This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 2b6c5f257980b0f9e4d31f26ac1945092a45df6a (commit) via dadffbf738474d649b7177d56acedbad51d6e603 (commit) via fd24071f657fff2dfa8f878b8eef5d6a1dcf20d8 (commit) via 7e7788ea0bf73e122b71f56e972565d910a1e302 (commit) via 9d870c49eb75331f75bd84daeb6bed658d8a1b90 (commit) via 84004f0538945215dda2b52fe2f664274dc884ce (commit) via 03b08c08f0be261f47335ebf6e608b4b5d6d153a (commit) via 4d81e0f3812fc272b2515a631a2e98c4ae76a42b (commit) via c6df357fd4fefe2a8285ec92e38bd40361fe788e (commit) via b3c53248d97ee083fcf43cc5ff745396be06ca1a (commit) from 38cacce21b42d9e7c079e646096e486ac706e546 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 2b6c5f257980b0f9e4d31f26ac1945092a45df6a Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 13 15:43:52 2014 +0100
ipfire theme: Fix default setting for hostname in title.
commit dadffbf738474d649b7177d56acedbad51d6e603 Author: Alexander Marx alexander.marx@ipfire.org Date: Thu Mar 13 15:35:14 2014 +0100
fwhost.cgi: disable "use warnings"
commit fd24071f657fff2dfa8f878b8eef5d6a1dcf20d8 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 13 15:37:05 2014 +0100
Update translations.
commit 7e7788ea0bf73e122b71f56e972565d910a1e302 Merge: 9d870c4 03b08c0 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 13 15:32:00 2014 +0100
Merge remote-tracking branch 'amarx/BETA3' into next
commit 9d870c49eb75331f75bd84daeb6bed658d8a1b90 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 13 15:29:53 2014 +0100
entropy graph: Remove trend line.
commit 84004f0538945215dda2b52fe2f664274dc884ce Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 13 15:27:14 2014 +0100
Add link to entropy page and show if there is hardware support available.
commit 03b08c08f0be261f47335ebf6e608b4b5d6d153a Author: Alexander Marx alexander.marx@ipfire.org Date: Thu Mar 13 15:27:01 2014 +0100
VPN Checksubnets: Buttons are now Language Strings
commit 4d81e0f3812fc272b2515a631a2e98c4ae76a42b Author: Alexander Marx alexander.marx@ipfire.org Date: Thu Mar 13 15:09:01 2014 +0100
VPN Checksubnets: Now the remote subnets (OpenVPN/IPSec) are checked. If they are defined elsewhere, there's a warningmessage displayed
commit c6df357fd4fefe2a8285ec92e38bd40361fe788e Author: Alexander Marx alexander.marx@ipfire.org Date: Thu Mar 13 13:53:39 2014 +0100
Firewall: When delting an OpenVPN or IPSec connection, the rules are only colored yellow and the firewallrules are reloaded automatically
commit b3c53248d97ee083fcf43cc5ff745396be06ca1a Author: Alexander Marx alexander.marx@ipfire.org Date: Thu Mar 13 13:53:39 2014 +0100
Firewall: When delting an OpenVPN or IPSec connection, the rules are only colored yellow and the firewallrules are reloaded automatically
-----------------------------------------------------------------------
Summary of changes: config/cfgroot/general-functions.pl | 79 ++++++++++++++++++++-------- config/cfgroot/graphs.pl | 2 - config/menu/20-status.menu | 6 +++ doc/language_issues.de | 2 + doc/language_issues.en | 2 + doc/language_issues.es | 12 ++++- doc/language_issues.fr | 12 ++++- doc/language_issues.nl | 12 ++++- doc/language_issues.pl | 12 ++++- doc/language_issues.ru | 12 ++++- doc/language_issues.tr | 12 +++++ doc/language_missings | 40 ++++++++++++++ html/cgi-bin/entropy.cgi | 36 +++++++++++++ html/cgi-bin/firewall.cgi | 20 ------- html/cgi-bin/fwhosts.cgi | 3 +- html/cgi-bin/ovpnmain.cgi | 21 ++++++-- html/cgi-bin/vpnmain.cgi | 27 ++++++---- html/html/themes/ipfire/include/functions.pl | 2 +- langs/de/cgi-bin/de.pl | 12 ++++- langs/en/cgi-bin/en.pl | 12 ++++- 20 files changed, 264 insertions(+), 72 deletions(-)
Difference in files: diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 386b047..adfba54 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -506,24 +506,46 @@ sub validipandmask
sub checksubnets { - my %ccdconfhash=(); - my @ccdconf=(); - my $ccdname=$_[0]; - my $ccdnet=$_[1]; + my %ccdconfhash=(); + my %ovpnconfhash=(); + my %vpnconf=(); + my %ipsecconf=(); + my %ownnet=(); + my %ovpnconf=(); + my @ccdconf=(); + my $ccdname=$_[0]; + my $ccdnet=$_[1]; + my $ownnet=$_[2]; my $errormessage; my ($ip,$cidr)=split(///,$ccdnet); $cidr=&iporsubtocidr($cidr); + #get OVPN-Subnet (dynamic range) - my %ovpnconf=(); &readhash("${General::swroot}/ovpn/settings", %ovpnconf); my ($ovpnip,$ovpncidr)= split (///,$ovpnconf{'DOVPN_SUBNET'}); $ovpncidr=&iporsubtocidr($ovpncidr); + #check if we try to use same network as ovpn server if ("$ip/$cidr" eq "$ovpnip/$ovpncidr") { $errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>"; return $errormessage; } - #check if we use a network-name/subnet that already exists + + #check if we try to use same network as another ovpn N2N + if($ownnet ne 'ovpn'){ + &readhasharray("${General::swroot}/ovpn/ovpnconfig", %ovpnconfhash); + foreach my $key (keys %ovpnconfhash) { + if ($ovpnconfhash{$key}[3] eq 'net'){ + my @ovpnnet=split (///,$ovpnconfhash{$key}[11]); + if (&IpInSubnet($ip,$ovpnnet[0],&iporsubtodec($ovpnnet[1]))){ + $errormessage=$errormessage.$Lang::tr{'ccd err isovpnn2n'}." $ovpnconfhash{$key}[1] <br>"; + return $errormessage; + } + } + } + } + + #check if we use a network-name/subnet (static-ovpn) that already exists &readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); foreach my $key (keys %ccdconfhash) { @ccdconf=split(///,$ccdconfhash{$key}[1]); @@ -535,32 +557,45 @@ sub checksubnets my ($newip,$newsub) = split(///,$ccdnet); if (&IpInSubnet($newip,$ccdconf[0],&iporsubtodec($ccdconf[1]))) { - $errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."<br>"; + $errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}." $ccdconfhash{$key}[0]<br>"; return $errormessage; } } + #check if we use a ipsec right network which is already defined - my %ipsecconf=(); - &General::readhasharray("${General::swroot}/vpn/config", %ipsecconf); - foreach my $key (keys %ipsecconf){ - if ($ipsecconf{$key}[11] ne ''){ - my ($ipsecip,$ipsecsub) = split (///, $ipsecconf{$key}[11]); - $ipsecsub=&iporsubtodec($ipsecsub); - if($ipsecconf{$key}[1] ne $ccdname){ - if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){ - $errormessage=$Lang::tr{'ccd err isipsecnet'}." Name: $ipsecconf{$key}[1]"; - return $errormessage; + if($ownnet ne 'ipsec'){ + &General::readhasharray("${General::swroot}/vpn/config", %ipsecconf); + foreach my $key (keys %ipsecconf){ + if ($ipsecconf{$key}[11] ne ''){ + my ($ipsecip,$ipsecsub) = split (///, $ipsecconf{$key}[11]); + $ipsecsub=&iporsubtodec($ipsecsub); + if($ipsecconf{$key}[1] ne $ccdname){ + if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){ + $errormessage=$Lang::tr{'ccd err isipsecnet'}." Name: $ipsecconf{$key}[1]"; + return $errormessage; + } } } } } + + #check if we use the ipsec RW Network (if defined) + &readhash("${General::swroot}/vpn/settings", %vpnconf); + if ($vpnconf{'RW_NET'} ne ''){ + my ($ipsecrwnet,$ipsecrwsub)=split (///, $vpnconf{'RW_NET'}); + if (&IpInSubnet($ip,$ipsecrwnet,&iporsubtodec($ipsecrwsub))) + { + $errormessage=$errormessage.$Lang::tr{'ccd err isipsecrw'}."<br>"; + return $errormessage; + } + } + #check if we use one of ipfire's networks (green,orange,blue) - my %ownnet=(); &readhash("${General::swroot}/ethernet/settings", %ownnet); - if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;} - if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;} - if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;} - if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'RED_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;} + if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'GREEN_NETADDRESS'},&iporsubtodec($ownnet{'GREEN_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;} + if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'ORANGE_NETADDRESS'},&iporsubtodec($ownnet{'ORANGE_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;} + if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'BLUE_NETADDRESS'},&iporsubtodec($ownnet{'BLUE_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;} + if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'RED_NETADDRESS'},&iporsubtodec($ownnet{'RED_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;} }
diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl index 81b6fa4..4942c98 100644 --- a/config/cfgroot/graphs.pl +++ b/config/cfgroot/graphs.pl @@ -1140,7 +1140,6 @@ sub updateentropygraph { "-t $Lang::tr{'entropy'}", "-v $Lang::tr{'bit'}", "DEF:entropy=$mainsettings{'RRDLOG'}/collectd/localhost/entropy/entropy.rrd:entropy:AVERAGE", - "CDEF:entropytrend=entropy,43200,TREND", "LINE3:entropy#ff0000:" . sprintf("%-15s", $Lang::tr{'entropy'}), "VDEF:entrmin=entropy,MINIMUM", "VDEF:entrmax=entropy,MAXIMUM", @@ -1148,7 +1147,6 @@ sub updateentropygraph { "GPRINT:entrmax:" . sprintf("%12s\: %%5.0lf", $Lang::tr{'maximum'}), "GPRINT:entrmin:" . sprintf("%12s\: %%5.0lf", $Lang::tr{'minimum'}), "GPRINT:entravg:" . sprintf("%12s\: %%5.0lf", $Lang::tr{'average'}) . "\n", - "LINE3:entropytrend#000000", );
RRDs::graph (@command); diff --git a/config/menu/20-status.menu b/config/menu/20-status.menu index c0b780a..8899310 100644 --- a/config/menu/20-status.menu +++ b/config/menu/20-status.menu @@ -46,6 +46,12 @@ 'title' => "$Lang::tr{'hardware graphs'}", 'enabled' => 1, }; + $substatus->{'61.entropy'} = { + 'caption' => "$Lang::tr{'entropy'}", + 'uri' => '/cgi-bin/entropy.cgi', + 'title' => "$Lang::tr{'entropy graphs'}", + 'enabled' => 1, + }; $substatus->{'71.connections'} = { 'caption' => $Lang::tr{'connections'}, 'uri' => '/cgi-bin/connections.cgi', diff --git a/doc/language_issues.de b/doc/language_issues.de index 881d318..94cf2ce 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -206,6 +206,8 @@ WARNING: translation string unused: from warn email bad WARNING: translation string unused: fwdfw MODE1 WARNING: translation string unused: fwdfw MODE2 WARNING: translation string unused: fwdfw addrule +WARNING: translation string unused: fwdfw err nosrcip +WARNING: translation string unused: fwdfw err notgtip WARNING: translation string unused: fwdfw err prot_port1 WARNING: translation string unused: fwdfw final_rule WARNING: translation string unused: fwdfw from diff --git a/doc/language_issues.en b/doc/language_issues.en index 611a0de..b69be53 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -228,6 +228,8 @@ WARNING: translation string unused: from warn email bad WARNING: translation string unused: fwdfw MODE1 WARNING: translation string unused: fwdfw MODE2 WARNING: translation string unused: fwdfw addrule +WARNING: translation string unused: fwdfw err nosrcip +WARNING: translation string unused: fwdfw err notgtip WARNING: translation string unused: fwdfw err prot_port1 WARNING: translation string unused: fwdfw final_rule WARNING: translation string unused: fwdfw from diff --git a/doc/language_issues.es b/doc/language_issues.es index 636b05f..8ff311d 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -593,6 +593,8 @@ WARNING: untranslated string: ccd err invalidname WARNING: untranslated string: ccd err invalidnet WARNING: untranslated string: ccd err irouteexist WARNING: untranslated string: ccd err isipsecnet +WARNING: untranslated string: ccd err isipsecrw +WARNING: untranslated string: ccd err isovpnn2n WARNING: untranslated string: ccd err isovpnnet WARNING: untranslated string: ccd err issubnet WARNING: untranslated string: ccd err name @@ -627,6 +629,7 @@ WARNING: untranslated string: dnsforward edit an entry WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone +WARNING: untranslated string: downlink WARNING: untranslated string: dpd delay WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action @@ -637,6 +640,7 @@ WARNING: untranslated string: drop outgoing WARNING: untranslated string: emerging rules WARNING: untranslated string: encryption WARNING: untranslated string: entropy +WARNING: untranslated string: entropy graphs WARNING: untranslated string: fireinfo ipfire version WARNING: untranslated string: fireinfo is disabled WARNING: untranslated string: fireinfo is enabled @@ -679,9 +683,7 @@ WARNING: untranslated string: fwdfw dnat porterr WARNING: untranslated string: fwdfw dnat porterr2 WARNING: untranslated string: fwdfw edit WARNING: untranslated string: fwdfw err nosrc -WARNING: untranslated string: fwdfw err nosrcip WARNING: untranslated string: fwdfw err notgt -WARNING: untranslated string: fwdfw err notgtip WARNING: untranslated string: fwdfw err prot_port WARNING: untranslated string: fwdfw err remark WARNING: untranslated string: fwdfw err ruleexists @@ -727,6 +729,7 @@ WARNING: untranslated string: fwdfw use nat WARNING: untranslated string: fwdfw use srcport WARNING: untranslated string: fwdfw use srv WARNING: untranslated string: fwdfw useless rule +WARNING: untranslated string: fwdfw warn1 WARNING: untranslated string: fwdfw wd_fri WARNING: untranslated string: fwdfw wd_mon WARNING: untranslated string: fwdfw wd_sat @@ -801,6 +804,7 @@ WARNING: untranslated string: fwhost type WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome WARNING: untranslated string: grouptype +WARNING: untranslated string: hardware support WARNING: untranslated string: integrity WARNING: untranslated string: invalid input for dpd delay WARNING: untranslated string: invalid input for dpd timeout @@ -814,6 +818,7 @@ WARNING: untranslated string: maximum WARNING: untranslated string: minimum WARNING: untranslated string: minute WARNING: untranslated string: most preferred +WARNING: untranslated string: no hardware random number generator WARNING: untranslated string: notice WARNING: untranslated string: openvpn default WARNING: untranslated string: openvpn destination port used @@ -860,6 +865,8 @@ WARNING: untranslated string: snat new source ip address WARNING: untranslated string: ssh WARNING: untranslated string: static routes WARNING: untranslated string: support donation +WARNING: untranslated string: system has hwrng +WARNING: untranslated string: system has rdrand WARNING: untranslated string: system information WARNING: untranslated string: tor WARNING: untranslated string: tor accounting @@ -909,6 +916,7 @@ WARNING: untranslated string: tor traffic limit hard WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes +WARNING: untranslated string: uplink WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: visit us at diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 30cc1f1..69f260d 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -603,6 +603,8 @@ WARNING: untranslated string: ccd err invalidname WARNING: untranslated string: ccd err invalidnet WARNING: untranslated string: ccd err irouteexist WARNING: untranslated string: ccd err isipsecnet +WARNING: untranslated string: ccd err isipsecrw +WARNING: untranslated string: ccd err isovpnn2n WARNING: untranslated string: ccd err isovpnnet WARNING: untranslated string: ccd err issubnet WARNING: untranslated string: ccd err name @@ -638,6 +640,7 @@ WARNING: untranslated string: dnsforward edit an entry WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone +WARNING: untranslated string: downlink WARNING: untranslated string: dpd delay WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action @@ -648,6 +651,7 @@ WARNING: untranslated string: drop outgoing WARNING: untranslated string: emerging rules WARNING: untranslated string: encryption WARNING: untranslated string: entropy +WARNING: untranslated string: entropy graphs WARNING: untranslated string: fireinfo ipfire version WARNING: untranslated string: fireinfo is disabled WARNING: untranslated string: fireinfo is enabled @@ -690,9 +694,7 @@ WARNING: untranslated string: fwdfw dnat porterr WARNING: untranslated string: fwdfw dnat porterr2 WARNING: untranslated string: fwdfw edit WARNING: untranslated string: fwdfw err nosrc -WARNING: untranslated string: fwdfw err nosrcip WARNING: untranslated string: fwdfw err notgt -WARNING: untranslated string: fwdfw err notgtip WARNING: untranslated string: fwdfw err prot_port WARNING: untranslated string: fwdfw err remark WARNING: untranslated string: fwdfw err ruleexists @@ -738,6 +740,7 @@ WARNING: untranslated string: fwdfw use nat WARNING: untranslated string: fwdfw use srcport WARNING: untranslated string: fwdfw use srv WARNING: untranslated string: fwdfw useless rule +WARNING: untranslated string: fwdfw warn1 WARNING: untranslated string: fwdfw wd_fri WARNING: untranslated string: fwdfw wd_mon WARNING: untranslated string: fwdfw wd_sat @@ -812,6 +815,7 @@ WARNING: untranslated string: fwhost type WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome WARNING: untranslated string: grouptype +WARNING: untranslated string: hardware support WARNING: untranslated string: integrity WARNING: untranslated string: invalid input for dpd delay WARNING: untranslated string: invalid input for dpd timeout @@ -825,6 +829,7 @@ WARNING: untranslated string: maximum WARNING: untranslated string: minimum WARNING: untranslated string: minute WARNING: untranslated string: most preferred +WARNING: untranslated string: no hardware random number generator WARNING: untranslated string: notice WARNING: untranslated string: ntp common settings WARNING: untranslated string: ntp sync @@ -868,6 +873,8 @@ WARNING: untranslated string: snort working WARNING: untranslated string: ssh WARNING: untranslated string: static routes WARNING: untranslated string: support donation +WARNING: untranslated string: system has hwrng +WARNING: untranslated string: system has rdrand WARNING: untranslated string: system information WARNING: untranslated string: tor WARNING: untranslated string: tor accounting @@ -917,6 +924,7 @@ WARNING: untranslated string: tor traffic limit hard WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes +WARNING: untranslated string: uplink WARNING: untranslated string: upload new ruleset WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter file ext block diff --git a/doc/language_issues.nl b/doc/language_issues.nl index e04aae3..59c9ecb 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -591,6 +591,8 @@ WARNING: untranslated string: advproxy errmsg proxy ports equal WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: bit WARNING: untranslated string: bytes +WARNING: untranslated string: ccd err isipsecrw +WARNING: untranslated string: ccd err isovpnn2n WARNING: untranslated string: ccd iroute2 WARNING: untranslated string: dead peer detection WARNING: untranslated string: default ip @@ -603,6 +605,7 @@ WARNING: untranslated string: dnsforward edit an entry WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone +WARNING: untranslated string: downlink WARNING: untranslated string: dpd delay WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action @@ -612,6 +615,7 @@ WARNING: untranslated string: drop forward WARNING: untranslated string: drop outgoing WARNING: untranslated string: encryption WARNING: untranslated string: entropy +WARNING: untranslated string: entropy graphs WARNING: untranslated string: firewall rules WARNING: untranslated string: first WARNING: untranslated string: fw default drop @@ -637,9 +641,7 @@ WARNING: untranslated string: fwdfw dnat porterr WARNING: untranslated string: fwdfw dnat porterr2 WARNING: untranslated string: fwdfw edit WARNING: untranslated string: fwdfw err nosrc -WARNING: untranslated string: fwdfw err nosrcip WARNING: untranslated string: fwdfw err notgt -WARNING: untranslated string: fwdfw err notgtip WARNING: untranslated string: fwdfw err prot_port WARNING: untranslated string: fwdfw err remark WARNING: untranslated string: fwdfw err ruleexists @@ -685,6 +687,7 @@ WARNING: untranslated string: fwdfw use nat WARNING: untranslated string: fwdfw use srcport WARNING: untranslated string: fwdfw use srv WARNING: untranslated string: fwdfw useless rule +WARNING: untranslated string: fwdfw warn1 WARNING: untranslated string: fwdfw wd_fri WARNING: untranslated string: fwdfw wd_mon WARNING: untranslated string: fwdfw wd_sat @@ -759,6 +762,7 @@ WARNING: untranslated string: fwhost type WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome WARNING: untranslated string: grouptype +WARNING: untranslated string: hardware support WARNING: untranslated string: integrity WARNING: untranslated string: invalid input for dpd delay WARNING: untranslated string: invalid input for dpd timeout @@ -771,6 +775,7 @@ WARNING: untranslated string: mac filter WARNING: untranslated string: maximum WARNING: untranslated string: minimum WARNING: untranslated string: most preferred +WARNING: untranslated string: no hardware random number generator WARNING: untranslated string: notice WARNING: untranslated string: openvpn network WARNING: untranslated string: ovpn mgmt in root range @@ -787,6 +792,8 @@ WARNING: untranslated string: routing table WARNING: untranslated string: snat new source ip address WARNING: untranslated string: ssh WARNING: untranslated string: support donation +WARNING: untranslated string: system has hwrng +WARNING: untranslated string: system has rdrand WARNING: untranslated string: tor WARNING: untranslated string: tor accounting WARNING: untranslated string: tor accounting bytes @@ -835,6 +842,7 @@ WARNING: untranslated string: tor traffic limit hard WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes +WARNING: untranslated string: uplink WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: wlan client diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 636b05f..8ff311d 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -593,6 +593,8 @@ WARNING: untranslated string: ccd err invalidname WARNING: untranslated string: ccd err invalidnet WARNING: untranslated string: ccd err irouteexist WARNING: untranslated string: ccd err isipsecnet +WARNING: untranslated string: ccd err isipsecrw +WARNING: untranslated string: ccd err isovpnn2n WARNING: untranslated string: ccd err isovpnnet WARNING: untranslated string: ccd err issubnet WARNING: untranslated string: ccd err name @@ -627,6 +629,7 @@ WARNING: untranslated string: dnsforward edit an entry WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone +WARNING: untranslated string: downlink WARNING: untranslated string: dpd delay WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action @@ -637,6 +640,7 @@ WARNING: untranslated string: drop outgoing WARNING: untranslated string: emerging rules WARNING: untranslated string: encryption WARNING: untranslated string: entropy +WARNING: untranslated string: entropy graphs WARNING: untranslated string: fireinfo ipfire version WARNING: untranslated string: fireinfo is disabled WARNING: untranslated string: fireinfo is enabled @@ -679,9 +683,7 @@ WARNING: untranslated string: fwdfw dnat porterr WARNING: untranslated string: fwdfw dnat porterr2 WARNING: untranslated string: fwdfw edit WARNING: untranslated string: fwdfw err nosrc -WARNING: untranslated string: fwdfw err nosrcip WARNING: untranslated string: fwdfw err notgt -WARNING: untranslated string: fwdfw err notgtip WARNING: untranslated string: fwdfw err prot_port WARNING: untranslated string: fwdfw err remark WARNING: untranslated string: fwdfw err ruleexists @@ -727,6 +729,7 @@ WARNING: untranslated string: fwdfw use nat WARNING: untranslated string: fwdfw use srcport WARNING: untranslated string: fwdfw use srv WARNING: untranslated string: fwdfw useless rule +WARNING: untranslated string: fwdfw warn1 WARNING: untranslated string: fwdfw wd_fri WARNING: untranslated string: fwdfw wd_mon WARNING: untranslated string: fwdfw wd_sat @@ -801,6 +804,7 @@ WARNING: untranslated string: fwhost type WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome WARNING: untranslated string: grouptype +WARNING: untranslated string: hardware support WARNING: untranslated string: integrity WARNING: untranslated string: invalid input for dpd delay WARNING: untranslated string: invalid input for dpd timeout @@ -814,6 +818,7 @@ WARNING: untranslated string: maximum WARNING: untranslated string: minimum WARNING: untranslated string: minute WARNING: untranslated string: most preferred +WARNING: untranslated string: no hardware random number generator WARNING: untranslated string: notice WARNING: untranslated string: openvpn default WARNING: untranslated string: openvpn destination port used @@ -860,6 +865,8 @@ WARNING: untranslated string: snat new source ip address WARNING: untranslated string: ssh WARNING: untranslated string: static routes WARNING: untranslated string: support donation +WARNING: untranslated string: system has hwrng +WARNING: untranslated string: system has rdrand WARNING: untranslated string: system information WARNING: untranslated string: tor WARNING: untranslated string: tor accounting @@ -909,6 +916,7 @@ WARNING: untranslated string: tor traffic limit hard WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes +WARNING: untranslated string: uplink WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: visit us at diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 195ffc1..c7679b7 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -596,6 +596,8 @@ WARNING: untranslated string: ccd err invalidname WARNING: untranslated string: ccd err invalidnet WARNING: untranslated string: ccd err irouteexist WARNING: untranslated string: ccd err isipsecnet +WARNING: untranslated string: ccd err isipsecrw +WARNING: untranslated string: ccd err isovpnn2n WARNING: untranslated string: ccd err isovpnnet WARNING: untranslated string: ccd err issubnet WARNING: untranslated string: ccd err name @@ -632,6 +634,7 @@ WARNING: untranslated string: dnsforward edit an entry WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone +WARNING: untranslated string: downlink WARNING: untranslated string: dpd delay WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action @@ -642,6 +645,7 @@ WARNING: untranslated string: drop outgoing WARNING: untranslated string: emerging rules WARNING: untranslated string: encryption WARNING: untranslated string: entropy +WARNING: untranslated string: entropy graphs WARNING: untranslated string: extrahd because there is already a device mounted WARNING: untranslated string: extrahd cant umount WARNING: untranslated string: extrahd install or load driver @@ -674,9 +678,7 @@ WARNING: untranslated string: fwdfw dnat porterr WARNING: untranslated string: fwdfw dnat porterr2 WARNING: untranslated string: fwdfw edit WARNING: untranslated string: fwdfw err nosrc -WARNING: untranslated string: fwdfw err nosrcip WARNING: untranslated string: fwdfw err notgt -WARNING: untranslated string: fwdfw err notgtip WARNING: untranslated string: fwdfw err prot_port WARNING: untranslated string: fwdfw err remark WARNING: untranslated string: fwdfw err ruleexists @@ -722,6 +724,7 @@ WARNING: untranslated string: fwdfw use nat WARNING: untranslated string: fwdfw use srcport WARNING: untranslated string: fwdfw use srv WARNING: untranslated string: fwdfw useless rule +WARNING: untranslated string: fwdfw warn1 WARNING: untranslated string: fwdfw wd_fri WARNING: untranslated string: fwdfw wd_mon WARNING: untranslated string: fwdfw wd_sat @@ -796,6 +799,7 @@ WARNING: untranslated string: fwhost type WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome WARNING: untranslated string: grouptype +WARNING: untranslated string: hardware support WARNING: untranslated string: incoming traffic in bytes per second WARNING: untranslated string: integrity WARNING: untranslated string: invalid input for dpd delay @@ -810,6 +814,7 @@ WARNING: untranslated string: maximum WARNING: untranslated string: minimum WARNING: untranslated string: minute WARNING: untranslated string: most preferred +WARNING: untranslated string: no hardware random number generator WARNING: untranslated string: notice WARNING: untranslated string: openvpn default WARNING: untranslated string: openvpn destination port used @@ -850,6 +855,8 @@ WARNING: untranslated string: snat new source ip address WARNING: untranslated string: ssh WARNING: untranslated string: static routes WARNING: untranslated string: support donation +WARNING: untranslated string: system has hwrng +WARNING: untranslated string: system has rdrand WARNING: untranslated string: tor WARNING: untranslated string: tor accounting WARNING: untranslated string: tor accounting bytes @@ -898,6 +905,7 @@ WARNING: untranslated string: tor traffic limit hard WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes +WARNING: untranslated string: uplink WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: visit us at diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 3f27ba2..abcb6ee 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -228,6 +228,8 @@ WARNING: translation string unused: from warn email bad WARNING: translation string unused: fwdfw MODE1 WARNING: translation string unused: fwdfw MODE2 WARNING: translation string unused: fwdfw addrule +WARNING: translation string unused: fwdfw err nosrcip +WARNING: translation string unused: fwdfw err notgtip WARNING: translation string unused: fwdfw err prot_port1 WARNING: translation string unused: fwdfw final_rule WARNING: translation string unused: fwdfw from @@ -636,10 +638,13 @@ WARNING: untranslated string: advproxy errmsg proxy ports equal WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: bit WARNING: untranslated string: bytes +WARNING: untranslated string: ccd err isipsecrw +WARNING: untranslated string: ccd err isovpnn2n WARNING: untranslated string: dead peer detection WARNING: untranslated string: default ip WARNING: untranslated string: dnat address WARNING: untranslated string: dns servers +WARNING: untranslated string: downlink WARNING: untranslated string: dpd delay WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action @@ -649,14 +654,17 @@ WARNING: untranslated string: drop forward WARNING: untranslated string: drop outgoing WARNING: untranslated string: encryption WARNING: untranslated string: entropy +WARNING: untranslated string: entropy graphs WARNING: untranslated string: firewall rules WARNING: untranslated string: first WARNING: untranslated string: fwdfw dnat extport WARNING: untranslated string: fwdfw dnat nochoice WARNING: untranslated string: fwdfw dnat porterr2 WARNING: untranslated string: fwdfw hint mac +WARNING: untranslated string: fwdfw warn1 WARNING: untranslated string: fwhost err hostip WARNING: untranslated string: grouptype +WARNING: untranslated string: hardware support WARNING: untranslated string: integrity WARNING: untranslated string: invalid input for dpd delay WARNING: untranslated string: invalid input for dpd timeout @@ -669,6 +677,7 @@ WARNING: untranslated string: mac filter WARNING: untranslated string: maximum WARNING: untranslated string: minimum WARNING: untranslated string: most preferred +WARNING: untranslated string: no hardware random number generator WARNING: untranslated string: notice WARNING: untranslated string: openvpn network WARNING: untranslated string: ovpn mgmt in root range @@ -684,7 +693,10 @@ WARNING: untranslated string: routing table WARNING: untranslated string: snat new source ip address WARNING: untranslated string: ssh WARNING: untranslated string: support donation +WARNING: untranslated string: system has hwrng +WARNING: untranslated string: system has rdrand WARNING: untranslated string: tor directory port WARNING: untranslated string: tor errmsg invalid directory port +WARNING: untranslated string: uplink WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: wlan clients diff --git a/doc/language_missings b/doc/language_missings index 2ca9bf6..8e13c90 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -39,6 +39,8 @@ < ccd err iroute < ccd err irouteexist < ccd err isipsecnet +< ccd err isipsecrw +< ccd err isovpnn2n < ccd err isovpnnet < ccd err issubnet < ccd err name @@ -75,6 +77,7 @@ < dnsforward forward_server < dnsforward zone < dns servers +< downlink < dpd delay < dpd timeout < drop action @@ -84,6 +87,7 @@ < drop outgoing < encryption < entropy +< entropy graphs < fireinfo ipfire version < fireinfo is disabled < fireinfo is enabled @@ -185,6 +189,7 @@ < fwdfw use nat < fwdfw use srcport < fwdfw use srv +< fwdfw warn1 < fwdfw wd_fri < fwdfw wd_mon < fwdfw wd_sat @@ -278,6 +283,7 @@ < fw settings remark < fw settings ruletable < grouptype +< hardware support < integrity < invalid input for dpd delay < invalid input for dpd timeout @@ -292,6 +298,7 @@ < minimum < minute < most preferred +< no hardware random number generator < notice < ntp common settings < ntp sync @@ -333,6 +340,8 @@ < ssh < static routes < support donation +< system has hwrng +< system has rdrand < system information < tor < tor 0 = disabled @@ -389,6 +398,7 @@ < tor use exit nodes < updxlrtr sources < updxlrtr standard view +< uplink < upload new ruleset < uptime < uptime load average @@ -483,6 +493,8 @@ < ccd err iroute < ccd err irouteexist < ccd err isipsecnet +< ccd err isipsecrw +< ccd err isovpnn2n < ccd err isovpnnet < ccd err issubnet < ccd err name @@ -518,6 +530,7 @@ < dnsforward forward_server < dnsforward zone < dns servers +< downlink < dpd delay < dpd timeout < drop action @@ -527,6 +540,7 @@ < drop outgoing < encryption < entropy +< entropy graphs < fireinfo ipfire version < fireinfo is disabled < fireinfo is enabled @@ -628,6 +642,7 @@ < fwdfw use nat < fwdfw use srcport < fwdfw use srv +< fwdfw warn1 < fwdfw wd_fri < fwdfw wd_mon < fwdfw wd_sat @@ -721,6 +736,7 @@ < fw settings remark < fw settings ruletable < grouptype +< hardware support < integrity < invalid input for dpd delay < invalid input for dpd timeout @@ -735,6 +751,7 @@ < minimum < minute < most preferred +< no hardware random number generator < notice < openvpn default < openvpn destination port used @@ -792,6 +809,8 @@ < ssh < static routes < support donation +< system has hwrng +< system has rdrand < system information < tor < tor 0 = disabled @@ -848,6 +867,7 @@ < tor use exit nodes < updxlrtr sources < updxlrtr standard view +< uplink < uptime < uptime load average < urlfilter redirect template @@ -918,6 +938,8 @@ < ccd err iroute < ccd err irouteexist < ccd err isipsecnet +< ccd err isipsecrw +< ccd err isovpnn2n < ccd err isovpnnet < ccd err issubnet < ccd err name @@ -953,6 +975,7 @@ < dnsforward forward_server < dnsforward zone < dns servers +< downlink < dpd delay < dpd timeout < drop action @@ -962,6 +985,7 @@ < drop outgoing < encryption < entropy +< entropy graphs < extrahd because there is already a device mounted < extrahd cant umount < extrahd install or load driver @@ -1055,6 +1079,7 @@ < fwdfw use nat < fwdfw use srcport < fwdfw use srv +< fwdfw warn1 < fwdfw wd_fri < fwdfw wd_mon < fwdfw wd_sat @@ -1148,6 +1173,7 @@ < fw settings remark < fw settings ruletable < grouptype +< hardware support < integrity < invalid input for dpd delay < invalid input for dpd timeout @@ -1162,6 +1188,7 @@ < minimum < minute < most preferred +< no hardware random number generator < notice < openvpn default < openvpn destination port used @@ -1204,6 +1231,8 @@ < ssh < static routes < support donation +< system has hwrng +< system has rdrand < tor < tor 0 = disabled < tor accounting @@ -1259,6 +1288,7 @@ < tor use exit nodes < updxlrtr sources < updxlrtr standard view +< uplink < uptime < uptime load average < urlfilter redirect template @@ -1330,6 +1360,8 @@ < ccd err iroute < ccd err irouteexist < ccd err isipsecnet +< ccd err isipsecrw +< ccd err isovpnn2n < ccd err isovpnnet < ccd err issubnet < ccd err name @@ -1367,6 +1399,7 @@ < dnsforward forward_server < dnsforward zone < dns servers +< downlink < dpd delay < dpd timeout < drop action @@ -1377,6 +1410,7 @@ < Edit an existing route < encryption < entropy +< entropy graphs < extrahd because there is already a device mounted < extrahd cant umount < extrahd install or load driver @@ -1471,6 +1505,7 @@ < fwdfw use nat < fwdfw use srcport < fwdfw use srv +< fwdfw warn1 < fwdfw wd_fri < fwdfw wd_mon < fwdfw wd_sat @@ -1564,6 +1599,7 @@ < fw settings remark < fw settings ruletable < grouptype +< hardware support < hour-graph < incoming traffic in bytes per second < integrity @@ -1581,6 +1617,7 @@ < minute < month-graph < most preferred +< no hardware random number generator < notice < openvpn default < openvpn destination port used @@ -1620,6 +1657,8 @@ < ssh < static routes < support donation +< system has hwrng +< system has rdrand < tor < tor 0 = disabled < tor accounting @@ -1675,6 +1714,7 @@ < tor use exit nodes < updxlrtr sources < updxlrtr standard view +< uplink < uptime < uptime load average < urlfilter redirect template diff --git a/html/cgi-bin/entropy.cgi b/html/cgi-bin/entropy.cgi index 9362e78..bd3de82 100755 --- a/html/cgi-bin/entropy.cgi +++ b/html/cgi-bin/entropy.cgi @@ -48,6 +48,42 @@ if ( $querry[0] ne~ "") { &Graphs::makegraphbox("entropy.cgi", "day", '', 350); &Header::closebox();
+ # Check for hardware support. + my $message; + my $message_colour = $Header::colourred; + if (&has_hwrng()) { + $message = $Lang::tr{'system has hwrng'}; + $message_colour = $Header::colourgreen; + } elsif (&has_rdrand()) { + $message = $Lang::tr{'system has rdrand'}; + $message_colour = $Header::colourgreen; + } else { + $message = $Lang::tr{'no hardware random number generator'}; + } + + &Header::openbox('100%', 'center', $Lang::tr{'hardware support'}); + print <<EOF; + <p style="color: $message_colour; text-align: center;">$message</p> +EOF + &Header::closebox(); + &Header::closebigbox(); &Header::closepage(); } + +sub has_hwrng() { + return (-c "/dev/hwrng"); +} + +sub has_rdrand() { + open(FILE, "/proc/cpuinfo") or return 0; + my @cpuinfo = <FILE>; + close(FILE); + + my @result = grep(/rdrand/, @cpuinfo); + if (@result) { + return 1; + } + + return 0; +} diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi index 7bcb079..82684e0 100644 --- a/html/cgi-bin/firewall.cgi +++ b/html/cgi-bin/firewall.cgi @@ -2375,26 +2375,18 @@ END if($$hash{$key}[3] eq 'ipsec_net_src'){ if(&fwlib::get_ipsec_net_ip($host,11) eq ''){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } }elsif($$hash{$key}[3] eq 'ovpn_net_src'){ if(&fwlib::get_ovpn_net_ip($host,1) eq ''){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } }elsif($$hash{$key}[3] eq 'ovpn_n2n_src'){ if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } }elsif($$hash{$key}[3] eq 'ovpn_host_src'){ if(&fwlib::get_ovpn_host_ip($host,33) eq ''){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } } } @@ -2402,26 +2394,18 @@ END if($$hash{$key}[5] eq 'ipsec_net_tgt'){ if(&fwlib::get_ipsec_net_ip($host,11) eq ''){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } }elsif($$hash{$key}[5] eq 'ovpn_net_tgt'){ if(&fwlib::get_ovpn_net_ip($host,1) eq ''){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } }elsif($$hash{$key}[5] eq 'ovpn_n2n_tgt'){ if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } }elsif($$hash{$key}[5] eq 'ovpn_host_tgt'){ if(&fwlib::get_ovpn_host_ip($host,33) eq ''){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } } } @@ -2429,15 +2413,11 @@ END foreach my $netgroup (sort keys %customgrp){ if(($$hash{$key}[4] eq $customgrp{$netgroup}[0] || $$hash{$key}[6] eq $customgrp{$netgroup}[0]) && $customgrp{$netgroup}[2] eq 'none'){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } } foreach my $srvgroup (sort keys %customservicegrp){ if($$hash{$key}[15] eq $customservicegrp{$srvgroup}[0] && $customservicegrp{$srvgroup}[2] eq 'none'){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } } $$hash{'ACTIVE'}=$$hash{$key}[2]; diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi index 049233c..2d128f5 100644 --- a/html/cgi-bin/fwhosts.cgi +++ b/html/cgi-bin/fwhosts.cgi @@ -21,7 +21,8 @@ use strict;
# enable only the following on debugging purpose -use warnings; +#use warnings; + use Sort::Naturally; use CGI::Carp 'fatalsToBrowser'; no warnings 'uninitialized'; diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index fa801a9..877e09c 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -2159,7 +2159,7 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { } else { $errormessage = $Lang::tr{'invalid key'}; } - + &General::firewall_reload();
### ### Download PKCS12 file @@ -3509,8 +3509,13 @@ if ($cgiparams{'TYPE'} eq 'net') { unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; goto VPNCONF_ERROR; - } - + } + #Check if remote subnet is used elsewhere + my ($n2nip,$n2nsub)=split("/",$cgiparams{'REMOTE_SUBNET'}); + $warnmessage=&General::checksubnets('',$n2nip,'ovpn'); + if ($warnmessage){ + $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage; + } }
# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) { @@ -4569,6 +4574,16 @@ END &Header::closebox(); }
+ if ($warnmessage) { + &Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'}); + print "$warnmessage<br>"; + print "$Lang::tr{'fwdfw warn1'}<br>"; + &Header::closebox(); + print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>"; + &Header::closepage(); + exit 0; + } + my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>"; my $srunning = "no"; my $activeonrun = ""; diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index af836da..f5ec500 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -1225,7 +1225,7 @@ END } else { $errormessage = $Lang::tr{'invalid key'}; } - + &General::firewall_reload(); ### ### Choose between adding a host-net or net-net connection ### @@ -1407,14 +1407,13 @@ END goto VPNCONF_ERROR; }
-#temporary disabled (BUG 10294) -# if ($cgiparams{'TYPE'} eq 'net'){ -# $errormessage=&General::checksubnets($cgiparams{'NAME'},$cgiparams{'REMOTE_SUBNET'}); -# if ($errormessage ne ''){ -# goto VPNCONF_ERROR; -# } -# -# } + if ($cgiparams{'TYPE'} eq 'net'){ + $warnmessage=&General::checksubnets('',$cgiparams{'REMOTE_SUBNET'},'ipsec'); + if ($warnmessage ne ''){ + $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage; + } + } + if ($cgiparams{'AUTH'} eq 'psk') { if (! length($cgiparams{'PSK'}) ) { $errormessage = $Lang::tr{'pre-shared key is too short'}; @@ -2612,6 +2611,16 @@ EOF &Header::closebox(); }
+ if ($warnmessage) { + &Header::openbox('100%', 'left', $Lang::tr{'warning messages'}); + print "$warnmessage<br>"; + print "$Lang::tr{'fwdfw warn1'}<br>"; + &Header::closebox(); + print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>"; + &Header::closepage(); + exit 0; + } + &Header::openbox('100%', 'left', $Lang::tr{'global settings'}); print <<END <form method='post' action='$ENV{'SCRIPT_NAME'}'> diff --git a/html/html/themes/ipfire/include/functions.pl b/html/html/themes/ipfire/include/functions.pl index f71181e..0c47cd4 100644 --- a/html/html/themes/ipfire/include/functions.pl +++ b/html/html/themes/ipfire/include/functions.pl @@ -110,7 +110,7 @@ sub openpage { &genmenu();
my $headline = "IPFire"; - if ($settings{'WINDOWWITHHOSTNAME'} eq 'on') { + if (($settings{'WINDOWWITHHOSTNAME'} eq 'on') || ($settings{'WINDOWWITHHOSTNAME'} eq '')) { $headline = "$settings{'HOSTNAME'}.$settings{'DOMAINNAME'}"; }
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index e951b68..1042707 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -481,8 +481,10 @@ 'ccd err iroute' => 'Netzadresse für Route ungültig.', 'ccd err irouteexist' => 'Diese Route wird bereits verwendet.', 'ccd err isipsecnet' => 'Diese Subnetzadresse wird bereits für ein IPsec-Netzwerk verwendet.', -'ccd err isovpnnet' => 'Subnetzadresse wird für bereits für den OpenVPN-Server verwendet!', -'ccd err issubnet' => 'Subnetzadresse wird bereits verwendet.', +'ccd err isipsecrw' => 'Diese Subnetzadresse wird bereits für das IPsec-RW Netz verwendet.', +'ccd err isovpnn2n' => 'Die Subnetzadresse wird für bereits für eine OpenVPN Netz-zu-Netz-Verbindung verwendet.', +'ccd err isovpnnet' => 'Die Subnetzadresse wird für bereits für den OpenVPN-Server verwendet.', +'ccd err issubnet' => 'Die Subnetzadresse wird bereits verwendet.', 'ccd err name' => 'Es muss ein Name angegeben werden.', 'ccd err nameexist' => 'Name existiert bereits.', 'ccd err netadr' => 'Subnetzadresse ist ungültig oder Bereich zu groß.', @@ -813,6 +815,7 @@ 'enter ack class' => 'Legen Sie hier die ACK-Klasse fest <br /> und klicken Sie danach auf <i>Speichern</i>.', 'enter data' => 'Geben Sie die Daten ein <br /> und klicken Sie danach auf <i>Speichern</i>.', 'entropy' => 'Entropie', +'entropy graphs' => 'Entropiegraphen', 'err bk 1' => 'Fehler beim Erzeugen des Archivs', 'err bk 10 password' => 'Fehler beim Datensicherungs-Passwort', 'err bk 2 key' => 'Fehler beim Erzeugen der Schlüsseldatei', @@ -1005,6 +1008,7 @@ 'fwdfw use srcport' => 'Quellport:', 'fwdfw use srv' => 'Zielport:', 'fwdfw useless rule' => 'Diese Regel ist nicht sinnvoll.', +'fwdfw warn1' => 'Dies kann dazu führen, dass Firewallregeln auf Netze angewendet werden, für die sie nicht gedacht sind.', 'fwdfw wd_fri' => 'Fr', 'fwdfw wd_mon' => 'Mo', 'fwdfw wd_sat' => 'Sa', @@ -1131,6 +1135,7 @@ 'harddisk temperature' => 'Festplattentemperatur', 'harddisk temperature graphs' => 'HDD-Diagramme', 'hardware graphs' => 'Hardware-Diagramme', +'hardware support' => 'Hardware-Unterstützung', 'hdd temperature in' => 'Festplattentemperatur in', 'help' => 'Hilfe', 'high' => 'Hoch', @@ -1506,6 +1511,7 @@ 'no eciadsl synch.bin file' => 'Keine ECI ADSL Datei synch.bin vorhanden. Bitte hochladen.', 'no filter pass' => 'Legen Sie hier die Standardklassen fest durch die nicht-gefilterte Pakete gehen.', 'no fritzdsl driver' => 'Kein Fritz!DSL-Treiber vorhanden. Bitte hochladen.', +'no hardware random number generator' => 'Dieses System hat keine Entropiequelle.', 'no information available' => 'Keine Informationen verfügbar.', 'no log selected' => 'kein Log ausgewählt', 'no modem selected' => 'Kein Modem ausgewählt', @@ -1976,6 +1982,8 @@ 'swap usage per' => 'Nutzung von Auslagerungsspeicher (Swap) pro', 'system' => 'System', 'system graphs' => 'System-Diagramme', +'system has hwrng' => 'Dieses System hat einen Hardware-Zufallszahlengenerator.', +'system has rdrand' => 'Dieses System unterstützt Intel(R) RDRAND.', 'system information' => 'Systeminformationen', 'system log viewer' => 'Betrachter der System-Logdateien', 'system logs' => 'System-Logdateien', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index d8cfdc7..62facdc 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -499,8 +499,10 @@ 'ccd err invalidnet' => 'Invalid IP address. Format: 192.168.0.0/24 or 192.168.0.0/255.255.255.0.', 'ccd err iroute' => 'Network address for route is invalid.', 'ccd err irouteexist' => 'This route is already in use.', -'ccd err isipsecnet' => 'The given subnet address already used by an IPsec network.', -'ccd err isovpnnet' => 'Subnet address already in use for OpenVPN Server.', +'ccd err isipsecnet' => 'The given subnet address is already used by an IPsec network.', +'ccd err isipsecrw' => 'The given subnet address is already used by the IPsec rw network.', +'ccd err isovpnn2n' => 'The subnet address is already in use for an OpenVPN net-to-net connection.', +'ccd err isovpnnet' => 'The subnet address is already in use for the OpenVPN server.', 'ccd err issubnet' => 'Subnet address already in use.', 'ccd err name' => 'Please choose a name.', 'ccd err nameexist' => 'Name already exists.', @@ -839,6 +841,7 @@ 'enter ack class' => 'Enter the ACK- Class <br /> and then press <i>Save</i>.', 'enter data' => 'Enter your settings <br /> and then press <i>Save</i>.', 'entropy' => 'Entropy', +'entropy graphs' => 'Entropy Graphs', 'err bk 1' => 'Error creating archive', 'err bk 10 password' => 'Error with backup password', 'err bk 2 key' => 'Error creating key file', @@ -1031,6 +1034,7 @@ 'fwdfw use srcport' => 'Source port:', 'fwdfw use srv' => 'Destination port:', 'fwdfw useless rule' => 'This rule is useless.', +'fwdfw warn1' => 'This might lead to firewallrules which are applied to networks for which they are not intended to be.', 'fwdfw wd_fri' => 'Fri', 'fwdfw wd_mon' => 'Mon', 'fwdfw wd_sat' => 'Sat', @@ -1159,6 +1163,7 @@ 'harddisk temperature' => 'Harddisk Temperature', 'harddisk temperature graphs' => 'HDD Graphs', 'hardware graphs' => 'Hardware Graphs', +'hardware support' => 'Hardware Support', 'hdd temperature in' => 'Harddisk temperature in', 'help' => 'Help', 'high' => 'High', @@ -1535,6 +1540,7 @@ 'no eciadsl synch.bin file' => 'No ECI ADSL synch.bin file. Please upload.', 'no filter pass' => 'Enter the standard class for non-filtered packets.', 'no fritzdsl driver' => 'No Fritz!DSL driver. Please upload.', +'no hardware random number generator' => 'This system has no source for entropy.', 'no information available' => 'No information available.', 'no log selected' => 'No log selected', 'no modem selected' => 'No modem selected', @@ -2011,6 +2017,8 @@ 'swap usage per' => 'Swap usage per', 'system' => 'System', 'system graphs' => 'System Graphs', +'system has hwrng' => 'This system has got a hardware random number generator.', +'system has rdrand' => 'This system has got support for Intel(R) RDRAND.', 'system information' => 'System Information', 'system log viewer' => 'System Log Viewer', 'system logs' => 'System Logs',
hooks/post-receive -- IPFire 2.x development tree