From: Erik Kapfer <ummeegge@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 2/3] ovpn_reorganize_encryption: Added tls-auth into global section
Date: Sat, 27 Apr 2019 16:05:50 +0200 [thread overview]
Message-ID: <20190427140551.10647-2-ummeegge@ipfire.org> (raw)
In-Reply-To: <20190427140551.10647-1-ummeegge@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 6130 bytes --]
- Since HMAC selection is already in global section, it makes sense to keep the encryption togehter.
- Given tls-auth better understandable name.
Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
---
html/cgi-bin/ovpnmain.cgi | 35 +++++++++++++++++++----------------
langs/de/cgi-bin/de.pl | 1 +
langs/en/cgi-bin/en.pl | 1 +
3 files changed, 21 insertions(+), 16 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 80190dc34..d7895e600 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -790,7 +790,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
$vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
$vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
$vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
- $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
my @temp=();
if ($cgiparams{'FRAGMENT'} eq '') {
@@ -1201,6 +1200,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
$vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
$vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
$vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
+ $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
#wrtie enable
if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");}
@@ -2673,9 +2673,6 @@ ADV_ERROR:
$selected{'LOG_VERB'}{'10'} = '';
$selected{'LOG_VERB'}{'11'} = '';
$selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
- $checked{'TLSAUTH'}{'off'} = '';
- $checked{'TLSAUTH'}{'on'} = '';
- $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'status ovpn'}, 1, '');
@@ -2805,17 +2802,6 @@ print <<END;
</table>
<hr size='1'>
-
-<table width='100%'>
- <tr>
- <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
- </tr>
-
- <tr>
- <td class='base'>HMAC tls-auth</td>
- <td><input type='checkbox' name='TLSAUTH' $checked{'TLSAUTH'}{'on'} /></td>
- </tr>
- </table><hr>
END
if ( -e "/var/run/openvpn.pid"){
@@ -3492,7 +3478,7 @@ foreach my $dkey (keys %confighash) {
<tr><td class='boldbase' nowrap='nowrap'>Fragment:</td><td><b>$confighash{$key}[24]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn hmac'}:</td><td><b>$confighash{$key}[39]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn tls auth'}:</td><td><b>$confighash{$key}[39]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td><td><b>$confighash{$key}[40]</b></td></tr>
<tr><td> </td><td> </td></tr>
</table>
@@ -4533,6 +4519,9 @@ if ($cgiparams{'TYPE'} eq 'net') {
$selected{'DAUTH'}{'SHA256'} = '';
$selected{'DAUTH'}{'SHA1'} = '';
$selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
+ $checked{'TLSAUTH'}{'off'} = '';
+ $checked{'TLSAUTH'}{'on'} = '';
+ $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
if (1) {
&Header::showhttpheaders();
@@ -5079,6 +5068,9 @@ END
}
}
}
+ if ($cgiparams{'TLSAUTH'} eq '') {
+ $cgiparams{'TLSAUTH'} = 'off';
+ }
if ($cgiparams{'DOVPN_SUBNET'} eq '') {
$cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
}
@@ -5121,6 +5113,10 @@ END
$selected{'DAUTH'}{'SHA1'} = '';
$selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
+ $checked{'TLSAUTH'}{'off'} = '';
+ $checked{'TLSAUTH'}{'on'} = '';
+ $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
+
$checked{'DCOMPLZO'}{'off'} = '';
$checked{'DCOMPLZO'}{'on'} = '';
$checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
@@ -5255,6 +5251,13 @@ END
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
<td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'} /></td>
</tr>
+
+ <tr><td colspan='4'><br></td></tr>
+ <tr>
+ <td class='base'>$Lang::tr{'ovpn tls auth'}</td>
+ <td><input type='checkbox' name='TLSAUTH' $checked{'TLSAUTH'}{'on'} /></td>
+ </tr>
+
<tr><td colspan='4'><br><br></td></tr>
END
;
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index bea89fde3..eac4ed667 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1877,6 +1877,7 @@
'ovpn subnet' => 'OpenVPN-Subnetz:',
'ovpn subnet is invalid' => 'Das OpenVPN-Subnetz ist ungültig.',
'ovpn subnet overlap' => 'OpenVPNSubnetz überschneidet sich mit ',
+'ovpn tls auth' => 'TLS-Kanal Absicherung:',
'ovpn warning rfc3280' => 'Das Host Zertifikat ist nicht RFC3280 Regelkonform. <br>Bitte IPFire auf die letzte Version updaten und generieren sie ein neues Root und Host Zertifikat so bald wie möglich.</br><br>Es müssen dann alle OpenVPN clients erneuert werden!</br>',
'ovpn_fastio' => 'Fast-IO',
'ovpn_fragment' => 'Fragmentgrösse',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 449370a89..e853477dc 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1916,6 +1916,7 @@
'ovpn subnet' => 'OpenVPN subnet:',
'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.',
'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ',
+'ovpn tls auth' => 'TLS-Channel Protection:',
'ovpn warning rfc3280' => 'Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>',
'ovpn_fastio' => 'Fast-IO',
'ovpn_mssfix' => 'MSSFIX Size',
--
2.12.2
next prev parent reply other threads:[~2019-04-27 14:05 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-27 14:05 [PATCH 1/3] ovpn_reorganize_encryption: Integrate HMAC selection to " Erik Kapfer
2019-04-27 14:05 ` Erik Kapfer [this message]
2019-04-27 14:05 ` [PATCH 3/3] ovpn_reorganize_encryption: Integrate LZO from global to advanced section Erik Kapfer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190427140551.10647-2-ummeegge@ipfire.org \
--to=ummeegge@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox