print CONF "status /var/run/ovpnserver.log 30\n";
print CONF "ncp-disable\n";
print CONF "cipher $sovpnsettings{DCIPHER}\n";
- if ($sovpnsettings{'DAUTH'} eq '') {
- print CONF "";
- } else {
print CONF "auth $sovpnsettings{'DAUTH'}\n";
- }
+
if ($sovpnsettings{'TLSAUTH'} eq 'on') {
print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n";
}
$vpnsettings{'MAX_CLIENTS'} = $cgiparams{'MAX_CLIENTS'};
$vpnsettings{'REDIRECT_GW_DEF1'} = $cgiparams{'REDIRECT_GW_DEF1'};
$vpnsettings{'CLIENT2CLIENT'} = $cgiparams{'CLIENT2CLIENT'};
+ $vpnsettings{'COMPLZO'} = $cgiparams{'DCOMPLZO'};
$vpnsettings{'ADDITIONAL_CONFIGS'} = $cgiparams{'ADDITIONAL_CONFIGS'};
$vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'};
$vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
$vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
$vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
- $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
- $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
my @temp=();
if ($cgiparams{'FRAGMENT'} eq '') {
$vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
$vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
$vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
+ $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
+ $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
#wrtie enable
if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");}
$zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
}
print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
- if ($vpnsettings{'DAUTH'} eq '') {
- print CLIENTCONF "";
- } else {
print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
- }
+
if ($vpnsettings{'TLSAUTH'} eq 'on') {
if ($cgiparams{'MODE'} eq 'insecure') {
print CLIENTCONF ";";
if ($cgiparams{'LOG_VERB'} eq '') {
$cgiparams{'LOG_VERB'} = '3';
}
- if ($cgiparams{'DAUTH'} eq '') {
- $cgiparams{'DAUTH'} = 'SHA512';
- }
if ($cgiparams{'TLSAUTH'} eq '') {
$cgiparams{'TLSAUTH'} = 'off';
}
$checked{'REDIRECT_GW_DEF1'}{'off'} = '';
$checked{'REDIRECT_GW_DEF1'}{'on'} = '';
$checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED';
+ $checked{'DCOMPLZO'}{'off'} = '';
+ $checked{'DCOMPLZO'}{'on'} = '';
+ $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
$checked{'ADDITIONAL_CONFIGS'}{'off'} = '';
$checked{'ADDITIONAL_CONFIGS'}{'on'} = '';
$checked{'ADDITIONAL_CONFIGS'}{$cgiparams{'ADDITIONAL_CONFIGS'}} = 'CHECKED';
$selected{'LOG_VERB'}{'10'} = '';
$selected{'LOG_VERB'}{'11'} = '';
$selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
- $selected{'DAUTH'}{'whirlpool'} = '';
- $selected{'DAUTH'}{'SHA512'} = '';
- $selected{'DAUTH'}{'SHA384'} = '';
- $selected{'DAUTH'}{'SHA256'} = '';
- $selected{'DAUTH'}{'SHA1'} = '';
- $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
- $checked{'TLSAUTH'}{'off'} = '';
- $checked{'TLSAUTH'}{'on'} = '';
- $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'status ovpn'}, 1, '');
</tr>
<tr>
- <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
+ <td width='20%'></td> <td width='15%'> </td><td width='35%'> </td><td width='20%'></td><td width='35%'></td>
</tr>
<tr>
<td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td>
</tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
+ <td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'} /></td>
+ <td>$Lang::tr{'openvpn default'}: off <font color='red'>($Lang::tr{'attention'} exploitable via Voracle)</font></td>
+ </tr>
+
<tr>
<td class='base'>$Lang::tr{'ovpn add conf'}</td>
<td><input type='checkbox' name='ADDITIONAL_CONFIGS' $checked{'ADDITIONAL_CONFIGS'}{'on'} /></td>
</table>
<hr size='1'>
-<table width='100%'>
- <tr>
- <td class'base'><b>$Lang::tr{'ovpn crypt options'}</b></td>
- </tr>
- <tr>
- <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td>
- </tr>
- <tr><td class='base'>$Lang::tr{'ovpn ha'}</td>
- <td><select name='DAUTH'>
- <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
- <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
- <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
- <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
- <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- </select>
- </td>
- <td>$Lang::tr{'openvpn default'}: <span class="base">SHA1 (160 $Lang::tr{'bit'})</span></td>
- </tr>
-</table>
-
-<table width='100%'>
- <tr>
- <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
- </tr>
-
- <tr>
- <td class='base'>HMAC tls-auth</td>
- <td><input type='checkbox' name='TLSAUTH' $checked{'TLSAUTH'}{'on'} /></td>
- </tr>
- </table><hr>
END
if ( -e "/var/run/openvpn.pid"){
<tr><td class='boldbase' nowrap='nowrap'>Fragment:</td><td><b>$confighash{$key}[24]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn hmac'}:</td><td><b>$confighash{$key}[39]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn tls auth'}:</td><td><b>$confighash{$key}[39]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td><td><b>$confighash{$key}[40]</b></td></tr>
<tr><td> </td><td> </td></tr>
</table>
$selected{'DAUTH'}{'SHA384'} = '';
$selected{'DAUTH'}{'SHA256'} = '';
$selected{'DAUTH'}{'SHA1'} = '';
- # If no hash algorythm has been choosen yet, select
- # the old default value (SHA1) for compatiblity reasons.
- if ($cgiparams{'DAUTH'} eq '') {
- $cgiparams{'DAUTH'} = 'SHA1';
- }
$selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
+ $checked{'TLSAUTH'}{'off'} = '';
+ $checked{'TLSAUTH'}{'on'} = '';
+ $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
if (1) {
&Header::showhttpheaders();
$cgiparams{'MSSFIX'} = 'off';
}
if ($cgiparams{'DAUTH'} eq '') {
- $cgiparams{'DAUTH'} = 'SHA512';
- }
+ if (-z "${General::swroot}/ovpn/ovpnconfig") {
+ $cgiparams{'DAUTH'} = 'SHA512';
+ }
+ foreach my $key (keys %confighash) {
+ if ($confighash{$key}[3] ne 'host') {
+ $cgiparams{'DAUTH'} = 'SHA512';
+ } else {
+ $cgiparams{'DAUTH'} = 'SHA1';
+ }
+ }
+ }
+ if ($cgiparams{'TLSAUTH'} eq '') {
+ $cgiparams{'TLSAUTH'} = 'off';
+ }
if ($cgiparams{'DOVPN_SUBNET'} eq '') {
$cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
}
$selected{'DAUTH'}{'SHA1'} = '';
$selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
+ $checked{'TLSAUTH'}{'off'} = '';
+ $checked{'TLSAUTH'}{'on'} = '';
+ $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
+
$checked{'DCOMPLZO'}{'off'} = '';
$checked{'DCOMPLZO'}{'on'} = '';
$checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
if (&haveOrangeNet()) {
print "<tr><td class='boldbase'>$Lang::tr{'ovpn on orange'}</td>";
print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'}{'on'} /></td>";
- }
- print <<END;
+ }
+
+ print <<END;
+
+ <tr><td colspan='4'><br></td></tr>
+ <tr>
+ <td class'base'><b>$Lang::tr{'net config'}:</b></td>
+ </tr>
+ <tr><td colspan='1'><br></td></tr>
+
<tr><td class='base' nowrap='nowrap' colspan='2'>$Lang::tr{'local vpn hostname/ip'}:<br /><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' size='30' /></td>
<td class='boldbase' nowrap='nowrap' colspan='2'>$Lang::tr{'ovpn subnet'}<br /><input type='TEXT' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}' size='30' /></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
<td><input type='TEXT' name='DDEST_PORT' value='$cgiparams{'DDEST_PORT'}' size='5' /></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'} </td>
<td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}' size='5' /></td>
+ </tr>
+
+ <tr><td colspan='4'><br></td></tr>
+ <tr>
+ <td class'base'><b>$Lang::tr{'ovpn crypt options'}:</b></td>
+ </tr>
+ <tr><td colspan='1'><br></td></tr>
+
+ <tr>
+ <td class='base'>$Lang::tr{'ovpn ha'}</td>
+ <td><select name='DAUTH'>
+ <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
+ <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
+ <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
+ <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
+ <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
+ </select>
+ </td>
<td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
<td><select name='DCIPHER'>
<option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
</select>
</td>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
- <td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'} /></td>
</tr>
+
+ <tr><td colspan='4'><br></td></tr>
+ <tr>
+ <td class='base'>$Lang::tr{'ovpn tls auth'}</td>
+ <td><input type='checkbox' name='TLSAUTH' $checked{'TLSAUTH'}{'on'} /></td>
+ </tr>
+
<tr><td colspan='4'><br><br></td></tr>
END
;