTH'}{'SHA256'} = '';
$selected{'DAUTH'}{'SHA1'} = '';
# If no hash algorythm has been choosen yet, select
# the old default value (SHA1) for compatiblity reasons.
if ($cgiparams{'DAUTH'} eq '') {
$cgiparams{'DAUTH'} = 'SHA1';
}
$selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
$selected{'ENGINES'}{'disabled'} = '';
$selected{'ENGINES'}{'cryptodev'} = '';
$selected{'ENGINES'}{'dynamic'} = '';
$selected{'ENGINES'}{'aesni'} = '';
$selected{'ENGINES'}{'padlock'} = '';
# If no engine has been choosen yet, select
# a default one (disabled).
if ($cgiparams{'ENGINES'} eq '') {
$cgiparams{'ENGINES'} = 'disabled';
}
$selected{'ENGINES'}{$cgiparams{'ENGINES'}} = 'SELECTED';
if (1) {
&Header::showhttpheaders();
@@ -4418,7 +4545,6 @@ if ($cgiparams{'TYPE'} eq 'net') {
} else {
print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>";
}
print <<END;
<td width='25%'>&nbsp;</td>
<td width='25%'>&nbsp;</td></tr>
@@ -4437,17 +4563,15 @@ if ($cgiparams{'TYPE'} eq 'net') {
<td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td>
<td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td>
<td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td></tr>
<td class='boldbase'>$Lang::tr{'destination port'}:</td>
<td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
<td><select name='PROTOCOL'><option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
<option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>
<td class='boldbase' nowrap='nowrap'>Management Port ($Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}): &nbsp;<img src='/blob.gif' /></td>
<td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
<td class='boldbase'>$Lang::tr{'destination port'}:</td>
<td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td>
</tr>
<tr><td class='boldbase'>$Lang::tr{'cipher'}</td>
@@ -4477,29 +4601,48 @@ if ($cgiparams{'TYPE'} eq 'net') {
<option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
<option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
<option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
<option value='ecdsa-with-SHA1' $selected{'DAUTH'}{'ecdsa-with-SHA1'}>ECDSA-SHA1 (160 $Lang::tr{'bit'})</option>
<option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'} Default)</option>
</select>
</td>
</tr>
<tr> <td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn engines'} &nbsp;<img src='/blob.gif'</td>
<td><select name='ENGINES'>
<option value='cryptodev' $selected{'ENGINES'}{'cryptodev'}>Cryptodev</option>
<option value='dynamic' $selected{'ENGINES'}{'dynamic'}>Dynamic</option>
<option value='aesni' $selected{'ENGINES'}{'aesni'}>AES-NI</option>
<option value='padlock' $selected{'ENGINES'}{'padlock'}>Padlock</option>
<option value='disabled' $selected{'ENGINES'}{'disabled'}>$Lang::tr{'disabled'} (Default)</option>
</select>
</td>
</tr>
<tr><td colspan=2><hr /></td></tr><tr>
<tr><td class='boldbase' nowrap='nowrap'>Management Port ($Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}): &nbsp;<img src='/blob.gif' /></td>
<td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
</tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;<img src='/blob.gif' /></td>
<td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td>
<td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td>
</tr>
<tr><td class='boldbase' nowrap='nowrap'>fragment: &nbsp;<img src='/blob.gif' /></td>
<tr><td class='boldbase' nowrap='nowrap'>fragment &nbsp;<img src='/blob.gif' /></td>
<td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td>
<td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td>
</tr>
<tr><td class='boldbase' nowrap='nowrap'>mssfix: &nbsp;<img src='/blob.gif' /></td>
<tr><td class='boldbase' nowrap='nowrap'>mssfix &nbsp;<img src='/blob.gif' /></td>
<td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
<td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td>
</tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'} &nbsp;<img src='/blob.gif'</td>
<td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
</tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}:</td>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td>
<td colspan='3'>
<input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}
<input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}
@@ -4507,7 +4650,6 @@ if ($cgiparams{'TYPE'} eq 'net') {
<input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'}
</td>
</tr>
END
;
}
@@ -4773,7 +4915,7 @@ END
if (&haveOrangeNet() && $selorange == '1'){ print"<option selected>$Lang::tr{'orange'}</option>";$selorange=0;}elsif(&haveOrangeNet() && $selorange == '0'){print"<option>$Lang::tr{'orange'}</option>";}
if ($selgreen == '1' || $other == '0'){ print"<option selected>$Lang::tr{'green'}</option>";$set=0;}else{print"<option>$Lang::tr{'green'}</option>";};
print<<END
print<<END;
</select></td><td valign='top'>DNS1:</td><td valign='top'><input type='TEXT' name='CCD_DNS1' value='$cgiparams{'CCD_DNS1'}' size='30' /></td></tr>
<tr valign='top'><td>DNS2:</td><td><input type='TEXT' name='CCD_DNS2' value='$cgiparams{'CCD_DNS2'}' size='30' /></td></tr>
<tr valign='top'><td valign='top'>WINS:</td><td><input type='TEXT' name='CCD_WINS' value='$cgiparams{'CCD_WINS'}' size='30' /></td></tr></table><br><hr>
@@ -4835,6 +4977,9 @@ END
if ($cgiparams{'DAUTH'} eq '') {
$cgiparams{'DAUTH'} = 'SHA1';
}
if ($cgiparams{'ENGINES'} eq '') {
$cgiparams{'ENGINES'} = 'disabled';
}
if ($cgiparams{'DOVPN_SUBNET'} eq '') {
$cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
}
@@ -4877,10 +5022,16 @@ END
$selected{'DAUTH'}{'SHA512'} = '';
$selected{'DAUTH'}{'SHA384'} = '';
$selected{'DAUTH'}{'SHA256'} = '';
$selected{'DAUTH'}{'ecdsa-with-SHA1'} = '';
$selected{'DAUTH'}{'SHA1'} = '';
$selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
$selected{'ENGINES'}{'cryptodev'} = '';
$selected{'ENGINES'}{'dynamic'} = '';
$selected{'ENGINES'}{'aesni'} = '';
$selected{'ENGINES'}{'padlock'} = '';
$selected{'ENGINES'}{'disabled'} = '';
$selected{'ENGINES'}{$cgiparams{'ENGINES'}} = 'SELECTED';
$checked{'DCOMPLZO'}{'off'} = '';
$checked{'DCOMPLZO'}{'on'} = '';
$checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
@@ -4923,7 +5074,7 @@ END
}
&Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});
print <<END;
<table width='100%' border=0>
<table width='100%' border='0'>
<form method='post'>
<td width='25%'>&nbsp;</td>
<td width='25%'>&nbsp;</td>
@@ -5369,10 +5520,10 @@ END
</tr>
<tr>
<td class='base' nowrap='nowrap'>$Lang::tr{'ovpn dh name'}:</td>
<td nowrap='nowrap'><input type='text' name='DH_NAME' value='$cgiparams{'DH_NAME'}' size='15' align='left'/></td>
<td class='base' nowrap='nowrap'>$Lang::tr{'ovpn dh upload'}:</td>
<td nowrap='nowrap'><size='15' align='left'/></td>
<td nowrap='nowrap'><input type='file' name='FH' size='25' />
<td nowrap='nowrap' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}' /></td>
<td colspan='4' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}' /></td>
</tr>
<tr><td colspan='4'><br></td></tr>
<tr>

13
langs/de/cgi-bin/de.pl
View File

@@ -38,7 +38,7 @@
'Local VPN IP' => 'Internes Netzwerk (GREEN)',
'MB read' => 'MB gelesen',
'MB written' => 'MB geschrieben',
'MTU' => 'MTU Size',
'MTU' => 'MTU Size:',
'Number of Countries for the pie chart' => 'Anzahl der angezeigten Länder im Diagramm',
'Number of IPs for the pie chart' => 'Anzahl der angezeigten IPs im Diagramm',
'Number of Ports for the pie chart' => 'Anzahl der angezeigten Ports im Diagramm',
@@ -662,8 +662,9 @@
'device' => 'Gerät',
'devices on blue' => 'Geräte auf Blau',
'dh' => 'Diffie-Hellman Key',
'dh key warn' => 'Keys mit 1024 und 2048 Bit können mehrere Minuten, 3072 und 4096 Bit bis zu mehreren Stunden dauern. Bitte haben sie Geduld.',
'dh name is invalid' => 'Name ist ungültig, bitte "dh1024.pem" verwenden.',
'dh key move failed' => 'Verschieben des Diffie-Hellman keys fehlgeschlagen.',
'dh key warn' => 'Diffie-Hellman Keys mit 1024 und 2048 Bit können mehrere Minuten, 3072 und 4096 Bit bis zu mehreren Stunden dauern. Bitte haben sie Geduld.',
'dh key warn1' => 'Bei schwachen Systemen oder Systeme mit wenig Entropie wird empfohlen lange Diffie-Hellman Keys über die Upload Funktion zu integrieren.',
'dhcp advopt add' => 'DHCP Option hinzufügen',
'dhcp advopt added' => 'DHCP Option hinzugefügt',
'dhcp advopt blank value' => 'Wert für DHCP Option darf nicht leer sein',
@@ -1656,9 +1657,9 @@
'ovpn con stat' => 'OpenVPN Verbindungs-Statistik',
'ovpn config' => 'OVPN-Konfiguration',
'ovpn crypt options' => 'Kryptografieoptionen',
'ovpn device' => 'OpenVPN-Gerät:',
'ovpn device' => 'OpenVPN-Gerät',
'ovpn dh' => 'Diffie-Hellman Key Länge',
'ovpn dh name' => 'Diffie-Hellman Key Name',
'ovpn dh upload' => 'Upload Diffie-Hellman Key',
'ovpn dl' => 'OVPN-Konfiguration downloaden',
'ovpn engines' => 'Krypto Engine',
'ovpn errmsg green already pushed' => 'Route für grünes Netzwerk wird immer gesetzt',
@@ -1683,7 +1684,7 @@
'ovpn reneg sec' => 'Session Key Lifetime',
'ovpn routes push' => 'Routen (eine pro Zeile) z.b. 192.168.10.0/255.255.255.0 192.168.20.0/24',
'ovpn routes push options' => 'Route push Optionen',
'ovpn server status' => 'OpenVPN-Server-Status:',
'ovpn server status' => 'OpenVPN-Server-Status',
'ovpn subnet' => 'OpenVPN-Subnetz:',
'ovpn subnet is invalid' => 'Das OpenVPN-Subnetz ist ungültig.',
'ovpn subnet overlap' => 'OpenVPNSubnetz überschneidet sich mit ',

8
langs/en/cgi-bin/en.pl
View File

@@ -684,7 +684,9 @@
'device' => 'Device',
'devices on blue' => 'Devices on BLUE',
'dh' => 'Diffie-Hellman Key',
'dh key warn' => 'Keys with 1024 and 2048 bit takes up to several minutes, 3072 and 4096 bit might needs several hours. Please be patient.',
'dh key move failed' => 'Diffie-Hellman key move failed.',
'dh key warn' => 'Diffie-Hellman keys with 1024 and 2048 bit takes up to several minutes, 3072 and 4096 bit might needs several hours. Please be patient.',
'dh key warn1' => 'For weak systems or systems with little entropy it is recommended to integrate long Diffie-Hellman Keys by usage of the upload function.',
'dh name is invalid' => 'Name is invalid, please use "dh1024.pem".',
'dhcp advopt add' => 'Add a DHCP option',
'dhcp advopt added' => 'DHCP option added',
@@ -1688,7 +1690,7 @@
'ovpn crypt options' => 'Cryptographic options',
'ovpn device' => 'OpenVPN device:',
'ovpn dh' => 'Diffie-Hellman key lenght',
'ovpn dh name' => 'Diffie-Hellman key name',
'ovpn dh upload' => 'Upload Diffie-Hellman Key',
'ovpn dl' => 'OVPN-Config Download',
'ovpn engines' => 'Crypto engine',
'ovpn errmsg green already pushed' => 'Route for green network is always set',
@@ -1718,7 +1720,6 @@
'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.',
'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ',
'ovpn_fastio' => 'Fast-IO',
'ovpn_fragment' => 'Fragmentsize',
'ovpn_mssfix' => 'MSSFIX Size',
'ovpn_mtudisc' => 'MTU-Discovery',
'ovpn_processprio' => 'Process priority',
@@ -2082,6 +2083,7 @@
'telephone not set' => 'Telephone not set.',
'template' => 'Preset',
'template warning' => 'You have two options to set up Qos. The First, you press the save button and generate the classes and rules on your own. The second, you press the preset button and classes and rules will be set up by a template.',
'teovpn_fragment' => 'Fragmentsize',
'test' => 'test',
'test email could not be sent' => 'Could not sent Testemail',
'test email was sent' => 'Testemail was send successfully',