From mboxrd@z Thu Jan  1 00:00:00 1970
From: ummeegge <erik.kapfer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH v2 1/7] OpenVPN: Introduce advanced encryption section
Date: Thu, 10 Dec 2020 16:59:19 +0000
Message-ID: <20201210165925.25037-1-erik.kapfer@ipfire.org>
In-Reply-To: <20201203120807.20694-1-erik.kapfer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0774096222853728998=="
List-Id: <development.lists.ipfire.org>

--===============0774096222853728998==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

- The whole crypto section will be sorted out from the global section to
an extra page while this patchset and a set of defaults should handle
the encryption also for not experienced users. The WUI style has been
adopted from the IPSec WUI.

- The new directive '--data-ciphers algs' has been introduced for RWs with
OpenVPN version 2.5.0. This directive negotiates with the clients the
best but also available cipher. The selection for '--data-ciphers algs' is
between the GCM family and the new CHACHA20-POLY1305. All ciphers
can be combined with another.
- The new directive '--data-ciphers algs' substitutes '--ncp-disable', theref=
or
'--ncp-disable' has been removed which fixes the deprecation warning in
the new OpenVPN-2.5.0 server instance.
- While client generation the client version can be set via a checkbox
which enables, if client is >=3D2.5.0 a full cipher negotiation by printing
also the '--data-cipher algs' directive into the client.ovpn, if the client
version <=3D2.5.0 (checkbox off), the old deprecated '--cipher alg' will be w=
ritten.
Existing clients can also subsequently be enhanced via editing the
connection.

Signed-off-by: ummeegge <erik.kapfer(a)ipfire.org>
---
 html/cgi-bin/ovpnmain.cgi | 192 +++++++++++++++++++++++++++++++++++++-
 langs/de/cgi-bin/de.pl    |   7 ++
 langs/en/cgi-bin/en.pl    |   7 ++
 langs/es/cgi-bin/es.pl    |   7 ++
 langs/fr/cgi-bin/fr.pl    |   7 ++
 langs/it/cgi-bin/it.pl    |   7 ++
 langs/nl/cgi-bin/nl.pl    |   7 ++
 langs/pl/cgi-bin/pl.pl    |   7 ++
 langs/ru/cgi-bin/ru.pl    |   7 ++
 langs/tr/cgi-bin/tr.pl    |   7 ++
 10 files changed, 251 insertions(+), 4 deletions(-)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 68a70d147..40ae58673 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -75,6 +75,7 @@ my $name;
 my $col=3D"";
 my $local_serverconf =3D "${General::swroot}/ovpn/scripts/server.conf.local";
 my $local_clientconf =3D "${General::swroot}/ovpn/scripts/client.conf.local";
+my @advcipherchar=3D();
=20
 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
 $cgiparams{'ENABLED'} =3D 'off';
@@ -98,6 +99,7 @@ $cgiparams{'number'} =3D '';
 $cgiparams{'DCIPHER'} =3D '';
 $cgiparams{'DAUTH'} =3D '';
 $cgiparams{'TLSAUTH'} =3D '';
+$cgiparams{'DATACIPHERS'} =3D '';
 $routes_push_file =3D "${General::swroot}/ovpn/routes_push";
 # Perform crypto and configration test
 &pkiconfigcheck;
@@ -325,8 +327,16 @@ sub writeserverconf {
     }=09
     print CONF "status-version 1\n";
     print CONF "status /var/run/ovpnserver.log 30\n";
-    print CONF "ncp-disable\n";
     print CONF "cipher $sovpnsettings{DCIPHER}\n";
+
+	# Data channel encryption
+	# Set seperator for data ciphers
+	@advcipherchar =3D ($sovpnsettings{'DATACIPHERS'} =3D~ s/\|/:/g);
+	# Add also algorithm from --cipher directive
+	if ($sovpnsettings{'DATACIPHERS'} ne '') {
+		print CONF "data-ciphers $sovpnsettings{'DATACIPHERS'}\n";
+	}
+
 	print CONF "auth $sovpnsettings{'DAUTH'}\n";
     # Set TLSv2 as minimum
     print CONF "tls-version-min 1.2\n";
@@ -911,6 +921,27 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'=
}) {
     &writeserverconf();#hier ok
 }
=20
+###
+### Save Advanced encryption
+###
+
+if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) {
+	&General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
+
+	$vpnsettings{'DATACIPHERS'} =3D $cgiparams{'DATACIPHERS'};
+
+	# --data-ciphers needs at least one cipher
+	if ($cgiparams{'DATACIPHERS'} eq '') {
+		$errormessage =3D $Lang::tr{'ovpn errmsg invalid data cipher input'};
+		goto ADV_ENC_ERROR;
+	}
+
+	&General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
+	&writeserverconf();
+}
+
+### End Save advanced encryption
+
 ###
 # m.a.d net2net
 ###
@@ -2344,7 +2375,16 @@ else
 	$zip->addFile( "${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem")  or d=
ie "Can't add file cacert.pem\n";
 	$zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}=
}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add=
 file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";   =20
     }
-    print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
+
+	# Set --data-ciphers for client >=3D2.5.0 or --cipher for <2.5.0 in client.=
ovpn
+	if ($confighash{$cgiparams{'KEY'}}[45] eq 'on') {
+		# Set seperator for --data-ciphers algorithms
+		@advcipherchar =3D ($vpnsettings{'DATACIPHERS'} =3D~ s/\|/:/g);
+		print CLIENTCONF "data-ciphers $vpnsettings{'DATACIPHERS'}\r\n";
+	} else {
+		print CLIENTCONF "cipher $vpnsettings{'DCIPHER'}\r\n";
+	}
+
 	print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
=20
     if ($vpnsettings{'TLSAUTH'} eq 'on') {
@@ -2859,7 +2899,132 @@ END
     &Header::closebigbox();
     &Header::closepage();
     exit(0);
-=09
+
+###
+### Advanced encryption settings
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ovpn advanced encryption'}) {
+	%cgiparams =3D ();
+	%confighash =3D ();
+	my @temp=3D();
+	my $disabled;
+	&General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
+
+	my $key =3D $cgiparams{'KEY'};
+	if (! $key) {
+		$key =3D &General::findhasharraykey (\%confighash);
+		foreach my $i (39.. 45) { $confighash{$key}[$i] =3D ""; }
+	}
+	$confighash{$key}[42] =3D $cgiparams{'DATACIPHERS'};
+
+ADV_ENC_ERROR:
+
+	# Set default data channel ciphers
+	if ($cgiparams{'DATACIPHERS'} eq '') {
+		$cgiparams{'DATACIPHERS'} =3D 'ChaCha20-Poly1305|AES-256-GCM'; #[42];
+	}
+	$checked{'DATACIPHERS'}{'ChaCha20-Poly1305'} =3D '';
+	$checked{'DATACIPHERS'}{'AES-256-GCM'} =3D '';
+	$checked{'DATACIPHERS'}{'AES-192-GCM'} =3D '';
+	$checked{'DATACIPHERS'}{'AES-128-GCM'} =3D '';
+	@temp =3D split('\|', $cgiparams{'DATACIPHERS'});
+	foreach my $key (@temp) {$checked{'DATACIPHERS'}{$key} =3D "selected=3D'sel=
ected'"; }
+
+	# Save settings and display default if not configured
+	if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) {
+		$confighash{$cgiparams{'KEY'}}[42] =3D $cgiparams{'DATACIPHERS'};
+	} else {
+		$cgiparams{'DATACIPHERS'} =3D $vpnsettings{'DATACIPHERS'};
+	}
+
+ADV_ENC_ERROR:
+
+	&Header::showhttpheaders();
+	&Header::openpage($Lang::tr{'ovpn'}, 1, '');
+	&Header::openbigbox('100%', 'left', '', $errormessage);
+	if ($errormessage) {
+		&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+		print "<class name=3D'base'>$errormessage";
+		print "&nbsp;</class>";
+		&Header::closebox();
+	}
+
+	if ($warnmessage) {
+		&Header::openbox('100%', 'left', "$Lang::tr{'warning messages'}:");
+		print "<class name=3D'base'>$warnmessage";
+		print "&nbsp;</class>";
+		&Header::closebox();
+	}
+
+	print "<form method=3D'post' enctype=3D'multipart/form-data' action=3D'$ENV=
{'SCRIPT_NAME'}'>";
+	&Header::openbox('100%', 'left', "$Lang::tr{'ovpn advanced encryption'}:");
+	print<<END
+
+	<form method=3D'post' enctype=3D'multipart/form-data' action=3D'$ENV{'SCRIP=
T_NAME'}'>
+	<input type=3D'hidden' name=3D'KEY' value=3D'$cgiparams{'KEY'}' />
+
+	<table width=3D'100%'>
+		<thead>
+			<tr>
+				<th width=3D"15%"></th>
+				<th>$Lang::tr{'ovpn data channel'}</th>
+			</tr>
+		</thead>
+		<tbody>
+			<tr>
+				<td class=3D'boldbase' width=3D"27%">$Lang::tr{'ovpn data encryption'}</=
td>
+				<td class=3D'boldbase'>
+					<select name=3D'DATACIPHERS' multiple=3D'multiple' size=3D'6' style=3D'=
width: 100%'>
+						<option value=3D'ChaCha20-Poly1305' $checked{'DATACIPHERS'}{'ChaCha20-=
Poly1305'}>256 bit ChaCha20-Poly1305</option>
+						<option value=3D'AES-256-GCM' $checked{'DATACIPHERS'}{'AES-256-GCM'}>2=
56 $Lang::tr{'bit'} AES-GCM</option>
+						<option value=3D'AES-192-GCM' $checked{'DATACIPHERS'}{'AES-192-GCM'}>1=
92 $Lang::tr{'bit'} AES-GCM</option>
+						<option value=3D'AES-128-GCM' $checked{'DATACIPHERS'}{'AES-128-GCM'}>1=
28 $Lang::tr{'bit'} AES-GCM</option>
+					</select>
+				</td>
+			</tr>
+		</tbody>
+	</table>
+	<hr>
+END
+;
+
+	if ( -e "/var/run/openvpn.pid") {
+		print"  <br><b><font color=3D'#990000'>$Lang::tr{'attention'}:</b></font><=
br>$Lang::tr{'server restart'}<br><br><hr>";
+		print<<END;
+			<table width=3D'100%'>
+				<tr>
+					<td>&nbsp;</td>
+					<td allign=3D'center'><input type=3D'submit' name=3D'ACTION' value=3D'$=
Lang::tr{'save-enc-options'}' disabled=3D'disabled' /></td>
+					<td allign=3D'center'><input type=3D'submit' name=3D'ACTION' value=3D'$=
Lang::tr{'cancel-adv-options'}' /></td>
+					<td>&nbsp;</td>
+				</tr>
+			</table>
+		</form>
+END
+;
+
+	} else {
+		print<<END;
+			<table width=3D'100%'>
+				<tr>
+					<td>&nbsp;</td>
+					<td allign=3D'center'><input type=3D'submit' name=3D'ACTION' value=3D'$=
Lang::tr{'save-enc-options'}' /></td>
+					<td allign=3D'center'><input type=3D'submit' name=3D'ACTION' value=3D'$=
Lang::tr{'cancel-adv-options'}' /></td>
+					<td>&nbsp;</td>
+				</tr>
+			</table>
+		</form>
+END
+;
+
+	}
+
+	&Header::closebox();
+	&Header::closebigbox();
+	&Header::closepage();
+	exit(0);
+
+### END advanced encryption
=20
 # A.Marx CCD   Add,delete or edit CCD net
=20
@@ -3595,6 +3760,8 @@ if ($confighash{$cgiparams{'KEY'}}) {
 		$cgiparams{'DAUTH'}		=3D $confighash{$cgiparams{'KEY'}}[39];
 		$cgiparams{'DCIPHER'}		=3D $confighash{$cgiparams{'KEY'}}[40];
 		$cgiparams{'TLSAUTH'}		=3D $confighash{$cgiparams{'KEY'}}[41];
+		# Index from [39] to [44] has been reserved by advanced encryption
+		$cgiparams{'CLIENTVERSION'} =3D $confighash{$cgiparams{'KEY'}}[45];
 	} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
 	$cgiparams{'REMARK'} =3D &Header::cleanhtml($cgiparams{'REMARK'});
 =09
@@ -4338,6 +4505,8 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
 		$confighash{$key}[41] =3D "no-pass";
 	}
+	# Index from [39] to [44] has been reserved by advanced encryption
+	$confighash{$key}[45]         =3D $cgiparams{'CLIENTVERSION'};
=20
 	&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash=
);
 =09
@@ -4749,6 +4918,7 @@ if ($cgiparams{'TYPE'} eq 'host') {
 	    print"</td></tr></table><br><br>";
 		my $name=3D$cgiparams{'CHECK1'};
 		$checked{'RG'}{$cgiparams{'RG'}} =3D 'CHECKED';
+		$checked{'CLIENTVERSION'}{$cgiparams{'CLIENTVERSION'}} =3D 'CHECKED';
 	=09
 	if (! -z "${General::swroot}/ovpn/ccd.conf"){=09
 		print"<table border=3D'0' width=3D'100%' cellspacing=3D'1' cellpadding=3D'=
0'><tr><td width=3D'1%'></td><td width=3D'30%' class=3D'boldbase' align=3D'ce=
nter'><b>$Lang::tr{'ccd name'}</td><td width=3D'15%' class=3D'boldbase' align=
=3D'center'><b>$Lang::tr{'network'}</td><td class=3D'boldbase' align=3D'cente=
r' width=3D'18%'><b>$Lang::tr{'ccd clientip'}</td></tr>";
@@ -4884,7 +5054,12 @@ if ($cgiparams{'TYPE'} eq 'host') {
 =09
 	print <<END;
 	<table border=3D'0' width=3D'100%'>
-	<tr><td width=3D'20%'>Redirect Gateway:</td><td colspan=3D'3'><input type=
=3D'checkbox' name=3D'RG' $checked{'RG'}{'on'} /></td></tr>
+		<tr><td width=3D'30%'>Redirect Gateway:</td><td colspan=3D'3'><input type=
=3D'checkbox' name=3D'RG' $checked{'RG'}{'on'} /></td></tr>
+		<tr>
+			<td width=3D'30%'>$Lang::tr{'ovpn client version 25 cipher negotiation'}:=
</td>
+			<td colspan=3D'3'><input type=3D'checkbox' name=3D'CLIENTVERSION' $checke=
d{'CLIENTVERSION'}{'on'} />
+			<font color=3D'red'>&nbsp;$Lang::tr{'ovpn client version 25 warning'}</fo=
nt></td>
+		</tr>
 	<tr><td colspan=3D'4'><b><br>$Lang::tr{'ccd routes'}</b></td></tr>
 	<tr><td colspan=3D'4'>&nbsp</td></tr>
 	<tr><td valign=3D'top'>$Lang::tr{'ccd iroute'}</td><td align=3D'left' width=
=3D'30%'><textarea name=3D'IR' cols=3D'26' rows=3D'6' wrap=3D'off'>
@@ -5138,6 +5313,13 @@ END
     $checked{'DCOMPLZO'}{'on'} =3D '';
     $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} =3D 'CHECKED';
=20
+	if ($cgiparams{'CLIENTVERSION'} =3D '' ) {
+		$cgiparams{'CLIENTVERSION'} =3D 'off';
+	}
+	$checked{'CLIENTVERSION'}{'off'} =3D '';
+	$checked{'CLIENTVERSION'}{'on'} =3D '';
+	$checked{'CLIENTVERSION'}{$cgiparams{'CLIENTVERSION'}} =3D 'CHECKED';
+
 # m.a.d
     $checked{'MSSFIX'}{'off'} =3D '';
     $checked{'MSSFIX'}{'on'} =3D '';
@@ -5281,11 +5463,13 @@ END
 	print "<tr><td align=3D'right' colspan=3D'4'><input type=3D'submit' name=3D=
'ACTION' value=3D'$Lang::tr{'save'}' disabled=3D'disabled' />";
 	print "<input type=3D'submit' name=3D'ACTION' value=3D'$Lang::tr{'ccd net'}=
' />";
 	print "<input type=3D'submit' name=3D'ACTION' value=3D'$Lang::tr{'advanced =
server'}' />";=09
+	print "<input type=3D'submit' name=3D'ACTION' value=3D'$Lang::tr{'ovpn adva=
nced encryption'}' />";
 	print "<input type=3D'submit' name=3D'ACTION' value=3D'$Lang::tr{'stop ovpn=
 server'}' /></td></tr>";
     } else{
 	print "<tr><td align=3D'right' colspan=3D'4'><input type=3D'submit' name=3D=
'ACTION' value=3D'$Lang::tr{'save'}' />";
 	print "<input type=3D'submit' name=3D'ACTION' value=3D'$Lang::tr{'ccd net'}=
' />";
 	print "<input type=3D'submit' name=3D'ACTION' value=3D'$Lang::tr{'advanced =
server'}' />";
+	print "<input type=3D'submit' name=3D'ACTION' value=3D'$Lang::tr{'ovpn adva=
nced encryption'}' />";
 	if (( -e "${General::swroot}/ovpn/ca/cacert.pem" &&
 	     -e "${General::swroot}/ovpn/ca/dh1024.pem" &&
 	     -e "${General::swroot}/ovpn/certs/servercert.pem" &&
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 2fb46e741..0d0705845 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1901,10 +1901,15 @@
 'override mtu' =3D> '=C3=9Cberschreibe Standard-MTU',
 'ovpn' =3D> 'OpenVPN',
 'ovpn add conf' =3D> 'Erweiterte Konfiguration',
+'ovpn advanced encryption' =3D> 'Erweiterte Kryptografie Einstellung',
+'ovpn client version 25 cipher negotiation' =3D> 'Verschl=C3=BCsselung ausha=
ndeln',
+'ovpn client version 25 warning' =3D> 'Erst ab Client Version 2.5.0 verf=C3=
=BCgbar',
 'ovpn con stat' =3D> 'OpenVPN Verbindungs-Statistik',
 'ovpn config' =3D> 'OVPN-Konfiguration',
 'ovpn connection name' =3D> 'Verbindungs-Name',
 'ovpn crypt options' =3D> 'Kryptografieoptionen',
+'ovpn data encryption' =3D> 'Daten-Kanal Verschl=C3=BCsselung',
+'ovpn data channel' =3D> 'Daten-Kanal',
 'ovpn device' =3D> 'OpenVPN-Ger=C3=A4t',
 'ovpn dh' =3D> 'Diffie-Hellman-Parameter-L=C3=A4nge',
 'ovpn dh new key' =3D> 'Neuen Diffie-Hellman Parameter erstellen',
@@ -1913,6 +1918,7 @@
 'ovpn dl' =3D> 'OVPN-Konfiguration downloaden',
 'ovpn engines' =3D> 'Krypto Engine',
 'ovpn errmsg green already pushed' =3D> 'Route f=C3=BCr gr=C3=BCnes Netzwerk=
 wird immer gesetzt',
+'ovpn errmsg invalid data cipher input' =3D> 'Der Daten-Kanal ben=C3=B6tigt =
mindestens einen Algorithmus',
 'ovpn errmsg invalid ip or mask' =3D> 'Ung=C3=BCltige Netzwerk-Adresse oder =
Subnetzmaske',
 'ovpn error dh' =3D> 'Der Diffie-Hellman Parameter muss mindestens 2048 bit =
lang sein! <br>Bitte einen neuen Diffie-Hellman Parameter erzeugen oder hochl=
aden, dies kann unten =C3=BCber den Bereich "Diffie-Hellman-Parameter Optione=
n" gemacht werden.</br>',
 'ovpn error md5' =3D> 'Das Host Zertifikat nutzt einen MD5 Algorithmus welch=
er nicht mehr akzeptiert wird. <br>Bitte IPFire auf die neueste Version updat=
en und generieren sie ein neues Root und Host Zertifikate.</br><br>Es m=C3=BC=
ssen dann alle OpenVPN clients erneuert werden!</br>',
@@ -2163,6 +2169,7 @@
 'save error' =3D> 'Konfigurationsarchiv-Datei konnte nicht gespeichert werde=
n',
 'save settings' =3D> 'Einstellungen speichern',
 'save-adv-options' =3D> 'Erweiterte Optionen speichern',
+'save-enc-options' =3D> 'Kryptografie Optionen speichern',
 'script name' =3D> 'Skriptname:',
 'search' =3D> 'Suchen',
 'secondary dns' =3D> 'Sekund=C3=A4rer DNS-Server:',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index b5284effa..affa43cd3 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1933,10 +1933,15 @@
 'override mtu' =3D> 'Override default MTU',
 'ovpn' =3D> 'OpenVPN',
 'ovpn add conf' =3D> 'Additional configuration',
+'ovpn advanced encryption' =3D> 'Advanced encryption settings',
+'ovpn client version 25 cipher negotiation' =3D> 'Negotiate encryption',
+'ovpn client version 25 warning' =3D> 'Available with client version 2.5.0 a=
nd higher',
 'ovpn con stat' =3D> 'OpenVPN Connection Statistics',
 'ovpn config' =3D> 'OVPN-Config',
 'ovpn connection name' =3D> 'Connection Name',
 'ovpn crypt options' =3D> 'Cryptographic options',
+'ovpn data encryption' =3D> 'Data-Channel encryption',
+'ovpn data channel' =3D> 'Data-Channel',
 'ovpn device' =3D> 'OpenVPN device:',
 'ovpn dh' =3D> 'Diffie-Hellman parameters length',
 'ovpn dh new key' =3D> 'Generate new Diffie-Hellman parameters',
@@ -1945,6 +1950,7 @@
 'ovpn dl' =3D> 'OVPN-Config Download',
 'ovpn engines' =3D> 'Crypto engine',
 'ovpn errmsg green already pushed' =3D> 'Route for green network is always s=
et',
+'ovpn errmsg invalid data cipher input' =3D> 'The data cipher needs at least=
 one cipher',
 'ovpn errmsg invalid ip or mask' =3D> 'Invalid network-address or subnetmask=
',
 'ovpn error dh' =3D> 'The Diffie-Hellman parameter needs to be in minimum 20=
48 bit! <br>Please generate or upload a new Diffie-Hellman parameter, this ca=
n be made below in the section "Diffie-Hellman parameters options".</br>',
 'ovpn error md5' =3D> 'You host certificate uses MD5 for the signature which=
 is not accepted anymore. <br>Please update to the latest IPFire version and =
generate a new root and host certificate.</br><br>All OpenVPN clients needs t=
hen to be renewed!</br>',
@@ -2196,6 +2202,7 @@
 'save error' =3D> 'Unable to save configuration archive file',
 'save settings' =3D> 'Save settings',
 'save-adv-options' =3D> 'Save advanced options',
+'save-enc-options' =3D> 'Save encryption options',
 'script name' =3D> 'Script name:',
 'search' =3D> 'Search',
 'secondary dns' =3D> 'Secondary DNS:',
diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl
index 93a15bba0..3d6efc21a 100644
--- a/langs/es/cgi-bin/es.pl
+++ b/langs/es/cgi-bin/es.pl
@@ -36,6 +36,9 @@
 'Number of IPs for the pie chart' =3D> 'N=C3=BAmero de IPS para la gr=C3=A1f=
ica circular',
 'Number of Ports for the pie chart' =3D> 'N=C3=BAmero de puerto para la gr=
=C3=A1fica circular',
 'OVPN' =3D> 'OpenVPN',
+'ovpn advanced encryption' =3D> 'Configuraci=C3=B3n avanzada de encriptaci=
=C3=B3n',
+'ovpn client version 25 cipher negotiation' =3D> 'Negociar encriptaci=C3=B3n=
',
+'ovpn client version 25 warning' =3D> 'Disponible con la versi=C3=B3n de Cli=
ente 2.5.0 y superior',
 'OpenVPN' =3D> 'OpenVPN',
 'Pages' =3D> 'P=C3=A1ginas',
 'Ping' =3D> 'Ping:',
@@ -1328,7 +1331,10 @@
 'ovpn' =3D> 'OpenVPN',
 'ovpn con stat' =3D> 'Estadisticas de conexi=C3=B3n OpenVPN',
 'ovpn config' =3D> 'Configruaci=C3=B3n de OVPN',
+'ovpn data encryption' =3D> 'Encriptaci=C3=B3n Data-Channel',
+'ovpn data channel' =3D> 'Canal-Datos',
 'ovpn device' =3D> 'Dispositivo OpenVPN',
+'ovpn errmsg invalid data cipher input' =3D> 'El cifrado de datos necesita a=
l menos de un cifrado',
 'ovpn dl' =3D> 'Configuraci=C3=B3n de descargas OVPN',
 'ovpn log' =3D> 'Registro de log de OVPN',
 'ovpn on blue' =3D> 'OpenVPN en BLUE',
@@ -1531,6 +1537,7 @@
 'save error' =3D> 'Imposible grabar archivo de configuraci=C3=B3n',
 'save settings' =3D> 'Guardar configuraciones',
 'save-adv-options' =3D> 'Guardar configuraciones avanzadas',
+'save-enc-options' =3D> 'Guardar opciones de encriptado',
 'script name' =3D> 'Nombre de Script:',
 'secondary dns' =3D> 'DNS Secundario:',
 'secondary ntp server' =3D> 'Servidor NTP Secundario',
diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl
index a2d27939c..df19ef316 100644
--- a/langs/fr/cgi-bin/fr.pl
+++ b/langs/fr/cgi-bin/fr.pl
@@ -1934,10 +1934,15 @@
 'override mtu' =3D> 'Remplacer le MTU par d=C3=A9faut',
 'ovpn' =3D> 'OpenVPN',
 'ovpn add conf' =3D> 'Configuration additionnelle',
+'ovpn advanced encryption' =3D> 'Param=C3=A8tres de cryptage avanc=C3=A9s',
+'ovpn client version 25 cipher negotiation' =3D> 'N=C3=A9gocier le cryptage',
+'ovpn client version 25 warning' =3D> 'Disponible avec le client version 2.5=
.0 et sup=C3=A9rieur',
 'ovpn con stat' =3D> 'Statistiques de connexions OpenVPN',
 'ovpn config' =3D> 'Config OVPN',
 'ovpn connection name' =3D> 'Nom de la connexion ',
 'ovpn crypt options' =3D> 'Options cryptographiques',
+'ovpn data encryption' =3D> 'Chiffrage du canal de donn=C3=A9es',
+'ovpn data channel' =3D> 'Canal de donn=C3=A9es',
 'ovpn device' =3D> 'P=C3=A9riph=C3=A9rique OpenVPN :',
 'ovpn dh' =3D> 'Longueur de param=C3=A8tres Diffie-Hellman ',
 'ovpn dh new key' =3D> 'G=C3=A9n=C3=A9rer de nouveaux param=C3=A8tres Diffie=
-Hellman ',
@@ -1946,6 +1951,7 @@
 'ovpn dl' =3D> 'T=C3=A9l=C3=A9charger Config OVPN',
 'ovpn engines' =3D> 'Moteur Crypto',
 'ovpn errmsg green already pushed' =3D> 'La route pour le r=C3=A9seau VERT e=
st toujours activ=C3=A9e',
+'ovpn errmsg invalid data cipher input' =3D> 'Le chiffrage de donn=C3=A9es n=
=C3=A9cessite au moins un cryptogramme',
 'ovpn errmsg invalid ip or mask' =3D> 'Adresse ou masque de sous-r=C3=A9seau=
 invalide',
 'ovpn error dh' =3D> 'Le param=C3=A8tre Diffie-Hellman doit =C3=AAtre au min=
imum =C3=A0 2048 bits ! <br>Veuillez g=C3=A9n=C3=A9rer ou t=C3=A9l=C3=A9charg=
er un nouveau param=C3=A8tre Diffie-Hellman, cela peut =C3=AAtre fait ci-dess=
ous dans la section "Options de param=C3=A8tres Diffie-Hellman".</br>',
 'ovpn error md5' =3D> 'Votre certificat h=C3=B4te utilise MD5 pour la signat=
ure qui n\'est plus accept=C3=A9e. <br>Veuillez mettre =C3=A0 jour la derni=
=C3=A8re version d\'IPFire et g=C3=A9n=C3=A9rez un nouveau certificat racine =
et h=C3=B4te..</br><br>Tous les clients OpenVPN doivent ensuite =C3=AAtre ren=
ouvel=C3=A9s!</br>',
@@ -2200,6 +2206,7 @@
 'save error' =3D> 'Impossible de sauvegarder le fichier archive de configura=
tion',
 'save settings' =3D> 'Sauvegarder les param=C3=A8tres',
 'save-adv-options' =3D> 'Sauvegarder les options avanc=C3=A9es',
+'save-enc-options' =3D> 'Enregistrer les options de chiffrage',
 'script name' =3D> 'Nom du script :',
 'search' =3D> 'Recherche',
 'secondary dns' =3D> 'DNS secondaire :',
diff --git a/langs/it/cgi-bin/it.pl b/langs/it/cgi-bin/it.pl
index 14436de4b..1c190eff2 100644
--- a/langs/it/cgi-bin/it.pl
+++ b/langs/it/cgi-bin/it.pl
@@ -43,6 +43,11 @@
 'Number of IPs for the pie chart' =3D> 'Numero di IP per il grafico a torta',
 'Number of Ports for the pie chart' =3D> 'Numero di porte per il grafico a t=
orta',
 'OVPN' =3D> 'OpenVPN',
+'ovpn data encryption' =3D> 'Crittografia del canale dati',
+'ovpn data channel' =3D> 'Canale-Dati',
+'ovpn advanced encryption' =3D> 'Impostazioni avanzate di crittografia',
+'ovpn client version 25 cipher negotiation' =3D> 'Negozazione cirttografia',
+'ovpn client version 25 warning' =3D> 'Disponibile con client 2.5.0 o pi=C3=
=B9 recente',
 'OpenVPN' =3D> 'OpenVPN',
 'Pages' =3D> 'Pagine',
 'Ping' =3D> 'Ping :',
@@ -1701,6 +1706,7 @@
 'ovpn dl' =3D> 'OVPN-Config Download',
 'ovpn engines' =3D> 'Crypto engine',
 'ovpn errmsg green already pushed' =3D> 'Route for Verde network is always s=
et',
+'ovpn errmsg invalid data cipher input' =3D> 'La crittografia dati necessita=
 almeno un cifrario',
 'ovpn errmsg invalid ip or mask' =3D> 'Invalid network-address or subnetmask=
',
 'ovpn generating the root and host certificates' =3D> 'Generating the root a=
nd host certifictae can take a long time.',
 'ovpn ha' =3D> 'Hash algorithm',
@@ -1928,6 +1934,7 @@
 'save error' =3D> 'Unable to save configuration archive file',
 'save settings' =3D> 'Save settings',
 'save-adv-options' =3D> 'Save advanced options',
+'save-enc-options' =3D> 'Salva impostazioni di crittografia',
 'script name' =3D> 'Script name:',
 'secondary dns' =3D> 'DNS Secondario:',
 'secondary ntp server' =3D> 'NTP server secondario',
diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl
index 53341a6f8..8207399e2 100644
--- a/langs/nl/cgi-bin/nl.pl
+++ b/langs/nl/cgi-bin/nl.pl
@@ -43,6 +43,9 @@
 'Number of IPs for the pie chart' =3D> 'Aantal IPs voor de taartdiagram',
 'Number of Ports for the pie chart' =3D> 'Aantal poorten voor de taartdiagra=
m',
 'OVPN' =3D> 'OpenVPN',
+'ovpn advanced encryption' =3D> 'Geavanceerde versleuteling instellingen',
+'ovpn client version 25 cipher negotiation' =3D> 'Onderhandel over versleute=
ling',
+'ovpn client version 25 warning' =3D> 'Beschikbaar met clientversie 2.5.0 en=
 hoger',
 'OpenVPN' =3D> 'OpenVPN',
 'Pages' =3D> 'Pagina\'s',
 'Ping' =3D> 'Ping :',
@@ -1655,9 +1658,12 @@
 'ovpn' =3D> 'OpenVPN',
 'ovpn con stat' =3D> 'OpenVPN connectiestatistieken',
 'ovpn config' =3D> 'OVPN-Configuratie',
+'ovpn data encryption' =3D> 'Datakanaalversleuteling',
+'ovpn data channel' =3D> 'Data-kanaal',
 'ovpn device' =3D> 'OpenVPN apparaat:',
 'ovpn dl' =3D> 'OVPN-Configuratie download',
 'ovpn errmsg green already pushed' =3D> 'Route voor het groene netwerk is al=
tijd aangezet',
+'ovpn errmsg invalid data cipher input' =3D> 'De gegevens codering heeft ten=
 minste =C3=A9=C3=A9n codering nodig',
 'ovpn errmsg invalid ip or mask' =3D> 'Ongeldig netwerkadres of subnetmasker=
',
 'ovpn log' =3D> 'OVPN-Log',
 'ovpn mgmt in root range' =3D> 'Een poortnummer hoger dan 1024 is vereist.',
@@ -1881,6 +1887,7 @@
 'save error' =3D> 'Kan configuratie-archief niet opslaan',
 'save settings' =3D> 'Opslaan instellingen',
 'save-adv-options' =3D> 'Opslaan geavanceerde opties',
+'save-enc-options' =3D> 'Bewaar encryptie opties',
 'script name' =3D> 'Scriptnaam:',
 'secondary dns' =3D> 'Secondaire DNS:',
 'secondary ntp server' =3D> 'Secondaire NTP server',
diff --git a/langs/pl/cgi-bin/pl.pl b/langs/pl/cgi-bin/pl.pl
index 63c8a1793..f9fbe57df 100644
--- a/langs/pl/cgi-bin/pl.pl
+++ b/langs/pl/cgi-bin/pl.pl
@@ -37,6 +37,9 @@
 'Number of IPs for the pie chart' =3D> 'Liczba numer=C3=B3w IP na wykresie k=
o=C5=82owym',
 'Number of Ports for the pie chart' =3D> 'Liczba port=C3=B3w na wykresie ko=
=C5=82owym',
 'OVPN' =3D> 'OpenVPN',
+'ovpn advanced encryption' =3D> 'Zaawansowane ustawienia szyfrowania',
+'ovpn client version 25 cipher negotiation' =3D> 'Negocjowanie szyfrowania',
+'ovpn client version 25 warning' =3D> 'Dost=C4=99pny z klientem w wersji 2.5=
.0 i wy=C5=BCszej',
 'OpenVPN' =3D> 'OpenVPN',
 'Pages' =3D> 'Stron',
 'Ping' =3D> 'Ping :',
@@ -1340,8 +1343,11 @@
 'ovpn' =3D> 'OpenVPN',
 'ovpn con stat' =3D> 'Statystyki po=C5=82=C4=85cze=C5=84 OpenVPN',
 'ovpn config' =3D> 'OVPN-Konfig',
+'ovpn data encryption' =3D> 'Szyfrowanie Kana=C5=82u-Danych',
+'ovpn data channel' =3D> 'Kana=C5=82-Danych',
 'ovpn device' =3D> 'Urz=C4=85dzenie OpenVPN:',
 'ovpn dl' =3D> 'Pobierz konfig OVPN',
+'ovpn errmsg invalid data cipher input' =3D> 'Szyfr danych wymaga co najmnie=
j jednego szyfru',
 'ovpn log' =3D> 'Log OVPN',
 'ovpn on blue' =3D> 'OpenVPN na int. BLUE',
 'ovpn on orange' =3D> 'OpenVPN na int. ORANGE',
@@ -1543,6 +1549,7 @@
 'save error' =3D> 'Nie mo=C5=BCna zapisa=C4=87 konfiguracji do pliku archiwu=
m',
 'save settings' =3D> 'Zapisz ustawienia',
 'save-adv-options' =3D> 'Zapisz zaawansowane ustawienia',
+'save-enc-options' =3D> 'Zapisywanie opcji szyfrowania',
 'script name' =3D> 'Nazwa skryptu:',
 'secondary dns' =3D> 'Zapasowy DNS:',
 'secondary ntp server' =3D> 'Zapasowy serwer NTP',
diff --git a/langs/ru/cgi-bin/ru.pl b/langs/ru/cgi-bin/ru.pl
index 4f69dc47a..700a8d838 100644
--- a/langs/ru/cgi-bin/ru.pl
+++ b/langs/ru/cgi-bin/ru.pl
@@ -35,6 +35,9 @@
 'Number of IPs for the pie chart' =3D> '=D0=A7=D0=B8=D1=81=D0=BB=D0=BE IP =
=D0=B4=D0=BB=D1=8F =D0=BA=D1=80=D1=83=D0=B3=D0=BB=D1=8B=D1=85 =D0=B3=D1=80=D0=
=B0=D1=84=D0=B8=D0=BA=D0=BE=D0=B2',
 'Number of Ports for the pie chart' =3D> '=D0=A7=D0=B8=D1=81=D0=BB=D0=BE =D0=
=BF=D0=BE=D1=80=D1=82=D0=BE=D0=B2 =D0=B4=D0=BB=D1=8F =D0=BA=D1=80=D1=83=D0=B3=
=D0=BB=D1=8B=D1=85 =D0=B3=D1=80=D0=B0=D1=84=D0=B8=D0=BA=D0=BE=D0=B2',
 'OVPN' =3D> 'OpenVPN',
+'ovpn advanced encryption' =3D> '=D0=A0=D0=B0=D1=81=D1=88=D0=B8=D1=80=D0=B5=
=D0=BD=D0=BD=D1=8B=D0=B5 =D0=BD=D0=B0=D1=81=D1=82=D1=80=D0=BE=D0=B9=D0=BA=D0=
=B8 =D1=88=D0=B8=D1=84=D1=80=D0=BE=D0=B2=D0=B0=D0=BD=D0=B8=D1=8F',
+'ovpn client version 25 cipher negotiation' =3D> '=D0=9E=D0=B1=D1=81=D1=83=
=D0=B4=D0=B8=D1=82=D1=8C =D1=88=D0=B8=D1=84=D1=80=D0=BE=D0=B2=D0=B0=D0=BD=D0=
=B8=D0=B5',
+'ovpn client version 25 warning' =3D> '=D0=94=D0=BE=D1=81=D1=82=D1=83=D0=BF=
=D0=BD=D0=BE =D1=81 =D0=BA=D0=BB=D0=B8=D0=B5=D0=BD=D1=82=D1=81=D0=BA=D0=BE=D0=
=B9 =D0=B2=D0=B5=D1=80=D1=81=D0=B8=D0=B5=D0=B9 2.5.0 =D0=B8 =D0=B2=D1=8B=D1=
=88=D0=B5',
 'OpenVPN' =3D> 'OpenVPN',
 'Pages' =3D> '=D0=A1=D1=82=D1=80=D0=B0=D0=BD=D0=B8=D1=86=D1=8B',
 'Ping' =3D> '=D0=9F=D0=B8=D0=BD=D0=B3 :',
@@ -1331,9 +1334,12 @@
 'ovpn' =3D> 'OpenVPN',
 'ovpn con stat' =3D> '=D0=A1=D1=82=D0=B0=D1=82=D0=B8=D1=81=D1=82=D0=B8=D0=BA=
=D0=B0 =D0=BF=D0=BE=D0=B4=D0=BA=D0=BB=D1=8E=D1=87=D0=B5=D0=BD=D0=B8=D0=B9 Ope=
nVPN',
 'ovpn config' =3D> '=D0=9D=D0=B0=D1=81=D1=82=D1=80=D0=BE=D0=B9=D0=BA=D0=B8 O=
VPN',
+'ovpn data encryption' =3D> '=D1=88=D0=B8=D1=84=D1=80=D0=BE=D0=B2=D0=B0=D0=
=BD=D0=B8=D0=B5-=D0=BA=D0=B0=D0=BD=D0=B0=D0=BB=D0=BE=D0=B2 =D0=B4=D0=B0=D0=BD=
=D0=BD=D1=8B=D1=85',
+'ovpn data channel' =3D> '=D0=98=D0=BD=D1=84=D0=BE=D1=80=D0=BC=D0=B0=D1=86=
=D0=B8=D0=BE=D0=BD=D0=BD=D1=8B=D0=B9-=D0=BA=D0=B0=D0=BD=D0=B0=D0=BB',
 'ovpn device' =3D> '=D0=A3=D1=81=D1=82=D1=80=D0=BE=D0=B9=D1=81=D1=82=D0=B2=
=D0=BE OpenVPN:',
 'ovpn dl' =3D> '=D0=97=D0=B0=D0=B3=D1=80=D1=83=D0=B7=D0=BA=D0=B0 =D0=BD=D0=
=B0=D1=81=D1=82=D1=80=D0=BE=D0=B5=D0=BA OVPN',
 'ovpn errmsg green already pushed' =3D> '=D0=9C=D0=B0=D1=80=D1=88=D1=80=D1=
=83=D1=82 =D0=B4=D0=BB=D1=8F =D0=B7=D0=B5=D0=BB=D1=91=D0=BD=D0=BE=D0=B9 =D1=
=81=D0=B5=D1=82=D0=B8 =D0=B2=D1=81=D0=B5=D0=B3=D0=B4=D0=B0 =D0=B2=D0=BA=D0=BB=
=D1=8E=D1=87=D1=91=D0=BD',
+'ovpn errmsg invalid data cipher input' =3D> '=D0=94=D0=BB=D1=8F =D1=88=D0=
=B8=D1=84=D1=80=D0=B0 =D0=B4=D0=B0=D0=BD=D0=BD=D1=8B=D1=85 =D0=BD=D1=83=D0=B6=
=D0=B5=D0=BD =D1=85=D0=BE=D1=82=D1=8F =D0=B1=D1=8B =D0=BE=D0=B4=D0=B8=D0=BD =
=D1=88=D0=B8=D1=84=D1=80',
 'ovpn errmsg invalid ip or mask' =3D> '=D0=9D=D0=B5=D0=BF=D1=80=D0=B0=D0=B2=
=D0=B8=D0=BB=D1=8C=D0=BD=D1=8B=D0=B9 =D0=B0=D0=B4=D1=80=D0=B5=D1=81 =D0=B8=D0=
=BB=D0=B8 =D0=BC=D0=B0=D1=81=D0=BA=D0=B0 =D0=BF=D0=BE=D0=B4=D1=81=D1=82=D0=B8=
',
 'ovpn log' =3D> '=D0=96=D1=83=D1=80=D0=BD=D0=B0=D0=BB OVPN',
 'ovpn on blue' =3D> 'OpenVPN =D0=BD=D0=B0 BLUE',
@@ -1538,6 +1544,7 @@
 'save error' =3D> '=D0=9D=D0=B5 =D0=BF=D0=BE=D0=BB=D1=83=D1=87=D0=B8=D0=BB=
=D0=BE=D1=81=D1=8C =D1=81=D0=BE=D1=85=D1=80=D0=B0=D0=BD=D0=B8=D1=82=D1=8C =D0=
=B0=D1=80=D1=85=D0=B8=D0=B2 =D0=BD=D0=B0=D1=81=D1=82=D1=80=D0=BE=D0=B5=D0=BA',
 'save settings' =3D> '=D0=A1=D0=BE=D1=85=D1=80=D0=B0=D0=BD=D0=B8=D1=82=D1=8C=
 =D0=BD=D0=B0=D1=81=D1=82=D1=80=D0=BE=D0=B9=D0=BA=D0=B8',
 'save-adv-options' =3D> '=D0=A1=D0=BE=D1=85=D1=80=D0=B0=D0=BD=D0=B8=D1=82=D1=
=8C =D0=B4=D0=BE=D0=BF=D0=BE=D0=BB=D0=BD=D0=B8=D1=82=D0=B5=D0=BB=D1=8C=D0=BD=
=D1=8B=D0=B5 =D0=BD=D0=B0=D1=81=D1=82=D1=80=D0=BE=D0=B9=D0=BA=D0=B8',
+'save-enc-options' =3D> '=D0=A1=D0=BE=D1=85=D1=80=D0=B0=D0=BD=D0=B8=D1=82=D1=
=8C =D0=BF=D0=B0=D1=80=D0=B0=D0=BC=D0=B5=D1=82=D1=80=D1=8B =D1=88=D0=B8=D1=84=
=D1=80=D0=BE=D0=B2=D0=B0=D0=BD=D0=B8=D1=8F',
 'script name' =3D> '=D0=98=D0=BC=D1=8F =D1=81=D0=BA=D1=80=D0=B8=D0=BF=D1=82=
=D0=B0:',
 'secondary dns' =3D> '=D0=92=D1=82=D0=BE=D1=80=D0=BE=D0=B9 DNS:',
 'secondary ntp server' =3D> '=D0=92=D1=82=D0=BE=D1=80=D0=BE=D0=B9 NTP =D1=81=
=D0=B5=D1=80=D0=B2=D0=B5=D1=80',
diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl
index 34e8bdcf7..0c64063c7 100644
--- a/langs/tr/cgi-bin/tr.pl
+++ b/langs/tr/cgi-bin/tr.pl
@@ -1835,9 +1835,14 @@
 'override mtu' =3D> 'Varsay=C4=B1lan MTU se=C3=A7ene=C4=9Fini ge=C3=A7ersiz =
k=C4=B1l',
 'ovpn' =3D> 'OpenVPN',
 'ovpn add conf' =3D> 'Ek yap=C4=B1land=C4=B1rma',
+'ovpn advanced encryption' =3D> 'Geli=C5=9Fmi=C5=9F =C5=9Fifreleme ayarlar=
=C4=B1',
+'ovpn client version 25 cipher negotiation' =3D> '=C5=9Eifrelemeyi g=C3=B6r=
=C3=BC=C5=9F=C3=BCn',
+'ovpn client version 25 warning' =3D> '=C4=B0stemci s=C3=BCr=C3=BCm=C3=BC 2.=
5.0 ve =C3=BCst=C3=BC ile mevcuttur',
 'ovpn con stat' =3D> 'OpenVPN Ba=C4=9Flant=C4=B1 =C4=B0statisti=C4=9Fi',
 'ovpn config' =3D> 'OVPN-Yap=C4=B1land=C4=B1rmas=C4=B1',
 'ovpn crypt options' =3D> '=C5=9Eifreleme se=C3=A7enekleri',
+'ovpn data channel' =3D> 'Veri-Kanal=C4=B1',
+'ovpn data encryption' =3D> 'Veri-Kanal=C4=B1 =C5=9Fifreleme',
 'ovpn device' =3D> 'OpenVPN ayg=C4=B1t=C4=B1:',
 'ovpn dh' =3D> 'Diffie-Hellman parametre uzunlu=C4=9Fu',
 'ovpn dh new key' =3D> 'Yeni Diffie-Hellman parametrelerini olu=C5=9Fturun',
@@ -1846,6 +1851,7 @@
 'ovpn dl' =3D> 'OVPN-Yap=C4=B1land=C4=B1rmas=C4=B1 =C4=B0ndir',
 'ovpn engines' =3D> '=C5=9Eifreleme motoru',
 'ovpn errmsg green already pushed' =3D> 'Ye=C5=9Fil a=C4=9F i=C3=A7in her za=
man bir yol ayarla',
+'ovpn errmsg invalid data cipher input' =3D> 'Veri =C5=9Fifresinin en az bir=
 =C5=9Fifreye ihtiyac=C4=B1 var',
 'ovpn errmsg invalid ip or mask' =3D> 'Ge=C3=A7ersiz a=C4=9F adresi veya alt=
 a=C4=9F maskesi',
 'ovpn generating the root and host certificates' =3D> 'Root ve ana bilgisaya=
r sertifika =C3=BCretimi uzun zaman alabilir.',
 'ovpn ha' =3D> 'Hash algorithmas=C4=B1',
@@ -2080,6 +2086,7 @@
 'save error' =3D> 'Yap=C4=B1land=C4=B1rma ar=C5=9Fiv dosyas=C4=B1 kaydedilem=
iyor.',
 'save settings' =3D> 'Ayarlar=C4=B1 kaydet',
 'save-adv-options' =3D> 'Geli=C5=9Fmi=C5=9F Se=C3=A7enekleri Kaydet',
+'save-enc-options' =3D> '=C5=9Eifreleme Se=C3=A7eneklerini Kaydedin',
 'script name' =3D> 'Komut ad=C4=B1:',
 'search' =3D> 'Ara',
 'secondary dns' =3D> '=C4=B0kincil DNS:',
--=20
2.20.1


--===============0774096222853728998==--