* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 1fab4edfa690b410a255b9dd1d896178512e03d5
@ 2017-04-20 12:05 git
0 siblings, 0 replies; only message in thread
From: git @ 2017-04-20 12:05 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 20412 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 1fab4edfa690b410a255b9dd1d896178512e03d5 (commit)
via c94d1976d3bf2fd760834a0093eeb286a90c8fdd (commit)
via 2c2cf3918bee850ede133562ae1c42bf8c73ef68 (commit)
from 1e645047b23939036c5aa4c86c0709c8b128a906 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1fab4edfa690b410a255b9dd1d896178512e03d5
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 20 13:00:42 2017 +0100
IPsec: Show status in WUI when VPN is connecting
This is helpful when debugging on-demand connections
when you can see if strongswan tries to connect or is
still idle.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c94d1976d3bf2fd760834a0093eeb286a90c8fdd
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 20 12:53:53 2017 +0100
IPsec: Mark MODP<=1024 and MD5 as broken and SHA1 as weak
Since we somehow have to support these algorithms this patch
adds some information for the user that it is very strongly
discouraged to use them in production.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2c2cf3918bee850ede133562ae1c42bf8c73ef68
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 20 12:44:27 2017 +0100
IPsec: Allow using MODP-768 in proposal
MODP-768 is broken but some systems out there (for example old
Cisco ASAs) do not support anything better. Hence it is better
to allow this instead of using no VPN at all.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
doc/language_issues.es | 3 +++
doc/language_issues.fr | 3 +++
doc/language_issues.it | 3 +++
doc/language_issues.nl | 3 +++
doc/language_issues.pl | 3 +++
doc/language_issues.ru | 3 +++
doc/language_issues.tr | 3 +++
doc/language_missings | 12 ++++++++++++
html/cgi-bin/index.cgi | 3 +++
html/cgi-bin/vpnmain.cgi | 24 +++++++++++++-----------
langs/de/cgi-bin/de.pl | 3 +++
langs/en/cgi-bin/en.pl | 3 +++
12 files changed, 55 insertions(+), 11 deletions(-)
Difference in files:
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 3dec2db..09dae68 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1143,6 +1143,8 @@ WARNING: untranslated string: uptime load average
WARNING: untranslated string: urlfilter redirect template
WARNING: untranslated string: vendor
WARNING: untranslated string: visit us at
+WARNING: untranslated string: vpn broken
+WARNING: untranslated string: vpn connecting
WARNING: untranslated string: vpn force mobike
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: vpn on-demand
@@ -1152,6 +1154,7 @@ WARNING: untranslated string: vpn start action start
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
+WARNING: untranslated string: vpn weak
WARNING: untranslated string: wlan client
WARNING: untranslated string: wlan client advanced settings
WARNING: untranslated string: wlan client and
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index fa5387c..1f4f9c3 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -1160,6 +1160,8 @@ WARNING: untranslated string: urlfilter mode block
WARNING: untranslated string: urlfilter redirect template
WARNING: untranslated string: vendor
WARNING: untranslated string: visit us at
+WARNING: untranslated string: vpn broken
+WARNING: untranslated string: vpn connecting
WARNING: untranslated string: vpn force mobike
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: vpn on-demand
@@ -1169,6 +1171,7 @@ WARNING: untranslated string: vpn start action start
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
+WARNING: untranslated string: vpn weak
WARNING: untranslated string: wlan client
WARNING: untranslated string: wlan client advanced settings
WARNING: untranslated string: wlan client and
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 09338a2..6b5639c 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -819,6 +819,8 @@ WARNING: untranslated string: search
WARNING: untranslated string: unblock
WARNING: untranslated string: unblock all
WARNING: untranslated string: uncheck all
+WARNING: untranslated string: vpn broken
+WARNING: untranslated string: vpn connecting
WARNING: untranslated string: vpn force mobike
WARNING: untranslated string: vpn on-demand
WARNING: untranslated string: vpn start action
@@ -827,3 +829,4 @@ WARNING: untranslated string: vpn start action start
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
+WARNING: untranslated string: vpn weak
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 3390ef3..3074482 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -867,6 +867,8 @@ WARNING: untranslated string: unblock all
WARNING: untranslated string: uncheck all
WARNING: untranslated string: upload dh key
WARNING: untranslated string: vendor
+WARNING: untranslated string: vpn broken
+WARNING: untranslated string: vpn connecting
WARNING: untranslated string: vpn force mobike
WARNING: untranslated string: vpn on-demand
WARNING: untranslated string: vpn start action
@@ -875,3 +877,4 @@ WARNING: untranslated string: vpn start action start
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
+WARNING: untranslated string: vpn weak
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 3dec2db..09dae68 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1143,6 +1143,8 @@ WARNING: untranslated string: uptime load average
WARNING: untranslated string: urlfilter redirect template
WARNING: untranslated string: vendor
WARNING: untranslated string: visit us at
+WARNING: untranslated string: vpn broken
+WARNING: untranslated string: vpn connecting
WARNING: untranslated string: vpn force mobike
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: vpn on-demand
@@ -1152,6 +1154,7 @@ WARNING: untranslated string: vpn start action start
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
+WARNING: untranslated string: vpn weak
WARNING: untranslated string: wlan client
WARNING: untranslated string: wlan client advanced settings
WARNING: untranslated string: wlan client and
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 303e19b..f4944db 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1138,6 +1138,8 @@ WARNING: untranslated string: uptime load average
WARNING: untranslated string: urlfilter redirect template
WARNING: untranslated string: vendor
WARNING: untranslated string: visit us at
+WARNING: untranslated string: vpn broken
+WARNING: untranslated string: vpn connecting
WARNING: untranslated string: vpn force mobike
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: vpn on-demand
@@ -1147,6 +1149,7 @@ WARNING: untranslated string: vpn start action start
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
+WARNING: untranslated string: vpn weak
WARNING: untranslated string: wlan client
WARNING: untranslated string: wlan client advanced settings
WARNING: untranslated string: wlan client and
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index af17e37..ac7a82d 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -753,8 +753,11 @@ WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
+WARNING: untranslated string: vpn broken
+WARNING: untranslated string: vpn connecting
WARNING: untranslated string: vpn on-demand
WARNING: untranslated string: vpn start action
WARNING: untranslated string: vpn start action route
WARNING: untranslated string: vpn start action start
WARNING: untranslated string: vpn statistics n2n
+WARNING: untranslated string: vpn weak
diff --git a/doc/language_missings b/doc/language_missings
index a6c7188..72fe075 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -561,6 +561,8 @@
< urlfilter redirect template
< vendor
< visit us at
+< vpn broken
+< vpn connecting
< vpn keyexchange
< vpn on-demand
< vpn start action
@@ -568,6 +570,7 @@
< vpn start action start
< vpn statistic n2n
< vpn statistic rw
+< vpn weak
< wlanap access point
< wlanap channel
< wlanap country
@@ -1180,6 +1183,8 @@
< urlfilter redirect template
< vendor
< visit us at
+< vpn broken
+< vpn connecting
< vpn keyexchange
< vpn on-demand
< vpn start action
@@ -1187,6 +1192,7 @@
< vpn start action start
< vpn statistic n2n
< vpn statistic rw
+< vpn weak
< wlanap country
< wlan client
< wlan client advanced settings
@@ -1764,6 +1770,8 @@
< urlfilter redirect template
< vendor
< visit us at
+< vpn broken
+< vpn connecting
< vpn keyexchange
< vpn on-demand
< vpn start action
@@ -1771,6 +1779,7 @@
< vpn start action start
< vpn statistic n2n
< vpn statistic rw
+< vpn weak
< wlanap country
< wlan client
< wlan client advanced settings
@@ -2353,6 +2362,8 @@
< urlfilter redirect template
< vendor
< visit us at
+< vpn broken
+< vpn connecting
< vpn keyexchange
< vpn on-demand
< vpn start action
@@ -2360,6 +2371,7 @@
< vpn start action start
< vpn statistic n2n
< vpn statistic rw
+< vpn weak
< week-graph
< wlanap country
< wlan client
diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi
index 7c17462..80a86af 100644
--- a/html/cgi-bin/index.cgi
+++ b/html/cgi-bin/index.cgi
@@ -425,6 +425,9 @@ END
if (($line =~ /\"$vpnconfig{$key}[1]\".*IPsec SA established/) || ($line =~/$vpnconfig{$key}[1]\{.*INSTALLED/ )){
$activecolor = $Header::colourgreen;
$activestatus = $Lang::tr{'capsopen'};
+ } elsif ($line =~ /$vpnconfig{$key}[1]\[.*CONNECTING/) {
+ $activecolor = $Header::colourorange;
+ $activestatus = $Lang::tr{'vpn connecting'};
} elsif ($line =~ /$vpnconfig{$key}[1]\{.*ROUTED/) {
$activecolor = $Header::colourorange;
$activestatus = $Lang::tr{'vpn on-demand'};
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index cc891c9..d3e4fe8 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -2178,7 +2178,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(curve25519|e521|e384|e256|e224|e192|e512bp|e384bp|e256bp|e224bp|1024|1536|2048|2048s256|2048s224|2048s160|3072|4096|6144|8192)$/) {
+ if ($val !~ /^(curve25519|e521|e384|e256|e224|e192|e512bp|e384bp|e256bp|e224bp|768|1024|1536|2048|2048s256|2048s224|2048s160|3072|4096|6144|8192)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2219,7 +2219,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(curve25519|e521|e384|e256|e224|e192|e512bp|e384bp|e256bp|e224bp|1024|1536|2048|2048s256|2048s224|2048s160|3072|4096|6144|8192|none)$/) {
+ if ($val !~ /^(curve25519|e521|e384|e256|e224|e192|e512bp|e384bp|e256bp|e224bp|768|1024|1536|2048|2048s256|2048s224|2048s160|3072|4096|6144|8192|none)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2350,9 +2350,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
@temp = split('\|', $cgiparams{'IKE_GROUPTYPE'});
foreach my $key (@temp) {$checked{'IKE_GROUPTYPE'}{$key} = "selected='selected'"; }
- # 768 is not supported by strongswan
- $checked{'IKE_GROUPTYPE'}{'768'} = '';
-
$checked{'ESP_ENCRYPTION'}{'aes256'} = '';
$checked{'ESP_ENCRYPTION'}{'aes192'} = '';
$checked{'ESP_ENCRYPTION'}{'aes128'} = '';
@@ -2506,8 +2503,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
<option value='sha2_384' $checked{'IKE_INTEGRITY'}{'sha2_384'}>SHA2 384 bit</option>
<option value='sha2_256' $checked{'IKE_INTEGRITY'}{'sha2_256'}>SHA2 256 bit</option>
<option value='aesxcbc' $checked{'IKE_INTEGRITY'}{'aesxcbc'}>AES XCBC</option>
- <option value='sha' $checked{'IKE_INTEGRITY'}{'sha'}>SHA1</option>
- <option value='md5' $checked{'IKE_INTEGRITY'}{'md5'}>MD5</option>
+ <option value='sha' $checked{'IKE_INTEGRITY'}{'sha'}>SHA1 ($Lang::tr{'vpn weak'})</option>
+ <option value='md5' $checked{'IKE_INTEGRITY'}{'md5'}>MD5i ($Lang::tr{'vpn broken'})</option>
</select>
</td>
<td class='boldbase'>
@@ -2516,8 +2513,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
<option value='sha2_384' $checked{'ESP_INTEGRITY'}{'sha2_384'}>SHA2 384 bit</option>
<option value='sha2_256' $checked{'ESP_INTEGRITY'}{'sha2_256'}>SHA2 256 bit</option>
<option value='aesxcbc' $checked{'ESP_INTEGRITY'}{'aesxcbc'}>AES XCBC</option>
- <option value='sha1' $checked{'ESP_INTEGRITY'}{'sha1'}>SHA1</option>
- <option value='md5' $checked{'ESP_INTEGRITY'}{'md5'}>MD5</option>
+ <option value='sha1' $checked{'ESP_INTEGRITY'}{'sha1'}>SHA1 ($Lang::tr{'vpn weak'})</option>
+ <option value='md5' $checked{'ESP_INTEGRITY'}{'md5'}>MD5 ($Lang::tr{'vpn broken'})</option>
</select>
</td>
</tr>
@@ -2553,7 +2550,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
<option value='2048s160' $checked{'IKE_GROUPTYPE'}{'2048s160'}>MODP-2048/160</option>
<option value='2048' $checked{'IKE_GROUPTYPE'}{'2048'}>MODP-2048</option>
<option value='1536' $checked{'IKE_GROUPTYPE'}{'1536'}>MODP-1536</option>
- <option value='1024' $checked{'IKE_GROUPTYPE'}{'1024'}>MODP-1024</option>
+ <option value='1024' $checked{'IKE_GROUPTYPE'}{'1024'}>MODP-1024 ($Lang::tr{'vpn broken'})</option>
+ <option value='768' $checked{'IKE_GROUPTYPE'}{'768'}>MODP-768 ($Lang::tr{'vpn broken'})</option>
</select>
</td>
<td class='boldbase'>
@@ -2577,7 +2575,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
<option value='2048s160' $checked{'ESP_GROUPTYPE'}{'2048s160'}>MODP-2048/160</option>
<option value='2048' $checked{'ESP_GROUPTYPE'}{'2048'}>MODP-2048</option>
<option value='1536' $checked{'ESP_GROUPTYPE'}{'1536'}>MODP-1536</option>
- <option value='1024' $checked{'ESP_GROUPTYPE'}{'1024'}>MODP-1024</option>
+ <option value='1024' $checked{'ESP_GROUPTYPE'}{'1024'}>MODP-1024 ($Lang::tr{'vpn broken'})</option>
+ <option value='768' $checked{'ESP_GROUPTYPE'}{'768'}>MODP-768 ($Lang::tr{'vpn broken'})</option>
<option value='none' $checked{'ESP_GROUPTYPE'}{'none'}>- $Lang::tr{'none'} -</option>
</select>
</td>
@@ -2809,6 +2808,9 @@ END
($line =~ /$confighash{$key}[1]\{.*INSTALLED/)) {
$col1="bgcolor='${Header::colourgreen}'";
$active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>";
+ } elsif ($line =~ /$confighash{$key}[1]\[.*CONNECTING/) {
+ $col1="bgcolor='${Header::colourorange}'";
+ $active = "<b><font color='#FFFFFF'>$Lang::tr{'vpn connecting'}</font></b>";
} elsif ($line =~ /$confighash{$key}[1]\{.*ROUTED/) {
$col1="bgcolor='${Header::colourorange}'";
$active = "<b><font color='#FFFFFF'>$Lang::tr{'vpn on-demand'}</font></b>";
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index bda0e26..68d925d 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -2605,6 +2605,8 @@
'vpn aggrmode' => 'IKE Aggressive Mode zugelassen. Wenn möglich, vermeiden (preshared Schlüssel wird im Klartext übertragen)!',
'vpn altname syntax' => 'Der Subjekt Alternativ Name ist eine durch Komma getrennte Liste von Email, DNS, URI, RID und IP Objekten. <br />Email: eine Email Adresse. Syntax Email: \'copy\' benutzt die Email Adresse aus dem Zertifikatfeld. <br />DNS: ein gültiger Domain Name.<br />URI: eine gültige URI.<br />RID: Registriertes Objekt Identifikation.<br />IP: eine IP Adresse.<br />Bitte beachten: der Zeichensatz ist eingeschränkt und die Groß-/Kleinschreibung ist entscheidend.<br />Beispiel:<br /><b>email:</b>info(a)ipfire.org<b>,email:</b>copy<b>,DNS:</b>www.ipfire.org<b>,IP:</b>127.0.0.1<b>,URI:</b>http://url/nach/irgendwo',
'vpn auth-dn' => 'Peer wird identifiziert durch entweder ein IPV4_ADDR, FQDN, USER_FQDN oder DER_ASN1_DN string in Remote ID Feld',
+'vpn broken' => 'Gebrochen',
+'vpn connecting' => 'VERBINDUNGSAUFBAU',
'vpn delayed start' => 'Verzögerung bevor VPN gestartet wird (Sekunden)',
'vpn delayed start help' => 'Falls notwendig, kann diese Verzögerung dazu verwendet werden, um Dynamic-DNS-Updates ordnungsgemäß anzuwenden. 60 ist ein gängiger Wert, wenn ROT (RED) eine dynamische IP Adresse ist.',
'vpn incompatible use of defaultroute' => 'Hostname=%defaultroute nicht zulässig',
@@ -2627,6 +2629,7 @@
'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik',
'vpn subjectaltname' => 'Subjekt Alternativer Name',
'vpn watch' => 'Netz-zu-Netz VPN neu starten, wenn sich Remote-IP ändert (DynDNS).',
+'vpn weak' => 'Schwach',
'waiting to synchronize clock' => 'Bitte warten, die Uhr wird synchronisiert',
'warn when traffic reaches' => 'Warnen wenn Traffic x % erreicht',
'warning messages' => 'Warnhinweise',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 6608ceb..4f30f56 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -2648,7 +2648,9 @@
'vpn aggrmode' => 'IKE aggressive mode allowed. Avoid if possible (preshared key is transmitted in clear text)!',
'vpn altname syntax' => 'SubjectAltName is a comma separated list of e-mail, dns, uri, rid and ip objects.<br />email:an email address. Syntax email:copy takes the email field from the cert to be used.<br />DNS:a valid domain name.<br />URI:any valid uri.<br />RID:registered object identifier.<br />IP:an IP address.<br />Note:charset is limited and case is significant.<br />Example:<br /><b>e-mail:</b>ipfire(a)foo.org<b>,email:</b>copy<b>,DNS:</b>www.ipfire.org<b>,IP:</b>127.0.0.1<b>,URI:</b>http://url/to/something',
'vpn auth-dn' => 'Peer is identified by either IPV4_ADDR, FQDN, USER_FQDN or DER_ASN1_DN string in remote ID field',
+'vpn broken' => 'Broken',
'vpn configuration main' => 'VPN Configuration',
+'vpn connecting' => 'CONNECTING',
'vpn delayed start' => 'Delay before launching VPN (seconds)',
'vpn delayed start help' => 'If required, this delay can be used to allow dynamic DNS updates to propagate properly. 60 is a common value when RED is a dynamic IP.',
'vpn force mobike' => 'Force using MOBIKE (only IKEv2)',
@@ -2672,6 +2674,7 @@
'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics',
'vpn subjectaltname' => 'Subject Alt Name',
'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).',
+'vpn weak' => 'Weak',
'waiting to synchronize clock' => 'Waiting to synchronize clock',
'warn when traffic reaches' => 'Warn when traffic reaches x %',
'warning messages' => 'Warning messages',
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-04-20 12:05 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-20 12:05 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 1fab4edfa690b410a255b9dd1d896178512e03d5 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox