openvpn: Added DH parameter to CA chart.

Added also a 'Default' mark in N2N cipher menu for AES-256-CBC. (cherry picked from commit c16d97c617)
2026-04-09 18:45:54 +02:00 · 2014-05-28 08:12:52 +02:00
parent 92bed25016
commit f7fb5bc5c9
10 changed files with 86 additions and 8 deletions
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -632,12 +632,14 @@ WARNING: untranslated string: countries
 WARNING: untranslated string: country codes and flags
 WARNING: untranslated string: countrycode
 WARNING: untranslated string: dead peer detection
+WARNING: untranslated string: default
 WARNING: untranslated string: deprecated fs warn
 WARNING: untranslated string: details
 WARNING: untranslated string: dh
 WARNING: untranslated string: dh key move failed
 WARNING: untranslated string: dh key warn
 WARNING: untranslated string: dh key warn1
+WARNING: untranslated string: dh parameter
 WARNING: untranslated string: dnat address
 WARNING: untranslated string: dns servers
 WARNING: untranslated string: dnsforward
@@ -648,6 +650,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: downlink
+WARNING: untranslated string: download dh parameter
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -642,12 +642,14 @@ WARNING: untranslated string: countries
 WARNING: untranslated string: country codes and flags
 WARNING: untranslated string: countrycode
 WARNING: untranslated string: dead peer detection
+WARNING: untranslated string: default
 WARNING: untranslated string: deprecated fs warn
 WARNING: untranslated string: details
 WARNING: untranslated string: dh
 WARNING: untranslated string: dh key move failed
 WARNING: untranslated string: dh key warn
 WARNING: untranslated string: dh key warn1
+WARNING: untranslated string: dh parameter
 WARNING: untranslated string: dnat address
 WARNING: untranslated string: dns address deleted txt
 WARNING: untranslated string: dns servers
@@ -659,6 +661,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: downlink
+WARNING: untranslated string: download dh parameter
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -650,11 +650,14 @@ WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: atm device
 WARNING: untranslated string: bytes
 WARNING: untranslated string: capabilities
+WARNING: untranslated string: default
 WARNING: untranslated string: dh
 WARNING: untranslated string: dh key move failed
 WARNING: untranslated string: dh key warn
 WARNING: untranslated string: dh key warn1
+WARNING: untranslated string: dh parameter
 WARNING: untranslated string: dns servers
+WARNING: untranslated string: download dh parameter
 WARNING: untranslated string: drop outgoing
 WARNING: untranslated string: firewall logs country
 WARNING: untranslated string: fwhost err hostip
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -632,12 +632,14 @@ WARNING: untranslated string: countries
 WARNING: untranslated string: country codes and flags
 WARNING: untranslated string: countrycode
 WARNING: untranslated string: dead peer detection
+WARNING: untranslated string: default
 WARNING: untranslated string: deprecated fs warn
 WARNING: untranslated string: details
 WARNING: untranslated string: dh
 WARNING: untranslated string: dh key move failed
 WARNING: untranslated string: dh key warn
 WARNING: untranslated string: dh key warn1
+WARNING: untranslated string: dh parameter
 WARNING: untranslated string: dnat address
 WARNING: untranslated string: dns servers
 WARNING: untranslated string: dnsforward
@@ -648,6 +650,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: downlink
+WARNING: untranslated string: download dh parameter
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -636,12 +636,14 @@ WARNING: untranslated string: countries
 WARNING: untranslated string: country codes and flags
 WARNING: untranslated string: countrycode
 WARNING: untranslated string: dead peer detection
+WARNING: untranslated string: default
 WARNING: untranslated string: deprecated fs warn
 WARNING: untranslated string: details
 WARNING: untranslated string: dh
 WARNING: untranslated string: dh key move failed
 WARNING: untranslated string: dh key warn
 WARNING: untranslated string: dh key warn1
+WARNING: untranslated string: dh parameter
 WARNING: untranslated string: disk access per
 WARNING: untranslated string: dnat address
 WARNING: untranslated string: dns servers
@@ -653,6 +655,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: downlink
+WARNING: untranslated string: download dh parameter
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -648,10 +648,13 @@ WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: bytes
 WARNING: untranslated string: capabilities
+WARNING: untranslated string: default
 WARNING: untranslated string: dh
 WARNING: untranslated string: dh key move failed
 WARNING: untranslated string: dh key warn
 WARNING: untranslated string: dh key warn1
+WARNING: untranslated string: dh parameter
+WARNING: untranslated string: download dh parameter
 WARNING: untranslated string: firewall logs country
 WARNING: untranslated string: fwhost err hostip
 WARNING: untranslated string: gen dh
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -76,6 +76,7 @@
 < countries
 < countrycode
 < country codes and flags
+< default
 < default ip
 < deprecated fs warn
 < details
@@ -83,6 +84,7 @@
 < dh key move failed
 < dh key warn
 < dh key warn1
+< dh parameter
 < dnat address
 < dns address deleted txt
 < dnsforward
@@ -93,6 +95,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dns servers
+< download dh parameter
 < dpd delay
 < dpd timeout
 < drop action
@@ -593,6 +596,7 @@
 < countries
 < countrycode
 < country codes and flags
+< default
 < default ip
 < deprecated fs warn
 < details
@@ -600,6 +604,7 @@
 < dh key move failed
 < dh key warn
 < dh key warn1
+< dh parameter
 < dnat address
 < dnsforward
 < dnsforward add a new entry
@@ -609,6 +614,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dns servers
+< download dh parameter
 < dpd delay
 < dpd timeout
 < drop action
@@ -1101,6 +1107,7 @@
 < countries
 < countrycode
 < country codes and flags
+< default
 < default ip
 < deprecated fs warn
 < details
@@ -1108,6 +1115,7 @@
 < dh key move failed
 < dh key warn
 < dh key warn1
+< dh parameter
 < dnat address
 < dnsforward
 < dnsforward add a new entry
@@ -1117,6 +1125,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dns servers
+< download dh parameter
 < dpd delay
 < dpd timeout
 < drop action
@@ -1587,6 +1596,7 @@
 < countrycode
 < country codes and flags
 < day-graph
+< default
 < default ip
 < deprecated fs warn
 < details
@@ -1594,6 +1604,7 @@
 < dh key move failed
 < dh key warn
 < dh key warn1
+< dh parameter
 < disk access per
 < dnat address
 < dnsforward
@@ -1604,6 +1615,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dns servers
+< download dh parameter
 < dpd delay
 < dpd timeout
 < drop action
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -1023,7 +1023,6 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
 ### Save main settings
 ###

-
 if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
    &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
    #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
@@ -1034,8 +1033,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
 	goto SETTINGS_ERROR;
    	}
    }
-    if ($errormessage) { goto SETTINGS_ERROR; }
-    
+
    if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) {
            $errormessage = $Lang::tr{'ovpn subnet is invalid'};
 			goto SETTINGS_ERROR;
@@ -1520,6 +1518,18 @@ END
 	print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`;
 	exit(0);
    }
+
+###
+### Download Diffie-Hellman parameter
+###
+}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download dh parameter'}) {
+    if ( -f "${General::swroot}/ovpn/ca/dh1024.pem" ) {
+	print "Content-Type: application/octet-stream\r\n";
+	print "Content-Disposition: filename=dh1024.pem\r\n\r\n";
+	print `/usr/bin/openssl dhparam -in ${General::swroot}/ovpn/ca/dh1024.pem`;
+	exit(0);
+    }
+
 ###
 ### Form for generating a root certificate
 ###
@@ -4470,7 +4480,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
 				<option value='CAMELLIA-256-CBC'	$selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
 				<option value='CAMELLIA-192-CBC'	$selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
 				<option value='CAMELLIA-128-CBC'	$selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
-				<option value='AES-256-CBC' 	 	$selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option>
+				<option value='AES-256-CBC' 	 	$selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'}, $Lang::tr{'default'})</option>
 				<option value='AES-192-CBC' 	 	$selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
 				<option value='AES-128-CBC' 	 	$selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
 				<option value='DES-EDE3-CBC'	 	$selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'})</option>
@@ -5216,7 +5226,9 @@ END
 END
    ;
    my $col1="bgcolor='$color{'color22'}'";
-	my $col2="bgcolor='$color{'color20'}'";
+    my $col2="bgcolor='$color{'color20'}'";
+    my $col3="bgcolor='$color{'color22'}'";
+
    if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
 		my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
 		$casubject    =~ /Subject: (.*)[\n]/;
@@ -5282,6 +5294,39 @@ END
 		;
    }

+    # Adding DH parameter to chart
+    if (-f "${General::swroot}/ovpn/ca/dh1024.pem") {
+		my $dhsubject = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
+		$dhsubject    =~ /PKCS#3 (.*)[\n]/;
+		$dhsubject    = $1;
+
+
+	print <<END;
+		<tr>
+			<td class='base' $col3>$Lang::tr{'dh parameter'}</td>
+			<td class='base' $col3>$dhsubject</td>
+		<form method='post' name='frmdhparam'><td width='3%' align='center' $col3>
+			<input type='hidden' name='ACTION' value='$Lang::tr{'show dh'}' />
+			<input type='image' name='$Lang::tr{'show dh'}' src='/images/info.gif' alt='$Lang::tr{'show dh'}' title='$Lang::tr{'show dh'}' width='20' height='20' border='0' />
+		</td></form>
+		<form method='post' name='frmdhparam'><td width='3%' align='center' $col3>
+			<input type='image' name="$Lang::tr{'download dh parameter'}" src='/images/media-floppy.png' alt="$Lang::tr{'download dh parameter'}" title="$Lang::tr{'download dh parameter'}" border='0' />
+			<input type='hidden' name='ACTION' value="$Lang::tr{'download dh parameter'}" />
+		</td></form>
+		<td width='4%' $col3>&nbsp;</td></tr>
+END
+		;
+    } else {
+		# Nothing
+		print <<END;
+		<tr>
+			<td width='25%' class='base' $col3>$Lang::tr{'dh parameter'}:</td>
+			<td class='base' $col3>$Lang::tr{'not present'}</td>
+		</td><td colspan='3' $col3>&nbsp;</td></tr>
+END
+		;
+    }
+
    if (! -f "${General::swroot}/ovpn/ca/cacert.pem") {
        print "<tr><td colspan='5' align='center'><form method='post'>";
 		print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />";
@@ -5367,9 +5412,6 @@ END
 		<td nowrap='nowrap'><size='15' align='left'/></td>
 		<td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
 	</tr>
-	<tr>
-		<td colspan='4' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'show dh'}' /></td>
-	</tr>
 	</table>
 	
 	<tr><td colspan=4><hr /></td></tr><tr>
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -635,6 +635,7 @@
 'december' => 'Dezember',
 'deep scan directories' => 'rekursiv scannen',
 'def lease time' => 'Standardzeit für Zuordnung',
+'default' => 'Voreinstellung',
 'default ip' => 'Standard IP-Adresse',
 'default lease time' => 'Haltezeit-Voreinstellung in min:',
 'default networks' => 'Standard Netzwerke',
@@ -666,6 +667,7 @@
 'dh key move failed' => 'Verschieben der Diffie-Hellman-Parameter fehlgeschlagen.',
 'dh key warn' => 'Das Generieren der Diffie-Hellman-Parameter mit 1024 oder 2048 Bit dauert üblicherweise mehrere Minuten. Schlüssellängen von 3072 oder 4096 Bit beanspruchen mehrere Stunden. Bitte haben Sie etwas Geduld.',
 'dh key warn1' => 'Bei schwachen Systemen oder Systeme mit wenig Entropie wird empfohlen lange Diffie-Hellman-Parameter über die Upload-Funktion hochzuladen.',
+'dh parameter' => 'Diffie-Hellman-Parameter',
 'dhcp advopt add' => 'DHCP Option hinzufügen',
 'dhcp advopt added' => 'DHCP Option hinzugefügt',
 'dhcp advopt blank value' => 'Wert für DHCP Option darf nicht leer sein',
@@ -768,6 +770,7 @@
 'download' => 'herunterladen',
 'download ca certificate' => 'CA-Zertifikat herunterladen',
 'download certificate' => 'Zertifikate herunterladen',
+'download dh parameter' => 'Diffie-Hellman-Parameter herunterladen',
 'download host certificate' => 'Host-Zertifikat herunterladen',
 'download new ruleset' => 'Neuen Regelsatz herunterladen',
 'download pkcs12 file' => 'PKCS12-Datei herunterladen',
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -657,6 +657,7 @@
 'december' => 'December',
 'deep scan directories' => 'Scan recursive',
 'def lease time' => 'Default Lease Time',
+'default' => 'Default',
 'default ip' => 'Default IP address',
 'default lease time' => 'Default lease time (mins):',
 'default networks' => 'Default networks',
@@ -689,6 +690,7 @@
 'dh key warn' => 'Creating Diffie-Hellman parameters with lengths of 1024 or 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.',
 'dh key warn1' => 'For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.',
 'dh name is invalid' => 'Name is invalid, please use "dh1024.pem".',
+'dh parameter' => 'Diffie-Hellman parameters',
 'dhcp advopt add' => 'Add a DHCP option',
 'dhcp advopt added' => 'DHCP option added',
 'dhcp advopt blank value' => 'DHCP Option value cannot be empty.',
@@ -794,6 +796,7 @@
 'download' => 'download',
 'download ca certificate' => 'Download CA certificate',
 'download certificate' => 'Download certificate',
+'download dh parameter' => 'Download Diffie-Hellman parameters',
 'download host certificate' => 'Download host certificate',
 'download new ruleset' => 'Download new ruleset',
 'download pkcs12 file' => 'Download PKCS12 file',