[PATCH v2 7/7] OpenVPN: Moved TLS auth to advanced encryption section

10 Dec 2020

- The TLS authentication has been enhanced with --tls-crypt and with
OpenVPN version 2.5.0 new introduced --tls-crypt-v2 .
- New keys will be shown and can partly be downloaded over the
"Certificate Authorities and -Keys" table.
- The global section has been completely cleaned up from encryption
settings which follows the IPSec WUI style.
Signed-off-by: ummeegge erik.kapfer@ipfire.org
---
 html/cgi-bin/ovpnmain.cgi | 304 +++++++++++++++++++++++++++++++-------
 langs/de/cgi-bin/de.pl    |  10 +-
 langs/en/cgi-bin/en.pl    |  12 +-
 langs/es/cgi-bin/es.pl    |  10 ++
 langs/fr/cgi-bin/fr.pl    |  12 +-
 langs/it/cgi-bin/it.pl    |   7 +-
 langs/nl/cgi-bin/nl.pl    |  13 +-
 langs/pl/cgi-bin/pl.pl    |  10 ++
 langs/ru/cgi-bin/ru.pl    |  11 ++
 langs/tr/cgi-bin/tr.pl    |   9 ++
 10 files changed, 334 insertions(+), 64 deletions(-)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index a80befdb6..23085e763 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -371,9 +371,19 @@ sub writeserverconf {
     # Set TLSv2 as minimum
     print CONF "tls-version-min 1.2\n";
-    if ($sovpnsettings{'TLSAUTH'} eq 'on') {
-	print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n";
-    }
+	# TLS control channel authentication
+	if ($sovpnsettings{'TLSAUTH'} ne 'off') {
+		if ($sovpnsettings{'TLSAUTH'} eq 'on') {
+			print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n";
+		}
+		if ($sovpnsettings{'TLSAUTH'} eq 'tls-crypt') {
+			print CONF "tls-crypt ${General::swroot}/ovpn/certs/tc.key\n";
+		}
+		if ($sovpnsettings{'TLSAUTH'} eq 'tls-crypt-v2') {
+			print CONF "tls-crypt-v2 ${General::swroot}/ovpn/certs/tc-v2-server.key\n";
+		}
+	}
+
     if ($sovpnsettings{DCOMPLZO} eq 'on') {
         print CONF "comp-lzo\n";
     }
@@ -959,6 +969,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) {
    &General::readhash("${General::swroot}/ovpn/settings", %vpnsettings);
$vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
+	$vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
    $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
    $vpnsettings{'DATACIPHERS'} = $cgiparams{'DATACIPHERS'};
@@ -982,6 +993,39 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) {
    	$vpnsettings{'NCHANNELCIPHERS'} = $cgiparams{'NCHANNELCIPHERS'};
    }
+	# Create ta.key for tls-auth if not presant
+	if ($cgiparams{'TLSAUTH'} eq 'on') {
+		if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
+			system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+			if ($?) {
+				$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
+				goto ADV_ENC_ERROR;
+			}
+		}
+	}
+
+	# Create tc.key for tls-crypt if not presant
+	if ($cgiparams{'TLSAUTH'} eq 'tls-crypt') {
+		if ( ! -e "${General::swroot}/ovpn/certs/tc.key") {
+			system('/usr/sbin/openvpn', '--genkey', 'tls-crypt', "${General::swroot}/ovpn/certs/tc.key");
+			if ($?) {
+				$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
+				goto ADV_ENC_ERROR;
+			}
+		}
+	}
+
+	# Create tc-v2-server.key for tls-crypt-v2 server if not presant
+	if ($cgiparams{'TLSAUTH'} eq 'tls-crypt-v2') {
+		if ( ! -e "${General::swroot}/ovpn/certs/tc-v2-server.key") {
+			system('/usr/sbin/openvpn', '--genkey', 'tls-crypt-v2-server', "${General::swroot}/ovpn/certs/tc-v2-server.key");
+			if ($?) {
+				$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
+				goto ADV_ENC_ERROR;
+			}
+		}
+	}
+
    &General::writehash("${General::swroot}/ovpn/settings", %vpnsettings);
    &writeserverconf();
 }
@@ -1272,17 +1316,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
    goto SETTINGS_ERROR;
     }
-	# Create ta.key for tls-auth if not presant
-	if ($cgiparams{'TLSAUTH'} eq 'on') {
-		if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
-			system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
-			if ($?) {
-				$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
-				goto SETTINGS_ERROR;
-			}
-		}
-	}
-
     $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
     $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
     $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
@@ -1293,7 +1326,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
     $vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'};
     $vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
     $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
-    $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
 #wrtie enable
if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");}
@@ -1723,12 +1755,34 @@ END
 ### Download tls-auth key
 ###
 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-auth key'}) {
-    if ( -f "${General::swroot}/ovpn/certs/ta.key" ) {
-	print "Content-Type: application/octet-stream\r\n";
-	print "Content-Disposition: filename=ta.key\r\n\r\n";
-	print `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
-	exit(0);
-    }
+	if ( -f "${General::swroot}/ovpn/certs/ta.key" ) {
+		print "Content-Type: application/octet-stream\r\n";
+		print "Content-Disposition: filename=ta.key\r\n\r\n";
+		print `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
+		exit(0);
+	}
+
+###
+### Download tls-crypt key
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-crypt key'}) {
+	if ( -f "${General::swroot}/ovpn/certs/tc.key" ) {
+		print "Content-Type: application/octet-stream\r\n";
+		print "Content-Disposition: filename=tc.key\r\n\r\n";
+		print `/bin/cat ${General::swroot}/ovpn/certs/tc.key`;
+		exit(0);
+	}
+
+###
+### Download tls-crypt-v2 key
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-crypt-v2 key'}) {
+	if ( -f "${General::swroot}/ovpn/certs/tc-v2-server.key" ) {
+		print "Content-Type: application/octet-stream\r\n";
+		print "Content-Disposition: filename=tc-v2-server.key\r\n\r\n";
+		print `/bin/cat ${General::swroot}/ovpn/certs/tc-v2-server.key`;
+		exit(0);
+	}
###
 ### Form for generating a root certificate
@@ -2451,13 +2505,37 @@ else
print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
-    if ($vpnsettings{'TLSAUTH'} eq 'on') {
-	if ($cgiparams{'MODE'} eq 'insecure') {
-		print CLIENTCONF ";";
-	}
-	print CLIENTCONF "tls-auth ta.key\r\n";
-	$zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key")  or die "Can't add file ta.key\n";
+	# Comment TLS-Auth directive if 'insecure' mode has been choosen
+	if ($vpnsettings{'TLSAUTH'} eq 'on') {
+		if ($cgiparams{'MODE'} eq 'insecure') {
+			print CLIENTCONF ";";
+		}
+		print CLIENTCONF "tls-auth ta.key\r\n";
+		$zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key")  or die "Can't add file ta.key\n";
     }
+
+	# Comment TLS-Crypt directive if 'insecure' mode has been choosen
+	if ($vpnsettings{'TLSAUTH'} eq 'tls-crypt') {
+		if ($cgiparams{'MODE'} eq 'insecure') {
+			print CLIENTCONF ";";
+		}
+		print CLIENTCONF "tls-crypt tc.key\r\n";
+		$zip->addFile( "${General::swroot}/ovpn/certs/tc.key", "tc.key")  or die "Can't add file tc.key\n";
+	}
+
+	# Comment TLS-Crypt-v2 directive if 'insecure' mode has been choosen and generate individual key
+	if ($vpnsettings{'TLSAUTH'} eq 'tls-crypt-v2') {
+		if ($cgiparams{'MODE'} eq 'insecure') {
+			print CLIENTCONF ";";
+		}
+		print CLIENTCONF "tls-crypt-v2 tc-v2-client-$confighash{$cgiparams{'KEY'}}[1].key\r\n";
+		# Generate individual tls-crypt-v2 client key
+		my $cryptfile = "$tempdir/tc-v2-client-$confighash{$cgiparams{'KEY'}}[1].key";
+		system('/usr/sbin/openvpn', '--tls-crypt-v2', "${General::swroot}/ovpn/certs/tc-v2-server.key", '--genkey', 'tls-crypt-v2-client', "$cryptfile");
+		# Add individual tls-crypt-v2 client key to client package
+		$zip->addFile( "$cryptfile", "tc-v2-client-$confighash{$cgiparams{'KEY'}}[1].key")  or die "Can't add file tc-v2-client-$confighash{$cgiparams{'KEY'}}[1].key\n";
+	}
+
     if ($vpnsettings{DCOMPLZO} eq 'on') {
         print CLIENTCONF "comp-lzo\r\n";
     }
@@ -2514,7 +2592,33 @@ else
    print CLIENTCONF "</key>\r\n\r\n";
    close(FILE);
-	# TLS auth
+	# Create individual tls-crypt-v2 client key and print it to client.conf if 'insecure' has been selected
+	if ($vpnsettings{'TLSAUTH'} eq 'tls-crypt-v2') {
+		my $cryptfile = "$tempdir/tc-v2-client-$confighash{$cgiparams{'KEY'}}[1].key";
+		system('/usr/sbin/openvpn', '--tls-crypt-v2', "${General::swroot}/ovpn/certs/tc-v2-server.key", '--genkey', 'tls-crypt-v2-client', "$cryptfile");
+		open(FILE, "<$cryptfile");
+		print CLIENTCONF "<tls-crypt-v2>\r\n";
+		while (<FILE>) {
+			chomp($_);
+			print CLIENTCONF "$_\r\n";
+		}
+		print CLIENTCONF "</tls-crypt-v2>\r\n\r\n";
+		close(FILE);
+	}
+
+	# Print TLS-Crypt key to client.ovpn if 'insecure' has been selected
+	if ($vpnsettings{'TLSAUTH'} eq 'tls-crypt') {
+		open(FILE, "<${General::swroot}/ovpn/certs/tc.key");
+		print CLIENTCONF "<tls-crypt>\r\n";
+		while (<FILE>) {
+			chomp($_);
+			print CLIENTCONF "$_\r\n";
+		}
+		print CLIENTCONF "</tls-crypt>\r\n\r\n";
+		close(FILE);
+	}
+
+	# Print TLS-Auth key to client.ovpn if 'insecure' has been selected
    if ($vpnsettings{'TLSAUTH'} eq 'on') {
    	open(FILE, "<${General::swroot}/ovpn/certs/ta.key");
    	print CLIENTCONF "<tls-auth>\r\n";
@@ -2706,6 +2810,50 @@ else
    	exit(0);
     }
+###
+### Display tls-crypt key
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show tls-crypt key'}) {
+
+	if (! -e "${General::swroot}/ovpn/certs/tc.key") {
+		$errormessage = $Lang::tr{'not present'};
+	} else {
+		&Header::showhttpheaders();
+		&Header::openpage($Lang::tr{'ovpn'}, 1, '');
+		&Header::openbigbox('100%', 'LEFT', '', '');
+		&Header::openbox('100%', 'LEFT', "$Lang::tr{'tc key'}");
+		my $output = `/bin/cat ${General::swroot}/ovpn/certs/tc.key`;
+		$output = &Header::cleanhtml($output,"y");
+		print "<pre>$output</pre>\n";
+		&Header::closebox();
+		print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
+		&Header::closebigbox();
+		&Header::closepage();
+		exit(0);
+	}
+
+###
+### Display tls-crypt-v2 server key
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show tls-crypt-v2 key'}) {
+
+	if (! -e "${General::swroot}/ovpn/certs/tc-v2-server.key") {
+		$errormessage = $Lang::tr{'not present'};
+	} else {
+		&Header::showhttpheaders();
+		&Header::openpage($Lang::tr{'ovpn'}, 1, '');
+		&Header::openbigbox('100%', 'LEFT', '', '');
+		&Header::openbox('100%', 'LEFT', "$Lang::tr{'tc v2 key'}");
+		my $output = `/bin/cat ${General::swroot}/ovpn/certs/tc-v2-server.key`;
+		$output = &Header::cleanhtml($output,"y");
+		print "<pre>$output</pre>\n";
+		&Header::closebox();
+		print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
+		&Header::closebigbox();
+		&Header::closepage();
+		exit(0);
+	}
+
 ###
 ### Display Certificate Revoke List
 ###
@@ -2758,9 +2906,6 @@ ADV_ERROR:
     if ($cgiparams{'LOG_VERB'} eq '') {
    	$cgiparams{'LOG_VERB'} =  '3';
     }
-    if ($cgiparams{'TLSAUTH'} eq '') {
-		$cgiparams{'TLSAUTH'} = 'off';
-    }
     $checked{'CLIENT2CLIENT'}{'off'} = '';
     $checked{'CLIENT2CLIENT'}{'on'} = '';
     $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
@@ -2981,6 +3126,7 @@ END
    }
    $confighash{$key}[39] = $cgiparams{'DAUTH'};
    $confighash{$key}[40] = $cgiparams{'DCIPHER'};
+	$confighash{$key}[41] = $cgiparams{'TLSAUTH'};
    $confighash{$key}[42] = $cgiparams{'DATACIPHERS'};
    $confighash{$key}[43] = $cgiparams{'CHANNELCIPHERS'};
    $confighash{$key}[44] = $cgiparams{'NCHANNELCIPHERS'};
@@ -3004,6 +3150,17 @@ ADV_ENC_ERROR:
    @temp = split('|', $cgiparams{'DAUTH'});
    foreach my $key (@temp) {$checked{'DAUTH'}{$key} = "selected='selected'"; }
+	# Set default for TLS control authentication
+	if ($cgiparams{'TLSAUTH'} eq '') {
+		$cgiparams{'TLSAUTH'} = 'tls-crypt'; #[41]
+	}
+	$checked{'TLSAUTH'}{'on'} = '';
+	$checked{'TLSAUTH'}{'off'} = '';
+	$checked{'TLSAUTH'}{'tls-crypt'} = '';
+	$checked{'TLSAUTH'}{'tls-crypt-v2'} = '';
+	@temp = split('|', $cgiparams{'TLSAUTH'});
+	foreach my $key (@temp) {$checked{'TLSAUTH'}{$key} = "selected='selected'"; }
+
    # Set default for data-cipher-fallback (the old --cipher directive)
    if ($cgiparams{'DCIPHER'} eq '') {
    	$cgiparams{'DCIPHER'} =  'AES-256-CBC'; #[40]
@@ -3058,12 +3215,14 @@ ADV_ENC_ERROR:
    if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) {
    	$confighash{$cgiparams{'KEY'}}[39] = $cgiparams{'DAUTH'};
    	$confighash{$cgiparams{'KEY'}}[40] = $cgiparams{'DCIPHER'};
+		$confighash{$cgiparams{'KEY'}}[41] = $cgiparams{'TLSAUTH'};
    	$confighash{$cgiparams{'KEY'}}[42] = $cgiparams{'DATACIPHERS'};
    	$confighash{$cgiparams{'KEY'}}[43] = $cgiparams{'CHANNELCIPHERS'};
    	$confighash{$cgiparams{'KEY'}}[44] = $cgiparams{'NCHANNELCIPHERS'};
    } else {
    	$cgiparams{'DAUTH'} = $vpnsettings{'DAUTH'};
    	$cgiparams{'DCIPHER'} = $vpnsettings{'DCIPHER'};
+		$cgiparams{'TLSAUTH'} = $vpnsettings{'TLSAUTH'};
    	$cgiparams{'DATACIPHERS'} = $vpnsettings{'DATACIPHERS'};
    	$cgiparams{'CHANNELCIPHERS'} = $vpnsettings{'CHANNELCIPHERS'};
    	$cgiparams{'NCHANNELCIPHERS'} = $vpnsettings{'NCHANNELCIPHERS'};
@@ -3175,6 +3334,7 @@ ADV_ENC_ERROR:
    		<tr>
    			<th width="15%"></th>
    			<th>$Lang::tr{'ovpn ha'}</th>
+				<th>$Lang::tr{'ovpn tls auth'}</th>
    		</tr>
    	</thead>
    	<tbody>
@@ -3193,6 +3353,14 @@ ADV_ENC_ERROR:
    					<option value='whirlpool' $checked{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
    					<option value='SHA1' $checked{'DAUTH'}{'SHA1'}>SHA1 160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'}</option>
    				</select>
+
+				<td class='boldbase'>
+					<select name='TLSAUTH' size='6' style='width: 100%' style="margin-right:-17px" size="11">
+						<option value='tls-crypt-v2' $checked{'TLSAUTH'}{'tls-crypt-v2'}>TLS-Crypt-v2</option>
+						<option value='tls-crypt' $checked{'TLSAUTH'}{'tls-crypt'}>TLS-Crypt</option>
+						<option value='on' $checked{'TLSAUTH'}{'on'}>TLS-Auth</option>
+						<option value='off' $checked{'TLSAUTH'}{'off'}>Off</option>
+					</select>
    			</td>
    		</tr>
    	</tbody>
@@ -3972,7 +4140,6 @@ if ($confighash{$cgiparams{'KEY'}}) {
    	$cgiparams{'CCD_WINS'}		= $confighash{$cgiparams{'KEY'}}[37];
    	$cgiparams{'DAUTH'}		= $confighash{$cgiparams{'KEY'}}[39];
    	$cgiparams{'DCIPHER'}		= $confighash{$cgiparams{'KEY'}}[40];
-		$cgiparams{'TLSAUTH'}		= $confighash{$cgiparams{'KEY'}}[41];
    	# Index from [39] to [44] has been reserved by advanced encryption
    	$cgiparams{'CLIENTVERSION'} = $confighash{$cgiparams{'KEY'}}[45];
    } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
@@ -4890,10 +5057,6 @@ if ($cgiparams{'TYPE'} eq 'net') {
     $checked{'MSSFIX'}{'on'} = '';
     $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
-    $checked{'TLSAUTH'}{'off'} = '';
-    $checked{'TLSAUTH'}{'on'} = '';
-    $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
-
     if (1) {
    &Header::showhttpheaders();
    &Header::openpage($Lang::tr{'ovpn'}, 1, '');
@@ -5439,9 +5602,6 @@ END
     if ($cgiparams{'MSSFIX'} eq '') {
    	$cgiparams{'MSSFIX'} = 'off';
     }
-	if ($cgiparams{'TLSAUTH'} eq '') {
-		$cgiparams{'TLSAUTH'} = 'off';
-	}
     if ($cgiparams{'DOVPN_SUBNET'} eq '') {
    	$cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
     }
@@ -5459,10 +5619,6 @@ END
     $selected{'DPROTOCOL'}{'tcp'} = '';
     $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
-    $checked{'TLSAUTH'}{'off'} = '';
-    $checked{'TLSAUTH'}{'on'} = '';
-    $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
-
     $checked{'DCOMPLZO'}{'off'} = '';
     $checked{'DCOMPLZO'}{'on'} = '';
     $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
@@ -5565,17 +5721,6 @@ END
         <td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}' size='5' /></td>
     </tr>
-	<tr><td colspan='4'><br></td></tr>
-	<tr>
-		<td class'base'><b>$Lang::tr{'ovpn crypt options'}:</b></td>
-	</tr>
-	<tr><td colspan='1'><br></td></tr>
-
-	<tr>
-		<td class='base'>$Lang::tr{'ovpn tls auth'}</td>
-		<td><input type='checkbox' name='TLSAUTH' $checked{'TLSAUTH'}{'on'} /></td>
-	</tr>
-
     <tr><td colspan='4'><br><br></td></tr>
 END
 ;				   
@@ -5874,6 +6019,10 @@ END
     my $col3="bgcolor='$color{'color22'}'";
     # ta.key line
     my $col4="bgcolor='$color{'color20'}'";
+	# tc-v2.key line
+	my $col5="bgcolor='$color{'color22'}'";
+	# tc.key
+	my $col6="bgcolor='$color{'color20'}'";
if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
    	my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
@@ -6003,7 +6152,7 @@ END
    	# Nothing
    	print <<END;
    	<tr>
-			<td width='25%' class='base' $col4>$Lang::tr{'ta key'}:</td>
+			<td width='25%' class='base' $col4>$Lang::tr{'ta key'}</td>
    		<td class='base' $col4>$Lang::tr{'not present'}</td>
    		<td colspan='3' $col4>&nbsp;</td>
    	</tr>
@@ -6011,6 +6160,51 @@ END
    	;
     }
+	# Adding tc-v2.key to chart
+	if (-f "${General::swroot}/ovpn/certs/tc-v2-server.key") {
+		my $tcvsubject = `/bin/cat ${General::swroot}/ovpn/certs/tc-v2-server.key`;
+		$tcvsubject    =~ /-----BEGIN (.*)-----[\n]/;
+		$tcvsubject    = $1;
+		print <<END;
+
+		<tr>
+			<td class='base' $col5>$Lang::tr{'tc v2 key'}</td>
+			<td class='base' $col5>$tcvsubject</td>
+				<form method='post' name='frmtcv2key'><td width='3%' align='center' $col5>
+					<input type='hidden' name='ACTION' value='$Lang::tr{'show tls-crypt-v2 key'}' />
+					<input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show tls-crypt-v2 key'}' title='$Lang::tr{'show tls-crypt-v2 key key'}' width='20' height='20' border='0' />
+				</form>
+				<form method='post' name='frmtckey'><td width='3%' align='center' $col5>
+			<td width='4%' $col5>&nbsp;</td>
+		</tr>
+END
+;
+	}
+
+	# Adding tc.key to chart
+	if (-f "${General::swroot}/ovpn/certs/tc.key") {
+		my $tcsubject = `/bin/cat ${General::swroot}/ovpn/certs/tc.key`;
+		$tcsubject    =~ /# (.*)[\n]/;
+		$tcsubject    = $1;
+		print <<END;
+
+		<tr>
+			<td class='base' $col6>$Lang::tr{'tc key'}</td>
+			<td class='base' $col6>$tcsubject</td>
+				<form method='post' name='frmtckey'><td width='3%' align='center' $col6>
+					<input type='hidden' name='ACTION' value='$Lang::tr{'show tls-crypt key'}' />
+					<input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show tls-crypt key'}' title='$Lang::tr{'show tls-crypt key'}' width='20' height='20' border='0' />
+				</form>
+				<form method='post' name='frmtckey'><td width='3%' align='center' $col6>
+					<input type='image' name='$Lang::tr{'download tls-crypt key'}' src='/images/media-floppy.png' alt='$Lang::tr{'download tls-crypt key'}' title='$Lang::tr{'download tls-crypt key'}' border='0' />
+					<input type='hidden' name='ACTION' value='$Lang::tr{'download tls-crypt key'}' />
+				</form>
+			<td width='4%' $col6>&nbsp;</td>
+		</tr>
+END
+;
+	}
+
     if (! -f "${General::swroot}/ovpn/ca/cacert.pem") {
         print "<tr><td colspan='5' align='center'><form method='post'>";
    	print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />";
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index a4c166bfe..b6093be3e 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -894,6 +894,9 @@
 'download new ruleset' => 'Neuen Regelsatz herunterladen',
 'download pkcs12 file' => 'PKCS12-Datei herunterladen',
 'download root certificate' => 'Root-Zertifikat herunterladen',
+'download tls-auth key' => 'TLS-Auth Schlüssel herunterladen',
+'download tls-crypt key' => 'TLS-Crypt Schlüssel herunterladen',
+'download tls-crypt-v2 key' => 'TLS-Crypt-v2 Schlüssel herunterladen',
 'download tls-auth key' => 'tls-auth Key herunterladen',
 'dpd action' => 'Aktion für Erkennung toter Gegenstellen (Dead Peer Detection)',
 'dpd delay' => 'Verzögerung',
@@ -1951,7 +1954,7 @@
 'ovpn subnet' => 'OpenVPN-Subnetz:',
 'ovpn subnet is invalid' => 'Das OpenVPN-Subnetz ist ungültig.',
 'ovpn subnet overlap' => 'OpenVPNSubnetz überschneidet sich mit  ',
-'ovpn tls auth' => 'TLS-Kanalabsicherung:',
+'ovpn tls auth' => 'TLS-Kanalabsicherung',
 'ovpn warning 64 bit block cipher' => 'Diser Algorithmus ist unsicher und wird bald entfernt. <br>Bitte ändern Sie dies so schnell wie möglich!</br>',
 'ovpn warning algorithm' => 'Folgender Algorithmus wurde konfiguriert',
 'ovpn warning rfc3280' => 'Das Host Zertifikat ist nicht RFC3280 Regelkonform. <br>Bitte IPFire auf die letzte Version updaten und generieren sie ein neues Root und Host Zertifikat so bald wie möglich.</br><br>Es müssen dann alle OpenVPN clients erneuert werden!</br>',
@@ -2226,6 +2229,9 @@
 'show last x lines' => 'die letzten x Zeilen anzeigen',
 'show root certificate' => 'Root-Zertifikat anzeigen',
 'show share options' => 'Anzeige der Freigabeeinstellungen',
+'show tls-auth key' => 'TLS-Auth Schlüssel anzeigen',
+'show tls-crypt key' => 'TLS-Crypt Schlüssel anzeigen',
+'show tls-crypt-v2 key' => 'TLS-Crypt-v2 Schlüssel anzeigen',
 'shuffle' => 'Zufall',
 'shutdown' => 'Herunterfahren',
 'shutdown ask' => 'Herunterfahren?',
@@ -2352,6 +2358,8 @@
 'system logs' => 'Systemprotokolldateien',
 'system status information' => 'System-Statusinformationen',
 'ta key' => 'TLS-Authentifizierungsschlüssel',
+'tc key' => 'TLS-Kryptografie-Schlüssel',
+'tc v2 key' => 'TLS-Kryptografie-Schlüssel-Version2',
 'taa zombieload2' => 'TSX Async Abort / ZombieLoad v2',
 'tcp more reliable' => 'TCP (zuverlässiger)',
 'telephone not set' => 'Telefonnummer nicht angegeben.',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index dc324676a..fe2a9d65d 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -918,7 +918,9 @@
 'download new ruleset' => 'Download new ruleset',
 'download pkcs12 file' => 'Download PKCS12 file',
 'download root certificate' => 'Download root certificate',
-'download tls-auth key' => 'Download tls-auth key',
+'download tls-auth key' => 'Download TLS-Auth key',
+'download tls-crypt key' => 'Download TLS-Crypt key',
+'download tls-crypt-v2 key' => 'Download TLS-Crypt-v2 server key',
 'dpd action' => 'Action',
 'dpd delay' => 'Delay',
 'dpd timeout' => 'Timeout',
@@ -1983,7 +1985,7 @@
 'ovpn subnet' => 'OpenVPN subnet:',
 'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.',
 'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ',
-'ovpn tls auth' => 'TLS Channel Protection:',
+'ovpn tls auth' => 'TLS Channel Protection',
 'ovpn warning 64 bit block cipher' => 'This encryption algorithm is broken and will soon be removed. <br>Please change this as soon as possible!</br>',
 'ovpn warning algorithm' => 'You configured the algorithm',
 'ovpn warning rfc3280' => 'Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>',
@@ -2262,7 +2264,9 @@
 'show lines' => 'Show lines',
 'show root certificate' => 'Show root certificate',
 'show share options' => 'Show shares options',
-'show tls-auth key' => 'Show tls-auth key',
+'show tls-auth key' => 'Show TLS-Auth key',
+'show tls-crypt key' => 'Show TLS-Crypt key',
+'show tls-crypt-v2 key' => 'Show TLS-Crypt-v2 key',
 'shuffle' => 'Shuffle',
 'shutdown' => 'Shutdown',
 'shutdown ask' => 'Shutdown?',
@@ -2390,6 +2394,8 @@
 'system logs' => 'System Logs',
 'system status information' => 'System Status Information',
 'ta key' => 'TLS-Authentification-Key',
+'tc key' => 'TLS-Cryptografic-Key',
+'tc v2 key' => 'TLS-Cryptografic-Key-version2',
 'taa zombieload2' => 'TSX Async Abort / ZombieLoad v2',
 'tcp more reliable' => 'TCP (more reliable)',
 'telephone not set' => 'Telephone not set.',
diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl
index 1a0272b8a..99aa73482 100644
--- a/langs/es/cgi-bin/es.pl
+++ b/langs/es/cgi-bin/es.pl
@@ -717,6 +717,9 @@
 'download new ruleset' => 'Descargar nuevo grupo de reglas',
 'download pkcs12 file' => 'Descargar archivo PKCS12',
 'download root certificate' => 'Descargar certificado root',
+'download tls-auth key' => 'Descargar llave TLS-Auth',
+'download tls-crypt key' => 'Descargar llave TLS-Crypt',
+'download tls-crypt-v2 key' => 'Descargar llave servidor TLS-Crypt-v2',
 'dpd action' => 'Acción al detectar Dead Peer',
 'driver' => 'Driver',
 'drop input' => 'Registrar paquetes descartados',
@@ -1352,6 +1355,7 @@
 'ovpn subnet' => 'Subred de OpenVPN (ej. 10.0.10.0/255.255.255.0',
 'ovpn subnet is invalid' => 'Subred de OpenVPN no es válida.',
 'ovpn subnet overlap' => 'La subred de OpenVPN se traslapa con:',
+'ovpn tls auth' => 'Protección Canal TLS',
 'ovpn warning 64 bit block cipher' => 'Este algoritmo de cifrado del  está roto y pronto se eliminará. <br>¡Por favor, cambie esto lo antes posible!</br>',
 'ovpn warning algorithm' => 'Se configuró el siguiente algoritmo',
 'ovpn_fastio' => 'Fast-IO',
@@ -1596,6 +1600,9 @@
 'show lines' => 'Mostrar líneas',
 'show root certificate' => 'Mostrar certificado root',
 'show share options' => 'Mostrar opciones de recursos compartidos',
+'show tls-auth key' => 'Mostrar llave TLS-Auth',
+'show tls-crypt key' => 'Mostrar llave TLS-Crypt',
+'show tls-crypt-v2 key' => 'Mostrar llave TLS-Crypt-v2',
 'shuffle' => 'Al azar',
 'shutdown' => 'Apagar',
 'shutdown ask' => '¿Apagar?',
@@ -1698,6 +1705,9 @@
 'system log viewer' => 'Visor de registros (logs) del sistema',
 'system logs' => 'Registros del sistema',
 'system status information' => 'Información de status del sistema',
+'ta key' => 'Clave de Autentificación-TLS',
+'tc key' => 'Clave Criptográfica-TLS',
+'tc v2 key' => 'Clave Criptográfica-TLS versión 2',
 'telephone not set' => 'Teléfono no establecido.',
 'template' => 'Preestablecido',
 'template warning' => 'Tiene dos opciones para establecer QoS. La primera, presionar el botón Guardar y generar clases y reglas por ud. mismo. La segunda, presione el botón preestablecidos y las clases y reglas se generarán a partir de una plantilla',
diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl
index d5deea1c0..349ebb83d 100644
--- a/langs/fr/cgi-bin/fr.pl
+++ b/langs/fr/cgi-bin/fr.pl
@@ -921,7 +921,9 @@
 'download new ruleset' => 'Télécharger de nouvelles règles',
 'download pkcs12 file' => 'Télécharger le fichier PKCS12',
 'download root certificate' => 'Télécharger le certificat Root',
-'download tls-auth key' => 'Télécharger la clé tls-auth',
+'download tls-auth key' => 'Télécharger la clé TLS-Auth',
+'download tls-crypt key' => 'Télécharger la clef TLS-Crypt',
+'download tls-crypt-v2 key' => 'Télécharger la clef server TLS-Crypt-v2',
 'dpd action' => 'Détection du pair mort',
 'dpd delay' => 'Retard',
 'dpd timeout' => 'Délai dépassé',
@@ -1984,7 +1986,7 @@
 'ovpn subnet' => 'Sous-réseau OpenVPN',
 'ovpn subnet is invalid' => 'Sous-réseau OpenVPN non valide.',
 'ovpn subnet overlap' => 'Le sous-réseau OpenVPN se chevauche avec : ',
-'ovpn tls auth' => 'Protection du canal TLS :',
+'ovpn tls auth' => 'Protection du canal TLS',
 'ovpn warning 64 bit block cipher' => 'Ce L'algorithme de chiffage du n'est plus sûr et sera bientôt supprimé. <br>Veuillez changer cela dès que possible!</br>',
 'ovpn warning algorithm' => 'L'algorithme suivant a été configuré',
 'ovpn warning rfc3280' => 'Votre certificat d'hôte n'est pas conforme avec la RFC3280.<br>Veuillez mettre à jour la dernière version d'IPFire et générer dès que possible un nouveau certificat racine et hôte.</br><br>Tous les clients OpenVPN doivent ensuite être renouvelés !</br>',
@@ -2266,7 +2268,9 @@
 'show lines' => 'Montrer les lignes',
 'show root certificate' => 'Afficher le certificat root',
 'show share options' => 'Montrer les options partagées',
-'show tls-auth key' => 'Afficher clef tls-auth',
+'show tls-auth key' => 'Afficher clef TLS-Auth',
+'show tls-crypt key' => 'Montrer la clef TLS-Crypt',
+'show tls-crypt-v2 key' => 'Montrer la clef TLS-Crypt-v2',
 'shuffle' => 'Mélanger',
 'shutdown' => 'Arrêter',
 'shutdown ask' => 'Arrêter ?',
@@ -2394,6 +2398,8 @@
 'system logs' => 'Rapports système',
 'system status information' => 'Informations sur le statut du système',
 'ta key' => 'Clé d'authentification TLS',
+'tc key' => 'Clef de chiffrage TLS',
+'tc v2 key' => 'Clef de chiffrage TLS version2',
 'taa zombieload2' => 'TSX Async Abort / ZombieLoad v2',
 'tcp more reliable' => 'TCP (plus fiable)',
 'telephone not set' => 'Numéro de téléphone non défini.',
diff --git a/langs/it/cgi-bin/it.pl b/langs/it/cgi-bin/it.pl
index ad16de583..cbbb3bb80 100644
--- a/langs/it/cgi-bin/it.pl
+++ b/langs/it/cgi-bin/it.pl
@@ -1739,6 +1739,7 @@
 'ovpn subnet' => 'OpenVPN subnet (e.g. 10.0.10.0/255.255.255.0)',
 'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.',
 'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ',
+'ovpn tls auth' => 'Protezione del canale TLS',
 'ovpn warning 64 bit block cipher' => 'L'algoritmo di crittografia è insicuro e verrà presto disinstallato.<br>Si prega di cambiare il più presto possibile!</br>',
 'ovpn warning algorithm' => 'È stato configurato il seguente algoritmo',
 'ovpn_fastio' => 'Fast-IO',
@@ -1994,7 +1995,9 @@
 'show lines' => 'Show lines',
 'show root certificate' => 'Show root certificate',
 'show share options' => 'Show shares options',
-'show tls-auth key' => 'Show tls-auth key',
+'show tls-auth key' => 'Mostra la chiave TLS-Auth',
+'show tls-crypt key' => 'Mostra la chiave TLS-Crypt',
+'show tls-crypt-v2 key' => 'Mostra la chiave TLS-Crypt v2',
 'shuffle' => 'Shuffle',
 'shutdown' => 'Spegni',
 'shutdown ask' => 'Spegni?',
@@ -2107,6 +2110,8 @@
 'system logs' => 'Log di Sistema',
 'system status information' => 'Informazioni e stato del sistema',
 'ta key' => 'TLS-Authentification-Key',
+'tc key' => 'Chiave-Crittografica-TLS',
+'tc v2 key' => 'Chiave-Crittografica-TLS-v2',
 'telephone not set' => 'Telephone not set.',
 'template' => 'Preset',
 'template warning' => 'Ci sono due opzioni per impostare il Qos. La prima: si preme il pulsante Salva e poi si generano le classi e le regole da soli. La seconda: si preme il tasto di preset e le classi e le regole saranno automaticamente generate da un modello.',
diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl
index b0f037e0c..23ccaedf9 100644
--- a/langs/nl/cgi-bin/nl.pl
+++ b/langs/nl/cgi-bin/nl.pl
@@ -794,6 +794,9 @@
 'download new ruleset' => 'Download nieuwe regelset',
 'download pkcs12 file' => 'Download PKCS12 bestand',
 'download root certificate' => 'Download root certificaat',
+'download tls-auth key' => 'Download TLS-Auth sleutel',
+'download tls-crypt key' => 'Download TLS-Crypt sleutel',
+'download tls-crypt-v2 key' => 'Download TLS-Crypt-v2 server sleutel',
 'dpd action' => 'Dead peer-detectie actie',
 'dpd delay' => 'Vertraging',
 'dpd timeout' => 'Timeout',
@@ -1660,12 +1663,13 @@
 'ovpn' => 'OpenVPN',
 'ovpn con stat' => 'OpenVPN connectiestatistieken',
 'ovpn config' => 'OVPN-Configuratie',
+'ovpn crypt options' => 'Cryptografische opties',
 'ovpn channel encryption' => 'Control-kanaal versleuteling',
 'ovpn control channel v2' => 'Controle-Kanaal TLSv2',
 'ovpn control channel v3' => 'Controle-Kanaal TLSv3',
 'ovpn data encryption' => 'Datakanaalversleuteling',
 'ovpn data channel authentication' => 'Gegevens en kanaal verificatie',
-'ovpn data channel' => 'Data-kanaal',
+'ovpn data channel' => 'Data-Kanaal',
 'ovpn data channel fallback' => 'Data-Kanaal terugval',
 'ovpn device' => 'OpenVPN apparaat:',
 'ovpn dl' => 'OVPN-Configuratie download',
@@ -1693,6 +1697,7 @@
 'ovpn subnet' => 'OpenVPN subnet (bijv. 10.0.10.0/255.255.255.0)',
 'ovpn subnet is invalid' => 'OpenVPN subnet is ongeldig.',
 'ovpn subnet overlap' => 'OpenVPN subnet overlapt met : ',
+'ovpn tls auth' => 'TLS Kanaal bescherming',
 'ovpn warning 64 bit block cipher' => 'Dit encryptie algoritme is verbroken en zal binnenkort worden verwijderd. <br>Verander dit zo snel mogelijk!</br>',
 'ovpn warning algorithm' => 'U hebt het algoritme geconfigureerd',
 'ovpn warning rfc3280' => 'Uw gastheercertificaat is niet RFC3280-conform. <br>Please-update naar de nieuwste IPFire-versie en genereer zo snel mogelijk een nieuw root- en host-certificaat.</br><br>Alle OpenVPN-clients moeten dan vernieuwd worden!</br>',
@@ -1948,6 +1953,9 @@
 'show lines' => 'Toon regels',
 'show root certificate' => 'Toon root certificaat',
 'show share options' => 'Toon shares opties',
+'show tls-auth key' => 'Toon TLS-Auth sleutel',
+'show tls-crypt key' => 'Toon TLS-Crypt sleutel',
+'show tls-crypt-v2 key' => 'Toon TLS-Crypt-v2 sleutel',
 'shuffle' => 'Willekeurige volgorde',
 'shutdown' => 'Afsluiten',
 'shutdown ask' => 'Afsluiten?',
@@ -2057,6 +2065,9 @@
 'system log viewer' => 'Systeem Log Viewer',
 'system logs' => 'Systeem logs',
 'system status information' => 'Systeem Status Informatie',
+'ta key' => 'TLS-Authentificatie-sleutel',
+'tc key' => 'TLS-Cryptografische-sleutel',
+'tc v2 key' => 'TLS-Cryptografische sleutel-versie2',
 'telephone not set' => 'Telefoon niet ingesteld.',
 'template' => 'Vooringesteld',
 'template warning' => 'U heeft twee opties voor QoS. Bij de eerste klikt u op de knop opslaan en genereert u zelf de klassen en regels. Voor de tweede klikt u op de "vooringesteld" knop en worden de regels middels een sjabloon voor u ingesteld.',
diff --git a/langs/pl/cgi-bin/pl.pl b/langs/pl/cgi-bin/pl.pl
index 5e8ec0864..fb7c12e85 100644
--- a/langs/pl/cgi-bin/pl.pl
+++ b/langs/pl/cgi-bin/pl.pl
@@ -719,6 +719,9 @@
 'download new ruleset' => 'Pobierz nowy zestaw reguł',
 'download pkcs12 file' => 'Pobierz plik PKCS12',
 'download root certificate' => 'Pobierz certyfikat root',
+'download tls-auth key' => 'Pobierz klucz TLS-Auth',
+'download tls-crypt key' => 'Pobierz klucz TLS-Crypt',
+'download tls-crypt-v2 key' => 'Pobierz klucz serwera TLS-Crypt-v2',
 'dpd action' => 'Dead Peer Detection action',
 'driver' => 'Sterownik',
 'drop input' => 'Loguj odrzucone pakiety wejściowe (input packets)',
@@ -1365,6 +1368,7 @@
 'ovpn subnet' => 'Podsieć OpenVPN (np. 10.0.10.0/255.255.255.0)',
 'ovpn subnet is invalid' => 'Podsieć OpenVPN jest niepoprawna.',
 'ovpn subnet overlap' => 'Podsieć OpenVPN zachodzi na : ',
+'ovpn tls auth' => 'Ochrona Kanału-TLS',
 'ovpn warning 64 bit block cipher' => 'Szyfr danych wymaga co najmniej jednego szyfru. <br>Proszę to zmienić jak najszybciej!</br>',
 'ovpn warning algorithm' => 'Skonfigurowałeś algorytm',
 'ovpn_fastio' => 'Fast-IO',
@@ -1609,6 +1613,9 @@
 'show lines' => 'Pokaż linie',
 'show root certificate' => 'Pokaż certyfikat root',
 'show share options' => 'Pokaż opcje zasobu',
+'show tls-auth key' => 'Pokaż klucz TLS-Auth',
+'show tls-crypt key' => 'Pokaż klucz TLS-Crypt',
+'show tls-crypt-v2 key' => 'Pokaż klucz TLS-Crypt-v2',
 'shuffle' => 'Losowo',
 'shutdown' => 'Wyłącz',
 'shutdown ask' => 'Wyłączyć?',
@@ -1712,6 +1719,9 @@
 'system log viewer' => 'Przegląd logów systemu',
 'system logs' => 'Logi systemu',
 'system status information' => 'Informacje o stanie systemu',
+'ta key' => 'TLS-Klucz-Uwierzytelniający',
+'tc key' => 'TLS-Klucz-Kryptograficzny',
+'tc v2 key' => 'TLS-Klucz-Kryptograficzny-wersja2',
 'telephone not set' => 'Telephone not set.',
 'template' => 'Schemat',
 'template warning' => 'Masz 2 możliwości skonfigurowania QoS. Pierwsza to naciśnięcie przycisku zapisz i skonfigurowanie klas i reguł samodzielnie. Druga to wciśnięcie przycisku schemat aby utworzyć klasy i reguły ze schematu.',
diff --git a/langs/ru/cgi-bin/ru.pl b/langs/ru/cgi-bin/ru.pl
index 6e3af2d7e..c4520ae2c 100644
--- a/langs/ru/cgi-bin/ru.pl
+++ b/langs/ru/cgi-bin/ru.pl
@@ -714,6 +714,9 @@
 'download new ruleset' => 'Загрузить новые правила',
 'download pkcs12 file' => 'Загрузить PKCS12 файл',
 'download root certificate' => 'Загрузить root сертификат',
+'download tls-auth key' => 'Скачать TLS-Auth ключ',
+'download tls-crypt key' => 'Скачать TLS-Crypt ключ',
+'download tls-crypt-v2 key' => 'Скачать серверный ключ TLS-Crypt-v2',
 'dpd action' => 'Действие при обнаружении Dead Peer',
 'driver' => 'Драйвер',
 'drop input' => 'Записывать сброшенные входящие пакеты',
@@ -1339,6 +1342,7 @@
 'ovpn channel encryption' => 'Шифрование каналов управления',
 'ovpn control channel v2' => 'Канал-управления TLSv2',
 'ovpn control channel v3' => 'Канал-управления TLSv3',
+'ovpn crypt options' => 'Криптографические опции',
 'ovpn data encryption' => 'шифрование-каналов данных',
 'ovpn data channel authentication' => 'Аутентификация данных и каналов',
 'ovpn data channel' => 'Информационный-канал',
@@ -1359,6 +1363,7 @@
 'ovpn subnet' => 'Подсеть OpenVPN (e.g. 10.0.10.0/255.255.255.0)',
 'ovpn subnet is invalid' => 'Подсеть OpenVPN задана неверно.',
 'ovpn subnet overlap' => 'Подсеть OpenVPN пересекается с: ',
+'ovpn tls auth' => 'Защита канала TLS',
 'ovpn warning 64 bit block cipher' => 'Этот алгоритм шифрования сломан и вскоре будет удален. <br>Пожалуйста, измените это как можно скорее!</br>',
 'ovpn warning algorithm' => 'Вы настроили алгоритм',
 'ovpn_fastio' => 'Fast-IO',
@@ -1603,6 +1608,9 @@
 'show lines' => 'Показать строки',
 'show root certificate' => 'Показать root сертификат',
 'show share options' => 'Показать настройки общих ресурсов',
+'show tls-auth key' => 'Показать ключ TLS-Auth',
+'show tls-crypt key' => 'Показать ключ TLS-Crypt',
+'show tls-crypt-v2 key' => 'Показать ключ TLS-Crypt-клавиша-v2',
 'shuffle' => 'Перемешать',
 'shutdown' => 'Выключить',
 'shutdown ask' => 'Выключить?',
@@ -1706,6 +1714,9 @@
 'system log viewer' => 'System Log Viewer',
 'system logs' => 'Системные журналы',
 'system status information' => 'System Status Information',
+'ta key' => 'TLS-Аутентификация-Кей',
+'tc key' => 'TLS-криптографический-ключ',
+'tc v2 key' => 'TLS-криптографическая-версия2',
 'telephone not set' => 'Telephone not set.',
 'template' => 'Задать',
 'template warning' => 'У Вас есть две опции для установки Qos. Первая - нажать кнопку сохранения и сгенерировать классы и правила самостоятельно. Вторая - задать правила по шаблону.',
diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl
index e55a73aa3..1cde33dc7 100644
--- a/langs/tr/cgi-bin/tr.pl
+++ b/langs/tr/cgi-bin/tr.pl
@@ -879,6 +879,9 @@
 'download new ruleset' => 'Yeni Kural Kümesi İndir',
 'download pkcs12 file' => 'PKCS12 dosyasını indir',
 'download root certificate' => 'Root sertifikasını indir',
+'download tls-auth key' => 'TLS-Auth anahtarını indirin',
+'download tls-crypt key' => 'TLS-Crypt anahtarını indirin',
+'download tls-crypt-v2 key' => 'TLS-Crypt-v2 sunucu anahtarını indirin',
 'download tls-auth key' => 'Tls kimlik doğrulama anahtarını indir',
 'dpd action' => 'Hareketsiz eş algılama eylemi',
 'dpd delay' => 'Gecikme',
@@ -1884,6 +1887,7 @@
 'ovpn subnet' => 'OpenVPN alt ağı (örneğin 10.0.10.0/255.255.255.0)',
 'ovpn subnet is invalid' => 'Geçersiz OpenVPN alt ağı.',
 'ovpn subnet overlap' => 'OpenVPN alt ağı ile örtüşenler: ',
+'ovpn tls auth' => 'TLS Kanal Koruması',
 'ovpn warning 64 bit block cipher' => 'Bu şifreleme algoritması bozuldu ve yakında kaldırılacak. <br> Lütfen bunu mümkün olan en kısa sürede değiştirin!</br>',
 'ovpn warning algorithm' => 'Algoritmayı sen yapılandırdın',
 'ovpn_fastio' => 'Hızlı-IO',
@@ -2148,6 +2152,9 @@
 'show root certificate' => 'Root sertifikasını göster',
 'show share options' => 'Paylaşım seçeneklerini göster',
 'show tls-auth key' => 'Tls kimlik doğrulama anahtarını göster',
+'show tls-auth key' => 'TLS-Auth anahtarını göster',
+'show tls-crypt key' => 'TLS-Crypt anahtarını göster',
+'show tls-crypt-v2 key' => 'TLS-Crypt-v2 anahtarını göster',
 'shuffle' => 'Karma',
 'shutdown' => 'Kapat',
 'shutdown ask' => 'Kapat?',
@@ -2260,6 +2267,8 @@
 'system logs' => 'Sistem Günlükleri',
 'system status information' => 'Sistem Durum Bilgisi',
 'ta key' => 'TLS Kimlik Doğrulama Anahtarı',
+'tc key' => 'TLS-Şifreleme-Anahtarı',
+'tc v2 key' => 'TLS-Şifreleme-Anahtarı-versiyon 2',
 'tcp more reliable' => 'TCP (daha güvenli)',
 'telephone not set' => 'Telefon ayarlanmamış.',
 'template' => 'Ön Ayar',
-- 
2.20.1


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

[PATCH v2 7/7] OpenVPN: Moved TLS auth to advanced encryption section