ENABLED=off
ENABLED_BLUE=off
ENABLED_ORANGE=off
-DDEST_PORT=1149
+DDEST_PORT=1194
DPROTOCOL=udp
VPN_IP=
#usr/lib/libdaq.la
#usr/lib/libdaq.so
usr/lib/libdaq.so.2
-usr/lib/libdaq.so.2.0.1
+usr/lib/libdaq.so.2.0.2
#usr/lib/libdaq_static.a
#usr/lib/libdaq_static.la
#usr/lib/libdaq_static_modules.a
#sbin/extlinux
#usr/bin/gethostip
-#usr/bin/isohybrid
+usr/bin/isohybrid
#usr/bin/isohybrid.pl
#usr/bin/keytab-lilo
#usr/bin/lss16toppm
#usr/include/snort/dynamic_preproc/bitop.h
#usr/include/snort/dynamic_preproc/cpuclock.h
#usr/include/snort/dynamic_preproc/file_api.h
-#usr/include/snort/dynamic_preproc/file_lib.h
#usr/include/snort/dynamic_preproc/idle_processing.h
#usr/include/snort/dynamic_preproc/ipv6_port.h
#usr/include/snort/dynamic_preproc/mempool.h
#usr/share/doc/snort/README.dnp3
#usr/share/doc/snort/README.dns
#usr/share/doc/snort/README.event_queue
+#usr/share/doc/snort/README.file
+#usr/share/doc/snort/README.file_ips
#usr/share/doc/snort/README.filters
#usr/share/doc/snort/README.flowbits
#usr/share/doc/snort/README.frag3
#usr/share/doc/snort/README.ftptelnet
#usr/share/doc/snort/README.gre
+#usr/share/doc/snort/README.ha
#usr/share/doc/snort/README.http_inspect
#usr/share/doc/snort/README.imap
#usr/share/doc/snort/README.ipip
--- /dev/null
+boot/config.txt
+etc/collectd.custom
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/ovpn
+var/log/cache
+var/state/dhcp/dhcpd.leases
+var/updatecache
--- /dev/null
+../../../../common/armv5tel/linux-kirkwood
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/linux-multi
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/linux-rpi
\ No newline at end of file
--- /dev/null
+../../../common/daq
\ No newline at end of file
--- /dev/null
+etc/system-release
+etc/issue
+srv/web/ipfire/cgi-bin/logs.cgi/firewalllogcountry.dat
+srv/web/ipfire/cgi-bin/logs.cgi/showrequestfromcountry.dat
+srv/web/ipfire/cgi-bin/modem-status.cgi
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
+srv/web/ipfire/cgi-bin/proxy.cgi
+srv/web/ipfire/html/themes/ipfire/include/functions.pl
+var/ipfire/langs
+var/ipfire/menu.d/20-status.menu
+var/ipfire/menu.d/70-log.menu
+var/ipfire/ovpn/openssl/ovpn.cnf
--- /dev/null
+../../../../common/i586/grub
\ No newline at end of file
--- /dev/null
+../../../../common/i586/linux
\ No newline at end of file
--- /dev/null
+../../../../common/i586/syslinux
\ No newline at end of file
--- /dev/null
+../../../common/openvpn
\ No newline at end of file
--- /dev/null
+../../../common/ppp
\ No newline at end of file
--- /dev/null
+../../../common/snort
\ No newline at end of file
--- /dev/null
+../../../common/squid
\ No newline at end of file
--- /dev/null
+../../../common/vnstat
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2014 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+function add_to_backup ()
+{
+ # Add path to ROOTFILES but remove old entries to prevent double
+ # files in the tar
+ grep -v "^$1" /opt/pakfire/tmp/ROOTFILES > /opt/pakfire/tmp/ROOTFILES.tmp
+ mv /opt/pakfire/tmp/ROOTFILES.tmp /opt/pakfire/tmp/ROOTFILES
+ echo $1 >> /opt/pakfire/tmp/ROOTFILES
+}
+
+#
+# Remove old core updates from pakfire cache to save space...
+core=78
+for (( i=1; i<=${core}; i++ ))
+do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+#
+# Do some sanity checks.
+case $(uname -r) in
+ *-ipfire-versatile )
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: ERROR cannot update. versatile support is dropped."
+ # Report no error to pakfire. So it does not try to install it again.
+ exit 0
+ ;;
+ *-ipfire-xen )
+ BOOTSIZE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f2 | tail -n 1`
+ if [ $BOOTSIZE -lt 28000 ]; then
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: ERROR cannot update because not enough space on boot."
+ exit 2
+ fi
+ ;;
+ *-ipfire* )
+ # Ok.
+ ;;
+ * )
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: ERROR cannot update. No IPFire Kernel."
+ exit 1
+ ;;
+esac
+
+
+#
+#
+KVER="xxxKVERxxx"
+MOUNT=`grep "kernel" /boot/grub/grub.conf 2>/dev/null | tail -n 1 `
+# Nur den letzten Parameter verwenden
+echo $MOUNT > /dev/null
+MOUNT=$_
+if [ ! $MOUNT == "rw" ]; then
+ MOUNT="ro"
+fi
+
+#
+# check if we the backup file already exist
+if [ -e /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz ]; then
+ echo Moving backup to backup-old ...
+ mv -f /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz \
+ /var/ipfire/backup/core-upgrade${core}_${KVER}-old.tar.xz
+fi
+echo First we made a backup of all files that was inside of the
+echo update archive. This may take a while ...
+# Add some files that are not in the package to backup
+add_to_backup lib/modules
+add_to_backup boot
+
+# Backup the files
+tar cJvf /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz \
+ -C / -T /opt/pakfire/tmp/ROOTFILES --exclude='#*' --exclude='/var/cache' > /dev/null 2>&1
+
+# Check diskspace on root
+ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+
+if [ $ROOTSPACE -lt 100000 ]; then
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: ERROR cannot update because not enough free space on root."
+ exit 2
+fi
+
+
+echo
+echo Update Kernel to $KVER ...
+#
+# Remove old kernel, configs, initrd, modules ...
+#
+rm -rf /boot/System.map-*
+rm -rf /boot/config-*
+rm -rf /boot/ipfirerd-*
+rm -rf /boot/vmlinuz-*
+rm -rf /boot/uImage-ipfire-*
+rm -rf /boot/uInit-ipfire-*
+rm -rf /lib/modules
+
+case $(uname -m) in
+ i?86 )
+ #
+ # Backup grub.conf
+ #
+ cp -vf /boot/grub/grub.conf /boot/grub/grub.conf.org
+ ;;
+esac
+#
+#Stop services
+/etc/init.d/snort stop
+/etc/init.d/squid stop
+/etc/init.d/ipsec stop
+/etc/init.d/apache stop
+
+# rename /etc/modprobe.d files
+for i in $(find /etc/modprobe.d/* | grep -v ".conf"); do
+ mv $i $i.conf
+done
+
+#
+#Extract files
+tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
+
+# Check diskspace on boot
+BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+
+if [ $BOOTSPACE -lt 1000 ]; then
+ case $(uname -r) in
+ *-ipfire-kirkwood )
+ # Special handling for old kirkwood images.
+ # (install only kirkwood kernel)
+ rm -rf /boot/*
+ tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p \
+ --numeric-owner -C / --wildcards 'boot/*-kirkwood*'
+ ;;
+ * )
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: FATAL-ERROR space run out on boot. System is not bootable..."
+ /etc/init.d/apache start
+ exit 4
+ ;;
+ esac
+fi
+
+
+# Update Language cache
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+
+#
+# Start services
+#
+/etc/init.d/apache start
+/etc/init.d/squid start
+/etc/init.d/snort start
+if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then
+ /etc/init.d/ipsec start
+fi
+
+case $(uname -m) in
+ i?86 )
+ #
+ # Modify grub.conf
+ #
+ echo
+ echo Update grub configuration ...
+ ROOT=`mount | grep " / " | cut -d" " -f1`
+
+ if [ ! -z $ROOT ]; then
+ ROOTUUID=`blkid -c /dev/null -sUUID $ROOT | cut -d'"' -f2`
+ fi
+
+ if [ ! -z $ROOTUUID ]; then
+ sed -i "s|ROOT|UUID=$ROOTUUID|g" /boot/grub/grub.conf
+ else
+ sed -i "s|ROOT|$ROOT|g" /boot/grub/grub.conf
+ fi
+ sed -i "s|KVER|$KVER|g" /boot/grub/grub.conf
+ sed -i "s|MOUNT|$MOUNT|g" /boot/grub/grub.conf
+
+ if [ "$(grep "^serial" /boot/grub/grub.conf.org)" == "" ]; then
+ echo "grub use default console ..."
+ else
+ echo "grub use serial console ..."
+ sed -i -e "s|splashimage|#splashimage|g" /boot/grub/grub.conf
+ sed -i -e "s|#serial|serial|g" /boot/grub/grub.conf
+ sed -i -e "s|#terminal|terminal|g" /boot/grub/grub.conf
+ sed -i -e "s| panic=10 | console=ttyS0,115200n8 panic=10 |g" /boot/grub/grub.conf
+ fi
+
+ #
+ # ReInstall grub
+ #
+ echo "(hd0) ${ROOT::`expr length $ROOT`-1}" > /boot/grub/device.map
+ grub-install --no-floppy ${ROOT::`expr length $ROOT`-1}
+ ;;
+esac
+
+
+# Force (re)install pae kernel if pae is supported
+rm -rf /opt/pakfire/db/*/meta-linux-pae
+if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then
+ ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+ BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+ if [ $BOOTSPACE -lt 12000 -o $ROOTSPACE -lt 90000 ]; then
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: WARNING not enough space for pae kernel."
+ else
+ echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae
+ echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae
+ echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae
+ echo "Name: linux-pae" > /opt/pakfire/db/meta/meta-linux-pae
+ echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-pae
+ echo "Release: 0" >> /opt/pakfire/db/meta/meta-linux-pae
+ fi
+fi
+
+# Force reinstall xen kernel if it was installed
+if [ -e "/opt/pakfire/db/installed/meta-linux-xen" ]; then
+ echo "Name: linux-xen" > /opt/pakfire/db/installed/meta-linux-xen
+ echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-xen
+ echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-xen
+ echo "Name: linux-xen" > /opt/pakfire/db/meta/meta-linux-xen
+ echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-xen
+ echo "Release: 0" >> /opt/pakfire/db/meta/meta-linux-xen
+ # Add xvc0 to /etc/securetty
+ echo "xvc0" >> /etc/securetty
+fi
+
+#
+# After pakfire has ended run it again and update the lists and do upgrade
+#
+echo '#!/bin/bash' > /tmp/pak_update
+echo 'while [ "$(ps -A | grep " update.sh")" != "" ]; do' >> /tmp/pak_update
+echo ' sleep 1' >> /tmp/pak_update
+echo 'done' >> /tmp/pak_update
+echo 'while [ "$(ps -A | grep " pakfire")" != "" ]; do' >> /tmp/pak_update
+echo ' sleep 1' >> /tmp/pak_update
+echo 'done' >> /tmp/pak_update
+echo '/opt/pakfire/pakfire update -y --force' >> /tmp/pak_update
+echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
+echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
+echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
+echo '/usr/bin/logger -p syslog.emerg -t ipfire "Core-upgrade finished. If you use a customized grub.cfg"' >> /tmp/pak_update
+echo '/usr/bin/logger -p syslog.emerg -t ipfire "Check it before reboot !!!"' >> /tmp/pak_update
+echo '/usr/bin/logger -p syslog.emerg -t ipfire " *** Please reboot... *** "' >> /tmp/pak_update
+echo 'touch /var/run/need_reboot ' >> /tmp/pak_update
+#
+killall -KILL pak_update
+chmod +x /tmp/pak_update
+/tmp/pak_update &
+
+sync
+
+#
+#Finish
+(
+ /etc/init.d/fireinfo start
+ sendprofile
+) >/dev/null 2>&1 &
+
+# Update Package list for addon installation
+/opt/pakfire/pakfire update -y --force
+
+echo
+echo Please wait until pakfire has ended...
+echo
+#Don't report the exitcode last command
+exit 0
+
usr/bin/clamdscan
usr/bin/clamdtop
usr/bin/clamscan
+usr/bin/clamsubmit
usr/bin/freshclam
usr/bin/sigtool
#usr/include/clamav.h
#usr/lib/libclamav.la
usr/lib/libclamav.so
usr/lib/libclamav.so.6
-usr/lib/libclamav.so.6.1.20
+usr/lib/libclamav.so.6.1.22
#usr/lib/libclamunrar.la
usr/lib/libclamunrar.so
usr/lib/libclamunrar.so.6
-usr/lib/libclamunrar.so.6.1.20
+usr/lib/libclamunrar.so.6.1.22
#usr/lib/libclamunrar_iface.la
usr/lib/libclamunrar_iface.so
usr/lib/libclamunrar_iface.so.6
-usr/lib/libclamunrar_iface.so.6.1.20
+usr/lib/libclamunrar_iface.so.6.1.22
#usr/lib/pkgconfig/libclamav.pc
usr/sbin/clamd
usr/share/clamav
#usr/share/man/man1/clamdscan.1
#usr/share/man/man1/clamdtop.1
#usr/share/man/man1/clamscan.1
+#usr/share/man/man1/clamsubmit.1
#usr/share/man/man1/freshclam.1
#usr/share/man/man1/sigtool.1
#usr/share/man/man5/clamav-milter.conf.5
etc/nut/upsmon.conf.sample
etc/nut/upssched.conf.sample
etc/udev/rules.d/52-nut-usbups.rules
+usr/bin/al175
usr/bin/apcsmart
usr/bin/apcsmart-old
+usr/bin/apcupsd-ups
usr/bin/bcmxcp
usr/bin/bcmxcp_usb
usr/bin/belkin
usr/bin/mge-shut
usr/bin/mge-utalk
usr/bin/microdowell
-usr/bin/newmge-shut
usr/bin/nut-scanner
+usr/bin/nutdrv_atcl_usb
+usr/bin/nutdrv_qx
+usr/bin/oldmge-shut
usr/bin/oneac
usr/bin/optiups
usr/bin/powercom
usr/bin/powerpanel
usr/bin/rhino
usr/bin/richcomm_usb
+usr/bin/riello_ser
+usr/bin/riello_usb
usr/bin/safenet
usr/bin/skel
usr/bin/snmp-ups
usr/bin/upsc
usr/bin/upscmd
usr/bin/upscode2
-usr/bin/upsdrvctl
usr/bin/upslog
usr/bin/upsrw
usr/bin/upssched-cmd
usr/bin/usbhid-ups
usr/bin/victronups
-#usr/cgi-bin
-#usr/html
+#usr/lib/libnutclient.a
+#usr/lib/libnutclient.la
+usr/lib/libnutclient.so
+usr/lib/libnutclient.so.0
+usr/lib/libnutclient.so.0.0.0
#usr/lib/libnutscan.a
#usr/lib/libnutscan.la
usr/lib/libnutscan.so
#usr/lib/libupsclient.a
#usr/lib/libupsclient.la
usr/lib/libupsclient.so
-usr/lib/libupsclient.so.1
-usr/lib/libupsclient.so.1.1.0
+usr/lib/libupsclient.so.4
+usr/lib/libupsclient.so.4.0.0
usr/sbin/upsd
+usr/sbin/upsdrvctl
usr/sbin/upsmon
usr/sbin/upssched
usr/share/cmdvartab
#usr/share/man/man5/upsd.users.5
#usr/share/man/man5/upsmon.conf.5
#usr/share/man/man5/upssched.conf.5
+#usr/share/man/man8/al175.8
#usr/share/man/man8/apcsmart-old.8
#usr/share/man/man8/apcsmart.8
+#usr/share/man/man8/apcupsd-ups.8
#usr/share/man/man8/bcmxcp.8
#usr/share/man/man8/bcmxcp_usb.8
#usr/share/man/man8/belkin.8
#usr/share/man/man8/bestfortress.8
#usr/share/man/man8/bestuferrups.8
#usr/share/man/man8/bestups.8
-#usr/share/man/man8/blazer.8
+#usr/share/man/man8/blazer_ser.8
+#usr/share/man/man8/blazer_usb.8
#usr/share/man/man8/clone.8
#usr/share/man/man8/dummy-ups.8
#usr/share/man/man8/etapro.8
#usr/share/man/man8/mge-shut.8
#usr/share/man/man8/mge-utalk.8
#usr/share/man/man8/microdowell.8
+#usr/share/man/man8/nut-recorder.8
#usr/share/man/man8/nut-scanner.8
+#usr/share/man/man8/nutdrv_atcl_usb.8
+#usr/share/man/man8/nutdrv_qx.8
#usr/share/man/man8/nutupsdrv.8
#usr/share/man/man8/oneac.8
#usr/share/man/man8/optiups.8
#usr/share/man/man8/powerpanel.8
#usr/share/man/man8/rhino.8
#usr/share/man/man8/richcomm_usb.8
+#usr/share/man/man8/riello_ser.8
+#usr/share/man/man8/riello_usb.8
#usr/share/man/man8/safenet.8
#usr/share/man/man8/snmp-ups.8
#usr/share/man/man8/solis.8
--- /dev/null
+usr/bin/sslscan
+#usr/share/man/man1/sslscan.1
echo "timeout 10" > $MNThdd/boot/grub/grub.conf
echo "default 0" >> $MNThdd/boot/grub/grub.conf
echo "title IPFire ($KERN_TYPE-kernel)" >> $MNThdd/boot/grub/grub.conf
-echo " kernel /vmlinuz-$KVER-ipfire-xen root=/dev/xvda3 rootdelay=10 panic=10 console=$CONSOLE ro" \
+echo " kernel /vmlinuz-$KVER-ipfire-$KERN_TYPE root=/dev/xvda3 rootdelay=10 panic=10 console=$CONSOLE ro" \
>> $MNThdd/boot/grub/grub.conf
echo " initrd /ipfirerd-$KVER-$KERN_TYPE.img" >> $MNThdd/boot/grub/grub.conf
echo "# savedefault 0" >> $MNThdd/boot/grub/grub.conf
-WARNING: translation string unused: Client status and controlc
WARNING: translation string unused: ConnSched scheduler
WARNING: translation string unused: ConnSched select profile
WARNING: translation string unused: HDD temperature
WARNING: translation string unused: network traffic graphs
WARNING: translation string unused: network updated
WARNING: translation string unused: networks settings
+WARNING: translation string unused: never
WARNING: translation string unused: new optionsfw must boot
WARNING: translation string unused: no alcatelusb firmware
WARNING: translation string unused: no cfg upload
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn config
WARNING: translation string unused: ovpn dl
+WARNING: translation string unused: ovpn engines
WARNING: translation string unused: ovpn log
+WARNING: translation string unused: ovpn reneg sec
+WARNING: translation string unused: ovpn_fastio
WARNING: translation string unused: ovpn_fragment
WARNING: translation string unused: ovpn_mssfix
WARNING: translation string unused: ovpn_mtudisc
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
-WARNING: translation string unused: vpn configuration main
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
-WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: addons
WARNING: untranslated string: bytes
WARNING: untranslated string: community rules
WARNING: untranslated string: dead peer detection
+WARNING: untranslated string: dns servers
+WARNING: untranslated string: downlink
WARNING: untranslated string: emerging rules
-WARNING: untranslated string: firewall logs country
+WARNING: untranslated string: first
WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: last
WARNING: untranslated string: monitor interface
WARNING: untranslated string: qos add subclass
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
-WARNING: untranslated string: source ip country
+WARNING: untranslated string: uplink
-WARNING: translation string unused: Client status and controlc
WARNING: translation string unused: ConnSched scheduler
WARNING: translation string unused: ConnSched select profile
WARNING: translation string unused: HDD temperature
WARNING: translation string unused: destination ip or net
WARNING: translation string unused: destination net
WARNING: translation string unused: destination port overlaps
+WARNING: translation string unused: dh name is invalid
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
WARNING: translation string unused: network traffic graphs
WARNING: translation string unused: network updated
WARNING: translation string unused: networks settings
+WARNING: translation string unused: never
WARNING: translation string unused: new optionsfw must boot
WARNING: translation string unused: no alcatelusb firmware
WARNING: translation string unused: no cfg upload
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn config
WARNING: translation string unused: ovpn dl
+WARNING: translation string unused: ovpn engines
WARNING: translation string unused: ovpn log
+WARNING: translation string unused: ovpn reneg sec
WARNING: translation string unused: ovpn_fastio
-WARNING: translation string unused: ovpn_fragment
WARNING: translation string unused: ovpn_mssfix
WARNING: translation string unused: ovpn_mtudisc
WARNING: translation string unused: ovpn_processprio
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: system graphs
WARNING: translation string unused: system log viewer
WARNING: translation string unused: system status information
+WARNING: translation string unused: teovpn_fragment
WARNING: translation string unused: test
WARNING: translation string unused: test email could not be sent
WARNING: translation string unused: test email was sent
WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
-WARNING: translation string unused: vpn configuration main
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
-WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: bytes
+WARNING: untranslated string: dns servers
+WARNING: untranslated string: downlink
+WARNING: untranslated string: first
WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: last
WARNING: untranslated string: monitor interface
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
-WARNING: untranslated string: source ip country
+WARNING: untranslated string: uplink
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: untranslated string: ConnSched shutdown
WARNING: untranslated string: MB read
WARNING: untranslated string: MB written
+WARNING: untranslated string: MTU settings
WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: Set time on boot
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: details
WARNING: untranslated string: dh
+WARNING: untranslated string: dh key move failed
WARNING: untranslated string: dh key warn
-WARNING: untranslated string: dh name is invalid
+WARNING: untranslated string: dh key warn1
WARNING: untranslated string: dnat address
WARNING: untranslated string: dns servers
WARNING: untranslated string: dnsforward
WARNING: untranslated string: outgoing firewall p2p deny
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
-WARNING: untranslated string: ovpn dh name
+WARNING: untranslated string: ovpn dh new key
+WARNING: untranslated string: ovpn dh parameters
+WARNING: untranslated string: ovpn dh upload
WARNING: untranslated string: ovpn errmsg green already pushed
WARNING: untranslated string: ovpn errmsg invalid ip or mask
WARNING: untranslated string: ovpn generating the root and host certificates
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: untranslated string: ConnSched shutdown
WARNING: untranslated string: MB read
WARNING: untranslated string: MB written
+WARNING: untranslated string: MTU settings
WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: addons
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: details
WARNING: untranslated string: dh
+WARNING: untranslated string: dh key move failed
WARNING: untranslated string: dh key warn
-WARNING: untranslated string: dh name is invalid
+WARNING: untranslated string: dh key warn1
WARNING: untranslated string: dnat address
WARNING: untranslated string: dns address deleted txt
WARNING: untranslated string: dns servers
WARNING: untranslated string: outgoing firewall access
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
-WARNING: untranslated string: ovpn dh name
+WARNING: untranslated string: ovpn dh new key
+WARNING: untranslated string: ovpn dh parameters
+WARNING: untranslated string: ovpn dh upload
WARNING: untranslated string: ovpn generating the root and host certificates
WARNING: untranslated string: ovpn ha
WARNING: untranslated string: ovpn hmac
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
+WARNING: untranslated string: MTU settings
WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: atm device
WARNING: untranslated string: bytes
WARNING: untranslated string: capabilities
WARNING: untranslated string: dh
+WARNING: untranslated string: dh key move failed
WARNING: untranslated string: dh key warn
-WARNING: untranslated string: dh name is invalid
+WARNING: untranslated string: dh key warn1
WARNING: untranslated string: dns servers
WARNING: untranslated string: drop outgoing
WARNING: untranslated string: firewall logs country
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
-WARNING: untranslated string: ovpn dh name
+WARNING: untranslated string: ovpn dh new key
+WARNING: untranslated string: ovpn dh parameters
+WARNING: untranslated string: ovpn dh upload
WARNING: untranslated string: ovpn generating the root and host certificates
WARNING: untranslated string: ovpn ha
WARNING: untranslated string: ovpn hmac
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: untranslated string: ConnSched shutdown
WARNING: untranslated string: MB read
WARNING: untranslated string: MB written
+WARNING: untranslated string: MTU settings
WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: Set time on boot
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: details
WARNING: untranslated string: dh
+WARNING: untranslated string: dh key move failed
WARNING: untranslated string: dh key warn
-WARNING: untranslated string: dh name is invalid
+WARNING: untranslated string: dh key warn1
WARNING: untranslated string: dnat address
WARNING: untranslated string: dns servers
WARNING: untranslated string: dnsforward
WARNING: untranslated string: outgoing firewall p2p deny
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
-WARNING: untranslated string: ovpn dh name
+WARNING: untranslated string: ovpn dh new key
+WARNING: untranslated string: ovpn dh parameters
+WARNING: untranslated string: ovpn dh upload
WARNING: untranslated string: ovpn errmsg green already pushed
WARNING: untranslated string: ovpn errmsg invalid ip or mask
WARNING: untranslated string: ovpn generating the root and host certificates
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: untranslated string: Edit an existing route
WARNING: untranslated string: MB read
WARNING: untranslated string: MB written
+WARNING: untranslated string: MTU settings
WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: addons
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: details
WARNING: untranslated string: dh
+WARNING: untranslated string: dh key move failed
WARNING: untranslated string: dh key warn
-WARNING: untranslated string: dh name is invalid
+WARNING: untranslated string: dh key warn1
WARNING: untranslated string: disk access per
WARNING: untranslated string: dnat address
WARNING: untranslated string: dns servers
WARNING: untranslated string: outgoing traffic in bytes per second
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
-WARNING: untranslated string: ovpn dh name
+WARNING: untranslated string: ovpn dh new key
+WARNING: untranslated string: ovpn dh parameters
+WARNING: untranslated string: ovpn dh upload
WARNING: untranslated string: ovpn generating the root and host certificates
WARNING: untranslated string: ovpn ha
WARNING: untranslated string: ovpn hmac
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
+WARNING: untranslated string: MTU settings
WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: bytes
WARNING: untranslated string: capabilities
WARNING: untranslated string: dh
+WARNING: untranslated string: dh key move failed
WARNING: untranslated string: dh key warn
-WARNING: untranslated string: dh name is invalid
+WARNING: untranslated string: dh key warn1
WARNING: untranslated string: firewall logs country
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: gen dh
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
-WARNING: untranslated string: ovpn dh name
+WARNING: untranslated string: ovpn dh new key
+WARNING: untranslated string: ovpn dh parameters
+WARNING: untranslated string: ovpn dh upload
WARNING: untranslated string: ovpn generating the root and host certificates
WARNING: untranslated string: ovpn ha
WARNING: untranslated string: ovpn hmac
############################################################################
< addon
< ccd maxclients
+< ovpn_fragment
############################################################################
# Checking install/setup translations for language: fr #
############################################################################
< deprecated fs warn
< details
< dh
+< dh key move failed
< dh key warn
-< dh name is invalid
+< dh key warn1
< dnat address
< dns address deleted txt
< dnsforward
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
-< dns servers
-< downlink
< dpd delay
< dpd timeout
< drop action
< fireinfo why enable
< fireinfo why read more
< fireinfo your profile id
+< firewall logs country
< firewall rules
-< first
< flag
< forward firewall
< fw default drop
< ipsec
< ipsec network
< ipsec no connections
-< last
< least preferred
< lifetime
< mac filter
< modem sim information
< modem status
< most preferred
+< MTU settings
+< never
< no hardware random number generator
< not a valid dh key
< notice
< ntp common settings
< ntp sync
+< Number of Countries for the pie chart
< openvpn default
< openvpn destination port used
< openvpn disabled
< outgoing firewall access
< ovpn crypt options
< ovpn dh
-< ovpn dh name
+< ovpn dh new key
+< ovpn dh parameters
+< ovpn dh upload
+< ovpn engines
< ovpn generating the root and host certificates
< ovpn ha
< ovpn hmac
< ovpn mtu-disc yes
< ovpn no connections
< ovpn port in root range
+< ovpn reneg sec
< p2p block
< p2p block save notice
< proxy reports
< snat new source ip address
< snort working
< software version
+< source ip country
< ssh
< static routes
< support donation
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
-< uplink
< upload dh key
< upload new ruleset
< uptime
< deprecated fs warn
< details
< dh
+< dh key move failed
< dh key warn
-< dh name is invalid
+< dh key warn1
< dnat address
< dnsforward
< dnsforward add a new entry
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
-< dns servers
-< downlink
< dpd delay
< dpd timeout
< drop action
< fireinfo why enable
< fireinfo why read more
< fireinfo your profile id
+< firewall logs country
< firewall rules
-< first
< flag
< forward firewall
< fw default drop
< ipsec
< ipsec network
< ipsec no connections
-< last
< least preferred
< lifetime
< mac filter
< modem sim information
< modem status
< most preferred
+< MTU settings
+< never
< no hardware random number generator
< not a valid dh key
< notice
+< Number of Countries for the pie chart
< openvpn default
< openvpn destination port used
< openvpn disabled
< outgoing firewall view group
< ovpn crypt options
< ovpn dh
-< ovpn dh name
+< ovpn dh new key
+< ovpn dh parameters
+< ovpn dh upload
+< ovpn engines
< ovpn errmsg green already pushed
< ovpn errmsg invalid ip or mask
< ovpn generating the root and host certificates
< ovpn mtu-disc yes
< ovpn no connections
< ovpn port in root range
+< ovpn reneg sec
< ovpn routes push
< ovpn routes push options
< p2p block
< show dh
< snat new source ip address
< software version
+< source ip country
< ssh
< static routes
< support donation
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
-< uplink
< upload dh key
< uptime
< uptime load average
< deprecated fs warn
< details
< dh
+< dh key move failed
< dh key warn
-< dh name is invalid
+< dh key warn1
< dnat address
< dnsforward
< dnsforward add a new entry
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
-< dns servers
-< downlink
< dpd delay
< dpd timeout
< drop action
< extrahd unable to read
< extrahd unable to write
< extrahd you cant mount
+< firewall logs country
< firewall rules
-< first
< flag
< forward firewall
< fw default drop
< ipsec
< ipsec network
< ipsec no connections
-< last
< least preferred
< lifetime
< mac filter
< modem sim information
< modem status
< most preferred
+< MTU settings
+< never
< no hardware random number generator
< not a valid dh key
< notice
+< Number of Countries for the pie chart
< openvpn default
< openvpn destination port used
< openvpn disabled
< outgoing firewall access
< ovpn crypt options
< ovpn dh
-< ovpn dh name
+< ovpn dh new key
+< ovpn dh parameters
+< ovpn dh upload
+< ovpn engines
< ovpn errmsg green already pushed
< ovpn errmsg invalid ip or mask
< ovpn generating the root and host certificates
< ovpn mtu-disc yes
< ovpn no connections
< ovpn port in root range
+< ovpn reneg sec
< ovpn routes push
< ovpn routes push options
< p2p block
< show dh
< snat new source ip address
< software version
+< source ip country
< ssh
< static routes
< support donation
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
-< uplink
< upload dh key
< uptime
< uptime load average
< deprecated fs warn
< details
< dh
+< dh key move failed
< dh key warn
-< dh name is invalid
+< dh key warn1
< disk access per
< dnat address
< dnsforward
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
-< dns servers
-< downlink
< dpd delay
< dpd timeout
< drop action
< extrahd unable to read
< extrahd unable to write
< extrahd you cant mount
+< firewall logs country
< firewall rules
-< first
< flag
< forward firewall
< frequency
< ipsec
< ipsec network
< ipsec no connections
-< last
< least preferred
< lifetime
< mac filter
< modem status
< month-graph
< most preferred
+< MTU settings
+< never
< no hardware random number generator
< not a valid dh key
< notice
+< Number of Countries for the pie chart
< openvpn default
< openvpn destination port used
< openvpn disabled
< outgoing traffic in bytes per second
< ovpn crypt options
< ovpn dh
-< ovpn dh name
+< ovpn dh new key
+< ovpn dh parameters
+< ovpn dh upload
+< ovpn engines
< ovpn generating the root and host certificates
< ovpn ha
< ovpn hmac
< ovpn mtu-disc yes
< ovpn no connections
< ovpn port in root range
+< ovpn reneg sec
< p2p block
< p2p block save notice
< proxy reports
< show dh
< snat new source ip address
< software version
+< source ip country
< ssh
< static routes
< support donation
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
-< uplink
< upload dh key
< uptime
< uptime load average
####################### End added for snort rules control #################################
if ($snortsettings{'RULES'} eq 'subscripted') {
- $url=" http://www.snort.org/sub-rules/snortrules-snapshot-2953.tar.gz/$snortsettings{'OINKCODE'}";
+ $url=" http://www.snort.org/sub-rules/snortrules-snapshot-2961.tar.gz/$snortsettings{'OINKCODE'}";
} elsif ($snortsettings{'RULES'} eq 'registered') {
- $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz/$snortsettings{'OINKCODE'}";
+ $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/$snortsettings{'OINKCODE'}";
} elsif ($snortsettings{'RULES'} eq 'community') {
$url=" http://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz";
} else {
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# #
###############################################################################
###
-# Based on IPFireCore 76
+# Based on IPFireCore 77
###
use CGI;
use CGI qw/:standard/;
$cgiparams{'MSSFIX'} = '';
$cgiparams{'number'} = '';
$cgiparams{'PMTU_DISCOVERY'} = '';
-$cgiparams{'DAUTH'} = '';
$cgiparams{'DCIPHER'} = '';
+$cgiparams{'DAUTH'} = '';
+$cgiparams{'TLSAUTH'} = '';
$routes_push_file = "${General::swroot}/ovpn/routes_push";
unless (-e $routes_push_file) { system("touch $routes_push_file"); }
unless (-e "${General::swroot}/ovpn/ccd.conf") { system("touch ${General::swroot}/ovpn/ccd.conf"); }
}
}
+# Darren Critchley - certain ports are reserved for IPFire
+# TCP 67,68,81,222,444
+# UDP 67,68
+# Params passed in -> port, rangeyn, protocol
+sub disallowreserved
+{
+ # port 67 and 68 same for tcp and udp, don't bother putting in an array
+ my $msg = "";
+ my @tcp_reserved = (81,222,444);
+ my $prt = $_[0]; # the port or range
+ my $ryn = $_[1]; # tells us whether or not it is a port range
+ my $prot = $_[2]; # protocol
+ my $srcdst = $_[3]; # source or destination
+ if ($ryn) { # disect port range
+ if ($srcdst eq "src") {
+ $msg = "$Lang::tr{'rsvd src port overlap'}";
+ } else {
+ $msg = "$Lang::tr{'rsvd dst port overlap'}";
+ }
+ my @tmprng = split(/\:/,$prt);
+ unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; return; }
+ unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; return; }
+ if ($prot eq "tcp") {
+ foreach my $prange (@tcp_reserved) {
+ unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { $errormessage="$msg $prange"; return; }
+ }
+ }
+ } else {
+ if ($srcdst eq "src") {
+ $msg = "$Lang::tr{'reserved src port'}";
+ } else {
+ $msg = "$Lang::tr{'reserved dst port'}";
+ }
+ if ($prt == 67) { $errormessage="$msg 67"; return; }
+ if ($prt == 68) { $errormessage="$msg 68"; return; }
+ if ($prot eq "tcp") {
+ foreach my $prange (@tcp_reserved) {
+ if ($prange == $prt) { $errormessage="$msg $prange"; return; }
+ }
+ }
+ }
+ return;
+}
+
sub writeserverconf {
my %sovpnsettings = ();
print CONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
print CONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
print CONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
- print CONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n";
+ print CONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n";
my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'});
print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
#print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
if ($sovpnsettings{'DAUTH'} eq '') {
print CONF "";
} else {
- print CONF "auth $sovpnsettings{'DAUTH'}\n";
- }
+ print CONF "auth $sovpnsettings{'DAUTH'}\n";
+ }
+ if ($sovpnsettings{'TLSAUTH'} eq 'on') {
+ print CONF "tls-auth ${General::swroot}/ovpn/ca/ta.key 0\n";
+ }
if ($sovpnsettings{DCOMPLZO} eq 'on') {
print CONF "comp-lzo\n";
}
$vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
$vpnsettings{'PMTU_DISCOVERY'} = $cgiparams{'PMTU_DISCOVERY'};
$vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
+ $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
my @temp=();
if ($cgiparams{'FRAGMENT'} eq '') {
$vpnsettings{'FRAGMENT'} = $cgiparams{'FRAGMENT'};
}
}
+
if ($cgiparams{'MSSFIX'} ne 'on') {
delete $vpnsettings{'MSSFIX'};
} else {
$vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
}
+ # Create ta.key for tls-auth if not presant
+ if ($cgiparams{'TLSAUTH'} eq 'on') {
+ if ( ! -e "${General::swroot}/ovpn/ca/ta.key") {
+ system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/ca/ta.key")
+ }
+ }
+
if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
- print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n";
+ print SERVERCONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n";
print SERVERCONF "# Cipher\n";
print SERVERCONF "cipher $cgiparams{'DCIPHER'}\n";
- print SERVERCONF "# HMAC algorithm\n";
- print SERVERCONF "auth $cgiparams{'DAUTH'}\n";
+ if ($cgiparams{'DAUTH'} eq '') {
+ print SERVERCONF "auth SHA1\n";
+ } else {
+ print SERVERCONF "# HMAC algorithm\n";
+ print SERVERCONF "auth $cgiparams{'DAUTH'}\n";
+ }
if ($cgiparams{'COMPLZO'} eq 'on') {
print SERVERCONF "# Enable Compression\n";
print SERVERCONF "comp-lzo\r\n";
print CLIENTCONF "tls-client\n";
print CLIENTCONF "# Cipher\n";
print CLIENTCONF "cipher $cgiparams{'DCIPHER'}\n";
- print CLIENTCONF "# HMAC algorithm\n";
- print CLIENTCONF "auth $cgiparams{'DAUTH'}\n";
print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n";
+ if ($cgiparams{'DAUTH'} eq '') {
+ print CLIENTCONF "auth SHA1\n";
+ } else {
+ print CLIENTCONF "# HMAC algorithm\n";
+ print CLIENTCONF "auth $cgiparams{'DAUTH'}\n";
+ }
if ($cgiparams{'COMPLZO'} eq 'on') {
print CLIENTCONF "# Enable Compression\n";
print CLIENTCONF "comp-lzo\r\n";
}
}
while ($file = glob("${General::swroot}/ovpn/ca/*")) {
- unlink $file
+ unlink $file;
}
while ($file = glob("${General::swroot}/ovpn/certs/*")) {
- unlink $file
+ unlink $file;
}
while ($file = glob("${General::swroot}/ovpn/crls/*")) {
- unlink $file
+ unlink $file;
}
&cleanssldatabase();
if (open(FILE, ">${General::swroot}/ovpn/caconfig")) {
print FILE "";
close FILE;
}
- if (open(FILE, ">${General::swroot}/ovpn/ccdroute")) {
- print FILE "";
- close FILE;
- }
- if (open(FILE, ">${General::swroot}/ovpn/ccdroute2")) {
- print FILE "";
- close FILE;
- }
- while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
- unlink $file
- }
- if (open(FILE, ">${General::swroot}/ovpn/ovpn-leases.db")) {
- print FILE "";
- close FILE;
- }
- if (open(FILE, ">${General::swroot}/ovpn/ovpnconfig")) {
- print FILE "";
- close FILE;
- }
- while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) {
- system ("rm -rf $file")
- }
+ if (open(FILE, ">${General::swroot}/ovpn/ccdroute")) {
+ print FILE "";
+ close FILE;
+ }
+ if (open(FILE, ">${General::swroot}/ovpn/ccdroute2")) {
+ print FILE "";
+ close FILE;
+ }
+ while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
+ unlink $file
+ }
+ if (open(FILE, ">${General::swroot}/ovpn/ovpn-leases.db")) {
+ print FILE "";
+ close FILE;
+ }
+ if (open(FILE, ">${General::swroot}/ovpn/ovpnconfig")) {
+ print FILE "";
+ close FILE;
+ }
+ while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) {
+ system ("rm -rf $file");
+ }
+
+ #&writeserverconf();
###
### Reset all step 1
###
<tr>
<td align='center'>
<input type='hidden' name='AREUSURE' value='yes' />
- <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
+ <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
$Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}</td>
</tr>
<tr>
### Generate DH key step 2
###
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'} && $cgiparams{'AREUSURE'} eq 'yes') {
- # Delete if old key exists
+ # Delete if old key exists
if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
}
print <<END;
<table width='100%'>
<tr>
- <td width='15%'> </td> <td width='15%'></td> <td width='65%'></td>
- </tr>
+ <td width='20%'> </td> <td width='15%'></td> <td width='65%'></td>
+ </tr>
<tr>
<td class='base'>$Lang::tr{'ovpn dh'}:</td>
<td align='center'>
</table>
<table width='100%'>
<tr>
- <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}:</font></b>
- $Lang::tr{'dh key warn'}
- </td>
+ <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}: </font></b>$Lang::tr{'dh key warn'}
+ </tr>
+ <tr>
+ <td class='base'>$Lang::tr{'dh key warn1'}</td>
</tr>
+ <tr><td colspan='2'><br></td></tr>
<tr>
<td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
</form>
### Upload DH key
###
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload dh key'}) {
- if ($cgiparams{'DH_NAME'} !~ /dh1024.pem/) {
- $errormessage = $Lang::tr{'dh name is invalid'};
- goto UPLOADCA_ERROR;
- }
if (ref ($cgiparams{'FH'}) ne 'Fh') {
$errormessage = $Lang::tr{'there was no file upload'};
goto UPLOADCA_ERROR;
}
- # Move uploaded dh key to a temporary file
+ # Move uploaded dh key to a temporary file
(my $fh, my $filename) = tempfile( );
if (copy ($cgiparams{'FH'}, $fh) != 1) {
$errormessage = $!;
- goto UPLOADCA_ERROR;
+ goto UPLOADCA_ERROR;
}
- my $temp = `/usr/bin/openssl dhparam -text -in $filename`;
+ my $temp = `/usr/bin/openssl dhparam -text -in $filename`;
if ($temp !~ /DH Parameters: \((1024|2048|3072|4096) bit\)/) {
$errormessage = $Lang::tr{'not a valid dh key'};
unlink ($filename);
unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
}
move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
- if ($? ne 0) {
- $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
- unlink ($filename);
- goto UPLOADCA_ERROR;
- }
+ if ($? ne 0) {
+ $errormessage = "$Lang::tr{'dh key move failed'}: $!";
+ unlink ($filename);
+ goto UPLOADCA_ERROR;
+ }
}
###
}
} else { # child
unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
- '-days', '999999', '-newkey', 'rsa:4096',
+ '-days', '999999', '-newkey', 'rsa:4096', '-sha512',
'-keyout', "${General::swroot}/ovpn/ca/cakey.pem",
'-out', "${General::swroot}/ovpn/ca/cacert.pem",
'-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
&Header::closebox();
}
&Header::openbox('100%', 'LEFT', "$Lang::tr{'generate root/host certificates'}:");
- print <<END;
+ print <<END;
<form method='post' enctype='multipart/form-data'>
<table width='100%' border='0' cellspacing='1' cellpadding='0'>
<tr><td width='30%' class='base'>$Lang::tr{'organization name'}:</td>
}
print ">$country</option>";
}
- print <<END;
- </select></td>
+ print <<END;
+ </select></td>
<tr><td class='base'>$Lang::tr{'ovpn dh'}:</td>
<td class='base'><select name='DHLENGHT'>
<option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'}</option>
<td> </td><td> </td></tr>
<tr><td class='base' colspan='4' align='left'>
<img src='/blob.gif' valign='top' alt='*' /> $Lang::tr{'this field may be blank'}</td></tr>
- <tr><td colspan='4'><br><br></td></tr>
- <tr><td class='base' colspan='4' align='center'>
- <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}:</font></b>
- $Lang::tr{'ovpn generating the root and host certificates'}
- </td>
+ <tr><td colspan='2'><br></td></tr>
+ <table width='100%'>
+ <tr>
+ <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}: </font></b>$Lang::tr{'ovpn generating the root and host certificates'}
+ <td class='base'>$Lang::tr{'dh key warn'}</td>
</tr>
- <tr><td class='base' colspan='4' align='center'>
- $Lang::tr{'dh key warn'}
- </td>
+ <tr>
+ <td class='base'>$Lang::tr{'dh key warn1'}</td>
</tr>
+ <tr><td colspan='2'><br></td></tr>
+ <tr>
+ </table>
+ <table width='100%'>
<tr><td colspan='4'><hr></td></tr>
<tr><td class='base' nowrap='nowrap'>$Lang::tr{'upload p12 file'}:</td>
<td nowrap='nowrap'><input type='file' name='FH' size='32'></td>
print CLIENTCONF "ns-cert-type server\n";
print CLIENTCONF "# Auth. Client\n";
print CLIENTCONF "tls-client\n";
- print CLIENTCONF "# Cipher\n";
+ print CLIENTCONF "# Cipher\n";
print CLIENTCONF "cipher $confighash{$cgiparams{'KEY'}}[40]\n";
- print CLIENTCONF "# HMAC algorithm\n";
- print CLIENTCONF "auth $confighash{$cgiparams{'KEY'}}[39]\n";
if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n";
$zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
- }
+ }
+ if ($confighash{$cgiparams{'KEY'}}[39] eq '') {
+ print CLIENTCONF "# HMAC algorithm\n";
+ print CLIENTCONF "auth SHA1\n";
+ } else {
+ print CLIENTCONF "# HMAC algorithm\n";
+ print CLIENTCONF "auth $confighash{$cgiparams{'KEY'}}[39]\n";
+ }
if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') {
print CLIENTCONF "# Enable Compression\n";
print CLIENTCONF "comp-lzo\r\n";
$zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
}
print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
- if ($vpnsettings{'DAUTH'} eq '') {
+ if ($vpnsettings{'DAUTH'} eq '') {
print CLIENTCONF "";
} else {
- print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
- }
+ print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
+ }
+ if ($vpnsettings{'TLSAUTH'} eq 'on') {
+ print CLIENTCONF "tls-auth ta.key 1\r\n";
+ $zip->addFile( "${General::swroot}/ovpn/ca/ta.key", "ta.key") or die "Can't add file ta.key\n";
+ }
if ($vpnsettings{DCOMPLZO} eq 'on') {
print CLIENTCONF "comp-lzo\r\n";
}
} else {
$errormessage = $Lang::tr{'invalid key'};
}
-
- &General::firewall_reload();
+ &General::firewall_reload();
###
### Download PKCS12 file
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show dh'}) {
if (! -e "${General::swroot}/ovpn/ca/dh1024.pem") {
- $errormessage = $Lang::tr{'not present'};
+ $errormessage = $Lang::tr{'not present'};
} else {
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'ovpn'}, 1, '');
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show crl'}) {
# &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- if (! -e "${General::swroot}/ovpn/crls/cacrl.pem") {
- $errormessage = $Lang::tr{'not present'};
+ if (! -e "${General::swroot}/ovpn/crls/cacrl.pem") {
+ $errormessage = $Lang::tr{'not present'};
} else {
- &Header::showhttpheaders();
- &Header::openpage($Lang::tr{'ovpn'}, 1, '');
- &Header::openbigbox('100%', 'LEFT', '', '');
- &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
- my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
- &Header::closebox();
- print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
- &Header::closebigbox();
- &Header::closepage();
- exit(0);
+ &Header::showhttpheaders();
+ &Header::openpage($Lang::tr{'ovpn'}, 1, '');
+ &Header::openbigbox('100%', 'LEFT', '', '');
+ &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
+ my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
+ $output = &Header::cleanhtml($output,"y");
+ print "<pre>$output</pre>\n";
+ &Header::closebox();
+ print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
+ &Header::closebigbox();
+ &Header::closepage();
+ exit(0);
}
###
if ($cgiparams{'DAUTH'} eq '') {
$cgiparams{'DAUTH'} = 'SHA1';
}
+ if ($cgiparams{'DAUTH'} eq '') {
+ $cgiparams{'DAUTH'} = 'SHA1';
+ }
+ if ($cgiparams{'ENGINES'} eq '') {
+ $cgiparams{'ENGINES'} = 'disabled';
+ }
+ if ($cgiparams{'TLSAUTH'} eq '') {
+ $cgiparams{'TLSAUTH'} = 'off';
+ }
+ if ($cgiparams{'DAUTH'} eq '') {
+ $cgiparams{'DAUTH'} = 'SHA1';
+ }
+ if ($cgiparams{'TLSAUTH'} eq '') {
+ $cgiparams{'TLSAUTH'} = 'off';
+ }
$checked{'CLIENT2CLIENT'}{'off'} = '';
$checked{'CLIENT2CLIENT'}{'on'} = '';
$checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
$checked{'MSSFIX'}{'on'} = '';
$checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
$checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
+ $selected{'LOG_VERB'}{'0'} = '';
$selected{'LOG_VERB'}{'1'} = '';
$selected{'LOG_VERB'}{'2'} = '';
$selected{'LOG_VERB'}{'3'} = '';
$selected{'LOG_VERB'}{'9'} = '';
$selected{'LOG_VERB'}{'10'} = '';
$selected{'LOG_VERB'}{'11'} = '';
- $selected{'LOG_VERB'}{'0'} = '';
$selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
$selected{'DAUTH'}{'whirlpool'} = '';
$selected{'DAUTH'}{'SHA512'} = '';
$selected{'DAUTH'}{'SHA384'} = '';
$selected{'DAUTH'}{'SHA256'} = '';
- $selected{'DAUTH'}{'ecdsa-with-SHA1'} = '';
$selected{'DAUTH'}{'SHA1'} = '';
$selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
-
+ $checked{'TLSAUTH'}{'off'} = '';
+ $checked{'TLSAUTH'}{'on'} = '';
+ $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
+
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'status ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', $errormessage);
&Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
print <<END;
<form method='post' enctype='multipart/form-data'>
- <table width='100%' border='0'>
+<table width='100%' border=0>
<tr>
<td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
</tr>
<tr>
<td class='base'>fragment <br></td>
<td><input type='TEXT' name='FRAGMENT' value='$cgiparams{'FRAGMENT'}' size='10' /></td>
- </tr>
- <tr>
+ </tr>
+ <tr>
<td class='base'>mssfix</td>
<td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
- <td>$Lang::tr{'openvpn default'}: on</td>
- </tr>
+ <td>$Lang::tr{'openvpn default'}: off</td>
+ </tr>
+
<tr>
<td class='base'>$Lang::tr{'ovpn mtu-disc'}</td>
<td><input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}</td>
<hr size='1'>
<table width='100%'>
<tr>
- <td class'base'><b>$Lang::tr{'log-options'}</b></td>
+ <td class'base'><b>$Lang::tr{'log-options'}</b></td>
</tr>
<tr>
- <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td>
+ <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td>
</tr>
<tr><td class='base'>VERB</td>
<td><select name='LOG_VERB'>
- <option value='0' $selected{'LOG_VERB'}{'0'}>0</option>
- <option value='1' $selected{'LOG_VERB'}{'1'}>1</option>
- <option value='2' $selected{'LOG_VERB'}{'2'}>2</option>
- <option value='3' $selected{'LOG_VERB'}{'3'}>3</option>
- <option value='4' $selected{'LOG_VERB'}{'4'}>4</option>
- <option value='5' $selected{'LOG_VERB'}{'5'}>5</option>
- <option value='6' $selected{'LOG_VERB'}{'6'}>6</option>
- <option value='7' $selected{'LOG_VERB'}{'7'}>7</option>
- <option value='8' $selected{'LOG_VERB'}{'8'}>8</option>
- <option value='9' $selected{'LOG_VERB'}{'9'}>9</option>
- <option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
- <option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
- </select>
- </td>
- </tr>
-</table>
+ <option value='0' $selected{'LOG_VERB'}{'0'}>0</option>
+ <option value='1' $selected{'LOG_VERB'}{'1'}>1</option>
+ <option value='2' $selected{'LOG_VERB'}{'2'}>2</option>
+ <option value='3' $selected{'LOG_VERB'}{'3'}>3</option>
+ <option value='4' $selected{'LOG_VERB'}{'4'}>4</option>
+ <option value='5' $selected{'LOG_VERB'}{'5'}>5</option>
+ <option value='6' $selected{'LOG_VERB'}{'6'}>6</option>
+ <option value='7' $selected{'LOG_VERB'}{'7'}>7</option>
+ <option value='8' $selected{'LOG_VERB'}{'8'}>8</option>
+ <option value='9' $selected{'LOG_VERB'}{'9'}>9</option>
+ <option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
+ <option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
+ </td></select>
+ </table>
<hr size='1'>
<table width='100%'>
</tr>
<tr><td class='base'>$Lang::tr{'ovpn ha'}</td>
<td><select name='DAUTH'>
- <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
- <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
- <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
- <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
- <option value='ecdsa-with-SHA1' $selected{'DAUTH'}{'ecdsa-with-SHA1'}>ECDSA-SHA1 (160 $Lang::tr{'bit'})</option>
- <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'})</option>
+ <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
+ <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
+ <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
+ <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
+ <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'})</option>
</select>
</td>
- <td>Default: <span class="base">SHA1 (160 $Lang::tr{'bit'})</span></td>
-</table><hr>
+ <td>$Lang::tr{'openvpn default'}: <span class="base">SHA1 (160 $Lang::tr{'bit'})</span></td>
+ </tr>
+</table>
+<table width='100%'>
+ <tr>
+ <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
+ </tr>
+
+ <tr>
+ <td class='base'>HMAC tls-auth</td>
+ <td><input type='checkbox' name='TLSAUTH' $checked{'TLSAUTH'}{'on'} /></td>
+ </tr>
+ </table><hr>
END
if ( -e "/var/run/openvpn.pid"){
print" <br><b><font color='#990000'>$Lang::tr{'attention'}:</b></font><br>
$Lang::tr{'server restart'}<br><br>
<hr>";
- print<<END
+ print<<END;
<table width='100%'>
<tr>
<td> </td>
}else{
-print<<END
+ print<<END;
<table width='100%'>
<tr>
<td> </td>
&Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'});
- print <<END;
+ print <<END;
<table width='100%' border='0'>
<tr><form method='post'>
<td width='10%' nowrap='nowrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
&Header::closebox();
&Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
- print <<END;
+ print <<END;
<table width='100%' border='0' cellpadding='0' cellspacing='1'>
<tr>
<td class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd used'}</td><td width='3%'></td><td width='3%'></td></tr>
else{
if (! -e "/var/run/openvpn.pid"){
&Header::openbox('100%', 'LEFT', $Lang::tr{'ccd add'});
- print <<END;
+ print <<END;
<table width='100%' border='0'>
<tr><form method='post'>
<td colspan='4'>$Lang::tr{'ccd hint'}<br><br></td></tr>
}
print "</table>";
- print <<END;
+ print <<END;
<table width='100%' border='0' cellpadding='2' cellspacing='0'>
<tr><td></td></tr>
<tr><td></td></tr>
if ( -s "${General::swroot}/ovpn/settings") {
- print <<END;
+ print <<END;
<b>$Lang::tr{'connection type'}:</b><br />
<table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
<tr><td><input type='radio' name='TYPE' value='host' checked /></td>
} else {
- print <<END;
+ print <<END;
<b>$Lang::tr{'connection type'}:</b><br />
<table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
<tr><td><input type='radio' name='TYPE' value='host' checked /></td> <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
my $mssfixactive;
my $authactive;
my $n2nfragment;
+my $authactive;
my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]);
my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
my @n2nproto = split(/-/, $n2nproto2[1]);
my @n2nmgmt = split(/ /, (grep { /^management/ } @firen2nconf)[0]);
my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]);
my @n2ncipher = split(/ /, (grep { /^cipher/ } @firen2nconf)[0]);
-my @n2nauth = split(/ /, (grep { /^auth/ } @firen2nconf)[0]);
-
+my @n2nauth = split(/ /, (grep { /^auth/ } @firen2nconf)[0]);;
###
# m.a.d delete CR and LF from arrays for this chomp doesnt work
$key = &General::findhasharraykey (\%confighash);
- foreach my $i (0 .. 41) { $confighash{$key}[$i] = "";}
+ foreach my $i (0 .. 42) { $confighash{$key}[$i] = "";}
$confighash{$key}[0] = 'off';
$confighash{$key}[1] = $n2nname[0];
$confighash{$key}[29] = $n2nport[1];
$confighash{$key}[30] = $complzoactive;
$confighash{$key}[31] = $n2ntunmtu[1];
- $confighash{$key}[38] = $n2nmtudisc[1];
+ $confighash{$key}[38] = $n2nmtudisc[1];
$confighash{$key}[39] = $n2nauth[1];
$confighash{$key}[40] = $n2ncipher[1];
+ $confighash{$key}[41] = 'disabled';
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
&Header::openbox('100%', 'LEFT', 'import ipfire net2net config');
}
if ($errormessage eq ''){
- print <<END;
+ print <<END;
<!-- ipfire net2net config gui -->
<table width='100%'>
<tr><td width='25%'> </td><td width='25%'> </td></tr>
<tr><td class='boldbase' nowrap='nowrap'>MSSFIX:</td><td><b>$confighash{$key}[23]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>Fragment:</td><td><b>$confighash{$key}[24]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}:</td><td><b>$confighash{$key}[38]</b></td></tr>
- <tr><td class='boldbase' nowrap='nowrap'>Management Port:</td><td><b>$confighash{$key}[22]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td><td><b>$confighash{$key}[38]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn hmac'}:</td><td><b>$confighash{$key}[39]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td><td><b>$confighash{$key}[40]</b></td></tr>
<tr><td> </td><td> </td></tr>
$cgiparams{'PMTU_DISCOVERY'} = $confighash{$cgiparams{'KEY'}}[38];
$cgiparams{'DAUTH'} = $confighash{$cgiparams{'KEY'}}[39];
$cgiparams{'DCIPHER'} = $confighash{$cgiparams{'KEY'}}[40];
+ $cgiparams{'TLSAUTH'} = $confighash{$cgiparams{'KEY'}}[41];
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
goto VPNCONF_ERROR;
- }
- #Check if remote subnet is used elsewhere
- my ($n2nip,$n2nsub)=split("/",$cgiparams{'REMOTE_SUBNET'});
- $warnmessage=&General::checksubnets('',$n2nip,'ovpn');
- if ($warnmessage){
- $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
- }
-
+ }
+ #Check if remote subnet is used elsewhere
+ my ($n2nip,$n2nsub)=split("/",$cgiparams{'REMOTE_SUBNET'});
+ $warnmessage=&General::checksubnets('',$n2nip,'ovpn');
+ if ($warnmessage){
+ $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
+ }
}
# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
if (! $key) {
$key = &General::findhasharraykey (\%confighash);
- foreach my $i (0 .. 41) { $confighash{$key}[$i] = "";}
+ foreach my $i (0 .. 43) { $confighash{$key}[$i] = "";}
}
$confighash{$key}[0] = $cgiparams{'ENABLED'};
$confighash{$key}[1] = $cgiparams{'NAME'};
###
$cgiparams{'MSSFIX'} = 'on';
$cgiparams{'FRAGMENT'} = '1300';
- $cgiparams{'PMTU_DISCOVERY'} = 'off';
- $cgiparams{'DAUTH'} = 'SHA1';
+ $cgiparams{'PMTU_DISCOVERY'} = 'off';
+ $cgiparams{'DAUTH'} = 'SHA1';
###
# m.a.d n2n end
###
}
$checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
- $selected{'DAUTH'}{'whirlpool'} = '';
- $selected{'DAUTH'}{'SHA512'} = '';
- $selected{'DAUTH'}{'SHA384'} = '';
- $selected{'DAUTH'}{'SHA256'} = '';
- $selected{'DAUTH'}{'ecdsa-with-SHA1'} = '';
- $selected{'DAUTH'}{'SHA1'} = '';
- $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
-
$selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
$selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
$selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
$selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
$selected{'DCIPHER'}{'CAST5-CBC'} = '';
$selected{'DCIPHER'}{'BF-CBC'} = '';
- $selected{'DCIPHER'}{'RC2-CBC'} = '';
$selected{'DCIPHER'}{'DES-CBC'} = '';
- $selected{'DCIPHER'}{'RC2-64-CBC'} = '';
- $selected{'DCIPHER'}{'RC2-40-CBC'} = '';
+ # If no cipher has been chossen yet, select
+ # the old default (AES-256-CBC) for compatiblity reasons.
+ if ($cgiparams{'DCIPHER'} eq '') {
+ $cgiparams{'DCIPHER'} = 'AES-256-CBC';
+ }
$selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
+ $selected{'DAUTH'}{'whirlpool'} = '';
+ $selected{'DAUTH'}{'SHA512'} = '';
+ $selected{'DAUTH'}{'SHA384'} = '';
+ $selected{'DAUTH'}{'SHA256'} = '';
+ $selected{'DAUTH'}{'SHA1'} = '';
+ # If no hash algorythm has been choosen yet, select
+ # the old default value (SHA1) for compatiblity reasons.
+ if ($cgiparams{'DAUTH'} eq '') {
+ $cgiparams{'DAUTH'} = 'SHA1';
+ }
+ $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
if (1) {
&Header::showhttpheaders();
} else {
print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>";
}
-
print <<END;
<td width='25%'> </td>
- <td width='25%'> </td></tr>
-
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>
- <td><select name='SIDE'><option value='server' $selected{'SIDE'}{'server'}>$Lang::tr{'openvpn server'}</option>
- <option value='client' $selected{'SIDE'}{'client'}>$Lang::tr{'openvpn client'}</option></select></td>
-
- <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
- <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td></tr>
+ <td width='25%'> </td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>
+ <td><select name='SIDE'>
+ <option value='server' $selected{'SIDE'}{'server'}>$Lang::tr{'openvpn server'}</option>
+ <option value='client' $selected{'SIDE'}{'client'}>$Lang::tr{'openvpn client'}</option>
+ </select>
+ </td>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
- <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td>
+ <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
+ <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td>
+ </tr>
- <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
- <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
+ <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td>
- <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td>
+ <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
+ <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td>
+ </tr>
- <td class='boldbase'>$Lang::tr{'destination port'}:</td>
- <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td>
+ <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
- <td><select name='PROTOCOL'><option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
- <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>
+ <td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
+ <td><select name='PROTOCOL'>
+ <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
+ <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>
+ </tr>
+
+ <tr>
+ <td class='boldbase'>$Lang::tr{'destination port'}:</td>
+ <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td>
<td class='boldbase' nowrap='nowrap'>Management Port ($Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}): <img src='/blob.gif' /></td>
- <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
- </tr>
+ <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
+ </tr>
- <tr><td class='boldbase'>$Lang::tr{'cipher'}</td>
- <td><select name='DCIPHER'>
- <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
- <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (196 $Lang::tr{'bit'})</option>
- <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
- <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option>
- <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
- <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
- <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'})</option>
- <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'})</option>
- <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
- <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'})</option>
- <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'})</option>
- <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'})</option>
- <option value='RC2-CBC' $selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC (128 $Lang::tr{'bit'})</option>
- <option value='DES-CBC' $selected{'DCIPHER'}{'DES-CBC'}>DES-CBC (64 $Lang::tr{'bit'} not recommended)</option>
- <option value='RC2-64-CBC' $selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-CBC (64 $Lang::tr{'bit'} not recommended)</option>
- <option value='RC2-40-CBC' $selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-CBC (40 $Lang::tr{'bit'} not recommended)</option>
- </select>
- </td>
-
- <td class='boldbase'>$Lang::tr{'ovpn ha'}:</td>
- <td><select name='DAUTH'>
- <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
- <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
- <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
- <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
- <option value='ecdsa-with-SHA1' $selected{'DAUTH'}{'ecdsa-with-SHA1'}>ECDSA-SHA1 (160 $Lang::tr{'bit'})</option>
- <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'} Default)</option>
- </select>
- </td>
- </tr>
+ <tr><td colspan=4><hr /></td></tr><tr>
+
+ <tr>
+ <td class'base'><b>$Lang::tr{'MTU settings'}</b></td>
+ </tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'} <img src='/blob.gif' /></td>
- <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td>
- <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'} <img src='/blob.gif' /></td>
+ <td><input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td>
+ <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td>
+ </tr>
- <tr><td class='boldbase' nowrap='nowrap'>fragment: <img src='/blob.gif' /></td>
- <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td>
- <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td>
+ <tr><td class='boldbase' nowrap='nowrap'>fragment <img src='/blob.gif' /></td>
+ <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td>
+ <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td>
+ </tr>
- <tr><td class='boldbase' nowrap='nowrap'>mssfix: <img src='/blob.gif' /></td>
- <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
- <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td>
+ <tr><td class='boldbase' nowrap='nowrap'>mssfix <img src='/blob.gif' /></td>
+ <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
+ <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td>
+ </tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'} <img src='/blob.gif'</td>
- <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
- </tr>
+ <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
+ </tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}:</td>
- <td colspan='3'>
- <input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}
- <input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}
- <input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}
- <input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'}
- </td>
- </tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td>
+ <td colspan='3'>
+ <input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}
+ <input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}
+ <input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}
+ <input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'}
+ </td>
+ </tr>
+
+<tr><td colspan=4><hr /></td></tr><tr>
+ <tr>
+ <td class'base'><b>$Lang::tr{'ovpn crypt options'}:</b></td>
+ </tr>
+
+ <tr><td class='boldbase'>$Lang::tr{'cipher'}</td>
+ <td><select name='DCIPHER'>
+ <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
+ <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
+ <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option>
+ <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
+ <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'})</option>
+ <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'})</option>
+ <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'})</option>
+ </select>
+ </td>
+
+ <td class='boldbase'>$Lang::tr{'ovpn ha'}:</td>
+ <td><select name='DAUTH'>
+ <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
+ <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
+ <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
+ <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
+ <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'} Default)</option>
+ </select>
+ </td>
+ </tr>
+ <tr><td colspan=4><hr /></td></tr><tr>
END
;
if ($cgiparams{'TYPE'} eq 'host') {
- print <<END;
+ print <<END;
<table width='100%' cellpadding='0' cellspacing='5' border='0'>
<tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td><td class='base'>$Lang::tr{'upload a certificate request'}</td><td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr>
} else {
- print <<END;
+ print <<END;
<table width='100%' cellpadding='0' cellspacing='5' border='0'>
<tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td> </td></tr>
###
if ($cgiparams{'TYPE'} eq 'host') {
- print <<END;
+ print <<END;
</select></td></tr>
<td> </td><td class='base'>$Lang::tr{'valid till'} (days):</td>
</table>
END
}else{
- print <<END;
+ print <<END;
</select></td></tr>
<tr><td> </td><td> </td><td> </td></tr>
<tr><td> </td><td> </td><td> </td></tr>
if (&haveOrangeNet() && $selorange == '1'){ print"<option selected>$Lang::tr{'orange'}</option>";$selorange=0;}elsif(&haveOrangeNet() && $selorange == '0'){print"<option>$Lang::tr{'orange'}</option>";}
if ($selgreen == '1' || $other == '0'){ print"<option selected>$Lang::tr{'green'}</option>";$set=0;}else{print"<option>$Lang::tr{'green'}</option>";};
- print<<END
+ print<<END;
</select></td><td valign='top'>DNS1:</td><td valign='top'><input type='TEXT' name='CCD_DNS1' value='$cgiparams{'CCD_DNS1'}' size='30' /></td></tr>
<tr valign='top'><td>DNS2:</td><td><input type='TEXT' name='CCD_DNS2' value='$cgiparams{'CCD_DNS2'}' size='30' /></td></tr>
<tr valign='top'><td valign='top'>WINS:</td><td><input type='TEXT' name='CCD_WINS' value='$cgiparams{'CCD_WINS'}' size='30' /></td></tr></table><br><hr>
if ($cgiparams{'DAUTH'} eq '') {
$cgiparams{'DAUTH'} = 'SHA1';
}
+ if ($cgiparams{'ENGINES'} eq '') {
+ $cgiparams{'ENGINES'} = 'disabled';
+ }
if ($cgiparams{'DOVPN_SUBNET'} eq '') {
$cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
}
$selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
$selected{'DCIPHER'}{'CAST5-CBC'} = '';
$selected{'DCIPHER'}{'BF-CBC'} = '';
- $selected{'DCIPHER'}{'RC2-CBC'} = '';
$selected{'DCIPHER'}{'DES-CBC'} = '';
- $selected{'DCIPHER'}{'RC2-64-CBC'} = '';
- $selected{'DCIPHER'}{'RC2-40-CBC'} = '';
$selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
$selected{'DAUTH'}{'whirlpool'} = '';
$selected{'DAUTH'}{'SHA512'} = '';
$selected{'DAUTH'}{'SHA384'} = '';
$selected{'DAUTH'}{'SHA256'} = '';
- $selected{'DAUTH'}{'ecdsa-with-SHA1'} = '';
$selected{'DAUTH'}{'SHA1'} = '';
$selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
&Header::closebox();
}
- if ($warnmessage) {
- &Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
- print "$warnmessage<br>";
- print "$Lang::tr{'fwdfw warn1'}<br>";
- &Header::closebox();
- print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>";
- &Header::closepage();
- exit 0;
- }
+ if ($warnmessage) {
+ &Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
+ print "$warnmessage<br>";
+ print "$Lang::tr{'fwdfw warn1'}<br>";
+ &Header::closebox();
+ print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>";
+ &Header::closepage();
+ exit 0;
+ }
my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
my $srunning = "no";
<td class='boldbase'>$Lang::tr{'destination port'}:</td>
<td><input type='TEXT' name='DDEST_PORT' value='$cgiparams{'DDEST_PORT'}' size='5' /></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'} </td>
- <td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}'size='5' /></td>
+ <td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}' size='5' /></td>
+
<td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
<td><select name='DCIPHER'>
<option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
- <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (196 $Lang::tr{'bit'})</option>
+ <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
<option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
<option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option>
<option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
<option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'})</option>
<option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'})</option>
<option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'})</option>
- <option value='RC2-CBC' $selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC (128 $Lang::tr{'bit'})</option>
- <option value='DES-CBC' $selected{'DCIPHER'}{'DES-CBC'}>DES-CBC (64 $Lang::tr{'bit'} not recommended)</option>
- <option value='RC2-64-CBC' $selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-CBC (64 $Lang::tr{'bit'} not recommended)</option>
- <option value='RC2-40-CBC' $selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-CBC (40 $Lang::tr{'bit'} not recommended)</option>
</select>
</td>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
#EXITING -- A graceful exit is in progress.
####
- if ($tustate[1] eq 'CONNECTED') {
+ if (($tustate[1] eq 'CONNECTED') || ($tustate[1] eq 'WAIT')) {
$col1="bgcolor='${Header::colourgreen}'";
$active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>";
}else {
<td nowrap='nowrap' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td>
</tr>
+ <tr align='right'>
+ <td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>
+ </tr>
+
+ <tr><td colspan=4><hr /></td></tr><tr>
<tr>
- <td class='base' nowrap='nowrap'>$Lang::tr{'ovpn dh name'}:</td>
- <td nowrap='nowrap'><input type='text' name='DH_NAME' value='$cgiparams{'DH_NAME'}' size='15' align='left'/></td>
+ <td class'base'><b>$Lang::tr{'ovpn dh parameters'}:</b></td>
+ </tr>
+
+ <tr>
+ <td class='base' nowrap='nowrap'>$Lang::tr{'ovpn dh upload'}:</td>
+ <td nowrap='nowrap'><size='15' align='left'/></td>
<td nowrap='nowrap'><input type='file' name='FH' size='25' />
- <td nowrap='nowrap' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}' /></td>
+ <td colspan='4' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}' /></td>
</tr>
- <tr><td colspan='4'><br></td></tr>
<tr>
+ <td class='base' nowrap='nowrap'>$Lang::tr{'ovpn dh new key'}:</td>
+ <td nowrap='nowrap'><size='15' align='left'/></td>
<td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
- <td colspan='4' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'show dh'}' /></td>
</tr>
-
- <tr align='right'>
- <td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>
+ <tr>
+ <td colspan='4' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'show dh'}' /></td>
</tr>
</table>
+
+ <tr><td colspan=4><hr /></td></tr><tr>
END
;
print FILE <<END
if (
(isPlainHostName(host)) ||
- (dnsDomainIs(host, ".$mainsettings{'DOMAINNAME'}")) ||
(isInNet(host, "127.0.0.1", "255.0.0.0")) ||
- (isInNet(host, "10.0.0.0", "255.0.0.0")) ||
- (isInNet(host, "172.16.0.0", "255.240.0.0")) ||
- (isInNet(host, "192.168.0.0", "255.255.0.0")) ||
+END
+;
+
+ if ($netsettings{'GREEN_DEV'}) {
+ print FILE " (isInNet(host, \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\")) ||\n";
+ }
+
+ if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
+ print FILE " (isInNet(host, \"$netsettings{'BLUE_NETADDRESS'}\", \"$netsettings{'BLUE_NETMASK'}\")) ||\n";
+ }
+
+ if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
+ print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n";
+ }
+
+ print FILE <<END
(isInNet(host, "169.254.0.0", "255.255.0.0"))
)
return "DIRECT";
sub closepage () {
open(FILE, "</etc/system-release");
my $system_release = <FILE>;
- $system_release =~ s/core/Core Update/;
+ $system_release =~ s/core/Core Update /;
close(FILE);
print <<END;
%tr = (
%tr,
-'Act as' => 'Konfiguriert als',
+'Act as' => 'Konfiguriert als:',
'Add Level7 rule' => 'Level7-Regel hinzufügen',
'Add Port Rule' => 'Port-Regel hinzufügen',
'Add Rule' => 'Regel hinzufügen',
'Choose Rule' => 'Wählen Sie <u>eine</u> der untenstehenden Regeln aus.',
'Class' => 'Klasse',
'Class was deleted' => 'wurde mit eventuell vorhandenen Unterklassen gelöscht',
-'Client status and controlc' => 'Client-Status und -Kontrolle',
'ConnSched action' => 'Aktion:',
'ConnSched add action' => 'Aktion hinzufügen',
'ConnSched change profile title' => 'Wechsle zu Profil:',
'Local VPN IP' => 'Internes Netzwerk (GREEN)',
'MB read' => 'MB gelesen',
'MB written' => 'MB geschrieben',
-'MTU' => 'MTU Size:',
+'MTU' => 'MTU-Größe:',
+'MTU settings' => 'MTU-Einstellungen:',
+'Number of Countries for the pie chart' => 'Anzahl der angezeigten Länder im Diagramm',
'Number of IPs for the pie chart' => 'Anzahl der angezeigten IPs im Diagramm',
'Number of Ports for the pie chart' => 'Anzahl der angezeigten Ports im Diagramm',
'OVPN' => 'OpenVPN',
'details' => 'Mehr',
'device' => 'Gerät',
'devices on blue' => 'Geräte auf Blau',
-'dh' => 'Diffie-Hellman Key',
-'dh key warn' => 'Keys mit 1024 und 2048 Bit können mehrere Minuten, 3072 und 4096 Bit bis zu mehreren Stunden dauern. Bitte haben sie Geduld.',
-'dh name is invalid' => 'Name ist ungültig, bitte "dh1024.pem" verwenden.',
+'dh' => 'Diffie-Hellman-Parameter',
+'dh key move failed' => 'Verschieben der Diffie-Hellman-Parameter fehlgeschlagen.',
+'dh key warn' => 'Das Generieren der Diffie-Hellman-Parameter mit 1024 oder 2048 Bit dauert üblicherweise mehrere Minuten. Schlüssellängen von 3072 oder 4096 Bit beanspruchen mehrere Stunden. Bitte haben Sie etwas Geduld.',
+'dh key warn1' => 'Bei schwachen Systemen oder Systeme mit wenig Entropie wird empfohlen lange Diffie-Hellman-Parameter über die Upload-Funktion hochzuladen.',
'dhcp advopt add' => 'DHCP Option hinzufügen',
'dhcp advopt added' => 'DHCP Option hinzugefügt',
'dhcp advopt blank value' => 'Wert für DHCP Option darf nicht leer sein',
'dns proxy server' => 'DNS-Proxyserver',
'dns saved' => 'Erfolgreich gespeichert!',
'dns saved txt' => 'Die beiden eingegebenen DNS-Server-Adressen wurde erfolgreich gespeichert.<br/>Um die Änderung wirksam zu machen, müssen Sie neustarten oder wiederverbinden!',
-'dns server' => 'DNS-Server',
-'dns servers' => 'DNS-Server',
+'dns server' => 'DNS Server',
'dns title' => 'Domain Name System',
'dnsforward' => 'DNS-Weiterleitung',
'dnsforward add a new entry' => 'Neuen Eintrag hinzufügen',
'donation-text' => '<strong>IPFire</strong> wird von Freiwilligen in ihrer Freizeit betrieben und auch betreut. Um dieses Projekt am Laufen zu halten, entstehen uns natürlich auch Kosten. Wenn Sie uns unterstützen wollen, würden wir uns über eine kleine Spende sehr freuen.',
'dos charset' => 'DOS Charset',
'down and up speed' => 'Geben Sie bitte hier ihre Download- bzw. Upload-Geschwindigkeit ein <br /> und klicken Sie danach auf <i>Speichern</i>.',
-'downlink' => 'Downlink',
'downlink speed' => 'Downlink-Geschwindigkeit (kBit/sek)',
'downlink std class' => 'Downloadstandardklasse',
'download' => 'herunterladen',
'firewall log' => 'Firewall-Protokoll',
'firewall log viewer' => 'Betrachter der Firewall-Logdateien',
'firewall logs' => 'Firewall-Logdateien',
+'firewall logs country' => 'Fw-Logdiagramme (Land)',
'firewall logs ip' => 'Fw-Logdiagramme (IP)',
'firewall logs port' => 'Fw-Logdiagramme (Port)',
'firewall rules' => 'Firewallregeln',
'firewallhits' => 'Firewalltreffer',
'firmware' => 'Firmware',
'firmware upload' => 'Hochladen der Firmware/Treiber',
-'first' => 'Erste',
'fixed ip lease added' => 'Feste IP-Zuordnung hinzugefügt',
'fixed ip lease modified' => 'Feste IP-Zuordnung geändert',
'fixed ip lease removed' => 'Feste IP-Zuordnung gelöscht',
'fwhost wo subnet' => '(Ohne Subnetz)',
'gateway' => 'Gateway',
'gateway ip' => 'Gateway-IP',
-'gen dh' => 'Diffie-Hellman Key erzeugen',
+'gen dh' => 'Neuen Diffie-Hellman-Parameter erzeugen',
'gen static key' => 'Statischen Schlüssel erzeugen',
'generate' => 'Root/Host-Zertifikate generieren',
'generate a certificate' => 'Erzeuge ein Zertifikat:',
'lan' => 'LAN',
'lang' => 'de',
'languagepurpose' => 'Wählen Sie eine Sprache, in der IPFire angezeigt werden soll:',
-'last' => 'Letzte',
'last activity' => 'Letzte Aktivität',
'lateprompting' => 'Late prompting',
'lease expires' => 'Zuordnung verfällt',
'network traffic graphs others' => 'Netzwerk (sonstige)',
'network updated' => 'Benutzerdefiniertes Netzwerk aktualisiert',
'networks settings' => 'Firewall - Netzwerkeinstellungen',
+'never' => 'Nie',
'new optionsfw later' => 'Einige Einstellungen werden erst nach einem Neustart aktiv',
'new optionsfw must boot' => 'Sie müssen Ihren IPFire neu starten',
'newer' => 'Neuer',
'nonetworkname' => 'Kein Netzwerkname wurde eingegeben',
'noservicename' => 'Kein Dienstname wurde eingegeben',
'not a valid ca certificate' => 'Kein gültiges CA Zertifikat.',
-'not a valid dh key' => 'Kein gültiger Diffie-Hellman Schlüssel. Bitte nur 1024, 2048, 3072 oder 4096 Bit im PKCS#3 Format verwenden.',
+'not a valid dh key' => 'Kein gültiger Diffie-Hellman-Parameter. Es sind nur Parameter mit einer Länge von 1024, 2048, 3072 oder 4096 Bit im PKCS#3-Format erlaubt.',
'not enough disk space' => 'Nicht genügend Plattenplatz vorhanden',
'not present' => '<B>Nicht</B> vorhanden',
'not running' => 'nicht gestartet',
'ovpn con stat' => 'OpenVPN Verbindungs-Statistik',
'ovpn config' => 'OVPN-Konfiguration',
'ovpn crypt options' => 'Kryptografieoptionen',
-'ovpn device' => 'OpenVPN-Gerät:',
-'ovpn dh' => 'Diffie-Hellman Key Länge',
-'ovpn dh name' => 'Diffie-Hellman Key Name',
+'ovpn device' => 'OpenVPN-Gerät',
+'ovpn dh' => 'Diffie-Hellman-Parameter-Länge',
+'ovpn dh new key' => 'Neuen Diffie-Hellman Parameter erstellen',
+'ovpn dh parameters' => 'Diffie-Hellman-Parameter-Optionen',
+'ovpn dh upload' => 'Neuen Diffie-Hellman-Parameter hochladen',
'ovpn dl' => 'OVPN-Konfiguration downloaden',
+'ovpn engines' => 'Krypto Engine',
'ovpn errmsg green already pushed' => 'Route für grünes Netzwerk wird immer gesetzt',
'ovpn errmsg invalid ip or mask' => 'Ungültige Netzwerk-Adresse oder Subnetzmaske',
'ovpn generating the root and host certificates' => 'Die Erzeugung der Root- und Host-Zertifikate kann lange Zeit dauern.',
-'ovpn ha' => 'Hash Algorithmus',
-'ovpn hmac' => 'HMAC Optionen',
+'ovpn ha' => 'Hash-Algorithmus',
+'ovpn hmac' => 'HMAC-Optionen',
'ovpn log' => 'OVPN-Log',
'ovpn mgmt in root range' => 'Ein Port von 1024 oder höher ist erforderlich.',
'ovpn mtu-disc' => 'Path MTU Discovery',
'ovpn on orange' => 'OpenVPN auf ORANGE:',
'ovpn on red' => 'OpenVPN auf ROT:',
'ovpn port in root range' => 'Ein Port von 1024 oder höher ist erforderlich.',
+'ovpn reneg sec' => 'Session Key Lifetime',
'ovpn routes push' => 'Routen (eine pro Zeile) z.b. 192.168.10.0/255.255.255.0 192.168.20.0/24',
'ovpn routes push options' => 'Route push Optionen',
'ovpn server status' => 'OpenVPN-Server-Status',
'ovpn subnet' => 'OpenVPN-Subnetz:',
'ovpn subnet is invalid' => 'Das OpenVPN-Subnetz ist ungültig.',
'ovpn subnet overlap' => 'OpenVPNSubnetz überschneidet sich mit ',
+'ovpn_fastio' => 'Fast-IO',
'ovpn_fragment' => 'Fragmentgrösse',
'ovpn_mssfix' => 'MSSFIX-Grösse',
'ovpn_mtudisc' => 'MTU-Discovery',
'show ca certificate' => 'CA Zertifikat anzeigen',
'show certificate' => 'Zertifikat anzeigen',
'show crl' => 'Certificate Revocation List anzeigen',
-'show dh' => 'Diffie-Hellman Key anzeigen',
+'show dh' => 'Diffie-Hellman-Parameter anzeigen',
'show host certificate' => 'Host-Zertifikat anzeigen',
'show last x lines' => 'die letzten x Zeilen anzeigen',
'show root certificate' => 'Root-Zertifikat anzeigen',
'source ip' => 'Quell-IP-Adresse',
'source ip and port' => 'Quell-IP:Port',
'source ip bad' => 'Ungültige Quell-IP-Adresse.',
+'source ip country' => 'Quell-IP-Adresse Land',
'source ip in use' => 'Benutzte Quell-IP:',
'source ip or net' => 'Quellen-IP oder Netz',
'source net' => 'Quell-Netz',
'updxlrtr weekly' => 'wöchentlich',
'updxlrtr year' => 'einem Jahr',
'upgrade' => 'upgrade',
-'uplink' => 'Uplink',
'uplink speed' => 'Uplink-Geschwindigkeit (kBit/sek)',
'uplink std class' => 'Uploadstandardklasse',
'upload' => 'Hochladen',
'upload a certificate' => 'Ein Zertifikat hochladen:',
'upload a certificate request' => 'Eine Zertifikatsanfrage hochladen:',
'upload ca certificate' => 'CA-Zertifikat hochladen',
-'upload dh key' => 'Diffie-Hellman Key hochladen',
+'upload dh key' => 'Diffie-Hellman-Parameter hochladen',
'upload file' => 'Datei zum hochladen',
'upload new ruleset' => 'Neuen Regelsatz hochladen',
'upload p12 file' => 'PKCS12-Datei hochladen',
'vpn aggrmode' => 'IKE Aggressive Mode zugelassen. Wenn möglich, vermeiden (preshared Schlüssel wird im Klartext übertragen)!',
'vpn altname syntax' => 'Der Subjekt Alternativ Name ist eine durch Komma getrennte Liste von Email, DNS, URI, RID und IP Objekten. <br />Email: eine Email Adresse. Syntax Email: \'copy\' benutzt die Email Adresse aus dem Zertifikatfeld. <br />DNS: ein gültiger Domain Name.<br />URI: eine gültige URI.<br />RID: Registriertes Objekt Identifikation.<br />IP: eine IP Adresse.<br />Bitte beachten: der Zeichensatz ist eingeschränkt und die Groß-/Kleinschreibung ist entscheidend.<br />Beispiel:<br /><b>email:</b>info@ipfire.org<b>,email:</b>copy<b>,DNS:</b>www.ipfire.org<b>,IP:</b>127.0.0.1<b>,URI:</b>http://url/nach/irgendwo',
'vpn auth-dn' => 'Peer wird identifiziert durch entweder ein IPV4_ADDR, FQDN, USER_FQDN oder DER_ASN1_DN string in Remote ID Feld',
-'vpn configuration main' => 'VPN-Konfiguration',
'vpn delayed start' => 'Verzögerung bevor VPN gestartet wird (Sekunden)',
'vpn delayed start help' => 'Falls notwendig, kann diese Verzögerung dazu verwendet werden, um Dynamic-DNS-Updates ordnungsgemäß anzuwenden. 60 ist ein gängiger Wert, wenn ROT (RED) eine dynamische IP Adresse ist.',
'vpn incompatible use of defaultroute' => 'Hostname=%defaultroute nicht zulässig',
'Choose Rule' => 'Choose <u>one</u> of the following rules.',
'Class' => 'Class',
'Class was deleted' => 'with potential subclasses was deleted',
-'Client status and controlc' => 'Client status and control:',
'ConnSched action' => 'Action:',
'ConnSched add action' => 'Add action',
'ConnSched change profile title' => 'Change to profile:',
'MB read' => 'MB read',
'MB written' => 'MB written',
'MTU' => 'MTU size:',
+'MTU settings' => 'MTU settings:',
+'Number of Countries for the pie chart' => 'Number of Countries for the pie chart',
'Number of IPs for the pie chart' => 'Number of IPs for the pie chart',
'Number of Ports for the pie chart' => 'Number of ports for the pie chart',
'OVPN' => 'OpenVPN',
'behind a proxy' => 'Behind a proxy:',
'bewan adsl pci st' => 'TO BE REMOVED',
'bewan adsl usb' => 'TO BE REMOVED',
-'bit' => 'Bit',
+'bit' => 'bit',
'bitrate' => 'Bitrate',
'bleeding rules' => 'Bleeding Edge Snort Rules',
'blue' => 'BLUE',
'details' => 'Details',
'device' => 'Device',
'devices on blue' => 'Devices on BLUE',
-'dh' => 'Diffie-Hellman Key',
-'dh key warn' => 'Keys with 1024 and 2048 bit takes up to several minutes, 3072 and 4096 bit might needs several hours. Please be patient.',
+'dh' => 'Diffie-Hellman parameters',
+'dh key move failed' => 'Diffie-Hellman parameters move failed.',
+'dh key warn' => 'Creating Diffie-Hellman parameters with lengths of 1024 or 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.',
+'dh key warn1' => 'For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.',
'dh name is invalid' => 'Name is invalid, please use "dh1024.pem".',
'dhcp advopt add' => 'Add a DHCP option',
'dhcp advopt added' => 'DHCP option added',
'dns saved' => 'Successfully saved!',
'dns saved txt' => 'The two entered DNS server addresses have been saved successfully.<br />You have to reboot or reconnect that the changes have effect!',
'dns server' => 'DNS Server',
-'dns servers' => 'DNS Servers',
'dns title' => 'Domain Name System',
'dnsforward' => 'DNS Forwarding',
'dnsforward add a new entry' => 'Add a new entry',
'done' => 'Do it',
'dos charset' => 'DOS Charset',
'down and up speed' => 'Enter your Down- and Uplink-Speed <br /> and then press <i>Save</i>.',
-'downlink' => 'Downlink',
'downlink speed' => 'Downlink speed (kbit/sec)',
'downlink std class' => 'downlink standard class',
'download' => 'download',
'firewallhits' => 'firewallhits',
'firmware' => 'Firmware',
'firmware upload' => 'Upload Firmware/Drivers',
-'first' => 'First',
'fixed ip lease added' => 'Fixed IP lease added',
'fixed ip lease modified' => 'Fixed IP lease modified',
'fixed ip lease removed' => 'Fixed IP lease removed',
'g.lite' => 'TO BE REMOVED',
'gateway' => 'Gateway',
'gateway ip' => 'Gateway IP',
-'gen dh' => 'Generate Diffie-Hellman key',
+'gen dh' => 'Generate new Diffie-Hellman parameters',
'gen static key' => 'Generate a static key',
'generate' => 'Generate root/host zertifikate',
'generate a certificate' => 'Generate a certificate:',
-'generate dh key' => 'Generate Diffie-Hellman key',
+'generate dh key' => 'Generate Diffie-Hellman parameters',
'generate iso' => 'Generate ISO',
'generate root/host certificates' => 'Generate root/host certificates',
'generate tripwire keys and init' => 'generate tripwire keys and init',
'lan' => 'LAN',
'lang' => 'en',
'languagepurpose' => 'Select the language you wish IPFire to display in:',
-'last' => 'Last',
'last activity' => 'Last Activity',
'lateprompting' => 'Lateprompting',
'lease expires' => 'Lease expires',
'network traffic graphs others' => 'Network (others)',
'network updated' => 'Custom Network updated',
'networks settings' => 'Firewall - Network settings',
+'never' => 'Never',
'new optionsfw later' => 'Some options need a reboot to take effect',
'new optionsfw must boot' => 'You must reboot your IPFire',
'newer' => 'Newer',
'nonetworkname' => 'No Network Name entered',
'noservicename' => 'No Service Name entered',
'not a valid ca certificate' => 'Not a valid CA certificate.',
-'not a valid dh key' => 'Not a valid Diffie-Hellman key. Please use 1024, 2048, 3072 or 4096 bit in PKCS#3 format.',
+'not a valid dh key' => 'Not a valid Diffie-Hellman parameters file. Please use a length of 1024, 2048, 3072 or 4096 bits and the PKCS#3 format.',
'not enough disk space' => 'Not enough disk space',
'not present' => '<b>Not</b> present',
'not running' => 'not running',
'ovpn config' => 'OVPN-Config',
'ovpn crypt options' => 'Cryptographic options',
'ovpn device' => 'OpenVPN device:',
-'ovpn dh' => 'Diffie-Hellman key lenght',
-'ovpn dh name' => 'Diffie-Hellman key name',
+'ovpn dh' => 'Diffie-Hellman parameters length',
+'ovpn dh new key' => 'Generate new Diffie-Hellman parameters',
+'ovpn dh parameters' => 'Diffie-Hellman parameters options',
+'ovpn dh upload' => 'Upload new Diffie-Hellman parameters',
'ovpn dl' => 'OVPN-Config Download',
+'ovpn engines' => 'Crypto engine',
'ovpn errmsg green already pushed' => 'Route for green network is always set',
'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask',
'ovpn generating the root and host certificates' => 'Generating the root and host certifictae can take a long time.',
'ovpn on orange' => 'OpenVPN on ORANGE:',
'ovpn on red' => 'OpenVPN on RED:',
'ovpn port in root range' => 'A port number of 1024 or higher is required.',
+'ovpn reneg sec' => 'Session key lifetime:',
'ovpn routes push' => 'Routes (one per line) e.g. 192.168.10.0/255.255.255.0 192.168.20.0/24',
'ovpn routes push options' => 'Route push options',
'ovpn server status' => 'Current OpenVPN server status:',
'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.',
'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ',
'ovpn_fastio' => 'Fast-IO',
-'ovpn_fragment' => 'Fragmentsize',
'ovpn_mssfix' => 'MSSFIX Size',
'ovpn_mtudisc' => 'MTU-Discovery',
'ovpn_processprio' => 'Process priority',
'show ca certificate' => 'Show CA certificate',
'show certificate' => 'Show certificate',
'show crl' => 'Show certificate revocation list',
-'show dh' => 'Show Diffie-Hellman key',
+'show dh' => 'Show Diffie-Hellman parameters',
'show host certificate' => 'Show host certificate',
'show last x lines' => 'Show last x lines',
'show lines' => 'Show lines',
'source ip' => 'Source IP',
'source ip and port' => 'Source IP: Port',
'source ip bad' => 'Not a valid IP address or a network address.',
+'source ip country' => 'Source IP Country',
'source ip in use' => 'Source IP in use:',
'source ip or net' => 'Source IP or Net',
'source net' => 'Source Net',
'telephone not set' => 'Telephone not set.',
'template' => 'Preset',
'template warning' => 'You have two options to set up Qos. The First, you press the save button and generate the classes and rules on your own. The second, you press the preset button and classes and rules will be set up by a template.',
+'teovpn_fragment' => 'Fragmentsize',
'test' => 'test',
'test email could not be sent' => 'Could not sent Testemail',
'test email was sent' => 'Testemail was send successfully',
'updxlrtr weekly' => 'weekly',
'updxlrtr year' => 'one year',
'upgrade' => 'upgrade',
-'uplink' => 'Uplink',
'uplink speed' => 'Uplink speed (kbit/sec)',
'uplink std class' => 'uplink standard class',
'upload' => 'Upload',
'upload a certificate' => 'Upload a certificate:',
'upload a certificate request' => 'Upload a certificate request:',
'upload ca certificate' => 'Upload CA certificate',
-'upload dh key' => 'Upload Diffie-Hellman key',
+'upload dh key' => 'Upload Diffie-Hellman parameters',
'upload fcdsl.o' => 'TO BE REMOVED',
'upload file' => 'Upload file',
'upload new ruleset' => 'Upload new ruleset',
'vpn aggrmode' => 'IKE aggressive mode allowed. Avoid if possible (preshared key is transmitted in clear text)!',
'vpn altname syntax' => 'SubjectAltName is a comma separated list of e-mail, dns, uri, rid and ip objects.<br />email:an email address. Syntax email:copy takes the email field from the cert to be used.<br />DNS:a valid domain name.<br />URI:any valid uri.<br />RID:registered object identifier.<br />IP:an IP address.<br />Note:charset is limited and case is significant.<br />Example:<br /><b>e-mail:</b>ipfire@foo.org<b>,email:</b>copy<b>,DNS:</b>www.ipfire.org<b>,IP:</b>127.0.0.1<b>,URI:</b>http://url/to/something',
'vpn auth-dn' => 'Peer is identified by either IPV4_ADDR, FQDN, USER_FQDN or DER_ASN1_DN string in remote ID field',
-'vpn configuration main' => 'VPN Configuration',
'vpn delayed start' => 'Delay before launching VPN (seconds)',
'vpn delayed start help' => 'If required, this delay can be used to allow dynamic DNS updates to propagate properly. 60 is a common value when RED is a dynamic IP.',
'vpn incompatible use of defaultroute' => 'hostname=%defaultroute not allowed',
/* TR_JOURNAL_EXT3 */
"Ext3 için günlük oluşturuluyor...",
/* TR_CHOOSE_NETCARD */
-"Aşağıdaki ara birim için bir ağ kartı seçin - %s.",
+"Aşağıdan şu ara birim için bir ağ kartı seçin - %s",
/* TR_NETCARDMENU2 */
"GeniÅŸletilmiÅŸ AÄŸ Listesi",
/* TR_ERROR_INTERFACES */
/* TR_DNS_AND_GATEWAY_SETTINGS */
"DNS ve Ağ Geçidi ayarları",
/* TR_DNS_AND_GATEWAY_SETTINGS_LONG */
-"DNS ve ağ geçidi bilgilerini girin. Bu ayarlar sadece KIRMIZI arabirim adres ayarlarında Sabit seçenği seçilmişse kullanılır. Eğer KIRMIZI arabirim adres ayarlarında DHCP seçeneğini seçtiyseniz bu alanı boş bırakabilirsiniz.",
+"DNS ve ağ geçidi bilgilerini girin. Bu ayarlar sadece KIRMIZI ara birim adres ayarlarında Statik seçenği seçilmişse kullanılır. Eğer KIRMIZI ara birim adres ayarlarında DHCP seçeneğini seçtiyseniz bu alanı boş bırakabilirsiniz.",
/* TR_DNS_GATEWAY_WITH_GREEN */
"Yapılandırmanız KIRMIZI ara birim için ethernet adaptörünü kullanamaz. DNS ve Çevirmeli ağ kullanıcıları için ağ geçidi bilgisi çevirmeli ağda otomatik olarak yapılandırılır.",
/* TR_DOMAINNAME */
/* TR_ENTER_ADDITIONAL_MODULE_PARAMS */
"Bazı ISDN kartları (özellikle ISA olanlar) IRQ ve GÇ adres bilgilerini ayarlamak için ek modül parametrelerine ihtiyaç duyar.Böyle bir ISDN kartınız varsa burada bu ek parametreleri girin. Örneğin: \"io = 0x280 irq = 9 \". Bunlar kart algılama sırasında kullanılacaktır.",
/* TR_ENTER_ADMIN_PASSWORD */
-"%s 'admin' kullanıcı parolasını giriniz. Bu, %s web yönetimi sayfalarının kayıtlarına erişebilen kullanıcıdır.",
+"%s 'admin' kullanıcı parolasını girin. Bu, %s web yönetimi sayfalarının kayıtlarına erişebilen kullanıcıdır.",
/* TR_ENTER_DOMAINNAME */
"Alan adını girin",
/* TR_ENTER_HOSTNAME */
/* TR_INTERFACE_FAILED_TO_COME_UP */
"Ara birim yükseltmesi başarısız oldu.",
/* TR_INVALID_FIELDS */
-"Aşağıdaki alan geçersizdir:\n\n",
+"Aşağıdaki alan geçersiz:\n\n",
/* TR_INVALID_IO */
"Girilen GÇ bağlantı noktası detayları geçersiz. ",
/* TR_INVALID_IRQ */
/* TR_PHONENUMBER_CANNOT_BE_EMPTY */
"Telefon numarası boş olamaz.",
/* TR_PREPARE_HARDDISK */
-"Sabit disk kurulum programı /dev/sda üzerindeki %s sabit diski hazırlayacak. İlk olarak diskiniz bölümlendirilir ve daha sonra bu bölüme dosya sistemleri oluşturulur.\n\nDİSKTEKİ TÜM VERİLER SİLİNECEKTİR. Kabul ediyor musunuz?",
+"Sabit disk kurulum programı %s üzerindeki sabit diski hazırlayacak. İlk olarak diskiniz bölümlendirilir ve daha sonra bu bölüme dosya sistemleri oluşturulur.\n\nDİSKTEKİ TÜM VERİLER SİLİNECEKTİR. Kabul ediyor musunuz?",
/* TR_PRESS_OK_TO_REBOOT */
"Yeniden BaÅŸlat",
/* TR_PRIMARY_DNS */
/* TR_SETTING_SETUP_PASSWORD */
"KALDIRILACAK",
/* TR_SETUP_FINISHED */
-"Kurulum tamamlandı. Tamam tuşuna basın.",
+"Kurulum tamamlandı. Tamam seçneği ile ilerleyin.",
/* TR_SETUP_NOT_COMPLETE */
"Başlangıç kurulumu tamamlanamadı. Şimdi kurulumu tekrar çalıştırarak ayarlarınızın düzgün yapılmış olduğundan emin olun.",
/* TR_SETUP_PASSWORD */
/* TR_START_ADDRESS_CR */
"Başlangıç adresi\n",
/* TR_STATIC */
-"Sabit",
+"Statik",
/* TR_SUGGEST_IO */
"(öneri %x)",
/* TR_SUGGEST_IRQ */
/* TR_WARNING */
"UYARI",
/* TR_WARNING_LONG */
-"Bu IP adresini değiştiriseniz %s makinesi ile uzak oturum bağlantısı kopar ve yeniden IP adresi girmeniz gerekir. Bu riskli bir işlemdir. Bu işlem sırasında bir şeyler ters giderse düzeltmek için makineye fiziksel erişiminiz varsa denemelisiniz.",
+"Bu IP adresini değiştiriseniz %s makinesi ile uzak oturum bağlantısı kopar ve yeniden IP adresi girmeniz gerekir. Bu riskli bir işlemdir. Bu işlem sırasında bir şeyler ters giderse düzeltmek için makineye fiziksel erişiminiz olmalıdır. Makineye fiziksel erişiminiz varsa bu işlemi gerçekleştirin.",
/* TR_WELCOME */
"%s kurulum programına hoş geldiniz. Sonraki ekranların herhangi birinde İptal seçeneğini seçtiğinizde bilgisayar yeniden başlatılacaktır.",
/* TR_YOUR_CONFIGURATION_IS_SINGLE_GREEN_ALREADY_HAS_DRIVER */
/* TR_DHCP_FORCE_MTU */
"DHCP mtu zorla:",
/* TR_IDENTIFY */
-"Identify",
+"Belirle",
/* TR_IDENTIFY_SHOULD_BLINK */
-"Selected port should blink now ...",
+"Seçilen bağlantı noktasının şimdi yanıp sönmesi gerekir...",
/* TR_IDENTIFY_NOT_SUPPORTED */
-"Function is not supported by this port.",
+"İşlev bu bağlantı noktası tarafından desteklenmiyor.",
};
include Config
-VER = 0.98.1
+VER = 0.98.3
THISAPP = clamav-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = clamav
-PAK_VER = 24
+PAK_VER = 25
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = b1ec7b19dea8385954515ef1d63576d8
+$(DL_FILE)_MD5 = b649d35ee85d4d6075a98173dd255c17
install : $(TARGET)
# Disable PaX mprotect for clamd and freshclam
paxctl -cm /usr/sbin/clamd
+ paxctl -cm /usr/bin/clamscan
paxctl -cm /usr/bin/freshclam
@rm -rf $(DIR_APP)
include Config
-VER = 2.0.1
+VER = 2.0.2
THISAPP = daq-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 044aa3663d44580d005293eeb8ccf175
+$(DL_FILE)_MD5 = 865bf9b750a2a2ca632591a3c70b0ea0
install : $(TARGET)
include Config
-VER = 2.6.3
+VER = 2.7.2
THISAPP = nut-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nut
-PAK_VER = 4
+PAK_VER = 5
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8db00c21f8bc03add6e14d15f634ec6a
+$(DL_FILE)_MD5 = c3568b42e058cfc385b46d25140dced4
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 2.3.2
+VER = 2.3.4
THISAPP = openvpn-$(VER)
-DL_FILE = $(THISAPP).tar.gz
+DL_FILE = $(THISAPP).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 06e5f93dbf13f2c19647ca15ffc23ac1
+$(DL_FILE)_MD5 = 9b70be9fb45e407117c3c9b118e4ba22
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure \
--prefix=/usr \
--sysconfdir=/var/ipfire/ovpn \
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h
cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
- cd $(DIR_APP) && make $(MAKETUNING) CC="gcc $(CFLAGS)"
+ cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)"
cd $(DIR_APP) && make install
cd $(DIR_APP) && make install-etcppp
touch /var/log/connect-errors
include Config
-VER = 2.9.5.3
+VER = 2.9.6.1
THISAPP = snort-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f99465c0734a6173bfca899dcb72266b
+$(DL_FILE)_MD5 = d7c0f1ddb2e70b70acdaa4664abb5fb0
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) $(DIR_SRC)/snort* && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls \
- --sysconfdir=/etc/snort --target=i586 \
- --enable-linux-smp-stats --enable-smb-alerts \
- --enable-gre --enable-mpls --enable-targetbased \
- --enable-decoder-preprocessor-rules --enable-ppm \
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --disable-nls \
+ --sysconfdir=/etc/snort \
+ --target=i586 \
+ --enable-linux-smp-stats \
+ --enable-smb-alerts \
+ --enable-gre --enable-mpls \
+ --enable-targetbased \
+ --enable-decoder-preprocessor-rules \
+ --enable-ppm \
--enable-non-ether-decoders \
- --enable-perfprofiling --enable-zlib --enable-active-response \
- --enable-normalizer --enable-reload --enable-react --enable-flexresp3
+ --enable-perfprofiling \
+ --enable-zlib \
+ --enable-active-response \
+ --enable-normalizer \
+ --enable-reload \
+ --enable-react \
+ --enable-flexresp3
+
cd $(DIR_APP) && make
cd $(DIR_APP) && make install
mv /usr/bin/snort /usr/sbin/
include Config
-VER = 3.4.4
+VER = 3.4.5
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = dc2bcb967fc6b15bbbc6b961010c0c00
+$(DL_FILE)_MD5 = a831efb36cfbaa419f8dc7a43cba72c9
install : $(TARGET)
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2014 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.10.2
+
+THISAPP = sslscan-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = sslscan
+PAK_VER = 1
+
+DEPS = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 41ecff92303cecfd00bf3c7de509af14
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && make $(MAKETUNING) CFLAGS="$(CFLAGS)"
+ cd $(DIR_APP) && make install PREFIX=/usr
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.15" # Version number
-CORE="77" # Core Level (Filename)
+CORE="78" # Core Level (Filename)
PAKFIRE_CORE="77" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
ipfiremake iptraf-ng
ipfiremake iotop
ipfiremake stunnel
+ ipfiremake sslscan
}
buildinstaller() {
fi
upsd=/usr/sbin/upsd
-upsdrvctl=/usr/bin/upsdrvctl
+upsdrvctl=/usr/sbin/upsdrvctl
upsmon=/usr/sbin/upsmon
log=">/dev/null 2>/dev/null"
--- /dev/null
+From d729b06f0ac7a5ebd3648ef60bef0499b59bf82d Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Fri, 4 Apr 2014 11:29:39 +0200
+Subject: [PATCH 03/25] build-sys: utilize compiler flags handed to us by
+ rpmbuild
+
+---
+ chat/Makefile.linux | 2 +-
+ pppd/Makefile.linux | 3 +--
+ pppd/plugins/Makefile.linux | 2 +-
+ pppd/plugins/pppoatm/Makefile.linux | 2 +-
+ pppd/plugins/radius/Makefile.linux | 2 +-
+ pppd/plugins/rp-pppoe/Makefile.linux | 2 +-
+ pppdump/Makefile.linux | 2 +-
+ pppstats/Makefile.linux | 2 +-
+ 8 files changed, 8 insertions(+), 9 deletions(-)
+
+diff --git a/chat/Makefile.linux b/chat/Makefile.linux
+index 1065ac5..848cd8d 100644
+--- a/chat/Makefile.linux
++++ b/chat/Makefile.linux
+@@ -10,7 +10,7 @@ CDEF3= -UNO_SLEEP # Use the usleep function
+ CDEF4= -DFNDELAY=O_NDELAY # Old name value
+ CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4)
+
+-COPTS= -O2 -g -pipe
++COPTS= $(RPM_OPT_FLAGS)
+ CFLAGS= $(COPTS) $(CDEFS)
+
+ INSTALL= install
+diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
+index 5a44d30..63872eb 100644
+--- a/pppd/Makefile.linux
++++ b/pppd/Makefile.linux
+@@ -32,8 +32,7 @@ endif
+
+ CC = gcc
+ #
+-COPTS = -O2 -pipe -Wall -g
+-LIBS =
++COPTS = -Wall $(RPM_OPT_FLAGS)
+
+ # Uncomment the next 2 lines to include support for Microsoft's
+ # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
+diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
+index 0a7ec7b..e09a369 100644
+--- a/pppd/plugins/Makefile.linux
++++ b/pppd/plugins/Makefile.linux
+@@ -1,5 +1,5 @@
+ #CC = gcc
+-COPTS = -O2 -g
++COPTS = $(RPM_OPT_FLAGS)
+ CFLAGS = $(COPTS) -I.. -I../../include -fPIC
+ LDFLAGS = -shared
+ INSTALL = install
+diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
+index 20f62e6..5a81447 100644
+--- a/pppd/plugins/pppoatm/Makefile.linux
++++ b/pppd/plugins/pppoatm/Makefile.linux
+@@ -1,5 +1,5 @@
+ #CC = gcc
+-COPTS = -O2 -g
++COPTS = $(RPM_OPT_FLAGS)
+ CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
+ LDFLAGS = -shared
+ INSTALL = install
+diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
+index 24ed3e5..45b3b8d 100644
+--- a/pppd/plugins/radius/Makefile.linux
++++ b/pppd/plugins/radius/Makefile.linux
+@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
+ INSTALL = install
+
+ PLUGIN=radius.so radattr.so radrealms.so
+-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
++CFLAGS=-I. -I../.. -I../../../include $(RPM_OPT_FLAGS) -DRC_LOG_FACILITY=LOG_DAEMON
+
+ # Uncomment the next line to include support for Microsoft's
+ # MS-CHAP authentication protocol.
+diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
+index 5d7a271..352991a 100644
+--- a/pppd/plugins/rp-pppoe/Makefile.linux
++++ b/pppd/plugins/rp-pppoe/Makefile.linux
+@@ -25,7 +25,7 @@ INSTALL = install
+ # Version is set ONLY IN THE MAKEFILE! Don't delete this!
+ RP_VERSION=3.8p
+
+-COPTS=-O2 -g
++COPTS=$(RPM_OPT_FLAGS)
+ CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
+ all: rp-pppoe.so pppoe-discovery
+
+diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
+index ac028f6..d0a5032 100644
+--- a/pppdump/Makefile.linux
++++ b/pppdump/Makefile.linux
+@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
+ BINDIR = $(DESTDIR)/sbin
+ MANDIR = $(DESTDIR)/share/man/man8
+
+-CFLAGS= -O -I../include/net
++CFLAGS= $(RPM_OPT_FLAGS) -I../include/net
+ OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
+
+ INSTALL= install
+diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
+index cca6f0f..42aba73 100644
+--- a/pppstats/Makefile.linux
++++ b/pppstats/Makefile.linux
+@@ -10,7 +10,7 @@ PPPSTATSRCS = pppstats.c
+ PPPSTATOBJS = pppstats.o
+
+ #CC = gcc
+-COPTS = -O
++COPTS = $(RPM_OPT_FLAGS)
+ COMPILE_FLAGS = -I../include
+ LIBS =
+
+--
+1.8.3.1
+
--- /dev/null
+From 82cd789df0f022eb6f3d28646e7a61d1d0715805 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Mon, 7 Apr 2014 12:23:36 +0200
+Subject: [PATCH 12/25] pppd: we don't want to accidentally leak fds
+
+---
+ pppd/auth.c | 20 ++++++++++----------
+ pppd/options.c | 2 +-
+ pppd/sys-linux.c | 4 ++--
+ 3 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/pppd/auth.c b/pppd/auth.c
+index 4271af6..9e957fa 100644
+--- a/pppd/auth.c
++++ b/pppd/auth.c
+@@ -428,7 +428,7 @@ setupapfile(argv)
+ option_error("unable to reset uid before opening %s: %m", fname);
+ return 0;
+ }
+- ufile = fopen(fname, "r");
++ ufile = fopen(fname, "re");
+ if (seteuid(euid) == -1)
+ fatal("unable to regain privileges: %m");
+ if (ufile == NULL) {
+@@ -1413,7 +1413,7 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg)
+ filename = _PATH_UPAPFILE;
+ addrs = opts = NULL;
+ ret = UPAP_AUTHNAK;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL) {
+ error("Can't open PAP password file %s: %m", filename);
+
+@@ -1512,7 +1512,7 @@ null_login(unit)
+ if (ret <= 0) {
+ filename = _PATH_UPAPFILE;
+ addrs = NULL;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+ check_access(f, filename);
+@@ -1559,7 +1559,7 @@ get_pap_passwd(passwd)
+ }
+
+ filename = _PATH_UPAPFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+ check_access(f, filename);
+@@ -1597,7 +1597,7 @@ have_pap_secret(lacks_ipp)
+ }
+
+ filename = _PATH_UPAPFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -1642,7 +1642,7 @@ have_chap_secret(client, server, need_ip, lacks_ipp)
+ }
+
+ filename = _PATH_CHAPFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -1684,7 +1684,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp)
+ struct wordlist *addrs;
+
+ filename = _PATH_SRPFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -1740,7 +1740,7 @@ get_secret(unit, client, server, secret, secret_len, am_server)
+ addrs = NULL;
+ secbuf[0] = 0;
+
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL) {
+ error("Can't open chap secret file %s: %m", filename);
+ return 0;
+@@ -1797,7 +1797,7 @@ get_srp_secret(unit, client, server, secret, am_server)
+ filename = _PATH_SRPFILE;
+ addrs = NULL;
+
+- fp = fopen(filename, "r");
++ fp = fopen(filename, "re");
+ if (fp == NULL) {
+ error("Can't open srp secret file %s: %m", filename);
+ return 0;
+@@ -2203,7 +2203,7 @@ scan_authfile(f, client, server, secret, addrs, opts, filename, flags)
+ */
+ if (word[0] == '@' && word[1] == '/') {
+ strlcpy(atfile, word+1, sizeof(atfile));
+- if ((sf = fopen(atfile, "r")) == NULL) {
++ if ((sf = fopen(atfile, "re")) == NULL) {
+ warn("can't open indirect secret file %s", atfile);
+ continue;
+ }
+diff --git a/pppd/options.c b/pppd/options.c
+index 45fa742..1d754ae 100644
+--- a/pppd/options.c
++++ b/pppd/options.c
+@@ -427,7 +427,7 @@ options_from_file(filename, must_exist, check_prot, priv)
+ option_error("unable to drop privileges to open %s: %m", filename);
+ return 0;
+ }
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ err = errno;
+ if (check_prot && seteuid(euid) == -1)
+ fatal("unable to regain privileges");
+diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
+index 72a7727..8a12fa0 100644
+--- a/pppd/sys-linux.c
++++ b/pppd/sys-linux.c
+@@ -1412,7 +1412,7 @@ static char *path_to_procfs(const char *tail)
+ /* Default the mount location of /proc */
+ strlcpy (proc_path, "/proc", sizeof(proc_path));
+ proc_path_len = 5;
+- fp = fopen(MOUNTED, "r");
++ fp = fopen(MOUNTED, "re");
+ if (fp != NULL) {
+ while ((mntent = getmntent(fp)) != NULL) {
+ if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0)
+@@ -1472,7 +1472,7 @@ static int open_route_table (void)
+ close_route_table();
+
+ path = path_to_procfs("/net/route");
+- route_fd = fopen (path, "r");
++ route_fd = fopen (path, "re");
+ if (route_fd == NULL) {
+ error("can't open routing table %s: %m", path);
+ return 0;
+--
+1.8.3.1
+
--- /dev/null
+From 302c1b736cb656c7885a0cba270fd953a672d8a8 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Mon, 7 Apr 2014 13:56:34 +0200
+Subject: [PATCH 13/25] everywhere: O_CLOEXEC harder
+
+---
+ pppd/eap.c | 2 +-
+ pppd/main.c | 4 ++--
+ pppd/options.c | 4 ++--
+ pppd/sys-linux.c | 22 +++++++++++-----------
+ pppd/tdb.c | 4 ++--
+ pppd/tty.c | 4 ++--
+ pppd/utils.c | 6 +++---
+ 7 files changed, 23 insertions(+), 23 deletions(-)
+
+diff --git a/pppd/eap.c b/pppd/eap.c
+index 6ea6c1f..faced53 100644
+--- a/pppd/eap.c
++++ b/pppd/eap.c
+@@ -1226,7 +1226,7 @@ mode_t modebits;
+
+ if ((path = name_of_pn_file()) == NULL)
+ return (-1);
+- fd = open(path, modebits, S_IRUSR | S_IWUSR);
++ fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC);
+ err = errno;
+ free(path);
+ errno = err;
+diff --git a/pppd/main.c b/pppd/main.c
+index 6d50d1b..4880377 100644
+--- a/pppd/main.c
++++ b/pppd/main.c
+@@ -420,7 +420,7 @@ main(argc, argv)
+ die(0);
+
+ /* Make sure fds 0, 1, 2 are open to somewhere. */
+- fd_devnull = open(_PATH_DEVNULL, O_RDWR);
++ fd_devnull = open(_PATH_DEVNULL, O_RDWR | O_CLOEXEC);
+ if (fd_devnull < 0)
+ fatal("Couldn't open %s: %m", _PATH_DEVNULL);
+ while (fd_devnull <= 2) {
+@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait)
+ if (log_to_fd >= 0)
+ errfd = log_to_fd;
+ else
+- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600);
++ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0600);
+
+ ++conn_running;
+ pid = safe_fork(in, out, errfd);
+diff --git a/pppd/options.c b/pppd/options.c
+index 1d754ae..8e62635 100644
+--- a/pppd/options.c
++++ b/pppd/options.c
+@@ -1544,9 +1544,9 @@ setlogfile(argv)
+ option_error("unable to drop permissions to open %s: %m", *argv);
+ return 0;
+ }
+- fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
++ fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644);
+ if (fd < 0 && errno == EEXIST)
+- fd = open(*argv, O_WRONLY | O_APPEND);
++ fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC);
+ err = errno;
+ if (!privileged_option && seteuid(euid) == -1)
+ fatal("unable to regain privileges: %m");
+diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
+index 8a12fa0..00a2cf5 100644
+--- a/pppd/sys-linux.c
++++ b/pppd/sys-linux.c
+@@ -459,7 +459,7 @@ int generic_establish_ppp (int fd)
+ goto err;
+ }
+ dbglog("using channel %d", chindex);
+- fd = open("/dev/ppp", O_RDWR);
++ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ if (fd < 0) {
+ error("Couldn't reopen /dev/ppp: %m");
+ goto err;
+@@ -619,7 +619,7 @@ static int make_ppp_unit()
+ dbglog("in make_ppp_unit, already had /dev/ppp open?");
+ close(ppp_dev_fd);
+ }
+- ppp_dev_fd = open("/dev/ppp", O_RDWR);
++ ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ if (ppp_dev_fd < 0)
+ fatal("Couldn't open /dev/ppp: %m");
+ flags = fcntl(ppp_dev_fd, F_GETFL);
+@@ -693,7 +693,7 @@ int bundle_attach(int ifnum)
+ if (!new_style_driver)
+ return -1;
+
+- master_fd = open("/dev/ppp", O_RDWR);
++ master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ if (master_fd < 0)
+ fatal("Couldn't open /dev/ppp: %m");
+ if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) {
+@@ -1715,7 +1715,7 @@ int sifproxyarp (int unit, u_int32_t his_adr)
+ if (tune_kernel) {
+ forw_path = path_to_procfs("/sys/net/ipv4/ip_forward");
+ if (forw_path != 0) {
+- int fd = open(forw_path, O_WRONLY);
++ int fd = open(forw_path, O_WRONLY | O_CLOEXEC);
+ if (fd >= 0) {
+ if (write(fd, "1", 1) != 1)
+ error("Couldn't enable IP forwarding: %m");
+@@ -2030,7 +2030,7 @@ int ppp_available(void)
+ sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch);
+ kernel_version = KVERSION(osmaj, osmin, ospatch);
+
+- fd = open("/dev/ppp", O_RDWR);
++ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ if (fd >= 0) {
+ new_style_driver = 1;
+
+@@ -2208,7 +2208,7 @@ void logwtmp (const char *line, const char *name, const char *host)
+ #if __GLIBC__ >= 2
+ updwtmp(_PATH_WTMP, &ut);
+ #else
+- wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY);
++ wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC);
+ if (wtmp >= 0) {
+ flock(wtmp, LOCK_EX);
+
+@@ -2394,7 +2394,7 @@ int sifaddr (int unit, u_int32_t our_adr, u_int32_t his_adr,
+ int fd;
+
+ path = path_to_procfs("/sys/net/ipv4/ip_dynaddr");
+- if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) {
++ if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) {
+ if (write(fd, "1", 1) != 1)
+ error("Couldn't enable dynamic IP addressing: %m");
+ close(fd);
+@@ -2570,7 +2570,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
+ /*
+ * Try the unix98 way first.
+ */
+- mfd = open("/dev/ptmx", O_RDWR);
++ mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC);
+ if (mfd >= 0) {
+ int ptn;
+ if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
+@@ -2581,7 +2581,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
+ if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0)
+ warn("Couldn't unlock pty slave %s: %m", pty_name);
+ #endif
+- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
++ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
+ warn("Couldn't open pty slave %s: %m", pty_name);
+ }
+ }
+@@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
+ for (i = 0; i < 64; ++i) {
+ slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
+ 'p' + i / 16, i % 16);
+- mfd = open(pty_name, O_RDWR, 0);
++ mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0);
+ if (mfd >= 0) {
+ pty_name[5] = 't';
+- sfd = open(pty_name, O_RDWR | O_NOCTTY, 0);
++ sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0);
+ if (sfd >= 0) {
+ fchown(sfd, uid, -1);
+ fchmod(sfd, S_IRUSR | S_IWUSR);
+diff --git a/pppd/tdb.c b/pppd/tdb.c
+index bdc5828..c7ab71c 100644
+--- a/pppd/tdb.c
++++ b/pppd/tdb.c
+@@ -1724,7 +1724,7 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
+ goto internal;
+ }
+
+- if ((tdb->fd = open(name, open_flags, mode)) == -1) {
++ if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) {
+ TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
+ name, strerror(errno)));
+ goto fail; /* errno set by open(2) */
+@@ -1967,7 +1967,7 @@ int tdb_reopen(TDB_CONTEXT *tdb)
+ }
+ if (close(tdb->fd) != 0)
+ TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n"));
+- tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0);
++ tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0);
+ if (tdb->fd == -1) {
+ TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno)));
+ goto fail;
+diff --git a/pppd/tty.c b/pppd/tty.c
+index d571b11..bc96695 100644
+--- a/pppd/tty.c
++++ b/pppd/tty.c
+@@ -569,7 +569,7 @@ int connect_tty()
+ status = EXIT_OPEN_FAILED;
+ goto errret;
+ }
+- real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
++ real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0);
+ err = errno;
+ if (prio < OPRIO_ROOT && seteuid(0) == -1)
+ fatal("Unable to regain privileges");
+@@ -723,7 +723,7 @@ int connect_tty()
+ if (connector == NULL && modem && devnam[0] != 0) {
+ int i;
+ for (;;) {
+- if ((i = open(devnam, O_RDWR)) >= 0)
++ if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0)
+ break;
+ if (errno != EINTR) {
+ error("Failed to reopen %s: %m", devnam);
+diff --git a/pppd/utils.c b/pppd/utils.c
+index 29bf970..6051b9a 100644
+--- a/pppd/utils.c
++++ b/pppd/utils.c
+@@ -918,14 +918,14 @@ lock(dev)
+ slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev);
+ #endif
+
+- while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
++ while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) {
+ if (errno != EEXIST) {
+ error("Can't create lock file %s: %m", lock_file);
+ break;
+ }
+
+ /* Read the lock file to find out who has the device locked. */
+- fd = open(lock_file, O_RDONLY, 0);
++ fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0);
+ if (fd < 0) {
+ if (errno == ENOENT) /* This is just a timing problem. */
+ continue;
+@@ -1004,7 +1004,7 @@ relock(pid)
+
+ if (lock_file[0] == 0)
+ return -1;
+- fd = open(lock_file, O_WRONLY, 0);
++ fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0);
+ if (fd < 0) {
+ error("Couldn't reopen lock file %s: %m", lock_file);
+ lock_file[0] = 0;
+--
+1.8.3.1
+
--- /dev/null
+From 2a97ab28ee00586e5f06b3ef3a0e43ea0c7c6499 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Mon, 7 Apr 2014 14:21:41 +0200
+Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket
+
+---
+ pppd/plugins/pppoatm/pppoatm.c | 2 +-
+ pppd/plugins/pppol2tp/openl2tp.c | 2 +-
+ pppd/plugins/pppol2tp/pppol2tp.c | 2 +-
+ pppd/plugins/rp-pppoe/if.c | 2 +-
+ pppd/plugins/rp-pppoe/plugin.c | 6 +++---
+ pppd/plugins/rp-pppoe/pppoe-discovery.c | 2 +-
+ pppd/sys-linux.c | 10 +++++-----
+ pppd/tty.c | 2 +-
+ 8 files changed, 14 insertions(+), 14 deletions(-)
+
+diff --git a/pppd/plugins/pppoatm/pppoatm.c b/pppd/plugins/pppoatm/pppoatm.c
+index d693350..c31bb34 100644
+--- a/pppd/plugins/pppoatm/pppoatm.c
++++ b/pppd/plugins/pppoatm/pppoatm.c
+@@ -135,7 +135,7 @@ static int connect_pppoatm(void)
+
+ if (!device_got_set)
+ no_device_given_pppoatm();
+- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0);
++ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (fd < 0)
+ fatal("failed to create socket: %m");
+ memset(&qos, 0, sizeof qos);
+diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c
+index 9643b96..1099575 100644
+--- a/pppd/plugins/pppol2tp/openl2tp.c
++++ b/pppd/plugins/pppol2tp/openl2tp.c
+@@ -83,7 +83,7 @@ static int openl2tp_client_create(void)
+ int result;
+
+ if (openl2tp_fd < 0) {
+- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0);
++ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (openl2tp_fd < 0) {
+ error("openl2tp connection create: %m");
+ return -ENOTCONN;
+diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c
+index a7e3400..e64a778 100644
+--- a/pppd/plugins/pppol2tp/pppol2tp.c
++++ b/pppd/plugins/pppol2tp/pppol2tp.c
+@@ -208,7 +208,7 @@ static void send_config_pppol2tp(int mtu,
+ struct ifreq ifr;
+ int fd;
+
+- fd = socket(AF_INET, SOCK_DGRAM, 0);
++ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (fd >= 0) {
+ memset (&ifr, '\0', sizeof (ifr));
+ strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
+diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c
+index 91e9a57..72aba41 100644
+--- a/pppd/plugins/rp-pppoe/if.c
++++ b/pppd/plugins/rp-pppoe/if.c
+@@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
+ stype = SOCK_PACKET;
+ #endif
+
+- if ((fd = socket(domain, stype, htons(type))) < 0) {
++ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
+ /* Give a more helpful message for the common error case */
+ if (errno == EPERM) {
+ fatal("Cannot create raw socket -- pppoe must be run as root.");
+diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c
+index a8c2bb4..24bdf8f 100644
+--- a/pppd/plugins/rp-pppoe/plugin.c
++++ b/pppd/plugins/rp-pppoe/plugin.c
+@@ -137,7 +137,7 @@ PPPOEConnectDevice(void)
+ /* server equipment). */
+ /* Opening this socket just before waitForPADS in the discovery() */
+ /* function would be more appropriate, but it would mess-up the code */
+- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE);
++ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE);
+ if (conn->sessionSocket < 0) {
+ error("Failed to create PPPoE socket: %m");
+ return -1;
+@@ -148,7 +148,7 @@ PPPOEConnectDevice(void)
+ lcp_wantoptions[0].mru = conn->mru;
+
+ /* Update maximum MRU */
+- s = socket(AF_INET, SOCK_DGRAM, 0);
++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (s < 0) {
+ error("Can't get MTU for %s: %m", conn->ifName);
+ goto errout;
+@@ -320,7 +320,7 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit)
+ }
+
+ /* Open a socket */
+- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) {
++ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) {
+ r = 0;
+ }
+
+diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
+index 3d3bf4e..c0d927d 100644
+--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
++++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
+@@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
+ stype = SOCK_PACKET;
+ #endif
+
+- if ((fd = socket(domain, stype, htons(type))) < 0) {
++ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
+ /* Give a more helpful message for the common error case */
+ if (errno == EPERM) {
+ rp_fatal("Cannot create raw socket -- pppoe must be run as root.");
+diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
+index 00a2cf5..0690019 100644
+--- a/pppd/sys-linux.c
++++ b/pppd/sys-linux.c
+@@ -308,12 +308,12 @@ static int modify_flags(int fd, int clear_bits, int set_bits)
+ void sys_init(void)
+ {
+ /* Get an internet socket for doing socket ioctls. */
+- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock_fd < 0)
+ fatal("Couldn't create IP socket: %m(%d)", errno);
+
+ #ifdef INET6
+- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0);
++ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock6_fd < 0)
+ sock6_fd = -errno; /* save errno for later */
+ #endif
+@@ -1857,7 +1857,7 @@ get_if_hwaddr(u_char *addr, char *name)
+ struct ifreq ifreq;
+ int ret, sock_fd;
+
+- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock_fd < 0)
+ return 0;
+ memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
+@@ -2067,7 +2067,7 @@ int ppp_available(void)
+ /*
+ * Open a socket for doing the ioctl operations.
+ */
+- s = socket(AF_INET, SOCK_DGRAM, 0);
++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (s < 0)
+ return 0;
+
+@@ -2860,7 +2860,7 @@ ether_to_eui64(eui64_t *p_eui64)
+ int skfd;
+ const unsigned char *ptr;
+
+- skfd = socket(PF_INET6, SOCK_DGRAM, 0);
++ skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if(skfd == -1)
+ {
+ warn("could not open IPv6 socket");
+diff --git a/pppd/tty.c b/pppd/tty.c
+index bc96695..8e76a5d 100644
+--- a/pppd/tty.c
++++ b/pppd/tty.c
+@@ -896,7 +896,7 @@ open_socket(dest)
+ *sep = ':';
+
+ /* get a socket and connect it to the other end */
+- sock = socket(PF_INET, SOCK_STREAM, 0);
++ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
+ if (sock < 0) {
+ error("Can't create socket: %m");
+ return -1;
+--
+1.8.3.1
+
--- /dev/null
+diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
+index 9ab2eee..86762bd 100644
+--- a/pppd/plugins/rp-pppoe/pppoe.h
++++ b/pppd/plugins/rp-pppoe/pppoe.h
+@@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session;
+ #define STATE_TERMINATED 4
+
+ /* How many PADI/PADS attempts? */
+-#define MAX_PADI_ATTEMPTS 3
++#define MAX_PADI_ATTEMPTS 12
+
+ /* Initial timeout for PADO/PADS */
+ #define PADI_TIMEOUT 5
mkisofs -J -r -V "ipfire backup ${TS}" \
-b boot/isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table \
-c boot/isolinux/boot.catalog backupiso.${TS} > $(basename ${ISO} .iso)-${TS}.iso
+isohybrid $(basename ${ISO} .iso)-${TS}.iso
echo "Cleaning up"
rm -rf backupiso.${TS}