This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via ae6ae33f847ea063331b8ce205148334925385fd (commit) via 41dfa08d2a9be671a48d4e0cd33f1e89541ae0d8 (commit) via 5240f73d9c73c30ea92fab982d31ca986fb86e2e (commit) via 93b36c3e229a1d7b57deebbb8749bcaa966aa46e (commit) via 4c7bfb1f271bdd0de493772a15209e038344e57c (commit) via 6bd4bcdaa12cc7a3111d6a9c26ab6cd1124c618a (commit) via fc84e6ec23f824f6a72935c0d274ac4fe948f0a0 (commit) via 296a73a5326636a53c642dcd046b03fcff221835 (commit) via dd29d563a603b0bc182af23efd5160caf75657c4 (commit) via 2d6ac13175c0ffa0a5940d812fb45e91f5585264 (commit) via 1202ee15395ebd7bfe85c328d46e33b21f97f5eb (commit) via fff2be22a4f97ff5b0479b1f261e783b2737ee92 (commit) via 06f320318f4bed98f57bb7dd8b00f538dc24ecbf (commit) via fde47f5aef2aa779350cec85b5c19327fa36b938 (commit) via c438fb070e42080e86da5de68f0a6700960ef2d2 (commit) via bde7a7d296b2d0ab165687d9c46dcf67caf955a1 (commit) via f424897557ee41cd235ae293820a558c98e9caf2 (commit) via e4aac473708d259a77830d5f4c2c95f436d3df54 (commit) via a5ecf5f031b1d3f08ac7adebfc38f96860139b9c (commit) via 4c962356a0bf2ecc935ea08e19f273b3e9cc7c2d (commit) via abfd82b15e479ccfc351328ca0e86fc646f0eac5 (commit) from 8089b78d9d955cc7b4c4a6284b2499c9e234a799 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit ae6ae33f847ea063331b8ce205148334925385fd Merge: 8089b78 41dfa08 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Mar 30 00:21:33 2014 +0100
Merge branch 'beyond-next' into next
commit 41dfa08d2a9be671a48d4e0cd33f1e89541ae0d8 Merge: 5240f73 93b36c3 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Mar 26 23:43:04 2014 +0100
Merge branch 'ppp-update' into beyond-next
commit 5240f73d9c73c30ea92fab982d31ca986fb86e2e Merge: 4c7bfb1 513c321 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Mar 26 23:42:57 2014 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into beyond-next
commit 93b36c3e229a1d7b57deebbb8749bcaa966aa46e Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Mar 26 23:42:05 2014 +0100
ppp: Update to 2.4.6.
commit 4c7bfb1f271bdd0de493772a15209e038344e57c Merge: 6bd4bcd abfd82b Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Mar 21 14:48:22 2014 +0100
Merge remote-tracking branch 'stevee/squid-zph-qos' into beyond-next
commit 6bd4bcdaa12cc7a3111d6a9c26ab6cd1124c618a Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Mar 21 13:46:03 2014 +0100
squid: Update to 3.4.4.
commit fc84e6ec23f824f6a72935c0d274ac4fe948f0a0 Merge: 296a73a a5ecf5f Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 20 23:16:15 2014 +0100
Merge remote-tracking branch 'alfh/feature_vnstat_1.11' into beyond-next
commit 296a73a5326636a53c642dcd046b03fcff221835 Merge: dd29d56 fff2be2 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 20 23:15:49 2014 +0100
Merge remote-tracking branch 'alfh/feature_firewalllogcountry' into beyond-next
Conflicts: langs/de/cgi-bin/de.pl
commit dd29d563a603b0bc182af23efd5160caf75657c4 Merge: 2d6ac13 0d0df35 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 20 23:14:13 2014 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into beyond-next
Conflicts: doc/language_issues.es doc/language_issues.fr doc/language_issues.nl doc/language_issues.pl doc/language_issues.ru doc/language_issues.tr doc/language_missings
commit 2d6ac13175c0ffa0a5940d812fb45e91f5585264 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Mar 11 14:19:55 2014 +0100
Update translations.
commit 1202ee15395ebd7bfe85c328d46e33b21f97f5eb Merge: 826c22d 4c96235 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Mar 11 14:19:14 2014 +0100
Merge remote-tracking branch 'ummeegge/openvpn' into beyond-next
commit fff2be22a4f97ff5b0479b1f261e783b2737ee92 Author: Alf HÞgemark alf@i100.no Date: Sat Mar 1 15:00:51 2014 +0100
firewalllogcountry.dat: Fix filename for piechart image
commit 06f320318f4bed98f57bb7dd8b00f538dc24ecbf Author: Alf HÞgemark alf@i100.no Date: Sat Feb 22 17:31:44 2014 +0100
firewalllogcountry.dat: Simplify code for table background color
commit fde47f5aef2aa779350cec85b5c19327fa36b938 Author: Alf HÞgemark alf@i100.no Date: Sat Feb 22 08:03:59 2014 +0100
firewalllogcountry.dat: Show green0,blue0, and orange0 as countries
It makes sense to see how many fire wall logs entries are dropped from the interfaces green0, blue0, and orange0, so this is displayed as a country. The showrequestfromcountry.dat also supports filtering based on the interface.
commit c438fb070e42080e86da5de68f0a6700960ef2d2 Author: Alf HÞgemark alf@i100.no Date: Mon Feb 17 20:13:53 2014 +0100
en.pl: Trivial sorting of a key
commit bde7a7d296b2d0ab165687d9c46dcf67caf955a1 Author: Alf HÞgemark alf@i100.no Date: Mon Feb 17 20:05:00 2014 +0100
showrequestfromcountry.dat: Use language string, and fix links
Define language key for input field. Fix links for older and newer links. Indentation fixes.
The code is a copy from showrequestfromip.dat, ideally we should have merged all three showrequestfrom*.dat files into one file, but I do not do that now, because it would really require a rewrite of most of the logic, and I understand that one does not want to do such changes in 2.x.
commit f424897557ee41cd235ae293820a558c98e9caf2 Author: Alf HÞgemark alf@i100.no Date: Sun Feb 16 07:18:41 2014 +0100
firewalllogcountry.dat: Use language strings and add to menu
Add some language strings for the new firewalllogport.dat, and include html fixes done in firewalllogip.dat, which this file is based on.
Also try to add the menu item to the sub menu, but that is currently not working.
commit e4aac473708d259a77830d5f4c2c95f436d3df54 Author: Alf HÞgemark alf@i100.no Date: Wed Feb 12 18:09:53 2014 +0100
logs.cgi: Add files for showing firewall blocks by country
Add similair functionality as firewalllogip.dat and firewalllogport.dat, by listing the number of blocks per country, and provide a details link to show only the blocked ip addresses from the country.
This is a preliminary prototype.
commit a5ecf5f031b1d3f08ac7adebfc38f96860139b9c Author: Alf HÞgemark alf@i100.no Date: Sat Mar 1 14:51:17 2014 +0100
vnstat: Update to 1.11
Update vnstat to version 1.11, which also contains the vnstati binary, for making graphs.
Remove the separate vnstati package.
This commit does not contain anything for doing backups before upgrading, since I do not know how that works.
The source for vnstat-1.11 has been downloaded from : http://humdi.net/vnstat/vnstat-1.11.tar.gz The changelog for vnstat-11 is here : http://humdi.net/vnstat/CHANGES
commit 4c962356a0bf2ecc935ea08e19f273b3e9cc7c2d Author: Erik Kapfer erik.kapfer@ipfire.org Date: Thu Feb 27 10:01:57 2014 +0100
OpenVPN: Added auth and cipher menu, changed design, fixed bugs.
Added --auth directive with a flip menu for N2N and RW. Added cipher menu for N2N. Added new cipher and digest algorithm. Adapted OpenVPN WUI design to IPSec design. Changed key lenght for certificates with factor 2. Added DH menu to WUI, with DH upload possibility and separated DH generation possibility. Several Bugfixes, reference can be found under Bug #10463. Also Fixes for #10317 and #10149.
commit abfd82b15e479ccfc351328ca0e86fc646f0eac5 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 22 20:29:26 2014 +0100
Squid: Enable support for zph-qos.
Fixes #10087.
-----------------------------------------------------------------------
Summary of changes: config/menu/70-log.menu | 5 + config/rootfiles/common/ppp | 26 +- config/rootfiles/common/squid | 6 +- config/rootfiles/common/vnstat | 5 + config/rootfiles/common/vnstati | 2 - doc/language_issues.de | 14 +- doc/language_issues.en | 14 +- doc/language_issues.es | 20 +- doc/language_issues.fr | 20 +- doc/language_issues.nl | 20 +- doc/language_issues.pl | 20 +- doc/language_issues.ru | 20 +- doc/language_issues.tr | 20 +- doc/language_missings | 88 +- .../{firewalllogip.dat => firewalllogcountry.dat} | 88 +- ...equestfromip.dat => showrequestfromcountry.dat} | 181 +-- html/cgi-bin/ovpnmain.cgi | 1284 +++++++++++++------- langs/de/cgi-bin/de.pl | 51 +- langs/en/cgi-bin/en.pl | 43 +- lfs/ppp | 11 +- lfs/squid | 8 +- lfs/vnstat | 6 +- lfs/vnstati | 79 -- make.sh | 1 - 24 files changed, 1246 insertions(+), 786 deletions(-) delete mode 100644 config/rootfiles/common/vnstati copy html/cgi-bin/logs.cgi/{firewalllogip.dat => firewalllogcountry.dat} (85%) copy html/cgi-bin/logs.cgi/{showrequestfromip.dat => showrequestfromcountry.dat} (69%) delete mode 100644 lfs/vnstati
Difference in files: diff --git a/config/menu/70-log.menu b/config/menu/70-log.menu index 25ba090..08973de 100644 --- a/config/menu/70-log.menu +++ b/config/menu/70-log.menu @@ -33,6 +33,11 @@ 'title' => "$Lang::tr{'firewall logs port'}", 'enabled' => 1 }; + $sublogs->{'43.firewallcountry'} = {'caption' => $Lang::tr{'firewall logs country'}, + 'uri' => '/cgi-bin/logs.cgi/firewalllogcountry.dat', + 'title' => "$Lang::tr{'firewall logs country'}", + 'enabled' => 1 + }; $sublogs->{'50.ids'} = {'caption' => $Lang::tr{'ids logs'}, 'uri' => '/cgi-bin/logs.cgi/ids.dat', 'title' => "$Lang::tr{'ids logs'}", diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp index 60e6f5b..709e0d0 100644 --- a/config/rootfiles/common/ppp +++ b/config/rootfiles/common/ppp @@ -14,8 +14,10 @@ etc/ppp/standardloginscript #usr/include/pppd/chap_ms.h #usr/include/pppd/eap.h #usr/include/pppd/ecp.h +#usr/include/pppd/eui64.h #usr/include/pppd/fsm.h #usr/include/pppd/ipcp.h +#usr/include/pppd/ipv6cp.h #usr/include/pppd/ipxcp.h #usr/include/pppd/lcp.h #usr/include/pppd/magic.h @@ -31,18 +33,18 @@ etc/ppp/standardloginscript #usr/include/pppd/tdb.h #usr/include/pppd/upap.h usr/lib/pppd -usr/lib/pppd/2.4.5 -usr/lib/pppd/2.4.5/minconn.so -usr/lib/pppd/2.4.5/openl2tp.so -usr/lib/pppd/2.4.5/passprompt.so -usr/lib/pppd/2.4.5/passwordfd.so -usr/lib/pppd/2.4.5/pppoatm.so -usr/lib/pppd/2.4.5/pppol2tp.so -usr/lib/pppd/2.4.5/radattr.so -usr/lib/pppd/2.4.5/radius.so -usr/lib/pppd/2.4.5/radrealms.so -usr/lib/pppd/2.4.5/rp-pppoe.so -usr/lib/pppd/2.4.5/winbind.so +usr/lib/pppd/2.4.6 +usr/lib/pppd/2.4.6/minconn.so +usr/lib/pppd/2.4.6/openl2tp.so +usr/lib/pppd/2.4.6/passprompt.so +usr/lib/pppd/2.4.6/passwordfd.so +usr/lib/pppd/2.4.6/pppoatm.so +usr/lib/pppd/2.4.6/pppol2tp.so +usr/lib/pppd/2.4.6/radattr.so +usr/lib/pppd/2.4.6/radius.so +usr/lib/pppd/2.4.6/radrealms.so +usr/lib/pppd/2.4.6/rp-pppoe.so +usr/lib/pppd/2.4.6/winbind.so usr/sbin/chat usr/sbin/pppd usr/sbin/pppdump diff --git a/config/rootfiles/common/squid b/config/rootfiles/common/squid index 9515dc3..76abbe8 100644 --- a/config/rootfiles/common/squid +++ b/config/rootfiles/common/squid @@ -34,7 +34,7 @@ usr/lib/squid/basic_smb_auth usr/lib/squid/basic_smb_auth.sh #usr/lib/squid/cachemgr.cgi usr/lib/squid/cert_tool -usr/lib/squid/digest_edirectory_auth +usr/lib/squid/cert_valid.pl usr/lib/squid/digest_file_auth usr/lib/squid/digest_ldap_auth usr/lib/squid/diskd @@ -1374,6 +1374,7 @@ usr/lib/squid/errors/pl/error-details.txt #usr/lib/squid/errors/pt-br/ERR_WRITE_ERROR #usr/lib/squid/errors/pt-br/ERR_ZERO_SIZE_OBJECT #usr/lib/squid/errors/pt-br/error-details.txt +#usr/lib/squid/errors/pt-bz #usr/lib/squid/errors/pt-pt #usr/lib/squid/errors/pt/ERR_ACCESS_DENIED #usr/lib/squid/errors/pt/ERR_ACL_TIME_QUOTA_EXCEEDED @@ -2148,6 +2149,7 @@ usr/lib/squid/mib.txt usr/lib/squid/negotiate_wrapper_auth usr/lib/squid/ntlm_fake_auth usr/lib/squid/ntlm_smb_lm_auth +usr/lib/squid/storeid_file_rewrite usr/lib/squid/unlinkd usr/lib/squid/url_fake_rewrite usr/lib/squid/url_fake_rewrite.sh @@ -2173,6 +2175,7 @@ usr/sbin/updxlrator #usr/share/man/man8/ext_wbinfo_group_acl.8 #usr/share/man/man8/log_db_daemon.8 #usr/share/man/man8/squid.8 +#usr/share/man/man8/storeid_file_rewrite.8 #var/cache/squid var/ipfire/proxy/errorpage-ipfire.css var/ipfire/proxy/errorpage-squid.css @@ -2190,4 +2193,3 @@ var/log/cache var/log/squid/access.log var/log/updatexlrator #var/logs -#var/run/squid diff --git a/config/rootfiles/common/vnstat b/config/rootfiles/common/vnstat index 57c54db..faabf47 100644 --- a/config/rootfiles/common/vnstat +++ b/config/rootfiles/common/vnstat @@ -2,5 +2,10 @@ #etc/cron.d/vnstat etc/vnstat.conf usr/bin/vnstat +usr/bin/vnstati +#usr/sbin/vnstatd +#usr/share/man/man5/vnstat.conf.5 +#usr/share/man/man1/vnstatd.1 +#usr/share/man/man1/vnstati.1 #usr/share/man/man1/vnstat.1 #var/lib/vnstat diff --git a/config/rootfiles/common/vnstati b/config/rootfiles/common/vnstati deleted file mode 100644 index a40fc8c..0000000 --- a/config/rootfiles/common/vnstati +++ /dev/null @@ -1,2 +0,0 @@ -usr/bin/vnstati -#usr/share/man/man1/vnstati.1.gz diff --git a/doc/language_issues.de b/doc/language_issues.de index a7d8940..8bf36d6 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -1,4 +1,3 @@ -WARNING: translation string unused: Client status and controlc WARNING: translation string unused: ConnSched scheduler WARNING: translation string unused: ConnSched select profile WARNING: translation string unused: HDD temperature @@ -355,6 +354,7 @@ WARNING: translation string unused: network time WARNING: translation string unused: network traffic graphs WARNING: translation string unused: network updated WARNING: translation string unused: networks settings +WARNING: translation string unused: never WARNING: translation string unused: new optionsfw must boot WARNING: translation string unused: no alcatelusb firmware WARNING: translation string unused: no cfg upload @@ -399,10 +399,11 @@ WARNING: translation string unused: outgoing firewall reset WARNING: translation string unused: outgoing firewall view group WARNING: translation string unused: outgoing firewall warning WARNING: translation string unused: override mtu -WARNING: translation string unused: ovpn WARNING: translation string unused: ovpn config WARNING: translation string unused: ovpn dl +WARNING: translation string unused: ovpn engines WARNING: translation string unused: ovpn log +WARNING: translation string unused: ovpn reneg sec WARNING: translation string unused: ovpn_fastio WARNING: translation string unused: ovpn_fragment WARNING: translation string unused: ovpn_mssfix @@ -449,16 +450,12 @@ WARNING: translation string unused: released WARNING: translation string unused: removable device advice WARNING: translation string unused: reportfile WARNING: translation string unused: requested data -WARNING: translation string unused: reserved dst port -WARNING: translation string unused: reserved src port WARNING: translation string unused: restore hardware settings WARNING: translation string unused: root WARNING: translation string unused: root path WARNING: translation string unused: root user password WARNING: translation string unused: route subnet is invalid WARNING: translation string unused: router ip -WARNING: translation string unused: rsvd dst port overlap -WARNING: translation string unused: rsvd src port overlap WARNING: translation string unused: rules already up to date WARNING: translation string unused: safe removal of umounted device WARNING: translation string unused: save error @@ -609,10 +606,15 @@ WARNING: untranslated string: addons WARNING: untranslated string: bytes WARNING: untranslated string: community rules WARNING: untranslated string: dead peer detection +WARNING: untranslated string: dns servers +WARNING: untranslated string: downlink WARNING: untranslated string: emerging rules +WARNING: untranslated string: first WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: last WARNING: untranslated string: qos add subclass WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: uplink diff --git a/doc/language_issues.en b/doc/language_issues.en index 26c8d32..7cf6953 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1,4 +1,3 @@ -WARNING: translation string unused: Client status and controlc WARNING: translation string unused: ConnSched scheduler WARNING: translation string unused: ConnSched select profile WARNING: translation string unused: HDD temperature @@ -380,6 +379,7 @@ WARNING: translation string unused: network time WARNING: translation string unused: network traffic graphs WARNING: translation string unused: network updated WARNING: translation string unused: networks settings +WARNING: translation string unused: never WARNING: translation string unused: new optionsfw must boot WARNING: translation string unused: no alcatelusb firmware WARNING: translation string unused: no cfg upload @@ -425,10 +425,11 @@ WARNING: translation string unused: outgoing firewall reset WARNING: translation string unused: outgoing firewall view group WARNING: translation string unused: outgoing firewall warning WARNING: translation string unused: override mtu -WARNING: translation string unused: ovpn WARNING: translation string unused: ovpn config WARNING: translation string unused: ovpn dl +WARNING: translation string unused: ovpn engines WARNING: translation string unused: ovpn log +WARNING: translation string unused: ovpn reneg sec WARNING: translation string unused: ovpn_fastio WARNING: translation string unused: ovpn_fragment WARNING: translation string unused: ovpn_mssfix @@ -476,16 +477,12 @@ WARNING: translation string unused: released WARNING: translation string unused: removable device advice WARNING: translation string unused: reportfile WARNING: translation string unused: requested data -WARNING: translation string unused: reserved dst port -WARNING: translation string unused: reserved src port WARNING: translation string unused: restore hardware settings WARNING: translation string unused: root WARNING: translation string unused: root path WARNING: translation string unused: root user password WARNING: translation string unused: route subnet is invalid WARNING: translation string unused: router ip -WARNING: translation string unused: rsvd dst port overlap -WARNING: translation string unused: rsvd src port overlap WARNING: translation string unused: rules already up to date WARNING: translation string unused: safe removal of umounted device WARNING: translation string unused: save error @@ -640,8 +637,13 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs WARNING: untranslated string: bytes +WARNING: untranslated string: dns servers +WARNING: untranslated string: downlink +WARNING: untranslated string: first WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: last WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: uplink diff --git a/doc/language_issues.es b/doc/language_issues.es index ab8dea7..e324684 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -369,7 +369,6 @@ WARNING: translation string unused: outgoing firewall p2p description WARNING: translation string unused: outgoing firewall reset WARNING: translation string unused: outgoing firewall warning WARNING: translation string unused: override mtu -WARNING: translation string unused: ovpn WARNING: translation string unused: ovpn config WARNING: translation string unused: ovpn dl WARNING: translation string unused: ovpn log @@ -420,16 +419,12 @@ WARNING: translation string unused: released WARNING: translation string unused: removable device advice WARNING: translation string unused: reportfile WARNING: translation string unused: requested data -WARNING: translation string unused: reserved dst port -WARNING: translation string unused: reserved src port WARNING: translation string unused: restore hardware settings WARNING: translation string unused: root WARNING: translation string unused: root path WARNING: translation string unused: root user password WARNING: translation string unused: route subnet is invalid WARNING: translation string unused: router ip -WARNING: translation string unused: rsvd dst port overlap -WARNING: translation string unused: rsvd src port overlap WARNING: translation string unused: rules already up to date WARNING: translation string unused: safe removal of umounted device WARNING: translation string unused: save error @@ -556,6 +551,7 @@ WARNING: translation string unused: use dov WARNING: translation string unused: use ibod WARNING: translation string unused: view log WARNING: translation string unused: vpn aggrmode +WARNING: translation string unused: vpn configuration main WARNING: translation string unused: vpn incompatible use of defaultroute WARNING: translation string unused: vpn mtu invalid WARNING: translation string unused: vpn on blue @@ -628,6 +624,9 @@ WARNING: untranslated string: countrycode WARNING: untranslated string: dead peer detection WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: details +WARNING: untranslated string: dh +WARNING: untranslated string: dh key warn +WARNING: untranslated string: dh name is invalid WARNING: untranslated string: dnat address WARNING: untranslated string: dns servers WARNING: untranslated string: dnsforward @@ -812,6 +811,8 @@ WARNING: untranslated string: fwhost stdnet WARNING: untranslated string: fwhost type WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome +WARNING: untranslated string: gen dh +WARNING: untranslated string: generate dh key WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support WARNING: untranslated string: integrity @@ -828,6 +829,7 @@ WARNING: untranslated string: minimum WARNING: untranslated string: minute WARNING: untranslated string: most preferred WARNING: untranslated string: no hardware random number generator +WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice WARNING: untranslated string: openvpn default WARNING: untranslated string: openvpn destination port used @@ -841,8 +843,14 @@ WARNING: untranslated string: openvpn subnet is used WARNING: untranslated string: other WARNING: untranslated string: outgoing firewall p2p allow WARNING: untranslated string: outgoing firewall p2p deny +WARNING: untranslated string: ovpn crypt options +WARNING: untranslated string: ovpn dh +WARNING: untranslated string: ovpn dh name WARNING: untranslated string: ovpn errmsg green already pushed WARNING: untranslated string: ovpn errmsg invalid ip or mask +WARNING: untranslated string: ovpn generating the root and host certificates +WARNING: untranslated string: ovpn ha +WARNING: untranslated string: ovpn hmac WARNING: untranslated string: ovpn mgmt in root range WARNING: untranslated string: ovpn mtu-disc WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 @@ -870,6 +878,7 @@ WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table WARNING: untranslated string: server restart +WARNING: untranslated string: show dh WARNING: untranslated string: snat new source ip address WARNING: untranslated string: ssh WARNING: untranslated string: static routes @@ -926,6 +935,7 @@ WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes WARNING: untranslated string: uplink +WARNING: untranslated string: upload dh key WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: visit us at diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 7085978..c62c6fb 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -380,7 +380,6 @@ WARNING: translation string unused: outgoing firewall reset WARNING: translation string unused: outgoing firewall view group WARNING: translation string unused: outgoing firewall warning WARNING: translation string unused: override mtu -WARNING: translation string unused: ovpn WARNING: translation string unused: ovpn config WARNING: translation string unused: ovpn dl WARNING: translation string unused: ovpn log @@ -431,16 +430,12 @@ WARNING: translation string unused: released WARNING: translation string unused: removable device advice WARNING: translation string unused: reportfile WARNING: translation string unused: requested data -WARNING: translation string unused: reserved dst port -WARNING: translation string unused: reserved src port WARNING: translation string unused: restore hardware settings WARNING: translation string unused: root WARNING: translation string unused: root path WARNING: translation string unused: root user password WARNING: translation string unused: route subnet is invalid WARNING: translation string unused: router ip -WARNING: translation string unused: rsvd dst port overlap -WARNING: translation string unused: rsvd src port overlap WARNING: translation string unused: rules already up to date WARNING: translation string unused: safe removal of umounted device WARNING: translation string unused: save error @@ -569,6 +564,7 @@ WARNING: translation string unused: use dov WARNING: translation string unused: use ibod WARNING: translation string unused: view log WARNING: translation string unused: vpn aggrmode +WARNING: translation string unused: vpn configuration main WARNING: translation string unused: vpn incompatible use of defaultroute WARNING: translation string unused: vpn mtu invalid WARNING: translation string unused: vpn on blue @@ -638,6 +634,9 @@ WARNING: untranslated string: countrycode WARNING: untranslated string: dead peer detection WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: details +WARNING: untranslated string: dh +WARNING: untranslated string: dh key warn +WARNING: untranslated string: dh name is invalid WARNING: untranslated string: dnat address WARNING: untranslated string: dns address deleted txt WARNING: untranslated string: dns servers @@ -823,6 +822,8 @@ WARNING: untranslated string: fwhost stdnet WARNING: untranslated string: fwhost type WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome +WARNING: untranslated string: gen dh +WARNING: untranslated string: generate dh key WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support WARNING: untranslated string: integrity @@ -839,6 +840,7 @@ WARNING: untranslated string: minimum WARNING: untranslated string: minute WARNING: untranslated string: most preferred WARNING: untranslated string: no hardware random number generator +WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice WARNING: untranslated string: ntp common settings WARNING: untranslated string: ntp sync @@ -852,6 +854,12 @@ WARNING: untranslated string: openvpn prefix openvpn subnet WARNING: untranslated string: openvpn prefix remote subnet WARNING: untranslated string: openvpn subnet is used WARNING: untranslated string: other +WARNING: untranslated string: ovpn crypt options +WARNING: untranslated string: ovpn dh +WARNING: untranslated string: ovpn dh name +WARNING: untranslated string: ovpn generating the root and host certificates +WARNING: untranslated string: ovpn ha +WARNING: untranslated string: ovpn hmac WARNING: untranslated string: ovpn mgmt in root range WARNING: untranslated string: ovpn mtu-disc WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 @@ -877,6 +885,7 @@ WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table WARNING: untranslated string: server restart +WARNING: untranslated string: show dh WARNING: untranslated string: snat new source ip address WARNING: untranslated string: snort working WARNING: untranslated string: ssh @@ -934,6 +943,7 @@ WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes WARNING: untranslated string: uplink +WARNING: untranslated string: upload dh key WARNING: untranslated string: upload new ruleset WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter file ext block diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 695bcc0..4061147 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -385,7 +385,6 @@ WARNING: translation string unused: outgoing firewall reset WARNING: translation string unused: outgoing firewall view group WARNING: translation string unused: outgoing firewall warning WARNING: translation string unused: override mtu -WARNING: translation string unused: ovpn WARNING: translation string unused: ovpn config WARNING: translation string unused: ovpn dl WARNING: translation string unused: ovpn log @@ -436,16 +435,12 @@ WARNING: translation string unused: released WARNING: translation string unused: removable device advice WARNING: translation string unused: reportfile WARNING: translation string unused: requested data -WARNING: translation string unused: reserved dst port -WARNING: translation string unused: reserved src port WARNING: translation string unused: restore hardware settings WARNING: translation string unused: root WARNING: translation string unused: root path WARNING: translation string unused: root user password WARNING: translation string unused: route subnet is invalid WARNING: translation string unused: router ip -WARNING: translation string unused: rsvd dst port overlap -WARNING: translation string unused: rsvd src port overlap WARNING: translation string unused: rules already up to date WARNING: translation string unused: safe removal of umounted device WARNING: translation string unused: save error @@ -572,6 +567,7 @@ WARNING: translation string unused: use dov WARNING: translation string unused: use ibod WARNING: translation string unused: view log WARNING: translation string unused: vpn aggrmode +WARNING: translation string unused: vpn configuration main WARNING: translation string unused: vpn incompatible use of defaultroute WARNING: translation string unused: vpn mtu invalid WARNING: translation string unused: vpn on blue @@ -604,6 +600,9 @@ WARNING: untranslated string: country codes and flags WARNING: untranslated string: countrycode WARNING: untranslated string: dead peer detection WARNING: untranslated string: details +WARNING: untranslated string: dh +WARNING: untranslated string: dh key warn +WARNING: untranslated string: dh name is invalid WARNING: untranslated string: dnat address WARNING: untranslated string: dns servers WARNING: untranslated string: dnsforward @@ -770,6 +769,8 @@ WARNING: untranslated string: fwhost stdnet WARNING: untranslated string: fwhost type WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome +WARNING: untranslated string: gen dh +WARNING: untranslated string: generate dh key WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support WARNING: untranslated string: integrity @@ -785,8 +786,15 @@ WARNING: untranslated string: maximum WARNING: untranslated string: minimum WARNING: untranslated string: most preferred WARNING: untranslated string: no hardware random number generator +WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice WARNING: untranslated string: openvpn network +WARNING: untranslated string: ovpn crypt options +WARNING: untranslated string: ovpn dh +WARNING: untranslated string: ovpn dh name +WARNING: untranslated string: ovpn generating the root and host certificates +WARNING: untranslated string: ovpn ha +WARNING: untranslated string: ovpn hmac WARNING: untranslated string: ovpn mgmt in root range WARNING: untranslated string: ovpn no connections WARNING: untranslated string: ovpn port in root range @@ -798,6 +806,7 @@ WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: show dh WARNING: untranslated string: snat new source ip address WARNING: untranslated string: ssh WARNING: untranslated string: support donation @@ -852,6 +861,7 @@ WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes WARNING: untranslated string: uplink +WARNING: untranslated string: upload dh key WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: wlan client diff --git a/doc/language_issues.pl b/doc/language_issues.pl index ab8dea7..e324684 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -369,7 +369,6 @@ WARNING: translation string unused: outgoing firewall p2p description WARNING: translation string unused: outgoing firewall reset WARNING: translation string unused: outgoing firewall warning WARNING: translation string unused: override mtu -WARNING: translation string unused: ovpn WARNING: translation string unused: ovpn config WARNING: translation string unused: ovpn dl WARNING: translation string unused: ovpn log @@ -420,16 +419,12 @@ WARNING: translation string unused: released WARNING: translation string unused: removable device advice WARNING: translation string unused: reportfile WARNING: translation string unused: requested data -WARNING: translation string unused: reserved dst port -WARNING: translation string unused: reserved src port WARNING: translation string unused: restore hardware settings WARNING: translation string unused: root WARNING: translation string unused: root path WARNING: translation string unused: root user password WARNING: translation string unused: route subnet is invalid WARNING: translation string unused: router ip -WARNING: translation string unused: rsvd dst port overlap -WARNING: translation string unused: rsvd src port overlap WARNING: translation string unused: rules already up to date WARNING: translation string unused: safe removal of umounted device WARNING: translation string unused: save error @@ -556,6 +551,7 @@ WARNING: translation string unused: use dov WARNING: translation string unused: use ibod WARNING: translation string unused: view log WARNING: translation string unused: vpn aggrmode +WARNING: translation string unused: vpn configuration main WARNING: translation string unused: vpn incompatible use of defaultroute WARNING: translation string unused: vpn mtu invalid WARNING: translation string unused: vpn on blue @@ -628,6 +624,9 @@ WARNING: untranslated string: countrycode WARNING: untranslated string: dead peer detection WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: details +WARNING: untranslated string: dh +WARNING: untranslated string: dh key warn +WARNING: untranslated string: dh name is invalid WARNING: untranslated string: dnat address WARNING: untranslated string: dns servers WARNING: untranslated string: dnsforward @@ -812,6 +811,8 @@ WARNING: untranslated string: fwhost stdnet WARNING: untranslated string: fwhost type WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome +WARNING: untranslated string: gen dh +WARNING: untranslated string: generate dh key WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support WARNING: untranslated string: integrity @@ -828,6 +829,7 @@ WARNING: untranslated string: minimum WARNING: untranslated string: minute WARNING: untranslated string: most preferred WARNING: untranslated string: no hardware random number generator +WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice WARNING: untranslated string: openvpn default WARNING: untranslated string: openvpn destination port used @@ -841,8 +843,14 @@ WARNING: untranslated string: openvpn subnet is used WARNING: untranslated string: other WARNING: untranslated string: outgoing firewall p2p allow WARNING: untranslated string: outgoing firewall p2p deny +WARNING: untranslated string: ovpn crypt options +WARNING: untranslated string: ovpn dh +WARNING: untranslated string: ovpn dh name WARNING: untranslated string: ovpn errmsg green already pushed WARNING: untranslated string: ovpn errmsg invalid ip or mask +WARNING: untranslated string: ovpn generating the root and host certificates +WARNING: untranslated string: ovpn ha +WARNING: untranslated string: ovpn hmac WARNING: untranslated string: ovpn mgmt in root range WARNING: untranslated string: ovpn mtu-disc WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 @@ -870,6 +878,7 @@ WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table WARNING: untranslated string: server restart +WARNING: untranslated string: show dh WARNING: untranslated string: snat new source ip address WARNING: untranslated string: ssh WARNING: untranslated string: static routes @@ -926,6 +935,7 @@ WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes WARNING: untranslated string: uplink +WARNING: untranslated string: upload dh key WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: visit us at diff --git a/doc/language_issues.ru b/doc/language_issues.ru index f7ee844..bf6f61f 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -374,7 +374,6 @@ WARNING: translation string unused: outgoing firewall reset WARNING: translation string unused: outgoing firewall view group WARNING: translation string unused: outgoing firewall warning WARNING: translation string unused: override mtu -WARNING: translation string unused: ovpn WARNING: translation string unused: ovpn config WARNING: translation string unused: ovpn dl WARNING: translation string unused: ovpn log @@ -425,16 +424,12 @@ WARNING: translation string unused: released WARNING: translation string unused: removable device advice WARNING: translation string unused: reportfile WARNING: translation string unused: requested data -WARNING: translation string unused: reserved dst port -WARNING: translation string unused: reserved src port WARNING: translation string unused: restore hardware settings WARNING: translation string unused: root WARNING: translation string unused: root path WARNING: translation string unused: root user password WARNING: translation string unused: route subnet is invalid WARNING: translation string unused: router ip -WARNING: translation string unused: rsvd dst port overlap -WARNING: translation string unused: rsvd src port overlap WARNING: translation string unused: rules already up to date WARNING: translation string unused: safe removal of umounted device WARNING: translation string unused: save error @@ -561,6 +556,7 @@ WARNING: translation string unused: use dov WARNING: translation string unused: use ibod WARNING: translation string unused: view log WARNING: translation string unused: vpn aggrmode +WARNING: translation string unused: vpn configuration main WARNING: translation string unused: vpn incompatible use of defaultroute WARNING: translation string unused: vpn mtu invalid WARNING: translation string unused: vpn on blue @@ -632,6 +628,9 @@ WARNING: untranslated string: countrycode WARNING: untranslated string: dead peer detection WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: details +WARNING: untranslated string: dh +WARNING: untranslated string: dh key warn +WARNING: untranslated string: dh name is invalid WARNING: untranslated string: disk access per WARNING: untranslated string: dnat address WARNING: untranslated string: dns servers @@ -807,6 +806,8 @@ WARNING: untranslated string: fwhost stdnet WARNING: untranslated string: fwhost type WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome +WARNING: untranslated string: gen dh +WARNING: untranslated string: generate dh key WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support WARNING: untranslated string: incoming traffic in bytes per second @@ -824,6 +825,7 @@ WARNING: untranslated string: minimum WARNING: untranslated string: minute WARNING: untranslated string: most preferred WARNING: untranslated string: no hardware random number generator +WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice WARNING: untranslated string: openvpn default WARNING: untranslated string: openvpn destination port used @@ -836,6 +838,12 @@ WARNING: untranslated string: openvpn prefix remote subnet WARNING: untranslated string: openvpn subnet is used WARNING: untranslated string: other WARNING: untranslated string: outgoing traffic in bytes per second +WARNING: untranslated string: ovpn crypt options +WARNING: untranslated string: ovpn dh +WARNING: untranslated string: ovpn dh name +WARNING: untranslated string: ovpn generating the root and host certificates +WARNING: untranslated string: ovpn ha +WARNING: untranslated string: ovpn hmac WARNING: untranslated string: ovpn mgmt in root range WARNING: untranslated string: ovpn mtu-disc WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 @@ -860,6 +868,7 @@ WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table WARNING: untranslated string: server restart +WARNING: untranslated string: show dh WARNING: untranslated string: snat new source ip address WARNING: untranslated string: ssh WARNING: untranslated string: static routes @@ -915,6 +924,7 @@ WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes WARNING: untranslated string: uplink +WARNING: untranslated string: upload dh key WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: visit us at diff --git a/doc/language_issues.tr b/doc/language_issues.tr index f7c9402..c897378 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -425,7 +425,6 @@ WARNING: translation string unused: outgoing firewall reset WARNING: translation string unused: outgoing firewall view group WARNING: translation string unused: outgoing firewall warning WARNING: translation string unused: override mtu -WARNING: translation string unused: ovpn WARNING: translation string unused: ovpn config WARNING: translation string unused: ovpn dl WARNING: translation string unused: ovpn log @@ -476,16 +475,12 @@ WARNING: translation string unused: released WARNING: translation string unused: removable device advice WARNING: translation string unused: reportfile WARNING: translation string unused: requested data -WARNING: translation string unused: reserved dst port -WARNING: translation string unused: reserved src port WARNING: translation string unused: restore hardware settings WARNING: translation string unused: root WARNING: translation string unused: root path WARNING: translation string unused: root user password WARNING: translation string unused: route subnet is invalid WARNING: translation string unused: router ip -WARNING: translation string unused: rsvd dst port overlap -WARNING: translation string unused: rsvd src port overlap WARNING: translation string unused: rules already up to date WARNING: translation string unused: safe removal of umounted device WARNING: translation string unused: save error @@ -622,6 +617,7 @@ WARNING: translation string unused: use dov WARNING: translation string unused: use ibod WARNING: translation string unused: view log WARNING: translation string unused: vpn aggrmode +WARNING: translation string unused: vpn configuration main WARNING: translation string unused: vpn incompatible use of defaultroute WARNING: translation string unused: vpn mtu invalid WARNING: translation string unused: vpn on blue @@ -647,17 +643,31 @@ WARNING: untranslated string: countries WARNING: untranslated string: country codes and flags WARNING: untranslated string: countrycode WARNING: untranslated string: details +WARNING: untranslated string: dh +WARNING: untranslated string: dh key warn +WARNING: untranslated string: dh name is invalid WARNING: untranslated string: drop outgoing WARNING: untranslated string: entropy graphs WARNING: untranslated string: flag WARNING: untranslated string: fwdfw warn1 WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: gen dh +WARNING: untranslated string: generate dh key WARNING: untranslated string: hardware support WARNING: untranslated string: last WARNING: untranslated string: no hardware random number generator +WARNING: untranslated string: not a valid dh key +WARNING: untranslated string: ovpn crypt options +WARNING: untranslated string: ovpn dh +WARNING: untranslated string: ovpn dh name +WARNING: untranslated string: ovpn generating the root and host certificates +WARNING: untranslated string: ovpn ha +WARNING: untranslated string: ovpn hmac WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: show dh WARNING: untranslated string: system has hwrng WARNING: untranslated string: system has rdrand +WARNING: untranslated string: upload dh key diff --git a/doc/language_missings b/doc/language_missings index 5530615..6d71db2 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -72,6 +72,9 @@ < default ip < deprecated fs warn < details +< dh +< dh key warn +< dh name is invalid < dnat address < dns address deleted txt < dnsforward @@ -81,8 +84,6 @@ < dnsforward entries < dnsforward forward_server < dnsforward zone -< dns servers -< downlink < dpd delay < dpd timeout < drop action @@ -111,7 +112,6 @@ < fireinfo why read more < fireinfo your profile id < firewall rules -< first < flag < forward firewall < fw default drop @@ -288,6 +288,8 @@ < fw settings dropdown < fw settings remark < fw settings ruletable +< gen dh +< generate dh key < grouptype < hardware support < integrity @@ -296,7 +298,6 @@ < ipsec < ipsec network < ipsec no connections -< last < least preferred < lifetime < mac filter @@ -306,7 +307,9 @@ < minimum < minute < most preferred +< never < no hardware random number generator +< not a valid dh key < notice < ntp common settings < ntp sync @@ -323,6 +326,13 @@ < openvpn subnet is used < other < our donors +< ovpn crypt options +< ovpn dh +< ovpn dh name +< ovpn engines +< ovpn generating the root and host certificates +< ovpn ha +< ovpn hmac < ovpn mgmt in root range < ovpn mtu-disc < ovpn mtu-disc and mtu not 1500 @@ -333,6 +343,7 @@ < ovpn mtu-disc yes < ovpn no connections < ovpn port in root range +< ovpn reneg sec < p2p block < p2p block save notice < proxy reports @@ -343,6 +354,7 @@ < qos enter bandwidths < red1 < server restart +< show dh < snat new source ip address < snort working < ssh @@ -406,7 +418,7 @@ < tor use exit nodes < updxlrtr sources < updxlrtr standard view -< uplink +< upload dh key < upload new ruleset < uptime < uptime load average @@ -534,6 +546,9 @@ < default ip < deprecated fs warn < details +< dh +< dh key warn +< dh name is invalid < dnat address < dnsforward < dnsforward add a new entry @@ -542,8 +557,6 @@ < dnsforward entries < dnsforward forward_server < dnsforward zone -< dns servers -< downlink < dpd delay < dpd timeout < drop action @@ -572,7 +585,6 @@ < fireinfo why read more < fireinfo your profile id < firewall rules -< first < flag < forward firewall < fw default drop @@ -749,6 +761,8 @@ < fw settings dropdown < fw settings remark < fw settings ruletable +< gen dh +< generate dh key < grouptype < hardware support < integrity @@ -757,7 +771,6 @@ < ipsec < ipsec network < ipsec no connections -< last < least preferred < lifetime < mac filter @@ -767,7 +780,9 @@ < minimum < minute < most preferred +< never < no hardware random number generator +< not a valid dh key < notice < openvpn default < openvpn destination port used @@ -796,8 +811,15 @@ < outgoing firewall p2p description 2 < outgoing firewall p2p description 3 < outgoing firewall view group +< ovpn crypt options +< ovpn dh +< ovpn dh name +< ovpn engines < ovpn errmsg green already pushed < ovpn errmsg invalid ip or mask +< ovpn generating the root and host certificates +< ovpn ha +< ovpn hmac < ovpn mgmt in root range < ovpn mtu-disc < ovpn mtu-disc and mtu not 1500 @@ -808,6 +830,7 @@ < ovpn mtu-disc yes < ovpn no connections < ovpn port in root range +< ovpn reneg sec < ovpn routes push < ovpn routes push options < p2p block @@ -821,6 +844,7 @@ < red1 < server restart < Set time on boot +< show dh < snat new source ip address < ssh < static routes @@ -883,7 +907,7 @@ < tor use exit nodes < updxlrtr sources < updxlrtr standard view -< uplink +< upload dh key < uptime < uptime load average < urlfilter redirect template @@ -987,6 +1011,9 @@ < default ip < deprecated fs warn < details +< dh +< dh key warn +< dh name is invalid < dnat address < dnsforward < dnsforward add a new entry @@ -995,8 +1022,6 @@ < dnsforward entries < dnsforward forward_server < dnsforward zone -< dns servers -< downlink < dpd delay < dpd timeout < drop action @@ -1017,7 +1042,6 @@ < extrahd unable to write < extrahd you cant mount < firewall rules -< first < flag < forward firewall < fw default drop @@ -1194,6 +1218,8 @@ < fw settings dropdown < fw settings remark < fw settings ruletable +< gen dh +< generate dh key < grouptype < hardware support < integrity @@ -1202,7 +1228,6 @@ < ipsec < ipsec network < ipsec no connections -< last < least preferred < lifetime < mac filter @@ -1212,7 +1237,9 @@ < minimum < minute < most preferred +< never < no hardware random number generator +< not a valid dh key < notice < openvpn default < openvpn destination port used @@ -1227,8 +1254,15 @@ < openvpn subnet is used < other < our donors +< ovpn crypt options +< ovpn dh +< ovpn dh name +< ovpn engines < ovpn errmsg green already pushed < ovpn errmsg invalid ip or mask +< ovpn generating the root and host certificates +< ovpn ha +< ovpn hmac < ovpn mgmt in root range < ovpn mtu-disc < ovpn mtu-disc and mtu not 1500 @@ -1239,6 +1273,7 @@ < ovpn mtu-disc yes < ovpn no connections < ovpn port in root range +< ovpn reneg sec < ovpn routes push < ovpn routes push options < p2p block @@ -1251,6 +1286,7 @@ < qos enter bandwidths < red1 < server restart +< show dh < snat new source ip address < ssh < static routes @@ -1312,7 +1348,7 @@ < tor use exit nodes < updxlrtr sources < updxlrtr standard view -< uplink +< upload dh key < uptime < uptime load average < urlfilter redirect template @@ -1418,6 +1454,9 @@ < default ip < deprecated fs warn < details +< dh +< dh key warn +< dh name is invalid < disk access per < dnat address < dnsforward @@ -1427,8 +1466,6 @@ < dnsforward entries < dnsforward forward_server < dnsforward zone -< dns servers -< downlink < dpd delay < dpd timeout < drop action @@ -1450,7 +1487,6 @@ < extrahd unable to write < extrahd you cant mount < firewall rules -< first < flag < forward firewall < frequency @@ -1628,6 +1664,8 @@ < fw settings dropdown < fw settings remark < fw settings ruletable +< gen dh +< generate dh key < grouptype < hardware support < hour-graph @@ -1638,7 +1676,6 @@ < ipsec < ipsec network < ipsec no connections -< last < least preferred < lifetime < mac filter @@ -1649,7 +1686,9 @@ < minute < month-graph < most preferred +< never < no hardware random number generator +< not a valid dh key < notice < openvpn default < openvpn destination port used @@ -1665,6 +1704,13 @@ < other < our donors < outgoing traffic in bytes per second +< ovpn crypt options +< ovpn dh +< ovpn dh name +< ovpn engines +< ovpn generating the root and host certificates +< ovpn ha +< ovpn hmac < ovpn mgmt in root range < ovpn mtu-disc < ovpn mtu-disc and mtu not 1500 @@ -1675,6 +1721,7 @@ < ovpn mtu-disc yes < ovpn no connections < ovpn port in root range +< ovpn reneg sec < p2p block < p2p block save notice < proxy reports @@ -1685,6 +1732,7 @@ < qos enter bandwidths < red1 < server restart +< show dh < snat new source ip address < ssh < static routes @@ -1746,7 +1794,7 @@ < tor use exit nodes < updxlrtr sources < updxlrtr standard view -< uplink +< upload dh key < uptime < uptime load average < urlfilter redirect template diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat b/html/cgi-bin/logs.cgi/firewalllogcountry.dat new file mode 100644 index 0000000..af14279 --- /dev/null +++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat @@ -0,0 +1,523 @@ +#!/usr/bin/perl +# +# SmoothWall CGIs +# +# This code is distributed under the terms of the GPL +# +# JC HERITIER +# page inspired from the initial firewalllog.dat +# +# Modified for IPFire by Christian Schmidt +# and Michael Tremer (www.ipfire.org) + +use strict; +use Geo::IP::PurePerl; +use Getopt::Std; + +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +use POSIX(); + +my %cgiparams=(); +my %settings=(); +my $pienumber; +my $otherspie; +my $showpie; +my $sortcolumn; +my $errormessage = ''; + +$cgiparams{'pienumber'} = 10; +$cgiparams{'otherspie'} = 1; +$cgiparams{'showpie'} = 1; +$cgiparams{'sortcolumn'} = 1; + +my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', + 'Sep', 'Oct', 'Nov', 'Dec' ); +my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, + $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, + $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, + $Lang::tr{'december'} ); + +my @now = localtime(); +my $dow = $now[6]; +my $doy = $now[7]; +my $tdoy = $now[7]; +my $year = $now[5]+1900; + +$cgiparams{'DAY'} = $now[3]; +$cgiparams{'MONTH'} = $now[4]; +$cgiparams{'ACTION'} = ''; + +&General::readhash("${General::swroot}/fwlogs/ipsettings", %settings); +if ($settings{'pienumber'} != 0) { $cgiparams{'pienumber'} = $settings{'pienumber'} }; +if ($settings{'otherspie'} != 0) { $cgiparams{'otherspie'} = $settings{'otherspie'} }; +if ($settings{'showpie'} != 0) { $cgiparams{'showpie'} = $settings{'showpie'} }; +if ($settings{'sortcolumn'} != 0) { $cgiparams{'sortcolumn'} = $settings{'sortcolumn'} }; + +&Header::getcgihash(%cgiparams); +if ($cgiparams{'pienumber'} != 0) { $settings{'pienumber'} = $cgiparams{'pienumber'} }; +if ($cgiparams{'otherspie'} != 0) { $settings{'otherspie'} = $cgiparams{'otherspie'} }; +if ($cgiparams{'showpie'} != 0) { $settings{'showpie'} = $cgiparams{'showpie'} }; +if ($cgiparams{'sortcolumn'} != 0) { $settings{'sortcolumn'} = $cgiparams{'sortcolumn'} }; + +if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) +{ + &General::writehash("${General::swroot}/fwlogs/ipsettings", %settings); +} + +my $start = -1; +if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) +{ + my @temp = split(',',$ENV{'QUERY_STRING'}); + $start = $temp[0]; + $cgiparams{'MONTH'} = $temp[1]; + $cgiparams{'DAY'} = $temp[2]; +} + +if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || + !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) +{ + $cgiparams{'DAY'} = $now[3]; + $cgiparams{'MONTH'} = $now[4]; +} +elsif($cgiparams{'ACTION'} eq '>>') +{ + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); + ## Retrieve the same time on the next day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; +} +elsif($cgiparams{'ACTION'} eq '<<') +{ + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); + ## Retrieve the same time on the previous day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; +} + +if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) +{ + my @then = (); + if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || + ( $cgiparams{'MONTH'} > $now[4] ) ) { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); + } else { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); + } + $tdoy = $then[7]; + my $lastleap=($year-1)%4; + if ($tdoy>$doy) { + if ($lastleap == 0 && $tdoy < 60) { + $doy=$tdoy+366; + } else { + $doy=$doy+365; + } + } +} + +my $datediff=0; +my $dowd=0; +my $multifile=0; +if ($tdoy ne $doy) { + $datediff=int(($doy-$tdoy)/7); + $dowd=($doy-$tdoy)%7; + if (($dow-$dowd)<1) { + $datediff=$datediff+1; + } + if (($dow-$dowd)==0) { + $multifile=1; + } +} + +my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; +my $longmonthstr = $longmonths[$cgiparams{'MONTH'}]; +my $day = $cgiparams{'DAY'}; +my $daystr=''; +if ($day <= 9) { + $daystr = " $day"; } +else { + $daystr = $day; +} + +my $skip=0; +my $filestr=''; +if ($datediff==0) { + $filestr="/var/log/messages"; +} else { + $filestr="/var/log/messages.$datediff"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; +} + +if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { + $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + # Note: This is in case the log does not exist for that date +} +my $lines = 0; +my @log=(); + +if (!$skip) +{ + while (<FILE>) + { + if (/(^${monthstr} ${daystr} ..:..:..) [\w-]+ kernel:.*(IN=.*)$/) { + $log[$lines] = $_; + $lines++; + } + } + close (FILE); +} + +$skip=0; +if ($multifile) { + $datediff=$datediff-1; + if ($datediff==0) { + $filestr="/var/log/messages"; + } else { + $filestr="/var/log/messages.$datediff"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; + } + if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { + $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + } + if (!$skip) { + while (<FILE>) { + if (/(^${monthstr} ${daystr} ..:..:..) [\w-]+ kernel:.*(IN=.*)$/) { + $log[$lines] = $_; + $lines++; + } + } + close (FILE); + } +} + +my $MODNAME="fwlogs"; + +&Header::showhttpheaders(); +&Header::openpage($Lang::tr{'firewall log'}, 1, ''); +&Header::openbigbox('100%', 'left', '', $errormessage); + + +if ($errormessage) { + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "<font class='base'>$errormessage </font>\n"; + &Header::closebox(); +} + +&Header::openbox('100%', 'left', "$Lang::tr{'settings'}"); + +print <<END +<form method='post' action='$ENV{'SCRIPT_NAME'}'> +<table width='100%'> +<tr> + <td width='10%' class='base'>$Lang::tr{'month'}: </td> + <td width='10%'> + <select name='MONTH'> +END +; +my $month; +for ($month = 0; $month < 12; $month++) +{ + print "\t<option "; + if ($month == $cgiparams{'MONTH'}) { + print "selected='selected' "; } + print "value='$month'>$longmonths[$month]</option>\n"; +} +print <<END + </select> + </td> + <td width='10%' class='base' align='right'> $Lang::tr{'day'}: </td> + <td width='40%'> + <select name='DAY'> +END +; +for ($day = 1; $day <= 31; $day++) +{ + print "\t<option "; + if ($day == $cgiparams{'DAY'}) { + print "selected='selected' "; } + print "value='$day'>$day</option>\n"; +} + +if( $cgiparams{'pienumber'} != 0){$pienumber=$cgiparams{'pienumber'};} +if( $cgiparams{'otherspie'} != 0){$otherspie=$cgiparams{'otherspie'};} +if( $cgiparams{'showpie'} != 0){$showpie=$cgiparams{'showpie'};} +if( $cgiparams{'sortcolumn'} != 0){$sortcolumn=$cgiparams{'sortcolumn'};} + +print <<END +</select> +</td> +<td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day before'}' value='<<' /></td> +<td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day after'}' value='>>' /></td> +<td width='20%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td> +</tr> +<tr> + <td colspan='3' align='left' valign="left">$Lang::tr{'Number of Countries for the pie chart'}:</td> + <td colspan='3' align='left' valign="center"><input type='text' name='pienumber' value='$pienumber' size='4'></td> + <td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td> +</tr> +</table> +</form> +END +; + +&Header::closebox(); + +&Header::openbox('100%', 'left', 'Firewall Logs'); +print "<p><b>$Lang::tr{'firewall hits'} $longmonthstr $daystr: $lines</b></p>"; + +my $linesjc = 0; +my %tabjc; +my $gi = Geo::IP::PurePerl->new(); + +if ($pienumber == -1 || $pienumber > $lines || $sortcolumn == 2) { $pienumber = $lines; }; +$lines = 0; +foreach $_ (@log) +{ + /^... (..) (..:..:..) [\w-]+ kernel:(.*)(IN=.*)$/; + my $packet = $4; + $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";} + $packet =~ /SRC=([\d.]+)/; my $srcaddr=$1; + + if($iface eq 'red0') { + if($srcaddr ne '') { + my $ccode = $gi->country_code_by_name($srcaddr); + if( $ccode eq '') { + $ccode = 'unknown'; + } + $tabjc{$ccode} = $tabjc{$ccode} + 1 ; + if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } + $linesjc++; + } + } + else { + if($iface ne '') { + $tabjc{$iface} = $tabjc{$iface} + 1 ; + if(($tabjc{$iface} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } + $linesjc++; + } + } +} + +$pienumber = $lines; + +my @keytabjc = keys %tabjc; + +my @slice; +my $go; +my $nblinejc; + +if( $cgiparams{'linejc'} eq 'all' ){ $nblinejc = $linesjc; $go=1; } +if( ($cgiparams{'linejc'} != 0) && ($cgiparams{'linejc'} ne 'all') ){ $nblinejc = $cgiparams{'linejc'}; $go=1;} +if( $go != 1){ $nblinejc = 1000; } + +my @key; +my @value; +my $indice=0; +my @tabjc2; + +if ($sortcolumn == 1) +{ + @tabjc2 = sort { $b <=> $a } values (%tabjc); +} +else +{ + @tabjc2 = sort { $a <=> $b } keys (%tabjc); +} + +my $colour=1; + +############################################## +#pie chart generation +use GD::Graph::pie; +use GD::Graph::colour; +#ips sort by hits number +my $v; + +if ($sortcolumn == 1) +{ + for ($v=0;$v<$pienumber;$v++){ + findkey($tabjc2[$v]); + } +} +else +{ + foreach $v (@tabjc2) { + $key[$indice] = $v; + $value[$indice] = $tabjc{$v}; + $indice++; + } +} + +my @ips; +my @numb; + +@ips = @key; +@numb = @value; + +my $o; + +if($cgiparams{'otherspie'} == 2 ){} +else{ + my $numothers; + for($o=0;$o<$pienumber;$o++){ + $numothers = $numothers + $numb[$o]; + } + $numothers = $linesjc - $numothers; + if ($numothers > 0) { + $ips[$pienumber]="$Lang::tr{'otherip'}"; + $numb[$pienumber] = $numothers; + } +} + +my @data = (@ips,@numb); +use GD::Graph::colour qw( :files ); + +my $color=0; +my %color = (); +my %mainsettings = (); +&General::readhash("${General::swroot}/main/settings", %mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", %color); + +if ($showpie != 2 && $pienumber <= 50 && $pienumber != 0) { + my $mygraph = GD::Graph::pie->new(500, 350); + $mygraph->set( + 'title' => '', + 'pie_height' => 50, + 'start_angle' => 89 + ) or warn $mygraph->error; + + $mygraph->set_value_font(GD::gdMediumBoldFont); + $mygraph->set( dclrs => [ "$color{'color1'}" , "$color{'color2'}" , "$color{'color3'}" , "$color{'color4'}" , "$color{'color5'}" , "$color{'color6'}" , "$color{'color7'}" , "$color{'color8'}" , "$color{'color9'}" , "$color{'color10'}" ] ); + my $myimage = $mygraph->plot(@data) or die $mygraph->error; + + my @filenames = glob("/srv/web/ipfire/html/graphs/fwlog-country*.png"); + unlink(@filenames); + my $imagerandom = rand(1000000); + my $imagename = "/srv/web/ipfire/html/graphs/fwlog-country$imagerandom.png"; + open(FILE,">$imagename"); + print FILE $myimage->png; + close(FILE); + ##################################################### + print "<div style='text-align:center;'>"; + print "<img src='/graphs/fwlog-country$imagerandom.png'>"; + print "</div>"; +} + +print <<END +<table width='100%' class='tbl'> +<tr> +<th width='10%' align='center' class='boldbase'></th> +<th width='30%' align='center' class='boldbase'><b>$Lang::tr{'country'}</b></th> +<th width='30%' align='center' class='boldbase'><b>Count</b></th> +<th width='30%' align='center' class='boldbase'><b>$Lang::tr{'percentage'}</b></th> +</tr> +END +; + +my $total=0; +my $show=0; + +my $s; +my $percent; +my $col=""; + +for($s=0;$s<$lines;$s++) +{ + $show++; + $percent = $value[$s] * 100 / $linesjc; + $percent = sprintf("%.f", $percent); + $total = $total + $value[$s]; + my $colorIndex = $color % 10; + if($colorIndex == 0) { + $colorIndex = 10; + } + $col="bgcolor='$color{"color$colorIndex"}'"; + $color++; + print "<tr>"; + + print "<td align='center' $col><form method='post' action='showrequestfromcountry.dat'><input type='hidden' name='MONTH' value='$cgiparams{'MONTH'}'> <input type='hidden' name='DAY' value='$cgiparams{'DAY'}'> <input type='hidden' name='country' value='$key[$s]'> <input type='submit' value='details'></form></td>"; + if($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq 'orange0') { + print "<td align='center' $col>$key[$s]</td>"; + } + else { + if($key[$s] ne 'unknown' ) { + my $fcode = lc($key[$s]); + print "<td align='center' $col><a href='/cgi-bin/country.cgi#$fcode'><img src='/images/flags/$fcode.png' border='0' align='absmiddle' alt='$key[$s]' title='$key[$s]'></a></td>";} + else { + print "<td align='center' $col>$key[$s]</td>"; + } + } + print "<td align='center' $col>$value[$s]</td>"; + print "<td align='center' $col>$percent</td>"; + print "</tr>"; +} + +if($cgiparams{'otherspie'} == 2 ){} +else{ + my $colorIndex = $color % 10; + if($colorIndex == 0) { + $colorIndex = 10; + } + $col="bgcolor='$color{"color$colorIndex"}'"; + print "<tr>"; + +if ( $linesjc ne "0") +{ +my $dif; +$dif = $linesjc - $total; +$percent = $dif * 100 / $linesjc; +$percent = sprintf("%.f", $percent); +print <<END +<td align='center' $col></TD> +<td align='center' $col>$Lang::tr{'other countries'}</td> +<td align='center' $col>$dif</TD> +<td align='center' $col>$percent</TD> +</tr> +END +; +} +} +print <<END +</TABLE> +END +; + +&Header::closebox(); +&Header::closebigbox(); +&Header::closepage(); + +sub findkey { + my $v; + foreach $v (@keytabjc) { + if ($tabjc{$v} eq $_[0]) { + delete $tabjc{$v}; + $key[$indice] = "$v"; + $value[$indice] = $_[0]; + $indice++; + last; + } + } +} +sub checkversion { + #Automatic Updates is disabled + return "0","0"; +} + diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat new file mode 100644 index 0000000..5283c42 --- /dev/null +++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat @@ -0,0 +1,412 @@ +#!/usr/bin/perl +# SmoothWall CGIs +# +# This code is distributed under the terms of the GPL +# +# JC HERITIER +# page inspired from the initial firewalllog.dat +# +# Modified for IPFire by Christian Schmidt (www.ipfire.org) + +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +#use strict; +use Geo::IP::PurePerl; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +use POSIX(); + +#workaround to suppress a warning when a variable is used only once +my @dummy = ( ${Header::table2colour} ); +undef (@dummy); + +my %cgiparams=(); +my %logsettings=(); +my $errormessage = ''; + +my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', + 'Sep', 'Oct', 'Nov', 'Dec' ); +my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, + $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, + $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, + $Lang::tr{'december'} ); + +my @now = localtime(); +my $dow = $now[6]; +my $doy = $now[7]; +my $tdoy = $now[7]; +my $year = $now[5]+1900; + +$cgiparams{'DAY'} = $now[3]; +$cgiparams{'MONTH'} = $now[4]; +$cgiparams{'ACTION'} = ''; + +&Header::getcgihash(%cgiparams); + +$logsettings{'LOGVIEW_REVERSE'} = 'off'; +&General::readhash("${General::swroot}/logging/settings", %logsettings); + +my $start = -1; +if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) +{ + my @temp = split(',',$ENV{'QUERY_STRING'}); + $start = $temp[0]; + $cgiparams{'MONTH'} = $temp[1]; + $cgiparams{'DAY'} = $temp[2]; + $cgiparams{country} = $temp[3]; +} + +if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || + !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) +{ + $cgiparams{'DAY'} = $now[3]; + $cgiparams{'MONTH'} = $now[4]; +} +elsif($cgiparams{'ACTION'} eq '>>') +{ + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); + ## Retrieve the same time on the next day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; +} +elsif($cgiparams{'ACTION'} eq '<<') +{ + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); + ## Retrieve the same time on the previous day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; +} + +if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) +{ + my @then = (); + if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || + ( $cgiparams{'MONTH'} > $now[4] ) ) { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); + } else { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); + } + $tdoy = $then[7]; + my $lastleap=($year-1)%4; + if ($tdoy>$doy) { + if ($lastleap == 0 && $tdoy < 60) { + $doy=$tdoy+366; + } else { + $doy=$doy+365; + } + } +} +my $datediff=0; +my $dowd=0; +my $multifile=0; +if ($tdoy ne $doy) { + $datediff=int(($doy-$tdoy)/7); + $dowd=($doy-$tdoy)%7; + if (($dow-$dowd)<1) { + $datediff=$datediff+1; + } + if (($dow-$dowd)==0) { + $multifile=1; + } +} + +my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; +my $longmonthstr = $longmonths[$cgiparams{'MONTH'}]; +my $day = $cgiparams{'DAY'}; +my $daystr=''; +if ($day <= 9) { + $daystr = " $day"; } +else { + $daystr = $day; +} + +my $skip=0; +my $filestr=''; +if ($datediff==0) { + $filestr="/var/log/messages"; +} else { + $filestr="/var/log/messages.$datediff"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; +} + +if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { + $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + # Note: This is in case the log does not exist for that date +} +my $lines = 0; +my @log=(); +my $country = $cgiparams{country}; +my $gi = Geo::IP::PurePerl->new(); + +if (!$skip) +{ + while (<FILE>) + { + if (/(^${monthstr} ${daystr} ..:..:..) [\w-]+ kernel:.*(IN=.*)$/) { + my $packet = $2; + $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";} + $packet =~ /SRC=([\d.]+)/; my $srcaddr=$1; + + if($iface eq $country) { + $log[$lines] = $_; + $lines++; + } + elsif($srcaddr ne '') { + my $ccode = $gi->country_code_by_name($srcaddr); + if($ccode eq $country){ + $log[$lines] = $_; + $lines++; + } + } + } + } + close (FILE); +} + +$skip=0; +if ($multifile) { + $datediff=$datediff-1; + if ($datediff==0) { + $filestr="/var/log/messages"; + } else { + $filestr="/var/log/messages.$datediff"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; + } + if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { + $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + } + if (!$skip) { + while (<FILE>) { + if (/(^${monthstr} ${daystr} ..:..:..) [\w-]+ kernel:.*(IN=.*)$/) { + if($_ =~ /SRC=([\d.]+)/){ + my $srcaddr=$1; + my $ccode = $gi->country_code_by_name($srcaddr); + if($ccode eq $country){ + $log[$lines] = $_; + $lines++; + } + } + } + } + close (FILE); + } +} + +&Header::showhttpheaders(); +&Header::openpage($Lang::tr{'firewall log'}, 1, ''); +&Header::openbigbox('100%', 'left', '', $errormessage); + +if ($errormessage) { + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "<font class='base'>$errormessage </font>\n"; + &Header::closebox(); +} + +&Header::openbox('100%', 'left', "$Lang::tr{'settings'}:"); + +print <<END +<form method='post' action='$ENV{'SCRIPT_NAME'}'> +<table width='100%'> +<tr> + <td width='10%' class='base'>$Lang::tr{'month'}: </td> + <td width='10%'> + <select name='MONTH'> +END +; +my $month; +for ($month = 0; $month < 12; $month++) +{ + print "\t<option "; + if ($month == $cgiparams{'MONTH'}) { + print "selected='selected' "; } + print "value='$month'>$longmonths[$month]</option>\n"; +} +print <<END + </select> + </td> + <td width='10%' class='base' align='right'> $Lang::tr{'day'}: </td> + <td width='40%'> + <select name='DAY'> +END +; +for ($day = 1; $day <= 31; $day++) +{ + print "\t<option "; + if ($day == $cgiparams{'DAY'}) { + print "selected='selected' "; } + print "value='$day'>$day</option>\n"; +} +print <<END +</select> +</td> +<td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day before'}' value='<<' /></td> +<td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day after'}' value='>>' /></td> +<td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td> +<tr><td width='15%'>$Lang::tr{'source ip country'}</td><td><input type='text' name='country' value='$cgiparams{country}'size='15'></td></tr> +</tr> +</table> +</form> +END +; + +&Header::closebox(); + +&Header::openbox('100%', 'left', $Lang::tr{'firewall log'}); +print "<p><b>$Lang::tr{'firewall hits'} $longmonthstr $daystr: $lines</b></p>"; + +if ($start == -1) { + $start = $lines - ${Header::viewsize}; } +if ($start >= $lines - ${Header::viewsize}) { $start = $lines - ${Header::viewsize}; }; +if ($start < 0) { $start = 0; } + +my $prev = $start - ${Header::viewsize}; +my $next = $start + ${Header::viewsize}; + +if ($prev < 0) { $prev = 0; } +if ($next >= $lines) { $next = -1 } +if ($start == 0) { $prev = -1; } + +if ($lines != 0) { &oldernewer(); } + +print <<END +<table width='100%'> +<tr> +<td width='10%' align='center' class='boldbase'><b>$Lang::tr{'time'}</b></td> +<td width='13%' align='center' class='boldbase'><b>$Lang::tr{'chain'}</b></td> +<td width='5%' align='center' class='boldbase'><b>$Lang::tr{'iface'}</b></td> +<td width='5%' align='center' class='boldbase'><b>$Lang::tr{'proto'}</b></td> +<td width='16%' align='center' class='boldbase'><b>$Lang::tr{'source'}</b></td> +<td width='10%' align='center' class='boldbase'><b>$Lang::tr{'src port'}</b></td> +<td width='16%' align='center' class='boldbase'><b>$Lang::tr{'destination'}</b></td> +<td width='16%' align='center' class='boldbase'><b>$Lang::tr{'dst port'}</b></td> +</tr> +END +; + +my @slice = splice(@log, $start, ${Header::viewsize}); + +if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @slice = reverse @slice; } + +$lines = 0; +foreach $_ (@slice) +{ + $a = $_; + /^... (..) (..:..:..) [\w-]+ kernel:(.*)(IN=.*)$/; + my $packet = $4; + $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";} + $packet =~ /SRC=([\d.]+)/; my $srcaddr=$1; + + if($iface eq $country || $srcaddr ne '') { + my $ccode; + if($iface ne $country) { + $ccode = $gi->country_code_by_name($srcaddr); + } + if($iface eq $country || $ccode eq $country) { + my $chain = ''; + my $in = '-'; my $out = '-'; + my $srcaddr = ''; my $dstaddr = ''; + my $protostr = ''; + my $srcport = ''; my $dstport = ''; + + $_ =~ /(^.* ..:..:..) [\w-]+ kernel:(.*)(IN=.*)$/; + my $timestamp = $1; my $chain = $2; my $packet = $3; + $timestamp =~ /(...) (..) (..:..:..)/; + my $month = $1; my $day = $2; my $time = $3; + + if ($a =~ /IN=(\w+)/) { $iface = $1; } + if ($a =~ /OUT=(\w+)/) { $out = $1; } + if ($a =~ /SRC=([\d.]+)/) { $srcaddr = $1; } + if ($a =~ /DST=([\d.]+)/) { $dstaddr = $1; } + if ($a =~ /PROTO=(\w+)/) { $protostr = $1; } + my $protostrlc = lc($protostr); + if ($a =~ /SPT=([\d.]+)/){ $srcport = $1; } + if ($a =~ /DPT=([\d.]+)/){ $dstport = $1; } + + if ($lines % 2) { + print "<tr bgcolor='${Header::table1colour}'>\n"; } + else { + print "<tr bgcolor='${Header::table2colour}'>\n"; } + print <<END + <td align='center'>$time</td> + <td align='center'>$chain</td> + <td align='center'>$iface</td> + <td align='center'>$protostr</td> + <td align='center'> + <table width='100%' cellpadding='0' cellspacing='0'><tr> + <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a></td> + </tr></table> + </td> + <td align='center'>$srcport</td> + <td align='center'> + <table width='100%' cellpadding='0' cellspacing='0'><tr> + <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td> + </tr></table> + </td> + <td align='center'>$dstport</td> + </tr> +END + ; + $lines++; + } + } +} + +print <<END +</table> +END +; + +&oldernewer(); + +&Header::closebox(); + +&Header::closebigbox(); + +&Header::closepage(); + +sub oldernewer +{ + print <<END + <table width='100%'> + <tr> +END +; + + print "<td align='center' width='50%'>"; + if ($prev != -1) { + print "<a href='/cgi-bin/logs.cgi/showrequestfromcountry.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{country}'>$Lang::tr{'older'}</a>"; } + else { + print "$Lang::tr{'older'}"; } + print "</td>\n"; + + print "<td align='center' width='50%'>"; + if ($next != -1) { + print "<a href='/cgi-bin/logs.cgi/showrequestfromcountry.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{country}'>$Lang::tr{'newer'}</a>"; } + else { + print "$Lang::tr{'newer'}"; } + print "</td>\n"; + +print <<END + </tr> + </table> +END +; +} + diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 877e09c..ceb63d4 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -19,7 +19,7 @@ # # ############################################################################### ### -# Based on IPFireCore 55 +# Based on IPFireCore 76 ### use CGI; use CGI qw/:standard/; @@ -80,6 +80,8 @@ $cgiparams{'COMPRESSION'} = 'off'; $cgiparams{'ONLY_PROPOSED'} = 'off'; $cgiparams{'ACTION'} = ''; $cgiparams{'CA_NAME'} = ''; +$cgiparams{'DH_NAME'} = 'dh1024.pem'; +$cgiparams{'DHLENGHT'} = ''; $cgiparams{'DHCP_DOMAIN'} = ''; $cgiparams{'DHCP_DNS'} = ''; $cgiparams{'DHCP_WINS'} = ''; @@ -88,6 +90,8 @@ $cgiparams{'DCOMPLZO'} = 'off'; $cgiparams{'MSSFIX'} = ''; $cgiparams{'number'} = ''; $cgiparams{'PMTU_DISCOVERY'} = ''; +$cgiparams{'DAUTH'} = ''; +$cgiparams{'DCIPHER'} = ''; $routes_push_file = "${General::swroot}/ovpn/routes_push"; unless (-e $routes_push_file) { system("touch $routes_push_file"); } unless (-e "${General::swroot}/ovpn/ccd.conf") { system("touch ${General::swroot}/ovpn/ccd.conf"); } @@ -222,6 +226,51 @@ sub checkportinc } }
+# Darren Critchley - certain ports are reserved for IPFire +# TCP 67,68,81,222,444 +# UDP 67,68 +# Params passed in -> port, rangeyn, protocol +sub disallowreserved +{ + # port 67 and 68 same for tcp and udp, don't bother putting in an array + my $msg = ""; + my @tcp_reserved = (81,222,444); + my $prt = $_[0]; # the port or range + my $ryn = $_[1]; # tells us whether or not it is a port range + my $prot = $_[2]; # protocol + my $srcdst = $_[3]; # source or destination + if ($ryn) { # disect port range + if ($srcdst eq "src") { + $msg = "$Lang::tr{'rsvd src port overlap'}"; + } else { + $msg = "$Lang::tr{'rsvd dst port overlap'}"; + } + my @tmprng = split(/:/,$prt); + unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; return; } + unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; return; } + if ($prot eq "tcp") { + foreach my $prange (@tcp_reserved) { + unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { $errormessage="$msg $prange"; return; } + } + } + } else { + if ($srcdst eq "src") { + $msg = "$Lang::tr{'reserved src port'}"; + } else { + $msg = "$Lang::tr{'reserved dst port'}"; + } + if ($prt == 67) { $errormessage="$msg 67"; return; } + if ($prt == 68) { $errormessage="$msg 68"; return; } + if ($prot eq "tcp") { + foreach my $prange (@tcp_reserved) { + if ($prange == $prt) { $errormessage="$msg $prange"; return; } + } + } + } + return; +} + + sub writeserverconf { my %sovpnsettings = (); my @temp = (); @@ -243,14 +292,14 @@ sub writeserverconf { print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n"; print CONF "client-config-dir /var/ipfire/ovpn/ccd\n"; print CONF "tls-server\n"; - print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n"; - print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n"; - print CONF "key /var/ipfire/ovpn/certs/serverkey.pem\n"; - print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n"; + print CONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; + print CONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n"; + print CONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n"; + print CONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n"; my @tempovpnsubnet = split("/",$sovpnsettings{'DOVPN_SUBNET'}); print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n"; #print CONF "push "route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}"\n"; - + # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500. # If we doesn't use one of them, we can use the configured mtu value. if ($sovpnsettings{'MSSFIX'} eq 'on') @@ -258,8 +307,8 @@ sub writeserverconf { elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } elsif (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') || - ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') || - ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) + ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') || + ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } else { print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; } @@ -294,10 +343,10 @@ sub writeserverconf { print CONF "client-to-client\n"; } if ($sovpnsettings{MSSFIX} eq 'on') { - print CONF "mssfix\n"; + print CONF "mssfix\n"; } if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') { - print CONF "fragment $sovpnsettings{'FRAGMENT'}\n"; + print CONF "fragment $sovpnsettings{'FRAGMENT'}\n"; }
# Check if a valid operating mode has been choosen and use it. @@ -313,6 +362,7 @@ sub writeserverconf { print CONF "status-version 1\n"; print CONF "status /var/log/ovpnserver.log 30\n"; print CONF "cipher $sovpnsettings{DCIPHER}\n"; + print CONF "auth $sovpnsettings{DAUTH}\n"; if ($sovpnsettings{DCOMPLZO} eq 'on') { print CONF "comp-lzo\n"; } @@ -509,7 +559,7 @@ sub getccdadresses my @iprange=(); my %ccdhash=(); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %ccdhash); - $iprange[0]=$ip1.".".$ip2.".".$ip3.".".($ip4+2); + $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2; for (my $i=1;$i<=$count;$i++) { my $tmpip=$iprange[$i-1]; my $stepper=$i*4; @@ -731,6 +781,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'}; $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'}; $vpnsettings{'PMTU_DISCOVERY'} = $cgiparams{'PMTU_DISCOVERY'}; + $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'}; my @temp=();
if ($cgiparams{'FRAGMENT'} eq '') { @@ -925,9 +976,11 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n"; print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n"; - print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n"; + print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n"; print SERVERCONF "# Cipher\n"; - print SERVERCONF "cipher AES-256-CBC\n"; + print SERVERCONF "cipher $cgiparams{'DCIPHER'}\n"; + print SERVERCONF "# HMAC algorithm\n"; + print SERVERCONF "auth $cgiparams{'DAUTH'}\n"; if ($cgiparams{'COMPLZO'} eq 'on') { print SERVERCONF "# Enable Compression\n"; print SERVERCONF "comp-lzo\r\n"; @@ -952,6 +1005,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client') { + my @ovsubnettemp = split(/./,$cgiparams{'OVPN_SUBNET'}); my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]"; my @remsubnet = split(///,$cgiparams{'REMOTE_SUBNET'}); @@ -1014,12 +1068,14 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "# Auth. Client\n"; print CLIENTCONF "tls-client\n"; print CLIENTCONF "# Cipher\n"; - print CLIENTCONF "cipher AES-256-CBC\n"; + print CLIENTCONF "cipher $cgiparams{'DCIPHER'}\n"; + print CLIENTCONF "# HMAC algorithm\n"; + print CLIENTCONF "auth $cgiparams{'DAUTH'}\n"; print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n"; if ($cgiparams{'COMPLZO'} eq 'on') { print CLIENTCONF "# Enable Compression\n"; print CLIENTCONF "comp-lzo\r\n"; - } + } print CLIENTCONF "# Debug Level\n"; print CLIENTCONF "verb 3\n"; print CLIENTCONF "# Tunnel check\n"; @@ -1058,7 +1114,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) { $errormessage = $Lang::tr{'ovpn subnet is invalid'}; - goto SETTINGS_ERROR; + goto SETTINGS_ERROR; } my @tmpovpnsubnet = split("/",$cgiparams{'DOVPN_SUBNET'});
@@ -1114,11 +1170,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg $errormessage = $Lang::tr{'invalid port'}; goto SETTINGS_ERROR; } - - if ($cgiparams{'DDEST_PORT'} <= 1023) { - $errormessage = $Lang::tr{'ovpn port in root range'}; - goto SETTINGS_ERROR; - }
$vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'}; $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'}; @@ -1144,7 +1195,7 @@ SETTINGS_ERROR: ### ### Reset all step 2 ### -}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reset'} && $cgiparams{'AREUSURE'} eq 'yes') { +}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'} && $cgiparams{'AREUSURE'} eq 'yes') { my $file = ''; &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
@@ -1154,37 +1205,64 @@ SETTINGS_ERROR: } } while ($file = glob("${General::swroot}/ovpn/ca/*")) { - unlink $file + unlink $file } while ($file = glob("${General::swroot}/ovpn/certs/*")) { - unlink $file + unlink $file } while ($file = glob("${General::swroot}/ovpn/crls/*")) { - unlink $file + unlink $file } - &cleanssldatabase(); + &cleanssldatabase(); if (open(FILE, ">${General::swroot}/ovpn/caconfig")) { print FILE ""; close FILE; } - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); - #&writeserverconf(); + if (open(FILE, ">${General::swroot}/ovpn/ccdroute")) { + print FILE ""; + close FILE; + } + if (open(FILE, ">${General::swroot}/ovpn/ccdroute2")) { + print FILE ""; + close FILE; + } + while ($file = glob("${General::swroot}/ovpn/ccd/*")) { + unlink $file + } + if (open(FILE, ">${General::swroot}/ovpn/ovpn-leases.db")) { + print FILE ""; + close FILE; + } + if (open(FILE, ">${General::swroot}/ovpn/ovpnconfig")) { + print FILE ""; + close FILE; + } + while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) { + system ("rm -rf $file") + } ### ### Reset all step 1 ### -}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reset'}) { +}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'}) { &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', ''); - &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'}); - print <<END - <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' /> - <tr><td align='center'> - <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: - $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'} - <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' /> - <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td></tr> - </form></table> + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); + &Header::openbigbox('100%', 'left', '', ''); + &Header::openbox('100%', 'left', $Lang::tr{'are you sure'}); + print <<END; + <form method='post'> + <table width='100%'> + <tr> + <td align='center'> + <input type='hidden' name='AREUSURE' value='yes' /> + <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: + $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}</td> + </tr> + <tr> + <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' /> + <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td> + </tr> + </table> + </form> END ; &Header::closebox(); @@ -1193,6 +1271,107 @@ END exit (0);
### +### Generate DH key step 2 +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'} && $cgiparams{'AREUSURE'} eq 'yes') { + # Delete if old key exists + if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") { + unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}"; + } + # Create Diffie Hellmann Parameter + system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache', + '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}"); + if ($?) { + $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; + unlink ("${General::swroot}/ovpn/ca/dh1024.pem"); + } + +### +### Generate DH key step 1 +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'}) { + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'gen dh'}:"); + print <<END; + <table width='100%'> + <tr> + <td width='15%'> </td> <td width='15%'></td> <td width='65%'></td> + </tr> + <tr> + <td class='base'>$Lang::tr{'ovpn dh'}:</td> + <td align='center'> + <form method='post'><input type='hidden' name='AREUSURE' value='yes' /> + <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' /> + <select name='DHLENGHT'> + <option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'}</option> + <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option> + <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option> + <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option> + </select> + </td> + </tr> + <tr><td colspan='4'><br></td></tr> + </table> + <table width='100%'> + <tr> + <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}:</font></b> + $Lang::tr{'dh key warn'} + </td> + </tr> + <tr> + <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td> + </form> + </tr> + </table> + +END + ; + &Header::closebox(); + print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>"; + &Header::closebigbox(); + &Header::closepage(); + exit (0); + +### +### Upload DH key +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload dh key'}) { + if ($cgiparams{'DH_NAME'} !~ /dh1024.pem/) { + $errormessage = $Lang::tr{'dh name is invalid'}; + goto UPLOADCA_ERROR; + } + if (ref ($cgiparams{'FH'}) ne 'Fh') { + $errormessage = $Lang::tr{'there was no file upload'}; + goto UPLOADCA_ERROR; + } + # Move uploaded dh key to a temporary file + (my $fh, my $filename) = tempfile( ); + if (copy ($cgiparams{'FH'}, $fh) != 1) { + $errormessage = $!; + goto UPLOADCA_ERROR; + } + my $temp = `/usr/bin/openssl dhparam -text -in $filename`; + if ($temp !~ /DH Parameters: ((1024|2048|3072|4096) bit)/) { + $errormessage = $Lang::tr{'not a valid dh key'}; + unlink ($filename); + goto UPLOADCA_ERROR; + } else { + # Delete if old key exists + if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") { + unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}"; + } + move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}"); + if ($? ne 0) { + $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; + unlink ($filename); + goto UPLOADCA_ERROR; + } + } + + +### ### Upload CA Certificate ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload ca certificate'}) { @@ -1210,7 +1389,7 @@ END
if ($cgiparams{'CA_NAME'} eq 'ca') { $errormessage = $Lang::tr{'name is invalid'}; - goto UPLOAD_CA_ERROR; + goto UPLOADCA_ERROR; }
# Check if there is no other entry with this name @@ -1268,7 +1447,7 @@ END
if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") { &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', $errormessage); &Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:"); my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`; @@ -1345,10 +1524,10 @@ END } if ($assignedcerts) { &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', $errormessage); &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'}); - print <<END + print <<END; <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' /> <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' /> <tr><td align='center'> @@ -1380,7 +1559,7 @@ END $cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) { my $output; &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', ''); if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) { &Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:"); @@ -1646,7 +1825,7 @@ END } } else { # child unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache', - '-days', '999999', '-newkey', 'rsa:2048', + '-days', '999999', '-newkey', 'rsa:4096', '-keyout', "${General::swroot}/ovpn/ca/cakey.pem", '-out', "${General::swroot}/ovpn/ca/cacert.pem", '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) { @@ -1677,7 +1856,7 @@ END } } else { # child unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache', - '-newkey', 'rsa:1024', + '-newkey', 'rsa:2048', '-keyout', "${General::swroot}/ovpn/certs/serverkey.pem", '-out', "${General::swroot}/ovpn/certs/serverreq.pem", '-extensions', 'server', @@ -1729,8 +1908,7 @@ END } # Create Diffie Hellmann Parameter system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache', - '-out', "${General::swroot}/ovpn/ca/dh1024.pem", - '1024' ); + '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}"); if ($?) { $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; unlink ("${General::swroot}/ovpn/certs/serverkey.pem"); @@ -1748,7 +1926,7 @@ END ROOTCERT_ERROR: if ($cgiparams{'ACTION'} ne '') { &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', ''); if ($errormessage) { &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); @@ -1757,7 +1935,7 @@ END &Header::closebox(); } &Header::openbox('100%', 'LEFT', "$Lang::tr{'generate root/host certificates'}:"); - print <<END + print <<END; <form method='post' enctype='multipart/form-data'> <table width='100%' border='0' cellspacing='1' cellpadding='0'> <tr><td width='30%' class='base'>$Lang::tr{'organization name'}:</td> @@ -1790,19 +1968,35 @@ END } print ">$country</option>"; } - print <<END - </select></td> - <td colspan='2'> </td></tr> + print <<END; + </select></td> + <tr><td class='base'>$Lang::tr{'ovpn dh'}:</td> + <td class='base'><select name='DHLENGHT'> + <option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'}</option> + <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option> + <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option> + <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option> + </select> + </td> + </tr> + <tr><td> </td> <td><input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' /></td> <td> </td><td> </td></tr> <tr><td class='base' colspan='4' align='left'> <img src='/blob.gif' valign='top' alt='*' /> $Lang::tr{'this field may be blank'}</td></tr> - <tr><td class='base' colspan='4' align='left'> - <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: - $Lang::tr{'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient'} - </td></tr> - <tr><td colspan='4' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr> + <tr><td colspan='4'><br><br></td></tr> + <tr><td class='base' colspan='4' align='center'> + <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}:</font></b> + $Lang::tr{'ovpn generating the root and host certificates'} + </td> + </tr> + <tr><td class='base' colspan='4' align='center'> + $Lang::tr{'dh key warn'} + </td> + </tr> + + <tr><td colspan='4'><hr></td></tr> <tr><td class='base' nowrap='nowrap'>$Lang::tr{'upload p12 file'}:</td> <td nowrap='nowrap'><input type='file' name='FH' size='32'></td> <td colspan='2'> </td></tr> @@ -1813,12 +2007,13 @@ END <td><input type='submit' name='ACTION' value='$Lang::tr{'upload p12 file'}' /></td> <td colspan='2'> </td></tr> <tr><td class='base' colspan='4' align='left'> - <img src='/blob.gif' valign='top' al='*' > $Lang::tr{'this field may be blank'}</td></tr> + <img src='/blob.gif' valign='top' al='*' > $Lang::tr{'this field may be blank'}</td> + </tr> </form></table> END ; &Header::closebox(); - + print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>"; &Header::closebigbox(); &Header::closepage(); exit(0) @@ -1951,12 +2146,14 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ print CLIENTCONF "# Auth. Client\n"; print CLIENTCONF "tls-client\n"; print CLIENTCONF "# Cipher\n"; - print CLIENTCONF "cipher AES-256-CBC\n"; + print CLIENTCONF "cipher $confighash{$cgiparams{'KEY'}}[40]\n"; + print CLIENTCONF "# HMAC algorithm\n"; + print CLIENTCONF "auth $confighash{$cgiparams{'KEY'}}[39]\n"; if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") { print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n"; $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n"; } - if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') { + if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') { print CLIENTCONF "# Enable Compression\n"; print CLIENTCONF "comp-lzo\r\n"; } @@ -2051,6 +2248,7 @@ else $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n"; } print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n"; + print CLIENTCONF "auth $vpnsettings{DAUTH}\r\n"; if ($vpnsettings{DCOMPLZO} eq 'on') { print CLIENTCONF "comp-lzo\r\n"; } @@ -2180,7 +2378,7 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") { &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', ''); &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:"); my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`; @@ -2192,6 +2390,29 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { &Header::closepage(); exit(0); } + +### +### Display Diffie-Hellman key +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show dh'}) { + + if (! -e "${General::swroot}/ovpn/ca/dh1024.pem") { + $errormessage = $Lang::tr{'not present'}; + } else { + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:"); + my $output = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`; + $output = &Header::cleanhtml($output,"y"); + print "<pre>$output</pre>\n"; + &Header::closebox(); + print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>"; + &Header::closebigbox(); + &Header::closepage(); + exit(0); + } + ### ### Display Certificate Revoke List ### @@ -2200,7 +2421,7 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
if ( -f "${General::swroot}/ovpn/crls/cacrl.pem") { &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', ''); &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:"); my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`; @@ -2231,19 +2452,22 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { # } ADV_ERROR: if ($cgiparams{'MAX_CLIENTS'} eq '') { - $cgiparams{'MAX_CLIENTS'} = '100'; + $cgiparams{'MAX_CLIENTS'} = '100'; } if ($cgiparams{'KEEPALIVE_1'} eq '') { - $cgiparams{'KEEPALIVE_1'} = '10'; + $cgiparams{'KEEPALIVE_1'} = '10'; } if ($cgiparams{'KEEPALIVE_2'} eq '') { - $cgiparams{'KEEPALIVE_2'} = '60'; + $cgiparams{'KEEPALIVE_2'} = '60'; } if ($cgiparams{'LOG_VERB'} eq '') { - $cgiparams{'LOG_VERB'} = '3'; + $cgiparams{'LOG_VERB'} = '3'; } if ($cgiparams{'PMTU_DISCOVERY'} eq '') { - $cgiparams{'PMTU_DISCOVERY'} = 'off'; + $cgiparams{'PMTU_DISCOVERY'} = 'off'; + } + if ($cgiparams{'DAUTH'} eq '') { + $cgiparams{'DAUTH'} = 'SHA1'; } $checked{'CLIENT2CLIENT'}{'off'} = ''; $checked{'CLIENT2CLIENT'}{'on'} = ''; @@ -2251,7 +2475,6 @@ ADV_ERROR: $checked{'REDIRECT_GW_DEF1'}{'off'} = ''; $checked{'REDIRECT_GW_DEF1'}{'on'} = ''; $checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED'; - $selected{'ENGINES'}{$cgiparams{'ENGINES'}} = 'SELECTED'; $checked{'MSSFIX'}{'off'} = ''; $checked{'MSSFIX'}{'on'} = ''; $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED'; @@ -2269,7 +2492,14 @@ ADV_ERROR: $selected{'LOG_VERB'}{'11'} = ''; $selected{'LOG_VERB'}{'0'} = ''; $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED'; - + $selected{'DAUTH'}{'whirlpool'} = ''; + $selected{'DAUTH'}{'SHA512'} = ''; + $selected{'DAUTH'}{'SHA384'} = ''; + $selected{'DAUTH'}{'SHA256'} = ''; + $selected{'DAUTH'}{'ecdsa-with-SHA1'} = ''; + $selected{'DAUTH'}{'SHA1'} = ''; + $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED'; + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'status ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', $errormessage); @@ -2280,34 +2510,34 @@ ADV_ERROR: &Header::closebox(); } &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'}); - print <<END + print <<END; <form method='post' enctype='multipart/form-data'> - <table width='100%' border='0'> - <tr> - <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td> +<table width='100%' border=0> + <tr> + <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td> </tr> <tr> - <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td> + <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td> </tr> <tr> - <td class='base'>Domain</td> + <td class='base'>Domain</td> <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td> </tr> <tr> - <td class='base'>DNS</td> - <td><input type='TEXT' name='DHCP_DNS' value='$cgiparams{'DHCP_DNS'}' size='30' /></td> + <td class='base'>DNS</td> + <td><input type='TEXT' name='DHCP_DNS' value='$cgiparams{'DHCP_DNS'}' size='30' /></td> </tr> <tr> - <td class='base'>WINS</td> - <td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td> - </tr> + <td class='base'>WINS</td> + <td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td> + </tr> <tr> - <td colspan='4'><b>$Lang::tr{'ovpn routes push options'}</b></td> + <td colspan='4'><b>$Lang::tr{'ovpn routes push options'}</b></td> </tr> <tr> - <td class='base'>$Lang::tr{'ovpn routes push'}</td> - <td colspan='2'> - <textarea name='ROUTES_PUSH' cols='26' rows='6' wrap='off'> + <td class='base'>$Lang::tr{'ovpn routes push'}</td> + <td colspan='2'> + <textarea name='ROUTES_PUSH' cols='26' rows='6' wrap='off'> END ;
@@ -2322,42 +2552,39 @@ print <<END; </tr> </table> <hr size='1'> - <table width='100%'> +<table width='100%'> <tr> - <td class'base'><b>$Lang::tr{'misc-options'}</b></td> + <td class'base'><b>$Lang::tr{'misc-options'}</b></td> </tr> <tr> - <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td> + <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td> </tr> <tr> - <td class='base'>Client-To-Client</td> - <td><input type='checkbox' name='CLIENT2CLIENT' $checked{'CLIENT2CLIENT'}{'on'} /></td> + <td class='base'>Client-To-Client</td> + <td><input type='checkbox' name='CLIENT2CLIENT' $checked{'CLIENT2CLIENT'}{'on'} /></td> </tr> <tr> - <td class='base'>Redirect-Gateway def1</td> - <td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td> + <td class='base'>Redirect-Gateway def1</td> + <td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td> </tr> <tr> <td class='base'>Max-Clients</td> <td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='10' /></td> </tr> - <tr> + <tr> <td class='base'>Keepalive <br /> (ping/ping-restart)</td> <td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='10' /></td> <td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='10' /></td> </tr> - <tr> + <tr> <td class='base'>fragment <br></td> <td><input type='TEXT' name='FRAGMENT' value='$cgiparams{'FRAGMENT'}' size='10' /></td> - <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td> - </tr> - <tr> + </tr> + <tr> <td class='base'>mssfix</td> <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td> - <td>$Lang::tr{'openvpn default'}: on</td> - </tr> - + </tr> <tr> <td class='base'>$Lang::tr{'ovpn mtu-disc'}</td> <td><input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}</td> @@ -2367,46 +2594,55 @@ print <<END; </tr> </table>
-<!-- <hr size='1'> - <table width='100%'> +<table width='100%'> <tr> - <td class'base'><b>Crypto-Engines</b></td> + <td class'base'><b>$Lang::tr{'log-options'}</b></td> </tr> <tr> - <td width='15%'></td> <td width='30%'> </td><td width='25%'> </td><td width='30%'></td> - </tr> - <tr><td class='base'>Engines:</td> - <td><select name='ENGINES'><option value="none" $selected{'ENGINES'}{'none'}>none</option> - <option value="cryptodev" $selected{'ENGINES'}{'cryptodev'}>cryptodev</option> - <option value="padlock" $selected{'ENGINES'}{'padlock'}>padlock</option> + <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td> + </tr> + + <tr><td class='base'>VERB</td> + <td><select name='LOG_VERB'> + <option value='0' $selected{'LOG_VERB'}{'0'}>0</option> + <option value='1' $selected{'LOG_VERB'}{'1'}>1</option> + <option value='2' $selected{'LOG_VERB'}{'2'}>2</option> + <option value='3' $selected{'LOG_VERB'}{'3'}>3</option> + <option value='4' $selected{'LOG_VERB'}{'4'}>4</option> + <option value='5' $selected{'LOG_VERB'}{'5'}>5</option> + <option value='6' $selected{'LOG_VERB'}{'6'}>6</option> + <option value='7' $selected{'LOG_VERB'}{'7'}>7</option> + <option value='8' $selected{'LOG_VERB'}{'8'}>8</option> + <option value='9' $selected{'LOG_VERB'}{'9'}>9</option> + <option value='10' $selected{'LOG_VERB'}{'10'}>10</option> + <option value='11' $selected{'LOG_VERB'}{'11'}>11</option> </select> - </td> + </td> + </tr> </table> ---> + <hr size='1'> - <table width='100%'> - <tr> - <td class'base'><b>$Lang::tr{'log-options'}</b></td> - </tr> +<table width='100%'> <tr> - <td width='15%'></td> <td width='30%'> </td><td width='25%'> </td><td width='30%'></td> + <td class'base'><b>$Lang::tr{'ovpn crypt options'}</b></td> + </tr> + <tr> + <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td> </tr> - - <tr><td class='base'>VERB</td> - <td><select name='LOG_VERB'><option value='1' $selected{'LOG_VERB'}{'1'}>1</option> - <option value='2' $selected{'LOG_VERB'}{'2'}>2</option> - <option value='3' $selected{'LOG_VERB'}{'3'}>3</option> - <option value='4' $selected{'LOG_VERB'}{'4'}>4</option> - <option value='5' $selected{'LOG_VERB'}{'5'}>5</option> - <option value='6' $selected{'LOG_VERB'}{'6'}>6</option> - <option value='7' $selected{'LOG_VERB'}{'7'}>7</option> - <option value='8' $selected{'LOG_VERB'}{'8'}>8</option> - <option value='9' $selected{'LOG_VERB'}{'9'}>9</option> - <option value='10' $selected{'LOG_VERB'}{'10'}>10</option> - <option value='11' $selected{'LOG_VERB'}{'11'}>11</option> - <option value='0' $selected{'LOG_VERB'}{'0'}>0</option></select></td> + <tr><td class='base'>$Lang::tr{'ovpn ha'}</td> + <td><select name='DAUTH'> + <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option> + <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option> + <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option> + <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option> + <option value='ecdsa-with-SHA1' $selected{'DAUTH'}{'ecdsa-with-SHA1'}>ECDSA-SHA1 (160 $Lang::tr{'bit'})</option> + <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'})</option> + </select> + </td> + <td>Default: <span class="base">SHA1 (160 $Lang::tr{'bit'})</span></td> </table><hr> + END
if ( -e "/var/run/openvpn.pid"){ @@ -2484,11 +2720,11 @@ if ($cgiparams{'ACTION'} eq "edit"){ &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'});
- print <<END - <table width='100%' border='0'> + print <<END; + <table width='100%' border=0> <tr><form method='post'> <td width='10%' nowrap='nowrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td> - <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' readonly='readonly' /></td></tr> + <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' readonly /></td></tr> <tr><td colspan='4' align='right'><hr><input type='submit' value='$Lang::tr{'save'}' /><input type='hidden' name='ACTION' value='editsave'/> <input type='hidden' name='ccdname' value='$cgiparams{'ccdname'}'/><input type='submit' value='$Lang::tr{'cancel'}' /> </td></tr> @@ -2498,7 +2734,7 @@ END &Header::closebox();
&Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} ); - print <<END + print <<END; <table width='100%' border='0' cellpadding='0' cellspacing='1'> <tr> <td class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd used'}</td><td width='3%'></td><td width='3%'></td></tr> @@ -2528,7 +2764,7 @@ END print "$Lang::tr{'ccd noaddnet'}<br><hr>"; } - print <<END + print <<END; <table width='100%' cellpadding='0' cellspacing='1'> <tr> <td class='boldbase' align='center' nowrap='nowrap' width='20%'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center' width='8%'><b>$Lang::tr{'network'}</td><td class='boldbase' width='8%' align='center' nowrap='nowrap'><b>$Lang::tr{'ccd used'}</td><td width='1%' align='center'></td><td width='1%' align='center'></td></tr> @@ -2546,9 +2782,9 @@ END if ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";} else{ print" <tr bgcolor='$color{'color20'}'>";} print"<td>$ccdconf[0]</td><td align='center'>$ccdconf[1]</td><td align='center'>$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1)."</td><td>"; -print <<END + print <<END; <form method='post' /> - <input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' /> + <input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} /> <input type='hidden' name='ACTION' value='edit'/> <input type='hidden' name='ccdname' value='$ccdconf[0]' /> <input type='hidden' name='ccdsubnet' value='$ccdconf[1]' /> @@ -2557,7 +2793,7 @@ print <<END <td><input type='hidden' name='ACTION' value='kill'/> <input type='hidden' name='number' value='$count' /> <input type='hidden' name='net' value='$ccdconf[0]' /> - <input type='image' src='/images/delete.gif' align='middle' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' /></form></td></tr> + <input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'remove'} title=$Lang::tr{'remove'} /></form></td></tr> END ; } @@ -2582,7 +2818,7 @@ END # # <td><b>$Lang::tr{'protocol'}</b></td> # protocol temp removed - print <<END + print <<END; <table width='100%' cellpadding='2' cellspacing='0' class='tbl'> <tr> <th><b>$Lang::tr{'common name'}</b></th> @@ -2661,7 +2897,7 @@ END } print "</table>"; - print <<END + print <<END; <table width='100%' border='0' cellpadding='2' cellspacing='0'> <tr><td></td></tr> <tr><td></td></tr> @@ -2770,13 +3006,13 @@ END } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') { &General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', ''); &Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'});
if ( -s "${General::swroot}/ovpn/settings") {
- print <<END + print <<END; <b>$Lang::tr{'connection type'}:</b><br /> <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data"> <tr><td><input type='radio' name='TYPE' value='host' checked /></td> @@ -2787,7 +3023,7 @@ if ( -s "${General::swroot}/ovpn/settings") { <td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr> <tr><td> </td><td class='base'><input type='file' name='FH' size='30'></td></tr> <tr><td> </td><td>Import Connection Name <img src='/blob.gif' /></td></tr> - <tr><td> </td><td class='base'><input type='text' name='n2nname' size='30'>$Lang::tr{'openvpn default'}: Client Packagename</td></tr> + <tr><td> </td><td class='base'><input type='text' name='n2nname' size='30'>Default : Client Packagename</td></tr> <tr><td colspan='3'><hr /></td></tr> <tr><td align='right' colspan='3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr> <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' /> $Lang::tr{'this field may be blank'}</td></tr> @@ -2797,7 +3033,7 @@ END
} else { - print <<END + print <<END; <b>$Lang::tr{'connection type'}:</b><br /> <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data"> <tr><td><input type='radio' name='TYPE' value='host' checked /></td> <td class='base'>$Lang::tr{'host to net vpn'}</td></tr> @@ -2809,6 +3045,7 @@ END }
&Header::closebox(); + print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>"; &Header::closebigbox(); &Header::closepage(); exit (0); @@ -2943,8 +3180,9 @@ END my $complzoactive; my $mssfixactive; +my $authactive; my $n2nfragment; -my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]);; +my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]); my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]); my @n2nproto = split(/-/, $n2nproto2[1]); my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]); @@ -2961,6 +3199,8 @@ my @n2novpnsub = split(/./,$n2novpnsuball[1]); my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]); my @n2nmgmt = split(/ /, (grep { /^management/ } @firen2nconf)[0]); my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]); +my @n2ncipher = split(/ /, (grep { /^cipher/ } @firen2nconf)[0]); +my @n2nauth = split(/ /, (grep { /^auth/ } @firen2nconf)[0]);
### @@ -2980,6 +3220,8 @@ $n2nlocalsub[2] =~ s/\n|\r//g; $n2nfragment[1] =~ s/\n|\r//g; $n2nmgmt[2] =~ s/\n|\r//g; $n2nmtudisc[1] =~ s/\n|\r//g; +$n2ncipher[1] =~ s/\n|\r//g; +$n2nauth[1] =~ s/\n|\r//g; chomp ($complzoactive); chomp ($mssfixactive);
@@ -3016,7 +3258,7 @@ foreach my $dkey (keys %confighash) { }
### -# Check im Dest Port is vaild +# Check if Dest Port is vaild ###
foreach my $dkey (keys %confighash) { @@ -3033,7 +3275,7 @@ foreach my $dkey (keys %confighash) { $key = &General::findhasharraykey (%confighash);
- foreach my $i (0 .. 39) { $confighash{$key}[$i] = "";} + foreach my $i (0 .. 41) { $confighash{$key}[$i] = "";}
$confighash{$key}[0] = 'off'; $confighash{$key}[1] = $n2nname[0]; @@ -3055,7 +3297,8 @@ foreach my $dkey (keys %confighash) { $confighash{$key}[30] = $complzoactive; $confighash{$key}[31] = $n2ntunmtu[1]; $confighash{$key}[38] = $n2nmtudisc[1]; - + $confighash{$key}[39] = $n2nauth[1]; + $confighash{$key}[40] = $n2ncipher[1];
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
@@ -3075,7 +3318,7 @@ foreach my $dkey (keys %confighash) { &Header::openbox('100%', 'LEFT', 'import ipfire net2net config'); } if ($errormessage eq ''){ - print <<END + print <<END; <!-- ipfire net2net config gui --> <table width='100%'> <tr><td width='25%'> </td><td width='25%'> </td></tr> @@ -3084,16 +3327,18 @@ foreach my $dkey (keys %confighash) { <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td><td><b>$confighash{$key}[6]</b></td></tr> <tr><td class='boldbase' nowrap='nowrap'>Remote Host </td><td><b>$confighash{$key}[10]</b></td></tr> <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td><td><b>$confighash{$key}[8]</b></td></tr> - <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td><td><b>$confighash{$key}[11]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}:</td><td><b>$confighash{$key}[11]</b></td></tr> <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td><td><b>$confighash{$key}[27]</b></td></tr> <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td><td><b>$confighash{$key}[28]</b></td></tr> <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'destination port'}:</td><td><b>$confighash{$key}[29]</b></td></tr> <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td><td><b>$confighash{$key}[30]</b></td></tr> - <tr><td class='boldbase' nowrap='nowrap'>MSSFIX </td><td><b>$confighash{$key}[23]</b></td></tr> - <tr><td class='boldbase' nowrap='nowrap'>Fragment </td><td><b>$confighash{$key}[24]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>MSSFIX:</td><td><b>$confighash{$key}[23]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>Fragment:</td><td><b>$confighash{$key}[24]</b></td></tr> <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr> - <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td><td><b>$confighash{$key}[38]</b></td></tr> - <tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}:</td><td><b>$confighash{$key}[38]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>Management Port:</td><td><b>$confighash{$key}[22]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn hmac'}:</td><td><b>$confighash{$key}[39]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td><td><b>$confighash{$key}[40]</b></td></tr> <tr><td> </td><td> </td></tr> </table> END @@ -3111,7 +3356,7 @@ END } &Header::closebigbox(); &Header::closepage(); - exit(0); + exit(0);
## @@ -3164,33 +3409,35 @@ if ($confighash{$cgiparams{'KEY'}}) { $errormessage = $Lang::tr{'invalid key'}; goto VPNCONF_END; } - $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; - $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; - $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; - $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; - $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; - $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; - $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8]; - $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; + $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; + $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; + $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; + $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; + $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; + $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; + $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8]; + $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; - $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22]; - $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23]; - $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24]; - $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; - $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; - $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27]; - $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28]; - $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29]; - $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30]; - $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31]; - $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32]; + $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22]; + $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23]; + $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24]; + $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; + $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; + $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27]; + $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28]; + $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29]; + $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30]; + $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31]; + $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32]; $name=$cgiparams{'CHECK1'} ; - $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33]; - $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34]; - $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35]; - $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36]; - $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37]; + $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33]; + $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34]; + $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35]; + $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36]; + $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37]; $cgiparams{'PMTU_DISCOVERY'} = $confighash{$cgiparams{'KEY'}}[38]; + $cgiparams{'DAUTH'} = $confighash{$cgiparams{'KEY'}}[39]; + $cgiparams{'DCIPHER'} = $confighash{$cgiparams{'KEY'}}[40]; } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); @@ -3500,7 +3747,7 @@ if ($cgiparams{'TYPE'} eq 'net') { goto VPNCONF_ERROR; }
- if ($cgiparams{'OVPN_MGMT'} eq '') { + if ($cgiparams{'OVPN_MGMT'} eq '') { $cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'}; } @@ -3727,6 +3974,8 @@ if ($cgiparams{'TYPE'} eq 'net') { } if ($cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,.-_]+$/) { $errormessage = $Lang::tr{'invalid input for name'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; goto VPNCONF_ERROR; } if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) { @@ -3799,7 +4048,7 @@ if ($cgiparams{'TYPE'} eq 'net') { } } else { # child unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache', - '-newkey', 'rsa:1024', + '-newkey', 'rsa:2048', '-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem", '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem", '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) { @@ -3868,7 +4117,7 @@ if ($cgiparams{'TYPE'} eq 'net') { if (! $key) { $key = &General::findhasharraykey (%confighash); - foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";} + foreach my $i (0 .. 41) { $confighash{$key}[$i] = "";} } $confighash{$key}[0] = $cgiparams{'ENABLED'}; $confighash{$key}[1] = $cgiparams{'NAME'}; @@ -3887,13 +4136,13 @@ if ($cgiparams{'TYPE'} eq 'net') { $confighash{$key}[6] = $cgiparams{'SIDE'}; $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; } - $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; + $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; $confighash{$key}[10] = $cgiparams{'REMOTE'}; - if ($cgiparams{'OVPN_MGMT'} eq '') { + if ($cgiparams{'OVPN_MGMT'} eq '') { $confighash{$key}[22] = $confighash{$key}[29]; - } else { + } else { $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'}; - } + } $confighash{$key}[23] = $cgiparams{'MSSFIX'}; $confighash{$key}[24] = $cgiparams{'FRAGMENT'}; $confighash{$key}[25] = $cgiparams{'REMARK'}; @@ -3911,8 +4160,9 @@ if ($cgiparams{'TYPE'} eq 'net') { $confighash{$key}[35] = $cgiparams{'CCD_DNS1'}; $confighash{$key}[36] = $cgiparams{'CCD_DNS2'}; $confighash{$key}[37] = $cgiparams{'CCD_WINS'}; - $confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'}; - + $confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'}; + $confighash{$key}[39] = $cgiparams{'DAUTH'}; + $confighash{$key}[40] = $cgiparams{'DCIPHER'};
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); @@ -4022,11 +4272,12 @@ if ($cgiparams{'TYPE'} eq 'net') { ### $cgiparams{'MSSFIX'} = 'on'; $cgiparams{'FRAGMENT'} = '1300'; - $cgiparams{'PMTU_DISCOVERY'} = 'off'; + $cgiparams{'PMTU_DISCOVERY'} = 'off'; + $cgiparams{'DAUTH'} = 'SHA1'; ### # m.a.d n2n end ### - $cgiparams{'SIDE'} = 'left'; + $cgiparams{'SIDE'} = 'left'; if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cgiparams{'AUTH'} = 'psk'; } elsif ( ! -f "${General::swroot}/ovpn/ca/cacert.pem") { @@ -4087,10 +4338,35 @@ if ($cgiparams{'TYPE'} eq 'net') { } $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked='checked'';
+ $selected{'DAUTH'}{'whirlpool'} = ''; + $selected{'DAUTH'}{'SHA512'} = ''; + $selected{'DAUTH'}{'SHA384'} = ''; + $selected{'DAUTH'}{'SHA256'} = ''; + $selected{'DAUTH'}{'ecdsa-with-SHA1'} = ''; + $selected{'DAUTH'}{'SHA1'} = ''; + $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED'; + + $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; + $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; + $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = ''; + $selected{'DCIPHER'}{'AES-256-CBC'} = ''; + $selected{'DCIPHER'}{'AES-192-CBC'} = ''; + $selected{'DCIPHER'}{'AES-128-CBC'} = ''; + $selected{'DCIPHER'}{'DESX-CBC'} = ''; + $selected{'DCIPHER'}{'SEED-CBC'} = ''; + $selected{'DCIPHER'}{'DES-EDE3-CBC'} = ''; + $selected{'DCIPHER'}{'DES-EDE-CBC'} = ''; + $selected{'DCIPHER'}{'CAST5-CBC'} = ''; + $selected{'DCIPHER'}{'BF-CBC'} = ''; + $selected{'DCIPHER'}{'RC2-CBC'} = ''; + $selected{'DCIPHER'}{'DES-CBC'} = ''; + $selected{'DCIPHER'}{'RC2-64-CBC'} = ''; + $selected{'DCIPHER'}{'RC2-40-CBC'} = ''; + $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
if (1) { &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', $errormessage); if ($errormessage) { &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); @@ -4116,28 +4392,25 @@ if ($cgiparams{'TYPE'} eq 'net') {
&Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:"); print "<table width='100%' border='0'>\n"; - - - + print "<tr><td width='14%' class='boldbase'>$Lang::tr{'name'}: </td>"; if ($cgiparams{'TYPE'} eq 'host') { if ($cgiparams{'KEY'}) { print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>"; } else { - print "<td width='35%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' size='30' /></td>"; } # print "<tr><td>$Lang::tr{'interface'}</td>"; # print "<td><select name='INTERFACE'>"; # print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED</option>"; -# if ($netsettings{'BLUE_DEV'} ne '') { -# print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE</option>"; -# } -# print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN</option>"; -# print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>"; -# print "</select></td></tr>"; -# print <<END +# if ($netsettings{'BLUE_DEV'} ne '') { +# print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE</option>"; +# } +# print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN</option>"; +# print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>"; +# print "</select></td></tr>"; +# print <<END; } else { print "<input type='hidden' name='INTERFACE' value='red' />"; if ($cgiparams{'KEY'}) { @@ -4145,58 +4418,95 @@ if ($cgiparams{'TYPE'} eq 'net') { } else { print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>"; } - - - - print <<END + + print <<END; <td width='25%'> </td> <td width='25%'> </td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td> <td><select name='SIDE'><option value='server' $selected{'SIDE'}{'server'}>$Lang::tr{'openvpn server'}</option> <option value='client' $selected{'SIDE'}{'client'}>$Lang::tr{'openvpn client'}</option></select></td> + <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td> <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td> <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td> + <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td> <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td> - <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td></tr> - <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td> - - <td><select name='PROTOCOL'><option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option> - <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td> - - <td class='boldbase'>$Lang::tr{'destination port'}:</td> - <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td></tr> - <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'} <img src='/blob.gif'</td> - <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td> - - <tr><td class='boldbase' nowrap='nowrap'>mssfix <img src='/blob.gif' /></td> - <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td> - <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td> - - <tr><td class='boldbase' nowrap='nowrap'>fragment <img src='/blob.gif' /></td> - <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td> - <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td> - - <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'} <img src='/blob.gif' /></td> - <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td> - <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td> - - <tr><td class='boldbase' nowrap='nowrap'>Management Port <img src='/blob.gif' /></td> - <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td> - <td colspan='2'>$Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}</span></td> + <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td>
- <tr> - <td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td> - <td colspan='3'> - <input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'} - <input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'} - <input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'} - <input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'} - </td> - </tr> + <td class='boldbase'>$Lang::tr{'destination port'}:</td> + <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td> + + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td> + <td><select name='PROTOCOL'><option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option> + <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td> + + <td class='boldbase' nowrap='nowrap'>Management Port ($Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}): <img src='/blob.gif' /></td> + <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td> + </tr> + + <tr><td class='boldbase'>$Lang::tr{'cipher'}</td> + <td><select name='DCIPHER'> + <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> + <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (196 $Lang::tr{'bit'})</option> + <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option> + <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option> + <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option> + <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option> + <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'})</option> + <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'})</option> + <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option> + <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'})</option> + <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'})</option> + <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'})</option> + <option value='RC2-CBC' $selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC (128 $Lang::tr{'bit'})</option> + <option value='DES-CBC' $selected{'DCIPHER'}{'DES-CBC'}>DES-CBC (64 $Lang::tr{'bit'} not recommended)</option> + <option value='RC2-64-CBC' $selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-CBC (64 $Lang::tr{'bit'} not recommended)</option> + <option value='RC2-40-CBC' $selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-CBC (40 $Lang::tr{'bit'} not recommended)</option> + </select> + </td> + + <td class='boldbase'>$Lang::tr{'ovpn ha'}:</td> + <td><select name='DAUTH'> + <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option> + <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option> + <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option> + <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option> + <option value='ecdsa-with-SHA1' $selected{'DAUTH'}{'ecdsa-with-SHA1'}>ECDSA-SHA1 (160 $Lang::tr{'bit'})</option> + <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'} Default)</option> + </select> + </td> + </tr> + + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'} <img src='/blob.gif' /></td> + <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td> + <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td> + + <tr><td class='boldbase' nowrap='nowrap'>fragment: <img src='/blob.gif' /></td> + <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td> + <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td> + + <tr><td class='boldbase' nowrap='nowrap'>mssfix: <img src='/blob.gif' /></td> + <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td> + <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td> + + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'} <img src='/blob.gif'</td> + <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td> + </tr> + + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}:</td> + <td colspan='3'> + <input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'} + <input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'} + <input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'} + <input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'} + </td> + </tr>
END ; @@ -4260,7 +4570,7 @@ if ($cgiparams{'TYPE'} eq 'host') {
if ($cgiparams{'TYPE'} eq 'host') {
-print <<END + print <<END; <table width='100%' cellpadding='0' cellspacing='5' border='0'> <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td><td class='base'>$Lang::tr{'upload a certificate request'}</td><td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr> @@ -4285,7 +4595,7 @@ END
} else {
-print <<END + print <<END; <table width='100%' cellpadding='0' cellspacing='5' border='0'>
<tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td> </td></tr> @@ -4319,7 +4629,7 @@ END ###
if ($cgiparams{'TYPE'} eq 'host') { - print <<END + print <<END; </select></td></tr>
<td> </td><td class='base'>$Lang::tr{'valid till'} (days):</td> @@ -4327,7 +4637,7 @@ if ($cgiparams{'TYPE'} eq 'host') { <tr><td> </td> <td class='base'>$Lang::tr{'pkcs12 file password'}:</td> <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr> - <tr><td> </td><td class='base'>$Lang::tr{'pkcs12 file password'}:<br>($Lang::tr{'confirmation'})</td> + <tr><td> </td><td class='base'>$Lang::tr{'pkcs12 file password'}:<BR>($Lang::tr{'confirmation'})</td> <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr> <tr><td colspan='3'> </td></tr> <tr><td colspan='3'><hr /></td></tr> @@ -4335,7 +4645,7 @@ if ($cgiparams{'TYPE'} eq 'host') { </table> END }else{ - print <<END + print <<END; </select></td></tr> <tr><td> </td><td> </td><td> </td></tr> <tr><td> </td><td> </td><td> </td></tr> @@ -4511,18 +4821,24 @@ END
#default setzen if ($cgiparams{'DCIPHER'} eq '') { - $cgiparams{'DCIPHER'} = 'AES-256-CBC'; + $cgiparams{'DCIPHER'} = 'AES-256-CBC'; } if ($cgiparams{'DDEST_PORT'} eq '') { - $cgiparams{'DDEST_PORT'} = '1194'; + $cgiparams{'DDEST_PORT'} = '1194'; } if ($cgiparams{'DMTU'} eq '') { - $cgiparams{'DMTU'} = '1400'; + $cgiparams{'DMTU'} = '1400'; + } + if ($cgiparams{'MSSFIX'} eq '') { + $cgiparams{'MSSFIX'} = 'off'; + } + if ($cgiparams{'DAUTH'} eq '') { + $cgiparams{'DAUTH'} = 'SHA1'; } if ($cgiparams{'DOVPN_SUBNET'} eq '') { - $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0'; + $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0'; } - $checked{'ENABLED'}{'off'} = ''; + $checked{'ENABLED'}{'off'} = ''; $checked{'ENABLED'}{'on'} = ''; $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED'; $checked{'ENABLED_BLUE'}{'off'} = ''; @@ -4538,26 +4854,37 @@ END $selected{'DPROTOCOL'}{'udp'} = ''; $selected{'DPROTOCOL'}{'tcp'} = ''; $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED'; - - $selected{'DCIPHER'}{'DES-CBC'} = ''; - $selected{'DCIPHER'}{'DES-EDE-CBC'} = ''; + + $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; + $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; + $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = ''; + $selected{'DCIPHER'}{'AES-256-CBC'} = ''; + $selected{'DCIPHER'}{'AES-192-CBC'} = ''; + $selected{'DCIPHER'}{'AES-128-CBC'} = ''; $selected{'DCIPHER'}{'DES-EDE3-CBC'} = ''; $selected{'DCIPHER'}{'DESX-CBC'} = ''; + $selected{'DCIPHER'}{'SEED-CBC'} = ''; + $selected{'DCIPHER'}{'DES-EDE-CBC'} = ''; + $selected{'DCIPHER'}{'CAST5-CBC'} = ''; + $selected{'DCIPHER'}{'BF-CBC'} = ''; $selected{'DCIPHER'}{'RC2-CBC'} = ''; - $selected{'DCIPHER'}{'RC2-40-CBC'} = ''; + $selected{'DCIPHER'}{'DES-CBC'} = ''; $selected{'DCIPHER'}{'RC2-64-CBC'} = ''; - $selected{'DCIPHER'}{'BF-CBC'} = ''; - $selected{'DCIPHER'}{'CAST5-CBC'} = ''; - $selected{'DCIPHER'}{'AES-128-CBC'} = ''; - $selected{'DCIPHER'}{'AES-192-CBC'} = ''; - $selected{'DCIPHER'}{'AES-256-CBC'} = ''; - $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = ''; - $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; - $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; + $selected{'DCIPHER'}{'RC2-40-CBC'} = ''; $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED'; + + $selected{'DAUTH'}{'whirlpool'} = ''; + $selected{'DAUTH'}{'SHA512'} = ''; + $selected{'DAUTH'}{'SHA384'} = ''; + $selected{'DAUTH'}{'SHA256'} = ''; + $selected{'DAUTH'}{'ecdsa-with-SHA1'} = ''; + $selected{'DAUTH'}{'SHA1'} = ''; + $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED'; + $checked{'DCOMPLZO'}{'off'} = ''; $checked{'DCOMPLZO'}{'on'} = ''; $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED'; + # m.a.d $checked{'MSSFIX'}{'off'} = ''; $checked{'MSSFIX'}{'on'} = ''; @@ -4595,8 +4922,8 @@ END $activeonrun = "disabled='disabled'"; } &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'}); - print <<END - <table width='100%' border='0'> + print <<END; + <table width='100%' border=0> <form method='post'> <td width='25%'> </td> <td width='25%'> </td> @@ -4615,7 +4942,7 @@ END print "<tr><td class='boldbase'>$Lang::tr{'ovpn on orange'}</td>"; print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'}{'on'} /></td>"; } - print <<END + print <<END; <tr><td class='base' nowrap='nowrap' colspan='2'>$Lang::tr{'local vpn hostname/ip'}:<br /><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' size='30' /></td> <td class='boldbase' nowrap='nowrap' colspan='2'>$Lang::tr{'ovpn subnet'}<br /><input type='TEXT' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}' size='30' /></td></tr> <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn device'}</td> @@ -4629,26 +4956,29 @@ END <td><input type='TEXT' name='DDEST_PORT' value='$cgiparams{'DDEST_PORT'}' size='5' /></td></tr> <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'} </td> <td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}'size='5' /></td> + <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td> + <td><select name='DCIPHER'> + <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> + <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (196 $Lang::tr{'bit'})</option> + <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option> + <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option> + <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option> + <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option> + <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'})</option> + <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'})</option> + <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option> + <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'})</option> + <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'})</option> + <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'})</option> + <option value='RC2-CBC' $selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC (128 $Lang::tr{'bit'})</option> + <option value='DES-CBC' $selected{'DCIPHER'}{'DES-CBC'}>DES-CBC (64 $Lang::tr{'bit'} not recommended)</option> + <option value='RC2-64-CBC' $selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-CBC (64 $Lang::tr{'bit'} not recommended)</option> + <option value='RC2-40-CBC' $selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-CBC (40 $Lang::tr{'bit'} not recommended)</option> + </select> + </td> <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td> <td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'} /></td> - <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td> - <td><select name='DCIPHER'> - <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-256-CBC</option> - <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-192-CBC</option> - <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-128-CBC</option> - <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option> - <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option> - <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option> - <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option> - <option value='RC2-64-CBC' $selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option> - <option value='RC2-40-CBC' $selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option> - <option value='RC2-CBC' $selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC</option> - <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC</option> - <option value='DES-CBC' $selected{'DCIPHER'}{'DES-CBC'}>DES-CBC</option> - <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option> - <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option> - <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC</option> - </select></td></tr> + </tr> <tr><td colspan='4'><br><br></td></tr> END ; @@ -4676,163 +5006,15 @@ END } print "</form></table>"; &Header::closebox(); - &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}"); - print <<EOF#' - <table width='100%' cellspacing='1' cellpadding='0' class='tbl'> - <tr> - <th width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th> - <th width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></th> - <th width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></th> - </tr> -EOF - ; - my $col1="bgcolor='$color{'color22'}'"; - my $col2="bgcolor='$color{'color20'}'"; - if (-f "${General::swroot}/ovpn/ca/cacert.pem") { - my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`; - $casubject =~ /Subject: (.*)[\n]/; - $casubject = $1; - $casubject =~ s+/Email+, E+; - $casubject =~ s/ ST=/ S=/; - print <<END - <tr> - <td class='base' $col1>$Lang::tr{'root certificate'}</td> - <td class='base' $col1>$casubject</td> - <form method='post' name='frmrootcrta'><td width='3%' align='center' $col1> - <input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' /> - <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' width='20' height='20' border='0' /> - </td></form> - <form method='post' name='frmrootcrtb'><td width='3%' align='center' $col1> - <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' /> - <input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' /> - </td></form> - <td width='4%' $col1> </td></tr> -END - ; - } else { - # display rootcert generation buttons - print <<END - <tr> - <td class='base' $col1>$Lang::tr{'root certificate'}:</td> - <td class='base' $col1>$Lang::tr{'not present'}</td> - <td colspan='3' $col1> </td></tr> -END - ; - }
- if (-f "${General::swroot}/ovpn/certs/servercert.pem") { - my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`; - $hostsubject =~ /Subject: (.*)[\n]/; - $hostsubject = $1; - $hostsubject =~ s+/Email+, E+; - $hostsubject =~ s/ ST=/ S=/; - - print <<END - <tr> - <td class='base' $col2>$Lang::tr{'host certificate'}</td> - <td class='base' $col2>$hostsubject</td> - <form method='post' name='frmhostcrta'><td width='3%' align='center' $col2> - <input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' /> - <input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' width='20' height='20' border='0' /> - </td></form> - <form method='post' name='frmhostcrtb'><td width='3%' align='center' $col2> - <input type='image' name="$Lang::tr{'download host certificate'}" src='/images/media-floppy.png' alt="$Lang::tr{'download host certificate'}" title="$Lang::tr{'download host certificate'}" border='0' /> - <input type='hidden' name='ACTION' value="$Lang::tr{'download host certificate'}" /> - </td></form> - <td width='4%' $col2> </td></tr> -END - ; - } else { - # Nothing - print <<END - <tr> - <td width='25%' class='base' $col2>$Lang::tr{'host certificate'}:</td> - <td class='base' $col2>$Lang::tr{'not present'}</td> - </td><td colspan='3' $col2> </td></tr> -END - ; - } - - if (! -f "${General::swroot}/ovpn/ca/cacert.pem") { - print "<tr><td colspan='5' align='center'><form method='post'>"; - print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />"; - print "</form></td></tr>\n"; - } - - if (keys %cahash > 0) { - foreach my $key (keys %cahash) { - if (($key + 1) % 2) { - print "<tr bgcolor='$color{'color20'}'>\n"; - } else { - print "<tr bgcolor='$color{'color22'}'>\n"; - } - print "<td class='base'>$cahash{$key}[0]</td>\n"; - print "<td class='base'>$cahash{$key}[1]</td>\n"; - print <<END - <form method='post' name='cafrm${key}a'><td align='center'> - <input type='image' name='$Lang::tr{'show ca certificate'}' src='/images/info.gif' alt='$Lang::tr{'show ca certificate'}' title='$Lang::tr{'show ca certificate'}' border='0' /> - <input type='hidden' name='ACTION' value='$Lang::tr{'show ca certificate'}' /> - <input type='hidden' name='KEY' value='$key' /> - </td></form> - <form method='post' name='cafrm${key}b'><td align='center'> - <input type='image' name='$Lang::tr{'download ca certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download ca certificate'}' title='$Lang::tr{'download ca certificate'}' border='0' /> - <input type='hidden' name='ACTION' value='$Lang::tr{'download ca certificate'}' /> - <input type='hidden' name='KEY' value='$key' /> - </td></form> - <form method='post' name='cafrm${key}c'><td align='center'> - <input type='hidden' name='ACTION' value='$Lang::tr{'remove ca certificate'}' /> - <input type='image' name='$Lang::tr{'remove ca certificate'}' src='/images/delete.gif' alt='$Lang::tr{'remove ca certificate'}' title='$Lang::tr{'remove ca certificate'}' width='20' height='20' border='0' /> - <input type='hidden' name='KEY' value='$key' /> - </td></form></tr> -END - ; - } - } - - print "</table>"; - - # If the file contains entries, print Key to action icons - if ( -f "${General::swroot}/ovpn/ca/cacert.pem") { - print <<END - <table> - <tr> - <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td> - <td> <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td> - <td class='base'>$Lang::tr{'show certificate'}</td> - <td> <img src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' /></td> - <td class='base'>$Lang::tr{'download certificate'}</td> - </tr> - </table> -END -; - } - -print <<END -<form method='post' enctype='multipart/form-data'> -<table width='100%' border='0'> -<tr><td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td><td nowrap='nowrap' width='8%'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'/></td><td nowrap='nowrap' align='right'><input type='file' name='FH' size='25' /><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td></tr> -<tr><td colspan='4'><br></td></tr> -<tr align='right'><td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td></tr> -</table> -END -; - - - &Header::closebox(); - if ( $srunning eq "yes" ) { - print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' disabled='disabled' /></div></form>\n"; - }else{ - print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' /></div></form>\n"; - } if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) { - ### # m.a.d net2net #<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b><br /><img src='/images/null.gif' width='125' height='1' border='0' alt='L2089' /></td> ###
- &Header::openbox('100%', 'LEFT', $Lang::tr{'Client status and controlc' }); - print <<END + &Header::openbox('100%', 'LEFT', $Lang::tr{'connection status and controlc' }); + print <<END;
<table width='100%' cellspacing='1' cellpadding='0' class='tbl'> @@ -4907,7 +5089,7 @@ END #EXITING -- A graceful exit is in progress. ####
- if (($tustate[1] eq 'CONNECTED') || ($tustate[1] eq 'WAIT')) { + if ($tustate[1] eq 'CONNECTED') { $col1="bgcolor='${Header::colourgreen}'"; $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>"; }else { @@ -4938,7 +5120,7 @@ END }
- print <<END + print <<END; <td align='center' $col1>$active</td> <form method='post' name='frm${key}a'><td align='center' $col> @@ -4949,7 +5131,7 @@ END END ; if ($confighash{$key}[4] eq 'cert') { - print <<END + print <<END; <form method='post' name='frm${key}b'><td align='center' $col> <input type='image' name='$Lang::tr{'show certificate'}' src='/images/info.gif' alt='$Lang::tr{'show certificate'}' title='$Lang::tr{'show certificate'}' border='0' /> <input type='hidden' name='ACTION' value='$Lang::tr{'show certificate'}' /> @@ -4960,7 +5142,7 @@ END print "<td> </td>"; } if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") { - print <<END + print <<END; <form method='post' name='frm${key}c'><td align='center' $col> <input type='image' name='$Lang::tr{'download pkcs12 file'}' src='/images/media-floppy.png' alt='$Lang::tr{'download pkcs12 file'}' title='$Lang::tr{'download pkcs12 file'}' border='0' /> <input type='hidden' name='ACTION' value='$Lang::tr{'download pkcs12 file'}' /> @@ -4968,7 +5150,7 @@ END </td></form> END ; } elsif ($confighash{$key}[4] eq 'cert') { - print <<END + print <<END; <form method='post' name='frm${key}c'><td align='center' $col> <input type='image' name='$Lang::tr{'download certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' title='$Lang::tr{'download certificate'}' border='0' /> <input type='hidden' name='ACTION' value='$Lang::tr{'download certificate'}' /> @@ -5004,45 +5186,215 @@ END
# If the config file contains entries, print Key to action icons if ( $id ) { - print <<END + print <<END; <table border='0'> <tr> - <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td> - <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td> - <td class='base'>$Lang::tr{'click to disable'}</td> - <td> <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td> - <td class='base'>$Lang::tr{'show certificate'}</td> - <td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td> - <td class='base'>$Lang::tr{'edit'}</td> - <td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td> - <td class='base'>$Lang::tr{'remove'}</td> + <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td> + <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td> + <td class='base'>$Lang::tr{'click to disable'}</td> + <td> <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td> + <td class='base'>$Lang::tr{'show certificate'}</td> + <td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td> + <td class='base'>$Lang::tr{'edit'}</td> + <td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td> + <td class='base'>$Lang::tr{'remove'}</td> </tr> <tr> - <td> </td> - <td> <img src='/images/off.gif' alt='?OFF' /></td> - <td class='base'>$Lang::tr{'click to enable'}</td> - <td> <img src='/images/media-floppy.png' alt='?FLOPPY' /></td> - <td class='base'>$Lang::tr{'download certificate'}</td> - <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td> - <td class='base'>$Lang::tr{'dl client arch'}</td> - </tr> + <td> </td> + <td> <img src='/images/off.gif' alt='?OFF' /></td> + <td class='base'>$Lang::tr{'click to enable'}</td> + <td> <img src='/images/media-floppy.png' alt='?FLOPPY' /></td> + <td class='base'>$Lang::tr{'download certificate'}</td> + <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td> + <td class='base'>$Lang::tr{'dl client arch'}</td> + </tr> </table><br> END ; }
- print <<END + print <<END; <table width='100%'> <form method='post'> - <tr><td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /> - <input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td></tr> + <tr><td align='right'> + <input type='submit' name='ACTION' value='$Lang::tr{'add'}' /> + <input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td> + </tr> </form> </table> END - ; - &Header::closebox(); -} -&Header::closepage(); + ; + &Header::closebox(); + } + &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}"); + print <<END; + <table width='100%' cellspacing='1' cellpadding='0' class='tbl'> + <tr> + <th width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th> + <th width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></th> + <th width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></th> + </tr> +END + ; + my $col1="bgcolor='$color{'color22'}'"; + my $col2="bgcolor='$color{'color20'}'"; + if (-f "${General::swroot}/ovpn/ca/cacert.pem") { + my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`; + $casubject =~ /Subject: (.*)[\n]/; + $casubject = $1; + $casubject =~ s+/Email+, E+; + $casubject =~ s/ ST=/ S=/; + print <<END; + <tr> + <td class='base' $col1>$Lang::tr{'root certificate'}</td> + <td class='base' $col1>$casubject</td> + <form method='post' name='frmrootcrta'><td width='3%' align='center' $col1> + <input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' /> + <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' width='20' height='20' border='0' /> + </td></form> + <form method='post' name='frmrootcrtb'><td width='3%' align='center' $col1> + <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' /> + <input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' /> + </td></form> + <td width='4%' $col1> </td></tr> +END + ; + } else { + # display rootcert generation buttons + print <<END; + <tr> + <td class='base' $col1>$Lang::tr{'root certificate'}:</td> + <td class='base' $col1>$Lang::tr{'not present'}</td> + <td colspan='3' $col1> </td></tr> +END + ; + } + + if (-f "${General::swroot}/ovpn/certs/servercert.pem") { + my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`; + $hostsubject =~ /Subject: (.*)[\n]/; + $hostsubject = $1; + $hostsubject =~ s+/Email+, E+; + $hostsubject =~ s/ ST=/ S=/; + + print <<END; + <tr> + <td class='base' $col2>$Lang::tr{'host certificate'}</td> + <td class='base' $col2>$hostsubject</td> + <form method='post' name='frmhostcrta'><td width='3%' align='center' $col2> + <input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' /> + <input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' width='20' height='20' border='0' /> + </td></form> + <form method='post' name='frmhostcrtb'><td width='3%' align='center' $col2> + <input type='image' name="$Lang::tr{'download host certificate'}" src='/images/media-floppy.png' alt="$Lang::tr{'download host certificate'}" title="$Lang::tr{'download host certificate'}" border='0' /> + <input type='hidden' name='ACTION' value="$Lang::tr{'download host certificate'}" /> + </td></form> + <td width='4%' $col2> </td></tr> +END + ; + } else { + # Nothing + print <<END; + <tr> + <td width='25%' class='base' $col2>$Lang::tr{'host certificate'}:</td> + <td class='base' $col2>$Lang::tr{'not present'}</td> + </td><td colspan='3' $col2> </td></tr> +END + ; + }
+ if (! -f "${General::swroot}/ovpn/ca/cacert.pem") { + print "<tr><td colspan='5' align='center'><form method='post'>"; + print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />"; + print "</form></td></tr>\n"; + } + + if (keys %cahash > 0) { + foreach my $key (keys %cahash) { + if (($key + 1) % 2) { + print "<tr bgcolor='$color{'color20'}'>\n"; + } else { + print "<tr bgcolor='$color{'color22'}'>\n"; + } + print "<td class='base'>$cahash{$key}[0]</td>\n"; + print "<td class='base'>$cahash{$key}[1]</td>\n"; + print <<END; + <form method='post' name='cafrm${key}a'><td align='center'> + <input type='image' name='$Lang::tr{'show ca certificate'}' src='/images/info.gif' alt='$Lang::tr{'show ca certificate'}' title='$Lang::tr{'show ca certificate'}' border='0' /> + <input type='hidden' name='ACTION' value='$Lang::tr{'show ca certificate'}' /> + <input type='hidden' name='KEY' value='$key' /> + </td></form> + <form method='post' name='cafrm${key}b'><td align='center'> + <input type='image' name='$Lang::tr{'download ca certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download ca certificate'}' title='$Lang::tr{'download ca certificate'}' border='0' /> + <input type='hidden' name='ACTION' value='$Lang::tr{'download ca certificate'}' /> + <input type='hidden' name='KEY' value='$key' /> + </td></form> + <form method='post' name='cafrm${key}c'><td align='center'> + <input type='hidden' name='ACTION' value='$Lang::tr{'remove ca certificate'}' /> + <input type='image' name='$Lang::tr{'remove ca certificate'}' src='/images/delete.gif' alt='$Lang::tr{'remove ca certificate'}' title='$Lang::tr{'remove ca certificate'}' width='20' height='20' border='0' /> + <input type='hidden' name='KEY' value='$key' /> + </td></form></tr> +END + ; + } + } + + print "</table>"; + + # If the file contains entries, print Key to action icons + if ( -f "${General::swroot}/ovpn/ca/cacert.pem") { + print <<END; + <table> + <tr> + <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td> + <td> <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td> + <td class='base'>$Lang::tr{'show certificate'}</td> + <td> <img src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' /></td> + <td class='base'>$Lang::tr{'download certificate'}</td> + </tr> + </table> +END + ; + }
+ print <<END + <hr size='1'> + <form method='post' enctype='multipart/form-data'> + <table width='100%' border='0'cellspacing='1' cellpadding='0'> + <tr> + <td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td> + <td nowrap='nowrap'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'/></td> + <td nowrap='nowrap'><input type='file' name='FH' size='25' /> + <td nowrap='nowrap' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td> + </tr> + + <tr> + <td class='base' nowrap='nowrap'>$Lang::tr{'ovpn dh name'}:</td> + <td nowrap='nowrap'><input type='text' name='DH_NAME' value='$cgiparams{'DH_NAME'}' size='15' align='left'/></td> + <td nowrap='nowrap'><input type='file' name='FH' size='25' /> + <td nowrap='nowrap' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}' /></td> + </tr> + <tr><td colspan='4'><br></td></tr> + <tr> + <td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td> + <td colspan='4' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'show dh'}' /></td> + </tr> + + <tr align='right'> + <td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td> + </tr> + </table> +END + ; + + if ( $srunning eq "yes" ) { + print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' disabled='disabled' /></div></form>\n"; + } else { + print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' /></div></form>\n"; + } + &Header::closebox(); +END + ; + +&Header::closepage();
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 977dbac..3fbdd20 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1,7 +1,7 @@ %tr = ( %tr,
-'Act as' => 'Konfiguriert als', +'Act as' => 'Konfiguriert als:', 'Add Level7 rule' => 'Level7-Regel hinzufÃŒgen', 'Add Port Rule' => 'Port-Regel hinzufÃŒgen', 'Add Rule' => 'Regel hinzufÃŒgen', @@ -10,7 +10,6 @@ 'Choose Rule' => 'WÀhlen Sie <u>eine</u> der untenstehenden Regeln aus.', 'Class' => 'Klasse', 'Class was deleted' => 'wurde mit eventuell vorhandenen Unterklassen gelöscht', -'Client status and controlc' => 'Client-Status und -Kontrolle', 'ConnSched action' => 'Aktion:', 'ConnSched add action' => 'Aktion hinzufÃŒgen', 'ConnSched change profile title' => 'Wechsle zu Profil:', @@ -36,6 +35,7 @@ 'MB read' => 'MB gelesen', 'MB written' => 'MB geschrieben', 'MTU' => 'MTU Size', +'Number of Countries for the pie chart' => 'Anzahl der angezeigten LÀnder im Diagramm', 'Number of IPs for the pie chart' => 'Anzahl der angezeigten IPs im Diagramm', 'Number of Ports for the pie chart' => 'Anzahl der angezeigten Ports im Diagramm', 'OVPN' => 'OpenVPN', @@ -521,7 +521,7 @@ 'check for net traffic update' => 'PrÃŒfe auf Net-Traffic-Updates', 'check vpn lr' => 'ÃberprÃŒfen', 'choose config' => 'Konfiguration auswÀhlen', -'cipher' => 'VerschlÃŒsselung', +'cipher' => 'VerschlÃŒsselung:', 'city' => 'Stadt', 'class in use' => 'Die aktuelle Klasse wird bereits verwendet.', 'clear cache' => 'Zwischenspeicher löschen', @@ -655,6 +655,9 @@ 'details' => 'Mehr', 'device' => 'GerÀt', 'devices on blue' => 'GerÀte auf Blau', +'dh' => 'Diffie-Hellman Key', +'dh key warn' => 'Keys mit 1024 und 2048 Bit können mehreren Minuten, 3072 und 4096 Bit bis zu mehreren Stunden dauern. Bitte haben sie Geduld.', +'dh name is invalid' => 'Name ist ungÃŒltig, bitte "dh1024.pem" verwenden.', 'dhcp advopt add' => 'DHCP Option hinzufÃŒgen', 'dhcp advopt added' => 'DHCP Option hinzugefÃŒgt', 'dhcp advopt blank value' => 'Wert fÃŒr DHCP Option darf nicht leer sein', @@ -727,8 +730,7 @@ 'dns proxy server' => 'DNS-Proxyserver', 'dns saved' => 'Erfolgreich gespeichert!', 'dns saved txt' => 'Die beiden eingegebenen DNS-Server-Adressen wurde erfolgreich gespeichert.<br/>Um die Ãnderung wirksam zu machen, mÃŒssen Sie neustarten oder wiederverbinden!', -'dns server' => 'DNS-Server', -'dns servers' => 'DNS-Server', +'dns server' => 'DNS Server', 'dns title' => 'Domain Name System', 'dnsforward' => 'DNS-Weiterleitung', 'dnsforward add a new entry' => 'Neuen Eintrag hinzufÃŒgen', @@ -752,7 +754,6 @@ 'donation-text' => '<strong>IPFire</strong> wird von Freiwilligen in ihrer Freizeit betrieben und auch betreut. Um dieses Projekt am Laufen zu halten, entstehen uns natÃŒrlich auch Kosten. Wenn Sie uns unterstÃŒtzen wollen, wÃŒrden wir uns ÃŒber eine kleine Spende sehr freuen.', 'dos charset' => 'DOS Charset', 'down and up speed' => 'Geben Sie bitte hier ihre Download- bzw. Upload-Geschwindigkeit ein <br /> und klicken Sie danach auf <i>Speichern</i>.', -'downlink' => 'Downlink', 'downlink speed' => 'Downlink-Geschwindigkeit (kBit/sek)', 'downlink std class' => 'Downloadstandardklasse', 'download' => 'herunterladen', @@ -898,13 +899,13 @@ 'firewall log' => 'Firewall-Protokoll', 'firewall log viewer' => 'Betrachter der Firewall-Logdateien', 'firewall logs' => 'Firewall-Logdateien', +'firewall logs country' => 'Fw-Logdiagramme (Land)', 'firewall logs ip' => 'Fw-Logdiagramme (IP)', 'firewall logs port' => 'Fw-Logdiagramme (Port)', 'firewall rules' => 'Firewallregeln', 'firewallhits' => 'Firewalltreffer', 'firmware' => 'Firmware', 'firmware upload' => 'Hochladen der Firmware/Treiber', -'first' => 'Erste', 'fixed ip lease added' => 'Feste IP-Zuordnung hinzugefÃŒgt', 'fixed ip lease modified' => 'Feste IP-Zuordnung geÀndert', 'fixed ip lease removed' => 'Feste IP-Zuordnung gelöscht', @@ -1106,9 +1107,11 @@ 'fwhost wo subnet' => '(Ohne Subnetz)', 'gateway' => 'Gateway', 'gateway ip' => 'Gateway-IP', +'gen dh' => 'Diffie-Hellman Key erzeugen', 'gen static key' => 'Statischen SchlÃŒssel erzeugen', 'generate' => 'Root/Host-Zertifikate generieren', 'generate a certificate' => 'Erzeuge ein Zertifikat:', +'generate dh key' => 'Diffie-Hellman Key generieren', 'generate iso' => 'ISO erstellen', 'generate root/host certificates' => 'Erzeuge Root/Host-Zertifikate', 'generate tripwire keys and init' => 'Tripwire Initalisierung', @@ -1316,7 +1319,6 @@ 'lan' => 'LAN', 'lang' => 'de', 'languagepurpose' => 'WÀhlen Sie eine Sprache, in der IPFire angezeigt werden soll:', -'last' => 'Letzte', 'last activity' => 'Letzte AktivitÀt', 'lateprompting' => 'Late prompting', 'lease expires' => 'Zuordnung verfÀllt', @@ -1348,7 +1350,7 @@ 'log view' => 'Log Anzeige', 'log viewer' => 'Protokollansicht', 'log viewing options' => 'Log Ansichts-Optionen', -'log-options' => 'Logfile options', +'log-options' => 'Logfile Optionen', 'loged in at' => 'Angemeldet seit', 'logging' => 'Logging', 'logging server' => 'Protokollierungs-Server', @@ -1508,6 +1510,7 @@ 'network traffic graphs others' => 'Netzwerk (sonstige)', 'network updated' => 'Benutzerdefiniertes Netzwerk aktualisiert', 'networks settings' => 'Firewall - Netzwerkeinstellungen', +'never' => 'Nie', 'new optionsfw later' => 'Einige Einstellungen werden erst nach einem Neustart aktiv', 'new optionsfw must boot' => 'Sie mÃŒssen Ihren IPFire neu starten', 'newer' => 'Neuer', @@ -1529,6 +1532,7 @@ 'nonetworkname' => 'Kein Netzwerkname wurde eingegeben', 'noservicename' => 'Kein Dienstname wurde eingegeben', 'not a valid ca certificate' => 'Kein gÃŒltiges CA Zertifikat.', +'not a valid dh key' => 'Kein gÃŒltiger Diffie-Hellman SchlÃŒssel. Bitte nur 1024, 2048, 3072 oder 4096 Bit im PKCS#3 Format verwenden.', 'not enough disk space' => 'Nicht genÃŒgend Plattenplatz vorhanden', 'not present' => '<B>Nicht</B> vorhanden', 'not running' => 'nicht gestartet', @@ -1619,10 +1623,17 @@ 'ovpn' => 'OpenVPN', 'ovpn con stat' => 'OpenVPN Verbindungs-Statistik', 'ovpn config' => 'OVPN-Konfiguration', -'ovpn device' => 'OpenVPN-GerÀt', +'ovpn crypt options' => 'Kryptografieoptionen', +'ovpn device' => 'OpenVPN-GerÀt:', +'ovpn dh' => 'Diffie-Hellman Key LÀnge', +'ovpn dh name' => 'Diffie-Hellman Key Name', 'ovpn dl' => 'OVPN-Konfiguration downloaden', +'ovpn engines' => 'Krypto Engine', 'ovpn errmsg green already pushed' => 'Route fÃŒr grÃŒnes Netzwerk wird immer gesetzt', 'ovpn errmsg invalid ip or mask' => 'UngÃŒltige Netzwerk-Adresse oder Subnetzmaske', +'ovpn generating the root and host certificates' => 'Die Erzeugung der Root- und Host-Zertifikate kann lange Zeit dauern.', +'ovpn ha' => 'Hash Algorithmus', +'ovpn hmac' => 'HMAC Optionen', 'ovpn log' => 'OVPN-Log', 'ovpn mgmt in root range' => 'Ein Port von 1024 oder höher ist erforderlich.', 'ovpn mtu-disc' => 'Path MTU Discovery', @@ -1633,14 +1644,15 @@ 'ovpn mtu-disc with mssfix or fragment' => 'Path MTU Discovery kann nicht gemeinsam mit mssfix oder fragment verwendet werden.', 'ovpn mtu-disc yes' => 'Forciert', 'ovpn no connections' => 'Keine aktiven OpenVPN Verbindungen', -'ovpn on blue' => 'OpenVPN auf BLAU', -'ovpn on orange' => 'OpenVPN auf ORANGE', -'ovpn on red' => 'OpenVPN auf ROT', +'ovpn on blue' => 'OpenVPN auf BLAU:', +'ovpn on orange' => 'OpenVPN auf ORANGE:', +'ovpn on red' => 'OpenVPN auf ROT:', 'ovpn port in root range' => 'Ein Port von 1024 oder höher ist erforderlich.', +'ovpn reneg sec' => 'Session Key Lifetime', 'ovpn routes push' => 'Routen (eine pro Zeile) z.b. 192.168.10.0/255.255.255.0 192.168.20.0/24', 'ovpn routes push options' => 'Route push Optionen', -'ovpn server status' => 'OpenVPN-Server-Status', -'ovpn subnet' => 'OpenVPN-Subnetz (z.B. 10.0.10.0/255.255.255.0)', +'ovpn server status' => 'OpenVPN-Server-Status:', +'ovpn subnet' => 'OpenVPN-Subnetz:', 'ovpn subnet is invalid' => 'Das OpenVPN-Subnetz ist ungÃŒltig.', 'ovpn subnet overlap' => 'OpenVPNSubnetz ÃŒberschneidet sich mit ', 'ovpn_fastio' => 'Fast-IO', @@ -1741,7 +1753,7 @@ 'profile saved' => 'Profil gespeichert: ', 'profiles' => 'Profile:', 'proto' => 'Proto', -'protocol' => 'Protokoll', +'protocol' => 'Protokoll:', 'proxy' => 'Proxy', 'proxy access graphs' => 'Diagramme zur Proxyauslastung', 'proxy admin password' => 'Cache Administrator Passwort', @@ -1813,7 +1825,7 @@ 'resetglobals' => 'Globale Einstellungen zurÃŒcksetzen', 'resetpolicy' => 'Policy zurÃŒcksetzen', 'resetshares' => 'Shares zurÃŒcksetzen?', -'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'Das ZurÃŒcksetzen der VPN-Konfiguration wird die Root-CA, die Host-Zertifikate und alle weiteren Zertifikate und alle zertifikatsbasierten Verbindungen entfernen', +'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'Das Löschen des X509 wird die Root-CA, die Host-Zertifikate und alle zertifikatsbasierten Verbindungen entfernen.', 'restart' => 'Neustart', 'restart ovpn server' => 'OpenVPN-Server neu starten', 'restore' => 'Wiederherstellen', @@ -1883,6 +1895,7 @@ 'show ca certificate' => 'CA Zertifikat anzeigen', 'show certificate' => 'Zertifikat anzeigen', 'show crl' => 'Certificate Revocation List anzeigen', +'show dh' => 'Diffie-Hellman Key anzeigen', 'show host certificate' => 'Host-Zertifikat anzeigen', 'show last x lines' => 'die letzten x Zeilen anzeigen', 'show root certificate' => 'Root-Zertifikat anzeigen', @@ -1919,6 +1932,7 @@ 'source ip' => 'Quell-IP-Adresse', 'source ip and port' => 'Quell-IP:Port', 'source ip bad' => 'UngÃŒltige Quell-IP-Adresse.', +'source ip country' => 'Quell-IP-Adresse Land', 'source ip in use' => 'Benutzte Quell-IP:', 'source ip or net' => 'Quellen-IP oder Netz', 'source net' => 'Quell-Netz', @@ -2210,13 +2224,13 @@ 'updxlrtr weekly' => 'wöchentlich', 'updxlrtr year' => 'einem Jahr', 'upgrade' => 'upgrade', -'uplink' => 'Uplink', 'uplink speed' => 'Uplink-Geschwindigkeit (kBit/sek)', 'uplink std class' => 'Uploadstandardklasse', 'upload' => 'Hochladen', 'upload a certificate' => 'Ein Zertifikat hochladen:', 'upload a certificate request' => 'Eine Zertifikatsanfrage hochladen:', 'upload ca certificate' => 'CA-Zertifikat hochladen', +'upload dh key' => 'Diffie-Hellman Key hochladen', 'upload file' => 'Datei zum hochladen', 'upload new ruleset' => 'Neuen Regelsatz hochladen', 'upload p12 file' => 'PKCS12-Datei hochladen', @@ -2466,7 +2480,6 @@ 'vpn aggrmode' => 'IKE Aggressive Mode zugelassen. Wenn möglich, vermeiden (preshared SchlÃŒssel wird im Klartext ÃŒbertragen)!', 'vpn altname syntax' => 'Der Subjekt Alternativ Name ist eine durch Komma getrennte Liste von Email, DNS, URI, RID und IP Objekten. <br />Email: eine Email Adresse. Syntax Email: 'copy' benutzt die Email Adresse aus dem Zertifikatfeld. <br />DNS: ein gÃŒltiger Domain Name.<br />URI: eine gÃŒltige URI.<br />RID: Registriertes Objekt Identifikation.<br />IP: eine IP Adresse.<br />Bitte beachten: der Zeichensatz ist eingeschrÀnkt und die GroÃ-/Kleinschreibung ist entscheidend.<br />Beispiel:<br /><b>email:</b>info@ipfire.org<b>,email:</b>copy<b>,DNS:</b>www.ipfire.org<b>,IP:</b>127.0.0.1<b>,URI:</b>http://url/nach/irgendwo', 'vpn auth-dn' => 'Peer wird identifiziert durch entweder ein IPV4_ADDR, FQDN, USER_FQDN oder DER_ASN1_DN string in Remote ID Feld', -'vpn configuration main' => 'VPN-Konfiguration', 'vpn delayed start' => 'Verzögerung bevor VPN gestartet wird (Sekunden)', 'vpn delayed start help' => 'Falls notwendig, kann diese Verzögerung dazu verwendet werden, um Dynamic-DNS-Updates ordnungsgemÀà anzuwenden. 60 ist ein gÀngiger Wert, wenn ROT (RED) eine dynamische IP Adresse ist.', 'vpn incompatible use of defaultroute' => 'Hostname=%defaultroute nicht zulÀssig', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 42dea0e..46f5625 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -10,7 +10,6 @@ 'Choose Rule' => 'Choose <u>one</u> of the following rules.', 'Class' => 'Class', 'Class was deleted' => 'with potential subclasses was deleted', -'Client status and controlc' => 'Client status and control:', 'ConnSched action' => 'Action:', 'ConnSched add action' => 'Add action', 'ConnSched change profile title' => 'Change to profile:', @@ -36,6 +35,7 @@ 'MB read' => 'MB read', 'MB written' => 'MB written', 'MTU' => 'MTU size:', +'Number of Countries for the pie chart' => 'Number of Countries for the pie chart', 'Number of IPs for the pie chart' => 'Number of IPs for the pie chart', 'Number of Ports for the pie chart' => 'Number of ports for the pie chart', 'OVPN' => 'OpenVPN', @@ -419,7 +419,7 @@ 'behind a proxy' => 'Behind a proxy:', 'bewan adsl pci st' => 'TO BE REMOVED', 'bewan adsl usb' => 'TO BE REMOVED', -'bit' => 'Bit', +'bit' => 'bit', 'bitrate' => 'Bitrate', 'bleeding rules' => 'Bleeding Edge Snort Rules', 'blue' => 'BLUE', @@ -677,6 +677,9 @@ 'details' => 'Details', 'device' => 'Device', 'devices on blue' => 'Devices on BLUE', +'dh' => 'Diffie-Hellman Key', +'dh key warn' => 'Keys with 1024 and 2048 bit takes up to several minutes, 3072 and 4096 bit might needs several hours. Please be patient.', +'dh name is invalid' => 'Name ist ungltig, bitte "dh1024.pem" verwenden.', 'dhcp advopt add' => 'Add a DHCP option', 'dhcp advopt added' => 'DHCP option added', 'dhcp advopt blank value' => 'DHCP Option value cannot be empty.', @@ -752,7 +755,6 @@ 'dns saved' => 'Successfully saved!', 'dns saved txt' => 'The two entered DNS server addresses have been saved successfully.<br />You have to reboot or reconnect that the changes have effect!', 'dns server' => 'DNS Server', -'dns servers' => 'DNS Servers', 'dns title' => 'Domain Name System', 'dnsforward' => 'DNS Forwarding', 'dnsforward add a new entry' => 'Add a new entry', @@ -777,7 +779,6 @@ 'done' => 'Do it', 'dos charset' => 'DOS Charset', 'down and up speed' => 'Enter your Down- and Uplink-Speed <br /> and then press <i>Save</i>.', -'downlink' => 'Downlink', 'downlink speed' => 'Downlink speed (kbit/sec)', 'downlink std class' => 'downlink standard class', 'download' => 'download', @@ -926,11 +927,11 @@ 'firewall logs' => 'Firewall Logs', 'firewall logs ip' => 'Fw-Loggraphs (IP)', 'firewall logs port' => 'Fw-Loggraphs (Port)', +'firewall logs country' => 'Fw-Loggraphs (Country)', 'firewall rules' => 'Firewall Rules', 'firewallhits' => 'firewallhits', 'firmware' => 'Firmware', 'firmware upload' => 'Upload Firmware/Drivers', -'first' => 'First', 'fixed ip lease added' => 'Fixed IP lease added', 'fixed ip lease modified' => 'Fixed IP lease modified', 'fixed ip lease removed' => 'Fixed IP lease removed', @@ -1134,9 +1135,11 @@ 'g.lite' => 'TO BE REMOVED', 'gateway' => 'Gateway', 'gateway ip' => 'Gateway IP', +'gen dh' => 'Generate Diffie-Hellman key', 'gen static key' => 'Generate a static key', 'generate' => 'Generate root/host zertifikate', 'generate a certificate' => 'Generate a certificate:', +'generate dh key' => 'Generate Diffie-Hellman key', 'generate iso' => 'Generate ISO', 'generate root/host certificates' => 'Generate root/host certificates', 'generate tripwire keys and init' => 'generate tripwire keys and init', @@ -1345,7 +1348,6 @@ 'lan' => 'LAN', 'lang' => 'en', 'languagepurpose' => 'Select the language you wish IPFire to display in:', -'last' => 'Last', 'last activity' => 'Last Activity', 'lateprompting' => 'Lateprompting', 'lease expires' => 'Lease expires', @@ -1360,7 +1362,7 @@ 'local hard disk' => 'Hard disk', 'local master' => 'Local Master', 'local ntp server specified but not enabled' => 'Local NTP server specified but not enabled', -'local subnet' => 'Local Subnet:', +'local subnet' => 'Local subnet:', 'local subnet is invalid' => 'Local subnet is invalid.', 'local vpn hostname/ip' => 'Local VPN Hostname/IP', 'localkey' => 'Localkey', @@ -1537,6 +1539,7 @@ 'network traffic graphs others' => 'Network (others)', 'network updated' => 'Custom Network updated', 'networks settings' => 'Firewall - Network settings', +'never' => 'Never', 'new optionsfw later' => 'Some options need a reboot to take effect', 'new optionsfw must boot' => 'You must reboot your IPFire', 'newer' => 'Newer', @@ -1558,6 +1561,7 @@ 'nonetworkname' => 'No Network Name entered', 'noservicename' => 'No Service Name entered', 'not a valid ca certificate' => 'Not a valid CA certificate.', +'not a valid dh key' => 'Not a valid Diffie-Hellman key. Please use 1024, 2048, 3072 or 4096 bit in PKCS#3 format.', 'not enough disk space' => 'Not enough disk space', 'not present' => '<b>Not</b> present', 'not running' => 'not running', @@ -1649,10 +1653,17 @@ 'ovpn' => 'OpenVPN', 'ovpn con stat' => 'OpenVPN Connection Statistics', 'ovpn config' => 'OVPN-Config', +'ovpn crypt options' => 'Cryptographic options', 'ovpn device' => 'OpenVPN device:', +'ovpn dh' => 'Diffie-Hellman key lenght', +'ovpn dh name' => 'Diffie-Hellman key name', 'ovpn dl' => 'OVPN-Config Download', +'ovpn engines' => 'Crypto engine', 'ovpn errmsg green already pushed' => 'Route for green network is always set', 'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask', +'ovpn generating the root and host certificates' => 'Generating the root and host certifictae can take a long time.', +'ovpn ha' => 'Hash algorithm', +'ovpn hmac' => 'HMAC options', 'ovpn log' => 'OVPN-Log', 'ovpn mgmt in root range' => 'A port number of 1024 or higher is required.', 'ovpn mtu-disc' => 'Path MTU Discovery', @@ -1663,14 +1674,15 @@ 'ovpn mtu-disc with mssfix or fragment' => 'Path MTU Discovery cannot be used with mssfix or fragment.', 'ovpn mtu-disc yes' => 'Forced', 'ovpn no connections' => 'No active OpenVPN connections', -'ovpn on blue' => 'OpenVPN on BLUE', -'ovpn on orange' => 'OpenVPN on ORANGE', -'ovpn on red' => 'OpenVPN on RED', +'ovpn on blue' => 'OpenVPN on BLUE:', +'ovpn on orange' => 'OpenVPN on ORANGE:', +'ovpn on red' => 'OpenVPN on RED:', 'ovpn port in root range' => 'A port number of 1024 or higher is required.', +'ovpn reneg sec' => 'Session key lifetime:', 'ovpn routes push' => 'Routes (one per line) e.g. 192.168.10.0/255.255.255.0 192.168.20.0/24', 'ovpn routes push options' => 'Route push options', 'ovpn server status' => 'Current OpenVPN server status:', -'ovpn subnet' => 'OpenVPN subnet (e.g. 10.0.10.0/255.255.255.0)', +'ovpn subnet' => 'OpenVPN subnet:', 'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.', 'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ', 'ovpn_fastio' => 'Fast-IO', @@ -1771,7 +1783,7 @@ 'profile saved' => 'Profile saved: ', 'profiles' => 'Profiles:', 'proto' => 'Proto', -'protocol' => 'Protocol', +'protocol' => 'Protocol:', 'proxy' => 'Proxy', 'proxy access graphs' => 'Proxy access graphs', 'proxy admin password' => 'Cache administrator password', @@ -1845,7 +1857,7 @@ 'resetglobals' => 'Reset global settings', 'resetpolicy' => 'Reset policy to default', 'resetshares' => 'Reset shares?', -'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'Resetting the VPN configuration will remove the root CA, the host certificate and all certificate based connections', +'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'Resetting the X509 remove the root CA, the host certificate and all certificate based connections.', 'restart' => 'Restart', 'restart ovpn server' => 'Restart OpenVPN server', 'restore' => 'Restore', @@ -1917,6 +1929,7 @@ 'show ca certificate' => 'Show CA certificate', 'show certificate' => 'Show certificate', 'show crl' => 'Show certificate revocation list', +'show dh' => 'Show Diffie-Hellman key', 'show host certificate' => 'Show host certificate', 'show last x lines' => 'Show last x lines', 'show lines' => 'Show lines', @@ -1954,6 +1967,7 @@ 'source ip' => 'Source IP', 'source ip and port' => 'Source IP: Port', 'source ip bad' => 'Not a valid IP address or a network address.', +'source ip country' => 'Source IP Country', 'source ip in use' => 'Source IP in use:', 'source ip or net' => 'Source IP or Net', 'source net' => 'Source Net', @@ -2248,13 +2262,13 @@ 'updxlrtr weekly' => 'weekly', 'updxlrtr year' => 'one year', 'upgrade' => 'upgrade', -'uplink' => 'Uplink', 'uplink speed' => 'Uplink speed (kbit/sec)', 'uplink std class' => 'uplink standard class', 'upload' => 'Upload', 'upload a certificate' => 'Upload a certificate:', 'upload a certificate request' => 'Upload a certificate request:', 'upload ca certificate' => 'Upload CA certificate', +'upload dh key' => 'Upload Diffie-Hellman key', 'upload fcdsl.o' => 'TO BE REMOVED', 'upload file' => 'Upload file', 'upload new ruleset' => 'Upload new ruleset', @@ -2505,7 +2519,6 @@ 'vpn aggrmode' => 'IKE aggressive mode allowed. Avoid if possible (preshared key is transmitted in clear text)!', 'vpn altname syntax' => 'SubjectAltName is a comma separated list of e-mail, dns, uri, rid and ip objects.<br />email:an email address. Syntax email:copy takes the email field from the cert to be used.<br />DNS:a valid domain name.<br />URI:any valid uri.<br />RID:registered object identifier.<br />IP:an IP address.<br />Note:charset is limited and case is significant.<br />Example:<br /><b>e-mail:</b>ipfire@foo.org<b>,email:</b>copy<b>,DNS:</b>www.ipfire.org<b>,IP:</b>127.0.0.1<b>,URI:</b>http://url/to/something', 'vpn auth-dn' => 'Peer is identified by either IPV4_ADDR, FQDN, USER_FQDN or DER_ASN1_DN string in remote ID field', -'vpn configuration main' => 'VPN Configuration', 'vpn delayed start' => 'Delay before launching VPN (seconds)', 'vpn delayed start help' => 'If required, this delay can be used to allow dynamic DNS updates to propagate properly. 60 is a common value when RED is a dynamic IP.', 'vpn incompatible use of defaultroute' => 'hostname=%defaultroute not allowed', diff --git a/lfs/ppp b/lfs/ppp index 5d772fc..ba72f4c 100644 --- a/lfs/ppp +++ b/lfs/ppp @@ -24,7 +24,7 @@
include Config
-VER = 2.4.5 +VER = 2.4.6
THISAPP = ppp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4621bc56167b6953ec4071043fe0ec57 +$(DL_FILE)_MD5 = 3434d2cc9327167a0723aaaa8670083b
install : $(TARGET)
@@ -73,13 +73,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h -# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.2-pppoatm.patch -# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.2-pppoatm-persist.patch -# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.1-oedod.patch -# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.2-pppoatm-modprobe.patch -# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.2-signal.patch -# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.2-printstats.patch -# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.2-close.patch cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls cd $(DIR_APP) && make $(MAKETUNING) CC="gcc $(CFLAGS)" diff --git a/lfs/squid b/lfs/squid index 3c5f6c5..00dc12a 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@
include Config
-VER = 3.3.11 +VER = 3.4.4
THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = dd016ff5f14b2548083b3882207914f6 +$(DL_FILE)_MD5 = dc2bcb967fc6b15bbbc6b961010c0c00
install : $(TARGET)
@@ -53,6 +53,7 @@ md5 : $(subst %,%_MD5,$(objects)) ############################################################################### # Downloading, checking, md5sum ############################################################################### + $(patsubst %,$(DIR_CHK)/%,$(objects)) : @$(CHECK)
@@ -116,7 +117,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --enable-kill-parent-hack \ --disable-wccpv2 \ --enable-icap-client \ - --disable-esi + --disable-esi \ + --enable-zph-qos
cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/lfs/vnstat b/lfs/vnstat index 2e7b46c..b8c8b27 100644 --- a/lfs/vnstat +++ b/lfs/vnstat @@ -24,7 +24,7 @@
include Config
-VER = 1.6 +VER = 1.11
THISAPP = vnstat-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = ccaffe8e70d47e0cf2f25e52daa25712 +$(DL_FILE)_MD5 = a5a113f9176cd61fb954f2ba297f5fdb
install : $(TARGET)
@@ -73,7 +73,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && make $(MAKETUNING) LOCAL_CONFIGURE_OPTIONS="--enable-readline=yes" + cd $(DIR_APP) && make all $(MAKETUNING) LOCAL_CONFIGURE_OPTIONS="--enable-readline=yes" cd $(DIR_APP) && make install sed -i 's|eth0|green0|g' /etc/vnstat.conf sed -i 's|/var/lib/vnstat|/var/log/rrd/vnstat|g' /etc/vnstat.conf diff --git a/lfs/vnstati b/lfs/vnstati deleted file mode 100644 index c7cd6ed..0000000 --- a/lfs/vnstati +++ /dev/null @@ -1,79 +0,0 @@ -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -############################################################################### -# Definitions -############################################################################### - -include Config - -VER = beta3 - -THISAPP = vnstati-$(VER) -DL_FILE = $(THISAPP).tar.gz -DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) - -############################################################################### -# Top-level Rules -############################################################################### - -objects = $(DL_FILE) - -$(DL_FILE) = $(DL_FROM)/$(DL_FILE) - -$(DL_FILE)_MD5 = 5652b955e16716cec48da464b083c76f - -install : $(TARGET) - -check : $(patsubst %,$(DIR_CHK)/%,$(objects)) - -download :$(patsubst %,$(DIR_DL)/%,$(objects)) - -md5 : $(subst %,%_MD5,$(objects)) - -dist: - @$(PAK) - -############################################################################### -# Downloading, checking, md5sum -############################################################################### - -$(patsubst %,$(DIR_CHK)/%,$(objects)) : - @$(CHECK) - -$(patsubst %,$(DIR_DL)/%,$(objects)) : - @$(LOAD) - -$(subst %,%_MD5,$(objects)) : - @$(MD5) - -############################################################################### -# Installation Details -############################################################################### - -$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) - @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && make $(MAKETUNING) LOCAL_CONFIGURE_OPTIONS="--enable-readline=yes" - cd $(DIR_APP) && make install - @rm -rf $(DIR_APP) - @$(POSTBUILD) diff --git a/make.sh b/make.sh index 93949dc..39a54f4 100755 --- a/make.sh +++ b/make.sh @@ -692,7 +692,6 @@ buildipfire() { ipfiremake git ipfiremake squidclamav ipfiremake vnstat - ipfiremake vnstati ipfiremake iw ipfiremake wpa_supplicant ipfiremake hostapd
hooks/post-receive -- IPFire 2.x development tree