* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 54059db30a2fc1ac9b4ad2baf2d56a4cbe7d40fb
@ 2025-10-30 16:36 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2025-10-30 16:36 UTC (permalink / raw)
To: ipfire-scm
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 32340 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 54059db30a2fc1ac9b4ad2baf2d56a4cbe7d40fb (commit)
via 5faf847eecfc81574d31cacd79ecb8ca55afd5fa (commit)
via 103d3e4093f2a9e1244f632a3481f78535059ac4 (commit)
via 42943bfe2daa307c82fbe124d27ccbe492ab5420 (commit)
from d44861b745972143d0ec5b83f0f71a221f17e074 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 54059db30a2fc1ac9b4ad2baf2d56a4cbe7d40fb
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Oct 30 16:35:32 2025 +0100
ovpnmain.cgi: Show a warning for deprecated, legacy ciphers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5faf847eecfc81574d31cacd79ecb8ca55afd5fa
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Oct 30 16:17:04 2025 +0100
ovpnmain.cgi: Implement adding multiple WINS servers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 103d3e4093f2a9e1244f632a3481f78535059ac4
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Oct 30 16:05:00 2025 +0100
ovpnmain.cgi: Support multiple DNS global servers
Fixes: #13900 - “Additional configuration” is missing in OpenVPN Advanced Settings (CU197)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 42943bfe2daa307c82fbe124d27ccbe492ab5420
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Oct 30 12:40:16 2025 +0100
ovpnmain.cgi: Fix iterating over the DHCP CCD options
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
doc/language_issues.en | 3 ++
doc/language_issues.es | 3 ++
doc/language_issues.fr | 3 ++
doc/language_issues.it | 3 ++
doc/language_issues.nl | 3 ++
doc/language_issues.pl | 3 ++
doc/language_issues.ru | 3 ++
doc/language_issues.tr | 3 ++
doc/language_issues.tw | 3 ++
doc/language_issues.zh | 3 ++
doc/language_missings | 27 ++++++++++++
html/cgi-bin/ovpnmain.cgi | 102 +++++++++++++++++++++++++++++++---------------
langs/de/cgi-bin/de.pl | 3 ++
langs/en/cgi-bin/en.pl | 3 ++
14 files changed, 133 insertions(+), 32 deletions(-)
Difference in files:
diff --git a/doc/language_issues.en b/doc/language_issues.en
index e2f59dd7f..e40571450 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -1459,6 +1459,8 @@ WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
WARNING: untranslated string: ovpn fqdn = FQDN
WARNING: untranslated string: ovpn ha = Hash algorithm
+WARNING: untranslated string: ovpn legacy auth used = You are using a legacy hash which will not be supported in OpenVPN clients of version 2.6 or later
+WARNING: untranslated string: ovpn legacy cipher used = You are using a legacy cipher which will not be supported in OpenVPN clients of version 2.6 or later
WARNING: untranslated string: ovpn mgmt in root range = A port number of 1024 or higher is required.
WARNING: untranslated string: ovpn misc settings = Miscellaneous Settings
WARNING: untranslated string: ovpn no cipher selected = No cipher selected
@@ -2144,6 +2146,7 @@ WARNING: untranslated string: vpn altname syntax = SubjectAltName is a comma sep
WARNING: untranslated string: vpn auth-dn = Peer is identified by either IPV4_ADDR, FQDN, USER_FQDN or DER_ASN1_DN string in remote ID field
WARNING: untranslated string: vpn broken = Broken
WARNING: untranslated string: vpn connecting = CONNECTING
+WARNING: untranslated string: vpn deprecated = Deprecated
WARNING: untranslated string: vpn force mobike = Force using MOBIKE (only IKEv2)
WARNING: untranslated string: vpn inactivity timeout = Inactivity Timeout
WARNING: untranslated string: vpn keyexchange = Keyexchange
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 91a2c6b0c..ffb077eb0 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1087,6 +1087,8 @@ WARNING: untranslated string: ovpn errmsg invalid route = Invalid route
WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
WARNING: untranslated string: ovpn fqdn = FQDN
+WARNING: untranslated string: ovpn legacy auth used = You are using a legacy hash which will not be supported in OpenVPN clients of version 2.6 or later
+WARNING: untranslated string: ovpn legacy cipher used = You are using a legacy cipher which will not be supported in OpenVPN clients of version 2.6 or later
WARNING: untranslated string: ovpn misc settings = Miscellaneous Settings
WARNING: untranslated string: ovpn no cipher selected = No cipher selected
WARNING: untranslated string: ovpn protocol settings = Protocol Settings
@@ -1105,6 +1107,7 @@ WARNING: untranslated string: rss = RSS
WARNING: untranslated string: rss long = Resident Set Size
WARNING: untranslated string: smt not implemented = Not Implemented
WARNING: untranslated string: transient sheduler attacks = Transient sheduler attacks
+WARNING: untranslated string: vpn deprecated = Deprecated
WARNING: untranslated string: wio = unknown string
WARNING: untranslated string: wio checked = unknown string
WARNING: untranslated string: wio cron = unknown string
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 0f5b04275..2dbaeb3bc 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -1089,6 +1089,8 @@ WARNING: untranslated string: ovpn errmsg invalid route = Invalid route
WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
WARNING: untranslated string: ovpn fqdn = FQDN
+WARNING: untranslated string: ovpn legacy auth used = You are using a legacy hash which will not be supported in OpenVPN clients of version 2.6 or later
+WARNING: untranslated string: ovpn legacy cipher used = You are using a legacy cipher which will not be supported in OpenVPN clients of version 2.6 or later
WARNING: untranslated string: ovpn misc settings = Miscellaneous Settings
WARNING: untranslated string: ovpn no cipher selected = No cipher selected
WARNING: untranslated string: ovpn protocol settings = Protocol Settings
@@ -1118,6 +1120,7 @@ WARNING: untranslated string: system time = System Time (as of last page load)
WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z
WARNING: untranslated string: total = Total
WARNING: untranslated string: transient sheduler attacks = Transient sheduler attacks
+WARNING: untranslated string: vpn deprecated = Deprecated
WARNING: untranslated string: warning = Warning
WARNING: untranslated string: wg client pool = Client Pool
WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 410237c81..4b1685986 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1322,6 +1322,8 @@ WARNING: untranslated string: ovpn errmsg invalid route = Invalid route
WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
WARNING: untranslated string: ovpn fqdn = FQDN
+WARNING: untranslated string: ovpn legacy auth used = You are using a legacy hash which will not be supported in OpenVPN clients of version 2.6 or later
+WARNING: untranslated string: ovpn legacy cipher used = You are using a legacy cipher which will not be supported in OpenVPN clients of version 2.6 or later
WARNING: untranslated string: ovpn misc settings = Miscellaneous Settings
WARNING: untranslated string: ovpn no cipher selected = No cipher selected
WARNING: untranslated string: ovpn protocol settings = Protocol Settings
@@ -1437,6 +1439,7 @@ WARNING: untranslated string: user management = User Management
WARNING: untranslated string: version = Version
WARNING: untranslated string: vpn broken = Broken
WARNING: untranslated string: vpn connecting = CONNECTING
+WARNING: untranslated string: vpn deprecated = Deprecated
WARNING: untranslated string: vpn force mobike = Force using MOBIKE (only IKEv2)
WARNING: untranslated string: vpn inactivity timeout = Inactivity Timeout
WARNING: untranslated string: vpn on-demand = ON-DEMAND
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index a74cb9c91..0857c00ce 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1346,6 +1346,8 @@ WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
WARNING: untranslated string: ovpn fqdn = FQDN
WARNING: untranslated string: ovpn ha = Hash algorithm
+WARNING: untranslated string: ovpn legacy auth used = You are using a legacy hash which will not be supported in OpenVPN clients of version 2.6 or later
+WARNING: untranslated string: ovpn legacy cipher used = You are using a legacy cipher which will not be supported in OpenVPN clients of version 2.6 or later
WARNING: untranslated string: ovpn misc settings = Miscellaneous Settings
WARNING: untranslated string: ovpn no cipher selected = No cipher selected
WARNING: untranslated string: ovpn protocol settings = Protocol Settings
@@ -1457,6 +1459,7 @@ WARNING: untranslated string: user management = User Management
WARNING: untranslated string: vendor = Vendor
WARNING: untranslated string: vpn broken = Broken
WARNING: untranslated string: vpn connecting = CONNECTING
+WARNING: untranslated string: vpn deprecated = Deprecated
WARNING: untranslated string: vpn force mobike = Force using MOBIKE (only IKEv2)
WARNING: untranslated string: vpn inactivity timeout = Inactivity Timeout
WARNING: untranslated string: vpn on-demand = ON-DEMAND
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index df1d6d60c..b005b9946 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1490,6 +1490,8 @@ WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
WARNING: untranslated string: ovpn fqdn = FQDN
WARNING: untranslated string: ovpn ha = Hash algorithm
+WARNING: untranslated string: ovpn legacy auth used = You are using a legacy hash which will not be supported in OpenVPN clients of version 2.6 or later
+WARNING: untranslated string: ovpn legacy cipher used = You are using a legacy cipher which will not be supported in OpenVPN clients of version 2.6 or later
WARNING: untranslated string: ovpn mgmt in root range = A port number of 1024 or higher is required.
WARNING: untranslated string: ovpn misc settings = Miscellaneous Settings
WARNING: untranslated string: ovpn no cipher selected = No cipher selected
@@ -1675,6 +1677,7 @@ WARNING: untranslated string: version = Version
WARNING: untranslated string: visit us at = Visit us at
WARNING: untranslated string: vpn broken = Broken
WARNING: untranslated string: vpn connecting = CONNECTING
+WARNING: untranslated string: vpn deprecated = Deprecated
WARNING: untranslated string: vpn force mobike = Force using MOBIKE (only IKEv2)
WARNING: untranslated string: vpn inactivity timeout = Inactivity Timeout
WARNING: untranslated string: vpn keyexchange = Keyexchange
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 79592b1cb..46aa8120f 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1490,6 +1490,8 @@ WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
WARNING: untranslated string: ovpn fqdn = FQDN
WARNING: untranslated string: ovpn ha = Hash algorithm
+WARNING: untranslated string: ovpn legacy auth used = You are using a legacy hash which will not be supported in OpenVPN clients of version 2.6 or later
+WARNING: untranslated string: ovpn legacy cipher used = You are using a legacy cipher which will not be supported in OpenVPN clients of version 2.6 or later
WARNING: untranslated string: ovpn mgmt in root range = A port number of 1024 or higher is required.
WARNING: untranslated string: ovpn misc settings = Miscellaneous Settings
WARNING: untranslated string: ovpn no cipher selected = No cipher selected
@@ -1674,6 +1676,7 @@ WARNING: untranslated string: version = Version
WARNING: untranslated string: visit us at = Visit us at
WARNING: untranslated string: vpn broken = Broken
WARNING: untranslated string: vpn connecting = CONNECTING
+WARNING: untranslated string: vpn deprecated = Deprecated
WARNING: untranslated string: vpn force mobike = Force using MOBIKE (only IKEv2)
WARNING: untranslated string: vpn inactivity timeout = Inactivity Timeout
WARNING: untranslated string: vpn keyexchange = Keyexchange
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index fe18c0cf0..8e3eb45cb 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -1238,6 +1238,8 @@ WARNING: untranslated string: ovpn errmsg invalid route = Invalid route
WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
WARNING: untranslated string: ovpn fqdn = FQDN
+WARNING: untranslated string: ovpn legacy auth used = You are using a legacy hash which will not be supported in OpenVPN clients of version 2.6 or later
+WARNING: untranslated string: ovpn legacy cipher used = You are using a legacy cipher which will not be supported in OpenVPN clients of version 2.6 or later
WARNING: untranslated string: ovpn misc settings = Miscellaneous Settings
WARNING: untranslated string: ovpn no cipher selected = No cipher selected
WARNING: untranslated string: ovpn protocol settings = Protocol Settings
@@ -1332,6 +1334,7 @@ WARNING: untranslated string: transport mode does not support vti = VTI is not s
WARNING: untranslated string: updxlrtr passive mode = Delivery only/no download mode
WARNING: untranslated string: user management = User Management
WARNING: untranslated string: version = Version
+WARNING: untranslated string: vpn deprecated = Deprecated
WARNING: untranslated string: vpn start action add = Wait for connection initiation
WARNING: untranslated string: vpn subjectaltname missing = SubjectAlternativeName cannot be emtpy.
WARNING: untranslated string: vpn wait = WAITING
diff --git a/doc/language_issues.tw b/doc/language_issues.tw
index 1573bb74f..2a058e720 100644
--- a/doc/language_issues.tw
+++ b/doc/language_issues.tw
@@ -1095,6 +1095,8 @@ WARNING: untranslated string: ovpn errmsg invalid route = Invalid route
WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
WARNING: untranslated string: ovpn fqdn = FQDN
+WARNING: untranslated string: ovpn legacy auth used = You are using a legacy hash which will not be supported in OpenVPN clients of version 2.6 or later
+WARNING: untranslated string: ovpn legacy cipher used = You are using a legacy cipher which will not be supported in OpenVPN clients of version 2.6 or later
WARNING: untranslated string: ovpn misc settings = Miscellaneous Settings
WARNING: untranslated string: ovpn no cipher selected = No cipher selected
WARNING: untranslated string: ovpn protocol settings = Protocol Settings
@@ -1123,6 +1125,7 @@ WARNING: untranslated string: rss = RSS
WARNING: untranslated string: rss long = Resident Set Size
WARNING: untranslated string: smt not implemented = Not Implemented
WARNING: untranslated string: transient sheduler attacks = Transient sheduler attacks
+WARNING: untranslated string: vpn deprecated = Deprecated
WARNING: untranslated string: wio = unknown string
WARNING: untranslated string: wio checked = unknown string
WARNING: untranslated string: wio cron = unknown string
diff --git a/doc/language_issues.zh b/doc/language_issues.zh
index 1573bb74f..2a058e720 100644
--- a/doc/language_issues.zh
+++ b/doc/language_issues.zh
@@ -1095,6 +1095,8 @@ WARNING: untranslated string: ovpn errmsg invalid route = Invalid route
WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
WARNING: untranslated string: ovpn fqdn = FQDN
+WARNING: untranslated string: ovpn legacy auth used = You are using a legacy hash which will not be supported in OpenVPN clients of version 2.6 or later
+WARNING: untranslated string: ovpn legacy cipher used = You are using a legacy cipher which will not be supported in OpenVPN clients of version 2.6 or later
WARNING: untranslated string: ovpn misc settings = Miscellaneous Settings
WARNING: untranslated string: ovpn no cipher selected = No cipher selected
WARNING: untranslated string: ovpn protocol settings = Protocol Settings
@@ -1123,6 +1125,7 @@ WARNING: untranslated string: rss = RSS
WARNING: untranslated string: rss long = Resident Set Size
WARNING: untranslated string: smt not implemented = Not Implemented
WARNING: untranslated string: transient sheduler attacks = Transient sheduler attacks
+WARNING: untranslated string: vpn deprecated = Deprecated
WARNING: untranslated string: wio = unknown string
WARNING: untranslated string: wio checked = unknown string
WARNING: untranslated string: wio cron = unknown string
diff --git a/doc/language_missings b/doc/language_missings
index 6575e17ea..24602b7d1 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -190,6 +190,8 @@
< ovpn fallback cipher
< ovpn fallback cipher help
< ovpn fqdn
+< ovpn legacy auth used
+< ovpn legacy cipher used
< ovpn misc settings
< ovpn no cipher selected
< ovpn protocol settings
@@ -204,6 +206,7 @@
< rss long
< smt not implemented
< transient sheduler attacks
+< vpn deprecated
< wlanap 802.11ac
< wlanap 802.11ac 160mhz
< wlanap 802.11ac 20mhz
@@ -302,6 +305,8 @@
< ovpn fallback cipher
< ovpn fallback cipher help
< ovpn fqdn
+< ovpn legacy auth used
+< ovpn legacy cipher used
< ovpn misc settings
< ovpn no cipher selected
< ovpn protocol settings
@@ -330,6 +335,7 @@
< total
< transient sheduler attacks
< upload fcdsl.o
+< vpn deprecated
< warning
< wg
< wg client configuration file
@@ -828,6 +834,8 @@
< ovpn fallback cipher
< ovpn fallback cipher help
< ovpn fqdn
+< ovpn legacy auth used
+< ovpn legacy cipher used
< ovpn misc settings
< ovpn no cipher selected
< ovpn protocol settings
@@ -946,6 +954,7 @@
< version
< vpn broken
< vpn connecting
+< vpn deprecated
< vpn force mobike
< vpn inactivity timeout
< vpn on-demand
@@ -1537,6 +1546,8 @@
< ovpn fqdn
< ovpn generating the root and host certificates
< ovpn ha
+< ovpn legacy auth used
+< ovpn legacy cipher used
< ovpn misc settings
< ovpn no cipher selected
< ovpn protocol settings
@@ -1653,6 +1664,7 @@
< vendor
< vpn broken
< vpn connecting
+< vpn deprecated
< vpn force mobike
< vpn inactivity timeout
< vpn on-demand
@@ -2562,6 +2574,8 @@
< ovpn fqdn
< ovpn generating the root and host certificates
< ovpn ha
+< ovpn legacy auth used
+< ovpn legacy cipher used
< ovpn mgmt in root range
< ovpn misc settings
< ovpn mtu-disc
@@ -2773,6 +2787,7 @@
< visit us at
< vpn broken
< vpn connecting
+< vpn deprecated
< vpn force mobike
< vpn inactivity timeout
< vpn keyexchange
@@ -3721,6 +3736,8 @@
< ovpn fqdn
< ovpn generating the root and host certificates
< ovpn ha
+< ovpn legacy auth used
+< ovpn legacy cipher used
< ovpn mgmt in root range
< ovpn misc settings
< ovpn mtu-disc
@@ -3931,6 +3948,7 @@
< visit us at
< vpn broken
< vpn connecting
+< vpn deprecated
< vpn force mobike
< vpn inactivity timeout
< vpn keyexchange
@@ -4383,6 +4401,8 @@
< ovpn fallback cipher
< ovpn fallback cipher help
< ovpn fqdn
+< ovpn legacy auth used
+< ovpn legacy cipher used
< ovpn misc settings
< ovpn no cipher selected
< ovpn protocol settings
@@ -4480,6 +4500,7 @@
< updxlrtr passive mode
< user management
< version
+< vpn deprecated
< vpn start action add
< vpn subjectaltname missing
< vpn wait
@@ -4636,6 +4657,8 @@
< ovpn fallback cipher
< ovpn fallback cipher help
< ovpn fqdn
+< ovpn legacy auth used
+< ovpn legacy cipher used
< ovpn misc settings
< ovpn no cipher selected
< ovpn protocol settings
@@ -4661,6 +4684,7 @@
< rss long
< smt not implemented
< transient sheduler attacks
+< vpn deprecated
< wlanap 802.11ac
< wlanap 802.11ac 160mhz
< wlanap 802.11ac 20mhz
@@ -4728,6 +4752,8 @@
< ovpn fallback cipher
< ovpn fallback cipher help
< ovpn fqdn
+< ovpn legacy auth used
+< ovpn legacy cipher used
< ovpn misc settings
< ovpn no cipher selected
< ovpn protocol settings
@@ -4753,6 +4779,7 @@
< rss long
< smt not implemented
< transient sheduler attacks
+< vpn deprecated
< wlanap 802.11ac
< wlanap 802.11ac 160mhz
< wlanap 802.11ac 20mhz
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 3b3776aaa..ec86a218b 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -351,12 +351,18 @@ sub writeserverconf {
print CONF "push \"dhcp-option DOMAIN $vpnsettings{DHCP_DOMAIN}\"\n";
}
- if ($vpnsettings{DHCP_DNS} ne '') {
- print CONF "push \"dhcp-option DNS $vpnsettings{DHCP_DNS}\"\n";
+ my @dns_servers = split(/\|/, $vpnsettings{'DHCP_DNS'});
+
+ # Write DNS servers
+ foreach my $dns_server (@dns_servers) {
+ print CONF "push \"dhcp-option DNS $dns_server\"\n";
}
- if ($vpnsettings{DHCP_WINS} ne '') {
- print CONF "push \"dhcp-option WINS $vpnsettings{DHCP_WINS}\"\n";
+ my @wins_servers = split(/\|/, $vpnsettings{'DHCP_WINS'});
+
+ # Write WINS servers
+ foreach my $wins_server (@wins_servers) {
+ print CONF "push \"dhcp-option WINS $wins_server\"\n";
}
if ($vpnsettings{MAX_CLIENTS} eq '') {
@@ -677,24 +683,24 @@ sub write_ccd_configs() {
# DHCP Options
my %options = (
- "DNS" => (
+ "DNS" => [
$conns{$key}[35],
$conns{$key}[36],
- ),
+ ],
- "WINS" => (
+ "WINS" => [
$conns{$key}[37],
- ),
+ ],
);
print CONF "# DHCP Options\n";
foreach my $option (keys %options) {
- foreach (@options{$option}) {
- # Skip empty options
- next if ($_ eq "");
+ foreach my $address (@{ $options{$option} }) {
+ # Skip empty addresses
+ next if ($address eq "");
- print CONF "push \"dhcp-option $option $_\"\n";
+ print CONF "push \"dhcp-option $option $address\"\n";
}
}
@@ -1122,19 +1128,33 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
goto ADV_ERROR;
}
}
- if ($cgiparams{'DHCP_DNS'} ne ''){
- unless (&General::validfqdn($cgiparams{'DHCP_DNS'}) || &General::validip($cgiparams{'DHCP_DNS'})) {
- $errormessage = $Lang::tr{'invalid input for dhcp dns'};
- goto ADV_ERROR;
- }
- }
- if ($cgiparams{'DHCP_WINS'} ne ''){
- unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) {
- $errormessage = $Lang::tr{'invalid input for dhcp wins'};
- goto ADV_ERROR;
- }
+
+ my @dns_servers = split(/[,\s]+/, $cgiparams{'DHCP_DNS'});
+
+ # Check if all DNS servers are valid
+ foreach my $dns_server (@dns_servers) {
+ unless (&General::validfqdn($dns_server) || &General::validip($dns_server)) {
+ $errormessage = $Lang::tr{'invalid input for dhcp dns'} . ": ${dns_server}";
+ goto ADV_ERROR;
+ }
}
+ # Store the DNS servers
+ $vpnsettings{'DHCP_DNS'} = join("|", @dns_servers);
+
+ my @wins_servers = split(/[,\s]+/, $cgiparams{'DHCP_WINS'});
+
+ # Check if all WINS servers are valid
+ foreach my $wins_server (@wins_servers) {
+ unless (&General::validfqdn($wins_server) || &General::validip($wins_server)) {
+ $errormessage = $Lang::tr{'invalid input for dhcp wins'} . ": ${wins_server}";
+ goto ADV_ERROR;
+ }
+ }
+
+ # Store the WINS servers
+ $vpnsettings{'DHCP_WINS'} = join("|", @wins_servers);
+
# Validate pushed routes
if ($cgiparams{'ROUTES_PUSH'} ne ''){
my @temp = split(/\n/, $cgiparams{'ROUTES_PUSH'});
@@ -2811,6 +2831,10 @@ END
END
}
+ # Format DNS and WINS servers as comma-separated
+ my $dns_servers = join(", ", split(/\|/, $vpnsettings{'DHCP_DNS'}));
+ my $wins_servers = join(", ", split(/\|/, $vpnsettings{'DHCP_WINS'}));
+
print <<END;
</select>
</td>
@@ -2823,7 +2847,7 @@ END
<td>
<select name='DAUTH'>
- <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
+ <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'}, $Lang::tr{'vpn deprecated'})</option>
<option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
<option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
<option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
@@ -2859,12 +2883,12 @@ END
<option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option>
<option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
<option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
- <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
- <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
+ <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn deprecated'})</option>
+ <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn deprecated'})</option>
+ <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn deprecated'})</option>
+ <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn deprecated'})</option>
+ <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn deprecated'})</option>
+ <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn deprecated'})</option>
</select>
</td>
</tr>
@@ -2889,13 +2913,13 @@ END
<tr>
<td>DNS</td>
<td>
- <input type='TEXT' name='DHCP_DNS' value='$vpnsettings{'DHCP_DNS'}' size='30' />
+ <input type='TEXT' name='DHCP_DNS' value='$dns_servers' size='30' />
</td>
</tr>
<tr>
<td>WINS</td>
<td>
- <input type='TEXT' name='DHCP_WINS' value='$vpnsettings{'DHCP_WINS'}' size='30' />
+ <input type='TEXT' name='DHCP_WINS' value='$wins_servers' size='30' />
</td>
</tr>
</table>
@@ -5091,6 +5115,18 @@ END
&Header::openpage($Lang::tr{'status ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', $errormessage);
+ my @warnings = ();
+
+ # Check if a legacy cipher is being used
+ if (&is_legacy_cipher($vpnsettings{'DCIPHER'})) {
+ push(@warnings, $Lang::tr{'ovpn legacy cipher used'});
+ }
+
+ # Check if a legacy auth algorithm is being used
+ if (&is_legacy_auth($vpnsettings{'DAUTH'})) {
+ push(@warnings, $Lang::tr{'ovpn legacy auth used'});
+ }
+
# Show any errors and warnings
&Header::errorbox($errormessage);
@@ -5104,6 +5140,8 @@ END
exit 0;
}
+ &Header::warningbox(@warnings);
+
&Header::openbox('100%', 'LEFT', $Lang::tr{'ovpn roadwarrior settings'});
# Show the service status
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index b93f5413e..55804a897 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1993,6 +1993,8 @@
'ovpn error md5' => 'Das Host Zertifikat nutzt einen MD5 Algorithmus welcher nicht mehr akzeptiert wird. <br>Bitte IPFire auf die neueste Version updaten und generieren sie ein neues Root und Host Zertifikate.</br><br>Es müssen dann alle OpenVPN clients erneuert werden!</br>',
'ovpn generating the root and host certificates' => 'Die Erzeugung der Root- und Host-Zertifikate kann lange Zeit dauern.',
'ovpn ha' => 'Hash-Algorithmus',
+'ovpn legacy auth used' => 'Sie verwenden einen veralteten Hash, der in OpenVPN-Clients ab Version 2.6 nicht mehr unterstützt wird',
+'ovpn legacy cipher used' => 'Sie verwenden eine veraltete Verschlüsselung, die in OpenVPN-Clients ab Version 2.6 nicht mehr unterstützt wird',
'ovpn log' => 'OVPN-Protokoll',
'ovpn mgmt in root range' => 'Ein Port von 1024 oder höher ist erforderlich.',
'ovpn mtu-disc' => 'Path MTU Discovery',
@@ -2931,6 +2933,7 @@
'vpn connecting' => 'VERBINDUNGSAUFBAU',
'vpn delayed start' => 'Verzögerung, bevor VPN gestartet wird (in Sekunden)',
'vpn delayed start help' => 'Falls notwendig, kann diese Verzögerung dazu verwendet werden, um Dynamic-DNS-Updates ordnungsgemäß anzuwenden. 60 ist ein gängiger Wert, wenn ROT (RED) eine dynamische IP Adresse ist.',
+'vpn deprecated' => 'Veraltet',
'vpn force mobike' => 'MOBIKE erzwingen (nur IKEv2)',
'vpn inactivity timeout' => 'Inaktivitätstimeout',
'vpn incompatible use of defaultroute' => 'Hostname=%defaultroute nicht zulässig',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index acdfe4679..08967bc84 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -2073,6 +2073,8 @@
'ovpn fqdn' => 'FQDN',
'ovpn generating the root and host certificates' => 'Generating the root and host certificate can take a long time.',
'ovpn ha' => 'Hash algorithm',
+'ovpn legacy auth used' => 'You are using a legacy hash which will not be supported in OpenVPN clients of version 2.6 or later',
+'ovpn legacy cipher used' => 'You are using a legacy cipher which will not be supported in OpenVPN clients of version 2.6 or later',
'ovpn log' => 'OVPN-Log',
'ovpn mgmt in root range' => 'A port number of 1024 or higher is required.',
'ovpn misc settings' => 'Miscellaneous Settings',
@@ -3044,6 +3046,7 @@
'vpn connecting' => 'CONNECTING',
'vpn delayed start' => 'Delay before launching VPN (seconds)',
'vpn delayed start help' => 'If required, this delay can be used to allow dynamic DNS updates to propagate properly. 60 is a common value when RED is a dynamic IP.',
+'vpn deprecated' => 'Deprecated',
'vpn force mobike' => 'Force using MOBIKE (only IKEv2)',
'vpn inactivity timeout' => 'Inactivity Timeout',
'vpn incompatible use of defaultroute' => 'hostname=%defaultroute not allowed',
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-10-30 16:36 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-10-30 16:36 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 54059db30a2fc1ac9b4ad2baf2d56a4cbe7d40fb Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox