* [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 05a48c2b2a09e8a5c67276dd2c372d4fbc023017
@ 2014-05-25 22:10 git
0 siblings, 0 replies; only message in thread
From: git @ 2014-05-25 22:10 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 386187 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, master has been updated
via 05a48c2b2a09e8a5c67276dd2c372d4fbc023017 (commit)
via 5346fd16195c48bd34e53458b57995699e427627 (commit)
via 8f31e2c38d331bf27c4c0610f59a2df2683dac03 (commit)
via c3ab884ca5e581448f051c75e5162428a3230d6c (commit)
via 022438b50b801bc480e9585c81efb4356ac91102 (commit)
via b5d2be5d9b51c463e8892db74afb2372123199ae (commit)
via 4680b4a38f2e67e64e00b0e59b979610fa44f4d5 (commit)
via 42c439e45d76ca42048f8cf46bf3ec9a7c7b0ad9 (commit)
via 85ce9e1b971d21f44a185de4800b187d4a05ec6c (commit)
via fded6faa72d581114e25ddb17bcc607625736fdc (commit)
via 9d707db06eef14a519ed1e5091a6d12f50b452d4 (commit)
via e52d2c3bb529d70ac17567a1b795f4a51a9b1467 (commit)
via 61cf8114ea71d62fe953cd4a9d97e8a8ca8fbf30 (commit)
via 3c4c5466ce687de0d33e6dab9cfff4f8f2e6c96a (commit)
via 51fe9ff8e369bb123d81fe51bef6e9a7da026aa2 (commit)
via d2dcd8b2e28face37be18ced3c2f22624e7e567a (commit)
via c0e0848f999ed8944ae551047fdea32bfee88d03 (commit)
via 8e59a6022bf7cb225c3509be2964833cce0e630c (commit)
via 763190af8e3272a1edd582e1e1736bfc8c0c1baa (commit)
via 30b1c1c72855e469034d9f7a6d4410367fa3069c (commit)
via 4be45949e9629cc141401957e291e1e5206adb39 (commit)
via 53ce51761fb21c630ce547660cc0b2778835d210 (commit)
via 754066e6c3c6c1185fc25f8ae25b5e90c6e11f99 (commit)
via e3b5a052ecd0eb5c53f669c5218f360b016fe128 (commit)
via 53ac77f61004852ad7a593e0a4441619aaecd300 (commit)
via ace810a3f85f58a59c4ca430b61d052817e7362c (commit)
via cf6abf539ed973c6bb053293cafeee01e60ac0d1 (commit)
via 080568824d60c86189a49d272a390f81c86a0eba (commit)
via 0f7ee3ea4e63a646ae5d02207530493016240f43 (commit)
via 5a9f40613eea53a15e3cf6dc6348114329871ac3 (commit)
via 1638682beb691a4bf40f4db155c109d9a34536a4 (commit)
via a9fb14d0513d71accacfded36f46e471cb3a88d6 (commit)
via 040b8b0c5ed052025d9c35e26eb7092510deb25c (commit)
via bc2b3e9483f37ec497b3460faf0208cfb87cdfc5 (commit)
via d9fe569366e9dca7f833b53a212ea2ef4311d45f (commit)
via ed4b4c19b9e47229ead960bd43bcc9cd6a01413a (commit)
via 7e8d00649625a1f8f77e086d402e02b2ab2dce79 (commit)
via 6fde3230a88f633ec6358959626ca90c1ae3e1a3 (commit)
via a50dadc229a4ad34be60e9fa24cf20c33e9d96c2 (commit)
via f527e53f54c8d908340e2102d983297392db1938 (commit)
via b7ca4506502a50776ddfb65b446ac73c85797cc3 (commit)
via cf910b536ade7b4bc03267d0d04cb4ddda815d5f (commit)
via d3782f77ba9f3d4ead14cf22ac4ffe608e3114d7 (commit)
via 28f44b83c32f72074bc75817698a2958119020bd (commit)
via 172c1f72c4034419063589ab83fa95df5e48ef70 (commit)
via 0a511b76938a036a46446ca5cf35a47482c39382 (commit)
via f353972f3f84da9873f0512dc8810a20408fde2c (commit)
via aab13a8d9d873c2ad83bb2454ca03d90bfecfd53 (commit)
via 2308525f0c53c4665cbe604d6c524441b3442ac5 (commit)
via 1f99fc9845457b2d58d584adb47866a1eec8a7dc (commit)
via edb7235c38554f9a02a03cd1b58f027cae43cf8c (commit)
via 9cf34ad1ed74f88a139e620fff476e6ae0a9707f (commit)
via dbe2a1cc36f78e1cf48150dc4e1756be1d04abce (commit)
via d25b7c32bd420267d2604dfa34e6e3bfa7de9ed7 (commit)
via dd58c50c3e55749903369c2b3258de7cc307c8ce (commit)
via 7c1b7d3e226310403ddd40b4cd19d78f7db4d457 (commit)
via 27ecea56ce242adc0f3b471ed2868dc3ea246874 (commit)
via c6d9cb76ab5a1ce0ac152765c929f61b68361d87 (commit)
via b1ab4a4dd0cce83c838b9946f42d601776e9ca8a (commit)
via 02c542d173228b45bde7895d9ecd1e00b7129769 (commit)
via afe1107dc978dfae14c576cc1d9dc80c9e09107e (commit)
via 661cd276b68c274ecfee7cdf3bd6c7204dc56572 (commit)
via b2e75449a98f19e47b8aaf7623a6299749b21de6 (commit)
via b9e1738442dc5087ebdaaec659a0f4c21b021081 (commit)
via 6d49c4a6318512f12cd06da7727d7000f2071030 (commit)
via 49abe7afb1868315b96643afe08c12fa1b339e3a (commit)
via 6e8089a94f5cb8b9baafa1afd8dc01d3baa9fd6d (commit)
via 03d0b8c7e8486fca41674ddac51543edad300f4d (commit)
via 9eb6ff30db048dfeff384b53acc18e58b6363788 (commit)
via 3fe41c0159c9ad1474f4a174212b97f95972bf82 (commit)
via c80303cd452f8d6b41a4039e357d30b0ece19843 (commit)
via c5e3d520e92aee074f1713f8ba98ee4296341ad3 (commit)
via 1d3c37402c4684e682aabe904f443b93b6dc4310 (commit)
via c2b5d12b3453c55afce7ef84451a65e130b0d80f (commit)
via b04a34188c8456a81c8fef0064014b8aeb584ee4 (commit)
via ae6ae33f847ea063331b8ce205148334925385fd (commit)
via 41dfa08d2a9be671a48d4e0cd33f1e89541ae0d8 (commit)
via 5240f73d9c73c30ea92fab982d31ca986fb86e2e (commit)
via 93b36c3e229a1d7b57deebbb8749bcaa966aa46e (commit)
via 4c7bfb1f271bdd0de493772a15209e038344e57c (commit)
via 6bd4bcdaa12cc7a3111d6a9c26ab6cd1124c618a (commit)
via fc84e6ec23f824f6a72935c0d274ac4fe948f0a0 (commit)
via 296a73a5326636a53c642dcd046b03fcff221835 (commit)
via dd29d563a603b0bc182af23efd5160caf75657c4 (commit)
via 2d6ac13175c0ffa0a5940d812fb45e91f5585264 (commit)
via 1202ee15395ebd7bfe85c328d46e33b21f97f5eb (commit)
via fff2be22a4f97ff5b0479b1f261e783b2737ee92 (commit)
via 06f320318f4bed98f57bb7dd8b00f538dc24ecbf (commit)
via fde47f5aef2aa779350cec85b5c19327fa36b938 (commit)
via c438fb070e42080e86da5de68f0a6700960ef2d2 (commit)
via bde7a7d296b2d0ab165687d9c46dcf67caf955a1 (commit)
via f424897557ee41cd235ae293820a558c98e9caf2 (commit)
via e4aac473708d259a77830d5f4c2c95f436d3df54 (commit)
via a5ecf5f031b1d3f08ac7adebfc38f96860139b9c (commit)
via 4c962356a0bf2ecc935ea08e19f273b3e9cc7c2d (commit)
via abfd82b15e479ccfc351328ca0e86fc646f0eac5 (commit)
from 3e8286210f4e167c9ad2bb20b7fe3a56d2435b52 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 05a48c2b2a09e8a5c67276dd2c372d4fbc023017
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon May 26 00:07:38 2014 +0200
close core78.
commit 5346fd16195c48bd34e53458b57995699e427627
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon May 26 00:06:40 2014 +0200
core78: add sshd initskript to updater.
commit 8f31e2c38d331bf27c4c0610f59a2df2683dac03
Merge: c3ab884 022438b
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun May 25 10:06:05 2014 +0200
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit c3ab884ca5e581448f051c75e5162428a3230d6c
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun May 25 10:03:58 2014 +0200
Revert "kernel: change compression of pae kernel to bz2."
This reverts commit 3e8286210f4e167c9ad2bb20b7fe3a56d2435b52.
bz2 is not supported by debian xen. So users that have problems
with xz compression need to update the pygrub on the host.
commit 022438b50b801bc480e9585c81efb4356ac91102
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat May 24 15:05:56 2014 +0200
setddns.pl: Fix function call of udmedia and twodns.
commit b5d2be5d9b51c463e8892db74afb2372123199ae
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri May 23 22:16:17 2014 +0200
installer: increase size of root partition.
commit 4680b4a38f2e67e64e00b0e59b979610fa44f4d5
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu May 22 23:54:43 2014 +0200
qemu: bump package version to force reinstall.
commit 42c439e45d76ca42048f8cf46bf3ec9a7c7b0ad9
Merge: 85ce9e1 fded6fa
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu May 22 23:53:24 2014 +0200
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit 85ce9e1b971d21f44a185de4800b187d4a05ec6c
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu May 22 23:52:46 2014 +0200
kernel: update intel vendor modules.
commit fded6faa72d581114e25ddb17bcc607625736fdc
Merge: 9d707db c0e0848
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu May 22 23:11:43 2014 +0200
Merge remote-tracking branch 'ms/firewall-block-green' into next
commit 9d707db06eef14a519ed1e5091a6d12f50b452d4
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu May 22 21:21:53 2014 +0200
xen-image-maker: fix linux-pae metafile create.
commit e52d2c3bb529d70ac17567a1b795f4a51a9b1467
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu May 22 20:56:10 2014 +0200
xen-image-maker: fix variable in README file.
commit 61cf8114ea71d62fe953cd4a9d97e8a8ca8fbf30
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu May 22 18:40:13 2014 +0200
xen-image-maker: add support vor XenCenter xva image output.
commit 3c4c5466ce687de0d33e6dab9cfff4f8f2e6c96a
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu May 22 08:11:11 2014 +0200
xen-image-maker: default fs to ext3.
many xen server still not support ext4.
commit 51fe9ff8e369bb123d81fe51bef6e9a7da026aa2
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu May 22 08:08:56 2014 +0200
xen-image-maker: remove legacy xen kernel.
commit d2dcd8b2e28face37be18ced3c2f22624e7e567a
Merge: 30b1c1c 3e82862
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed May 21 22:47:13 2014 +0200
Merge remote-tracking branch 'origin/master' into next
commit c0e0848f999ed8944ae551047fdea32bfee88d03
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue May 20 11:41:23 2014 +0200
firewall: Allow blocking access to GREEN from GREEN.
commit 8e59a6022bf7cb225c3509be2964833cce0e630c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue May 20 11:27:24 2014 +0200
firewall: Rename GUIINPUT chain to ICMPINPUT.
The name of the chain does not really explain what it does.
commit 763190af8e3272a1edd582e1e1736bfc8c0c1baa
Merge: 30b1c1c 33df321
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue May 20 11:25:48 2014 +0200
Merge remote-tracking branch 'origin/master' into next
commit 30b1c1c72855e469034d9f7a6d4410367fa3069c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun May 18 13:35:02 2014 +0200
Re-add missing language string "DNS Servers".
commit 4be45949e9629cc141401957e291e1e5206adb39
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Sat May 17 21:59:45 2014 +0200
openvpn: Changed directioning and added additional generation for ta.key.
Deleted the direction parameter 0 and 1 in ta.key directive for
compatibility purposes.
Added the ta.key generation also in PKI build process.
Replaced the ta.key to /certs instead of /ca and adapted the
apropriate paths.
commit 53ce51761fb21c630ce547660cc0b2778835d210
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Sat May 17 21:48:50 2014 +0200
openvpn: Drop unused code from cgi file.
Deleted the following unused functions:
* checkportfw
* checkportoverlap
* checkportinc
* disallowreserved
commit 754066e6c3c6c1185fc25f8ae25b5e90c6e11f99
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Sat May 17 21:32:55 2014 +0200
openvpn: Deleted double entries for TLSAUTH and DAUTH.
Also drop remaining if clauses for Engines.
commit e3b5a052ecd0eb5c53f669c5218f360b016fe128
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat May 17 15:32:56 2014 +0200
core78: Update filelist.
commit 53ac77f61004852ad7a593e0a4441619aaecd300
Merge: ace810a 5a9f406
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat May 17 15:27:53 2014 +0200
Merge remote-tracking branch 'stevee/ddns-providers' into next
commit ace810a3f85f58a59c4ca430b61d052817e7362c
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri May 16 22:07:14 2014 +0200
snort: Update url's for rule download.
commit cf6abf539ed973c6bb053293cafeee01e60ac0d1
Merge: 0805688 edb7235
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat May 17 15:18:52 2014 +0200
Merge remote-tracking branch 'alpha197/patch-1' into next
commit 080568824d60c86189a49d272a390f81c86a0eba
Merge: 0f7ee3e 1a200cf
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat May 17 15:18:43 2014 +0200
Merge remote-tracking branch 'origin/master' into next
commit 0f7ee3ea4e63a646ae5d02207530493016240f43
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri May 16 17:12:43 2014 +0200
sslscan: New package.
commit 5a9f40613eea53a15e3cf6dc6348114329871ac3
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu May 15 18:47:13 2014 +0200
setddns.pl: Switch off debuging output.
Switch off accidently enabled debugging output from commit
dc98645fd42873dfeda01188243565e2f977f4a9
commit 1638682beb691a4bf40f4db155c109d9a34536a4
Author: Alf Høgemark <alf(a)i100.no>
Date: Wed May 14 21:56:42 2014 +0200
cgi-bin: Add title attribute to input type image where missing
Almost all of <input type="image"... has both an alt and a
title attribute, but some are missing title, and when the icon
is not very clear, it makes it harder to understand what the icon
does. By adding title, the browser displays text when mouse pointer
is over the icon.
Also add missing quotes for alt and title attributes where needed.
commit a9fb14d0513d71accacfded36f46e471cb3a88d6
Author: Alf Høgemark <alf(a)i100.no>
Date: Tue Feb 18 17:48:57 2014 +0000
cgi-bin: Use readonly="readonly" attribute on html input elements
The proper way to mark readonly is to use readonly="readonly", not
readonly="true", like it was done some places.
commit 040b8b0c5ed052025d9c35e26eb7092510deb25c
Author: Alf Høgemark <alf(a)i100.no>
Date: Wed May 14 21:54:27 2014 +0200
ovpnmain.cgi: Use language string keys already defined
commit bc2b3e9483f37ec497b3460faf0208cfb87cdfc5
Author: Alf Høgemark <alf(a)i100.no>
Date: Wed May 14 21:51:50 2014 +0200
vpnmain.cgi: htmlcleanup, change html tags from uppercase to lowercase
commit d9fe569366e9dca7f833b53a212ea2ef4311d45f
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Fri Jan 31 21:23:21 2014 +0100
openvpn: Wrong subnet calculation bug fix.
Fixes #10466.
commit ed4b4c19b9e47229ead960bd43bcc9cd6a01413a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jan 12 15:40:50 2014 +0100
Re-apply: OpenVPN: Fix daemon stuck in WAIT state.
When the client is in the WAIT state, it is usally connected
to the server.
Conflicts:
html/cgi-bin/index.cgi
html/cgi-bin/ovpnmain.cgi
commit 7e8d00649625a1f8f77e086d402e02b2ab2dce79
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 14 21:32:04 2014 +0200
core78: Add updated theme functions.pl.
commit 6fde3230a88f633ec6358959626ca90c1ae3e1a3
Merge: a50dadc 6e8089a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 14 21:30:50 2014 +0200
Merge branch 'master' into next
commit a50dadc229a4ad34be60e9fa24cf20c33e9d96c2
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 14 21:28:45 2014 +0200
openvpn: Remove RC2 as a cipher option.
commit f527e53f54c8d908340e2102d983297392db1938
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Wed May 14 19:37:15 2014 +0200
ovpn_fixes: Fixed some typos and strcture.
Fixes #10462#c21.
Conflicts:
html/cgi-bin/ovpnmain.cgi
langs/de/cgi-bin/de.pl
langs/en/cgi-bin/en.pl
commit b7ca4506502a50776ddfb65b446ac73c85797cc3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 14 20:42:41 2014 +0200
core78: Add OpenVPN changes.
commit cf910b536ade7b4bc03267d0d04cb4ddda815d5f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 14 20:39:36 2014 +0200
daq: Update to version 2.0.2.
commit d3782f77ba9f3d4ead14cf22ac4ffe608e3114d7
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 14 20:33:33 2014 +0200
core78: Add all recently changes files and packages.
commit 28f44b83c32f72074bc75817698a2958119020bd
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 14 20:31:12 2014 +0200
core78: Don't remove the ipfire theme.
commit 172c1f72c4034419063589ab83fa95df5e48ef70
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 14 20:20:36 2014 +0200
ppp: Import some more patches from Fedora.
commit 0a511b76938a036a46446ca5cf35a47482c39382
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 14 20:02:55 2014 +0200
ppp: Try longer to connect via PPPoE (60 seconds).
commit f353972f3f84da9873f0512dc8810a20408fde2c
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed May 14 19:52:06 2014 +0200
Change update url for spDNS.de.
commit aab13a8d9d873c2ad83bb2454ca03d90bfecfd53
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed May 14 18:59:22 2014 +0200
backupiso: change to hybrid image.
commit 2308525f0c53c4665cbe604d6c524441b3442ac5
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed May 14 18:53:51 2014 +0200
start core78.
commit 1f99fc9845457b2d58d584adb47866a1eec8a7dc
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue May 13 20:36:58 2014 +0200
openvpn: Fix wrong default port number.
commit edb7235c38554f9a02a03cd1b58f027cae43cf8c
Author: alpha197 <alpha197(a)users.noreply.github.com>
Date: Tue May 13 19:00:04 2014 +0200
xen-image-maker: Fix wrong menu entry for pygrub
Should fix https://bugzilla.ipfire.org/show_bug.cgi?id=10499
commit 9cf34ad1ed74f88a139e620fff476e6ae0a9707f
Author: Bernhard Bitsch <bbitsch(a)ipfire.org>
Date: Mon May 12 19:50:50 2014 +0200
DDNS: Add support for spdns.de.
This commit adds support for the dynamic dns service provider spdns.de.
Fixes #10533.
commit dbe2a1cc36f78e1cf48150dc4e1756be1d04abce
Merge: d25b7c3 afe1107
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon May 12 19:30:02 2014 +0200
Merge remote-tracking branch 'stevee/snort-update' into next
commit d25b7c32bd420267d2604dfa34e6e3bfa7de9ed7
Merge: dd58c50 9eb6ff3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon May 12 13:49:12 2014 +0200
Merge remote-tracking branch 'glotzi/nut-update' into next
commit dd58c50c3e55749903369c2b3258de7cc307c8ce
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon May 12 13:21:24 2014 +0200
proxy.pac: Don't use proxy for direct domain access.
commit 7c1b7d3e226310403ddd40b4cd19d78f7db4d457
Author: Bernhard Bitsch <bbitsch(a)ipfire.org>
Date: Mon May 12 13:16:43 2014 +0200
proxy.pac: Only grant direct access for actual subnets.
Fixes #10324.
commit 27ecea56ce242adc0f3b471ed2868dc3ea246874
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri May 9 01:28:56 2014 +0200
squid: Update to 3.4.5.
commit c6d9cb76ab5a1ce0ac152765c929f61b68361d87
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon May 12 12:54:08 2014 +0200
openvpn: Update translation.
DH keys are actually called DH parameters.
commit b1ab4a4dd0cce83c838b9946f42d601776e9ca8a
Author: Stefan Ernst <sternst(a)ernx.de>
Date: Sun May 11 19:53:00 2014 +0200
DDNS: Add support for variomedia.de.
This commit adds support for the dynamic dns service provider variomedia.de.
Fixes #10485.
commit 02c542d173228b45bde7895d9ecd1e00b7129769
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Jan 29 15:31:23 2014 +0100
DDNS: Add support for twodns.de.
This commit adds support for the dynamic dns service provider twodns.de.
Fixes #10418.
commit afe1107dc978dfae14c576cc1d9dc80c9e09107e
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun May 11 19:26:32 2014 +0200
snort: Update to 2.9.6.1.
commit 661cd276b68c274ecfee7cdf3bd6c7204dc56572
Merge: b2e7544 49abe7a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun May 11 18:47:11 2014 +0200
Merge remote-tracking branch 'ummeegge/openvpn' into next
Conflicts:
html/cgi-bin/ovpnmain.cgi
langs/de/cgi-bin/de.pl
langs/en/cgi-bin/en.pl
commit b2e75449a98f19e47b8aaf7623a6299749b21de6
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun May 11 18:34:34 2014 +0200
Revert "OpenVPN:Add HMAC, cipher 'n2n' and DH key selection. Fixes and new design."
This reverts commit c2b5d12b3453c55afce7ef84451a65e130b0d80f.
Conflicts:
langs/de/cgi-bin/de.pl
langs/en/cgi-bin/en.pl
commit b9e1738442dc5087ebdaaec659a0f4c21b021081
Merge: 03d0b8c 6d49c4a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun May 11 18:27:50 2014 +0200
Merge remote-tracking branch 'ummeegge/OpenVPN' into next
commit 6d49c4a6318512f12cd06da7727d7000f2071030
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Sun May 11 09:28:53 2014 +0200
OpenVPN: Update to version 2.3.4
commit 49abe7afb1868315b96643afe08c12fa1b339e3a
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Sun May 11 09:24:04 2014 +0200
OpenVPN:Add HMAC, cipher 'n2n' and DH key selection. Fixes and new design.
Added HMAC algorithm selection menu for N2N and RW.
Added cipher selection menu for N2N connections.
Added DH key selection also for existing installations incl. DH key upload possibility.
Adjusted the ovpn main WUI design to IPSec WUI.
Extend key lenght for CA, cert and control channel with faktor 2.
Some code and typo cleanup.
Bugfixes for #10317, #10149, #10462, #10463
V.2 New changes:
Integrated changes in langs and ovpnmain.cgi until 20.03.2014 2.15-Beta3.
ovpn.cnf have now default bits of 2048 instead of 1024.
ovpn.cnf default_md works now with sha256 instead of md5.
Bugfix: By new installation the auth directive for RWs is faded out #10462 Comment 15.
Added error message if the crl should be displayed but no crl is present.
v.3 New changes #10462 Comment 20:
Updated to core version 77.
Deleted manual name award in DH key upload section, name will be given automatically now.
Added sha512WithRSAEncryption instead of sha1WithRSAEncryption for "Root Certificate".
Added tls-auth support for Roadwarriors.
Added crypto engine support for N2N and Roadwarriors.
commit 6e8089a94f5cb8b9baafa1afd8dc01d3baa9fd6d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat May 10 14:25:36 2014 +0200
theme: Fix spacing of version string in footer.
commit 03d0b8c7e8486fca41674ddac51543edad300f4d
Merge: c80303c a257ce6
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri May 9 01:31:43 2014 +0200
Merge branch 'master' into next
Conflicts:
doc/language_issues.nl
doc/language_issues.tr
commit 9eb6ff30db048dfeff384b53acc18e58b6363788
Author: Dirk Wagner <dirk.wagner(a)ipfire.org>
Date: Thu May 8 21:22:22 2014 +0200
nut addon: increased package version.
commit 3fe41c0159c9ad1474f4a174212b97f95972bf82
Author: Dirk Wagner <dirk.wagner(a)ipfire.org>
Date: Wed May 7 21:37:51 2014 +0200
nut addon: Update to 2.7.2
commit c80303cd452f8d6b41a4039e357d30b0ece19843
Merge: 1d3c374 c5e3d52
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Apr 21 14:02:17 2014 +0200
Merge remote-tracking branch 'ms/modem-status' into next
Conflicts:
doc/language_issues.es
doc/language_issues.fr
doc/language_issues.nl
doc/language_issues.pl
doc/language_issues.ru
doc/language_issues.tr
doc/language_missings
commit c5e3d520e92aee074f1713f8ba98ee4296341ad3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Apr 16 01:26:28 2014 +0200
Add modem status page.
On this page, much useful information is displayed about
the hardware and the status of an LTE/3G or other kinds
of modems that respond to AT commands.
commit 1d3c37402c4684e682aabe904f443b93b6dc4310
Merge: b04a341 c2b5d12
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Apr 13 15:45:19 2014 +0200
Merge remote-tracking branch 'ummeegge/openvpn' into next
commit c2b5d12b3453c55afce7ef84451a65e130b0d80f
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Sun Apr 13 07:14:25 2014 +0200
OpenVPN:Add HMAC, cipher 'n2n' and DH key selection. Fixes and new design.
Added HMAC algorithm selection menu for N2N and RW.
Added cipher selection menu for N2N connections.
Added DH key selection also for existing installations incl. DH key upload possibility.
Adjusted the ovpn main WUI design to IPSec WUI.
Extend key lenght for CA, cert and control channel with faktor 2.
Some code and typo cleanup.
Bugfixes for #10317, #10149, #10462, #10463
V.2 New changes:
Integrated changes in langs and ovpnmain.cgi until 20.03.2014 2.15-Beta3.
ovpn.cnf have now default bits of 2048 instead of 1024.
ovpn.cnf default_md works now with sha256 instead of md5.
Bugfix: By new installation the auth directive for RWs is faded out #10462 Comment 15.
Added error message if the crl should be displayed but no crl is present.
commit b04a34188c8456a81c8fef0064014b8aeb584ee4
Merge: ae6ae33 21674d3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Apr 11 15:18:50 2014 +0200
Merge branch 'master' into next
Conflicts:
doc/language_issues.tr
commit ae6ae33f847ea063331b8ce205148334925385fd
Merge: 8089b78 41dfa08
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Mar 30 00:21:33 2014 +0100
Merge branch 'beyond-next' into next
commit 41dfa08d2a9be671a48d4e0cd33f1e89541ae0d8
Merge: 5240f73 93b36c3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Mar 26 23:43:04 2014 +0100
Merge branch 'ppp-update' into beyond-next
commit 5240f73d9c73c30ea92fab982d31ca986fb86e2e
Merge: 4c7bfb1 513c321
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Mar 26 23:42:57 2014 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into beyond-next
commit 93b36c3e229a1d7b57deebbb8749bcaa966aa46e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Mar 26 23:42:05 2014 +0100
ppp: Update to 2.4.6.
commit 4c7bfb1f271bdd0de493772a15209e038344e57c
Merge: 6bd4bcd abfd82b
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Mar 21 14:48:22 2014 +0100
Merge remote-tracking branch 'stevee/squid-zph-qos' into beyond-next
commit 6bd4bcdaa12cc7a3111d6a9c26ab6cd1124c618a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Mar 21 13:46:03 2014 +0100
squid: Update to 3.4.4.
commit fc84e6ec23f824f6a72935c0d274ac4fe948f0a0
Merge: 296a73a a5ecf5f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Mar 20 23:16:15 2014 +0100
Merge remote-tracking branch 'alfh/feature_vnstat_1.11' into beyond-next
commit 296a73a5326636a53c642dcd046b03fcff221835
Merge: dd29d56 fff2be2
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Mar 20 23:15:49 2014 +0100
Merge remote-tracking branch 'alfh/feature_firewalllogcountry' into beyond-next
Conflicts:
langs/de/cgi-bin/de.pl
commit dd29d563a603b0bc182af23efd5160caf75657c4
Merge: 2d6ac13 0d0df35
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Mar 20 23:14:13 2014 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into beyond-next
Conflicts:
doc/language_issues.es
doc/language_issues.fr
doc/language_issues.nl
doc/language_issues.pl
doc/language_issues.ru
doc/language_issues.tr
doc/language_missings
commit 2d6ac13175c0ffa0a5940d812fb45e91f5585264
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Mar 11 14:19:55 2014 +0100
Update translations.
commit 1202ee15395ebd7bfe85c328d46e33b21f97f5eb
Merge: 826c22d 4c96235
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Mar 11 14:19:14 2014 +0100
Merge remote-tracking branch 'ummeegge/openvpn' into beyond-next
commit fff2be22a4f97ff5b0479b1f261e783b2737ee92
Author: Alf Høgemark <alf(a)i100.no>
Date: Sat Mar 1 15:00:51 2014 +0100
firewalllogcountry.dat: Fix filename for piechart image
commit 06f320318f4bed98f57bb7dd8b00f538dc24ecbf
Author: Alf Høgemark <alf(a)i100.no>
Date: Sat Feb 22 17:31:44 2014 +0100
firewalllogcountry.dat: Simplify code for table background color
commit fde47f5aef2aa779350cec85b5c19327fa36b938
Author: Alf Høgemark <alf(a)i100.no>
Date: Sat Feb 22 08:03:59 2014 +0100
firewalllogcountry.dat: Show green0,blue0, and orange0 as countries
It makes sense to see how many fire wall logs entries are dropped
from the interfaces green0, blue0, and orange0, so this is
displayed as a country. The showrequestfromcountry.dat also
supports filtering based on the interface.
commit c438fb070e42080e86da5de68f0a6700960ef2d2
Author: Alf Høgemark <alf(a)i100.no>
Date: Mon Feb 17 20:13:53 2014 +0100
en.pl: Trivial sorting of a key
commit bde7a7d296b2d0ab165687d9c46dcf67caf955a1
Author: Alf Høgemark <alf(a)i100.no>
Date: Mon Feb 17 20:05:00 2014 +0100
showrequestfromcountry.dat: Use language string, and fix links
Define language key for input field.
Fix links for older and newer links.
Indentation fixes.
The code is a copy from showrequestfromip.dat, ideally
we should have merged all three showrequestfrom*.dat files
into one file, but I do not do that now, because it would
really require a rewrite of most of the logic, and I understand
that one does not want to do such changes in 2.x.
commit f424897557ee41cd235ae293820a558c98e9caf2
Author: Alf Høgemark <alf(a)i100.no>
Date: Sun Feb 16 07:18:41 2014 +0100
firewalllogcountry.dat: Use language strings and add to menu
Add some language strings for the new firewalllogport.dat, and
include html fixes done in firewalllogip.dat, which this file
is based on.
Also try to add the menu item to the sub menu, but that is
currently not working.
commit e4aac473708d259a77830d5f4c2c95f436d3df54
Author: Alf Høgemark <alf(a)i100.no>
Date: Wed Feb 12 18:09:53 2014 +0100
logs.cgi: Add files for showing firewall blocks by country
Add similair functionality as firewalllogip.dat and
firewalllogport.dat, by listing the number of blocks
per country, and provide a details link to show only
the blocked ip addresses from the country.
This is a preliminary prototype.
commit a5ecf5f031b1d3f08ac7adebfc38f96860139b9c
Author: Alf Høgemark <alf(a)i100.no>
Date: Sat Mar 1 14:51:17 2014 +0100
vnstat: Update to 1.11
Update vnstat to version 1.11, which also contains
the vnstati binary, for making graphs.
Remove the separate vnstati package.
This commit does not contain anything for doing
backups before upgrading, since I do not know
how that works.
The source for vnstat-1.11 has been downloaded from :
http://humdi.net/vnstat/vnstat-1.11.tar.gz
The changelog for vnstat-11 is here :
http://humdi.net/vnstat/CHANGES
commit 4c962356a0bf2ecc935ea08e19f273b3e9cc7c2d
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Thu Feb 27 10:01:57 2014 +0100
OpenVPN: Added auth and cipher menu, changed design, fixed bugs.
Added --auth directive with a flip menu for N2N and RW.
Added cipher menu for N2N.
Added new cipher and digest algorithm.
Adapted OpenVPN WUI design to IPSec design.
Changed key lenght for certificates with factor 2.
Added DH menu to WUI, with DH upload possibility and separated DH generation possibility.
Several Bugfixes, reference can be found under Bug #10463.
Also Fixes for #10317 and #10149.
commit abfd82b15e479ccfc351328ca0e86fc646f0eac5
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Jan 22 20:29:26 2014 +0100
Squid: Enable support for zph-qos.
Fixes #10087.
-----------------------------------------------------------------------
Summary of changes:
config/cfgroot/header.pl | 4 +
config/cfgroot/modem-lib.pl | 276 ++++
config/firewall/firewall-policy | 3 +
config/kernel/kernel.config.i586-ipfire-pae | 6 +-
config/menu/20-status.menu | 5 +
config/menu/70-log.menu | 5 +
config/ovpn/openssl/ovpn.cnf | 92 +-
config/ovpn/settings | 2 +-
config/rootfiles/common/apache2 | 1 +
config/rootfiles/common/configroot | 1 +
config/rootfiles/common/daq | 2 +-
config/rootfiles/common/i586/syslinux | 2 +-
config/rootfiles/common/perl-Device-Modem | 18 +
config/rootfiles/common/perl-Device-SerialPort | 10 +
config/rootfiles/common/ppp | 26 +-
config/rootfiles/common/snort | 4 +-
config/rootfiles/common/squid | 6 +-
config/rootfiles/common/vnstat | 5 +
config/rootfiles/common/vnstati | 2 -
config/rootfiles/core/{77 => 78}/exclude | 0
.../{77 => 78}/filelists/armv5tel/linux-kirkwood | 0
.../core/{77 => 78}/filelists/armv5tel/linux-multi | 0
.../core/{77 => 78}/filelists/armv5tel/linux-rpi | 0
.../{oldcore/44 => core/78}/filelists/daq | 0
config/rootfiles/core/78/filelists/files | 17 +
.../rootfiles/core/{77 => 78}/filelists/i586/grub | 0
.../rootfiles/core/{77 => 78}/filelists/i586/linux | 0
config/rootfiles/core/78/filelists/i586/syslinux | 1 +
config/rootfiles/core/{77 => 78}/filelists/openvpn | 0
.../{oldcore/39 => core/78}/filelists/ppp | 0
.../{oldcore/28 => core/78}/filelists/snort | 0
.../{oldcore/32 => core/78}/filelists/squid | 0
config/rootfiles/core/78/filelists/vnstat | 1 +
config/rootfiles/core/{77 => 78}/meta | 0
config/rootfiles/{oldcore/70 => core/78}/update.sh | 96 +-
config/rootfiles/packages/nut | 31 +-
config/rootfiles/packages/sslscan | 2 +
config/xen-image/README | 4 +
config/xen-image/ipfire.cfg | 8 +-
config/xen-image/xen-image-maker.sh | 70 +-
doc/language_issues.de | 15 +-
doc/language_issues.en | 18 +-
doc/language_issues.es | 47 +-
doc/language_issues.fr | 47 +-
doc/language_issues.nl | 47 +-
doc/language_issues.pl | 47 +-
doc/language_issues.ru | 47 +-
doc/language_issues.tr | 47 +-
doc/language_missings | 185 ++-
html/cgi-bin/ddns.cgi | 6 +
html/cgi-bin/ids.cgi | 4 +-
.../{firewalllogip.dat => firewalllogcountry.dat} | 88 +-
...equestfromip.dat => showrequestfromcountry.dat} | 181 +--
html/cgi-bin/modem-status.cgi | 211 +++
html/cgi-bin/ovpnmain.cgi | 1387 ++++++++++++--------
html/cgi-bin/pppsetup.cgi | 29 +
html/cgi-bin/proxy.cgi | 20 +-
html/html/themes/ipfire/include/functions.pl | 2 +-
langs/de/cgi-bin/de.pl | 70 +-
langs/en/cgi-bin/en.pl | 67 +-
lfs/configroot | 1 +
lfs/daq | 4 +-
lfs/e1000e | 4 +-
lfs/igb | 4 +-
lfs/nut | 6 +-
lfs/openvpn | 10 +-
lfs/{GD-Graph => perl-Device-Modem} | 8 +-
lfs/{GD-Graph => perl-Device-SerialPort} | 8 +-
lfs/ppp | 18 +-
lfs/qemu | 2 +-
lfs/snort | 30 +-
lfs/squid | 8 +-
lfs/{ipvsadm => sslscan} | 16 +-
lfs/vnstat | 6 +-
lfs/vnstati | 79 --
make.sh | 8 +-
src/initscripts/init.d/firewall | 13 +-
src/initscripts/init.d/nut | 2 +-
src/install+setup/install/main.c | 8 +-
...tilize-compiler-flags-handed-to-us-by-rpm.patch | 121 ++
...pd-we-don-t-want-to-accidentally-leak-fds.patch | 143 ++
.../ppp/0013-everywhere-O_CLOEXEC-harder.patch | 241 ++++
...ere-use-SOCK_CLOEXEC-when-creating-socket.patch | 174 +++
.../ppp/ppp-2.4.6-increase-max-padi-attempts.patch | 13 +
src/scripts/backupiso | 1 +
src/scripts/setddns.pl | 106 +-
86 files changed, 3260 insertions(+), 1039 deletions(-)
create mode 100644 config/cfgroot/modem-lib.pl
create mode 100644 config/rootfiles/common/perl-Device-Modem
create mode 100644 config/rootfiles/common/perl-Device-SerialPort
delete mode 100644 config/rootfiles/common/vnstati
copy config/rootfiles/core/{77 => 78}/exclude (100%)
copy config/rootfiles/core/{77 => 78}/filelists/armv5tel/linux-kirkwood (100%)
copy config/rootfiles/core/{77 => 78}/filelists/armv5tel/linux-multi (100%)
copy config/rootfiles/core/{77 => 78}/filelists/armv5tel/linux-rpi (100%)
copy config/rootfiles/{oldcore/44 => core/78}/filelists/daq (100%)
create mode 100644 config/rootfiles/core/78/filelists/files
copy config/rootfiles/core/{77 => 78}/filelists/i586/grub (100%)
copy config/rootfiles/core/{77 => 78}/filelists/i586/linux (100%)
create mode 120000 config/rootfiles/core/78/filelists/i586/syslinux
copy config/rootfiles/core/{77 => 78}/filelists/openvpn (100%)
copy config/rootfiles/{oldcore/39 => core/78}/filelists/ppp (100%)
copy config/rootfiles/{oldcore/28 => core/78}/filelists/snort (100%)
copy config/rootfiles/{oldcore/32 => core/78}/filelists/squid (100%)
create mode 120000 config/rootfiles/core/78/filelists/vnstat
copy config/rootfiles/core/{77 => 78}/meta (100%)
copy config/rootfiles/{oldcore/70 => core/78}/update.sh (81%)
create mode 100644 config/rootfiles/packages/sslscan
copy html/cgi-bin/logs.cgi/{firewalllogip.dat => firewalllogcountry.dat} (85%)
copy html/cgi-bin/logs.cgi/{showrequestfromip.dat => showrequestfromcountry.dat} (69%)
create mode 100755 html/cgi-bin/modem-status.cgi
copy lfs/{GD-Graph => perl-Device-Modem} (94%)
copy lfs/{GD-Graph => perl-Device-SerialPort} (94%)
copy lfs/{ipvsadm => sslscan} (90%)
delete mode 100644 lfs/vnstati
create mode 100644 src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
create mode 100644 src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch
create mode 100644 src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
create mode 100644 src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
create mode 100644 src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
Difference in files:
diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl
index 39472a8..bbb7e21 100644
--- a/config/cfgroot/header.pl
+++ b/config/cfgroot/header.pl
@@ -153,6 +153,10 @@ sub genmenu {
if (&General::RedIsWireless()) {
$menu->{'01.system'}{'subMenu'}->{'21.wlan'}{'enabled'} = 1;
}
+
+ if ($ethsettings{'RED_TYPE'} eq "PPPOE") {
+ $menu->{'02.status'}{'subMenu'}->{'74.modem-status'}{'enabled'} = 1;
+ }
}
sub showhttpheaders
diff --git a/config/cfgroot/modem-lib.pl b/config/cfgroot/modem-lib.pl
new file mode 100644
index 0000000..51b6d68
--- /dev/null
+++ b/config/cfgroot/modem-lib.pl
@@ -0,0 +1,276 @@
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2014 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use Device::Modem;
+
+package Modem;
+
+sub new() {
+ my $class = shift;
+
+ my $port = shift;
+ my $baud = shift;
+
+ my $self = {};
+ bless $self, $class;
+
+ # Initialize the connetion to the modem.
+ $self->_initialize($port, $baud);
+
+ if ($self->_is_working()) {
+ return $self;
+ }
+
+ return undef;
+}
+
+sub DESTROY() {
+ my $self = shift;
+
+ # Close connection to modem.
+ if ($self->{modem}) {
+ $self->{modem}->close();
+ }
+}
+
+sub _initialize() {
+ my ($self, $port, $baud) = @_;
+
+ # Establish connection to the modem.
+ $self->{modem} = new Device::Modem(port => $port);
+ $self->{modem}->connect(baudrate => $baud);
+}
+
+sub _is_working() {
+ my $self = shift;
+
+ # Check if the modem responds to AT commands.
+ $self->{modem}->atsend("AT\r\n");
+
+ my $response = $self->{modem}->answer();
+ return ($response eq "OK");
+}
+
+sub _command() {
+ my $self = shift;
+ my $cmd = shift;
+
+ # Terminate the AT command with newline.
+ $cmd .= "\r\n";
+
+ $self->{modem}->atsend($cmd);
+
+ my $response = $self->{modem}->answer();
+ my @response = split(/\n/, $response);
+
+ # Trim leading and trailing spaces.
+ foreach my $line (@response) {
+ $line =~ s/^\s+|\s+$//g;
+ chomp($line);
+ }
+
+ my $last_element = pop(@response);
+ unless ($last_element eq "OK") {
+ push(@response, $last_element);
+ }
+
+ $response = join("\n", @response);
+
+ return $self->_trim($response);
+}
+
+sub _trim() {
+ my $self = shift;
+ my $input = shift;
+
+ my $first_char = substr($input, 0, 1);
+ if ($first_char eq "+") {
+ my @output = split(/:/, $input);
+ if ($#output == 1) {
+ return $output[1];
+ }
+ }
+
+ return $input;
+}
+
+sub get_vendor() {
+ my $self = shift;
+
+ return $self->_command("AT+GMI");
+}
+
+sub get_model() {
+ my $self = shift;
+
+ return $self->_command("AT+GMM");
+}
+
+sub get_software_version() {
+ my $self = shift;
+
+ return $self->_command("AT+GMR");
+}
+
+sub get_imei() {
+ my $self = shift;
+
+ return $self->_command("AT+GSN");
+}
+
+sub get_capabilities() {
+ my $self = shift;
+
+ my $output = $self->_command("AT+GCAP");
+ return split(/,/, $output);
+}
+
+sub is_sim_unlocked() {
+ my $self = shift;
+
+ # TODO
+ return 1;
+}
+
+sub get_sim_imsi() {
+ my $self = shift;
+
+ if ($self->is_sim_unlocked()) {
+ return $self->_command("AT+CIMI");
+ }
+}
+
+sub get_network_registration() {
+ my $self = shift;
+
+ my @elements;
+ foreach my $i ([0, 1]) {
+ my $output = $self->_command("AT+CREG?");
+
+ @elements = split(/,/, $output);
+ if ($#elements != 2) {
+ # Output in wrong format. Resetting.
+ $self->_command("AT+CREG=0");
+ }
+ }
+
+ if ($elements[0] == 0) {
+ if ($elements[1] == 0) {
+ return "NOT REGISTERED, NOT SEARCHING";
+ } elsif ($elements[1] == 1) {
+ return "REGISTERED TO HOME NETWORK";
+ } elsif ($elements[1] == 2) {
+ return "NOT REGISTERED, SEARCHING";
+ } elsif ($elements[1] == 3) {
+ return "REGISTRATION DENIED";
+ } elsif ($elements[1] == 5) {
+ return "REGISTERED, ROAMING";
+ } else {
+ return "UNKNOWN";
+ }
+ }
+}
+
+sub _get_network_operator() {
+ my $self = shift;
+
+ my $output = $self->_command("AT+COPS?");
+ $output =~ s/\"//g;
+
+ my @elements = split(/,/, $output);
+ if ($#elements == 3) {
+ return @elements;
+ }
+}
+
+sub get_network_operator() {
+ my $self = shift;
+
+ my ($mode, $format, $operator, $act) = $self->_get_network_operator();
+
+ return $operator;
+}
+
+sub get_network_mode() {
+ my $self = shift;
+
+ my ($mode, $format, $operator, $act) = $self->_get_network_operator();
+
+ if ($act == 0) {
+ return "GSM";
+ } elsif ($act == 1) {
+ return "Compact GSM";
+ } elsif ($act == 2) {
+ return "UMTS";
+ } elsif ($act == 3) {
+ return "GSM WITH EGPRS";
+ } elsif ($act == 4) {
+ return "UMTS WITH HSDPA";
+ } elsif ($act == 5) {
+ return "UMTS WITH HSUPA";
+ } elsif ($act == 6) {
+ return "UMTS WITH HSDPA+HSUPA";
+ } elsif ($act == 7) {
+ return "LTE";
+ } else {
+ return "UNKNOWN ($act)";
+ }
+}
+
+sub _get_signal_quality() {
+ my $self = shift;
+
+ my $output = $self->_command("AT+CSQ");
+
+ my @elements = split(/,/, $output);
+ if ($#elements == 1) {
+ return @elements;
+ }
+}
+
+sub get_signal_quality() {
+ my $self = shift;
+
+ my ($rssi, $ber) = $self->_get_signal_quality();
+
+ # 99 equals unknown.
+ unless ($rssi == 99) {
+ my $dbm = ($rssi * 2) - 113;
+ return $dbm;
+ }
+
+ return undef;
+}
+
+sub get_bit_error_rate() {
+ my $self = shift;
+
+ my ($rssi, $ber) = $self->_get_signal_quality();
+
+ # 99 indicates unknown.
+ unless ($ber == 99) {
+ return $ber;
+ }
+
+ return undef;
+}
+
+1;
diff --git a/config/firewall/firewall-policy b/config/firewall/firewall-policy
index 96b9b2f..4ba1ace 100755
--- a/config/firewall/firewall-policy
+++ b/config/firewall/firewall-policy
@@ -57,6 +57,9 @@ HAVE_OPENVPN="true"
# INPUT
+# Allow access from GREEN
+iptables -A POLICYIN -i "${GREEN_DEV}" -j ACCEPT
+
# IPsec INPUT
case "${HAVE_IPSEC},${POLICY}" in
true,MODE1) ;;
diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kernel.config.i586-ipfire-pae
index 775ed0e..4f71362 100644
--- a/config/kernel/kernel.config.i586-ipfire-pae
+++ b/config/kernel/kernel.config.i586-ipfire-pae
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.10.39-ipfire Kernel Configuration
+# Linux/x86 3.10.40-ipfire Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -55,9 +55,9 @@ CONFIG_HAVE_KERNEL_LZMA=y
CONFIG_HAVE_KERNEL_XZ=y
CONFIG_HAVE_KERNEL_LZO=y
# CONFIG_KERNEL_GZIP is not set
-CONFIG_KERNEL_BZIP2=y
+# CONFIG_KERNEL_BZIP2 is not set
# CONFIG_KERNEL_LZMA is not set
-# CONFIG_KERNEL_XZ is not set
+CONFIG_KERNEL_XZ=y
# CONFIG_KERNEL_LZO is not set
CONFIG_DEFAULT_HOSTNAME="(none)"
CONFIG_SWAP=y
diff --git a/config/menu/20-status.menu b/config/menu/20-status.menu
index 8899310..b159ed6 100644
--- a/config/menu/20-status.menu
+++ b/config/menu/20-status.menu
@@ -70,6 +70,11 @@
'title' => "$Lang::tr{'qos graphs'}",
'enabled' => 1,
};
+ $substatus->{'74.modem-status'} = {'caption' => $Lang::tr{'modem status'},
+ 'uri' => '/cgi-bin/modem-status.cgi',
+ 'title' => $Lang::tr{'modem status'},
+ 'enabled' => 0,
+ };
$substatus->{'75.atm-status'} = {'caption' => 'Atm-status',
'uri' => '/cgi-bin/atm-status.cgi',
'title' => 'Atm-status',
diff --git a/config/menu/70-log.menu b/config/menu/70-log.menu
index 25ba090..08973de 100644
--- a/config/menu/70-log.menu
+++ b/config/menu/70-log.menu
@@ -33,6 +33,11 @@
'title' => "$Lang::tr{'firewall logs port'}",
'enabled' => 1
};
+ $sublogs->{'43.firewallcountry'} = {'caption' => $Lang::tr{'firewall logs country'},
+ 'uri' => '/cgi-bin/logs.cgi/firewalllogcountry.dat',
+ 'title' => "$Lang::tr{'firewall logs country'}",
+ 'enabled' => 1
+ };
$sublogs->{'50.ids'} = {'caption' => $Lang::tr{'ids logs'},
'uri' => '/cgi-bin/logs.cgi/ids.dat',
'title' => "$Lang::tr{'ids logs'}",
diff --git a/config/ovpn/openssl/ovpn.cnf b/config/ovpn/openssl/ovpn.cnf
index d82c04b..ab026c1 100644
--- a/config/ovpn/openssl/ovpn.cnf
+++ b/config/ovpn/openssl/ovpn.cnf
@@ -1,46 +1,46 @@
-HOME = .
-RANDFILE = /var/ipfire/ovpn/ca/.rnd
-oid_section = new_oids
+HOME = .
+RANDFILE = /var/ipfire/ovpn/ca/.rnd
+oid_section = new_oids
[ new_oids ]
[ ca ]
-default_ca = openvpn
+default_ca = openvpn
[ openvpn ]
-dir = /var/ipfire/ovpn
-certs = $dir/certs
-crl_dir = $dir/crl
-database = $dir/certs/index.txt
-new_certs_dir = $dir/certs
-certificate = $dir/ca/cacert.pem
-serial = $dir/certs/serial
-crl = $dir/crl.pem
-private_key = $dir/ca/cakey.pem
-RANDFILE = $dir/ca/.rand
-x509_extensions = usr_cert
-default_days = 999999
-default_crl_days= 30
-default_md = md5
-preserve = no
-policy = policy_match
-email_in_dn = no
+dir = /var/ipfire/ovpn
+certs = $dir/certs
+crl_dir = $dir/crl
+database = $dir/certs/index.txt
+new_certs_dir = $dir/certs
+certificate = $dir/ca/cacert.pem
+serial = $dir/certs/serial
+crl = $dir/crl.pem
+private_key = $dir/ca/cakey.pem
+RANDFILE = $dir/ca/.rand
+x509_extensions = usr_cert
+default_days = 999999
+default_crl_days = 30
+default_md = sha256
+preserve = no
+policy = policy_match
+email_in_dn = no
[ policy_match ]
-countryName = optional
-stateOrProvinceName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
+countryName = optional
+stateOrProvinceName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca
-string_mask = nombstr
+default_bits = 2048
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca
+string_mask = nombstr
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
@@ -73,31 +73,31 @@ challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
-basicConstraints=CA:FALSE
+basicConstraints = CA:FALSE
nsComment = "OpenSSL Generated Certificate"
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
-basicConstraints=CA:FALSE
+basicConstraints = CA:FALSE
nsCertType = server
nsComment = "OpenSSL Generated Server Certificate"
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
[ v3_req ]
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-basicConstraints = CA:true
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = CA:true
[ crl_ext ]
-authorityKeyIdentifier=keyid:always,issuer:always
+authorityKeyIdentifier = keyid:always,issuer:always
[ engine ]
-default = openssl
+default = openssl
diff --git a/config/ovpn/settings b/config/ovpn/settings
index b78fc32..8fa37fe 100644
--- a/config/ovpn/settings
+++ b/config/ovpn/settings
@@ -1,6 +1,6 @@
ENABLED=off
ENABLED_BLUE=off
ENABLED_ORANGE=off
-DDEST_PORT=1149
+DDEST_PORT=1194
DPROTOCOL=udp
VPN_IP=
diff --git a/config/rootfiles/common/apache2 b/config/rootfiles/common/apache2
index 2dd14cc..474e7a7 100644
--- a/config/rootfiles/common/apache2
+++ b/config/rootfiles/common/apache2
@@ -1415,6 +1415,7 @@ srv/web/ipfire/cgi-bin/mac.cgi
srv/web/ipfire/cgi-bin/media.cgi
srv/web/ipfire/cgi-bin/memory.cgi
srv/web/ipfire/cgi-bin/modem.cgi
+srv/web/ipfire/cgi-bin/modem-status.cgi
srv/web/ipfire/cgi-bin/netexternal.cgi
srv/web/ipfire/cgi-bin/netinternal.cgi
srv/web/ipfire/cgi-bin/netother.cgi
diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot
index b5de989..6afe6cd 100644
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -116,6 +116,7 @@ var/ipfire/menu.d/70-log.menu
var/ipfire/modem
#var/ipfire/modem/defaults
#var/ipfire/modem/settings
+var/ipfire/modem-lib.pl
var/ipfire/net-traffic
#var/ipfire/net-traffic/net-traffic-admin.pl
#var/ipfire/net-traffic/net-traffic-lib.pl
diff --git a/config/rootfiles/common/daq b/config/rootfiles/common/daq
index 4467545..b8a9fd4 100644
--- a/config/rootfiles/common/daq
+++ b/config/rootfiles/common/daq
@@ -21,7 +21,7 @@ usr/lib/daq
#usr/lib/libdaq.la
#usr/lib/libdaq.so
usr/lib/libdaq.so.2
-usr/lib/libdaq.so.2.0.1
+usr/lib/libdaq.so.2.0.2
#usr/lib/libdaq_static.a
#usr/lib/libdaq_static.la
#usr/lib/libdaq_static_modules.a
diff --git a/config/rootfiles/common/i586/syslinux b/config/rootfiles/common/i586/syslinux
index 0c43b88..89cf5c8 100644
--- a/config/rootfiles/common/i586/syslinux
+++ b/config/rootfiles/common/i586/syslinux
@@ -1,6 +1,6 @@
#sbin/extlinux
#usr/bin/gethostip
-#usr/bin/isohybrid
+usr/bin/isohybrid
#usr/bin/isohybrid.pl
#usr/bin/keytab-lilo
#usr/bin/lss16toppm
diff --git a/config/rootfiles/common/perl-Device-Modem b/config/rootfiles/common/perl-Device-Modem
new file mode 100644
index 0000000..9e8da1c
--- /dev/null
+++ b/config/rootfiles/common/perl-Device-Modem
@@ -0,0 +1,18 @@
+#usr/lib/perl5/site_perl/5.12.3/Device
+#usr/lib/perl5/site_perl/5.12.3/Device/Modem
+usr/lib/perl5/site_perl/5.12.3/Device/Modem.pm
+#usr/lib/perl5/site_perl/5.12.3/Device/Modem/FAQ.pod
+#usr/lib/perl5/site_perl/5.12.3/Device/Modem/Log
+usr/lib/perl5/site_perl/5.12.3/Device/Modem/Log/File.pm
+usr/lib/perl5/site_perl/5.12.3/Device/Modem/Log/Syslog.pm
+#usr/lib/perl5/site_perl/5.12.3/Device/Modem/Protocol
+usr/lib/perl5/site_perl/5.12.3/Device/Modem/Protocol/Xmodem.pm
+usr/lib/perl5/site_perl/5.12.3/Device/Modem/UsRobotics.pm
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Device/Modem
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Device/Modem/.packlist
+#usr/share/man/man3/Device::Modem.3
+#usr/share/man/man3/Device::Modem::FAQ.3
+#usr/share/man/man3/Device::Modem::Log::File.3
+#usr/share/man/man3/Device::Modem::Log::Syslog.3
+#usr/share/man/man3/Device::Modem::Protocol::Xmodem.3
+#usr/share/man/man3/Device::Modem::UsRobotics.3
diff --git a/config/rootfiles/common/perl-Device-SerialPort b/config/rootfiles/common/perl-Device-SerialPort
new file mode 100644
index 0000000..dccc425
--- /dev/null
+++ b/config/rootfiles/common/perl-Device-SerialPort
@@ -0,0 +1,10 @@
+#usr/bin/modemtest
+usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/Device
+usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/Device/SerialPort.pm
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Device
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Device/SerialPort
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Device/SerialPort/.packlist
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Device/SerialPort/SerialPort.bs
+usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Device/SerialPort/SerialPort.so
+#usr/share/man/man1/modemtest.1
+#usr/share/man/man3/Device::SerialPort.3
diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp
index 60e6f5b..709e0d0 100644
--- a/config/rootfiles/common/ppp
+++ b/config/rootfiles/common/ppp
@@ -14,8 +14,10 @@ etc/ppp/standardloginscript
#usr/include/pppd/chap_ms.h
#usr/include/pppd/eap.h
#usr/include/pppd/ecp.h
+#usr/include/pppd/eui64.h
#usr/include/pppd/fsm.h
#usr/include/pppd/ipcp.h
+#usr/include/pppd/ipv6cp.h
#usr/include/pppd/ipxcp.h
#usr/include/pppd/lcp.h
#usr/include/pppd/magic.h
@@ -31,18 +33,18 @@ etc/ppp/standardloginscript
#usr/include/pppd/tdb.h
#usr/include/pppd/upap.h
usr/lib/pppd
-usr/lib/pppd/2.4.5
-usr/lib/pppd/2.4.5/minconn.so
-usr/lib/pppd/2.4.5/openl2tp.so
-usr/lib/pppd/2.4.5/passprompt.so
-usr/lib/pppd/2.4.5/passwordfd.so
-usr/lib/pppd/2.4.5/pppoatm.so
-usr/lib/pppd/2.4.5/pppol2tp.so
-usr/lib/pppd/2.4.5/radattr.so
-usr/lib/pppd/2.4.5/radius.so
-usr/lib/pppd/2.4.5/radrealms.so
-usr/lib/pppd/2.4.5/rp-pppoe.so
-usr/lib/pppd/2.4.5/winbind.so
+usr/lib/pppd/2.4.6
+usr/lib/pppd/2.4.6/minconn.so
+usr/lib/pppd/2.4.6/openl2tp.so
+usr/lib/pppd/2.4.6/passprompt.so
+usr/lib/pppd/2.4.6/passwordfd.so
+usr/lib/pppd/2.4.6/pppoatm.so
+usr/lib/pppd/2.4.6/pppol2tp.so
+usr/lib/pppd/2.4.6/radattr.so
+usr/lib/pppd/2.4.6/radius.so
+usr/lib/pppd/2.4.6/radrealms.so
+usr/lib/pppd/2.4.6/rp-pppoe.so
+usr/lib/pppd/2.4.6/winbind.so
usr/sbin/chat
usr/sbin/pppd
usr/sbin/pppdump
diff --git a/config/rootfiles/common/snort b/config/rootfiles/common/snort
index e35838d..706c5f8 100644
--- a/config/rootfiles/common/snort
+++ b/config/rootfiles/common/snort
@@ -30,7 +30,6 @@ usr/bin/u2spewfoo
#usr/include/snort/dynamic_preproc/bitop.h
#usr/include/snort/dynamic_preproc/cpuclock.h
#usr/include/snort/dynamic_preproc/file_api.h
-#usr/include/snort/dynamic_preproc/file_lib.h
#usr/include/snort/dynamic_preproc/idle_processing.h
#usr/include/snort/dynamic_preproc/ipv6_port.h
#usr/include/snort/dynamic_preproc/mempool.h
@@ -180,11 +179,14 @@ usr/sbin/snort
#usr/share/doc/snort/README.dnp3
#usr/share/doc/snort/README.dns
#usr/share/doc/snort/README.event_queue
+#usr/share/doc/snort/README.file
+#usr/share/doc/snort/README.file_ips
#usr/share/doc/snort/README.filters
#usr/share/doc/snort/README.flowbits
#usr/share/doc/snort/README.frag3
#usr/share/doc/snort/README.ftptelnet
#usr/share/doc/snort/README.gre
+#usr/share/doc/snort/README.ha
#usr/share/doc/snort/README.http_inspect
#usr/share/doc/snort/README.imap
#usr/share/doc/snort/README.ipip
diff --git a/config/rootfiles/common/squid b/config/rootfiles/common/squid
index 9515dc3..76abbe8 100644
--- a/config/rootfiles/common/squid
+++ b/config/rootfiles/common/squid
@@ -34,7 +34,7 @@ usr/lib/squid/basic_smb_auth
usr/lib/squid/basic_smb_auth.sh
#usr/lib/squid/cachemgr.cgi
usr/lib/squid/cert_tool
-usr/lib/squid/digest_edirectory_auth
+usr/lib/squid/cert_valid.pl
usr/lib/squid/digest_file_auth
usr/lib/squid/digest_ldap_auth
usr/lib/squid/diskd
@@ -1374,6 +1374,7 @@ usr/lib/squid/errors/pl/error-details.txt
#usr/lib/squid/errors/pt-br/ERR_WRITE_ERROR
#usr/lib/squid/errors/pt-br/ERR_ZERO_SIZE_OBJECT
#usr/lib/squid/errors/pt-br/error-details.txt
+#usr/lib/squid/errors/pt-bz
#usr/lib/squid/errors/pt-pt
#usr/lib/squid/errors/pt/ERR_ACCESS_DENIED
#usr/lib/squid/errors/pt/ERR_ACL_TIME_QUOTA_EXCEEDED
@@ -2148,6 +2149,7 @@ usr/lib/squid/mib.txt
usr/lib/squid/negotiate_wrapper_auth
usr/lib/squid/ntlm_fake_auth
usr/lib/squid/ntlm_smb_lm_auth
+usr/lib/squid/storeid_file_rewrite
usr/lib/squid/unlinkd
usr/lib/squid/url_fake_rewrite
usr/lib/squid/url_fake_rewrite.sh
@@ -2173,6 +2175,7 @@ usr/sbin/updxlrator
#usr/share/man/man8/ext_wbinfo_group_acl.8
#usr/share/man/man8/log_db_daemon.8
#usr/share/man/man8/squid.8
+#usr/share/man/man8/storeid_file_rewrite.8
#var/cache/squid
var/ipfire/proxy/errorpage-ipfire.css
var/ipfire/proxy/errorpage-squid.css
@@ -2190,4 +2193,3 @@ var/log/cache
var/log/squid/access.log
var/log/updatexlrator
#var/logs
-#var/run/squid
diff --git a/config/rootfiles/common/vnstat b/config/rootfiles/common/vnstat
index 57c54db..faabf47 100644
--- a/config/rootfiles/common/vnstat
+++ b/config/rootfiles/common/vnstat
@@ -2,5 +2,10 @@
#etc/cron.d/vnstat
etc/vnstat.conf
usr/bin/vnstat
+usr/bin/vnstati
+#usr/sbin/vnstatd
+#usr/share/man/man5/vnstat.conf.5
+#usr/share/man/man1/vnstatd.1
+#usr/share/man/man1/vnstati.1
#usr/share/man/man1/vnstat.1
#var/lib/vnstat
diff --git a/config/rootfiles/common/vnstati b/config/rootfiles/common/vnstati
deleted file mode 100644
index a40fc8c..0000000
--- a/config/rootfiles/common/vnstati
+++ /dev/null
@@ -1,2 +0,0 @@
-usr/bin/vnstati
-#usr/share/man/man1/vnstati.1.gz
diff --git a/config/rootfiles/core/78/exclude b/config/rootfiles/core/78/exclude
new file mode 100644
index 0000000..18e9b4d
--- /dev/null
+++ b/config/rootfiles/core/78/exclude
@@ -0,0 +1,20 @@
+boot/config.txt
+etc/collectd.custom
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/ovpn
+var/log/cache
+var/state/dhcp/dhcpd.leases
+var/updatecache
diff --git a/config/rootfiles/core/78/filelists/armv5tel/linux-kirkwood b/config/rootfiles/core/78/filelists/armv5tel/linux-kirkwood
new file mode 120000
index 0000000..7217107
--- /dev/null
+++ b/config/rootfiles/core/78/filelists/armv5tel/linux-kirkwood
@@ -0,0 +1 @@
+../../../../common/armv5tel/linux-kirkwood
\ No newline at end of file
diff --git a/config/rootfiles/core/78/filelists/armv5tel/linux-multi b/config/rootfiles/core/78/filelists/armv5tel/linux-multi
new file mode 120000
index 0000000..204eb4c
--- /dev/null
+++ b/config/rootfiles/core/78/filelists/armv5tel/linux-multi
@@ -0,0 +1 @@
+../../../../common/armv5tel/linux-multi
\ No newline at end of file
diff --git a/config/rootfiles/core/78/filelists/armv5tel/linux-rpi b/config/rootfiles/core/78/filelists/armv5tel/linux-rpi
new file mode 120000
index 0000000..a651a49
--- /dev/null
+++ b/config/rootfiles/core/78/filelists/armv5tel/linux-rpi
@@ -0,0 +1 @@
+../../../../common/armv5tel/linux-rpi
\ No newline at end of file
diff --git a/config/rootfiles/core/78/filelists/daq b/config/rootfiles/core/78/filelists/daq
new file mode 120000
index 0000000..d0e0956
--- /dev/null
+++ b/config/rootfiles/core/78/filelists/daq
@@ -0,0 +1 @@
+../../../common/daq
\ No newline at end of file
diff --git a/config/rootfiles/core/78/filelists/files b/config/rootfiles/core/78/filelists/files
new file mode 100644
index 0000000..6b9f795
--- /dev/null
+++ b/config/rootfiles/core/78/filelists/files
@@ -0,0 +1,17 @@
+etc/system-release
+etc/issue
+etc/rc.d/init.d/sshd
+srv/web/ipfire/cgi-bin/ddns.cgi
+srv/web/ipfire/cgi-bin/ids.cgi
+srv/web/ipfire/cgi-bin/logs.cgi/firewalllogcountry.dat
+srv/web/ipfire/cgi-bin/logs.cgi/showrequestfromcountry.dat
+srv/web/ipfire/cgi-bin/modem-status.cgi
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
+srv/web/ipfire/cgi-bin/proxy.cgi
+srv/web/ipfire/html/themes/ipfire/include/functions.pl
+usr/local/bin/setddns.pl
+var/ipfire/langs
+var/ipfire/menu.d/20-status.menu
+var/ipfire/menu.d/70-log.menu
+var/ipfire/modem-lib.pl
+var/ipfire/ovpn/openssl/ovpn.cnf
diff --git a/config/rootfiles/core/78/filelists/i586/grub b/config/rootfiles/core/78/filelists/i586/grub
new file mode 120000
index 0000000..feb236a
--- /dev/null
+++ b/config/rootfiles/core/78/filelists/i586/grub
@@ -0,0 +1 @@
+../../../../common/i586/grub
\ No newline at end of file
diff --git a/config/rootfiles/core/78/filelists/i586/linux b/config/rootfiles/core/78/filelists/i586/linux
new file mode 120000
index 0000000..693ec4b
--- /dev/null
+++ b/config/rootfiles/core/78/filelists/i586/linux
@@ -0,0 +1 @@
+../../../../common/i586/linux
\ No newline at end of file
diff --git a/config/rootfiles/core/78/filelists/i586/syslinux b/config/rootfiles/core/78/filelists/i586/syslinux
new file mode 120000
index 0000000..74a776d
--- /dev/null
+++ b/config/rootfiles/core/78/filelists/i586/syslinux
@@ -0,0 +1 @@
+../../../../common/i586/syslinux
\ No newline at end of file
diff --git a/config/rootfiles/core/78/filelists/openvpn b/config/rootfiles/core/78/filelists/openvpn
new file mode 120000
index 0000000..493f3f7
--- /dev/null
+++ b/config/rootfiles/core/78/filelists/openvpn
@@ -0,0 +1 @@
+../../../common/openvpn
\ No newline at end of file
diff --git a/config/rootfiles/core/78/filelists/ppp b/config/rootfiles/core/78/filelists/ppp
new file mode 120000
index 0000000..4844a9b
--- /dev/null
+++ b/config/rootfiles/core/78/filelists/ppp
@@ -0,0 +1 @@
+../../../common/ppp
\ No newline at end of file
diff --git a/config/rootfiles/core/78/filelists/snort b/config/rootfiles/core/78/filelists/snort
new file mode 120000
index 0000000..9406ce0
--- /dev/null
+++ b/config/rootfiles/core/78/filelists/snort
@@ -0,0 +1 @@
+../../../common/snort
\ No newline at end of file
diff --git a/config/rootfiles/core/78/filelists/squid b/config/rootfiles/core/78/filelists/squid
new file mode 120000
index 0000000..2dc8372
--- /dev/null
+++ b/config/rootfiles/core/78/filelists/squid
@@ -0,0 +1 @@
+../../../common/squid
\ No newline at end of file
diff --git a/config/rootfiles/core/78/filelists/vnstat b/config/rootfiles/core/78/filelists/vnstat
new file mode 120000
index 0000000..2e2e610
--- /dev/null
+++ b/config/rootfiles/core/78/filelists/vnstat
@@ -0,0 +1 @@
+../../../common/vnstat
\ No newline at end of file
diff --git a/config/rootfiles/core/78/meta b/config/rootfiles/core/78/meta
new file mode 100644
index 0000000..d547fa8
--- /dev/null
+++ b/config/rootfiles/core/78/meta
@@ -0,0 +1 @@
+DEPS=""
diff --git a/config/rootfiles/core/78/update.sh b/config/rootfiles/core/78/update.sh
new file mode 100644
index 0000000..cb9af9f
--- /dev/null
+++ b/config/rootfiles/core/78/update.sh
@@ -0,0 +1,292 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2014 IPFire-Team <info(a)ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+function add_to_backup ()
+{
+ # Add path to ROOTFILES but remove old entries to prevent double
+ # files in the tar
+ grep -v "^$1" /opt/pakfire/tmp/ROOTFILES > /opt/pakfire/tmp/ROOTFILES.tmp
+ mv /opt/pakfire/tmp/ROOTFILES.tmp /opt/pakfire/tmp/ROOTFILES
+ echo $1 >> /opt/pakfire/tmp/ROOTFILES
+}
+
+#
+# Remove old core updates from pakfire cache to save space...
+core=78
+for (( i=1; i<=${core}; i++ ))
+do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+#
+# Do some sanity checks.
+case $(uname -r) in
+ *-ipfire-versatile )
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: ERROR cannot update. versatile support is dropped."
+ # Report no error to pakfire. So it does not try to install it again.
+ exit 0
+ ;;
+ *-ipfire-xen )
+ BOOTSIZE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f2 | tail -n 1`
+ if [ $BOOTSIZE -lt 28000 ]; then
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: ERROR cannot update because not enough space on boot."
+ exit 2
+ fi
+ ;;
+ *-ipfire* )
+ # Ok.
+ ;;
+ * )
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: ERROR cannot update. No IPFire Kernel."
+ exit 1
+ ;;
+esac
+
+
+#
+#
+KVER="xxxKVERxxx"
+MOUNT=`grep "kernel" /boot/grub/grub.conf 2>/dev/null | tail -n 1 `
+# Nur den letzten Parameter verwenden
+echo $MOUNT > /dev/null
+MOUNT=$_
+if [ ! $MOUNT == "rw" ]; then
+ MOUNT="ro"
+fi
+
+#
+# check if we the backup file already exist
+if [ -e /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz ]; then
+ echo Moving backup to backup-old ...
+ mv -f /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz \
+ /var/ipfire/backup/core-upgrade${core}_${KVER}-old.tar.xz
+fi
+echo First we made a backup of all files that was inside of the
+echo update archive. This may take a while ...
+# Add some files that are not in the package to backup
+add_to_backup lib/modules
+add_to_backup boot
+
+# Backup the files
+tar cJvf /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz \
+ -C / -T /opt/pakfire/tmp/ROOTFILES --exclude='#*' --exclude='/var/cache' > /dev/null 2>&1
+
+# Check diskspace on root
+ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+
+if [ $ROOTSPACE -lt 100000 ]; then
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: ERROR cannot update because not enough free space on root."
+ exit 2
+fi
+
+
+echo
+echo Update Kernel to $KVER ...
+#
+# Remove old kernel, configs, initrd, modules ...
+#
+rm -rf /boot/System.map-*
+rm -rf /boot/config-*
+rm -rf /boot/ipfirerd-*
+rm -rf /boot/vmlinuz-*
+rm -rf /boot/uImage-ipfire-*
+rm -rf /boot/uInit-ipfire-*
+rm -rf /lib/modules
+
+case $(uname -m) in
+ i?86 )
+ #
+ # Backup grub.conf
+ #
+ cp -vf /boot/grub/grub.conf /boot/grub/grub.conf.org
+ ;;
+esac
+#
+#Stop services
+/etc/init.d/snort stop
+/etc/init.d/squid stop
+/etc/init.d/ipsec stop
+/etc/init.d/apache stop
+
+# rename /etc/modprobe.d files
+for i in $(find /etc/modprobe.d/* | grep -v ".conf"); do
+ mv $i $i.conf
+done
+
+#
+#Extract files
+tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
+
+# Check diskspace on boot
+BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+
+if [ $BOOTSPACE -lt 1000 ]; then
+ case $(uname -r) in
+ *-ipfire-kirkwood )
+ # Special handling for old kirkwood images.
+ # (install only kirkwood kernel)
+ rm -rf /boot/*
+ tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p \
+ --numeric-owner -C / --wildcards 'boot/*-kirkwood*'
+ ;;
+ * )
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: FATAL-ERROR space run out on boot. System is not bootable..."
+ /etc/init.d/apache start
+ exit 4
+ ;;
+ esac
+fi
+
+
+# Update Language cache
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+
+#
+# Start services
+#
+/etc/init.d/apache start
+/etc/init.d/squid start
+/etc/init.d/snort start
+if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then
+ /etc/init.d/ipsec start
+fi
+
+case $(uname -m) in
+ i?86 )
+ #
+ # Modify grub.conf
+ #
+ echo
+ echo Update grub configuration ...
+ ROOT=`mount | grep " / " | cut -d" " -f1`
+
+ if [ ! -z $ROOT ]; then
+ ROOTUUID=`blkid -c /dev/null -sUUID $ROOT | cut -d'"' -f2`
+ fi
+
+ if [ ! -z $ROOTUUID ]; then
+ sed -i "s|ROOT|UUID=$ROOTUUID|g" /boot/grub/grub.conf
+ else
+ sed -i "s|ROOT|$ROOT|g" /boot/grub/grub.conf
+ fi
+ sed -i "s|KVER|$KVER|g" /boot/grub/grub.conf
+ sed -i "s|MOUNT|$MOUNT|g" /boot/grub/grub.conf
+
+ if [ "$(grep "^serial" /boot/grub/grub.conf.org)" == "" ]; then
+ echo "grub use default console ..."
+ else
+ echo "grub use serial console ..."
+ sed -i -e "s|splashimage|#splashimage|g" /boot/grub/grub.conf
+ sed -i -e "s|#serial|serial|g" /boot/grub/grub.conf
+ sed -i -e "s|#terminal|terminal|g" /boot/grub/grub.conf
+ sed -i -e "s| panic=10 | console=ttyS0,115200n8 panic=10 |g" /boot/grub/grub.conf
+ fi
+
+ #
+ # ReInstall grub
+ #
+ echo "(hd0) ${ROOT::`expr length $ROOT`-1}" > /boot/grub/device.map
+ grub-install --no-floppy ${ROOT::`expr length $ROOT`-1}
+ ;;
+esac
+
+
+# Force (re)install pae kernel if pae is supported
+rm -rf /opt/pakfire/db/*/meta-linux-pae
+if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then
+ ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+ BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+ if [ $BOOTSPACE -lt 12000 -o $ROOTSPACE -lt 90000 ]; then
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: WARNING not enough space for pae kernel."
+ else
+ echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae
+ echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae
+ echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae
+ echo "Name: linux-pae" > /opt/pakfire/db/meta/meta-linux-pae
+ echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-pae
+ echo "Release: 0" >> /opt/pakfire/db/meta/meta-linux-pae
+ fi
+fi
+
+# Force reinstall xen kernel if it was installed
+if [ -e "/opt/pakfire/db/installed/meta-linux-xen" ]; then
+ echo "Name: linux-xen" > /opt/pakfire/db/installed/meta-linux-xen
+ echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-xen
+ echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-xen
+ echo "Name: linux-xen" > /opt/pakfire/db/meta/meta-linux-xen
+ echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-xen
+ echo "Release: 0" >> /opt/pakfire/db/meta/meta-linux-xen
+ # Add xvc0 to /etc/securetty
+ echo "xvc0" >> /etc/securetty
+fi
+
+#
+# After pakfire has ended run it again and update the lists and do upgrade
+#
+echo '#!/bin/bash' > /tmp/pak_update
+echo 'while [ "$(ps -A | grep " update.sh")" != "" ]; do' >> /tmp/pak_update
+echo ' sleep 1' >> /tmp/pak_update
+echo 'done' >> /tmp/pak_update
+echo 'while [ "$(ps -A | grep " pakfire")" != "" ]; do' >> /tmp/pak_update
+echo ' sleep 1' >> /tmp/pak_update
+echo 'done' >> /tmp/pak_update
+echo '/opt/pakfire/pakfire update -y --force' >> /tmp/pak_update
+echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
+echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
+echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
+echo '/usr/bin/logger -p syslog.emerg -t ipfire "Core-upgrade finished. If you use a customized grub.cfg"' >> /tmp/pak_update
+echo '/usr/bin/logger -p syslog.emerg -t ipfire "Check it before reboot !!!"' >> /tmp/pak_update
+echo '/usr/bin/logger -p syslog.emerg -t ipfire " *** Please reboot... *** "' >> /tmp/pak_update
+echo 'touch /var/run/need_reboot ' >> /tmp/pak_update
+#
+killall -KILL pak_update
+chmod +x /tmp/pak_update
+/tmp/pak_update &
+
+sync
+
+#
+#Finish
+(
+ /etc/init.d/fireinfo start
+ sendprofile
+) >/dev/null 2>&1 &
+
+# Update Package list for addon installation
+/opt/pakfire/pakfire update -y --force
+
+echo
+echo Please wait until pakfire has ended...
+echo
+#Don't report the exitcode last command
+exit 0
+
diff --git a/config/rootfiles/packages/nut b/config/rootfiles/packages/nut
index 53935f0..4e6167e 100644
--- a/config/rootfiles/packages/nut
+++ b/config/rootfiles/packages/nut
@@ -6,8 +6,10 @@ etc/nut/upsd.users.sample
etc/nut/upsmon.conf.sample
etc/nut/upssched.conf.sample
etc/udev/rules.d/52-nut-usbups.rules
+usr/bin/al175
usr/bin/apcsmart
usr/bin/apcsmart-old
+usr/bin/apcupsd-ups
usr/bin/bcmxcp
usr/bin/bcmxcp_usb
usr/bin/belkin
@@ -34,14 +36,18 @@ usr/bin/metasys
usr/bin/mge-shut
usr/bin/mge-utalk
usr/bin/microdowell
-usr/bin/newmge-shut
usr/bin/nut-scanner
+usr/bin/nutdrv_atcl_usb
+usr/bin/nutdrv_qx
+usr/bin/oldmge-shut
usr/bin/oneac
usr/bin/optiups
usr/bin/powercom
usr/bin/powerpanel
usr/bin/rhino
usr/bin/richcomm_usb
+usr/bin/riello_ser
+usr/bin/riello_usb
usr/bin/safenet
usr/bin/skel
usr/bin/snmp-ups
@@ -52,14 +58,16 @@ usr/bin/tripplitesu
usr/bin/upsc
usr/bin/upscmd
usr/bin/upscode2
-usr/bin/upsdrvctl
usr/bin/upslog
usr/bin/upsrw
usr/bin/upssched-cmd
usr/bin/usbhid-ups
usr/bin/victronups
-#usr/cgi-bin
-#usr/html
+#usr/lib/libnutclient.a
+#usr/lib/libnutclient.la
+usr/lib/libnutclient.so
+usr/lib/libnutclient.so.0
+usr/lib/libnutclient.so.0.0.0
#usr/lib/libnutscan.a
#usr/lib/libnutscan.la
usr/lib/libnutscan.so
@@ -68,9 +76,10 @@ usr/lib/libnutscan.so.1.0.0
#usr/lib/libupsclient.a
#usr/lib/libupsclient.la
usr/lib/libupsclient.so
-usr/lib/libupsclient.so.1
-usr/lib/libupsclient.so.1.1.0
+usr/lib/libupsclient.so.4
+usr/lib/libupsclient.so.4.0.0
usr/sbin/upsd
+usr/sbin/upsdrvctl
usr/sbin/upsmon
usr/sbin/upssched
usr/share/cmdvartab
@@ -81,8 +90,10 @@ usr/share/driver.list
#usr/share/man/man5/upsd.users.5
#usr/share/man/man5/upsmon.conf.5
#usr/share/man/man5/upssched.conf.5
+#usr/share/man/man8/al175.8
#usr/share/man/man8/apcsmart-old.8
#usr/share/man/man8/apcsmart.8
+#usr/share/man/man8/apcupsd-ups.8
#usr/share/man/man8/bcmxcp.8
#usr/share/man/man8/bcmxcp_usb.8
#usr/share/man/man8/belkin.8
@@ -91,7 +102,8 @@ usr/share/driver.list
#usr/share/man/man8/bestfortress.8
#usr/share/man/man8/bestuferrups.8
#usr/share/man/man8/bestups.8
-#usr/share/man/man8/blazer.8
+#usr/share/man/man8/blazer_ser.8
+#usr/share/man/man8/blazer_usb.8
#usr/share/man/man8/clone.8
#usr/share/man/man8/dummy-ups.8
#usr/share/man/man8/etapro.8
@@ -107,7 +119,10 @@ usr/share/driver.list
#usr/share/man/man8/mge-shut.8
#usr/share/man/man8/mge-utalk.8
#usr/share/man/man8/microdowell.8
+#usr/share/man/man8/nut-recorder.8
#usr/share/man/man8/nut-scanner.8
+#usr/share/man/man8/nutdrv_atcl_usb.8
+#usr/share/man/man8/nutdrv_qx.8
#usr/share/man/man8/nutupsdrv.8
#usr/share/man/man8/oneac.8
#usr/share/man/man8/optiups.8
@@ -115,6 +130,8 @@ usr/share/driver.list
#usr/share/man/man8/powerpanel.8
#usr/share/man/man8/rhino.8
#usr/share/man/man8/richcomm_usb.8
+#usr/share/man/man8/riello_ser.8
+#usr/share/man/man8/riello_usb.8
#usr/share/man/man8/safenet.8
#usr/share/man/man8/snmp-ups.8
#usr/share/man/man8/solis.8
diff --git a/config/rootfiles/packages/sslscan b/config/rootfiles/packages/sslscan
new file mode 100644
index 0000000..603c36e
--- /dev/null
+++ b/config/rootfiles/packages/sslscan
@@ -0,0 +1,2 @@
+usr/bin/sslscan
+#usr/share/man/man1/sslscan.1
diff --git a/config/xen-image/README b/config/xen-image/README
index 3813572..5748121 100644
--- a/config/xen-image/README
+++ b/config/xen-image/README
@@ -18,3 +18,7 @@ other usefull commands from the Dom0:
- shutdown the fire: "xm shutdown ipfire-xen"
- reset the fire: "xm destroy ipfire-xen"
- look what is going on: "xm top" or "xm list"
+
+This script can also build a Citrix XenCenter xva image.
+- run "XEN_IMG_TYPE=xva sh xen-image-maker.sh" to build an xva image.
+- import the vm with "xe vm-import file=ipfire.xfa"
diff --git a/config/xen-image/ipfire.cfg b/config/xen-image/ipfire.cfg
index 594c82a..38bfdff 100644
--- a/config/xen-image/ipfire.cfg
+++ b/config/xen-image/ipfire.cfg
@@ -17,8 +17,8 @@ vif = [
disk = [
- 'file:/mnt/test/ipfire-boot.img,xvda1,w',
- 'file:/mnt/test/ipfire-swap.img,xvda2,w',
- 'file:/mnt/test/ipfire-root.img,xvda3,w',
- 'file:/mnt/test/ipfire-var.img,xvda4,w'
+ 'file:./ipfire-boot.img,xvda1,w',
+ 'file:./ipfire-swap.img,xvda2,w',
+ 'file:./ipfire-root.img,xvda3,w',
+ 'file:./ipfire-var.img,xvda4,w'
] #### Change path
diff --git a/config/xen-image/xen-image-maker.sh b/config/xen-image/xen-image-maker.sh
index a42ad5b..4f63280 100644
--- a/config/xen-image/xen-image-maker.sh
+++ b/config/xen-image/xen-image-maker.sh
@@ -28,23 +28,12 @@ KVER=xxxKVERxxx
KERN_PACK=xxxKERN_PACKxxx
KRNDOWN=http://mirror0.ipfire.org/pakfire2/$VERSION/paks
CONSOLE=hvc0
-###############################################################################
-# If you really want to use outdated legacy kernel uncomment this lines. #####
-# Not recommended!!! ##########################################################
-######################
-#KERN_TYPE=xen
-#KVER=2.6.32.61
-#KERN_PACK=29
-#KRNDOWN=http://mirror0.ipfire.org/pakfire2/2.15/paks
-#CONSOLE=xvc0
-###############################################################################
SIZEboot=64
SIZEswap=512
SIZEroot=1024
SIZEvar=1024
-# ct'server does not support ext4 so change this to ext3.
-FSTYPE=ext4
+FSTYPE=ext3
##############################################################################
@@ -62,6 +51,25 @@ IMGvar=./$SNAME-var.img
KERNEL=linux-$KERN_TYPE-$KVER-$KERN_PACK.ipfire
+if [ "$XEN_IMG_TYPE" == "xva" ]; then
+ # download xva.py if it not exist.
+ if [ ! -e xva.py ]; then
+ wget http://source.ipfire.org/source-2.x/xva.py
+ fi
+ # XenCenter use other devicenames and
+ # xvdd seems to be reserved (converter bug?).
+ P1=xvda
+ P2=xvdb
+ P3=xvdc
+ P4=xvde
+else
+ # old style xen image partition names
+ P1=xvda1
+ P2=xvda2
+ P3=xvda3
+ P4=xvda4
+fi
+
rm -rf $TMPDIR && mkdir -p $MNThdd && mkdir -p $ISODIR
echo --------------------------------------------------------
echo - Download $SOURCEISO ...
@@ -108,7 +116,8 @@ mount -o loop $IMGboot $MNThdd/boot
mount -o loop $IMGvar $MNThdd/var
# Install IPFire without kernel modules
-tar -C $MNThdd/ -xvf $ISODIR/$SNAME-$VERSION.tlz --lzma \
+xz -d < $ISODIR/$SNAME-$VERSION.tlz > $TMPDIR/$SNAME-$VERSION.tar
+tar -C $MNThdd/ -xvf $TMPDIR/$SNAME-$VERSION.tar \
--exclude=lib/modules* --exclude=boot* --numeric-owner
#Install Kernel
@@ -121,7 +130,7 @@ mkdir $MNThdd/boot/grub
echo "timeout 10" > $MNThdd/boot/grub/grub.conf
echo "default 0" >> $MNThdd/boot/grub/grub.conf
echo "title IPFire ($KERN_TYPE-kernel)" >> $MNThdd/boot/grub/grub.conf
-echo " kernel /vmlinuz-$KVER-ipfire-xen root=/dev/xvda3 rootdelay=10 panic=10 console=$CONSOLE ro" \
+echo " kernel /vmlinuz-$KVER-ipfire-$KERN_TYPE root=/dev/$P3 rootdelay=10 panic=10 console=$CONSOLE ro" \
>> $MNThdd/boot/grub/grub.conf
echo " initrd /ipfirerd-$KVER-$KERN_TYPE.img" >> $MNThdd/boot/grub/grub.conf
echo "# savedefault 0" >> $MNThdd/boot/grub/grub.conf
@@ -129,16 +138,16 @@ echo "# savedefault 0" >> $MNThdd/boot/grub/grub.conf
ln -s grub.conf $MNThdd/boot/grub/menu.lst
#create the meta-info of linux-kernel package
-echo "" > $MNThdd/opt/pakfire/db/meta/linux-$KERN_TYPE
-echo "Name: linux-$KERN_TYPE" >> $MNThdd/opt/pakfire/db/meta/linux-$KERN_TYPE
-echo "ProgVersion: $KVER" >> $MNThdd/opt/pakfire/db/meta/linux-$KERN_TYPE
-echo "Release: $KERN_PACK" >> $MNThdd/opt/pakfire/db/meta/linux-$KERN_TYPE
-echo "" >> $MNThdd/opt/pakfire/db/meta/linux-$KERN_TYPE
-echo "" > $MNThdd/opt/pakfire/db/installed/linux-$KERN_TYPE
-echo "Name: linux-$KERN_TYPE" >> $MNThdd/opt/pakfire/db/installed/linux-$KERN_TYPE
-echo "ProgVersion: $KVER" >> $MNThdd/opt/pakfire/db/installed/linux-$KERN_TYPE
-echo "Release: $KERN_PACK" >> $MNThdd/opt/pakfire/db/installed/linux-$KERN_TYPE
-echo "" >> $MNThdd/opt/pakfire/db/installed/linux-$KERN_TYPE
+echo "" > $MNThdd/opt/pakfire/db/meta/meta-linux-$KERN_TYPE
+echo "Name: linux-$KERN_TYPE" >> $MNThdd/opt/pakfire/db/meta/meta-linux-$KERN_TYPE
+echo "ProgVersion: $KVER" >> $MNThdd/opt/pakfire/db/meta/meta-linux-$KERN_TYPE
+echo "Release: $KERN_PACK" >> $MNThdd/opt/pakfire/db/meta/meta-linux-$KERN_TYPE
+echo "" >> $MNThdd/opt/pakfire/db/meta/meta-linux-$KERN_TYPE
+echo "" > $MNThdd/opt/pakfire/db/installed/meta-linux-$KERN_TYPE
+echo "Name: linux-$KERN_TYPE" >> $MNThdd/opt/pakfire/db/installed/meta-linux-$KERN_TYPE
+echo "ProgVersion: $KVER" >> $MNThdd/opt/pakfire/db/installed/meta-linux-$KERN_TYPE
+echo "Release: $KERN_PACK" >> $MNThdd/opt/pakfire/db/installed/meta-linux-$KERN_TYPE
+echo "" >> $MNThdd/opt/pakfire/db/installed/meta-linux-$KERN_TYPE
#Set default configuration
echo "LANGUAGE=en" >> $MNThdd/var/ipfire/main/settings
@@ -150,10 +159,10 @@ mount --bind /proc $MNThdd/proc
mount --bind /dev $MNThdd/dev
mount --bind /sys $MNThdd/sys
chroot $MNThdd /usr/bin/perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
-sed -i -e "s|DEVICE1|/dev/xvda1|g" $MNThdd/etc/fstab
-sed -i -e "s|DEVICE2|/dev/xvda2|g" $MNThdd/etc/fstab
-sed -i -e "s|DEVICE3|/dev/xvda3|g" $MNThdd/etc/fstab
-sed -i -e "s|DEVICE4|/dev/xvda4|g" $MNThdd/etc/fstab
+sed -i -e "s|DEVICE1|/dev/$P1|g" $MNThdd/etc/fstab
+sed -i -e "s|DEVICE2|/dev/$P2|g" $MNThdd/etc/fstab
+sed -i -e "s|DEVICE3|/dev/$P3|g" $MNThdd/etc/fstab
+sed -i -e "s|DEVICE4|/dev/$P4|g" $MNThdd/etc/fstab
sed -i -e "s|FSTYPE|$FSTYPE|g" $MNThdd/etc/fstab
@@ -192,6 +201,11 @@ umount $MNThdd
umount $ISODIR
rm -rf ./ipfire-tmp
+
+if [ "$XEN_IMG_TYPE" == "xva" ]; then
+ python xva.py --sparse -c $SNAME.cfg -f $SNAME.xva
+ rm -f $SNAME*.img
+fi
echo --------------------------------------------------------
echo - Done.
echo --------------------------------------------------------
diff --git a/doc/language_issues.de b/doc/language_issues.de
index 25612b5..2140296 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -1,4 +1,3 @@
-WARNING: translation string unused: Client status and controlc
WARNING: translation string unused: ConnSched scheduler
WARNING: translation string unused: ConnSched select profile
WARNING: translation string unused: HDD temperature
@@ -364,6 +363,7 @@ WARNING: translation string unused: network time
WARNING: translation string unused: network traffic graphs
WARNING: translation string unused: network updated
WARNING: translation string unused: networks settings
+WARNING: translation string unused: never
WARNING: translation string unused: new optionsfw must boot
WARNING: translation string unused: no alcatelusb firmware
WARNING: translation string unused: no cfg upload
@@ -386,7 +386,6 @@ WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: or
WARNING: translation string unused: original
-WARNING: translation string unused: other countries
WARNING: translation string unused: our donors
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall
@@ -409,10 +408,11 @@ WARNING: translation string unused: outgoing firewall reset
WARNING: translation string unused: outgoing firewall view group
WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
-WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
WARNING: translation string unused: ovpn dl
+WARNING: translation string unused: ovpn engines
WARNING: translation string unused: ovpn log
+WARNING: translation string unused: ovpn reneg sec
WARNING: translation string unused: ovpn_fastio
WARNING: translation string unused: ovpn_fragment
WARNING: translation string unused: ovpn_mssfix
@@ -459,16 +459,12 @@ WARNING: translation string unused: released
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
@@ -619,10 +615,15 @@ WARNING: untranslated string: addons
WARNING: untranslated string: bytes
WARNING: untranslated string: community rules
WARNING: untranslated string: dead peer detection
+WARNING: untranslated string: downlink
WARNING: untranslated string: emerging rules
+WARNING: untranslated string: first
WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: last
+WARNING: untranslated string: monitor interface
WARNING: untranslated string: qos add subclass
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
+WARNING: untranslated string: uplink
diff --git a/doc/language_issues.en b/doc/language_issues.en
index e6af830..3a0a4c7 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -1,4 +1,3 @@
-WARNING: translation string unused: Client status and controlc
WARNING: translation string unused: ConnSched scheduler
WARNING: translation string unused: ConnSched select profile
WARNING: translation string unused: HDD temperature
@@ -146,6 +145,7 @@ WARNING: translation string unused: destination ip bad
WARNING: translation string unused: destination ip or net
WARNING: translation string unused: destination net
WARNING: translation string unused: destination port overlaps
+WARNING: translation string unused: dh name is invalid
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
@@ -389,6 +389,7 @@ WARNING: translation string unused: network time
WARNING: translation string unused: network traffic graphs
WARNING: translation string unused: network updated
WARNING: translation string unused: networks settings
+WARNING: translation string unused: never
WARNING: translation string unused: new optionsfw must boot
WARNING: translation string unused: no alcatelusb firmware
WARNING: translation string unused: no cfg upload
@@ -412,7 +413,6 @@ WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: or
WARNING: translation string unused: original
-WARNING: translation string unused: other countries
WARNING: translation string unused: our donors
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall
@@ -435,12 +435,12 @@ WARNING: translation string unused: outgoing firewall reset
WARNING: translation string unused: outgoing firewall view group
WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
-WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
WARNING: translation string unused: ovpn dl
+WARNING: translation string unused: ovpn engines
WARNING: translation string unused: ovpn log
+WARNING: translation string unused: ovpn reneg sec
WARNING: translation string unused: ovpn_fastio
-WARNING: translation string unused: ovpn_fragment
WARNING: translation string unused: ovpn_mssfix
WARNING: translation string unused: ovpn_mtudisc
WARNING: translation string unused: ovpn_processprio
@@ -486,16 +486,12 @@ WARNING: translation string unused: released
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
@@ -550,6 +546,7 @@ WARNING: translation string unused: successfully refreshed updates list
WARNING: translation string unused: system graphs
WARNING: translation string unused: system log viewer
WARNING: translation string unused: system status information
+WARNING: translation string unused: teovpn_fragment
WARNING: translation string unused: test
WARNING: translation string unused: test email could not be sent
WARNING: translation string unused: test email was sent
@@ -650,8 +647,13 @@ WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: bytes
+WARNING: untranslated string: downlink
+WARNING: untranslated string: first
WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: last
+WARNING: untranslated string: monitor interface
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
+WARNING: untranslated string: uplink
diff --git a/doc/language_issues.es b/doc/language_issues.es
index b854a2b..e13636b 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -360,7 +360,6 @@ WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: or
WARNING: translation string unused: original
-WARNING: translation string unused: other countries
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall
WARNING: translation string unused: outgoing firewall mode0
@@ -371,7 +370,6 @@ WARNING: translation string unused: outgoing firewall p2p description
WARNING: translation string unused: outgoing firewall reset
WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
-WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
WARNING: translation string unused: ovpn dl
WARNING: translation string unused: ovpn log
@@ -422,16 +420,12 @@ WARNING: translation string unused: released
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
@@ -558,6 +552,7 @@ WARNING: translation string unused: use dov
WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
+WARNING: translation string unused: vpn configuration main
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
@@ -580,6 +575,8 @@ WARNING: untranslated string: ConnSched reboot
WARNING: untranslated string: ConnSched shutdown
WARNING: untranslated string: MB read
WARNING: untranslated string: MB written
+WARNING: untranslated string: MTU settings
+WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: Set time on boot
WARNING: untranslated string: addons
@@ -592,6 +589,7 @@ WARNING: untranslated string: atm device
WARNING: untranslated string: attention
WARNING: untranslated string: bit
WARNING: untranslated string: bytes
+WARNING: untranslated string: capabilities
WARNING: untranslated string: ccd add
WARNING: untranslated string: ccd choose net
WARNING: untranslated string: ccd client options
@@ -636,6 +634,10 @@ WARNING: untranslated string: countrycode
WARNING: untranslated string: dead peer detection
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: details
+WARNING: untranslated string: dh
+WARNING: untranslated string: dh key move failed
+WARNING: untranslated string: dh key warn
+WARNING: untranslated string: dh key warn1
WARNING: untranslated string: dnat address
WARNING: untranslated string: dns servers
WARNING: untranslated string: dnsforward
@@ -674,6 +676,7 @@ WARNING: untranslated string: fireinfo why descr2
WARNING: untranslated string: fireinfo why enable
WARNING: untranslated string: fireinfo why read more
WARNING: untranslated string: fireinfo your profile id
+WARNING: untranslated string: firewall logs country
WARNING: untranslated string: firewall rules
WARNING: untranslated string: first
WARNING: untranslated string: flag
@@ -820,8 +823,12 @@ WARNING: untranslated string: fwhost stdnet
WARNING: untranslated string: fwhost type
WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
+WARNING: untranslated string: gen dh
+WARNING: untranslated string: generate dh key
WARNING: untranslated string: grouptype
WARNING: untranslated string: hardware support
+WARNING: untranslated string: imei
+WARNING: untranslated string: imsi
WARNING: untranslated string: incoming firewall access
WARNING: untranslated string: integrity
WARNING: untranslated string: invalid input for dpd delay
@@ -835,8 +842,23 @@ WARNING: untranslated string: mac filter
WARNING: untranslated string: maximum
WARNING: untranslated string: minimum
WARNING: untranslated string: minute
+WARNING: untranslated string: model
+WARNING: untranslated string: modem hardware details
+WARNING: untranslated string: modem information
+WARNING: untranslated string: modem network bit error rate
+WARNING: untranslated string: modem network information
+WARNING: untranslated string: modem network mode
+WARNING: untranslated string: modem network operator
+WARNING: untranslated string: modem network registration
+WARNING: untranslated string: modem network signal quality
+WARNING: untranslated string: modem no connection
+WARNING: untranslated string: modem no connection message
+WARNING: untranslated string: modem sim information
+WARNING: untranslated string: modem status
+WARNING: untranslated string: monitor interface
WARNING: untranslated string: most preferred
WARNING: untranslated string: no hardware random number generator
+WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: notice
WARNING: untranslated string: openvpn default
WARNING: untranslated string: openvpn destination port used
@@ -851,8 +873,16 @@ WARNING: untranslated string: other
WARNING: untranslated string: outgoing firewall access
WARNING: untranslated string: outgoing firewall p2p allow
WARNING: untranslated string: outgoing firewall p2p deny
+WARNING: untranslated string: ovpn crypt options
+WARNING: untranslated string: ovpn dh
+WARNING: untranslated string: ovpn dh new key
+WARNING: untranslated string: ovpn dh parameters
+WARNING: untranslated string: ovpn dh upload
WARNING: untranslated string: ovpn errmsg green already pushed
WARNING: untranslated string: ovpn errmsg invalid ip or mask
+WARNING: untranslated string: ovpn generating the root and host certificates
+WARNING: untranslated string: ovpn ha
+WARNING: untranslated string: ovpn hmac
WARNING: untranslated string: ovpn mgmt in root range
WARNING: untranslated string: ovpn mtu-disc
WARNING: untranslated string: ovpn mtu-disc and mtu not 1500
@@ -881,7 +911,10 @@ WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
WARNING: untranslated string: server restart
+WARNING: untranslated string: show dh
WARNING: untranslated string: snat new source ip address
+WARNING: untranslated string: software version
+WARNING: untranslated string: source ip country
WARNING: untranslated string: ssh
WARNING: untranslated string: static routes
WARNING: untranslated string: support donation
@@ -937,8 +970,10 @@ WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
WARNING: untranslated string: uplink
+WARNING: untranslated string: upload dh key
WARNING: untranslated string: uptime load average
WARNING: untranslated string: urlfilter redirect template
+WARNING: untranslated string: vendor
WARNING: untranslated string: visit us at
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: wlan client
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 6ab29e8..759c18d 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -360,7 +360,6 @@ WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: or
WARNING: translation string unused: original
-WARNING: translation string unused: other countries
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall
WARNING: translation string unused: outgoing firewall add ip group
@@ -382,7 +381,6 @@ WARNING: translation string unused: outgoing firewall reset
WARNING: translation string unused: outgoing firewall view group
WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
-WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
WARNING: translation string unused: ovpn dl
WARNING: translation string unused: ovpn log
@@ -433,16 +431,12 @@ WARNING: translation string unused: released
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
@@ -571,6 +565,7 @@ WARNING: translation string unused: use dov
WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
+WARNING: translation string unused: vpn configuration main
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
@@ -591,6 +586,8 @@ WARNING: untranslated string: ConnSched reboot
WARNING: untranslated string: ConnSched shutdown
WARNING: untranslated string: MB read
WARNING: untranslated string: MB written
+WARNING: untranslated string: MTU settings
+WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: addons
WARNING: untranslated string: advproxy cache-digest
@@ -602,6 +599,7 @@ WARNING: untranslated string: atm device
WARNING: untranslated string: attention
WARNING: untranslated string: bit
WARNING: untranslated string: bytes
+WARNING: untranslated string: capabilities
WARNING: untranslated string: ccd add
WARNING: untranslated string: ccd choose net
WARNING: untranslated string: ccd client options
@@ -646,6 +644,10 @@ WARNING: untranslated string: countrycode
WARNING: untranslated string: dead peer detection
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: details
+WARNING: untranslated string: dh
+WARNING: untranslated string: dh key move failed
+WARNING: untranslated string: dh key warn
+WARNING: untranslated string: dh key warn1
WARNING: untranslated string: dnat address
WARNING: untranslated string: dns address deleted txt
WARNING: untranslated string: dns servers
@@ -685,6 +687,7 @@ WARNING: untranslated string: fireinfo why descr2
WARNING: untranslated string: fireinfo why enable
WARNING: untranslated string: fireinfo why read more
WARNING: untranslated string: fireinfo your profile id
+WARNING: untranslated string: firewall logs country
WARNING: untranslated string: firewall rules
WARNING: untranslated string: first
WARNING: untranslated string: flag
@@ -831,8 +834,12 @@ WARNING: untranslated string: fwhost stdnet
WARNING: untranslated string: fwhost type
WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
+WARNING: untranslated string: gen dh
+WARNING: untranslated string: generate dh key
WARNING: untranslated string: grouptype
WARNING: untranslated string: hardware support
+WARNING: untranslated string: imei
+WARNING: untranslated string: imsi
WARNING: untranslated string: incoming firewall access
WARNING: untranslated string: integrity
WARNING: untranslated string: invalid input for dpd delay
@@ -846,8 +853,23 @@ WARNING: untranslated string: mac filter
WARNING: untranslated string: maximum
WARNING: untranslated string: minimum
WARNING: untranslated string: minute
+WARNING: untranslated string: model
+WARNING: untranslated string: modem hardware details
+WARNING: untranslated string: modem information
+WARNING: untranslated string: modem network bit error rate
+WARNING: untranslated string: modem network information
+WARNING: untranslated string: modem network mode
+WARNING: untranslated string: modem network operator
+WARNING: untranslated string: modem network registration
+WARNING: untranslated string: modem network signal quality
+WARNING: untranslated string: modem no connection
+WARNING: untranslated string: modem no connection message
+WARNING: untranslated string: modem sim information
+WARNING: untranslated string: modem status
+WARNING: untranslated string: monitor interface
WARNING: untranslated string: most preferred
WARNING: untranslated string: no hardware random number generator
+WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: notice
WARNING: untranslated string: ntp common settings
WARNING: untranslated string: ntp sync
@@ -862,6 +884,14 @@ WARNING: untranslated string: openvpn prefix remote subnet
WARNING: untranslated string: openvpn subnet is used
WARNING: untranslated string: other
WARNING: untranslated string: outgoing firewall access
+WARNING: untranslated string: ovpn crypt options
+WARNING: untranslated string: ovpn dh
+WARNING: untranslated string: ovpn dh new key
+WARNING: untranslated string: ovpn dh parameters
+WARNING: untranslated string: ovpn dh upload
+WARNING: untranslated string: ovpn generating the root and host certificates
+WARNING: untranslated string: ovpn ha
+WARNING: untranslated string: ovpn hmac
WARNING: untranslated string: ovpn mgmt in root range
WARNING: untranslated string: ovpn mtu-disc
WARNING: untranslated string: ovpn mtu-disc and mtu not 1500
@@ -888,8 +918,11 @@ WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
WARNING: untranslated string: server restart
+WARNING: untranslated string: show dh
WARNING: untranslated string: snat new source ip address
WARNING: untranslated string: snort working
+WARNING: untranslated string: software version
+WARNING: untranslated string: source ip country
WARNING: untranslated string: ssh
WARNING: untranslated string: static routes
WARNING: untranslated string: support donation
@@ -945,11 +978,13 @@ WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
WARNING: untranslated string: uplink
+WARNING: untranslated string: upload dh key
WARNING: untranslated string: upload new ruleset
WARNING: untranslated string: uptime load average
WARNING: untranslated string: urlfilter file ext block
WARNING: untranslated string: urlfilter mode block
WARNING: untranslated string: urlfilter redirect template
+WARNING: untranslated string: vendor
WARNING: untranslated string: visit us at
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: wlan client
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 6245eef..c1173f7 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -413,7 +413,6 @@ WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: or
WARNING: translation string unused: original
-WARNING: translation string unused: other countries
WARNING: translation string unused: our donors
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall
@@ -436,7 +435,6 @@ WARNING: translation string unused: outgoing firewall reset
WARNING: translation string unused: outgoing firewall view group
WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
-WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
WARNING: translation string unused: ovpn dl
WARNING: translation string unused: ovpn log
@@ -487,16 +485,12 @@ WARNING: translation string unused: released
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
@@ -634,6 +628,7 @@ WARNING: translation string unused: use dov
WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
+WARNING: translation string unused: vpn configuration main
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
@@ -649,14 +644,54 @@ WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
+WARNING: untranslated string: MTU settings
+WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: atm device
WARNING: untranslated string: bytes
+WARNING: untranslated string: capabilities
+WARNING: untranslated string: dh
+WARNING: untranslated string: dh key move failed
+WARNING: untranslated string: dh key warn
+WARNING: untranslated string: dh key warn1
WARNING: untranslated string: dns servers
WARNING: untranslated string: drop outgoing
+WARNING: untranslated string: firewall logs country
WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: gen dh
+WARNING: untranslated string: generate dh key
+WARNING: untranslated string: imei
+WARNING: untranslated string: imsi
+WARNING: untranslated string: model
+WARNING: untranslated string: modem hardware details
+WARNING: untranslated string: modem information
+WARNING: untranslated string: modem network bit error rate
+WARNING: untranslated string: modem network information
+WARNING: untranslated string: modem network mode
+WARNING: untranslated string: modem network operator
+WARNING: untranslated string: modem network registration
+WARNING: untranslated string: modem network signal quality
+WARNING: untranslated string: modem no connection
+WARNING: untranslated string: modem no connection message
+WARNING: untranslated string: modem sim information
+WARNING: untranslated string: modem status
+WARNING: untranslated string: monitor interface
+WARNING: untranslated string: not a valid dh key
+WARNING: untranslated string: ovpn crypt options
+WARNING: untranslated string: ovpn dh
+WARNING: untranslated string: ovpn dh new key
+WARNING: untranslated string: ovpn dh parameters
+WARNING: untranslated string: ovpn dh upload
+WARNING: untranslated string: ovpn generating the root and host certificates
+WARNING: untranslated string: ovpn ha
+WARNING: untranslated string: ovpn hmac
WARNING: untranslated string: random number generator daemon
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
+WARNING: untranslated string: show dh
+WARNING: untranslated string: software version
+WARNING: untranslated string: source ip country
+WARNING: untranslated string: upload dh key
+WARNING: untranslated string: vendor
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index b854a2b..e13636b 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -360,7 +360,6 @@ WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: or
WARNING: translation string unused: original
-WARNING: translation string unused: other countries
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall
WARNING: translation string unused: outgoing firewall mode0
@@ -371,7 +370,6 @@ WARNING: translation string unused: outgoing firewall p2p description
WARNING: translation string unused: outgoing firewall reset
WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
-WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
WARNING: translation string unused: ovpn dl
WARNING: translation string unused: ovpn log
@@ -422,16 +420,12 @@ WARNING: translation string unused: released
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
@@ -558,6 +552,7 @@ WARNING: translation string unused: use dov
WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
+WARNING: translation string unused: vpn configuration main
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
@@ -580,6 +575,8 @@ WARNING: untranslated string: ConnSched reboot
WARNING: untranslated string: ConnSched shutdown
WARNING: untranslated string: MB read
WARNING: untranslated string: MB written
+WARNING: untranslated string: MTU settings
+WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: Set time on boot
WARNING: untranslated string: addons
@@ -592,6 +589,7 @@ WARNING: untranslated string: atm device
WARNING: untranslated string: attention
WARNING: untranslated string: bit
WARNING: untranslated string: bytes
+WARNING: untranslated string: capabilities
WARNING: untranslated string: ccd add
WARNING: untranslated string: ccd choose net
WARNING: untranslated string: ccd client options
@@ -636,6 +634,10 @@ WARNING: untranslated string: countrycode
WARNING: untranslated string: dead peer detection
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: details
+WARNING: untranslated string: dh
+WARNING: untranslated string: dh key move failed
+WARNING: untranslated string: dh key warn
+WARNING: untranslated string: dh key warn1
WARNING: untranslated string: dnat address
WARNING: untranslated string: dns servers
WARNING: untranslated string: dnsforward
@@ -674,6 +676,7 @@ WARNING: untranslated string: fireinfo why descr2
WARNING: untranslated string: fireinfo why enable
WARNING: untranslated string: fireinfo why read more
WARNING: untranslated string: fireinfo your profile id
+WARNING: untranslated string: firewall logs country
WARNING: untranslated string: firewall rules
WARNING: untranslated string: first
WARNING: untranslated string: flag
@@ -820,8 +823,12 @@ WARNING: untranslated string: fwhost stdnet
WARNING: untranslated string: fwhost type
WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
+WARNING: untranslated string: gen dh
+WARNING: untranslated string: generate dh key
WARNING: untranslated string: grouptype
WARNING: untranslated string: hardware support
+WARNING: untranslated string: imei
+WARNING: untranslated string: imsi
WARNING: untranslated string: incoming firewall access
WARNING: untranslated string: integrity
WARNING: untranslated string: invalid input for dpd delay
@@ -835,8 +842,23 @@ WARNING: untranslated string: mac filter
WARNING: untranslated string: maximum
WARNING: untranslated string: minimum
WARNING: untranslated string: minute
+WARNING: untranslated string: model
+WARNING: untranslated string: modem hardware details
+WARNING: untranslated string: modem information
+WARNING: untranslated string: modem network bit error rate
+WARNING: untranslated string: modem network information
+WARNING: untranslated string: modem network mode
+WARNING: untranslated string: modem network operator
+WARNING: untranslated string: modem network registration
+WARNING: untranslated string: modem network signal quality
+WARNING: untranslated string: modem no connection
+WARNING: untranslated string: modem no connection message
+WARNING: untranslated string: modem sim information
+WARNING: untranslated string: modem status
+WARNING: untranslated string: monitor interface
WARNING: untranslated string: most preferred
WARNING: untranslated string: no hardware random number generator
+WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: notice
WARNING: untranslated string: openvpn default
WARNING: untranslated string: openvpn destination port used
@@ -851,8 +873,16 @@ WARNING: untranslated string: other
WARNING: untranslated string: outgoing firewall access
WARNING: untranslated string: outgoing firewall p2p allow
WARNING: untranslated string: outgoing firewall p2p deny
+WARNING: untranslated string: ovpn crypt options
+WARNING: untranslated string: ovpn dh
+WARNING: untranslated string: ovpn dh new key
+WARNING: untranslated string: ovpn dh parameters
+WARNING: untranslated string: ovpn dh upload
WARNING: untranslated string: ovpn errmsg green already pushed
WARNING: untranslated string: ovpn errmsg invalid ip or mask
+WARNING: untranslated string: ovpn generating the root and host certificates
+WARNING: untranslated string: ovpn ha
+WARNING: untranslated string: ovpn hmac
WARNING: untranslated string: ovpn mgmt in root range
WARNING: untranslated string: ovpn mtu-disc
WARNING: untranslated string: ovpn mtu-disc and mtu not 1500
@@ -881,7 +911,10 @@ WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
WARNING: untranslated string: server restart
+WARNING: untranslated string: show dh
WARNING: untranslated string: snat new source ip address
+WARNING: untranslated string: software version
+WARNING: untranslated string: source ip country
WARNING: untranslated string: ssh
WARNING: untranslated string: static routes
WARNING: untranslated string: support donation
@@ -937,8 +970,10 @@ WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
WARNING: untranslated string: uplink
+WARNING: untranslated string: upload dh key
WARNING: untranslated string: uptime load average
WARNING: untranslated string: urlfilter redirect template
+WARNING: untranslated string: vendor
WARNING: untranslated string: visit us at
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: wlan client
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 4058098..0589067 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -354,7 +354,6 @@ WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: or
WARNING: translation string unused: original
-WARNING: translation string unused: other countries
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall
WARNING: translation string unused: outgoing firewall add ip group
@@ -376,7 +375,6 @@ WARNING: translation string unused: outgoing firewall reset
WARNING: translation string unused: outgoing firewall view group
WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
-WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
WARNING: translation string unused: ovpn dl
WARNING: translation string unused: ovpn log
@@ -427,16 +425,12 @@ WARNING: translation string unused: released
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
@@ -563,6 +557,7 @@ WARNING: translation string unused: use dov
WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
+WARNING: translation string unused: vpn configuration main
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
@@ -584,6 +579,8 @@ WARNING: untranslated string: ConnSched shutdown
WARNING: untranslated string: Edit an existing route
WARNING: untranslated string: MB read
WARNING: untranslated string: MB written
+WARNING: untranslated string: MTU settings
+WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: addons
WARNING: untranslated string: advproxy cache-digest
@@ -595,6 +592,7 @@ WARNING: untranslated string: atm device
WARNING: untranslated string: attention
WARNING: untranslated string: bit
WARNING: untranslated string: bytes
+WARNING: untranslated string: capabilities
WARNING: untranslated string: ccd add
WARNING: untranslated string: ccd choose net
WARNING: untranslated string: ccd client options
@@ -640,6 +638,10 @@ WARNING: untranslated string: countrycode
WARNING: untranslated string: dead peer detection
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: details
+WARNING: untranslated string: dh
+WARNING: untranslated string: dh key move failed
+WARNING: untranslated string: dh key warn
+WARNING: untranslated string: dh key warn1
WARNING: untranslated string: disk access per
WARNING: untranslated string: dnat address
WARNING: untranslated string: dns servers
@@ -669,6 +671,7 @@ WARNING: untranslated string: extrahd maybe the device is in use
WARNING: untranslated string: extrahd to
WARNING: untranslated string: extrahd to root
WARNING: untranslated string: extrahd you cant mount
+WARNING: untranslated string: firewall logs country
WARNING: untranslated string: firewall rules
WARNING: untranslated string: first
WARNING: untranslated string: flag
@@ -815,8 +818,12 @@ WARNING: untranslated string: fwhost stdnet
WARNING: untranslated string: fwhost type
WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
+WARNING: untranslated string: gen dh
+WARNING: untranslated string: generate dh key
WARNING: untranslated string: grouptype
WARNING: untranslated string: hardware support
+WARNING: untranslated string: imei
+WARNING: untranslated string: imsi
WARNING: untranslated string: incoming firewall access
WARNING: untranslated string: incoming traffic in bytes per second
WARNING: untranslated string: integrity
@@ -831,8 +838,23 @@ WARNING: untranslated string: mac filter
WARNING: untranslated string: maximum
WARNING: untranslated string: minimum
WARNING: untranslated string: minute
+WARNING: untranslated string: model
+WARNING: untranslated string: modem hardware details
+WARNING: untranslated string: modem information
+WARNING: untranslated string: modem network bit error rate
+WARNING: untranslated string: modem network information
+WARNING: untranslated string: modem network mode
+WARNING: untranslated string: modem network operator
+WARNING: untranslated string: modem network registration
+WARNING: untranslated string: modem network signal quality
+WARNING: untranslated string: modem no connection
+WARNING: untranslated string: modem no connection message
+WARNING: untranslated string: modem sim information
+WARNING: untranslated string: modem status
+WARNING: untranslated string: monitor interface
WARNING: untranslated string: most preferred
WARNING: untranslated string: no hardware random number generator
+WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: notice
WARNING: untranslated string: openvpn default
WARNING: untranslated string: openvpn destination port used
@@ -846,6 +868,14 @@ WARNING: untranslated string: openvpn subnet is used
WARNING: untranslated string: other
WARNING: untranslated string: outgoing firewall access
WARNING: untranslated string: outgoing traffic in bytes per second
+WARNING: untranslated string: ovpn crypt options
+WARNING: untranslated string: ovpn dh
+WARNING: untranslated string: ovpn dh new key
+WARNING: untranslated string: ovpn dh parameters
+WARNING: untranslated string: ovpn dh upload
+WARNING: untranslated string: ovpn generating the root and host certificates
+WARNING: untranslated string: ovpn ha
+WARNING: untranslated string: ovpn hmac
WARNING: untranslated string: ovpn mgmt in root range
WARNING: untranslated string: ovpn mtu-disc
WARNING: untranslated string: ovpn mtu-disc and mtu not 1500
@@ -871,7 +901,10 @@ WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
WARNING: untranslated string: server restart
+WARNING: untranslated string: show dh
WARNING: untranslated string: snat new source ip address
+WARNING: untranslated string: software version
+WARNING: untranslated string: source ip country
WARNING: untranslated string: ssh
WARNING: untranslated string: static routes
WARNING: untranslated string: support donation
@@ -926,8 +959,10 @@ WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
WARNING: untranslated string: uplink
+WARNING: untranslated string: upload dh key
WARNING: untranslated string: uptime load average
WARNING: untranslated string: urlfilter redirect template
+WARNING: untranslated string: vendor
WARNING: untranslated string: visit us at
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: wlan client
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index e6af830..2d9ebf7 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -412,7 +412,6 @@ WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: or
WARNING: translation string unused: original
-WARNING: translation string unused: other countries
WARNING: translation string unused: our donors
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall
@@ -435,7 +434,6 @@ WARNING: translation string unused: outgoing firewall reset
WARNING: translation string unused: outgoing firewall view group
WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
-WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
WARNING: translation string unused: ovpn dl
WARNING: translation string unused: ovpn log
@@ -486,16 +484,12 @@ WARNING: translation string unused: released
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
@@ -633,6 +627,7 @@ WARNING: translation string unused: use dov
WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
+WARNING: translation string unused: vpn configuration main
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
@@ -648,10 +643,50 @@ WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
+WARNING: untranslated string: MTU settings
+WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: bytes
+WARNING: untranslated string: capabilities
+WARNING: untranslated string: dh
+WARNING: untranslated string: dh key move failed
+WARNING: untranslated string: dh key warn
+WARNING: untranslated string: dh key warn1
+WARNING: untranslated string: firewall logs country
WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: gen dh
+WARNING: untranslated string: generate dh key
+WARNING: untranslated string: imei
+WARNING: untranslated string: imsi
+WARNING: untranslated string: model
+WARNING: untranslated string: modem hardware details
+WARNING: untranslated string: modem information
+WARNING: untranslated string: modem network bit error rate
+WARNING: untranslated string: modem network information
+WARNING: untranslated string: modem network mode
+WARNING: untranslated string: modem network operator
+WARNING: untranslated string: modem network registration
+WARNING: untranslated string: modem network signal quality
+WARNING: untranslated string: modem no connection
+WARNING: untranslated string: modem no connection message
+WARNING: untranslated string: modem sim information
+WARNING: untranslated string: modem status
+WARNING: untranslated string: monitor interface
+WARNING: untranslated string: not a valid dh key
+WARNING: untranslated string: ovpn crypt options
+WARNING: untranslated string: ovpn dh
+WARNING: untranslated string: ovpn dh new key
+WARNING: untranslated string: ovpn dh parameters
+WARNING: untranslated string: ovpn dh upload
+WARNING: untranslated string: ovpn generating the root and host certificates
+WARNING: untranslated string: ovpn ha
+WARNING: untranslated string: ovpn hmac
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
+WARNING: untranslated string: show dh
+WARNING: untranslated string: software version
+WARNING: untranslated string: source ip country
+WARNING: untranslated string: upload dh key
+WARNING: untranslated string: vendor
diff --git a/doc/language_missings b/doc/language_missings
index 1a386c1..2def481 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -6,6 +6,7 @@
############################################################################
< addon
< ccd maxclients
+< ovpn_fragment
############################################################################
# Checking install/setup translations for language: fr #
############################################################################
@@ -26,6 +27,7 @@
< atm device
< attention
< bit
+< capabilities
< ccd add
< ccd choose net
< ccd clientip
@@ -77,6 +79,10 @@
< default ip
< deprecated fs warn
< details
+< dh
+< dh key move failed
+< dh key warn
+< dh key warn1
< dnat address
< dns address deleted txt
< dnsforward
@@ -87,7 +93,6 @@
< dnsforward forward_server
< dnsforward zone
< dns servers
-< downlink
< dpd delay
< dpd timeout
< drop action
@@ -115,8 +120,8 @@
< fireinfo why enable
< fireinfo why read more
< fireinfo your profile id
+< firewall logs country
< firewall rules
-< first
< flag
< forward firewall
< fw default drop
@@ -302,8 +307,12 @@
< fw settings dropdown
< fw settings remark
< fw settings ruletable
+< gen dh
+< generate dh key
< grouptype
< hardware support
+< imei
+< imsi
< incoming firewall access
< integrity
< invalid input for dpd delay
@@ -311,7 +320,6 @@
< ipsec
< ipsec network
< ipsec no connections
-< last
< least preferred
< lifetime
< mac filter
@@ -320,11 +328,28 @@
< MB written
< minimum
< minute
+< model
+< modem hardware details
+< modem information
+< modem network bit error rate
+< modem network information
+< modem network mode
+< modem network operator
+< modem network registration
+< modem network signal quality
+< modem no connection
+< modem no connection message
+< modem sim information
+< modem status
< most preferred
+< MTU settings
+< never
< no hardware random number generator
+< not a valid dh key
< notice
< ntp common settings
< ntp sync
+< Number of Countries for the pie chart
< openvpn default
< openvpn destination port used
< openvpn disabled
@@ -339,6 +364,15 @@
< other
< our donors
< outgoing firewall access
+< ovpn crypt options
+< ovpn dh
+< ovpn dh new key
+< ovpn dh parameters
+< ovpn dh upload
+< ovpn engines
+< ovpn generating the root and host certificates
+< ovpn ha
+< ovpn hmac
< ovpn mgmt in root range
< ovpn mtu-disc
< ovpn mtu-disc and mtu not 1500
@@ -349,6 +383,7 @@
< ovpn mtu-disc yes
< ovpn no connections
< ovpn port in root range
+< ovpn reneg sec
< p2p block
< p2p block save notice
< proxy reports
@@ -360,8 +395,11 @@
< random number generator daemon
< red1
< server restart
+< show dh
< snat new source ip address
< snort working
+< software version
+< source ip country
< ssh
< static routes
< support donation
@@ -423,13 +461,14 @@
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
-< uplink
+< upload dh key
< upload new ruleset
< uptime
< uptime load average
< urlfilter file ext block
< urlfilter mode block
< urlfilter redirect template
+< vendor
< visit us at
< vpn keyexchange
< wlanap access point
@@ -505,6 +544,7 @@
< atm device
< attention
< bit
+< capabilities
< ccd add
< ccd choose net
< ccd clientip
@@ -556,6 +596,10 @@
< default ip
< deprecated fs warn
< details
+< dh
+< dh key move failed
+< dh key warn
+< dh key warn1
< dnat address
< dnsforward
< dnsforward add a new entry
@@ -565,7 +609,6 @@
< dnsforward forward_server
< dnsforward zone
< dns servers
-< downlink
< dpd delay
< dpd timeout
< drop action
@@ -593,8 +636,8 @@
< fireinfo why enable
< fireinfo why read more
< fireinfo your profile id
+< firewall logs country
< firewall rules
-< first
< flag
< forward firewall
< fw default drop
@@ -780,8 +823,12 @@
< fw settings dropdown
< fw settings remark
< fw settings ruletable
+< gen dh
+< generate dh key
< grouptype
< hardware support
+< imei
+< imsi
< incoming firewall access
< integrity
< invalid input for dpd delay
@@ -789,7 +836,6 @@
< ipsec
< ipsec network
< ipsec no connections
-< last
< least preferred
< lifetime
< mac filter
@@ -798,9 +844,26 @@
< MB written
< minimum
< minute
+< model
+< modem hardware details
+< modem information
+< modem network bit error rate
+< modem network information
+< modem network mode
+< modem network operator
+< modem network registration
+< modem network signal quality
+< modem no connection
+< modem no connection message
+< modem sim information
+< modem status
< most preferred
+< MTU settings
+< never
< no hardware random number generator
+< not a valid dh key
< notice
+< Number of Countries for the pie chart
< openvpn default
< openvpn destination port used
< openvpn disabled
@@ -829,8 +892,17 @@
< outgoing firewall p2p description 2
< outgoing firewall p2p description 3
< outgoing firewall view group
+< ovpn crypt options
+< ovpn dh
+< ovpn dh new key
+< ovpn dh parameters
+< ovpn dh upload
+< ovpn engines
< ovpn errmsg green already pushed
< ovpn errmsg invalid ip or mask
+< ovpn generating the root and host certificates
+< ovpn ha
+< ovpn hmac
< ovpn mgmt in root range
< ovpn mtu-disc
< ovpn mtu-disc and mtu not 1500
@@ -841,6 +913,7 @@
< ovpn mtu-disc yes
< ovpn no connections
< ovpn port in root range
+< ovpn reneg sec
< ovpn routes push
< ovpn routes push options
< p2p block
@@ -855,7 +928,10 @@
< red1
< server restart
< Set time on boot
+< show dh
< snat new source ip address
+< software version
+< source ip country
< ssh
< static routes
< support donation
@@ -917,10 +993,11 @@
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
-< uplink
+< upload dh key
< uptime
< uptime load average
< urlfilter redirect template
+< vendor
< visit us at
< vpn keyexchange
< wlanap country
@@ -975,6 +1052,7 @@
< atm device
< attention
< bit
+< capabilities
< ccd add
< ccd choose net
< ccd clientip
@@ -1026,6 +1104,10 @@
< default ip
< deprecated fs warn
< details
+< dh
+< dh key move failed
+< dh key warn
+< dh key warn1
< dnat address
< dnsforward
< dnsforward add a new entry
@@ -1035,7 +1117,6 @@
< dnsforward forward_server
< dnsforward zone
< dns servers
-< downlink
< dpd delay
< dpd timeout
< drop action
@@ -1055,8 +1136,8 @@
< extrahd unable to read
< extrahd unable to write
< extrahd you cant mount
+< firewall logs country
< firewall rules
-< first
< flag
< forward firewall
< fw default drop
@@ -1242,8 +1323,12 @@
< fw settings dropdown
< fw settings remark
< fw settings ruletable
+< gen dh
+< generate dh key
< grouptype
< hardware support
+< imei
+< imsi
< incoming firewall access
< integrity
< invalid input for dpd delay
@@ -1251,7 +1336,6 @@
< ipsec
< ipsec network
< ipsec no connections
-< last
< least preferred
< lifetime
< mac filter
@@ -1260,9 +1344,26 @@
< MB written
< minimum
< minute
+< model
+< modem hardware details
+< modem information
+< modem network bit error rate
+< modem network information
+< modem network mode
+< modem network operator
+< modem network registration
+< modem network signal quality
+< modem no connection
+< modem no connection message
+< modem sim information
+< modem status
< most preferred
+< MTU settings
+< never
< no hardware random number generator
+< not a valid dh key
< notice
+< Number of Countries for the pie chart
< openvpn default
< openvpn destination port used
< openvpn disabled
@@ -1277,8 +1378,17 @@
< other
< our donors
< outgoing firewall access
+< ovpn crypt options
+< ovpn dh
+< ovpn dh new key
+< ovpn dh parameters
+< ovpn dh upload
+< ovpn engines
< ovpn errmsg green already pushed
< ovpn errmsg invalid ip or mask
+< ovpn generating the root and host certificates
+< ovpn ha
+< ovpn hmac
< ovpn mgmt in root range
< ovpn mtu-disc
< ovpn mtu-disc and mtu not 1500
@@ -1289,6 +1399,7 @@
< ovpn mtu-disc yes
< ovpn no connections
< ovpn port in root range
+< ovpn reneg sec
< ovpn routes push
< ovpn routes push options
< p2p block
@@ -1302,7 +1413,10 @@
< random number generator daemon
< red1
< server restart
+< show dh
< snat new source ip address
+< software version
+< source ip country
< ssh
< static routes
< support donation
@@ -1363,10 +1477,11 @@
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
-< uplink
+< upload dh key
< uptime
< uptime load average
< urlfilter redirect template
+< vendor
< visit us at
< vpn keyexchange
< wlanap country
@@ -1422,6 +1537,7 @@
< atm device
< attention
< bit
+< capabilities
< ccd add
< ccd choose net
< ccd clientip
@@ -1474,6 +1590,10 @@
< default ip
< deprecated fs warn
< details
+< dh
+< dh key move failed
+< dh key warn
+< dh key warn1
< disk access per
< dnat address
< dnsforward
@@ -1484,7 +1604,6 @@
< dnsforward forward_server
< dnsforward zone
< dns servers
-< downlink
< dpd delay
< dpd timeout
< drop action
@@ -1505,8 +1624,8 @@
< extrahd unable to read
< extrahd unable to write
< extrahd you cant mount
+< firewall logs country
< firewall rules
-< first
< flag
< forward firewall
< frequency
@@ -1693,9 +1812,13 @@
< fw settings dropdown
< fw settings remark
< fw settings ruletable
+< gen dh
+< generate dh key
< grouptype
< hardware support
< hour-graph
+< imei
+< imsi
< incoming firewall access
< incoming traffic in bytes per second
< integrity
@@ -1704,7 +1827,6 @@
< ipsec
< ipsec network
< ipsec no connections
-< last
< least preferred
< lifetime
< mac filter
@@ -1713,10 +1835,27 @@
< MB written
< minimum
< minute
+< model
+< modem hardware details
+< modem information
+< modem network bit error rate
+< modem network information
+< modem network mode
+< modem network operator
+< modem network registration
+< modem network signal quality
+< modem no connection
+< modem no connection message
+< modem sim information
+< modem status
< month-graph
< most preferred
+< MTU settings
+< never
< no hardware random number generator
+< not a valid dh key
< notice
+< Number of Countries for the pie chart
< openvpn default
< openvpn destination port used
< openvpn disabled
@@ -1732,6 +1871,15 @@
< our donors
< outgoing firewall access
< outgoing traffic in bytes per second
+< ovpn crypt options
+< ovpn dh
+< ovpn dh new key
+< ovpn dh parameters
+< ovpn dh upload
+< ovpn engines
+< ovpn generating the root and host certificates
+< ovpn ha
+< ovpn hmac
< ovpn mgmt in root range
< ovpn mtu-disc
< ovpn mtu-disc and mtu not 1500
@@ -1742,6 +1890,7 @@
< ovpn mtu-disc yes
< ovpn no connections
< ovpn port in root range
+< ovpn reneg sec
< p2p block
< p2p block save notice
< proxy reports
@@ -1753,7 +1902,10 @@
< random number generator daemon
< red1
< server restart
+< show dh
< snat new source ip address
+< software version
+< source ip country
< ssh
< static routes
< support donation
@@ -1814,10 +1966,11 @@
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
-< uplink
+< upload dh key
< uptime
< uptime load average
< urlfilter redirect template
+< vendor
< visit us at
< vpn keyexchange
< week-graph
diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi
index 4e51ab6..4b4bc63 100644
--- a/html/cgi-bin/ddns.cgi
+++ b/html/cgi-bin/ddns.cgi
@@ -253,8 +253,11 @@ $checked{'SERVICE'}{'nsupdate'} = '';
$checked{'SERVICE'}{'ovh.com'} = '';
$checked{'SERVICE'}{'regfish.com'} = '';
$checked{'SERVICE'}{'selfhost.de'} = '';
+$checked{'SERVICE'}{'spdns.org'} = '';
$checked{'SERVICE'}{'strato.com'} = '';
+$checked{'SERVICE'}{'twodns.de'} = '';
$checked{'SERVICE'}{'tzo.com'} = '';
+$checked{'SERVICE'}{'variomedia.de'} = '';
$checked{'SERVICE'}{'zoneedit.com'} = '';
$checked{'SERVICE'}{$settings{'SERVICE'}} = "selected='selected'";
@@ -349,8 +352,11 @@ print <<END
<option $checked{'SERVICE'}{'ovh.com'}>ovh.com</option>
<option $checked{'SERVICE'}{'regfish.com'}>regfish.com</option>
<option $checked{'SERVICE'}{'selfhost.de'}>selfhost.de</option>
+ <option $checked{'SERVICE'}{'spdns.org'}>spdns.org</option>
<option $checked{'SERVICE'}{'strato.com'}>strato.com</option>
+ <option $checked{'SERVICE'}{'twodns.de'}>twodns.de</option>
<!-- <option $checked{'SERVICE'}{'tzo.com'}>tzo.com</option> comment this service out until a working fix is developed -->
+ <option $checked{'SERVICE'}{'variomedia.de'}>variomedia.de</option>
<option $checked{'SERVICE'}{'zoneedit.com'}>zoneedit.com</option>
</select></td>
<td width='20%' class='base'>$Lang::tr{'hostname'}: <img src='/blob.gif' alt='*' /></td>
diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 55e2645..5a28daa 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -263,9 +263,9 @@ if (-e "/etc/snort/snort.conf") {
####################### End added for snort rules control #################################
if ($snortsettings{'RULES'} eq 'subscripted') {
- $url=" http://www.snort.org/sub-rules/snortrules-snapshot-2953.tar.gz/$snortsettings{'OINKCODE'}";
+ $url=" http://www.snort.org/sub-rules/snortrules-snapshot-2961.tar.gz/$snortsettings{'OINKCODE'}";
} elsif ($snortsettings{'RULES'} eq 'registered') {
- $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz/$snortsettings{'OINKCODE'}";
+ $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/$snortsettings{'OINKCODE'}";
} elsif ($snortsettings{'RULES'} eq 'community') {
$url=" http://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz";
} else {
diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat b/html/cgi-bin/logs.cgi/firewalllogcountry.dat
new file mode 100644
index 0000000..af14279
--- /dev/null
+++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat
@@ -0,0 +1,523 @@
+#!/usr/bin/perl
+#
+# SmoothWall CGIs
+#
+# This code is distributed under the terms of the GPL
+#
+# JC HERITIER
+# page inspired from the initial firewalllog.dat
+#
+# Modified for IPFire by Christian Schmidt
+# and Michael Tremer (www.ipfire.org)
+
+use strict;
+use Geo::IP::PurePerl;
+use Getopt::Std;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+use POSIX();
+
+my %cgiparams=();
+my %settings=();
+my $pienumber;
+my $otherspie;
+my $showpie;
+my $sortcolumn;
+my $errormessage = '';
+
+$cgiparams{'pienumber'} = 10;
+$cgiparams{'otherspie'} = 1;
+$cgiparams{'showpie'} = 1;
+$cgiparams{'sortcolumn'} = 1;
+
+my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug',
+ 'Sep', 'Oct', 'Nov', 'Dec' );
+my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'},
+ $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'},
+ $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'},
+ $Lang::tr{'december'} );
+
+my @now = localtime();
+my $dow = $now[6];
+my $doy = $now[7];
+my $tdoy = $now[7];
+my $year = $now[5]+1900;
+
+$cgiparams{'DAY'} = $now[3];
+$cgiparams{'MONTH'} = $now[4];
+$cgiparams{'ACTION'} = '';
+
+&General::readhash("${General::swroot}/fwlogs/ipsettings", \%settings);
+if ($settings{'pienumber'} != 0) { $cgiparams{'pienumber'} = $settings{'pienumber'} };
+if ($settings{'otherspie'} != 0) { $cgiparams{'otherspie'} = $settings{'otherspie'} };
+if ($settings{'showpie'} != 0) { $cgiparams{'showpie'} = $settings{'showpie'} };
+if ($settings{'sortcolumn'} != 0) { $cgiparams{'sortcolumn'} = $settings{'sortcolumn'} };
+
+&Header::getcgihash(\%cgiparams);
+if ($cgiparams{'pienumber'} != 0) { $settings{'pienumber'} = $cgiparams{'pienumber'} };
+if ($cgiparams{'otherspie'} != 0) { $settings{'otherspie'} = $cgiparams{'otherspie'} };
+if ($cgiparams{'showpie'} != 0) { $settings{'showpie'} = $cgiparams{'showpie'} };
+if ($cgiparams{'sortcolumn'} != 0) { $settings{'sortcolumn'} = $cgiparams{'sortcolumn'} };
+
+if ($cgiparams{'ACTION'} eq $Lang::tr{'save'})
+{
+ &General::writehash("${General::swroot}/fwlogs/ipsettings", \%settings);
+}
+
+my $start = -1;
+if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'})
+{
+ my @temp = split(',',$ENV{'QUERY_STRING'});
+ $start = $temp[0];
+ $cgiparams{'MONTH'} = $temp[1];
+ $cgiparams{'DAY'} = $temp[2];
+}
+
+if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) ||
+ !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/))
+{
+ $cgiparams{'DAY'} = $now[3];
+ $cgiparams{'MONTH'} = $now[4];
+}
+elsif($cgiparams{'ACTION'} eq '>>')
+{
+ my @temp_then=();
+ my @temp_now = localtime(time);
+ $temp_now[4] = $cgiparams{'MONTH'};
+ $temp_now[3] = $cgiparams{'DAY'};
+ @temp_then = localtime(POSIX::mktime(@temp_now) + 86400);
+ ## Retrieve the same time on the next day -
+ ## 86400 seconds in a day
+ $cgiparams{'MONTH'} = $temp_then[4];
+ $cgiparams{'DAY'} = $temp_then[3];
+}
+elsif($cgiparams{'ACTION'} eq '<<')
+{
+ my @temp_then=();
+ my @temp_now = localtime(time);
+ $temp_now[4] = $cgiparams{'MONTH'};
+ $temp_now[3] = $cgiparams{'DAY'};
+ @temp_then = localtime(POSIX::mktime(@temp_now) - 86400);
+ ## Retrieve the same time on the previous day -
+ ## 86400 seconds in a day
+ $cgiparams{'MONTH'} = $temp_then[4];
+ $cgiparams{'DAY'} = $temp_then[3];
+}
+
+if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4]))
+{
+ my @then = ();
+ if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) ||
+ ( $cgiparams{'MONTH'} > $now[4] ) ) {
+ @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 ));
+ } else {
+ @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 ));
+ }
+ $tdoy = $then[7];
+ my $lastleap=($year-1)%4;
+ if ($tdoy>$doy) {
+ if ($lastleap == 0 && $tdoy < 60) {
+ $doy=$tdoy+366;
+ } else {
+ $doy=$doy+365;
+ }
+ }
+}
+
+my $datediff=0;
+my $dowd=0;
+my $multifile=0;
+if ($tdoy ne $doy) {
+ $datediff=int(($doy-$tdoy)/7);
+ $dowd=($doy-$tdoy)%7;
+ if (($dow-$dowd)<1) {
+ $datediff=$datediff+1;
+ }
+ if (($dow-$dowd)==0) {
+ $multifile=1;
+ }
+}
+
+my $monthstr = $shortmonths[$cgiparams{'MONTH'}];
+my $longmonthstr = $longmonths[$cgiparams{'MONTH'}];
+my $day = $cgiparams{'DAY'};
+my $daystr='';
+if ($day <= 9) {
+ $daystr = " $day"; }
+else {
+ $daystr = $day;
+}
+
+my $skip=0;
+my $filestr='';
+if ($datediff==0) {
+ $filestr="/var/log/messages";
+} else {
+ $filestr="/var/log/messages.$datediff";
+ $filestr = "$filestr.gz" if -f "$filestr.gz";
+}
+
+if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) {
+ $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}";
+ $skip=1;
+ # Note: This is in case the log does not exist for that date
+}
+my $lines = 0;
+my @log=();
+
+if (!$skip)
+{
+ while (<FILE>)
+ {
+ if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
+ $log[$lines] = $_;
+ $lines++;
+ }
+ }
+ close (FILE);
+}
+
+$skip=0;
+if ($multifile) {
+ $datediff=$datediff-1;
+ if ($datediff==0) {
+ $filestr="/var/log/messages";
+ } else {
+ $filestr="/var/log/messages.$datediff";
+ $filestr = "$filestr.gz" if -f "$filestr.gz";
+ }
+ if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) {
+ $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}";
+ $skip=1;
+ }
+ if (!$skip) {
+ while (<FILE>) {
+ if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
+ $log[$lines] = $_;
+ $lines++;
+ }
+ }
+ close (FILE);
+ }
+}
+
+my $MODNAME="fwlogs";
+
+&Header::showhttpheaders();
+&Header::openpage($Lang::tr{'firewall log'}, 1, '');
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+
+if ($errormessage) {
+ &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+ print "<font class='base'>$errormessage </font>\n";
+ &Header::closebox();
+}
+
+&Header::openbox('100%', 'left', "$Lang::tr{'settings'}");
+
+print <<END
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<table width='100%'>
+<tr>
+ <td width='10%' class='base'>$Lang::tr{'month'}: </td>
+ <td width='10%'>
+ <select name='MONTH'>
+END
+;
+my $month;
+for ($month = 0; $month < 12; $month++)
+{
+ print "\t<option ";
+ if ($month == $cgiparams{'MONTH'}) {
+ print "selected='selected' "; }
+ print "value='$month'>$longmonths[$month]</option>\n";
+}
+print <<END
+ </select>
+ </td>
+ <td width='10%' class='base' align='right'> $Lang::tr{'day'}: </td>
+ <td width='40%'>
+ <select name='DAY'>
+END
+;
+for ($day = 1; $day <= 31; $day++)
+{
+ print "\t<option ";
+ if ($day == $cgiparams{'DAY'}) {
+ print "selected='selected' "; }
+ print "value='$day'>$day</option>\n";
+}
+
+if( $cgiparams{'pienumber'} != 0){$pienumber=$cgiparams{'pienumber'};}
+if( $cgiparams{'otherspie'} != 0){$otherspie=$cgiparams{'otherspie'};}
+if( $cgiparams{'showpie'} != 0){$showpie=$cgiparams{'showpie'};}
+if( $cgiparams{'sortcolumn'} != 0){$sortcolumn=$cgiparams{'sortcolumn'};}
+
+print <<END
+</select>
+</td>
+<td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day before'}' value='<<' /></td>
+<td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day after'}' value='>>' /></td>
+<td width='20%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td>
+</tr>
+<tr>
+ <td colspan='3' align='left' valign="left">$Lang::tr{'Number of Countries for the pie chart'}:</td>
+ <td colspan='3' align='left' valign="center"><input type='text' name='pienumber' value='$pienumber' size='4'></td>
+ <td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
+</tr>
+</table>
+</form>
+END
+;
+
+&Header::closebox();
+
+&Header::openbox('100%', 'left', 'Firewall Logs');
+print "<p><b>$Lang::tr{'firewall hits'} $longmonthstr $daystr: $lines</b></p>";
+
+my $linesjc = 0;
+my %tabjc;
+my $gi = Geo::IP::PurePerl->new();
+
+if ($pienumber == -1 || $pienumber > $lines || $sortcolumn == 2) { $pienumber = $lines; };
+$lines = 0;
+foreach $_ (@log)
+{
+ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ my $packet = $4;
+ $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
+ $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
+
+ if($iface eq 'red0') {
+ if($srcaddr ne '') {
+ my $ccode = $gi->country_code_by_name($srcaddr);
+ if( $ccode eq '') {
+ $ccode = 'unknown';
+ }
+ $tabjc{$ccode} = $tabjc{$ccode} + 1 ;
+ if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; }
+ $linesjc++;
+ }
+ }
+ else {
+ if($iface ne '') {
+ $tabjc{$iface} = $tabjc{$iface} + 1 ;
+ if(($tabjc{$iface} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; }
+ $linesjc++;
+ }
+ }
+}
+
+$pienumber = $lines;
+
+my @keytabjc = keys %tabjc;
+
+my @slice;
+my $go;
+my $nblinejc;
+
+if( $cgiparams{'linejc'} eq 'all' ){ $nblinejc = $linesjc; $go=1; }
+if( ($cgiparams{'linejc'} != 0) && ($cgiparams{'linejc'} ne 'all') ){ $nblinejc = $cgiparams{'linejc'}; $go=1;}
+if( $go != 1){ $nblinejc = 1000; }
+
+my @key;
+my @value;
+my $indice=0;
+my @tabjc2;
+
+if ($sortcolumn == 1)
+{
+ @tabjc2 = sort { $b <=> $a } values (%tabjc);
+}
+else
+{
+ @tabjc2 = sort { $a <=> $b } keys (%tabjc);
+}
+
+my $colour=1;
+
+##############################################
+#pie chart generation
+use GD::Graph::pie;
+use GD::Graph::colour;
+#ips sort by hits number
+my $v;
+
+if ($sortcolumn == 1)
+{
+ for ($v=0;$v<$pienumber;$v++){
+ findkey($tabjc2[$v]);
+ }
+}
+else
+{
+ foreach $v (@tabjc2) {
+ $key[$indice] = $v;
+ $value[$indice] = $tabjc{$v};
+ $indice++;
+ }
+}
+
+my @ips;
+my @numb;
+
+(a)ips = @key;
+(a)numb = @value;
+
+my $o;
+
+if($cgiparams{'otherspie'} == 2 ){}
+else{
+ my $numothers;
+ for($o=0;$o<$pienumber;$o++){
+ $numothers = $numothers + $numb[$o];
+ }
+ $numothers = $linesjc - $numothers;
+ if ($numothers > 0) {
+ $ips[$pienumber]="$Lang::tr{'otherip'}";
+ $numb[$pienumber] = $numothers;
+ }
+}
+
+my @data = (\@ips,\@numb);
+use GD::Graph::colour qw( :files );
+
+my $color=0;
+my %color = ();
+my %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+if ($showpie != 2 && $pienumber <= 50 && $pienumber != 0) {
+ my $mygraph = GD::Graph::pie->new(500, 350);
+ $mygraph->set(
+ 'title' => '',
+ 'pie_height' => 50,
+ 'start_angle' => 89
+ ) or warn $mygraph->error;
+
+ $mygraph->set_value_font(GD::gdMediumBoldFont);
+ $mygraph->set( dclrs => [ "$color{'color1'}" , "$color{'color2'}" , "$color{'color3'}" , "$color{'color4'}" , "$color{'color5'}" , "$color{'color6'}" , "$color{'color7'}" , "$color{'color8'}" , "$color{'color9'}" , "$color{'color10'}" ] );
+ my $myimage = $mygraph->plot(\@data) or die $mygraph->error;
+
+ my @filenames = glob("/srv/web/ipfire/html/graphs/fwlog-country*.png");
+ unlink(@filenames);
+ my $imagerandom = rand(1000000);
+ my $imagename = "/srv/web/ipfire/html/graphs/fwlog-country$imagerandom.png";
+ open(FILE,">$imagename");
+ print FILE $myimage->png;
+ close(FILE);
+ #####################################################
+ print "<div style='text-align:center;'>";
+ print "<img src='/graphs/fwlog-country$imagerandom.png'>";
+ print "</div>";
+}
+
+print <<END
+<table width='100%' class='tbl'>
+<tr>
+<th width='10%' align='center' class='boldbase'></th>
+<th width='30%' align='center' class='boldbase'><b>$Lang::tr{'country'}</b></th>
+<th width='30%' align='center' class='boldbase'><b>Count</b></th>
+<th width='30%' align='center' class='boldbase'><b>$Lang::tr{'percentage'}</b></th>
+</tr>
+END
+;
+
+my $total=0;
+my $show=0;
+
+my $s;
+my $percent;
+my $col="";
+
+for($s=0;$s<$lines;$s++)
+{
+ $show++;
+ $percent = $value[$s] * 100 / $linesjc;
+ $percent = sprintf("%.f", $percent);
+ $total = $total + $value[$s];
+ my $colorIndex = $color % 10;
+ if($colorIndex == 0) {
+ $colorIndex = 10;
+ }
+ $col="bgcolor='$color{\"color$colorIndex\"}'";
+ $color++;
+ print "<tr>";
+
+ print "<td align='center' $col><form method='post' action='showrequestfromcountry.dat'><input type='hidden' name='MONTH' value='$cgiparams{'MONTH'}'> <input type='hidden' name='DAY' value='$cgiparams{'DAY'}'> <input type='hidden' name='country' value='$key[$s]'> <input type='submit' value='details'></form></td>";
+ if($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq 'orange0') {
+ print "<td align='center' $col>$key[$s]</td>";
+ }
+ else {
+ if($key[$s] ne 'unknown' ) {
+ my $fcode = lc($key[$s]);
+ print "<td align='center' $col><a href='/cgi-bin/country.cgi#$fcode'><img src='/images/flags/$fcode.png' border='0' align='absmiddle' alt='$key[$s]' title='$key[$s]'></a></td>";}
+ else {
+ print "<td align='center' $col>$key[$s]</td>";
+ }
+ }
+ print "<td align='center' $col>$value[$s]</td>";
+ print "<td align='center' $col>$percent</td>";
+ print "</tr>";
+}
+
+if($cgiparams{'otherspie'} == 2 ){}
+else{
+ my $colorIndex = $color % 10;
+ if($colorIndex == 0) {
+ $colorIndex = 10;
+ }
+ $col="bgcolor='$color{\"color$colorIndex\"}'";
+ print "<tr>";
+
+if ( $linesjc ne "0")
+{
+my $dif;
+$dif = $linesjc - $total;
+$percent = $dif * 100 / $linesjc;
+$percent = sprintf("%.f", $percent);
+print <<END
+<td align='center' $col></TD>
+<td align='center' $col>$Lang::tr{'other countries'}</td>
+<td align='center' $col>$dif</TD>
+<td align='center' $col>$percent</TD>
+</tr>
+END
+;
+}
+}
+print <<END
+</TABLE>
+END
+;
+
+&Header::closebox();
+&Header::closebigbox();
+&Header::closepage();
+
+sub findkey {
+ my $v;
+ foreach $v (@keytabjc) {
+ if ($tabjc{$v} eq $_[0]) {
+ delete $tabjc{$v};
+ $key[$indice] = "$v";
+ $value[$indice] = $_[0];
+ $indice++;
+ last;
+ }
+ }
+}
+sub checkversion {
+ #Automatic Updates is disabled
+ return "0","0";
+}
+
diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
new file mode 100644
index 0000000..5283c42
--- /dev/null
+++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
@@ -0,0 +1,412 @@
+#!/usr/bin/perl
+# SmoothWall CGIs
+#
+# This code is distributed under the terms of the GPL
+#
+# JC HERITIER
+# page inspired from the initial firewalllog.dat
+#
+# Modified for IPFire by Christian Schmidt (www.ipfire.org)
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+#use strict;
+use Geo::IP::PurePerl;
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+use POSIX();
+
+#workaround to suppress a warning when a variable is used only once
+my @dummy = ( ${Header::table2colour} );
+undef (@dummy);
+
+my %cgiparams=();
+my %logsettings=();
+my $errormessage = '';
+
+my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug',
+ 'Sep', 'Oct', 'Nov', 'Dec' );
+my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'},
+ $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'},
+ $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'},
+ $Lang::tr{'december'} );
+
+my @now = localtime();
+my $dow = $now[6];
+my $doy = $now[7];
+my $tdoy = $now[7];
+my $year = $now[5]+1900;
+
+$cgiparams{'DAY'} = $now[3];
+$cgiparams{'MONTH'} = $now[4];
+$cgiparams{'ACTION'} = '';
+
+&Header::getcgihash(\%cgiparams);
+
+$logsettings{'LOGVIEW_REVERSE'} = 'off';
+&General::readhash("${General::swroot}/logging/settings", \%logsettings);
+
+my $start = -1;
+if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'})
+{
+ my @temp = split(',',$ENV{'QUERY_STRING'});
+ $start = $temp[0];
+ $cgiparams{'MONTH'} = $temp[1];
+ $cgiparams{'DAY'} = $temp[2];
+ $cgiparams{country} = $temp[3];
+}
+
+if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) ||
+ !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/))
+{
+ $cgiparams{'DAY'} = $now[3];
+ $cgiparams{'MONTH'} = $now[4];
+}
+elsif($cgiparams{'ACTION'} eq '>>')
+{
+ my @temp_then=();
+ my @temp_now = localtime(time);
+ $temp_now[4] = $cgiparams{'MONTH'};
+ $temp_now[3] = $cgiparams{'DAY'};
+ @temp_then = localtime(POSIX::mktime(@temp_now) + 86400);
+ ## Retrieve the same time on the next day -
+ ## 86400 seconds in a day
+ $cgiparams{'MONTH'} = $temp_then[4];
+ $cgiparams{'DAY'} = $temp_then[3];
+}
+elsif($cgiparams{'ACTION'} eq '<<')
+{
+ my @temp_then=();
+ my @temp_now = localtime(time);
+ $temp_now[4] = $cgiparams{'MONTH'};
+ $temp_now[3] = $cgiparams{'DAY'};
+ @temp_then = localtime(POSIX::mktime(@temp_now) - 86400);
+ ## Retrieve the same time on the previous day -
+ ## 86400 seconds in a day
+ $cgiparams{'MONTH'} = $temp_then[4];
+ $cgiparams{'DAY'} = $temp_then[3];
+}
+
+if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4]))
+{
+ my @then = ();
+ if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) ||
+ ( $cgiparams{'MONTH'} > $now[4] ) ) {
+ @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 ));
+ } else {
+ @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 ));
+ }
+ $tdoy = $then[7];
+ my $lastleap=($year-1)%4;
+ if ($tdoy>$doy) {
+ if ($lastleap == 0 && $tdoy < 60) {
+ $doy=$tdoy+366;
+ } else {
+ $doy=$doy+365;
+ }
+ }
+}
+my $datediff=0;
+my $dowd=0;
+my $multifile=0;
+if ($tdoy ne $doy) {
+ $datediff=int(($doy-$tdoy)/7);
+ $dowd=($doy-$tdoy)%7;
+ if (($dow-$dowd)<1) {
+ $datediff=$datediff+1;
+ }
+ if (($dow-$dowd)==0) {
+ $multifile=1;
+ }
+}
+
+my $monthstr = $shortmonths[$cgiparams{'MONTH'}];
+my $longmonthstr = $longmonths[$cgiparams{'MONTH'}];
+my $day = $cgiparams{'DAY'};
+my $daystr='';
+if ($day <= 9) {
+ $daystr = " $day"; }
+else {
+ $daystr = $day;
+}
+
+my $skip=0;
+my $filestr='';
+if ($datediff==0) {
+ $filestr="/var/log/messages";
+} else {
+ $filestr="/var/log/messages.$datediff";
+ $filestr = "$filestr.gz" if -f "$filestr.gz";
+}
+
+if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) {
+ $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}";
+ $skip=1;
+ # Note: This is in case the log does not exist for that date
+}
+my $lines = 0;
+my @log=();
+my $country = $cgiparams{country};
+my $gi = Geo::IP::PurePerl->new();
+
+if (!$skip)
+{
+ while (<FILE>)
+ {
+ if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
+ my $packet = $2;
+ $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
+ $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
+
+ if($iface eq $country) {
+ $log[$lines] = $_;
+ $lines++;
+ }
+ elsif($srcaddr ne '') {
+ my $ccode = $gi->country_code_by_name($srcaddr);
+ if($ccode eq $country){
+ $log[$lines] = $_;
+ $lines++;
+ }
+ }
+ }
+ }
+ close (FILE);
+}
+
+$skip=0;
+if ($multifile) {
+ $datediff=$datediff-1;
+ if ($datediff==0) {
+ $filestr="/var/log/messages";
+ } else {
+ $filestr="/var/log/messages.$datediff";
+ $filestr = "$filestr.gz" if -f "$filestr.gz";
+ }
+ if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) {
+ $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}";
+ $skip=1;
+ }
+ if (!$skip) {
+ while (<FILE>) {
+ if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
+ if($_ =~ /SRC\=([\d\.]+)/){
+ my $srcaddr=$1;
+ my $ccode = $gi->country_code_by_name($srcaddr);
+ if($ccode eq $country){
+ $log[$lines] = $_;
+ $lines++;
+ }
+ }
+ }
+ }
+ close (FILE);
+ }
+}
+
+&Header::showhttpheaders();
+&Header::openpage($Lang::tr{'firewall log'}, 1, '');
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+if ($errormessage) {
+ &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+ print "<font class='base'>$errormessage </font>\n";
+ &Header::closebox();
+}
+
+&Header::openbox('100%', 'left', "$Lang::tr{'settings'}:");
+
+print <<END
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<table width='100%'>
+<tr>
+ <td width='10%' class='base'>$Lang::tr{'month'}: </td>
+ <td width='10%'>
+ <select name='MONTH'>
+END
+;
+my $month;
+for ($month = 0; $month < 12; $month++)
+{
+ print "\t<option ";
+ if ($month == $cgiparams{'MONTH'}) {
+ print "selected='selected' "; }
+ print "value='$month'>$longmonths[$month]</option>\n";
+}
+print <<END
+ </select>
+ </td>
+ <td width='10%' class='base' align='right'> $Lang::tr{'day'}: </td>
+ <td width='40%'>
+ <select name='DAY'>
+END
+;
+for ($day = 1; $day <= 31; $day++)
+{
+ print "\t<option ";
+ if ($day == $cgiparams{'DAY'}) {
+ print "selected='selected' "; }
+ print "value='$day'>$day</option>\n";
+}
+print <<END
+</select>
+</td>
+<td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day before'}' value='<<' /></td>
+<td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day after'}' value='>>' /></td>
+<td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td>
+<tr><td width='15%'>$Lang::tr{'source ip country'}</td><td><input type='text' name='country' value='$cgiparams{country}'size='15'></td></tr>
+</tr>
+</table>
+</form>
+END
+;
+
+&Header::closebox();
+
+&Header::openbox('100%', 'left', $Lang::tr{'firewall log'});
+print "<p><b>$Lang::tr{'firewall hits'} $longmonthstr $daystr: $lines</b></p>";
+
+if ($start == -1) {
+ $start = $lines - ${Header::viewsize}; }
+if ($start >= $lines - ${Header::viewsize}) { $start = $lines - ${Header::viewsize}; };
+if ($start < 0) { $start = 0; }
+
+my $prev = $start - ${Header::viewsize};
+my $next = $start + ${Header::viewsize};
+
+if ($prev < 0) { $prev = 0; }
+if ($next >= $lines) { $next = -1 }
+if ($start == 0) { $prev = -1; }
+
+if ($lines != 0) { &oldernewer(); }
+
+print <<END
+<table width='100%'>
+<tr>
+<td width='10%' align='center' class='boldbase'><b>$Lang::tr{'time'}</b></td>
+<td width='13%' align='center' class='boldbase'><b>$Lang::tr{'chain'}</b></td>
+<td width='5%' align='center' class='boldbase'><b>$Lang::tr{'iface'}</b></td>
+<td width='5%' align='center' class='boldbase'><b>$Lang::tr{'proto'}</b></td>
+<td width='16%' align='center' class='boldbase'><b>$Lang::tr{'source'}</b></td>
+<td width='10%' align='center' class='boldbase'><b>$Lang::tr{'src port'}</b></td>
+<td width='16%' align='center' class='boldbase'><b>$Lang::tr{'destination'}</b></td>
+<td width='16%' align='center' class='boldbase'><b>$Lang::tr{'dst port'}</b></td>
+</tr>
+END
+;
+
+my @slice = splice(@log, $start, ${Header::viewsize});
+
+if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @slice = reverse @slice; }
+
+$lines = 0;
+foreach $_ (@slice)
+{
+ $a = $_;
+ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ my $packet = $4;
+ $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
+ $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
+
+ if($iface eq $country || $srcaddr ne '') {
+ my $ccode;
+ if($iface ne $country) {
+ $ccode = $gi->country_code_by_name($srcaddr);
+ }
+ if($iface eq $country || $ccode eq $country) {
+ my $chain = '';
+ my $in = '-'; my $out = '-';
+ my $srcaddr = ''; my $dstaddr = '';
+ my $protostr = '';
+ my $srcport = ''; my $dstport = '';
+
+ $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ my $timestamp = $1; my $chain = $2; my $packet = $3;
+ $timestamp =~ /(...) (..) (..:..:..)/;
+ my $month = $1; my $day = $2; my $time = $3;
+
+ if ($a =~ /IN\=(\w+)/) { $iface = $1; }
+ if ($a =~ /OUT\=(\w+)/) { $out = $1; }
+ if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
+ if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
+ if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
+ my $protostrlc = lc($protostr);
+ if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
+ if ($a =~ /DPT\=([\d\.]+)/){ $dstport = $1; }
+
+ if ($lines % 2) {
+ print "<tr bgcolor='${Header::table1colour}'>\n"; }
+ else {
+ print "<tr bgcolor='${Header::table2colour}'>\n"; }
+ print <<END
+ <td align='center'>$time</td>
+ <td align='center'>$chain</td>
+ <td align='center'>$iface</td>
+ <td align='center'>$protostr</td>
+ <td align='center'>
+ <table width='100%' cellpadding='0' cellspacing='0'><tr>
+ <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a></td>
+ </tr></table>
+ </td>
+ <td align='center'>$srcport</td>
+ <td align='center'>
+ <table width='100%' cellpadding='0' cellspacing='0'><tr>
+ <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td>
+ </tr></table>
+ </td>
+ <td align='center'>$dstport</td>
+ </tr>
+END
+ ;
+ $lines++;
+ }
+ }
+}
+
+print <<END
+</table>
+END
+;
+
+&oldernewer();
+
+&Header::closebox();
+
+&Header::closebigbox();
+
+&Header::closepage();
+
+sub oldernewer
+{
+ print <<END
+ <table width='100%'>
+ <tr>
+END
+;
+
+ print "<td align='center' width='50%'>";
+ if ($prev != -1) {
+ print "<a href='/cgi-bin/logs.cgi/showrequestfromcountry.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{country}'>$Lang::tr{'older'}</a>"; }
+ else {
+ print "$Lang::tr{'older'}"; }
+ print "</td>\n";
+
+ print "<td align='center' width='50%'>";
+ if ($next != -1) {
+ print "<a href='/cgi-bin/logs.cgi/showrequestfromcountry.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{country}'>$Lang::tr{'newer'}</a>"; }
+ else {
+ print "$Lang::tr{'newer'}"; }
+ print "</td>\n";
+
+print <<END
+ </tr>
+ </table>
+END
+;
+}
+
diff --git a/html/cgi-bin/modem-status.cgi b/html/cgi-bin/modem-status.cgi
new file mode 100755
index 0000000..d278c77
--- /dev/null
+++ b/html/cgi-bin/modem-status.cgi
@@ -0,0 +1,211 @@
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2008 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+
+# enable only the following on debugging purpose
+use warnings;
+use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+require "${General::swroot}/modem-lib.pl";
+
+my $modem;
+my %ethsettings = {};
+my %pppsettings = {};
+
+&General::readhash("${General::swroot}/ethernet/settings", \%ethsettings);
+
+if ($ethsettings{"RED_TYPE"} eq "PPPOE") {
+ &General::readhash("${General::swroot}/ppp/settings", \%pppsettings);
+
+ # Establish the connection to the modem.
+ my $port = $pppsettings{'MONPORT'};
+ if ($port) {
+ $port = "/dev/$port";
+ $modem = Modem->new($port, $pppsettings{"DTERATE"});
+ }
+}
+
+&Header::showhttpheaders();
+&Header::openpage($Lang::tr{'modem information'}, 1, '');
+&Header::openbigbox('100%', 'left');
+
+if ($modem) {
+ &Header::openbox("100%", "center", $Lang::tr{'modem hardware details'});
+
+ print <<END;
+ <table width="100%">
+ <tbody>
+END
+
+ my $vendor = $modem->get_vendor();
+ if ($vendor) {
+ print <<END;
+ <tr>
+ <td width="33%">$Lang::tr{'vendor'}</td>
+ <td>$vendor</td>
+ </tr>
+END
+ }
+
+ my $model = $modem->get_model();
+ if ($model) {
+ print <<END;
+ <tr>
+ <td width="33%">$Lang::tr{'model'}</td>
+ <td>$model</td>
+ </tr>
+END
+ }
+
+ my $software_version = $modem->get_software_version();
+ if ($software_version) {
+ print <<END;
+ <tr>
+ <td width="33%">$Lang::tr{'software version'}</td>
+ <td>$software_version</td>
+ </tr>
+END
+ }
+
+ my $imei = $modem->get_imei();
+ if ($imei) {
+ print <<END;
+ <tr>
+ <td width="33%">$Lang::tr{'imei'}</td>
+ <td>$imei</td>
+ </tr>
+END
+ }
+
+ my @caps = $modem->get_capabilities();
+ if (@caps) {
+ my $caps_string = join(", ", @caps);
+
+ print <<END;
+ <tr>
+ <td width="33%">$Lang::tr{'capabilities'}</td>
+ <td>$caps_string</td>
+ </tr>
+END
+ }
+
+ print <<END;
+ </tbody>
+ </table>
+END
+ &Header::closebox();
+
+
+ &Header::openbox("100%", "center", $Lang::tr{'modem sim information'});
+ print <<END;
+ <table width="100%">
+ <tbody>
+END
+
+ my $imsi = $modem->get_sim_imsi();
+ if ($imsi) {
+ print <<END;
+ <tr>
+ <td width="33%">$Lang::tr{'imsi'}</td>
+ <td>$imsi</td>
+ </tr>
+END
+ }
+
+ print <<END;
+ </tbody>
+ </table>
+END
+ &Header::closebox();
+
+ &Header::openbox("100%", "center", $Lang::tr{'modem network information'});
+ print <<END;
+ <table width="100%">
+ <tbody>
+END
+
+ my $network_registration = $modem->get_network_registration();
+ if ($network_registration) {
+ print <<END;
+ <tr>
+ <td width="33%">$Lang::tr{'modem network registration'}</td>
+ <td>$network_registration</td>
+ </tr>
+END
+ }
+
+ my $network_operator = $modem->get_network_operator();
+ if ($network_operator) {
+ print <<END;
+ <tr>
+ <td width="33%">$Lang::tr{'modem network operator'}</td>
+ <td>$network_operator</td>
+ </tr>
+END
+ }
+
+ my $network_mode = $modem->get_network_mode();
+ if ($network_mode) {
+ print <<END;
+ <tr>
+ <td width="33%">$Lang::tr{'modem network mode'}</td>
+ <td>$network_mode</td>
+ </tr>
+END
+ }
+
+ my $signal_quality = $modem->get_signal_quality();
+ if ($signal_quality) {
+ print <<END;
+ <tr>
+ <td width="33%">$Lang::tr{'modem network signal quality'}</td>
+ <td>$signal_quality dBm</td>
+ </tr>
+END
+ }
+
+ my $bit_error_rate = $modem->get_bit_error_rate();
+ if ($bit_error_rate) {
+ print <<END;
+ <tr>
+ <td width="33%">$Lang::tr{'modem network bit error rate'}</td>
+ <td>$bit_error_rate</td>
+ </tr>
+END
+ }
+ print <<END;
+ </tbody>
+ </table>
+END
+
+ &Header::closebox();
+} else {
+ &Header::openbox("100%", "center", $Lang::tr{'modem no connection'});
+ print "<p>$Lang::tr{'modem no connection message'}</p>";
+ &Header::closebox();
+}
+
+&Header::closebigbox();
+&Header::closepage();
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 877e09c..0e8fad8 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2013 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2014 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -19,7 +19,7 @@
# #
###############################################################################
###
-# Based on IPFireCore 55
+# Based on IPFireCore 77
###
use CGI;
use CGI qw/:standard/;
@@ -80,6 +80,8 @@ $cgiparams{'COMPRESSION'} = 'off';
$cgiparams{'ONLY_PROPOSED'} = 'off';
$cgiparams{'ACTION'} = '';
$cgiparams{'CA_NAME'} = '';
+$cgiparams{'DH_NAME'} = 'dh1024.pem';
+$cgiparams{'DHLENGHT'} = '';
$cgiparams{'DHCP_DOMAIN'} = '';
$cgiparams{'DHCP_DNS'} = '';
$cgiparams{'DHCP_WINS'} = '';
@@ -88,6 +90,9 @@ $cgiparams{'DCOMPLZO'} = 'off';
$cgiparams{'MSSFIX'} = '';
$cgiparams{'number'} = '';
$cgiparams{'PMTU_DISCOVERY'} = '';
+$cgiparams{'DCIPHER'} = '';
+$cgiparams{'DAUTH'} = '';
+$cgiparams{'TLSAUTH'} = '';
$routes_push_file = "${General::swroot}/ovpn/routes_push";
unless (-e $routes_push_file) { system("touch $routes_push_file"); }
unless (-e "${General::swroot}/ovpn/ccd.conf") { system("touch ${General::swroot}/ovpn/ccd.conf"); }
@@ -167,60 +172,6 @@ sub deletebackupcert
unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem");
}
}
-sub checkportfw {
- my $DPORT = shift;
- my $DPROT = shift;
- my %natconfig =();
- my $confignat = "${General::swroot}/firewall/config";
- $DPROT= uc ($DPROT);
- &General::readhasharray($confignat, \%natconfig);
- foreach my $key (sort keys %natconfig){
- my @portarray = split (/\|/,$natconfig{$key}[30]);
- foreach my $value (@portarray){
- if ($value =~ /:/i){
- my ($a,$b) = split (":",$value);
- if ($DPROT eq $natconfig{$key}[12] && $DPORT gt $a && $DPORT lt $b){
- $errormessage= "$Lang::tr{'source port in use'} $DPORT";
- }
- }else{
- if ($DPROT eq $natconfig{$key}[12] && $DPORT eq $value){
- $errormessage= "$Lang::tr{'source port in use'} $DPORT";
- }
- }
- }
- }
- return;
-}
-
-sub checkportoverlap
-{
- my $portrange1 = $_[0]; # New port range
- my $portrange2 = $_[1]; # existing port range
- my @tempr1 = split(/\:/,$portrange1);
- my @tempr2 = split(/\:/,$portrange2);
-
- unless (&checkportinc($tempr1[0], $portrange2)){ return 0;}
- unless (&checkportinc($tempr1[1], $portrange2)){ return 0;}
-
- unless (&checkportinc($tempr2[0], $portrange1)){ return 0;}
- unless (&checkportinc($tempr2[1], $portrange1)){ return 0;}
-
- return 1; # Everything checks out!
-}
-
-# Darren Critchley - we want to make sure that a port entry is not within an already existing range
-sub checkportinc
-{
- my $port1 = $_[0]; # Port
- my $portrange2 = $_[1]; # Port range
- my @tempr1 = split(/\:/,$portrange2);
-
- if ($port1 < $tempr1[0] || $port1 > $tempr1[1]) {
- return 1;
- } else {
- return 0;
- }
-}
sub writeserverconf {
my %sovpnsettings = ();
@@ -243,14 +194,14 @@ sub writeserverconf {
print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";
print CONF "tls-server\n";
- print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n";
- print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n";
- print CONF "key /var/ipfire/ovpn/certs/serverkey.pem\n";
- print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n";
+ print CONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
+ print CONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
+ print CONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
+ print CONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n";
my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'});
print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
#print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
-
+
# Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500.
# If we doesn't use one of them, we can use the configured mtu value.
if ($sovpnsettings{'MSSFIX'} eq 'on')
@@ -258,8 +209,8 @@ sub writeserverconf {
elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp')
{ print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
elsif (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
- ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
- ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
+ ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
{ print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
else
{ print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; }
@@ -294,10 +245,10 @@ sub writeserverconf {
print CONF "client-to-client\n";
}
if ($sovpnsettings{MSSFIX} eq 'on') {
- print CONF "mssfix\n";
+ print CONF "mssfix\n";
}
if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
- print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
+ print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
}
# Check if a valid operating mode has been choosen and use it.
@@ -313,6 +264,14 @@ sub writeserverconf {
print CONF "status-version 1\n";
print CONF "status /var/log/ovpnserver.log 30\n";
print CONF "cipher $sovpnsettings{DCIPHER}\n";
+ if ($sovpnsettings{'DAUTH'} eq '') {
+ print CONF "";
+ } else {
+ print CONF "auth $sovpnsettings{'DAUTH'}\n";
+ }
+ if ($sovpnsettings{'TLSAUTH'} eq 'on') {
+ print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n";
+ }
if ($sovpnsettings{DCOMPLZO} eq 'on') {
print CONF "comp-lzo\n";
}
@@ -731,6 +690,8 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
$vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
$vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
$vpnsettings{'PMTU_DISCOVERY'} = $cgiparams{'PMTU_DISCOVERY'};
+ $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
+ $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
my @temp=();
if ($cgiparams{'FRAGMENT'} eq '') {
@@ -743,6 +704,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
$vpnsettings{'FRAGMENT'} = $cgiparams{'FRAGMENT'};
}
}
+
if ($cgiparams{'MSSFIX'} ne 'on') {
delete $vpnsettings{'MSSFIX'};
} else {
@@ -847,6 +809,16 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
$errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
goto ADV_ERROR;
}
+ # Create ta.key for tls-auth if not presant
+ if ($cgiparams{'TLSAUTH'} eq 'on') {
+ if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
+ system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+ if ($?) {
+ $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
+ goto ADV_ERROR;
+ }
+ }
+ }
&General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
&writeserverconf();#hier ok
@@ -925,9 +897,15 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
- print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n";
+ print SERVERCONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n";
print SERVERCONF "# Cipher\n";
- print SERVERCONF "cipher AES-256-CBC\n";
+ print SERVERCONF "cipher $cgiparams{'DCIPHER'}\n";
+ if ($cgiparams{'DAUTH'} eq '') {
+ print SERVERCONF "auth SHA1\n";
+ } else {
+ print SERVERCONF "# HMAC algorithm\n";
+ print SERVERCONF "auth $cgiparams{'DAUTH'}\n";
+ }
if ($cgiparams{'COMPLZO'} eq 'on') {
print SERVERCONF "# Enable Compression\n";
print SERVERCONF "comp-lzo\r\n";
@@ -952,6 +930,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client')
{
+
my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
@@ -1014,12 +993,18 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
print CLIENTCONF "# Auth. Client\n";
print CLIENTCONF "tls-client\n";
print CLIENTCONF "# Cipher\n";
- print CLIENTCONF "cipher AES-256-CBC\n";
+ print CLIENTCONF "cipher $cgiparams{'DCIPHER'}\n";
print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n";
+ if ($cgiparams{'DAUTH'} eq '') {
+ print CLIENTCONF "auth SHA1\n";
+ } else {
+ print CLIENTCONF "# HMAC algorithm\n";
+ print CLIENTCONF "auth $cgiparams{'DAUTH'}\n";
+ }
if ($cgiparams{'COMPLZO'} eq 'on') {
print CLIENTCONF "# Enable Compression\n";
print CLIENTCONF "comp-lzo\r\n";
- }
+ }
print CLIENTCONF "# Debug Level\n";
print CLIENTCONF "verb 3\n";
print CLIENTCONF "# Tunnel check\n";
@@ -1050,15 +1035,10 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
}
}
if ($errormessage) { goto SETTINGS_ERROR; }
-
- if ($cgiparams{'ENABLED'} eq 'on'){
- &checkportfw($cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'});
- }
- if ($errormessage) { goto SETTINGS_ERROR; }
if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) {
$errormessage = $Lang::tr{'ovpn subnet is invalid'};
- goto SETTINGS_ERROR;
+ goto SETTINGS_ERROR;
}
my @tmpovpnsubnet = split("\/",$cgiparams{'DOVPN_SUBNET'});
@@ -1114,11 +1094,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
$errormessage = $Lang::tr{'invalid port'};
goto SETTINGS_ERROR;
}
-
- if ($cgiparams{'DDEST_PORT'} <= 1023) {
- $errormessage = $Lang::tr{'ovpn port in root range'};
- goto SETTINGS_ERROR;
- }
$vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
$vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
@@ -1144,7 +1119,7 @@ SETTINGS_ERROR:
###
### Reset all step 2
###
-}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reset'} && $cgiparams{'AREUSURE'} eq 'yes') {
+}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'} && $cgiparams{'AREUSURE'} eq 'yes') {
my $file = '';
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
@@ -1154,37 +1129,66 @@ SETTINGS_ERROR:
}
}
while ($file = glob("${General::swroot}/ovpn/ca/*")) {
- unlink $file
+ unlink $file;
}
while ($file = glob("${General::swroot}/ovpn/certs/*")) {
- unlink $file
+ unlink $file;
}
while ($file = glob("${General::swroot}/ovpn/crls/*")) {
- unlink $file
+ unlink $file;
}
- &cleanssldatabase();
+ &cleanssldatabase();
if (open(FILE, ">${General::swroot}/ovpn/caconfig")) {
print FILE "";
close FILE;
}
- &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+ if (open(FILE, ">${General::swroot}/ovpn/ccdroute")) {
+ print FILE "";
+ close FILE;
+ }
+ if (open(FILE, ">${General::swroot}/ovpn/ccdroute2")) {
+ print FILE "";
+ close FILE;
+ }
+ while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
+ unlink $file
+ }
+ if (open(FILE, ">${General::swroot}/ovpn/ovpn-leases.db")) {
+ print FILE "";
+ close FILE;
+ }
+ if (open(FILE, ">${General::swroot}/ovpn/ovpnconfig")) {
+ print FILE "";
+ close FILE;
+ }
+ while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) {
+ system ("rm -rf $file");
+ }
+
#&writeserverconf();
###
### Reset all step 1
###
-}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reset'}) {
+}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'}) {
&Header::showhttpheaders();
- &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
- &Header::openbigbox('100%', 'LEFT', '', '');
- &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'});
- print <<END
- <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
- <tr><td align='center'>
- <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
- $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}
- <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' />
- <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td></tr>
- </form></table>
+ &Header::openpage($Lang::tr{'ovpn'}, 1, '');
+ &Header::openbigbox('100%', 'left', '', '');
+ &Header::openbox('100%', 'left', $Lang::tr{'are you sure'});
+ print <<END;
+ <form method='post'>
+ <table width='100%'>
+ <tr>
+ <td align='center'>
+ <input type='hidden' name='AREUSURE' value='yes' />
+ <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
+ $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}</td>
+ </tr>
+ <tr>
+ <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' />
+ <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td>
+ </tr>
+ </table>
+ </form>
END
;
&Header::closebox();
@@ -1193,6 +1197,104 @@ END
exit (0);
###
+### Generate DH key step 2
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'} && $cgiparams{'AREUSURE'} eq 'yes') {
+ # Delete if old key exists
+ if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
+ unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
+ }
+ # Create Diffie Hellmann Parameter
+ system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache',
+ '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
+ if ($?) {
+ $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
+ unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
+ }
+
+###
+### Generate DH key step 1
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'}) {
+ &Header::showhttpheaders();
+ &Header::openpage($Lang::tr{'ovpn'}, 1, '');
+ &Header::openbigbox('100%', 'LEFT', '', '');
+ &Header::openbox('100%', 'LEFT', "$Lang::tr{'gen dh'}:");
+ print <<END;
+ <table width='100%'>
+ <tr>
+ <td width='20%'> </td> <td width='15%'></td> <td width='65%'></td>
+ </tr>
+ <tr>
+ <td class='base'>$Lang::tr{'ovpn dh'}:</td>
+ <td align='center'>
+ <form method='post'><input type='hidden' name='AREUSURE' value='yes' />
+ <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
+ <select name='DHLENGHT'>
+ <option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'}</option>
+ <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
+ <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
+ <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
+ </select>
+ </td>
+ </tr>
+ <tr><td colspan='4'><br></td></tr>
+ </table>
+ <table width='100%'>
+ <tr>
+ <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}: </font></b>$Lang::tr{'dh key warn'}
+ </tr>
+ <tr>
+ <td class='base'>$Lang::tr{'dh key warn1'}</td>
+ </tr>
+ <tr><td colspan='2'><br></td></tr>
+ <tr>
+ <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
+ </form>
+ </tr>
+ </table>
+
+END
+ ;
+ &Header::closebox();
+ print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
+ &Header::closebigbox();
+ &Header::closepage();
+ exit (0);
+
+###
+### Upload DH key
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload dh key'}) {
+ if (ref ($cgiparams{'FH'}) ne 'Fh') {
+ $errormessage = $Lang::tr{'there was no file upload'};
+ goto UPLOADCA_ERROR;
+ }
+ # Move uploaded dh key to a temporary file
+ (my $fh, my $filename) = tempfile( );
+ if (copy ($cgiparams{'FH'}, $fh) != 1) {
+ $errormessage = $!;
+ goto UPLOADCA_ERROR;
+ }
+ my $temp = `/usr/bin/openssl dhparam -text -in $filename`;
+ if ($temp !~ /DH Parameters: \((1024|2048|3072|4096) bit\)/) {
+ $errormessage = $Lang::tr{'not a valid dh key'};
+ unlink ($filename);
+ goto UPLOADCA_ERROR;
+ } else {
+ # Delete if old key exists
+ if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
+ unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
+ }
+ move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
+ if ($? ne 0) {
+ $errormessage = "$Lang::tr{'dh key move failed'}: $!";
+ unlink ($filename);
+ goto UPLOADCA_ERROR;
+ }
+ }
+
+###
### Upload CA Certificate
###
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload ca certificate'}) {
@@ -1210,7 +1312,7 @@ END
if ($cgiparams{'CA_NAME'} eq 'ca') {
$errormessage = $Lang::tr{'name is invalid'};
- goto UPLOAD_CA_ERROR;
+ goto UPLOADCA_ERROR;
}
# Check if there is no other entry with this name
@@ -1268,7 +1370,7 @@ END
if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") {
&Header::showhttpheaders();
- &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+ &Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', $errormessage);
&Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:");
my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
@@ -1345,10 +1447,10 @@ END
}
if ($assignedcerts) {
&Header::showhttpheaders();
- &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+ &Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', $errormessage);
&Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'});
- print <<END
+ print <<END;
<table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
<tr><td align='center'>
@@ -1380,7 +1482,7 @@ END
$cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
my $output;
&Header::showhttpheaders();
- &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+ &Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', '');
if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
&Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:");
@@ -1646,7 +1748,7 @@ END
}
} else { # child
unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
- '-days', '999999', '-newkey', 'rsa:2048',
+ '-days', '999999', '-newkey', 'rsa:4096', '-sha512',
'-keyout', "${General::swroot}/ovpn/ca/cakey.pem",
'-out', "${General::swroot}/ovpn/ca/cacert.pem",
'-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
@@ -1677,7 +1779,7 @@ END
}
} else { # child
unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
- '-newkey', 'rsa:1024',
+ '-newkey', 'rsa:2048',
'-keyout', "${General::swroot}/ovpn/certs/serverkey.pem",
'-out', "${General::swroot}/ovpn/certs/serverreq.pem",
'-extensions', 'server',
@@ -1729,8 +1831,7 @@ END
}
# Create Diffie Hellmann Parameter
system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache',
- '-out', "${General::swroot}/ovpn/ca/dh1024.pem",
- '1024' );
+ '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
@@ -1742,13 +1843,20 @@ END
goto ROOTCERT_ERROR;
# } else {
# &cleanssldatabase();
- }
+ }
+ # Create ta.key for tls-auth
+ system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+ if ($?) {
+ $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
+ &cleanssldatabase();
+ goto ROOTCERT_ERROR;
+ }
goto ROOTCERT_SUCCESS;
}
ROOTCERT_ERROR:
if ($cgiparams{'ACTION'} ne '') {
&Header::showhttpheaders();
- &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+ &Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', '');
if ($errormessage) {
&Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
@@ -1757,7 +1865,7 @@ END
&Header::closebox();
}
&Header::openbox('100%', 'LEFT', "$Lang::tr{'generate root/host certificates'}:");
- print <<END
+ print <<END;
<form method='post' enctype='multipart/form-data'>
<table width='100%' border='0' cellspacing='1' cellpadding='0'>
<tr><td width='30%' class='base'>$Lang::tr{'organization name'}:</td>
@@ -1790,19 +1898,38 @@ END
}
print ">$country</option>";
}
- print <<END
+ print <<END;
</select></td>
- <td colspan='2'> </td></tr>
+ <tr><td class='base'>$Lang::tr{'ovpn dh'}:</td>
+ <td class='base'><select name='DHLENGHT'>
+ <option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'}</option>
+ <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
+ <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
+ <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
+ </select>
+ </td>
+ </tr>
+
<tr><td> </td>
<td><input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' /></td>
<td> </td><td> </td></tr>
<tr><td class='base' colspan='4' align='left'>
<img src='/blob.gif' valign='top' alt='*' /> $Lang::tr{'this field may be blank'}</td></tr>
- <tr><td class='base' colspan='4' align='left'>
- <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
- $Lang::tr{'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient'}
- </td></tr>
- <tr><td colspan='4' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
+ <tr><td colspan='2'><br></td></tr>
+ <table width='100%'>
+ <tr>
+ <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}: </font></b>$Lang::tr{'ovpn generating the root and host certificates'}
+ <td class='base'>$Lang::tr{'dh key warn'}</td>
+ </tr>
+ <tr>
+ <td class='base'>$Lang::tr{'dh key warn1'}</td>
+ </tr>
+ <tr><td colspan='2'><br></td></tr>
+ <tr>
+ </table>
+
+ <table width='100%'>
+ <tr><td colspan='4'><hr></td></tr>
<tr><td class='base' nowrap='nowrap'>$Lang::tr{'upload p12 file'}:</td>
<td nowrap='nowrap'><input type='file' name='FH' size='32'></td>
<td colspan='2'> </td></tr>
@@ -1813,12 +1940,13 @@ END
<td><input type='submit' name='ACTION' value='$Lang::tr{'upload p12 file'}' /></td>
<td colspan='2'> </td></tr>
<tr><td class='base' colspan='4' align='left'>
- <img src='/blob.gif' valign='top' al='*' > $Lang::tr{'this field may be blank'}</td></tr>
+ <img src='/blob.gif' valign='top' al='*' > $Lang::tr{'this field may be blank'}</td>
+ </tr>
</form></table>
END
;
&Header::closebox();
-
+ print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
&Header::closepage();
exit(0)
@@ -1950,13 +2078,20 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
print CLIENTCONF "ns-cert-type server\n";
print CLIENTCONF "# Auth. Client\n";
print CLIENTCONF "tls-client\n";
- print CLIENTCONF "# Cipher\n";
- print CLIENTCONF "cipher AES-256-CBC\n";
+ print CLIENTCONF "# Cipher\n";
+ print CLIENTCONF "cipher $confighash{$cgiparams{'KEY'}}[40]\n";
if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n";
$zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
- }
- if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') {
+ }
+ if ($confighash{$cgiparams{'KEY'}}[39] eq '') {
+ print CLIENTCONF "# HMAC algorithm\n";
+ print CLIENTCONF "auth SHA1\n";
+ } else {
+ print CLIENTCONF "# HMAC algorithm\n";
+ print CLIENTCONF "auth $confighash{$cgiparams{'KEY'}}[39]\n";
+ }
+ if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') {
print CLIENTCONF "# Enable Compression\n";
print CLIENTCONF "comp-lzo\r\n";
}
@@ -2051,6 +2186,15 @@ else
$zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
}
print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
+ if ($vpnsettings{'DAUTH'} eq '') {
+ print CLIENTCONF "";
+ } else {
+ print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
+ }
+ if ($vpnsettings{'TLSAUTH'} eq 'on') {
+ print CLIENTCONF "tls-auth ta.key\r\n";
+ $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "Can't add file ta.key\n";
+ }
if ($vpnsettings{DCOMPLZO} eq 'on') {
print CLIENTCONF "comp-lzo\r\n";
}
@@ -2180,7 +2324,7 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
&Header::showhttpheaders();
- &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+ &Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
@@ -2192,15 +2336,40 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
&Header::closepage();
exit(0);
}
+
+###
+### Display Diffie-Hellman key
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show dh'}) {
+
+ if (! -e "${General::swroot}/ovpn/ca/dh1024.pem") {
+ $errormessage = $Lang::tr{'not present'};
+ } else {
+ &Header::showhttpheaders();
+ &Header::openpage($Lang::tr{'ovpn'}, 1, '');
+ &Header::openbigbox('100%', 'LEFT', '', '');
+ &Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:");
+ my $output = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
+ $output = &Header::cleanhtml($output,"y");
+ print "<pre>$output</pre>\n";
+ &Header::closebox();
+ print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
+ &Header::closebigbox();
+ &Header::closepage();
+ exit(0);
+ }
+
###
### Display Certificate Revoke List
###
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show crl'}) {
# &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- if ( -f "${General::swroot}/ovpn/crls/cacrl.pem") {
+ if (! -e "${General::swroot}/ovpn/crls/cacrl.pem") {
+ $errormessage = $Lang::tr{'not present'};
+ } else {
&Header::showhttpheaders();
- &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+ &Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
@@ -2231,19 +2400,25 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
# }
ADV_ERROR:
if ($cgiparams{'MAX_CLIENTS'} eq '') {
- $cgiparams{'MAX_CLIENTS'} = '100';
+ $cgiparams{'MAX_CLIENTS'} = '100';
}
if ($cgiparams{'KEEPALIVE_1'} eq '') {
- $cgiparams{'KEEPALIVE_1'} = '10';
+ $cgiparams{'KEEPALIVE_1'} = '10';
}
if ($cgiparams{'KEEPALIVE_2'} eq '') {
- $cgiparams{'KEEPALIVE_2'} = '60';
+ $cgiparams{'KEEPALIVE_2'} = '60';
}
if ($cgiparams{'LOG_VERB'} eq '') {
- $cgiparams{'LOG_VERB'} = '3';
+ $cgiparams{'LOG_VERB'} = '3';
}
if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
- $cgiparams{'PMTU_DISCOVERY'} = 'off';
+ $cgiparams{'PMTU_DISCOVERY'} = 'off';
+ }
+ if ($cgiparams{'DAUTH'} eq '') {
+ $cgiparams{'DAUTH'} = 'SHA1';
+ }
+ if ($cgiparams{'TLSAUTH'} eq '') {
+ $cgiparams{'TLSAUTH'} = 'off';
}
$checked{'CLIENT2CLIENT'}{'off'} = '';
$checked{'CLIENT2CLIENT'}{'on'} = '';
@@ -2251,11 +2426,11 @@ ADV_ERROR:
$checked{'REDIRECT_GW_DEF1'}{'off'} = '';
$checked{'REDIRECT_GW_DEF1'}{'on'} = '';
$checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED';
- $selected{'ENGINES'}{$cgiparams{'ENGINES'}} = 'SELECTED';
$checked{'MSSFIX'}{'off'} = '';
$checked{'MSSFIX'}{'on'} = '';
$checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
$checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
+ $selected{'LOG_VERB'}{'0'} = '';
$selected{'LOG_VERB'}{'1'} = '';
$selected{'LOG_VERB'}{'2'} = '';
$selected{'LOG_VERB'}{'3'} = '';
@@ -2267,8 +2442,16 @@ ADV_ERROR:
$selected{'LOG_VERB'}{'9'} = '';
$selected{'LOG_VERB'}{'10'} = '';
$selected{'LOG_VERB'}{'11'} = '';
- $selected{'LOG_VERB'}{'0'} = '';
$selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
+ $selected{'DAUTH'}{'whirlpool'} = '';
+ $selected{'DAUTH'}{'SHA512'} = '';
+ $selected{'DAUTH'}{'SHA384'} = '';
+ $selected{'DAUTH'}{'SHA256'} = '';
+ $selected{'DAUTH'}{'SHA1'} = '';
+ $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
+ $checked{'TLSAUTH'}{'off'} = '';
+ $checked{'TLSAUTH'}{'on'} = '';
+ $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'status ovpn'}, 1, '');
@@ -2280,34 +2463,34 @@ ADV_ERROR:
&Header::closebox();
}
&Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
- print <<END
+ print <<END;
<form method='post' enctype='multipart/form-data'>
- <table width='100%' border='0'>
- <tr>
- <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
+<table width='100%' border=0>
+ <tr>
+ <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
</tr>
<tr>
- <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
+ <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
</tr>
<tr>
- <td class='base'>Domain</td>
+ <td class='base'>Domain</td>
<td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td>
</tr>
<tr>
- <td class='base'>DNS</td>
- <td><input type='TEXT' name='DHCP_DNS' value='$cgiparams{'DHCP_DNS'}' size='30' /></td>
+ <td class='base'>DNS</td>
+ <td><input type='TEXT' name='DHCP_DNS' value='$cgiparams{'DHCP_DNS'}' size='30' /></td>
</tr>
<tr>
- <td class='base'>WINS</td>
- <td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td>
- </tr>
+ <td class='base'>WINS</td>
+ <td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td>
+ </tr>
<tr>
- <td colspan='4'><b>$Lang::tr{'ovpn routes push options'}</b></td>
+ <td colspan='4'><b>$Lang::tr{'ovpn routes push options'}</b></td>
</tr>
<tr>
- <td class='base'>$Lang::tr{'ovpn routes push'}</td>
- <td colspan='2'>
- <textarea name='ROUTES_PUSH' cols='26' rows='6' wrap='off'>
+ <td class='base'>$Lang::tr{'ovpn routes push'}</td>
+ <td colspan='2'>
+ <textarea name='ROUTES_PUSH' cols='26' rows='6' wrap='off'>
END
;
@@ -2322,40 +2505,39 @@ print <<END;
</tr>
</table>
<hr size='1'>
- <table width='100%'>
+<table width='100%'>
<tr>
- <td class'base'><b>$Lang::tr{'misc-options'}</b></td>
+ <td class'base'><b>$Lang::tr{'misc-options'}</b></td>
</tr>
<tr>
- <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
+ <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
</tr>
<tr>
- <td class='base'>Client-To-Client</td>
- <td><input type='checkbox' name='CLIENT2CLIENT' $checked{'CLIENT2CLIENT'}{'on'} /></td>
+ <td class='base'>Client-To-Client</td>
+ <td><input type='checkbox' name='CLIENT2CLIENT' $checked{'CLIENT2CLIENT'}{'on'} /></td>
</tr>
<tr>
- <td class='base'>Redirect-Gateway def1</td>
- <td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td>
+ <td class='base'>Redirect-Gateway def1</td>
+ <td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td>
</tr>
<tr>
<td class='base'>Max-Clients</td>
<td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='10' /></td>
</tr>
- <tr>
+ <tr>
<td class='base'>Keepalive <br />
(ping/ping-restart)</td>
<td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='10' /></td>
<td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='10' /></td>
</tr>
- <tr>
+ <tr>
<td class='base'>fragment <br></td>
<td><input type='TEXT' name='FRAGMENT' value='$cgiparams{'FRAGMENT'}' size='10' /></td>
- <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td>
</tr>
<tr>
<td class='base'>mssfix</td>
<td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
- <td>$Lang::tr{'openvpn default'}: on</td>
+ <td>$Lang::tr{'openvpn default'}: off</td>
</tr>
<tr>
@@ -2367,53 +2549,70 @@ print <<END;
</tr>
</table>
-<!--
<hr size='1'>
- <table width='100%'>
+<table width='100%'>
<tr>
- <td class'base'><b>Crypto-Engines</b></td>
+ <td class'base'><b>$Lang::tr{'log-options'}</b></td>
</tr>
<tr>
- <td width='15%'></td> <td width='30%'> </td><td width='25%'> </td><td width='30%'></td>
+ <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td>
+ </tr>
+
+ <tr><td class='base'>VERB</td>
+ <td><select name='LOG_VERB'>
+ <option value='0' $selected{'LOG_VERB'}{'0'}>0</option>
+ <option value='1' $selected{'LOG_VERB'}{'1'}>1</option>
+ <option value='2' $selected{'LOG_VERB'}{'2'}>2</option>
+ <option value='3' $selected{'LOG_VERB'}{'3'}>3</option>
+ <option value='4' $selected{'LOG_VERB'}{'4'}>4</option>
+ <option value='5' $selected{'LOG_VERB'}{'5'}>5</option>
+ <option value='6' $selected{'LOG_VERB'}{'6'}>6</option>
+ <option value='7' $selected{'LOG_VERB'}{'7'}>7</option>
+ <option value='8' $selected{'LOG_VERB'}{'8'}>8</option>
+ <option value='9' $selected{'LOG_VERB'}{'9'}>9</option>
+ <option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
+ <option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
+ </td></select>
+ </table>
+
+<hr size='1'>
+<table width='100%'>
+ <tr>
+ <td class'base'><b>$Lang::tr{'ovpn crypt options'}</b></td>
+ </tr>
+ <tr>
+ <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td>
</tr>
- <tr><td class='base'>Engines:</td>
- <td><select name='ENGINES'><option value="none" $selected{'ENGINES'}{'none'}>none</option>
- <option value="cryptodev" $selected{'ENGINES'}{'cryptodev'}>cryptodev</option>
- <option value="padlock" $selected{'ENGINES'}{'padlock'}>padlock</option>
+ <tr><td class='base'>$Lang::tr{'ovpn ha'}</td>
+ <td><select name='DAUTH'>
+ <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
+ <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
+ <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
+ <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
+ <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'})</option>
</select>
- </td>
+ </td>
+ <td>$Lang::tr{'openvpn default'}: <span class="base">SHA1 (160 $Lang::tr{'bit'})</span></td>
+ </tr>
</table>
--->
-<hr size='1'>
- <table width='100%'>
+
+<table width='100%'>
<tr>
- <td class'base'><b>$Lang::tr{'log-options'}</b></td>
+ <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
</tr>
+
<tr>
- <td width='15%'></td> <td width='30%'> </td><td width='25%'> </td><td width='30%'></td>
- </tr>
-
- <tr><td class='base'>VERB</td>
- <td><select name='LOG_VERB'><option value='1' $selected{'LOG_VERB'}{'1'}>1</option>
- <option value='2' $selected{'LOG_VERB'}{'2'}>2</option>
- <option value='3' $selected{'LOG_VERB'}{'3'}>3</option>
- <option value='4' $selected{'LOG_VERB'}{'4'}>4</option>
- <option value='5' $selected{'LOG_VERB'}{'5'}>5</option>
- <option value='6' $selected{'LOG_VERB'}{'6'}>6</option>
- <option value='7' $selected{'LOG_VERB'}{'7'}>7</option>
- <option value='8' $selected{'LOG_VERB'}{'8'}>8</option>
- <option value='9' $selected{'LOG_VERB'}{'9'}>9</option>
- <option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
- <option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
- <option value='0' $selected{'LOG_VERB'}{'0'}>0</option></select></td>
-</table><hr>
+ <td class='base'>HMAC tls-auth</td>
+ <td><input type='checkbox' name='TLSAUTH' $checked{'TLSAUTH'}{'on'} /></td>
+ </tr>
+ </table><hr>
END
if ( -e "/var/run/openvpn.pid"){
print" <br><b><font color='#990000'>$Lang::tr{'attention'}:</b></font><br>
$Lang::tr{'server restart'}<br><br>
<hr>";
- print<<END
+ print<<END;
<table width='100%'>
<tr>
<td> </td>
@@ -2429,7 +2628,7 @@ END
}else{
-print<<END
+ print<<END;
<table width='100%'>
<tr>
<td> </td>
@@ -2484,7 +2683,7 @@ if ($cgiparams{'ACTION'} eq "edit"){
&Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'});
- print <<END
+ print <<END;
<table width='100%' border='0'>
<tr><form method='post'>
<td width='10%' nowrap='nowrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
@@ -2498,7 +2697,7 @@ END
&Header::closebox();
&Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
- print <<END
+ print <<END;
<table width='100%' border='0' cellpadding='0' cellspacing='1'>
<tr>
<td class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd used'}</td><td width='3%'></td><td width='3%'></td></tr>
@@ -2508,7 +2707,7 @@ END
else{
if (! -e "/var/run/openvpn.pid"){
&Header::openbox('100%', 'LEFT', $Lang::tr{'ccd add'});
- print <<END;
+ print <<END;
<table width='100%' border='0'>
<tr><form method='post'>
<td colspan='4'>$Lang::tr{'ccd hint'}<br><br></td></tr>
@@ -2528,7 +2727,7 @@ END
print "$Lang::tr{'ccd noaddnet'}<br><hr>";
}
- print <<END
+ print <<END;
<table width='100%' cellpadding='0' cellspacing='1'>
<tr>
<td class='boldbase' align='center' nowrap='nowrap' width='20%'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center' width='8%'><b>$Lang::tr{'network'}</td><td class='boldbase' width='8%' align='center' nowrap='nowrap'><b>$Lang::tr{'ccd used'}</td><td width='1%' align='center'></td><td width='1%' align='center'></td></tr>
@@ -2546,7 +2745,7 @@ END
if ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}
else{ print" <tr bgcolor='$color{'color20'}'>";}
print"<td>$ccdconf[0]</td><td align='center'>$ccdconf[1]</td><td align='center'>$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1)."</td><td>";
-print <<END
+ print <<END;
<form method='post' />
<input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
<input type='hidden' name='ACTION' value='edit'/>
@@ -2582,7 +2781,7 @@ END
#
# <td><b>$Lang::tr{'protocol'}</b></td>
# protocol temp removed
- print <<END
+ print <<END;
<table width='100%' cellpadding='2' cellspacing='0' class='tbl'>
<tr>
<th><b>$Lang::tr{'common name'}</b></th>
@@ -2661,7 +2860,7 @@ END
}
print "</table>";
- print <<END
+ print <<END;
<table width='100%' border='0' cellpadding='2' cellspacing='0'>
<tr><td></td></tr>
<tr><td></td></tr>
@@ -2770,13 +2969,13 @@ END
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') {
&General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
&Header::showhttpheaders();
- &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+ &Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'});
if ( -s "${General::swroot}/ovpn/settings") {
- print <<END
+ print <<END;
<b>$Lang::tr{'connection type'}:</b><br />
<table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
<tr><td><input type='radio' name='TYPE' value='host' checked /></td>
@@ -2797,7 +2996,7 @@ END
} else {
- print <<END
+ print <<END;
<b>$Lang::tr{'connection type'}:</b><br />
<table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
<tr><td><input type='radio' name='TYPE' value='host' checked /></td> <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
@@ -2809,6 +3008,7 @@ END
}
&Header::closebox();
+ print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
&Header::closepage();
exit (0);
@@ -2943,8 +3143,10 @@ END
my $complzoactive;
my $mssfixactive;
+my $authactive;
my $n2nfragment;
-my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]);;
+my $authactive;
+my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]);
my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
my @n2nproto = split(/-/, $n2nproto2[1]);
my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]);
@@ -2961,7 +3163,8 @@ my @n2novpnsub = split(/\./,$n2novpnsuball[1]);
my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]);
my @n2nmgmt = split(/ /, (grep { /^management/ } @firen2nconf)[0]);
my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]);
-
+my @n2ncipher = split(/ /, (grep { /^cipher/ } @firen2nconf)[0]);
+my @n2nauth = split(/ /, (grep { /^auth/ } @firen2nconf)[0]);;
###
# m.a.d delete CR and LF from arrays for this chomp doesnt work
@@ -2980,6 +3183,8 @@ $n2nlocalsub[2] =~ s/\n|\r//g;
$n2nfragment[1] =~ s/\n|\r//g;
$n2nmgmt[2] =~ s/\n|\r//g;
$n2nmtudisc[1] =~ s/\n|\r//g;
+$n2ncipher[1] =~ s/\n|\r//g;
+$n2nauth[1] =~ s/\n|\r//g;
chomp ($complzoactive);
chomp ($mssfixactive);
@@ -3016,7 +3221,7 @@ foreach my $dkey (keys %confighash) {
}
###
-# Check im Dest Port is vaild
+# Check if Dest Port is vaild
###
foreach my $dkey (keys %confighash) {
@@ -3033,7 +3238,7 @@ foreach my $dkey (keys %confighash) {
$key = &General::findhasharraykey (\%confighash);
- foreach my $i (0 .. 39) { $confighash{$key}[$i] = "";}
+ foreach my $i (0 .. 42) { $confighash{$key}[$i] = "";}
$confighash{$key}[0] = 'off';
$confighash{$key}[1] = $n2nname[0];
@@ -3054,8 +3259,10 @@ foreach my $dkey (keys %confighash) {
$confighash{$key}[29] = $n2nport[1];
$confighash{$key}[30] = $complzoactive;
$confighash{$key}[31] = $n2ntunmtu[1];
- $confighash{$key}[38] = $n2nmtudisc[1];
-
+ $confighash{$key}[38] = $n2nmtudisc[1];
+ $confighash{$key}[39] = $n2nauth[1];
+ $confighash{$key}[40] = $n2ncipher[1];
+ $confighash{$key}[41] = 'disabled';
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
@@ -3075,7 +3282,7 @@ foreach my $dkey (keys %confighash) {
&Header::openbox('100%', 'LEFT', 'import ipfire net2net config');
}
if ($errormessage eq ''){
- print <<END
+ print <<END;
<!-- ipfire net2net config gui -->
<table width='100%'>
<tr><td width='25%'> </td><td width='25%'> </td></tr>
@@ -3084,16 +3291,18 @@ foreach my $dkey (keys %confighash) {
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td><td><b>$confighash{$key}[6]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>Remote Host </td><td><b>$confighash{$key}[10]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td><td><b>$confighash{$key}[8]</b></td></tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td><td><b>$confighash{$key}[11]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}:</td><td><b>$confighash{$key}[11]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td><td><b>$confighash{$key}[27]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td><td><b>$confighash{$key}[28]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'destination port'}:</td><td><b>$confighash{$key}[29]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td><td><b>$confighash{$key}[30]</b></td></tr>
- <tr><td class='boldbase' nowrap='nowrap'>MSSFIX </td><td><b>$confighash{$key}[23]</b></td></tr>
- <tr><td class='boldbase' nowrap='nowrap'>Fragment </td><td><b>$confighash{$key}[24]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>MSSFIX:</td><td><b>$confighash{$key}[23]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>Fragment:</td><td><b>$confighash{$key}[24]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td><td><b>$confighash{$key}[38]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn hmac'}:</td><td><b>$confighash{$key}[39]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td><td><b>$confighash{$key}[40]</b></td></tr>
<tr><td> </td><td> </td></tr>
</table>
END
@@ -3111,7 +3320,7 @@ END
}
&Header::closebigbox();
&Header::closepage();
- exit(0);
+ exit(0);
##
@@ -3164,33 +3373,36 @@ if ($confighash{$cgiparams{'KEY'}}) {
$errormessage = $Lang::tr{'invalid key'};
goto VPNCONF_END;
}
- $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0];
- $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1];
- $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
- $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
- $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
- $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
- $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
- $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
+ $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0];
+ $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1];
+ $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
+ $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
+ $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
+ $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
+ $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
+ $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
$cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
- $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22];
- $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23];
- $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
- $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
- $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
- $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27];
- $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28];
- $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29];
- $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30];
- $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31];
- $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32];
+ $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22];
+ $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23];
+ $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
+ $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
+ $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
+ $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27];
+ $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28];
+ $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29];
+ $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30];
+ $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31];
+ $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32];
$name=$cgiparams{'CHECK1'} ;
- $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33];
- $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34];
- $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35];
- $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36];
- $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37];
+ $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33];
+ $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34];
+ $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35];
+ $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36];
+ $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37];
$cgiparams{'PMTU_DISCOVERY'} = $confighash{$cgiparams{'KEY'}}[38];
+ $cgiparams{'DAUTH'} = $confighash{$cgiparams{'KEY'}}[39];
+ $cgiparams{'DCIPHER'} = $confighash{$cgiparams{'KEY'}}[40];
+ $cgiparams{'TLSAUTH'} = $confighash{$cgiparams{'KEY'}}[41];
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
@@ -3500,7 +3712,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
goto VPNCONF_ERROR;
}
- if ($cgiparams{'OVPN_MGMT'} eq '') {
+ if ($cgiparams{'OVPN_MGMT'} eq '') {
$cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'};
}
@@ -3727,6 +3939,8 @@ if ($cgiparams{'TYPE'} eq 'net') {
}
if ($cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
$errormessage = $Lang::tr{'invalid input for name'};
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
goto VPNCONF_ERROR;
}
if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) {
@@ -3799,7 +4013,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
}
} else { # child
unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
- '-newkey', 'rsa:1024',
+ '-newkey', 'rsa:2048',
'-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
'-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
'-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
@@ -3868,7 +4082,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
if (! $key) {
$key = &General::findhasharraykey (\%confighash);
- foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";}
+ foreach my $i (0 .. 43) { $confighash{$key}[$i] = "";}
}
$confighash{$key}[0] = $cgiparams{'ENABLED'};
$confighash{$key}[1] = $cgiparams{'NAME'};
@@ -3887,13 +4101,13 @@ if ($cgiparams{'TYPE'} eq 'net') {
$confighash{$key}[6] = $cgiparams{'SIDE'};
$confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
}
- $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
+ $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
$confighash{$key}[10] = $cgiparams{'REMOTE'};
- if ($cgiparams{'OVPN_MGMT'} eq '') {
+ if ($cgiparams{'OVPN_MGMT'} eq '') {
$confighash{$key}[22] = $confighash{$key}[29];
- } else {
+ } else {
$confighash{$key}[22] = $cgiparams{'OVPN_MGMT'};
- }
+ }
$confighash{$key}[23] = $cgiparams{'MSSFIX'};
$confighash{$key}[24] = $cgiparams{'FRAGMENT'};
$confighash{$key}[25] = $cgiparams{'REMARK'};
@@ -3911,8 +4125,9 @@ if ($cgiparams{'TYPE'} eq 'net') {
$confighash{$key}[35] = $cgiparams{'CCD_DNS1'};
$confighash{$key}[36] = $cgiparams{'CCD_DNS2'};
$confighash{$key}[37] = $cgiparams{'CCD_WINS'};
- $confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'};
-
+ $confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'};
+ $confighash{$key}[39] = $cgiparams{'DAUTH'};
+ $confighash{$key}[40] = $cgiparams{'DCIPHER'};
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
@@ -4023,10 +4238,11 @@ if ($cgiparams{'TYPE'} eq 'net') {
$cgiparams{'MSSFIX'} = 'on';
$cgiparams{'FRAGMENT'} = '1300';
$cgiparams{'PMTU_DISCOVERY'} = 'off';
+ $cgiparams{'DAUTH'} = 'SHA1';
###
# m.a.d n2n end
###
- $cgiparams{'SIDE'} = 'left';
+ $cgiparams{'SIDE'} = 'left';
if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) {
$cgiparams{'AUTH'} = 'psk';
} elsif ( ! -f "${General::swroot}/ovpn/ca/cacert.pem") {
@@ -4087,10 +4303,40 @@ if ($cgiparams{'TYPE'} eq 'net') {
}
$checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
+ $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
+ $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
+ $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
+ $selected{'DCIPHER'}{'AES-256-CBC'} = '';
+ $selected{'DCIPHER'}{'AES-192-CBC'} = '';
+ $selected{'DCIPHER'}{'AES-128-CBC'} = '';
+ $selected{'DCIPHER'}{'DESX-CBC'} = '';
+ $selected{'DCIPHER'}{'SEED-CBC'} = '';
+ $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
+ $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
+ $selected{'DCIPHER'}{'CAST5-CBC'} = '';
+ $selected{'DCIPHER'}{'BF-CBC'} = '';
+ $selected{'DCIPHER'}{'DES-CBC'} = '';
+ # If no cipher has been chossen yet, select
+ # the old default (AES-256-CBC) for compatiblity reasons.
+ if ($cgiparams{'DCIPHER'} eq '') {
+ $cgiparams{'DCIPHER'} = 'AES-256-CBC';
+ }
+ $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
+ $selected{'DAUTH'}{'whirlpool'} = '';
+ $selected{'DAUTH'}{'SHA512'} = '';
+ $selected{'DAUTH'}{'SHA384'} = '';
+ $selected{'DAUTH'}{'SHA256'} = '';
+ $selected{'DAUTH'}{'SHA1'} = '';
+ # If no hash algorythm has been choosen yet, select
+ # the old default value (SHA1) for compatiblity reasons.
+ if ($cgiparams{'DAUTH'} eq '') {
+ $cgiparams{'DAUTH'} = 'SHA1';
+ }
+ $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
if (1) {
&Header::showhttpheaders();
- &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+ &Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', $errormessage);
if ($errormessage) {
&Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
@@ -4116,28 +4362,25 @@ if ($cgiparams{'TYPE'} eq 'net') {
&Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:");
print "<table width='100%' border='0'>\n";
-
-
-
+
print "<tr><td width='14%' class='boldbase'>$Lang::tr{'name'}: </td>";
if ($cgiparams{'TYPE'} eq 'host') {
if ($cgiparams{'KEY'}) {
print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
} else {
-
print "<td width='35%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' size='30' /></td>";
}
# print "<tr><td>$Lang::tr{'interface'}</td>";
# print "<td><select name='INTERFACE'>";
# print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED</option>";
-# if ($netsettings{'BLUE_DEV'} ne '') {
-# print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE</option>";
-# }
-# print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN</option>";
-# print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>";
-# print "</select></td></tr>";
-# print <<END
+# if ($netsettings{'BLUE_DEV'} ne '') {
+# print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE</option>";
+# }
+# print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN</option>";
+# print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>";
+# print "</select></td></tr>";
+# print <<END;
} else {
print "<input type='hidden' name='INTERFACE' value='red' />";
if ($cgiparams{'KEY'}) {
@@ -4145,51 +4388,70 @@ if ($cgiparams{'TYPE'} eq 'net') {
} else {
print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>";
}
-
-
-
- print <<END
+ print <<END;
<td width='25%'> </td>
- <td width='25%'> </td></tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>
- <td><select name='SIDE'><option value='server' $selected{'SIDE'}{'server'}>$Lang::tr{'openvpn server'}</option>
- <option value='client' $selected{'SIDE'}{'client'}>$Lang::tr{'openvpn client'}</option></select></td>
- <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
- <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td></tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
- <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td>
- <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
- <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td></tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td>
- <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td></tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
-
- <td><select name='PROTOCOL'><option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
- <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>
-
- <td class='boldbase'>$Lang::tr{'destination port'}:</td>
- <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td></tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'} <img src='/blob.gif'</td>
- <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
-
- <tr><td class='boldbase' nowrap='nowrap'>mssfix <img src='/blob.gif' /></td>
- <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
- <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td>
-
- <tr><td class='boldbase' nowrap='nowrap'>fragment <img src='/blob.gif' /></td>
- <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td>
- <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td>
-
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'} <img src='/blob.gif' /></td>
- <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td>
- <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td>
-
- <tr><td class='boldbase' nowrap='nowrap'>Management Port <img src='/blob.gif' /></td>
- <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
- <td colspan='2'>$Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}</span></td>
+ <td width='25%'> </td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>
+ <td><select name='SIDE'>
+ <option value='server' $selected{'SIDE'}{'server'}>$Lang::tr{'openvpn server'}</option>
+ <option value='client' $selected{'SIDE'}{'client'}>$Lang::tr{'openvpn client'}</option>
+ </select>
+ </td>
+
+ <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
+ <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td>
+ </tr>
+
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
+ <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td>
+
+ <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
+ <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td>
+ </tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td>
+ <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td>
+
+ <td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
+ <td><select name='PROTOCOL'>
+ <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
+ <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>
+ </tr>
+
<tr>
- <td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td>
+ <td class='boldbase'>$Lang::tr{'destination port'}:</td>
+ <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td>
+
+ <td class='boldbase' nowrap='nowrap'>Management Port ($Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}): <img src='/blob.gif' /></td>
+ <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
+ </tr>
+
+ <tr><td colspan=4><hr /></td></tr><tr>
+
+ <tr>
+ <td class'base'><b>$Lang::tr{'MTU settings'}</b></td>
+ </tr>
+
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'} <img src='/blob.gif' /></td>
+ <td><input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td>
+ <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td>
+ </tr>
+
+ <tr><td class='boldbase' nowrap='nowrap'>fragment <img src='/blob.gif' /></td>
+ <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td>
+ <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td>
+ </tr>
+
+ <tr><td class='boldbase' nowrap='nowrap'>mssfix <img src='/blob.gif' /></td>
+ <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
+ <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td>
+ </tr>
+
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'} <img src='/blob.gif'</td>
+ <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
+ </tr>
+
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td>
<td colspan='3'>
<input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}
<input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}
@@ -4198,6 +4460,40 @@ if ($cgiparams{'TYPE'} eq 'net') {
</td>
</tr>
+<tr><td colspan=4><hr /></td></tr><tr>
+ <tr>
+ <td class'base'><b>$Lang::tr{'ovpn crypt options'}:</b></td>
+ </tr>
+
+ <tr><td class='boldbase'>$Lang::tr{'cipher'}</td>
+ <td><select name='DCIPHER'>
+ <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
+ <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
+ <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option>
+ <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
+ <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'})</option>
+ <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'})</option>
+ <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'})</option>
+ </select>
+ </td>
+
+ <td class='boldbase'>$Lang::tr{'ovpn ha'}:</td>
+ <td><select name='DAUTH'>
+ <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
+ <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
+ <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
+ <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
+ <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'} Default)</option>
+ </select>
+ </td>
+ </tr>
+ <tr><td colspan=4><hr /></td></tr><tr>
+
END
;
}
@@ -4260,7 +4556,7 @@ if ($cgiparams{'TYPE'} eq 'host') {
if ($cgiparams{'TYPE'} eq 'host') {
-print <<END
+ print <<END;
<table width='100%' cellpadding='0' cellspacing='5' border='0'>
<tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td><td class='base'>$Lang::tr{'upload a certificate request'}</td><td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr>
@@ -4285,7 +4581,7 @@ END
} else {
-print <<END
+ print <<END;
<table width='100%' cellpadding='0' cellspacing='5' border='0'>
<tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td> </td></tr>
@@ -4319,7 +4615,7 @@ END
###
if ($cgiparams{'TYPE'} eq 'host') {
- print <<END
+ print <<END;
</select></td></tr>
<td> </td><td class='base'>$Lang::tr{'valid till'} (days):</td>
@@ -4335,7 +4631,7 @@ if ($cgiparams{'TYPE'} eq 'host') {
</table>
END
}else{
- print <<END
+ print <<END;
</select></td></tr>
<tr><td> </td><td> </td><td> </td></tr>
<tr><td> </td><td> </td><td> </td></tr>
@@ -4463,7 +4759,7 @@ END
if (&haveOrangeNet() && $selorange == '1'){ print"<option selected>$Lang::tr{'orange'}</option>";$selorange=0;}elsif(&haveOrangeNet() && $selorange == '0'){print"<option>$Lang::tr{'orange'}</option>";}
if ($selgreen == '1' || $other == '0'){ print"<option selected>$Lang::tr{'green'}</option>";$set=0;}else{print"<option>$Lang::tr{'green'}</option>";};
- print<<END
+ print<<END;
</select></td><td valign='top'>DNS1:</td><td valign='top'><input type='TEXT' name='CCD_DNS1' value='$cgiparams{'CCD_DNS1'}' size='30' /></td></tr>
<tr valign='top'><td>DNS2:</td><td><input type='TEXT' name='CCD_DNS2' value='$cgiparams{'CCD_DNS2'}' size='30' /></td></tr>
<tr valign='top'><td valign='top'>WINS:</td><td><input type='TEXT' name='CCD_WINS' value='$cgiparams{'CCD_WINS'}' size='30' /></td></tr></table><br><hr>
@@ -4511,18 +4807,24 @@ END
#default setzen
if ($cgiparams{'DCIPHER'} eq '') {
- $cgiparams{'DCIPHER'} = 'AES-256-CBC';
+ $cgiparams{'DCIPHER'} = 'AES-256-CBC';
}
if ($cgiparams{'DDEST_PORT'} eq '') {
- $cgiparams{'DDEST_PORT'} = '1194';
+ $cgiparams{'DDEST_PORT'} = '1194';
}
if ($cgiparams{'DMTU'} eq '') {
- $cgiparams{'DMTU'} = '1400';
+ $cgiparams{'DMTU'} = '1400';
+ }
+ if ($cgiparams{'MSSFIX'} eq '') {
+ $cgiparams{'MSSFIX'} = 'off';
+ }
+ if ($cgiparams{'DAUTH'} eq '') {
+ $cgiparams{'DAUTH'} = 'SHA1';
}
if ($cgiparams{'DOVPN_SUBNET'} eq '') {
- $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
+ $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
}
- $checked{'ENABLED'}{'off'} = '';
+ $checked{'ENABLED'}{'off'} = '';
$checked{'ENABLED'}{'on'} = '';
$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
$checked{'ENABLED_BLUE'}{'off'} = '';
@@ -4538,26 +4840,33 @@ END
$selected{'DPROTOCOL'}{'udp'} = '';
$selected{'DPROTOCOL'}{'tcp'} = '';
$selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
-
- $selected{'DCIPHER'}{'DES-CBC'} = '';
- $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
+
+ $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
+ $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
+ $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
+ $selected{'DCIPHER'}{'AES-256-CBC'} = '';
+ $selected{'DCIPHER'}{'AES-192-CBC'} = '';
+ $selected{'DCIPHER'}{'AES-128-CBC'} = '';
$selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
$selected{'DCIPHER'}{'DESX-CBC'} = '';
- $selected{'DCIPHER'}{'RC2-CBC'} = '';
- $selected{'DCIPHER'}{'RC2-40-CBC'} = '';
- $selected{'DCIPHER'}{'RC2-64-CBC'} = '';
+ $selected{'DCIPHER'}{'SEED-CBC'} = '';
+ $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
+ $selected{'DCIPHER'}{'CAST5-CBC'} = '';
$selected{'DCIPHER'}{'BF-CBC'} = '';
- $selected{'DCIPHER'}{'CAST5-CBC'} = '';
- $selected{'DCIPHER'}{'AES-128-CBC'} = '';
- $selected{'DCIPHER'}{'AES-192-CBC'} = '';
- $selected{'DCIPHER'}{'AES-256-CBC'} = '';
- $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
- $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
- $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
+ $selected{'DCIPHER'}{'DES-CBC'} = '';
$selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
+
+ $selected{'DAUTH'}{'whirlpool'} = '';
+ $selected{'DAUTH'}{'SHA512'} = '';
+ $selected{'DAUTH'}{'SHA384'} = '';
+ $selected{'DAUTH'}{'SHA256'} = '';
+ $selected{'DAUTH'}{'SHA1'} = '';
+ $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
+
$checked{'DCOMPLZO'}{'off'} = '';
$checked{'DCOMPLZO'}{'on'} = '';
$checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
+
# m.a.d
$checked{'MSSFIX'}{'off'} = '';
$checked{'MSSFIX'}{'on'} = '';
@@ -4595,7 +4904,7 @@ END
$activeonrun = "disabled='disabled'";
}
&Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});
- print <<END
+ print <<END;
<table width='100%' border='0'>
<form method='post'>
<td width='25%'> </td>
@@ -4615,7 +4924,7 @@ END
print "<tr><td class='boldbase'>$Lang::tr{'ovpn on orange'}</td>";
print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'}{'on'} /></td>";
}
- print <<END
+ print <<END;
<tr><td class='base' nowrap='nowrap' colspan='2'>$Lang::tr{'local vpn hostname/ip'}:<br /><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' size='30' /></td>
<td class='boldbase' nowrap='nowrap' colspan='2'>$Lang::tr{'ovpn subnet'}<br /><input type='TEXT' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}' size='30' /></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn device'}</td>
@@ -4628,27 +4937,27 @@ END
<td class='boldbase'>$Lang::tr{'destination port'}:</td>
<td><input type='TEXT' name='DDEST_PORT' value='$cgiparams{'DDEST_PORT'}' size='5' /></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'} </td>
- <td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}'size='5' /></td>
+ <td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}' size='5' /></td>
+
+ <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
+ <td><select name='DCIPHER'>
+ <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
+ <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
+ <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option>
+ <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
+ <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'})</option>
+ <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'})</option>
+ <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'})</option>
+ </select>
+ </td>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
<td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'} /></td>
- <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
- <td><select name='DCIPHER'>
- <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-256-CBC</option>
- <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-192-CBC</option>
- <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-128-CBC</option>
- <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option>
- <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>
- <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>
- <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>
- <option value='RC2-64-CBC' $selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>
- <option value='RC2-40-CBC' $selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>
- <option value='RC2-CBC' $selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC</option>
- <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC</option>
- <option value='DES-CBC' $selected{'DCIPHER'}{'DES-CBC'}>DES-CBC</option>
- <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>
- <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>
- <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC</option>
- </select></td></tr>
+ </tr>
<tr><td colspan='4'><br><br></td></tr>
END
;
@@ -4676,163 +4985,15 @@ END
}
print "</form></table>";
&Header::closebox();
- &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}");
- print <<EOF#'
- <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
- <tr>
- <th width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
- <th width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></th>
- <th width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></th>
- </tr>
-EOF
- ;
- my $col1="bgcolor='$color{'color22'}'";
- my $col2="bgcolor='$color{'color20'}'";
- if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
- my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
- $casubject =~ /Subject: (.*)[\n]/;
- $casubject = $1;
- $casubject =~ s+/Email+, E+;
- $casubject =~ s/ ST=/ S=/;
- print <<END
- <tr>
- <td class='base' $col1>$Lang::tr{'root certificate'}</td>
- <td class='base' $col1>$casubject</td>
- <form method='post' name='frmrootcrta'><td width='3%' align='center' $col1>
- <input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' />
- <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' width='20' height='20' border='0' />
- </td></form>
- <form method='post' name='frmrootcrtb'><td width='3%' align='center' $col1>
- <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' />
- <input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' />
- </td></form>
- <td width='4%' $col1> </td></tr>
-END
- ;
- } else {
- # display rootcert generation buttons
- print <<END
- <tr>
- <td class='base' $col1>$Lang::tr{'root certificate'}:</td>
- <td class='base' $col1>$Lang::tr{'not present'}</td>
- <td colspan='3' $col1> </td></tr>
-END
- ;
- }
-
- if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
- my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
- $hostsubject =~ /Subject: (.*)[\n]/;
- $hostsubject = $1;
- $hostsubject =~ s+/Email+, E+;
- $hostsubject =~ s/ ST=/ S=/;
-
- print <<END
- <tr>
- <td class='base' $col2>$Lang::tr{'host certificate'}</td>
- <td class='base' $col2>$hostsubject</td>
- <form method='post' name='frmhostcrta'><td width='3%' align='center' $col2>
- <input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' />
- <input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' width='20' height='20' border='0' />
- </td></form>
- <form method='post' name='frmhostcrtb'><td width='3%' align='center' $col2>
- <input type='image' name="$Lang::tr{'download host certificate'}" src='/images/media-floppy.png' alt="$Lang::tr{'download host certificate'}" title="$Lang::tr{'download host certificate'}" border='0' />
- <input type='hidden' name='ACTION' value="$Lang::tr{'download host certificate'}" />
- </td></form>
- <td width='4%' $col2> </td></tr>
-END
- ;
- } else {
- # Nothing
- print <<END
- <tr>
- <td width='25%' class='base' $col2>$Lang::tr{'host certificate'}:</td>
- <td class='base' $col2>$Lang::tr{'not present'}</td>
- </td><td colspan='3' $col2> </td></tr>
-END
- ;
- }
- if (! -f "${General::swroot}/ovpn/ca/cacert.pem") {
- print "<tr><td colspan='5' align='center'><form method='post'>";
- print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />";
- print "</form></td></tr>\n";
- }
-
- if (keys %cahash > 0) {
- foreach my $key (keys %cahash) {
- if (($key + 1) % 2) {
- print "<tr bgcolor='$color{'color20'}'>\n";
- } else {
- print "<tr bgcolor='$color{'color22'}'>\n";
- }
- print "<td class='base'>$cahash{$key}[0]</td>\n";
- print "<td class='base'>$cahash{$key}[1]</td>\n";
- print <<END
- <form method='post' name='cafrm${key}a'><td align='center'>
- <input type='image' name='$Lang::tr{'show ca certificate'}' src='/images/info.gif' alt='$Lang::tr{'show ca certificate'}' title='$Lang::tr{'show ca certificate'}' border='0' />
- <input type='hidden' name='ACTION' value='$Lang::tr{'show ca certificate'}' />
- <input type='hidden' name='KEY' value='$key' />
- </td></form>
- <form method='post' name='cafrm${key}b'><td align='center'>
- <input type='image' name='$Lang::tr{'download ca certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download ca certificate'}' title='$Lang::tr{'download ca certificate'}' border='0' />
- <input type='hidden' name='ACTION' value='$Lang::tr{'download ca certificate'}' />
- <input type='hidden' name='KEY' value='$key' />
- </td></form>
- <form method='post' name='cafrm${key}c'><td align='center'>
- <input type='hidden' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
- <input type='image' name='$Lang::tr{'remove ca certificate'}' src='/images/delete.gif' alt='$Lang::tr{'remove ca certificate'}' title='$Lang::tr{'remove ca certificate'}' width='20' height='20' border='0' />
- <input type='hidden' name='KEY' value='$key' />
- </td></form></tr>
-END
- ;
- }
- }
-
- print "</table>";
-
- # If the file contains entries, print Key to action icons
- if ( -f "${General::swroot}/ovpn/ca/cacert.pem") {
- print <<END
- <table>
- <tr>
- <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td>
- <td> <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
- <td class='base'>$Lang::tr{'show certificate'}</td>
- <td> <img src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' /></td>
- <td class='base'>$Lang::tr{'download certificate'}</td>
- </tr>
- </table>
-END
-;
- }
-
-print <<END
-<form method='post' enctype='multipart/form-data'>
-<table width='100%' border='0'>
-<tr><td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td><td nowrap='nowrap' width='8%'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'/></td><td nowrap='nowrap' align='right'><input type='file' name='FH' size='25' /><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td></tr>
-<tr><td colspan='4'><br></td></tr>
-<tr align='right'><td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td></tr>
-</table>
-END
-;
-
-
- &Header::closebox();
- if ( $srunning eq "yes" ) {
- print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' disabled='disabled' /></div></form>\n";
- }else{
- print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' /></div></form>\n";
- }
if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
-
###
# m.a.d net2net
#<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b><br /><img src='/images/null.gif' width='125' height='1' border='0' alt='L2089' /></td>
###
- &Header::openbox('100%', 'LEFT', $Lang::tr{'Client status and controlc' });
- print <<END
+ &Header::openbox('100%', 'LEFT', $Lang::tr{'connection status and controlc' });
+ print <<END;
<table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
@@ -4938,7 +5099,7 @@ END
}
- print <<END
+ print <<END;
<td align='center' $col1>$active</td>
<form method='post' name='frm${key}a'><td align='center' $col>
@@ -4949,7 +5110,7 @@ END
END
;
if ($confighash{$key}[4] eq 'cert') {
- print <<END
+ print <<END;
<form method='post' name='frm${key}b'><td align='center' $col>
<input type='image' name='$Lang::tr{'show certificate'}' src='/images/info.gif' alt='$Lang::tr{'show certificate'}' title='$Lang::tr{'show certificate'}' border='0' />
<input type='hidden' name='ACTION' value='$Lang::tr{'show certificate'}' />
@@ -4960,7 +5121,7 @@ END
print "<td> </td>";
}
if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") {
- print <<END
+ print <<END;
<form method='post' name='frm${key}c'><td align='center' $col>
<input type='image' name='$Lang::tr{'download pkcs12 file'}' src='/images/media-floppy.png' alt='$Lang::tr{'download pkcs12 file'}' title='$Lang::tr{'download pkcs12 file'}' border='0' />
<input type='hidden' name='ACTION' value='$Lang::tr{'download pkcs12 file'}' />
@@ -4968,7 +5129,7 @@ END
</td></form>
END
; } elsif ($confighash{$key}[4] eq 'cert') {
- print <<END
+ print <<END;
<form method='post' name='frm${key}c'><td align='center' $col>
<input type='image' name='$Lang::tr{'download certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' title='$Lang::tr{'download certificate'}' border='0' />
<input type='hidden' name='ACTION' value='$Lang::tr{'download certificate'}' />
@@ -5004,45 +5165,225 @@ END
# If the config file contains entries, print Key to action icons
if ( $id ) {
- print <<END
+ print <<END;
<table border='0'>
<tr>
- <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td>
- <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
- <td class='base'>$Lang::tr{'click to disable'}</td>
- <td> <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
- <td class='base'>$Lang::tr{'show certificate'}</td>
- <td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
- <td class='base'>$Lang::tr{'edit'}</td>
- <td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
- <td class='base'>$Lang::tr{'remove'}</td>
+ <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td>
+ <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
+ <td class='base'>$Lang::tr{'click to disable'}</td>
+ <td> <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
+ <td class='base'>$Lang::tr{'show certificate'}</td>
+ <td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
+ <td class='base'>$Lang::tr{'edit'}</td>
+ <td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
+ <td class='base'>$Lang::tr{'remove'}</td>
</tr>
<tr>
- <td> </td>
- <td> <img src='/images/off.gif' alt='?OFF' /></td>
- <td class='base'>$Lang::tr{'click to enable'}</td>
- <td> <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
- <td class='base'>$Lang::tr{'download certificate'}</td>
- <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td>
- <td class='base'>$Lang::tr{'dl client arch'}</td>
- </tr>
+ <td> </td>
+ <td> <img src='/images/off.gif' alt='?OFF' /></td>
+ <td class='base'>$Lang::tr{'click to enable'}</td>
+ <td> <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
+ <td class='base'>$Lang::tr{'download certificate'}</td>
+ <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td>
+ <td class='base'>$Lang::tr{'dl client arch'}</td>
+ </tr>
</table><br>
END
;
}
- print <<END
+ print <<END;
<table width='100%'>
<form method='post'>
- <tr><td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' />
- <input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td></tr>
+ <tr><td align='right'>
+ <input type='submit' name='ACTION' value='$Lang::tr{'add'}' />
+ <input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td>
+ </tr>
</form>
</table>
END
- ;
- &Header::closebox();
-}
-&Header::closepage();
+ ;
+ &Header::closebox();
+ }
+ &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}");
+ print <<END;
+ <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
+ <tr>
+ <th width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
+ <th width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></th>
+ <th width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></th>
+ </tr>
+END
+ ;
+ my $col1="bgcolor='$color{'color22'}'";
+ my $col2="bgcolor='$color{'color20'}'";
+ if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
+ my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
+ $casubject =~ /Subject: (.*)[\n]/;
+ $casubject = $1;
+ $casubject =~ s+/Email+, E+;
+ $casubject =~ s/ ST=/ S=/;
+ print <<END;
+ <tr>
+ <td class='base' $col1>$Lang::tr{'root certificate'}</td>
+ <td class='base' $col1>$casubject</td>
+ <form method='post' name='frmrootcrta'><td width='3%' align='center' $col1>
+ <input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' />
+ <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' width='20' height='20' border='0' />
+ </td></form>
+ <form method='post' name='frmrootcrtb'><td width='3%' align='center' $col1>
+ <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' />
+ </td></form>
+ <td width='4%' $col1> </td></tr>
+END
+ ;
+ } else {
+ # display rootcert generation buttons
+ print <<END;
+ <tr>
+ <td class='base' $col1>$Lang::tr{'root certificate'}:</td>
+ <td class='base' $col1>$Lang::tr{'not present'}</td>
+ <td colspan='3' $col1> </td></tr>
+END
+ ;
+ }
+ if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
+ my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
+ $hostsubject =~ /Subject: (.*)[\n]/;
+ $hostsubject = $1;
+ $hostsubject =~ s+/Email+, E+;
+ $hostsubject =~ s/ ST=/ S=/;
+ print <<END;
+ <tr>
+ <td class='base' $col2>$Lang::tr{'host certificate'}</td>
+ <td class='base' $col2>$hostsubject</td>
+ <form method='post' name='frmhostcrta'><td width='3%' align='center' $col2>
+ <input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' />
+ <input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' width='20' height='20' border='0' />
+ </td></form>
+ <form method='post' name='frmhostcrtb'><td width='3%' align='center' $col2>
+ <input type='image' name="$Lang::tr{'download host certificate'}" src='/images/media-floppy.png' alt="$Lang::tr{'download host certificate'}" title="$Lang::tr{'download host certificate'}" border='0' />
+ <input type='hidden' name='ACTION' value="$Lang::tr{'download host certificate'}" />
+ </td></form>
+ <td width='4%' $col2> </td></tr>
+END
+ ;
+ } else {
+ # Nothing
+ print <<END;
+ <tr>
+ <td width='25%' class='base' $col2>$Lang::tr{'host certificate'}:</td>
+ <td class='base' $col2>$Lang::tr{'not present'}</td>
+ </td><td colspan='3' $col2> </td></tr>
+END
+ ;
+ }
+
+ if (! -f "${General::swroot}/ovpn/ca/cacert.pem") {
+ print "<tr><td colspan='5' align='center'><form method='post'>";
+ print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />";
+ print "</form></td></tr>\n";
+ }
+
+ if (keys %cahash > 0) {
+ foreach my $key (keys %cahash) {
+ if (($key + 1) % 2) {
+ print "<tr bgcolor='$color{'color20'}'>\n";
+ } else {
+ print "<tr bgcolor='$color{'color22'}'>\n";
+ }
+ print "<td class='base'>$cahash{$key}[0]</td>\n";
+ print "<td class='base'>$cahash{$key}[1]</td>\n";
+ print <<END;
+ <form method='post' name='cafrm${key}a'><td align='center'>
+ <input type='image' name='$Lang::tr{'show ca certificate'}' src='/images/info.gif' alt='$Lang::tr{'show ca certificate'}' title='$Lang::tr{'show ca certificate'}' border='0' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'show ca certificate'}' />
+ <input type='hidden' name='KEY' value='$key' />
+ </td></form>
+ <form method='post' name='cafrm${key}b'><td align='center'>
+ <input type='image' name='$Lang::tr{'download ca certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download ca certificate'}' title='$Lang::tr{'download ca certificate'}' border='0' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'download ca certificate'}' />
+ <input type='hidden' name='KEY' value='$key' />
+ </td></form>
+ <form method='post' name='cafrm${key}c'><td align='center'>
+ <input type='hidden' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
+ <input type='image' name='$Lang::tr{'remove ca certificate'}' src='/images/delete.gif' alt='$Lang::tr{'remove ca certificate'}' title='$Lang::tr{'remove ca certificate'}' width='20' height='20' border='0' />
+ <input type='hidden' name='KEY' value='$key' />
+ </td></form></tr>
+END
+ ;
+ }
+ }
+
+ print "</table>";
+
+ # If the file contains entries, print Key to action icons
+ if ( -f "${General::swroot}/ovpn/ca/cacert.pem") {
+ print <<END;
+ <table>
+ <tr>
+ <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td>
+ <td> <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
+ <td class='base'>$Lang::tr{'show certificate'}</td>
+ <td> <img src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' /></td>
+ <td class='base'>$Lang::tr{'download certificate'}</td>
+ </tr>
+ </table>
+END
+ ;
+ }
+
+ print <<END
+ <hr size='1'>
+ <form method='post' enctype='multipart/form-data'>
+ <table width='100%' border='0'cellspacing='1' cellpadding='0'>
+ <tr>
+ <td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td>
+ <td nowrap='nowrap'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'/></td>
+ <td nowrap='nowrap'><input type='file' name='FH' size='25' />
+ <td nowrap='nowrap' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td>
+ </tr>
+
+ <tr align='right'>
+ <td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>
+ </tr>
+
+ <tr><td colspan=4><hr /></td></tr><tr>
+ <tr>
+ <td class'base'><b>$Lang::tr{'ovpn dh parameters'}:</b></td>
+ </tr>
+
+ <tr>
+ <td class='base' nowrap='nowrap'>$Lang::tr{'ovpn dh upload'}:</td>
+ <td nowrap='nowrap'><size='15' align='left'/></td>
+ <td nowrap='nowrap'><input type='file' name='FH' size='25' />
+ <td colspan='4' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}' /></td>
+ </tr>
+ <tr>
+ <td class='base' nowrap='nowrap'>$Lang::tr{'ovpn dh new key'}:</td>
+ <td nowrap='nowrap'><size='15' align='left'/></td>
+ <td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
+ </tr>
+ <tr>
+ <td colspan='4' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'show dh'}' /></td>
+ </tr>
+ </table>
+
+ <tr><td colspan=4><hr /></td></tr><tr>
+END
+ ;
+
+ if ( $srunning eq "yes" ) {
+ print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' disabled='disabled' /></div></form>\n";
+ } else {
+ print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' /></div></form>\n";
+ }
+ &Header::closebox();
+END
+ ;
+
+&Header::closepage();
diff --git a/html/cgi-bin/pppsetup.cgi b/html/cgi-bin/pppsetup.cgi
index f0100a8..7bceb80 100644
--- a/html/cgi-bin/pppsetup.cgi
+++ b/html/cgi-bin/pppsetup.cgi
@@ -73,6 +73,9 @@ elsif ($pppsettings{'ACTION'} eq $Lang::tr{'save'})
if ($pppsettings{'TYPE'} =~ /^(modem|serial|isdn)$/ && $pppsettings{'COMPORT'} !~ /^(ttyS0|ttyS1|ttyS2|ttyS3|ttyS4|ttyACM0|ttyACM1|ttyACM2|ttyACM3|ttyUSB0|ttyUSB1|ttyUSB2|ttyUSB3|rfcomm0|rfcomm1|isdn1|isdn2)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ERROR; }
+ if ($pppsettings{'TYPE'} =~ /^(modem|serial|isdn)$/ && $pppsettings{'MONPORT'} !~ /^(ttyUSB0|ttyUSB1|ttyUSB2|ttyUSB3)$/) {
+ $errormessage = $Lang::tr{'invalid input'};
+ goto ERROR; }
if ($pppsettings{'TYPE'} =~ /^(modem|serial)$/ && $pppsettings{'DTERATE'} !~ /^(9600|19200|38400|57600|115200|230400|460800|921600)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ERROR; }
@@ -338,6 +341,13 @@ $selected{'COMPORT'}{'rfcomm0'} = '';
$selected{'COMPORT'}{'rfcomm1'} = '';
$selected{'COMPORT'}{$pppsettings{'COMPORT'}} = "selected='selected'";
+$selected{'MONPORT'}{''} = '';
+$selected{'MONPORT'}{'ttyUSB0'} = '';
+$selected{'MONPORT'}{'ttyUSB1'} = '';
+$selected{'MONPORT'}{'ttyUSB2'} = '';
+$selected{'MONPORT'}{'ttyUSB3'} = '';
+$selected{'MONPORT'}{$pppsettings{'MONPORT'}} = "selected='selected'";
+
$selected{'DTERATE'}{'9600'} = '';
$selected{'DTERATE'}{'19200'} = '';
$selected{'DTERATE'}{'38400'} = '';
@@ -586,6 +596,24 @@ END
;
}
print "</select></td> "}
+
+ if ($pppsettings{'TYPE'} =~ /^(modem|serial)$/) {
+ print <<END;
+ <tr>
+ <td colspan='3' width='75%'>$Lang::tr{'monitor interface'}:</td>
+ <td width='25%'>
+ <select name="MONPORT" style="width: 165px;">
+ <option value="" $selected{'MONPORT'}{''}>---</option>
+ <option value="ttyUSB0" $selected{'MONPORT'}{'ttyUSB0'}>ttyUSB0</option>
+ <option value="ttyUSB1" $selected{'MONPORT'}{'ttyUSB1'}>ttyUSB1</option>
+ <option value="ttyUSB2" $selected{'MONPORT'}{'ttyUSB2'}>ttyUSB2</option>
+ <option value="ttyUSB3" $selected{'MONPORT'}{'ttyUSB3'}>ttyUSB3</option>
+ </select>
+ </td>
+ </tr>
+END
+ }
+
if ($pppsettings{'TYPE'} =~ /^(modem|serial)$/ ) {
print <<END
<tr>
@@ -929,6 +957,7 @@ sub initprofile
{
$pppsettings{'PROFILENAME'} = $Lang::tr{'unnamed'};
$pppsettings{'COMPORT'} = 'ttyS0';
+ $pppsettings{'MONPORT'} = '';
$pppsettings{'DTERATE'} = 115200;
$pppsettings{'SPEAKER'} = 'off';
$pppsettings{'RECONNECTION'} = 'persistent';
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index c4cff47..2a9d493 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -2972,11 +2972,23 @@ sub writepacfile
print FILE <<END
if (
(isPlainHostName(host)) ||
- (dnsDomainIs(host, ".$mainsettings{'DOMAINNAME'}")) ||
(isInNet(host, "127.0.0.1", "255.0.0.0")) ||
- (isInNet(host, "10.0.0.0", "255.0.0.0")) ||
- (isInNet(host, "172.16.0.0", "255.240.0.0")) ||
- (isInNet(host, "192.168.0.0", "255.255.0.0")) ||
+END
+;
+
+ if ($netsettings{'GREEN_DEV'}) {
+ print FILE " (isInNet(host, \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\")) ||\n";
+ }
+
+ if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
+ print FILE " (isInNet(host, \"$netsettings{'BLUE_NETADDRESS'}\", \"$netsettings{'BLUE_NETMASK'}\")) ||\n";
+ }
+
+ if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
+ print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n";
+ }
+
+ print FILE <<END
(isInNet(host, "169.254.0.0", "255.255.0.0"))
)
return "DIRECT";
diff --git a/html/html/themes/ipfire/include/functions.pl b/html/html/themes/ipfire/include/functions.pl
index 0c47cd4..63740d4 100644
--- a/html/html/themes/ipfire/include/functions.pl
+++ b/html/html/themes/ipfire/include/functions.pl
@@ -194,7 +194,7 @@ sub openpagewithoutmenu {
sub closepage () {
open(FILE, "</etc/system-release");
my $system_release = <FILE>;
- $system_release =~ s/core/Core Update/;
+ $system_release =~ s/core/Core Update /;
close(FILE);
print <<END;
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 090510f..6d27012 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1,7 +1,7 @@
%tr = (
%tr,
-'Act as' => 'Konfiguriert als',
+'Act as' => 'Konfiguriert als:',
'Add Level7 rule' => 'Level7-Regel hinzufügen',
'Add Port Rule' => 'Port-Regel hinzufügen',
'Add Rule' => 'Regel hinzufügen',
@@ -10,7 +10,6 @@
'Choose Rule' => 'Wählen Sie <u>eine</u> der untenstehenden Regeln aus.',
'Class' => 'Klasse',
'Class was deleted' => 'wurde mit eventuell vorhandenen Unterklassen gelöscht',
-'Client status and controlc' => 'Client-Status und -Kontrolle',
'ConnSched action' => 'Aktion:',
'ConnSched add action' => 'Aktion hinzufügen',
'ConnSched change profile title' => 'Wechsle zu Profil:',
@@ -39,7 +38,9 @@
'Local VPN IP' => 'Internes Netzwerk (GREEN)',
'MB read' => 'MB gelesen',
'MB written' => 'MB geschrieben',
-'MTU' => 'MTU Size',
+'MTU' => 'MTU-Größe:',
+'MTU settings' => 'MTU-Einstellungen:',
+'Number of Countries for the pie chart' => 'Anzahl der angezeigten Länder im Diagramm',
'Number of IPs for the pie chart' => 'Anzahl der angezeigten IPs im Diagramm',
'Number of Ports for the pie chart' => 'Anzahl der angezeigten Ports im Diagramm',
'OVPN' => 'OpenVPN',
@@ -468,6 +469,7 @@
'cant change certificates' => 'Kann Zertifikate nicht ändern.',
'cant enable xtaccess' => 'Die zugehörige Port-Weiterleitungsregel ist deaktiviert, daher können Sie den externen Zugang für diese Regel nicht aktivieren.',
'cant start openssl' => 'Kann OpenSSL nicht starten',
+'capabilities' => 'Unterstützte Features',
'caps all' => 'ALLE',
'capsclosed' => 'GETRENNT',
'capsinactive' => 'INAKTIV',
@@ -526,7 +528,7 @@
'check for net traffic update' => 'Prüfe auf Net-Traffic-Updates',
'check vpn lr' => 'Überprüfen',
'choose config' => 'Konfiguration auswählen',
-'cipher' => 'Verschlüsselung',
+'cipher' => 'Verschlüsselung:',
'city' => 'Stadt',
'class in use' => 'Die aktuelle Klasse wird bereits verwendet.',
'clear cache' => 'Zwischenspeicher löschen',
@@ -660,6 +662,10 @@
'details' => 'Mehr',
'device' => 'Gerät',
'devices on blue' => 'Geräte auf Blau',
+'dh' => 'Diffie-Hellman-Parameter',
+'dh key move failed' => 'Verschieben der Diffie-Hellman-Parameter fehlgeschlagen.',
+'dh key warn' => 'Das Generieren der Diffie-Hellman-Parameter mit 1024 oder 2048 Bit dauert üblicherweise mehrere Minuten. Schlüssellängen von 3072 oder 4096 Bit beanspruchen mehrere Stunden. Bitte haben Sie etwas Geduld.',
+'dh key warn1' => 'Bei schwachen Systemen oder Systeme mit wenig Entropie wird empfohlen lange Diffie-Hellman-Parameter über die Upload-Funktion hochzuladen.',
'dhcp advopt add' => 'DHCP Option hinzufügen',
'dhcp advopt added' => 'DHCP Option hinzugefügt',
'dhcp advopt blank value' => 'Wert für DHCP Option darf nicht leer sein',
@@ -732,7 +738,7 @@
'dns proxy server' => 'DNS-Proxyserver',
'dns saved' => 'Erfolgreich gespeichert!',
'dns saved txt' => 'Die beiden eingegebenen DNS-Server-Adressen wurde erfolgreich gespeichert.<br/>Um die Änderung wirksam zu machen, müssen Sie neustarten oder wiederverbinden!',
-'dns server' => 'DNS-Server',
+'dns server' => 'DNS Server',
'dns servers' => 'DNS-Server',
'dns title' => 'Domain Name System',
'dnsforward' => 'DNS-Weiterleitung',
@@ -757,7 +763,6 @@
'donation-text' => '<strong>IPFire</strong> wird von Freiwilligen in ihrer Freizeit betrieben und auch betreut. Um dieses Projekt am Laufen zu halten, entstehen uns natürlich auch Kosten. Wenn Sie uns unterstützen wollen, würden wir uns über eine kleine Spende sehr freuen.',
'dos charset' => 'DOS Charset',
'down and up speed' => 'Geben Sie bitte hier ihre Download- bzw. Upload-Geschwindigkeit ein <br /> und klicken Sie danach auf <i>Speichern</i>.',
-'downlink' => 'Downlink',
'downlink speed' => 'Downlink-Geschwindigkeit (kBit/sek)',
'downlink std class' => 'Downloadstandardklasse',
'download' => 'herunterladen',
@@ -903,13 +908,13 @@
'firewall log' => 'Firewall-Protokoll',
'firewall log viewer' => 'Betrachter der Firewall-Logdateien',
'firewall logs' => 'Firewall-Logdateien',
+'firewall logs country' => 'Fw-Logdiagramme (Land)',
'firewall logs ip' => 'Fw-Logdiagramme (IP)',
'firewall logs port' => 'Fw-Logdiagramme (Port)',
'firewall rules' => 'Firewallregeln',
'firewallhits' => 'Firewalltreffer',
'firmware' => 'Firmware',
'firmware upload' => 'Hochladen der Firmware/Treiber',
-'first' => 'Erste',
'fixed ip lease added' => 'Feste IP-Zuordnung hinzugefügt',
'fixed ip lease modified' => 'Feste IP-Zuordnung geändert',
'fixed ip lease removed' => 'Feste IP-Zuordnung gelöscht',
@@ -1120,9 +1125,11 @@
'fwhost wo subnet' => '(Ohne Subnetz)',
'gateway' => 'Gateway',
'gateway ip' => 'Gateway-IP',
+'gen dh' => 'Neuen Diffie-Hellman-Parameter erzeugen',
'gen static key' => 'Statischen Schlüssel erzeugen',
'generate' => 'Root/Host-Zertifikate generieren',
'generate a certificate' => 'Erzeuge ein Zertifikat:',
+'generate dh key' => 'Diffie-Hellman Key generieren',
'generate iso' => 'ISO erstellen',
'generate root/host certificates' => 'Erzeuge Root/Host-Zertifikate',
'generate tripwire keys and init' => 'Tripwire Initalisierung',
@@ -1203,8 +1210,10 @@
'ike integrity' => 'IKE Integrität:',
'ike lifetime' => 'IKE Lebensdauer:',
'ike lifetime should be between 1 and 8 hours' => 'IKE Lebensdauer sollte zwischen 1 und 8 Stunden betragen.',
+'imei' => 'IMEI',
'import' => 'Import',
'importkey' => 'PSK importieren',
+'imsi' => 'IMSI',
'in' => 'Ein',
'inactive' => 'inaktiv',
'include logfiles' => 'mit Logdateien',
@@ -1331,7 +1340,6 @@
'lan' => 'LAN',
'lang' => 'de',
'languagepurpose' => 'Wählen Sie eine Sprache, in der IPFire angezeigt werden soll:',
-'last' => 'Letzte',
'last activity' => 'Letzte Aktivität',
'lateprompting' => 'Late prompting',
'lease expires' => 'Zuordnung verfällt',
@@ -1363,7 +1371,7 @@
'log view' => 'Log Anzeige',
'log viewer' => 'Protokollansicht',
'log viewing options' => 'Log Ansichts-Optionen',
-'log-options' => 'Logfile options',
+'log-options' => 'Logfile Optionen',
'loged in at' => 'Angemeldet seit',
'logging' => 'Logging',
'logging server' => 'Protokollierungs-Server',
@@ -1456,15 +1464,28 @@
'missing dat' => 'Verschlüsseltes Archiv wurde nicht gefunden',
'missing gz' => 'Nichtverschlüsseltes Archiv wurde nicht gefunden',
'mode' => 'Modus',
+'model' => 'Modell',
'modem' => 'Modem',
'modem configuration' => 'Modem-Konfiguration',
+'modem hardware details' => 'Modem-Hardware',
+'modem information' => 'Modem-Informationen',
+'modem network bit error rate' => 'Bit-Fehlerrate',
+'modem network information' => 'Netzwerkinformationen',
+'modem network mode' => 'Netzwerkmodus',
+'modem network operator' => 'Netzbetreiber',
+'modem network registration' => 'Netzregistrierung',
+'modem network signal quality' => 'Signalqualität',
+'modem no connection' => 'Keine Verbindung',
+'modem no connection message' => 'Es konnte keine Verbindung zum Modem aufgebaut werden.',
'modem on com1' => 'Modem an COM1',
'modem on com2' => 'Modem an COM2',
'modem on com3' => 'Modem an COM3',
'modem on com4' => 'Modem an COM4',
'modem on com5' => 'Modem an COM5',
'modem settings have errors' => 'Modemeinstellungen fehlerhaft',
+'modem sim information' => 'SIM-Informationen',
'modem speaker on' => 'Modemlautsprecher an:',
+'modem status' => 'Modem-Status',
'modify' => 'Ändern',
'modulation' => 'Modulation',
'monday' => 'Montag',
@@ -1523,6 +1544,7 @@
'network traffic graphs others' => 'Netzwerk (sonstige)',
'network updated' => 'Benutzerdefiniertes Netzwerk aktualisiert',
'networks settings' => 'Firewall - Netzwerkeinstellungen',
+'never' => 'Nie',
'new optionsfw later' => 'Einige Einstellungen werden erst nach einem Neustart aktiv',
'new optionsfw must boot' => 'Sie müssen Ihren IPFire neu starten',
'newer' => 'Neuer',
@@ -1544,6 +1566,7 @@
'nonetworkname' => 'Kein Netzwerkname wurde eingegeben',
'noservicename' => 'Kein Dienstname wurde eingegeben',
'not a valid ca certificate' => 'Kein gültiges CA Zertifikat.',
+'not a valid dh key' => 'Kein gültiger Diffie-Hellman-Parameter. Es sind nur Parameter mit einer Länge von 1024, 2048, 3072 oder 4096 Bit im PKCS#3-Format erlaubt.',
'not enough disk space' => 'Nicht genügend Plattenplatz vorhanden',
'not present' => '<B>Nicht</B> vorhanden',
'not running' => 'nicht gestartet',
@@ -1635,10 +1658,19 @@
'ovpn' => 'OpenVPN',
'ovpn con stat' => 'OpenVPN Verbindungs-Statistik',
'ovpn config' => 'OVPN-Konfiguration',
+'ovpn crypt options' => 'Kryptografieoptionen',
'ovpn device' => 'OpenVPN-Gerät',
+'ovpn dh' => 'Diffie-Hellman-Parameter-Länge',
+'ovpn dh new key' => 'Neuen Diffie-Hellman Parameter erstellen',
+'ovpn dh parameters' => 'Diffie-Hellman-Parameter-Optionen',
+'ovpn dh upload' => 'Neuen Diffie-Hellman-Parameter hochladen',
'ovpn dl' => 'OVPN-Konfiguration downloaden',
+'ovpn engines' => 'Krypto Engine',
'ovpn errmsg green already pushed' => 'Route für grünes Netzwerk wird immer gesetzt',
'ovpn errmsg invalid ip or mask' => 'Ungültige Netzwerk-Adresse oder Subnetzmaske',
+'ovpn generating the root and host certificates' => 'Die Erzeugung der Root- und Host-Zertifikate kann lange Zeit dauern.',
+'ovpn ha' => 'Hash-Algorithmus',
+'ovpn hmac' => 'HMAC-Optionen',
'ovpn log' => 'OVPN-Log',
'ovpn mgmt in root range' => 'Ein Port von 1024 oder höher ist erforderlich.',
'ovpn mtu-disc' => 'Path MTU Discovery',
@@ -1649,14 +1681,15 @@
'ovpn mtu-disc with mssfix or fragment' => 'Path MTU Discovery kann nicht gemeinsam mit mssfix oder fragment verwendet werden.',
'ovpn mtu-disc yes' => 'Forciert',
'ovpn no connections' => 'Keine aktiven OpenVPN Verbindungen',
-'ovpn on blue' => 'OpenVPN auf BLAU',
-'ovpn on orange' => 'OpenVPN auf ORANGE',
-'ovpn on red' => 'OpenVPN auf ROT',
+'ovpn on blue' => 'OpenVPN auf BLAU:',
+'ovpn on orange' => 'OpenVPN auf ORANGE:',
+'ovpn on red' => 'OpenVPN auf ROT:',
'ovpn port in root range' => 'Ein Port von 1024 oder höher ist erforderlich.',
+'ovpn reneg sec' => 'Session Key Lifetime',
'ovpn routes push' => 'Routen (eine pro Zeile) z.b. 192.168.10.0/255.255.255.0 192.168.20.0/24',
'ovpn routes push options' => 'Route push Optionen',
'ovpn server status' => 'OpenVPN-Server-Status',
-'ovpn subnet' => 'OpenVPN-Subnetz (z.B. 10.0.10.0/255.255.255.0)',
+'ovpn subnet' => 'OpenVPN-Subnetz:',
'ovpn subnet is invalid' => 'Das OpenVPN-Subnetz ist ungültig.',
'ovpn subnet overlap' => 'OpenVPNSubnetz überschneidet sich mit ',
'ovpn_fastio' => 'Fast-IO',
@@ -1757,7 +1790,7 @@
'profile saved' => 'Profil gespeichert: ',
'profiles' => 'Profile:',
'proto' => 'Proto',
-'protocol' => 'Protokoll',
+'protocol' => 'Protokoll:',
'proxy' => 'Proxy',
'proxy access graphs' => 'Diagramme zur Proxyauslastung',
'proxy admin password' => 'Cache Administrator Passwort',
@@ -1830,7 +1863,7 @@
'resetglobals' => 'Globale Einstellungen zurücksetzen',
'resetpolicy' => 'Policy zurücksetzen',
'resetshares' => 'Shares zurücksetzen?',
-'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'Das Zurücksetzen der VPN-Konfiguration wird die Root-CA, die Host-Zertifikate und alle weiteren Zertifikate und alle zertifikatsbasierten Verbindungen entfernen',
+'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'Das Löschen des X509 wird die Root-CA, die Host-Zertifikate und alle zertifikatsbasierten Verbindungen entfernen.',
'restart' => 'Neustart',
'restart ovpn server' => 'OpenVPN-Server neu starten',
'restore' => 'Wiederherstellen',
@@ -1900,6 +1933,7 @@
'show ca certificate' => 'CA Zertifikat anzeigen',
'show certificate' => 'Zertifikat anzeigen',
'show crl' => 'Certificate Revocation List anzeigen',
+'show dh' => 'Diffie-Hellman-Parameter anzeigen',
'show host certificate' => 'Host-Zertifikat anzeigen',
'show last x lines' => 'die letzten x Zeilen anzeigen',
'show root certificate' => 'Root-Zertifikat anzeigen',
@@ -1929,6 +1963,7 @@
'snort hits' => 'Gesamtanzahl der aktivierten Intrusion-Regeln für',
'snort working' => 'Snort führt gerade eine Aufgabe aus... Bitte warten Sie, bis diese erfolgreich beendet wurde.',
'socket options' => 'Socket Options',
+'software version' => 'Software-Version',
'sort ascending' => 'Sortiere aufsteigend',
'sort descending' => 'Sortiere absteigend',
'sound' => 'Klang',
@@ -1936,6 +1971,7 @@
'source ip' => 'Quell-IP-Adresse',
'source ip and port' => 'Quell-IP:Port',
'source ip bad' => 'Ungültige Quell-IP-Adresse.',
+'source ip country' => 'Quell-IP-Adresse Land',
'source ip in use' => 'Benutzte Quell-IP:',
'source ip or net' => 'Quellen-IP oder Netz',
'source net' => 'Quell-Netz',
@@ -2227,13 +2263,13 @@
'updxlrtr weekly' => 'wöchentlich',
'updxlrtr year' => 'einem Jahr',
'upgrade' => 'upgrade',
-'uplink' => 'Uplink',
'uplink speed' => 'Uplink-Geschwindigkeit (kBit/sek)',
'uplink std class' => 'Uploadstandardklasse',
'upload' => 'Hochladen',
'upload a certificate' => 'Ein Zertifikat hochladen:',
'upload a certificate request' => 'Eine Zertifikatsanfrage hochladen:',
'upload ca certificate' => 'CA-Zertifikat hochladen',
+'upload dh key' => 'Diffie-Hellman-Parameter hochladen',
'upload file' => 'Datei zum hochladen',
'upload new ruleset' => 'Neuen Regelsatz hochladen',
'upload p12 file' => 'PKCS12-Datei hochladen',
@@ -2469,6 +2505,7 @@
'valid root certificate already exists' => 'Ein gültiges Root-Zertifikat existiert bereits.',
'valid till' => 'Gültig bis',
'vci number' => 'VCI-Nummer:',
+'vendor' => 'Hersteller',
'view log' => 'Log anzeigen',
'virtual address' => 'Virtuelle Addresse',
'virtual private networking' => 'Virtuelles Privates Netzwerk',
@@ -2483,7 +2520,6 @@
'vpn aggrmode' => 'IKE Aggressive Mode zugelassen. Wenn möglich, vermeiden (preshared Schlüssel wird im Klartext übertragen)!',
'vpn altname syntax' => 'Der Subjekt Alternativ Name ist eine durch Komma getrennte Liste von Email, DNS, URI, RID und IP Objekten. <br />Email: eine Email Adresse. Syntax Email: \'copy\' benutzt die Email Adresse aus dem Zertifikatfeld. <br />DNS: ein gültiger Domain Name.<br />URI: eine gültige URI.<br />RID: Registriertes Objekt Identifikation.<br />IP: eine IP Adresse.<br />Bitte beachten: der Zeichensatz ist eingeschränkt und die Groß-/Kleinschreibung ist entscheidend.<br />Beispiel:<br /><b>email:</b>info(a)ipfire.org<b>,email:</b>copy<b>,DNS:</b>www.ipfire.org<b>,IP:</b>127.0.0.1<b>,URI:</b>http://url/nach/irgendwo',
'vpn auth-dn' => 'Peer wird identifiziert durch entweder ein IPV4_ADDR, FQDN, USER_FQDN oder DER_ASN1_DN string in Remote ID Feld',
-'vpn configuration main' => 'VPN-Konfiguration',
'vpn delayed start' => 'Verzögerung bevor VPN gestartet wird (Sekunden)',
'vpn delayed start help' => 'Falls notwendig, kann diese Verzögerung dazu verwendet werden, um Dynamic-DNS-Updates ordnungsgemäß anzuwenden. 60 ist ein gängiger Wert, wenn ROT (RED) eine dynamische IP Adresse ist.',
'vpn incompatible use of defaultroute' => 'Hostname=%defaultroute nicht zulässig',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index de29f34..f7bfcd8 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -10,7 +10,6 @@
'Choose Rule' => 'Choose <u>one</u> of the following rules.',
'Class' => 'Class',
'Class was deleted' => 'with potential subclasses was deleted',
-'Client status and controlc' => 'Client status and control:',
'ConnSched action' => 'Action:',
'ConnSched add action' => 'Add action',
'ConnSched change profile title' => 'Change to profile:',
@@ -40,6 +39,8 @@
'MB read' => 'MB read',
'MB written' => 'MB written',
'MTU' => 'MTU size:',
+'MTU settings' => 'MTU settings:',
+'Number of Countries for the pie chart' => 'Number of Countries for the pie chart',
'Number of IPs for the pie chart' => 'Number of IPs for the pie chart',
'Number of Ports for the pie chart' => 'Number of ports for the pie chart',
'OVPN' => 'OpenVPN',
@@ -424,7 +425,7 @@
'behind a proxy' => 'Behind a proxy:',
'bewan adsl pci st' => 'TO BE REMOVED',
'bewan adsl usb' => 'TO BE REMOVED',
-'bit' => 'Bit',
+'bit' => 'bit',
'bitrate' => 'Bitrate',
'bleeding rules' => 'Bleeding Edge Snort Rules',
'blue' => 'BLUE',
@@ -487,6 +488,7 @@
'cant change certificates' => 'Can\'t change certificates.',
'cant enable xtaccess' => 'The associated port forwarding rule is disabled, therefore you cannot enable external access for this rule.',
'cant start openssl' => 'Can\'t start OpenSSL',
+'capabilities' => 'Capabilities',
'caps all' => 'ALL',
'capsclosed' => 'DISCONNECTED',
'capsinactive' => 'INACTIVE',
@@ -682,6 +684,11 @@
'details' => 'Details',
'device' => 'Device',
'devices on blue' => 'Devices on BLUE',
+'dh' => 'Diffie-Hellman parameters',
+'dh key move failed' => 'Diffie-Hellman parameters move failed.',
+'dh key warn' => 'Creating Diffie-Hellman parameters with lengths of 1024 or 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.',
+'dh key warn1' => 'For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.',
+'dh name is invalid' => 'Name is invalid, please use "dh1024.pem".',
'dhcp advopt add' => 'Add a DHCP option',
'dhcp advopt added' => 'DHCP option added',
'dhcp advopt blank value' => 'DHCP Option value cannot be empty.',
@@ -782,7 +789,6 @@
'done' => 'Do it',
'dos charset' => 'DOS Charset',
'down and up speed' => 'Enter your Down- and Uplink-Speed <br /> and then press <i>Save</i>.',
-'downlink' => 'Downlink',
'downlink speed' => 'Downlink speed (kbit/sec)',
'downlink std class' => 'downlink standard class',
'download' => 'download',
@@ -929,13 +935,13 @@
'firewall log' => 'Firewall log',
'firewall log viewer' => 'Firewall Log Viewer',
'firewall logs' => 'Firewall Logs',
+'firewall logs country' => 'Fw-Loggraphs (Country)',
'firewall logs ip' => 'Fw-Loggraphs (IP)',
'firewall logs port' => 'Fw-Loggraphs (Port)',
'firewall rules' => 'Firewall Rules',
'firewallhits' => 'firewallhits',
'firmware' => 'Firmware',
'firmware upload' => 'Upload Firmware/Drivers',
-'first' => 'First',
'fixed ip lease added' => 'Fixed IP lease added',
'fixed ip lease modified' => 'Fixed IP lease modified',
'fixed ip lease removed' => 'Fixed IP lease removed',
@@ -1148,9 +1154,11 @@
'g.lite' => 'TO BE REMOVED',
'gateway' => 'Gateway',
'gateway ip' => 'Gateway IP',
+'gen dh' => 'Generate new Diffie-Hellman parameters',
'gen static key' => 'Generate a static key',
'generate' => 'Generate root/host zertifikate',
'generate a certificate' => 'Generate a certificate:',
+'generate dh key' => 'Generate Diffie-Hellman parameters',
'generate iso' => 'Generate ISO',
'generate root/host certificates' => 'Generate root/host certificates',
'generate tripwire keys and init' => 'generate tripwire keys and init',
@@ -1231,8 +1239,10 @@
'ike integrity' => 'IKE Integrity:',
'ike lifetime' => 'IKE Lifetime:',
'ike lifetime should be between 1 and 8 hours' => 'IKE lifetime should be between 1 and 8 hours.',
+'imei' => 'IMEI',
'import' => 'Import',
'importkey' => 'Import PSK',
+'imsi' => 'IMSI',
'in' => 'In',
'inactive' => 'inactive',
'include logfiles' => 'Include logfiles',
@@ -1360,7 +1370,6 @@
'lan' => 'LAN',
'lang' => 'en',
'languagepurpose' => 'Select the language you wish IPFire to display in:',
-'last' => 'Last',
'last activity' => 'Last Activity',
'lateprompting' => 'Lateprompting',
'lease expires' => 'Lease expires',
@@ -1375,7 +1384,7 @@
'local hard disk' => 'Hard disk',
'local master' => 'Local Master',
'local ntp server specified but not enabled' => 'Local NTP server specified but not enabled',
-'local subnet' => 'Local Subnet:',
+'local subnet' => 'Local subnet:',
'local subnet is invalid' => 'Local subnet is invalid.',
'local vpn hostname/ip' => 'Local VPN Hostname/IP',
'localkey' => 'Localkey',
@@ -1485,15 +1494,28 @@
'missing dat' => 'Encrypted archive not found',
'missing gz' => 'Unencrypted archive not found',
'mode' => 'Mode',
+'model' => 'Model',
'modem' => 'Modem',
'modem configuration' => 'Modem configuration',
+'modem hardware details' => 'Modem Hardware',
+'modem information' => 'Modem Information',
+'modem network bit error rate' => 'Bit Error Rate',
+'modem network information' => 'Network Information',
+'modem network mode' => 'Network Mode',
+'modem network operator' => 'Network Operator',
+'modem network registration' => 'Network Registration',
+'modem network signal quality' => 'Signal Quality',
+'modem no connection' => 'No Connection',
+'modem no connection message' => 'No connection to the modem could be established.',
'modem on com1' => 'Modem on COM1',
'modem on com2' => 'Modem on COM2',
'modem on com3' => 'Modem on COM3',
'modem on com4' => 'Modem on COM4',
'modem on com5' => 'Modem on COM5',
'modem settings have errors' => 'Modem settings have errors',
+'modem sim information' => 'SIM Information',
'modem speaker on' => 'Modem speaker on:',
+'modem status' => 'Modem Status',
'modify' => 'Modify',
'modulation' => 'Modulation',
'monday' => 'Monday',
@@ -1552,6 +1574,7 @@
'network traffic graphs others' => 'Network (others)',
'network updated' => 'Custom Network updated',
'networks settings' => 'Firewall - Network settings',
+'never' => 'Never',
'new optionsfw later' => 'Some options need a reboot to take effect',
'new optionsfw must boot' => 'You must reboot your IPFire',
'newer' => 'Newer',
@@ -1573,6 +1596,7 @@
'nonetworkname' => 'No Network Name entered',
'noservicename' => 'No Service Name entered',
'not a valid ca certificate' => 'Not a valid CA certificate.',
+'not a valid dh key' => 'Not a valid Diffie-Hellman parameters file. Please use a length of 1024, 2048, 3072 or 4096 bits and the PKCS#3 format.',
'not enough disk space' => 'Not enough disk space',
'not present' => '<b>Not</b> present',
'not running' => 'not running',
@@ -1665,10 +1689,19 @@
'ovpn' => 'OpenVPN',
'ovpn con stat' => 'OpenVPN Connection Statistics',
'ovpn config' => 'OVPN-Config',
+'ovpn crypt options' => 'Cryptographic options',
'ovpn device' => 'OpenVPN device:',
+'ovpn dh' => 'Diffie-Hellman parameters length',
+'ovpn dh new key' => 'Generate new Diffie-Hellman parameters',
+'ovpn dh parameters' => 'Diffie-Hellman parameters options',
+'ovpn dh upload' => 'Upload new Diffie-Hellman parameters',
'ovpn dl' => 'OVPN-Config Download',
+'ovpn engines' => 'Crypto engine',
'ovpn errmsg green already pushed' => 'Route for green network is always set',
'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask',
+'ovpn generating the root and host certificates' => 'Generating the root and host certifictae can take a long time.',
+'ovpn ha' => 'Hash algorithm',
+'ovpn hmac' => 'HMAC options',
'ovpn log' => 'OVPN-Log',
'ovpn mgmt in root range' => 'A port number of 1024 or higher is required.',
'ovpn mtu-disc' => 'Path MTU Discovery',
@@ -1679,18 +1712,18 @@
'ovpn mtu-disc with mssfix or fragment' => 'Path MTU Discovery cannot be used with mssfix or fragment.',
'ovpn mtu-disc yes' => 'Forced',
'ovpn no connections' => 'No active OpenVPN connections',
-'ovpn on blue' => 'OpenVPN on BLUE',
-'ovpn on orange' => 'OpenVPN on ORANGE',
-'ovpn on red' => 'OpenVPN on RED',
+'ovpn on blue' => 'OpenVPN on BLUE:',
+'ovpn on orange' => 'OpenVPN on ORANGE:',
+'ovpn on red' => 'OpenVPN on RED:',
'ovpn port in root range' => 'A port number of 1024 or higher is required.',
+'ovpn reneg sec' => 'Session key lifetime:',
'ovpn routes push' => 'Routes (one per line) e.g. 192.168.10.0/255.255.255.0 192.168.20.0/24',
'ovpn routes push options' => 'Route push options',
'ovpn server status' => 'Current OpenVPN server status:',
-'ovpn subnet' => 'OpenVPN subnet (e.g. 10.0.10.0/255.255.255.0)',
+'ovpn subnet' => 'OpenVPN subnet:',
'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.',
'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ',
'ovpn_fastio' => 'Fast-IO',
-'ovpn_fragment' => 'Fragmentsize',
'ovpn_mssfix' => 'MSSFIX Size',
'ovpn_mtudisc' => 'MTU-Discovery',
'ovpn_processprio' => 'Process priority',
@@ -1787,7 +1820,7 @@
'profile saved' => 'Profile saved: ',
'profiles' => 'Profiles:',
'proto' => 'Proto',
-'protocol' => 'Protocol',
+'protocol' => 'Protocol:',
'proxy' => 'Proxy',
'proxy access graphs' => 'Proxy access graphs',
'proxy admin password' => 'Cache administrator password',
@@ -1862,7 +1895,7 @@
'resetglobals' => 'Reset global settings',
'resetpolicy' => 'Reset policy to default',
'resetshares' => 'Reset shares?',
-'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'Resetting the VPN configuration will remove the root CA, the host certificate and all certificate based connections',
+'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'Resetting the X509 remove the root CA, the host certificate and all certificate based connections.',
'restart' => 'Restart',
'restart ovpn server' => 'Restart OpenVPN server',
'restore' => 'Restore',
@@ -1934,6 +1967,7 @@
'show ca certificate' => 'Show CA certificate',
'show certificate' => 'Show certificate',
'show crl' => 'Show certificate revocation list',
+'show dh' => 'Show Diffie-Hellman parameters',
'show host certificate' => 'Show host certificate',
'show last x lines' => 'Show last x lines',
'show lines' => 'Show lines',
@@ -1964,6 +1998,7 @@
'snort hits' => 'Total of number of Intrusion rules activated for',
'snort working' => 'Snort is working ... Please wait until all operations have completed successfully.',
'socket options' => 'Socket options',
+'software version' => 'Software Version',
'sort ascending' => 'Sort ascending',
'sort descending' => 'Sort descending',
'sound' => 'Sound',
@@ -1971,6 +2006,7 @@
'source ip' => 'Source IP',
'source ip and port' => 'Source IP: Port',
'source ip bad' => 'Not a valid IP address or a network address.',
+'source ip country' => 'Source IP Country',
'source ip in use' => 'Source IP in use:',
'source ip or net' => 'Source IP or Net',
'source net' => 'Source Net',
@@ -2051,6 +2087,7 @@
'telephone not set' => 'Telephone not set.',
'template' => 'Preset',
'template warning' => 'You have two options to set up Qos. The First, you press the save button and generate the classes and rules on your own. The second, you press the preset button and classes and rules will be set up by a template.',
+'teovpn_fragment' => 'Fragmentsize',
'test' => 'test',
'test email could not be sent' => 'Could not sent Testemail',
'test email was sent' => 'Testemail was send successfully',
@@ -2265,13 +2302,13 @@
'updxlrtr weekly' => 'weekly',
'updxlrtr year' => 'one year',
'upgrade' => 'upgrade',
-'uplink' => 'Uplink',
'uplink speed' => 'Uplink speed (kbit/sec)',
'uplink std class' => 'uplink standard class',
'upload' => 'Upload',
'upload a certificate' => 'Upload a certificate:',
'upload a certificate request' => 'Upload a certificate request:',
'upload ca certificate' => 'Upload CA certificate',
+'upload dh key' => 'Upload Diffie-Hellman parameters',
'upload fcdsl.o' => 'TO BE REMOVED',
'upload file' => 'Upload file',
'upload new ruleset' => 'Upload new ruleset',
@@ -2508,6 +2545,7 @@
'valid root certificate already exists' => 'A valid root certificate already exists.',
'valid till' => 'Valid till',
'vci number' => 'VCI number:',
+'vendor' => 'Vendor',
'view log' => 'view log',
'virtual address' => 'Virtual Address',
'virtual private networking' => 'Virtual Private Networking',
@@ -2522,7 +2560,6 @@
'vpn aggrmode' => 'IKE aggressive mode allowed. Avoid if possible (preshared key is transmitted in clear text)!',
'vpn altname syntax' => 'SubjectAltName is a comma separated list of e-mail, dns, uri, rid and ip objects.<br />email:an email address. Syntax email:copy takes the email field from the cert to be used.<br />DNS:a valid domain name.<br />URI:any valid uri.<br />RID:registered object identifier.<br />IP:an IP address.<br />Note:charset is limited and case is significant.<br />Example:<br /><b>e-mail:</b>ipfire(a)foo.org<b>,email:</b>copy<b>,DNS:</b>www.ipfire.org<b>,IP:</b>127.0.0.1<b>,URI:</b>http://url/to/something',
'vpn auth-dn' => 'Peer is identified by either IPV4_ADDR, FQDN, USER_FQDN or DER_ASN1_DN string in remote ID field',
-'vpn configuration main' => 'VPN Configuration',
'vpn delayed start' => 'Delay before launching VPN (seconds)',
'vpn delayed start help' => 'If required, this delay can be used to allow dynamic DNS updates to propagate properly. 60 is a common value when RED is a dynamic IP.',
'vpn incompatible use of defaultroute' => 'hostname=%defaultroute not allowed',
diff --git a/lfs/configroot b/lfs/configroot
index 3232d38..fcb08b0 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -80,6 +80,7 @@ $(TARGET) :
cp $(DIR_SRC)/config/cfgroot/lang.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/graphs.pl $(CONFIG_ROOT)/
+ cp $(DIR_SRC)/config/cfgroot/modem-lib.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/advoptions-list $(CONFIG_ROOT)/dhcp/advoptions-list
cp $(DIR_SRC)/config/cfgroot/connscheduler-lib.pl $(CONFIG_ROOT)/connscheduler/lib.pl
cp $(DIR_SRC)/config/cfgroot/connscheduler.conf $(CONFIG_ROOT)/connscheduler
diff --git a/lfs/daq b/lfs/daq
index e6fd8fb..fa8f2a8 100644
--- a/lfs/daq
+++ b/lfs/daq
@@ -24,7 +24,7 @@
include Config
-VER = 2.0.1
+VER = 2.0.2
THISAPP = daq-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 044aa3663d44580d005293eeb8ccf175
+$(DL_FILE)_MD5 = 865bf9b750a2a2ca632591a3c70b0ea0
install : $(TARGET)
diff --git a/lfs/e1000e b/lfs/e1000e
index 58c99c4..10a42ee 100644
--- a/lfs/e1000e
+++ b/lfs/e1000e
@@ -27,7 +27,7 @@ include Config
VERSUFIX = ipfire$(KCFG)
MODPATH = /lib/modules/$(KVER)-$(VERSUFIX)/kernel/drivers/net/e1000e
-VER = 2.5.4
+VER = 3.0.4
THISAPP = e1000e-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8a57fc73335bf1ab0e16a02ecccdae76
+$(DL_FILE)_MD5 = 2d8364cd2043ef5c71291a4ca8b8084e
install : $(TARGET)
diff --git a/lfs/igb b/lfs/igb
index 9303ffb..b8aadc4 100644
--- a/lfs/igb
+++ b/lfs/igb
@@ -27,7 +27,7 @@ include Config
VERSUFIX = ipfire$(KCFG)
MODPATH = /lib/modules/$(KVER)-$(VERSUFIX)/kernel/drivers/net/ethernet/intel/igb/
-VER = 5.0.6
+VER = 5.1.2
THISAPP = igb-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 701717fbbba6065af4ff5138bd3a3a9c
+$(DL_FILE)_MD5 = c222b04f7e43afffc105d0d0db60c6c0
install : $(TARGET)
diff --git a/lfs/nut b/lfs/nut
index 0a5f847..c64c5a2 100644
--- a/lfs/nut
+++ b/lfs/nut
@@ -24,7 +24,7 @@
include Config
-VER = 2.6.3
+VER = 2.7.2
THISAPP = nut-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nut
-PAK_VER = 4
+PAK_VER = 5
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8db00c21f8bc03add6e14d15f634ec6a
+$(DL_FILE)_MD5 = c3568b42e058cfc385b46d25140dced4
install : $(TARGET)
diff --git a/lfs/openvpn b/lfs/openvpn
index 053d581..8c7c81a 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2013 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2014 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,10 +24,10 @@
include Config
-VER = 2.3.2
+VER = 2.3.4
THISAPP = openvpn-$(VER)
-DL_FILE = $(THISAPP).tar.gz
+DL_FILE = $(THISAPP).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 06e5f93dbf13f2c19647ca15ffc23ac1
+$(DL_FILE)_MD5 = 9b70be9fb45e407117c3c9b118e4ba22
install : $(TARGET)
@@ -69,7 +69,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure \
--prefix=/usr \
--sysconfdir=/var/ipfire/ovpn \
diff --git a/lfs/perl-Device-Modem b/lfs/perl-Device-Modem
new file mode 100644
index 0000000..f0609b9
--- /dev/null
+++ b/lfs/perl-Device-Modem
@@ -0,0 +1,77 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2014 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.56
+
+THISAPP = Device-Modem-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = a0ec45c3e313bea27ccb476d3b725955
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && perl Makefile.PL
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/perl-Device-SerialPort b/lfs/perl-Device-SerialPort
new file mode 100644
index 0000000..3eebc07
--- /dev/null
+++ b/lfs/perl-Device-SerialPort
@@ -0,0 +1,77 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2014 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.000002
+
+THISAPP = Device-SerialPort-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = f53db3733679adc5d05d06fa530444b6
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && perl Makefile.PL
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/ppp b/lfs/ppp
index 5d772fc..3c60938 100644
--- a/lfs/ppp
+++ b/lfs/ppp
@@ -24,7 +24,7 @@
include Config
-VER = 2.4.5
+VER = 2.4.6
THISAPP = ppp-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4621bc56167b6953ec4071043fe0ec57
+$(DL_FILE)_MD5 = 3434d2cc9327167a0723aaaa8670083b
install : $(TARGET)
@@ -73,16 +73,14 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h
-# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.2-pppoatm.patch
-# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.2-pppoatm-persist.patch
-# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.1-oedod.patch
-# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.2-pppoatm-modprobe.patch
-# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.2-signal.patch
-# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.2-printstats.patch
-# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.2-close.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h
cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
- cd $(DIR_APP) && make $(MAKETUNING) CC="gcc $(CFLAGS)"
+ cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)"
cd $(DIR_APP) && make install
cd $(DIR_APP) && make install-etcppp
touch /var/log/connect-errors
diff --git a/lfs/qemu b/lfs/qemu
index d68b97d..2fc0476 100644
--- a/lfs/qemu
+++ b/lfs/qemu
@@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
SUP_ARCH = i586
PROG = qemu
-PAK_VER = 13
+PAK_VER = 14
DEPS = "sdl"
diff --git a/lfs/snort b/lfs/snort
index 2d5d04a..45c17a8 100644
--- a/lfs/snort
+++ b/lfs/snort
@@ -24,7 +24,7 @@
include Config
-VER = 2.9.5.3
+VER = 2.9.6.1
THISAPP = snort-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f99465c0734a6173bfca899dcb72266b
+$(DL_FILE)_MD5 = d7c0f1ddb2e70b70acdaa4664abb5fb0
install : $(TARGET)
@@ -70,14 +70,26 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) $(DIR_SRC)/snort* && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls \
- --sysconfdir=/etc/snort --target=i586 \
- --enable-linux-smp-stats --enable-smb-alerts \
- --enable-gre --enable-mpls --enable-targetbased \
- --enable-decoder-preprocessor-rules --enable-ppm \
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --disable-nls \
+ --sysconfdir=/etc/snort \
+ --target=i586 \
+ --enable-linux-smp-stats \
+ --enable-smb-alerts \
+ --enable-gre --enable-mpls \
+ --enable-targetbased \
+ --enable-decoder-preprocessor-rules \
+ --enable-ppm \
--enable-non-ether-decoders \
- --enable-perfprofiling --enable-zlib --enable-active-response \
- --enable-normalizer --enable-reload --enable-react --enable-flexresp3
+ --enable-perfprofiling \
+ --enable-zlib \
+ --enable-active-response \
+ --enable-normalizer \
+ --enable-reload \
+ --enable-react \
+ --enable-flexresp3
+
cd $(DIR_APP) && make
cd $(DIR_APP) && make install
mv /usr/bin/snort /usr/sbin/
diff --git a/lfs/squid b/lfs/squid
index 3c5f6c5..1f1589d 100644
--- a/lfs/squid
+++ b/lfs/squid
@@ -24,7 +24,7 @@
include Config
-VER = 3.3.11
+VER = 3.4.5
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = dd016ff5f14b2548083b3882207914f6
+$(DL_FILE)_MD5 = a831efb36cfbaa419f8dc7a43cba72c9
install : $(TARGET)
@@ -53,6 +53,7 @@ md5 : $(subst %,%_MD5,$(objects))
###############################################################################
# Downloading, checking, md5sum
###############################################################################
+
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
@@ -116,7 +117,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
--enable-kill-parent-hack \
--disable-wccpv2 \
--enable-icap-client \
- --disable-esi
+ --disable-esi \
+ --enable-zph-qos
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
diff --git a/lfs/sslscan b/lfs/sslscan
new file mode 100644
index 0000000..a384db1
--- /dev/null
+++ b/lfs/sslscan
@@ -0,0 +1,83 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2014 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.10.2
+
+THISAPP = sslscan-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = sslscan
+PAK_VER = 1
+
+DEPS = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 41ecff92303cecfd00bf3c7de509af14
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && make $(MAKETUNING) CFLAGS="$(CFLAGS)"
+ cd $(DIR_APP) && make install PREFIX=/usr
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/vnstat b/lfs/vnstat
index 2e7b46c..b8c8b27 100644
--- a/lfs/vnstat
+++ b/lfs/vnstat
@@ -24,7 +24,7 @@
include Config
-VER = 1.6
+VER = 1.11
THISAPP = vnstat-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = ccaffe8e70d47e0cf2f25e52daa25712
+$(DL_FILE)_MD5 = a5a113f9176cd61fb954f2ba297f5fdb
install : $(TARGET)
@@ -73,7 +73,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && make $(MAKETUNING) LOCAL_CONFIGURE_OPTIONS="--enable-readline=yes"
+ cd $(DIR_APP) && make all $(MAKETUNING) LOCAL_CONFIGURE_OPTIONS="--enable-readline=yes"
cd $(DIR_APP) && make install
sed -i 's|eth0|green0|g' /etc/vnstat.conf
sed -i 's|/var/lib/vnstat|/var/log/rrd/vnstat|g' /etc/vnstat.conf
diff --git a/lfs/vnstati b/lfs/vnstati
deleted file mode 100644
index c7cd6ed..0000000
--- a/lfs/vnstati
+++ /dev/null
@@ -1,79 +0,0 @@
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-###############################################################################
-# Definitions
-###############################################################################
-
-include Config
-
-VER = beta3
-
-THISAPP = vnstati-$(VER)
-DL_FILE = $(THISAPP).tar.gz
-DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/$(THISAPP)
-TARGET = $(DIR_INFO)/$(THISAPP)
-
-###############################################################################
-# Top-level Rules
-###############################################################################
-
-objects = $(DL_FILE)
-
-$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-
-$(DL_FILE)_MD5 = 5652b955e16716cec48da464b083c76f
-
-install : $(TARGET)
-
-check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-
-download :$(patsubst %,$(DIR_DL)/%,$(objects))
-
-md5 : $(subst %,%_MD5,$(objects))
-
-dist:
- @$(PAK)
-
-###############################################################################
-# Downloading, checking, md5sum
-###############################################################################
-
-$(patsubst %,$(DIR_CHK)/%,$(objects)) :
- @$(CHECK)
-
-$(patsubst %,$(DIR_DL)/%,$(objects)) :
- @$(LOAD)
-
-$(subst %,%_MD5,$(objects)) :
- @$(MD5)
-
-###############################################################################
-# Installation Details
-###############################################################################
-
-$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
- @$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && make $(MAKETUNING) LOCAL_CONFIGURE_OPTIONS="--enable-readline=yes"
- cd $(DIR_APP) && make install
- @rm -rf $(DIR_APP)
- @$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 1d85794..398c91c 100755
--- a/make.sh
+++ b/make.sh
@@ -25,8 +25,8 @@
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.15" # Version number
-CORE="77" # Core Level (Filename)
-PAKFIRE_CORE="77" # Core Level (PAKFIRE)
+CORE="78" # Core Level (Filename)
+PAKFIRE_CORE="78" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
@@ -514,6 +514,8 @@ buildipfire() {
ipfiremake perl-GD
ipfiremake GD-Graph
ipfiremake GD-TextUtil
+ ipfiremake perl-Device-SerialPort
+ ipfiremake perl-Device-Modem
ipfiremake gnupg
ipfiremake hdparm
ipfiremake sdparm
@@ -689,7 +691,6 @@ buildipfire() {
ipfiremake git
ipfiremake squidclamav
ipfiremake vnstat
- ipfiremake vnstati
ipfiremake iw
ipfiremake wpa_supplicant
ipfiremake hostapd
@@ -796,6 +797,7 @@ buildipfire() {
ipfiremake iptraf-ng
ipfiremake iotop
ipfiremake stunnel
+ ipfiremake sslscan
}
buildinstaller() {
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 8371781..7a18502 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -120,10 +120,10 @@ iptables_init() {
iptables -N IPTVFORWARD
iptables -A FORWARD -j IPTVFORWARD
- # filtering from GUI
- iptables -N GUIINPUT
- iptables -A INPUT -j GUIINPUT
- iptables -A GUIINPUT -p icmp --icmp-type 8 -j ACCEPT
+ # Allow to ping the firewall.
+ iptables -N ICMPINPUT
+ iptables -A INPUT -j ICMPINPUT
+ iptables -A ICMPINPUT -p icmp --icmp-type 8 -j ACCEPT
# Accept everything on loopback
iptables -N LOOPBACK
@@ -179,7 +179,10 @@ iptables_init() {
iptables -t nat -A POSTROUTING -j IPSECNAT
# localhost and ethernet.
- iptables -A INPUT -i $GREEN_DEV -m conntrack --ctstate NEW -j ACCEPT ! -p icmp
+ # Always allow accessing the web GUI from GREEN.
+ iptables -N GUIINPUT
+ iptables -A INPUT -j GUIINPUT
+ iptables -A GUIINPUT -i "${GREEN_DEV}" -p tcp --dport 444 -j ACCEPT
# WIRELESS chains
iptables -N WIRELESSINPUT
diff --git a/src/initscripts/init.d/nut b/src/initscripts/init.d/nut
index 8aba4ff..9b4623e 100644
--- a/src/initscripts/init.d/nut
+++ b/src/initscripts/init.d/nut
@@ -35,7 +35,7 @@ if [ "x$MODE" = "xnone" ] ; then
fi
upsd=/usr/sbin/upsd
-upsdrvctl=/usr/bin/upsdrvctl
+upsdrvctl=/usr/sbin/upsdrvctl
upsmon=/usr/sbin/upsmon
log=">/dev/null 2>/dev/null"
diff --git a/src/install+setup/install/main.c b/src/install+setup/install/main.c
index e61f94d..db7a6cc 100644
--- a/src/install+setup/install/main.c
+++ b/src/install+setup/install/main.c
@@ -321,10 +321,10 @@ int main(int argc, char *argv[])
swap_file = memory / 4;
/* Calculating Root-Size dependend of Max Disk Space */
- if ( disk < 756 )
- root_partition = 200;
- else if ( disk >= 756 && disk <= 3072 )
- root_partition = 512;
+ if ( disk < 2048 )
+ root_partition = 1024;
+ else if ( disk >= 2048 && disk <= 3072 )
+ root_partition = 1536;
else
root_partition = 2048;
diff --git a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch b/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
new file mode 100644
index 0000000..4a43d44
--- /dev/null
+++ b/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
@@ -0,0 +1,121 @@
+From d729b06f0ac7a5ebd3648ef60bef0499b59bf82d Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta(a)redhat.com>
+Date: Fri, 4 Apr 2014 11:29:39 +0200
+Subject: [PATCH 03/25] build-sys: utilize compiler flags handed to us by
+ rpmbuild
+
+---
+ chat/Makefile.linux | 2 +-
+ pppd/Makefile.linux | 3 +--
+ pppd/plugins/Makefile.linux | 2 +-
+ pppd/plugins/pppoatm/Makefile.linux | 2 +-
+ pppd/plugins/radius/Makefile.linux | 2 +-
+ pppd/plugins/rp-pppoe/Makefile.linux | 2 +-
+ pppdump/Makefile.linux | 2 +-
+ pppstats/Makefile.linux | 2 +-
+ 8 files changed, 8 insertions(+), 9 deletions(-)
+
+diff --git a/chat/Makefile.linux b/chat/Makefile.linux
+index 1065ac5..848cd8d 100644
+--- a/chat/Makefile.linux
++++ b/chat/Makefile.linux
+@@ -10,7 +10,7 @@ CDEF3= -UNO_SLEEP # Use the usleep function
+ CDEF4= -DFNDELAY=O_NDELAY # Old name value
+ CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4)
+
+-COPTS= -O2 -g -pipe
++COPTS= $(RPM_OPT_FLAGS)
+ CFLAGS= $(COPTS) $(CDEFS)
+
+ INSTALL= install
+diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
+index 5a44d30..63872eb 100644
+--- a/pppd/Makefile.linux
++++ b/pppd/Makefile.linux
+@@ -32,8 +32,7 @@ endif
+
+ CC = gcc
+ #
+-COPTS = -O2 -pipe -Wall -g
+-LIBS =
++COPTS = -Wall $(RPM_OPT_FLAGS)
+
+ # Uncomment the next 2 lines to include support for Microsoft's
+ # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
+diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
+index 0a7ec7b..e09a369 100644
+--- a/pppd/plugins/Makefile.linux
++++ b/pppd/plugins/Makefile.linux
+@@ -1,5 +1,5 @@
+ #CC = gcc
+-COPTS = -O2 -g
++COPTS = $(RPM_OPT_FLAGS)
+ CFLAGS = $(COPTS) -I.. -I../../include -fPIC
+ LDFLAGS = -shared
+ INSTALL = install
+diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
+index 20f62e6..5a81447 100644
+--- a/pppd/plugins/pppoatm/Makefile.linux
++++ b/pppd/plugins/pppoatm/Makefile.linux
+@@ -1,5 +1,5 @@
+ #CC = gcc
+-COPTS = -O2 -g
++COPTS = $(RPM_OPT_FLAGS)
+ CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
+ LDFLAGS = -shared
+ INSTALL = install
+diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
+index 24ed3e5..45b3b8d 100644
+--- a/pppd/plugins/radius/Makefile.linux
++++ b/pppd/plugins/radius/Makefile.linux
+@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
+ INSTALL = install
+
+ PLUGIN=radius.so radattr.so radrealms.so
+-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
++CFLAGS=-I. -I../.. -I../../../include $(RPM_OPT_FLAGS) -DRC_LOG_FACILITY=LOG_DAEMON
+
+ # Uncomment the next line to include support for Microsoft's
+ # MS-CHAP authentication protocol.
+diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
+index 5d7a271..352991a 100644
+--- a/pppd/plugins/rp-pppoe/Makefile.linux
++++ b/pppd/plugins/rp-pppoe/Makefile.linux
+@@ -25,7 +25,7 @@ INSTALL = install
+ # Version is set ONLY IN THE MAKEFILE! Don't delete this!
+ RP_VERSION=3.8p
+
+-COPTS=-O2 -g
++COPTS=$(RPM_OPT_FLAGS)
+ CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
+ all: rp-pppoe.so pppoe-discovery
+
+diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
+index ac028f6..d0a5032 100644
+--- a/pppdump/Makefile.linux
++++ b/pppdump/Makefile.linux
+@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
+ BINDIR = $(DESTDIR)/sbin
+ MANDIR = $(DESTDIR)/share/man/man8
+
+-CFLAGS= -O -I../include/net
++CFLAGS= $(RPM_OPT_FLAGS) -I../include/net
+ OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
+
+ INSTALL= install
+diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
+index cca6f0f..42aba73 100644
+--- a/pppstats/Makefile.linux
++++ b/pppstats/Makefile.linux
+@@ -10,7 +10,7 @@ PPPSTATSRCS = pppstats.c
+ PPPSTATOBJS = pppstats.o
+
+ #CC = gcc
+-COPTS = -O
++COPTS = $(RPM_OPT_FLAGS)
+ COMPILE_FLAGS = -I../include
+ LIBS =
+
+--
+1.8.3.1
+
diff --git a/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch b/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch
new file mode 100644
index 0000000..90bb2d1
--- /dev/null
+++ b/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch
@@ -0,0 +1,143 @@
+From 82cd789df0f022eb6f3d28646e7a61d1d0715805 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta(a)redhat.com>
+Date: Mon, 7 Apr 2014 12:23:36 +0200
+Subject: [PATCH 12/25] pppd: we don't want to accidentally leak fds
+
+---
+ pppd/auth.c | 20 ++++++++++----------
+ pppd/options.c | 2 +-
+ pppd/sys-linux.c | 4 ++--
+ 3 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/pppd/auth.c b/pppd/auth.c
+index 4271af6..9e957fa 100644
+--- a/pppd/auth.c
++++ b/pppd/auth.c
+@@ -428,7 +428,7 @@ setupapfile(argv)
+ option_error("unable to reset uid before opening %s: %m", fname);
+ return 0;
+ }
+- ufile = fopen(fname, "r");
++ ufile = fopen(fname, "re");
+ if (seteuid(euid) == -1)
+ fatal("unable to regain privileges: %m");
+ if (ufile == NULL) {
+@@ -1413,7 +1413,7 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg)
+ filename = _PATH_UPAPFILE;
+ addrs = opts = NULL;
+ ret = UPAP_AUTHNAK;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL) {
+ error("Can't open PAP password file %s: %m", filename);
+
+@@ -1512,7 +1512,7 @@ null_login(unit)
+ if (ret <= 0) {
+ filename = _PATH_UPAPFILE;
+ addrs = NULL;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+ check_access(f, filename);
+@@ -1559,7 +1559,7 @@ get_pap_passwd(passwd)
+ }
+
+ filename = _PATH_UPAPFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+ check_access(f, filename);
+@@ -1597,7 +1597,7 @@ have_pap_secret(lacks_ipp)
+ }
+
+ filename = _PATH_UPAPFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -1642,7 +1642,7 @@ have_chap_secret(client, server, need_ip, lacks_ipp)
+ }
+
+ filename = _PATH_CHAPFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -1684,7 +1684,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp)
+ struct wordlist *addrs;
+
+ filename = _PATH_SRPFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -1740,7 +1740,7 @@ get_secret(unit, client, server, secret, secret_len, am_server)
+ addrs = NULL;
+ secbuf[0] = 0;
+
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL) {
+ error("Can't open chap secret file %s: %m", filename);
+ return 0;
+@@ -1797,7 +1797,7 @@ get_srp_secret(unit, client, server, secret, am_server)
+ filename = _PATH_SRPFILE;
+ addrs = NULL;
+
+- fp = fopen(filename, "r");
++ fp = fopen(filename, "re");
+ if (fp == NULL) {
+ error("Can't open srp secret file %s: %m", filename);
+ return 0;
+@@ -2203,7 +2203,7 @@ scan_authfile(f, client, server, secret, addrs, opts, filename, flags)
+ */
+ if (word[0] == '@' && word[1] == '/') {
+ strlcpy(atfile, word+1, sizeof(atfile));
+- if ((sf = fopen(atfile, "r")) == NULL) {
++ if ((sf = fopen(atfile, "re")) == NULL) {
+ warn("can't open indirect secret file %s", atfile);
+ continue;
+ }
+diff --git a/pppd/options.c b/pppd/options.c
+index 45fa742..1d754ae 100644
+--- a/pppd/options.c
++++ b/pppd/options.c
+@@ -427,7 +427,7 @@ options_from_file(filename, must_exist, check_prot, priv)
+ option_error("unable to drop privileges to open %s: %m", filename);
+ return 0;
+ }
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ err = errno;
+ if (check_prot && seteuid(euid) == -1)
+ fatal("unable to regain privileges");
+diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
+index 72a7727..8a12fa0 100644
+--- a/pppd/sys-linux.c
++++ b/pppd/sys-linux.c
+@@ -1412,7 +1412,7 @@ static char *path_to_procfs(const char *tail)
+ /* Default the mount location of /proc */
+ strlcpy (proc_path, "/proc", sizeof(proc_path));
+ proc_path_len = 5;
+- fp = fopen(MOUNTED, "r");
++ fp = fopen(MOUNTED, "re");
+ if (fp != NULL) {
+ while ((mntent = getmntent(fp)) != NULL) {
+ if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0)
+@@ -1472,7 +1472,7 @@ static int open_route_table (void)
+ close_route_table();
+
+ path = path_to_procfs("/net/route");
+- route_fd = fopen (path, "r");
++ route_fd = fopen (path, "re");
+ if (route_fd == NULL) {
+ error("can't open routing table %s: %m", path);
+ return 0;
+--
+1.8.3.1
+
diff --git a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
new file mode 100644
index 0000000..e3608a0
--- /dev/null
+++ b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
@@ -0,0 +1,241 @@
+From 302c1b736cb656c7885a0cba270fd953a672d8a8 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta(a)redhat.com>
+Date: Mon, 7 Apr 2014 13:56:34 +0200
+Subject: [PATCH 13/25] everywhere: O_CLOEXEC harder
+
+---
+ pppd/eap.c | 2 +-
+ pppd/main.c | 4 ++--
+ pppd/options.c | 4 ++--
+ pppd/sys-linux.c | 22 +++++++++++-----------
+ pppd/tdb.c | 4 ++--
+ pppd/tty.c | 4 ++--
+ pppd/utils.c | 6 +++---
+ 7 files changed, 23 insertions(+), 23 deletions(-)
+
+diff --git a/pppd/eap.c b/pppd/eap.c
+index 6ea6c1f..faced53 100644
+--- a/pppd/eap.c
++++ b/pppd/eap.c
+@@ -1226,7 +1226,7 @@ mode_t modebits;
+
+ if ((path = name_of_pn_file()) == NULL)
+ return (-1);
+- fd = open(path, modebits, S_IRUSR | S_IWUSR);
++ fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC);
+ err = errno;
+ free(path);
+ errno = err;
+diff --git a/pppd/main.c b/pppd/main.c
+index 6d50d1b..4880377 100644
+--- a/pppd/main.c
++++ b/pppd/main.c
+@@ -420,7 +420,7 @@ main(argc, argv)
+ die(0);
+
+ /* Make sure fds 0, 1, 2 are open to somewhere. */
+- fd_devnull = open(_PATH_DEVNULL, O_RDWR);
++ fd_devnull = open(_PATH_DEVNULL, O_RDWR | O_CLOEXEC);
+ if (fd_devnull < 0)
+ fatal("Couldn't open %s: %m", _PATH_DEVNULL);
+ while (fd_devnull <= 2) {
+@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait)
+ if (log_to_fd >= 0)
+ errfd = log_to_fd;
+ else
+- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600);
++ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0600);
+
+ ++conn_running;
+ pid = safe_fork(in, out, errfd);
+diff --git a/pppd/options.c b/pppd/options.c
+index 1d754ae..8e62635 100644
+--- a/pppd/options.c
++++ b/pppd/options.c
+@@ -1544,9 +1544,9 @@ setlogfile(argv)
+ option_error("unable to drop permissions to open %s: %m", *argv);
+ return 0;
+ }
+- fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
++ fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644);
+ if (fd < 0 && errno == EEXIST)
+- fd = open(*argv, O_WRONLY | O_APPEND);
++ fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC);
+ err = errno;
+ if (!privileged_option && seteuid(euid) == -1)
+ fatal("unable to regain privileges: %m");
+diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
+index 8a12fa0..00a2cf5 100644
+--- a/pppd/sys-linux.c
++++ b/pppd/sys-linux.c
+@@ -459,7 +459,7 @@ int generic_establish_ppp (int fd)
+ goto err;
+ }
+ dbglog("using channel %d", chindex);
+- fd = open("/dev/ppp", O_RDWR);
++ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ if (fd < 0) {
+ error("Couldn't reopen /dev/ppp: %m");
+ goto err;
+@@ -619,7 +619,7 @@ static int make_ppp_unit()
+ dbglog("in make_ppp_unit, already had /dev/ppp open?");
+ close(ppp_dev_fd);
+ }
+- ppp_dev_fd = open("/dev/ppp", O_RDWR);
++ ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ if (ppp_dev_fd < 0)
+ fatal("Couldn't open /dev/ppp: %m");
+ flags = fcntl(ppp_dev_fd, F_GETFL);
+@@ -693,7 +693,7 @@ int bundle_attach(int ifnum)
+ if (!new_style_driver)
+ return -1;
+
+- master_fd = open("/dev/ppp", O_RDWR);
++ master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ if (master_fd < 0)
+ fatal("Couldn't open /dev/ppp: %m");
+ if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) {
+@@ -1715,7 +1715,7 @@ int sifproxyarp (int unit, u_int32_t his_adr)
+ if (tune_kernel) {
+ forw_path = path_to_procfs("/sys/net/ipv4/ip_forward");
+ if (forw_path != 0) {
+- int fd = open(forw_path, O_WRONLY);
++ int fd = open(forw_path, O_WRONLY | O_CLOEXEC);
+ if (fd >= 0) {
+ if (write(fd, "1", 1) != 1)
+ error("Couldn't enable IP forwarding: %m");
+@@ -2030,7 +2030,7 @@ int ppp_available(void)
+ sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch);
+ kernel_version = KVERSION(osmaj, osmin, ospatch);
+
+- fd = open("/dev/ppp", O_RDWR);
++ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ if (fd >= 0) {
+ new_style_driver = 1;
+
+@@ -2208,7 +2208,7 @@ void logwtmp (const char *line, const char *name, const char *host)
+ #if __GLIBC__ >= 2
+ updwtmp(_PATH_WTMP, &ut);
+ #else
+- wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY);
++ wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC);
+ if (wtmp >= 0) {
+ flock(wtmp, LOCK_EX);
+
+@@ -2394,7 +2394,7 @@ int sifaddr (int unit, u_int32_t our_adr, u_int32_t his_adr,
+ int fd;
+
+ path = path_to_procfs("/sys/net/ipv4/ip_dynaddr");
+- if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) {
++ if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) {
+ if (write(fd, "1", 1) != 1)
+ error("Couldn't enable dynamic IP addressing: %m");
+ close(fd);
+@@ -2570,7 +2570,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
+ /*
+ * Try the unix98 way first.
+ */
+- mfd = open("/dev/ptmx", O_RDWR);
++ mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC);
+ if (mfd >= 0) {
+ int ptn;
+ if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
+@@ -2581,7 +2581,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
+ if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0)
+ warn("Couldn't unlock pty slave %s: %m", pty_name);
+ #endif
+- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
++ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
+ warn("Couldn't open pty slave %s: %m", pty_name);
+ }
+ }
+@@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
+ for (i = 0; i < 64; ++i) {
+ slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
+ 'p' + i / 16, i % 16);
+- mfd = open(pty_name, O_RDWR, 0);
++ mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0);
+ if (mfd >= 0) {
+ pty_name[5] = 't';
+- sfd = open(pty_name, O_RDWR | O_NOCTTY, 0);
++ sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0);
+ if (sfd >= 0) {
+ fchown(sfd, uid, -1);
+ fchmod(sfd, S_IRUSR | S_IWUSR);
+diff --git a/pppd/tdb.c b/pppd/tdb.c
+index bdc5828..c7ab71c 100644
+--- a/pppd/tdb.c
++++ b/pppd/tdb.c
+@@ -1724,7 +1724,7 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
+ goto internal;
+ }
+
+- if ((tdb->fd = open(name, open_flags, mode)) == -1) {
++ if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) {
+ TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
+ name, strerror(errno)));
+ goto fail; /* errno set by open(2) */
+@@ -1967,7 +1967,7 @@ int tdb_reopen(TDB_CONTEXT *tdb)
+ }
+ if (close(tdb->fd) != 0)
+ TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n"));
+- tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0);
++ tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0);
+ if (tdb->fd == -1) {
+ TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno)));
+ goto fail;
+diff --git a/pppd/tty.c b/pppd/tty.c
+index d571b11..bc96695 100644
+--- a/pppd/tty.c
++++ b/pppd/tty.c
+@@ -569,7 +569,7 @@ int connect_tty()
+ status = EXIT_OPEN_FAILED;
+ goto errret;
+ }
+- real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
++ real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0);
+ err = errno;
+ if (prio < OPRIO_ROOT && seteuid(0) == -1)
+ fatal("Unable to regain privileges");
+@@ -723,7 +723,7 @@ int connect_tty()
+ if (connector == NULL && modem && devnam[0] != 0) {
+ int i;
+ for (;;) {
+- if ((i = open(devnam, O_RDWR)) >= 0)
++ if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0)
+ break;
+ if (errno != EINTR) {
+ error("Failed to reopen %s: %m", devnam);
+diff --git a/pppd/utils.c b/pppd/utils.c
+index 29bf970..6051b9a 100644
+--- a/pppd/utils.c
++++ b/pppd/utils.c
+@@ -918,14 +918,14 @@ lock(dev)
+ slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev);
+ #endif
+
+- while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
++ while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) {
+ if (errno != EEXIST) {
+ error("Can't create lock file %s: %m", lock_file);
+ break;
+ }
+
+ /* Read the lock file to find out who has the device locked. */
+- fd = open(lock_file, O_RDONLY, 0);
++ fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0);
+ if (fd < 0) {
+ if (errno == ENOENT) /* This is just a timing problem. */
+ continue;
+@@ -1004,7 +1004,7 @@ relock(pid)
+
+ if (lock_file[0] == 0)
+ return -1;
+- fd = open(lock_file, O_WRONLY, 0);
++ fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0);
+ if (fd < 0) {
+ error("Couldn't reopen lock file %s: %m", lock_file);
+ lock_file[0] = 0;
+--
+1.8.3.1
+
diff --git a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
new file mode 100644
index 0000000..3475f09
--- /dev/null
+++ b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
@@ -0,0 +1,174 @@
+From 2a97ab28ee00586e5f06b3ef3a0e43ea0c7c6499 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta(a)redhat.com>
+Date: Mon, 7 Apr 2014 14:21:41 +0200
+Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket
+
+---
+ pppd/plugins/pppoatm/pppoatm.c | 2 +-
+ pppd/plugins/pppol2tp/openl2tp.c | 2 +-
+ pppd/plugins/pppol2tp/pppol2tp.c | 2 +-
+ pppd/plugins/rp-pppoe/if.c | 2 +-
+ pppd/plugins/rp-pppoe/plugin.c | 6 +++---
+ pppd/plugins/rp-pppoe/pppoe-discovery.c | 2 +-
+ pppd/sys-linux.c | 10 +++++-----
+ pppd/tty.c | 2 +-
+ 8 files changed, 14 insertions(+), 14 deletions(-)
+
+diff --git a/pppd/plugins/pppoatm/pppoatm.c b/pppd/plugins/pppoatm/pppoatm.c
+index d693350..c31bb34 100644
+--- a/pppd/plugins/pppoatm/pppoatm.c
++++ b/pppd/plugins/pppoatm/pppoatm.c
+@@ -135,7 +135,7 @@ static int connect_pppoatm(void)
+
+ if (!device_got_set)
+ no_device_given_pppoatm();
+- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0);
++ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (fd < 0)
+ fatal("failed to create socket: %m");
+ memset(&qos, 0, sizeof qos);
+diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c
+index 9643b96..1099575 100644
+--- a/pppd/plugins/pppol2tp/openl2tp.c
++++ b/pppd/plugins/pppol2tp/openl2tp.c
+@@ -83,7 +83,7 @@ static int openl2tp_client_create(void)
+ int result;
+
+ if (openl2tp_fd < 0) {
+- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0);
++ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (openl2tp_fd < 0) {
+ error("openl2tp connection create: %m");
+ return -ENOTCONN;
+diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c
+index a7e3400..e64a778 100644
+--- a/pppd/plugins/pppol2tp/pppol2tp.c
++++ b/pppd/plugins/pppol2tp/pppol2tp.c
+@@ -208,7 +208,7 @@ static void send_config_pppol2tp(int mtu,
+ struct ifreq ifr;
+ int fd;
+
+- fd = socket(AF_INET, SOCK_DGRAM, 0);
++ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (fd >= 0) {
+ memset (&ifr, '\0', sizeof (ifr));
+ strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
+diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c
+index 91e9a57..72aba41 100644
+--- a/pppd/plugins/rp-pppoe/if.c
++++ b/pppd/plugins/rp-pppoe/if.c
+@@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
+ stype = SOCK_PACKET;
+ #endif
+
+- if ((fd = socket(domain, stype, htons(type))) < 0) {
++ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
+ /* Give a more helpful message for the common error case */
+ if (errno == EPERM) {
+ fatal("Cannot create raw socket -- pppoe must be run as root.");
+diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c
+index a8c2bb4..24bdf8f 100644
+--- a/pppd/plugins/rp-pppoe/plugin.c
++++ b/pppd/plugins/rp-pppoe/plugin.c
+@@ -137,7 +137,7 @@ PPPOEConnectDevice(void)
+ /* server equipment). */
+ /* Opening this socket just before waitForPADS in the discovery() */
+ /* function would be more appropriate, but it would mess-up the code */
+- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE);
++ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE);
+ if (conn->sessionSocket < 0) {
+ error("Failed to create PPPoE socket: %m");
+ return -1;
+@@ -148,7 +148,7 @@ PPPOEConnectDevice(void)
+ lcp_wantoptions[0].mru = conn->mru;
+
+ /* Update maximum MRU */
+- s = socket(AF_INET, SOCK_DGRAM, 0);
++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (s < 0) {
+ error("Can't get MTU for %s: %m", conn->ifName);
+ goto errout;
+@@ -320,7 +320,7 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit)
+ }
+
+ /* Open a socket */
+- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) {
++ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) {
+ r = 0;
+ }
+
+diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
+index 3d3bf4e..c0d927d 100644
+--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
++++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
+@@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
+ stype = SOCK_PACKET;
+ #endif
+
+- if ((fd = socket(domain, stype, htons(type))) < 0) {
++ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
+ /* Give a more helpful message for the common error case */
+ if (errno == EPERM) {
+ rp_fatal("Cannot create raw socket -- pppoe must be run as root.");
+diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
+index 00a2cf5..0690019 100644
+--- a/pppd/sys-linux.c
++++ b/pppd/sys-linux.c
+@@ -308,12 +308,12 @@ static int modify_flags(int fd, int clear_bits, int set_bits)
+ void sys_init(void)
+ {
+ /* Get an internet socket for doing socket ioctls. */
+- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock_fd < 0)
+ fatal("Couldn't create IP socket: %m(%d)", errno);
+
+ #ifdef INET6
+- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0);
++ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock6_fd < 0)
+ sock6_fd = -errno; /* save errno for later */
+ #endif
+@@ -1857,7 +1857,7 @@ get_if_hwaddr(u_char *addr, char *name)
+ struct ifreq ifreq;
+ int ret, sock_fd;
+
+- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock_fd < 0)
+ return 0;
+ memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
+@@ -2067,7 +2067,7 @@ int ppp_available(void)
+ /*
+ * Open a socket for doing the ioctl operations.
+ */
+- s = socket(AF_INET, SOCK_DGRAM, 0);
++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (s < 0)
+ return 0;
+
+@@ -2860,7 +2860,7 @@ ether_to_eui64(eui64_t *p_eui64)
+ int skfd;
+ const unsigned char *ptr;
+
+- skfd = socket(PF_INET6, SOCK_DGRAM, 0);
++ skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if(skfd == -1)
+ {
+ warn("could not open IPv6 socket");
+diff --git a/pppd/tty.c b/pppd/tty.c
+index bc96695..8e76a5d 100644
+--- a/pppd/tty.c
++++ b/pppd/tty.c
+@@ -896,7 +896,7 @@ open_socket(dest)
+ *sep = ':';
+
+ /* get a socket and connect it to the other end */
+- sock = socket(PF_INET, SOCK_STREAM, 0);
++ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
+ if (sock < 0) {
+ error("Can't create socket: %m");
+ return -1;
+--
+1.8.3.1
+
diff --git a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
new file mode 100644
index 0000000..b09a9b5
--- /dev/null
+++ b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
@@ -0,0 +1,13 @@
+diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
+index 9ab2eee..86762bd 100644
+--- a/pppd/plugins/rp-pppoe/pppoe.h
++++ b/pppd/plugins/rp-pppoe/pppoe.h
+@@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session;
+ #define STATE_TERMINATED 4
+
+ /* How many PADI/PADS attempts? */
+-#define MAX_PADI_ATTEMPTS 3
++#define MAX_PADI_ATTEMPTS 12
+
+ /* Initial timeout for PADO/PADS */
+ #define PADI_TIMEOUT 5
diff --git a/src/scripts/backupiso b/src/scripts/backupiso
index dab1d6d..a340d6f 100644
--- a/src/scripts/backupiso
+++ b/src/scripts/backupiso
@@ -60,6 +60,7 @@ echo "Running mkisofs"
mkisofs -J -r -V "ipfire backup ${TS}" \
-b boot/isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table \
-c boot/isolinux/boot.catalog backupiso.${TS} > $(basename ${ISO} .iso)-${TS}.iso
+isohybrid $(basename ${ISO} .iso)-${TS}.iso
echo "Cleaning up"
rm -rf backupiso.${TS}
diff --git a/src/scripts/setddns.pl b/src/scripts/setddns.pl
index f97e750..5e77fce 100644
--- a/src/scripts/setddns.pl
+++ b/src/scripts/setddns.pl
@@ -51,7 +51,7 @@ if ($ip eq "unavailable") {
exit(0);
}
-&General::log("Dynamic DNS public router IP is: $ip");
+#&General::log("Dynamic DNS public router IP is: $ip");
if ($ARGV[0] eq '-f') {
unlink ($cachefile); # next regular calls will try again if this force update fails.
@@ -400,6 +400,41 @@ if ($ip ne $ipcache) {
&General::log("Dynamic DNS ip-update for $settings{'HOSTNAME'}.$settings{'DOMAIN'} : failure (could not connect to server)");
}
}
+ elsif ($settings{'SERVICE'} eq 'spdns.de') {
+ # use proxy ?
+ my %proxysettings;
+ &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
+ if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
+ my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
+ Net::SSLeay::set_proxy($peer,$peerport,$proxysettings{'UPSTREAM_USER'},$proxysettings{'UPSTREAM_PASSWORD'} );
+ }
+
+ if ($settings{'HOSTNAME'} eq '') {
+ $settings{'HOSTDOMAIN'} = $settings{'DOMAIN'};
+ } else {
+ $settings{'HOSTDOMAIN'} = "$settings{'HOSTNAME'}.$settings{'DOMAIN'}";
+ }
+
+ my ($out, $response) = Net::SSLeay::get_https( 'update.spdns.de', 443,
+ "/nic/update?&hostname=$settings{'HOSTDOMAIN'}&myip=$ip",
+ Net::SSLeay::make_headers('User-Agent' => 'IPFire' ,
+ 'Authorization' => 'Basic ' . encode_base64("$settings{'LOGIN'}:$settings{'PASSWORD'}"))
+ );
+
+ #Valid responses from service are:
+ # good xxx.xxx.xxx.xxx
+ # nochg xxx.xxx.xxx.xxx
+ if ($response =~ m%HTTP/1\.. 200 OK%) {
+ if ($out !~ m/good |nochg /ig) {
+ &General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : failure ($out)");
+ } else {
+ &General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : success");
+ $success++;
+ }
+ } else {
+ &General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : failure (could not connect to server)");
+ }
+ }
elsif ($settings{'SERVICE'} eq 'strato') {
# use proxy ?
my %proxysettings;
@@ -616,7 +651,7 @@ if ($ip ne $ipcache) {
&General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : failure (could not connect to server)");
}
}
- elsif ($settings{'SERVICE'} eq 'udmedia.de') {
+ elsif ($settings{'SERVICE'} eq 'udmedia') {
# use proxy ?
my %proxysettings;
&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
@@ -650,6 +685,73 @@ if ($ip ne $ipcache) {
&General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : failure (could not connect to server, check your credentials---$out-$response--)");
}
}
+ elsif ($settings{'SERVICE'} eq 'twodns') {
+ # use proxy ?
+ my %proxysettings;
+ &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
+ if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
+ my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
+ Net::SSLeay::set_proxy($peer,$peerport,$proxysettings{'UPSTREAM_USER'},$proxysettings{'UPSTREAM_PASSWORD'} );
+ }
+
+ if ($settings{'HOSTNAME'} eq '') {
+ $settings{'HOSTDOMAIN'} = $settings{'DOMAIN'};
+ } else {
+ $settings{'HOSTDOMAIN'} = "$settings{'HOSTNAME'}.$settings{'DOMAIN'}";
+ }
+
+ my ($out, $response) = Net::SSLeay::get_https( 'update.twodns.de',
+ 443,
+ "/update?hostname=$settings{'HOSTDOMAIN'}&ip=$ip",
+ Net::SSLeay::make_headers('User-Agent' => 'IPFire',
+ 'Authorization' => 'Basic ' . encode_base64("$settings{'LOGIN'}:$settings{'PASSWORD'}")) );
+
+ # Valid response are 'ok' 'nochange'
+ if ($response =~ m%HTTP/1\.. 200 OK%) {
+ if ( $out !~ m/^(good|nochg)/ ) {
+ $out =~ s/\n/ /g;
+ &General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : failure ($out)");
+ } else {
+ &General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : success");
+ $success++;
+ }
+ } else {
+ &General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : failure (could not connect to server, check your credentials---$out-$response--)");
+ }
+ }
+ elsif ($settings{'SERVICE'} eq 'variomedia') {
+ # use proxy ?
+ my %proxysettings;
+ &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
+ if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
+ my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
+ Net::SSLeay::set_proxy($peer,$peerport,$proxysettings{'UPSTREAM_USER'},$proxysettings{'UPSTREAM_PASSWORD'} );
+ }
+
+ if ($settings{'HOSTNAME'} eq '') {
+ $settings{'HOSTDOMAIN'} = $settings{'DOMAIN'};
+ } else {
+ $settings{'HOSTDOMAIN'} = "$settings{'HOSTNAME'}.$settings{'DOMAIN'}";
+ }
+
+ my ($out, $response) = Net::SSLeay::get_https( 'dyndns.variomedia.de',
+ 443,
+ "/nic/update?hostname=$settings{'HOSTDOMAIN'}&myip=$ip",
+ Net::SSLeay::make_headers('User-Agent' => 'IPFire',
+ 'Authorization' => 'Basic ' . encode_base64("$settings{'LOGIN'}:$settings{'PASSWORD'}")) );
+
+ # Valid response is 'good $ip'
+ if ($response =~ m%HTTP/1\.. 200 OK%) {
+ if ( $out !~ m/^good $ip/ ) {
+ &General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} ($ip) : failure ($out)");
+ } else {
+ &General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} ($ip) : success");
+ $success++;
+ }
+ } else {
+ &General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : failure (could not connect to server, check your credentials---$out-$response--)");
+ }
+ }
else {
if ($settings{'WILDCARDS'} eq 'on') {
$settings{'WILDCARDS'} = '-w';
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-05-25 22:10 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-05-25 22:10 [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 05a48c2b2a09e8a5c67276dd2c372d4fbc023017 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox