- The --auth directive has been enhanced with the Keccak (SHA3) family but also BLAKE2 has been integrated. - The TLS authentication has been enhanced with --tls-crypt and with OpenVPN version 2.5.0 new introduced --tls-crypt-v2 . - New keys will be shown and can partly be downloaded over the "Certificate Authorities and -Keys" table. - The global section has been completely cleaned up from encryption settings which follows the IPSec WUI style. Signed-off-by: ummeegge --- html/cgi-bin/ovpnmain.cgi | 367 +++++++++++++++++++++++++++++--------- langs/de/cgi-bin/de.pl | 10 +- langs/en/cgi-bin/en.pl | 12 +- 3 files changed, 298 insertions(+), 91 deletions(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index f2b8b79da..455b0a8a4 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -357,9 +357,19 @@ sub writeserverconf { # Set TLSv2 as minimum print CONF "tls-version-min 1.2\n"; - if ($sovpnsettings{'TLSAUTH'} eq 'on') { - print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n"; - } + # TLS control channel authentication + if ($sovpnsettings{'TLSAUTH'} ne 'off') { + if ($sovpnsettings{'TLSAUTH'} eq 'on') { + print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n"; + } + if ($sovpnsettings{'TLSAUTH'} eq 'tls-crypt') { + print CONF "tls-crypt ${General::swroot}/ovpn/certs/tc.key\n"; + } + if ($sovpnsettings{'TLSAUTH'} eq 'tls-crypt-v2') { + print CONF "tls-crypt-v2 ${General::swroot}/ovpn/certs/tc-v2-server.key\n"; + } + } + if ($sovpnsettings{DCOMPLZO} eq 'on') { print CONF "comp-lzo\n"; } @@ -944,6 +954,8 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) { &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); + $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'}; + $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'}; $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'}; $vpnsettings{'DATACIPHERS'} = $cgiparams{'DATACIPHERS'}; @@ -967,6 +979,39 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) { $vpnsettings{'NCHANNELCIPHERS'} = $cgiparams{'NCHANNELCIPHERS'}; } + # Create ta.key for tls-auth if not presant + if ($cgiparams{'TLSAUTH'} eq 'on') { + if ( ! -e "${General::swroot}/ovpn/certs/ta.key") { + system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key"); + if ($?) { + $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; + goto ADV_ENC_ERROR; + } + } + } + + # Create tc.key for tls-crypt if not presant + if ($cgiparams{'TLSAUTH'} eq 'tls-crypt') { + if ( ! -e "${General::swroot}/ovpn/certs/tc.key") { + system('/usr/sbin/openvpn', '--genkey', 'tls-crypt', "${General::swroot}/ovpn/certs/tc.key"); + if ($?) { + $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; + goto ADV_ENC_ERROR; + } + } + } + + # Create tc-v2-server.key for tls-crypt-v2 server if not presant + if ($cgiparams{'TLSAUTH'} eq 'tls-crypt-v2') { + if ( ! -e "${General::swroot}/ovpn/certs/tc-v2-server.key") { + system('/usr/sbin/openvpn', '--genkey', 'tls-crypt-v2-server', "${General::swroot}/ovpn/certs/tc-v2-server.key"); + if ($?) { + $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; + goto ADV_ENC_ERROR; + } + } + } + &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings); &writeserverconf(); } @@ -1257,17 +1302,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg goto SETTINGS_ERROR; } - # Create ta.key for tls-auth if not presant - if ($cgiparams{'TLSAUTH'} eq 'on') { - if ( ! -e "${General::swroot}/ovpn/certs/ta.key") { - system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key"); - if ($?) { - $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; - goto SETTINGS_ERROR; - } - } - } - $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'}; $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'}; $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'}; @@ -1278,8 +1312,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg $vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'}; $vpnsettings{'DMTU'} = $cgiparams{'DMTU'}; $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'}; - $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'}; - $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'}; #wrtie enable if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");} @@ -1708,14 +1740,36 @@ END ### ### Download tls-auth key ### -}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-auth key'}) { +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-auth key'}) { if ( -f "${General::swroot}/ovpn/certs/ta.key" ) { - print "Content-Type: application/octet-stream\r\n"; - print "Content-Disposition: filename=ta.key\r\n\r\n"; - print `/bin/cat ${General::swroot}/ovpn/certs/ta.key`; - exit(0); + print "Content-Type: application/octet-stream\r\n"; + print "Content-Disposition: filename=ta.key\r\n\r\n"; + print `/bin/cat ${General::swroot}/ovpn/certs/ta.key`; + exit(0); } +### +### Download tls-crypt key +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-crypt key'}) { + if ( -f "${General::swroot}/ovpn/certs/tc.key" ) { + print "Content-Type: application/octet-stream\r\n"; + print "Content-Disposition: filename=tc.key\r\n\r\n"; + print `/bin/cat ${General::swroot}/ovpn/certs/tc.key`; + exit(0); + } + +### +### Download tls-crypt-v2 key +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-crypt-v2 key'}) { + if ( -f "${General::swroot}/ovpn/certs/tc-v2-server.key" ) { + print "Content-Type: application/octet-stream\r\n"; + print "Content-Disposition: filename=tc-v2-server.key\r\n\r\n"; + print `/bin/cat ${General::swroot}/ovpn/certs/tc-v2-server.key`; + exit(0); + } + ### ### Form for generating a root certificate ### @@ -2443,6 +2497,29 @@ else print CLIENTCONF "tls-auth ta.key\r\n"; $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "Can't add file ta.key\n"; } + + # Add tls-crypt to client ovpn + if ($vpnsettings{'TLSAUTH'} eq 'tls-crypt') { + if ($cgiparams{'MODE'} eq 'insecure') { + print CLIENTCONF ";"; + } + print CLIENTCONF "tls-crypt tc.key\r\n"; + $zip->addFile( "${General::swroot}/ovpn/certs/tc.key", "tc.key") or die "Can't add file tc.key\n"; + } + + # Add client specific tls-crypt-v2 key to client.ovpn + if ($vpnsettings{'TLSAUTH'} eq 'tls-crypt-v2') { + if ($cgiparams{'MODE'} eq 'insecure') { + print CLIENTCONF ";"; + } + print CLIENTCONF "tls-crypt-v2 tc-v2-client-$confighash{$cgiparams{'KEY'}}[1].key\r\n"; + # Generate individual tls-crypt-v2 client key + my $cryptfile = "$tempdir/tc-v2-client-$confighash{$cgiparams{'KEY'}}[1].key"; + system('/usr/sbin/openvpn', '--tls-crypt-v2', "${General::swroot}/ovpn/certs/tc-v2-server.key", '--genkey', 'tls-crypt-v2-client', "$cryptfile"); + # Add individual tls-crypt-v2 client key to client package + $zip->addFile( "$cryptfile", "tc-v2-client-$confighash{$cgiparams{'KEY'}}[1].key") or die "Can't add file tc-v2-client-$confighash{$cgiparams{'KEY'}}[1].key\n"; + } + if ($vpnsettings{DCOMPLZO} eq 'on') { print CLIENTCONF "comp-lzo\r\n"; } @@ -2499,6 +2576,20 @@ else print CLIENTCONF "\r\n\r\n"; close(FILE); + # Create individual tls-crypt-v2 client key and print it to client.conf + if ($vpnsettings{'TLSAUTH'} eq 'tls-crypt-v2') { + my $cryptfile = "$tempdir/tc-v2-client-$confighash{$cgiparams{'KEY'}}[1].key"; + system('/usr/sbin/openvpn', '--tls-crypt-v2', "${General::swroot}/ovpn/certs/tc-v2-server.key", '--genkey', 'tls-crypt-v2-client', "$cryptfile"); + open(FILE, "<$cryptfile"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + } + # TLS auth if ($vpnsettings{'TLSAUTH'} eq 'on') { open(FILE, "<${General::swroot}/ovpn/certs/ta.key"); @@ -2680,7 +2771,7 @@ else &Header::showhttpheaders(); &Header::openpage($Lang::tr{'ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', ''); - &Header::openbox('100%', 'LEFT', "$Lang::tr{'ta key'}:"); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'ta key'}"); my $output = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`; $output = &Header::cleanhtml($output,"y"); print "
$output
\n"; @@ -2691,6 +2782,50 @@ else exit(0); } +### +### Display tls-crypt key +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show tls-crypt key'}) { + + if (! -e "${General::swroot}/ovpn/certs/tc.key") { + $errormessage = $Lang::tr{'not present'}; + } else { + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'tc key'}"); + my $output = `/bin/cat ${General::swroot}/ovpn/certs/tc.key`; + $output = &Header::cleanhtml($output,"y"); + print "
$output
\n"; + &Header::closebox(); + print "
$Lang::tr{'back'}
"; + &Header::closebigbox(); + &Header::closepage(); + exit(0); + } + +### +### Display tls-crypt-v2 server key +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show tls-crypt-v2 key'}) { + + if (! -e "${General::swroot}/ovpn/certs/tc-v2-server.key") { + $errormessage = $Lang::tr{'not present'}; + } else { + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'tc v2 key'}"); + my $output = `/bin/cat ${General::swroot}/ovpn/certs/tc-v2-server.key`; + $output = &Header::cleanhtml($output,"y"); + print "
$output
\n"; + &Header::closebox(); + print "
$Lang::tr{'back'}
"; + &Header::closebigbox(); + &Header::closepage(); + exit(0); + } + ### ### Display Certificate Revoke List ### @@ -2743,9 +2878,6 @@ ADV_ERROR: if ($cgiparams{'LOG_VERB'} eq '') { $cgiparams{'LOG_VERB'} = '3'; } - if ($cgiparams{'TLSAUTH'} eq '') { - $cgiparams{'TLSAUTH'} = 'off'; - } $checked{'CLIENT2CLIENT'}{'off'} = ''; $checked{'CLIENT2CLIENT'}{'on'} = ''; $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED'; @@ -2964,13 +3096,43 @@ END $key = &General::findhasharraykey (\%confighash); foreach my $i (39.. 45) { $confighash{$key}[$i] = ""; } } + $confighash{$key}[39] = $cgiparams{'DAUTH'}; $confighash{$key}[40] = $cgiparams{'DCIPHER'}; + $confighash{$key}[41] = $cgiparams{'TLSAUTH'}; $confighash{$key}[42] = $cgiparams{'DATACIPHERS'}; $confighash{$key}[43] = $cgiparams{'CHANNELCIPHERS'}; $confighash{$key}[44] = $cgiparams{'NCHANNELCIPHERS'}; ADV_ENC_ERROR: + # Set default for hash message authentication code + if ($cgiparams{'DAUTH'} eq '') { + $cgiparams{'DAUTH'} = 'SHA512'; #[39]; + } + $checked{'DAUTH'}{'BLAKE2b512'} = ''; + $checked{'DAUTH'}{'BLAKE2s256'} = ''; + $checked{'DAUTH'}{'SHA3-512'} = ''; + $checked{'DAUTH'}{'SHA3-384'} = ''; + $checked{'DAUTH'}{'SHA3-256'} = ''; + $checked{'DAUTH'}{'SHA512'} = ''; + $checked{'DAUTH'}{'SHA384'} = ''; + $checked{'DAUTH'}{'SHA256'} = ''; + $checked{'DAUTH'}{'whirlpool'} = ''; + $checked{'DAUTH'}{'SHA1'} = ''; + @temp = split('\|', $cgiparams{'DAUTH'}); + foreach my $key (@temp) {$checked{'DAUTH'}{$key} = "selected='selected'"; } + + # Set default for TLS control authentication + if ($cgiparams{'TLSAUTH'} eq '') { + $cgiparams{'TLSAUTH'} = 'tls-crypt'; #[41] + } + $checked{'TLSAUTH'}{'on'} = ''; + $checked{'TLSAUTH'}{'off'} = ''; + $checked{'TLSAUTH'}{'tls-crypt'} = ''; + $checked{'TLSAUTH'}{'tls-crypt-v2'} = ''; + @temp = split('\|', $cgiparams{'TLSAUTH'}); + foreach my $key (@temp) {$checked{'TLSAUTH'}{$key} = "selected='selected'"; } + # Set default for data-cipher-fallback (the old --cipher directive) if ($cgiparams{'DCIPHER'} eq '') { $cgiparams{'DCIPHER'} = 'AES-256-CBC'; #[40] @@ -3023,12 +3185,16 @@ ADV_ENC_ERROR: # Save settings and display default if not configured if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) { + $confighash{$cgiparams{'KEY'}}[39] = $cgiparams{'DAUTH'}; $confighash{$cgiparams{'KEY'}}[40] = $cgiparams{'DCIPHER'}; + $confighash{$cgiparams{'KEY'}}[41] = $cgiparams{'TLSAUTH'}; $confighash{$cgiparams{'KEY'}}[42] = $cgiparams{'DATACIPHERS'}; $confighash{$cgiparams{'KEY'}}[43] = $cgiparams{'CHANNELCIPHERS'}; $confighash{$cgiparams{'KEY'}}[44] = $cgiparams{'NCHANNELCIPHERS'}; } else { + $cgiparams{'DAUTH'} = $vpnsettings{'DAUTH'}; $cgiparams{'DCIPHER'} = $vpnsettings{'DCIPHER'}; + $cgiparams{'TLSAUTH'} = $vpnsettings{'TLSAUTH'}; $cgiparams{'DATACIPHERS'} = $vpnsettings{'DATACIPHERS'}; $cgiparams{'CHANNELCIPHERS'} = $vpnsettings{'CHANNELCIPHERS'}; $cgiparams{'NCHANNELCIPHERS'} = $vpnsettings{'NCHANNELCIPHERS'}; @@ -3132,6 +3298,44 @@ ADV_ENC_ERROR:

+

$Lang::tr{'ovpn crypt options'}:

+ + + + + + + + + + + + + + + +
$Lang::tr{'ovpn ha'}$Lang::tr{'ovpn tls auth'}
$Lang::tr{'ovpn data channel authentication'} + + + + +
END ; @@ -3906,7 +4110,6 @@ if ($confighash{$cgiparams{'KEY'}}) { $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37]; $cgiparams{'DAUTH'} = $confighash{$cgiparams{'KEY'}}[39]; $cgiparams{'DCIPHER'} = $confighash{$cgiparams{'KEY'}}[40]; - $cgiparams{'TLSAUTH'} = $confighash{$cgiparams{'KEY'}}[41]; # Index from [39] to [44] has been reserved by advanced encryption $cgiparams{'CLIENTVERSION'} = $confighash{$cgiparams{'KEY'}}[45]; } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { @@ -4824,16 +5027,6 @@ if ($cgiparams{'TYPE'} eq 'net') { $checked{'MSSFIX'}{'on'} = ''; $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED'; - $selected{'DAUTH'}{'whirlpool'} = ''; - $selected{'DAUTH'}{'SHA512'} = ''; - $selected{'DAUTH'}{'SHA384'} = ''; - $selected{'DAUTH'}{'SHA256'} = ''; - $selected{'DAUTH'}{'SHA1'} = ''; - $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED'; - $checked{'TLSAUTH'}{'off'} = ''; - $checked{'TLSAUTH'}{'on'} = ''; - $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED'; - if (1) { &Header::showhttpheaders(); &Header::openpage($Lang::tr{'ovpn'}, 1, ''); @@ -5378,21 +5571,6 @@ END if ($cgiparams{'MSSFIX'} eq '') { $cgiparams{'MSSFIX'} = 'off'; } - if ($cgiparams{'DAUTH'} eq '') { - if (-z "${General::swroot}/ovpn/ovpnconfig") { - $cgiparams{'DAUTH'} = 'SHA512'; - } - foreach my $key (keys %confighash) { - if ($confighash{$key}[3] ne 'host') { - $cgiparams{'DAUTH'} = 'SHA512'; - } else { - $cgiparams{'DAUTH'} = 'SHA1'; - } - } - } - if ($cgiparams{'TLSAUTH'} eq '') { - $cgiparams{'TLSAUTH'} = 'off'; - } if ($cgiparams{'DOVPN_SUBNET'} eq '') { $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0'; } @@ -5410,17 +5588,6 @@ END $selected{'DPROTOCOL'}{'tcp'} = ''; $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED'; - $selected{'DAUTH'}{'whirlpool'} = ''; - $selected{'DAUTH'}{'SHA512'} = ''; - $selected{'DAUTH'}{'SHA384'} = ''; - $selected{'DAUTH'}{'SHA256'} = ''; - $selected{'DAUTH'}{'SHA1'} = ''; - $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED'; - - $checked{'TLSAUTH'}{'off'} = ''; - $checked{'TLSAUTH'}{'on'} = ''; - $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED'; - $checked{'DCOMPLZO'}{'off'} = ''; $checked{'DCOMPLZO'}{'on'} = ''; $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED'; @@ -5523,30 +5690,6 @@ END -
- - $Lang::tr{'ovpn crypt options'}: - -
- - - $Lang::tr{'ovpn ha'} - - - - -
- - $Lang::tr{'ovpn tls auth'} - - -

END ; @@ -5845,6 +5988,10 @@ END my $col3="bgcolor='$color{'color22'}'"; # ta.key line my $col4="bgcolor='$color{'color20'}'"; + # tc-v2.key line + my $col5="bgcolor='$color{'color22'}'"; + # tc.key + my $col6="bgcolor='$color{'color20'}'"; if (-f "${General::swroot}/ovpn/ca/cacert.pem") { my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`; @@ -5974,7 +6121,7 @@ END # Nothing print < - $Lang::tr{'ta key'}: + $Lang::tr{'ta key'} $Lang::tr{'not present'}   @@ -5982,6 +6129,52 @@ END ; } + # Adding tc-v2.key to chart + if (-f "${General::swroot}/ovpn/certs/tc-v2-server.key") { + my $tcvsubject = `/bin/cat ${General::swroot}/ovpn/certs/tc-v2-server.key`; + $tcvsubject =~ /-----BEGIN (.*)-----[\n]/; + $tcvsubject = $1; + print < + $Lang::tr{'tc v2 key'} + $tcvsubject +
+ + +
+
+   + +END +; + } + + # Adding tc.key to chart + if (-f "${General::swroot}/ovpn/certs/tc.key") { + my $tcsubject = `/bin/cat ${General::swroot}/ovpn/certs/tc.key`; + $tcsubject =~ /# (.*)[\n]/; + $tcsubject = $1; + print < + $Lang::tr{'tc key'} + $tcsubject + + + + +
+ + +
+   + +END +; + } + + if (! -f "${General::swroot}/ovpn/ca/cacert.pem") { print "
"; print ""; diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index cc7755018..9ffbbf432 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -894,6 +894,9 @@ 'download new ruleset' => 'Neuen Regelsatz herunterladen', 'download pkcs12 file' => 'PKCS12-Datei herunterladen', 'download root certificate' => 'Root-Zertifikat herunterladen', +'download tls-auth key' => 'TLS-Auth Schlüssel herunterladen', +'download tls-crypt key' => 'TLS-Crypt Schlüssel herunterladen', +'download tls-crypt-v2 key' => 'TLS-Crypt-v2 Schlüssel herunterladen', 'download tls-auth key' => 'tls-auth Key herunterladen', 'dpd action' => 'Aktion für Erkennung toter Gegenstellen (Dead Peer Detection)', 'dpd delay' => 'Verzögerung', @@ -1951,7 +1954,7 @@ 'ovpn subnet' => 'OpenVPN-Subnetz:', 'ovpn subnet is invalid' => 'Das OpenVPN-Subnetz ist ungültig.', 'ovpn subnet overlap' => 'OpenVPNSubnetz überschneidet sich mit ', -'ovpn tls auth' => 'TLS-Kanalabsicherung:', +'ovpn tls auth' => 'TLS-Kanalabsicherung', 'ovpn warning rfc3280' => 'Das Host Zertifikat ist nicht RFC3280 Regelkonform.
Bitte IPFire auf die letzte Version updaten und generieren sie ein neues Root und Host Zertifikat so bald wie möglich.

Es müssen dann alle OpenVPN clients erneuert werden!
', 'ovpn_fastio' => 'Fast-IO', 'ovpn_fragment' => 'Fragmentgrösse', @@ -2224,6 +2227,9 @@ 'show last x lines' => 'die letzten x Zeilen anzeigen', 'show root certificate' => 'Root-Zertifikat anzeigen', 'show share options' => 'Anzeige der Freigabeeinstellungen', +'show tls-auth key' => 'TLS-Auth Schlüssel anzeigen', +'show tls-crypt key' => 'TLS-Crypt Schlüssel anzeigen', +'show tls-crypt-v2 key' => 'TLS-Crypt-v2 Schlüssel anzeigen', 'shuffle' => 'Zufall', 'shutdown' => 'Herunterfahren', 'shutdown ask' => 'Herunterfahren?', @@ -2350,6 +2356,8 @@ 'system logs' => 'Systemprotokolldateien', 'system status information' => 'System-Statusinformationen', 'ta key' => 'TLS-Authentifizierungsschlüssel', +'tc key' => 'TLS-Kryptografie-Schlüssel', +'tc v2 key' => 'TLS-Kryptografie-Schlüssel-Version2', 'taa zombieload2' => 'TSX Async Abort / ZombieLoad v2', 'tcp more reliable' => 'TCP (zuverlässiger)', 'telephone not set' => 'Telefonnummer nicht angegeben.', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 3dcb8d46e..6707a3a71 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -918,7 +918,9 @@ 'download new ruleset' => 'Download new ruleset', 'download pkcs12 file' => 'Download PKCS12 file', 'download root certificate' => 'Download root certificate', -'download tls-auth key' => 'Download tls-auth key', +'download tls-auth key' => 'Download TLS-Auth key', +'download tls-crypt key' => 'Download TLS-Crypt key', +'download tls-crypt-v2 key' => 'Download TLS-Crypt-v2 server key', 'dpd action' => 'Action', 'dpd delay' => 'Delay', 'dpd timeout' => 'Timeout', @@ -1983,7 +1985,7 @@ 'ovpn subnet' => 'OpenVPN subnet:', 'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.', 'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ', -'ovpn tls auth' => 'TLS Channel Protection:', +'ovpn tls auth' => 'TLS Channel Protection', 'ovpn warning rfc3280' => 'Your host certificate is not RFC3280 compliant.
Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.

All OpenVPN clients needs then to be renewed!
', 'ovpn_fastio' => 'Fast-IO', 'ovpn_mssfix' => 'MSSFIX Size', @@ -2260,7 +2262,9 @@ 'show lines' => 'Show lines', 'show root certificate' => 'Show root certificate', 'show share options' => 'Show shares options', -'show tls-auth key' => 'Show tls-auth key', +'show tls-auth key' => 'Show TLS-Auth key', +'show tls-crypt key' => 'Show TLS-Crypt key', +'show tls-crypt-v2 key' => 'Show TLS-Crypt-v2 key', 'shuffle' => 'Shuffle', 'shutdown' => 'Shutdown', 'shutdown ask' => 'Shutdown?', @@ -2388,6 +2392,8 @@ 'system logs' => 'System Logs', 'system status information' => 'System Status Information', 'ta key' => 'TLS-Authentification-Key', +'tc key' => 'TLS-Cryptografic-Key', +'tc v2 key' => 'TLS-Cryptografic-Key-version2', 'taa zombieload2' => 'TSX Async Abort / ZombieLoad v2', 'tcp more reliable' => 'TCP (more reliable)', 'telephone not set' => 'Telephone not set.', -- 2.20.1