Rene Zingel <linuxadmin@ea5c0bd1-69bd-2848-81d8-4f18e57aeed8>
Ronald Wiesinger <rowie@ipfire.org>
Stéphane Pautrel <steph78630@gmail.com>
+Erik Kapfer <ummeegge@ipfire.org>
}
}
}
+sub get_ipsec_id {
+ my $val = shift;
+
+ foreach my $key (keys %ipsecconf) {
+ if ($ipsecconf{$key}[1] eq $val) {
+ return $key;
+ }
+ }
+}
sub get_ovpn_n2n_ip
{
my $val=shift;
my @parts = split(/\|/, $value);
push(@ret, [$parts[1], ""]);
}else{
- my $network_address = &get_ipsec_net_ip($value, 11);
- my @nets = split(/\|/, $network_address);
- foreach my $net (@nets) {
- push(@ret, [$net, ""]);
+ my $interface_mode = &get_ipsec_net_ip($value, 36);
+ if ($interface_mode ~~ ["gre", "vti"]) {
+ my $id = &get_ipsec_id($value);
+ push(@ret, ["0.0.0.0/0", "${interface_mode}${id}"]);
+ } else {
+ my $network_address = &get_ipsec_net_ip($value, 11);
+ my @nets = split(/\|/, $network_address);
+ foreach my $net (@nets) {
+ push(@ret, [$net, ""]);
+ }
}
}
VPN_CONFIG="/var/ipfire/vpn/config"
+eval $(/usr/local/bin/readhash /var/ipfire/vpn/settings)
+
+VARS=(
+ id status name lefthost type ctype psk local local_id leftsubnets
+ remote_id remote rightsubnets x3 x4 x5 x6 x7 x8 x9 x10 x11 x12
+ x13 x14 x15 x16 x17 x18 x19 proto x20 x21 x22
+ route x23 mode interface_mode interface_address interface_mtu rest
+)
+
block_subnet() {
local subnet="${1}"
local action="${2}"
return 0
}
-block_ipsec() {
- # Flush all exists rules
+install_policy() {
+ # Flush existing rules
+ iptables -F IPSECINPUT
+ iptables -F IPSECOUTPUT
iptables -F IPSECBLOCK
- local action
+ # We are done when IPsec is not enabled
+ [ "${ENABLED}" = "on" ] || exit 0
- local vars="id status name lefthost type ctype x1 x2 x3 leftsubnets"
- vars="${vars} x4 righthost rightsubnets x5 x6 x7 x8 x9 x10 x11 x12"
- vars="${vars} x13 x14 x15 x16 x17 x18 x19 x20 x21 proto x22 x23 x24"
- vars="${vars} route rest"
+ # IKE
+ iptables -A IPSECINPUT -p udp --dport 500 -j ACCEPT
+ iptables -A IPSECOUTPUT -p udp --dport 500 -j ACCEPT
+
+ # IKE NAT
+ iptables -A IPSECINPUT -p udp --dport 4500 -j ACCEPT
+ iptables -A IPSECOUTPUT -p udp --dport 4500 -j ACCEPT
# Register local variables
- local ${vars}
+ local "${VARS[@]}"
+ local action
- while IFS="," read -r ${vars}; do
+ while IFS="," read -r "${VARS[@]}"; do
# Check if the connection is enabled
[ "${status}" = "on" ] || continue
# Check if this a net-to-net connection
[ "${type}" = "net" ] || continue
+ # Default local to 0.0.0.0/0
+ if [ "${local}" = "" -o "${local}" = "off" ]; then
+ local="0.0.0.0/0"
+ fi
+
+ # Install permissions for GRE traffic
+ case "${interface_mode}" in
+ gre)
+ if [ -n "${remote}" ]; then
+ iptables -A IPSECINPUT -p gre \
+ -s "${remote}" -d "${local}" -j ACCEPT
+
+ iptables -A IPSECOUTPUT -p gre \
+ -s "${local}" -d "${remote}" -j ACCEPT
+ fi
+ ;;
+ esac
+
+ # Install firewall rules only for interfaces without interface
+ [ -n "${interface_mode}" ] && continue
+
# Split multiple subnets
rightsubnets="${rightsubnets//\|/ }"
done < "${VPN_CONFIG}"
}
-block_ipsec || exit $?
+install_policy || exit $?
#usr/bin/objcopy
#usr/bin/objdump
#usr/bin/ranlib
-#usr/bin/readelf
+usr/bin/readelf
#usr/bin/size
-#usr/bin/strings
+usr/bin/strings
#usr/bin/strip
#usr/include/ansidecl.h
#usr/include/bfd.h
#usr/lib
usr/lib/firewall
usr/lib/firewall/firewall-lib.pl
-usr/lib/firewall/ipsec-block
+usr/lib/firewall/ipsec-policy
usr/lib/firewall/rules.pl
#usr/lib/libgcc_s.so
usr/lib/libgcc_s.so.1
usr/local/bin/consort.sh
usr/local/bin/convert-ovpn
usr/local/bin/hddshutdown
+usr/local/bin/ipsec-interfaces
usr/local/bin/makegraphs
usr/local/bin/qosd
usr/local/bin/readhash
#usr/bin/objcopy
#usr/bin/objdump
#usr/bin/ranlib
-#usr/bin/readelf
+usr/bin/readelf
#usr/bin/size
-#usr/bin/strings
+usr/bin/strings
#usr/bin/strip
#usr/include/ansidecl.h
#usr/include/bfd.h
#usr/lib/libbind9.la
#usr/lib/libbind9.so
usr/lib/libbind9.so.161
-usr/lib/libbind9.so.161.0.0
+usr/lib/libbind9.so.161.0.1
#usr/lib/libdns.la
#usr/lib/libdns.so
-usr/lib/libdns.so.1104
-usr/lib/libdns.so.1104.0.1
+usr/lib/libdns.so.1105
+usr/lib/libdns.so.1105.0.0
#usr/lib/libisc.la
#usr/lib/libisc.so
usr/lib/libisc.so.1100
-usr/lib/libisc.so.1100.0.0
+usr/lib/libisc.so.1100.0.1
#usr/lib/libisccc.la
#usr/lib/libisccc.so
usr/lib/libisccc.so.161
-usr/lib/libisccc.so.161.0.0
+usr/lib/libisccc.so.161.0.1
#usr/lib/libisccfg.la
#usr/lib/libisccfg.so
usr/lib/libisccfg.so.163
-usr/lib/libisccfg.so.163.0.0
+usr/lib/libisccfg.so.163.0.1
#usr/lib/liblwres.la
#usr/lib/liblwres.so
usr/lib/liblwres.so.161
-usr/lib/liblwres.so.161.0.0
+usr/lib/liblwres.so.161.0.1
#usr/share/man/man1/dig.1
#usr/share/man/man1/host.1
#usr/share/man/man1/nslookup.1
#usr/bin/objcopy
#usr/bin/objdump
#usr/bin/ranlib
-#usr/bin/readelf
+usr/bin/readelf
#usr/bin/size
-#usr/bin/strings
+usr/bin/strings
#usr/bin/strip
#usr/include/ansidecl.h
#usr/include/bfd.h
#usr/include/libipset/args.h
#usr/include/libipset/data.h
#usr/include/libipset/errcode.h
+#usr/include/libipset/ipset.h
#usr/include/libipset/linux_ip_set.h
#usr/include/libipset/linux_ip_set_bitmap.h
#usr/include/libipset/linux_ip_set_hash.h
#usr/include/libipset/session.h
#usr/include/libipset/transport.h
#usr/include/libipset/types.h
-#usr/include/libipset/ui.h
#usr/include/libipset/utils.h
#usr/lib/libipset.la
#usr/lib/libipset.so
-usr/lib/libipset.so.11
-usr/lib/libipset.so.11.1.0
+usr/lib/libipset.so.13
+usr/lib/libipset.so.13.1.0
#usr/lib/pkgconfig/libipset.pc
usr/sbin/ipset
+#usr/share/man/man3/libipset.3
#usr/share/man/man8/ipset.8
#usr/lib/libgcrypt.la
#usr/lib/libgcrypt.so
usr/lib/libgcrypt.so.20
-usr/lib/libgcrypt.so.20.2.3
+usr/lib/libgcrypt.so.20.2.4
#usr/share/aclocal/libgcrypt.m4
#usr/share/info/gcrypt.info
#usr/share/info/gcrypt.info-1
#usr/share/doc/openssl/html/man3/OPENSSL_INIT_free.html
#usr/share/doc/openssl/html/man3/OPENSSL_INIT_new.html
#usr/share/doc/openssl/html/man3/OPENSSL_INIT_set_config_appname.html
+#usr/share/doc/openssl/html/man3/OPENSSL_INIT_set_config_file_flags.html
+#usr/share/doc/openssl/html/man3/OPENSSL_INIT_set_config_filename.html
#usr/share/doc/openssl/html/man3/OPENSSL_LH_COMPFUNC.html
#usr/share/doc/openssl/html/man3/OPENSSL_LH_DOALL_FUNC.html
#usr/share/doc/openssl/html/man3/OPENSSL_LH_HASHFUNC.html
#usr/share/man/man3/OPENSSL_INIT_free.3
#usr/share/man/man3/OPENSSL_INIT_new.3
#usr/share/man/man3/OPENSSL_INIT_set_config_appname.3
+#usr/share/man/man3/OPENSSL_INIT_set_config_file_flags.3
+#usr/share/man/man3/OPENSSL_INIT_set_config_filename.3
#usr/share/man/man3/OPENSSL_LH_COMPFUNC.3
#usr/share/man/man3/OPENSSL_LH_DOALL_FUNC.3
#usr/share/man/man3/OPENSSL_LH_HASHFUNC.3
#usr/share/man/man7/passphrase-encoding.7
#usr/share/man/man7/scrypt.7
#usr/share/man/man7/ssl.7
-#usr/share/man/man7/x509.7
\ No newline at end of file
+#usr/share/man/man7/x509.7
#usr/lib
usr/lib/firewall
usr/lib/firewall/firewall-lib.pl
-usr/lib/firewall/ipsec-block
+usr/lib/firewall/ipsec-policy
usr/lib/firewall/rules.pl
#usr/lib/libgcc_s.so
usr/lib/libgcc_s.so.1
usr/local/bin/consort.sh
usr/local/bin/convert-ovpn
usr/local/bin/hddshutdown
+usr/local/bin/ipsec-interfaces
usr/local/bin/makegraphs
usr/local/bin/qosd
usr/local/bin/readhash
#usr/lib/libunbound.la
#usr/lib/libunbound.so
usr/lib/libunbound.so.8
-usr/lib/libunbound.so.8.0.3
+usr/lib/libunbound.so.8.1.0
#usr/lib/pkgconfig/libunbound.pc
usr/sbin/unbound
usr/sbin/unbound-anchor
#usr/bin/objcopy
#usr/bin/objdump
#usr/bin/ranlib
-#usr/bin/readelf
+usr/bin/readelf
#usr/bin/size
-#usr/bin/strings
+usr/bin/strings
#usr/bin/strip
#usr/include/ansidecl.h
#usr/include/bfd.h
#usr/lib
usr/lib/firewall
usr/lib/firewall/firewall-lib.pl
-usr/lib/firewall/ipsec-block
+usr/lib/firewall/ipsec-policy
usr/lib/firewall/rules.pl
#usr/lib/libgcc_s.so
usr/lib/libgcc_s.so.1
usr/local/bin/consort.sh
usr/local/bin/convert-ovpn
usr/local/bin/hddshutdown
+usr/local/bin/ipsec-interfaces
usr/local/bin/makegraphs
usr/local/bin/qosd
usr/local/bin/readhash
--- /dev/null
+boot/config.txt
+boot/grub/grub.cfg
+boot/grub/grubenv
+etc/alternatives
+etc/collectd.custom
+etc/default/grub
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/snort/snort.conf
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/dma
+var/ipfire/time
+var/ipfire/ovpn
+var/lib/alternatives
+var/log/cache
+var/log/dhcpcd.log
+var/log/messages
+var/state/dhcp/dhcpd.leases
+var/updatecache
--- /dev/null
+../../../common/bind
\ No newline at end of file
--- /dev/null
+etc/system-release
+etc/issue
+var/ipfire/langs
+etc/rc.d/init.d/firewall
+etc/rc.d/init.d/network
+etc/rc.d/init.d/networking/red.up/50-ipsec
+srv/web/ipfire/cgi-bin/credits.cgi
+srv/web/ipfire/cgi-bin/index.cgi
+srv/web/ipfire/cgi-bin/netovpnsrv.cgi
+srv/web/ipfire/cgi-bin/proxy.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
+usr/bin/readelf
+usr/bin/strings
+usr/lib/firewall/firewall-lib.pl
+usr/lib/firewall/ipsec-policy
+usr/local/bin/ipsec-interfaces
+usr/local/bin/ipsecctrl
--- /dev/null
+../../../common/ipset
\ No newline at end of file
--- /dev/null
+../../../common/libgcrypt
\ No newline at end of file
--- /dev/null
+../../../common/openvpn
\ No newline at end of file
--- /dev/null
+../../../common/squid
\ No newline at end of file
--- /dev/null
+../../../common/tar
\ No newline at end of file
--- /dev/null
+../../../common/unbound
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2019 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+core=129
+
+# Remove old core updates from pakfire cache to save space...
+for (( i=1; i<=$core; i++ )); do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+# Stop services
+/etc/init.d/squid stop
+/usr/local/bin/openvpnctrl -k
+/usr/local/bin/openvpnctrl -kn2n
+/usr/local/bin/ipsecctrl D
+/etc/init.d/unbound stop
+
+# Remove files
+rm -vf \
+ /usr/lib/firewall/ipsec-block
+
+# Extract files
+extract_files
+
+# update linker config
+ldconfig
+
+# Update Language cache
+/usr/local/bin/update-lang-cache
+
+# Start services
+/etc/init.d/firewall restart
+/etc/init.d/unbound start
+/usr/local/bin/ipsecctrl S
+/usr/local/bin/openvpnctrl -s
+/usr/local/bin/openvpnctrl -sn2n
+/etc/init.d/squid start
+
+# This update needs a reboot...
+#touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Update grub config to display new core version
+if [ -e /boot/grub/grub.cfg ]; then
+ grub-mkconfig -o /boot/grub/grub.cfg
+fi
+
+sync
+
+# Don't report the exitcode last command
+exit 0
--- /dev/null
+../../../../common/i586/openssl-sse2
\ No newline at end of file
--- /dev/null
+../../../common/openssl
\ No newline at end of file
--- /dev/null
+../../../common/strongswan
\ No newline at end of file
--- /dev/null
+usr/sbin/spectre-meltdown-checker
# Install routes into a separate routing table for established IPsec
# tunnels.
- # install_routes = yes
+ install_routes = no
# Install virtual IP addresses.
# install_virtual_ip = yes
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
-WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
+WARNING: translation string unused: vpn delayed start
+WARNING: translation string unused: vpn delayed start help
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
WARNING: translation string unused: vpn on orange
+WARNING: translation string unused: vpn red name
WARNING: translation string unused: vpn watch
WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: community rules = Snort/VRT GPLv2 Community Rules
WARNING: untranslated string: dead peer detection = Dead Peer Detection
+WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules
WARNING: untranslated string: fwhost cust geoipgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
WARNING: untranslated string: guardian watch snort alertfile = unknown string
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
WARNING: untranslated string: info messages = unknown string
+WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: no data = unknown string
-WARNING: untranslated string: none = none
-WARNING: untranslated string: qos add subclass = Add subclass
WARNING: untranslated string: route config changed = unknown string
WARNING: untranslated string: routing config added = unknown string
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: routing table = unknown string
WARNING: untranslated string: show tls-auth key = Show tls-auth key
-WARNING: untranslated string: vpn force mobike = Force using MOBIKE (only IKEv2)
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: december = December
WARNING: untranslated string: def lease time = Default Lease Time
WARNING: untranslated string: default = Default
+WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: default lease time = Default lease time (mins):
WARNING: untranslated string: default renewal time = Default Renewal Time
WARNING: untranslated string: delete = Delete
WARNING: untranslated string: instant update = Instant Update
WARNING: untranslated string: integrity = Integrity:
WARNING: untranslated string: interface = Interface
+WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: interfaces = Interfaces
WARNING: untranslated string: internet = INTERNET
WARNING: untranslated string: intrusion detection = Intrusion Detection
WARNING: untranslated string: invalid input for hostname = Invalid input for hostname.
WARNING: untranslated string: invalid input for ike lifetime = Invalid input for IKE lifetime
WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
+WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
+WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
+WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
WARNING: untranslated string: invalid input for keepalive 1 = Invalid input for Keepalive ping
WARNING: untranslated string: invalid input for keepalive 1:2 = Invalid input for Keepalive use at least a ratio of 1:2
WARNING: untranslated string: invalid input for keepalive 2 = Invalid input for Keepalive ping-restart
+WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
WARNING: untranslated string: invalid input for max clients = Invalid input for Max Clients
+WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid input for name = Invalid input for user's full name or system hostname
WARNING: untranslated string: invalid input for oink code = Invalid input for Oink code
WARNING: untranslated string: invalid input for organization = Invalid input for organization
WARNING: untranslated string: ipfires hostname = IPFire's Hostname
WARNING: untranslated string: ipinfo = IP info
WARNING: untranslated string: ipsec = IPsec
+WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec interface mode gre = GRE
+WARNING: untranslated string: ipsec interface mode none = - None (Default) -
+WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec mode transport = Transport
+WARNING: untranslated string: ipsec mode tunnel = Tunnel
WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec settings = IPsec Settings
WARNING: untranslated string: iptmangles = IPTable Mangles
WARNING: untranslated string: iptnats = IPTable Network Address Translation
WARNING: untranslated string: ipts = iptables
WARNING: untranslated string: lifetime = Lifetime:
WARNING: untranslated string: linkq = Link Quality
WARNING: untranslated string: load printer = Load Printer
+WARNING: untranslated string: local ip address = Local IP Address
WARNING: untranslated string: local master = Local Master
WARNING: untranslated string: local ntp server specified but not enabled = Local NTP server specified but not enabled
WARNING: untranslated string: local subnet = Local subnet:
WARNING: untranslated string: minute = Minute
WARNING: untranslated string: minutes = Minutes
WARNING: untranslated string: misc-options = Miscellaneous options
+WARNING: untranslated string: mode = Mode
WARNING: untranslated string: model = Model
WARNING: untranslated string: modem = Modem
WARNING: untranslated string: modem configuration = Modem configuration
WARNING: untranslated string: mpfire search = MPFire Search
WARNING: untranslated string: mpfire songs = MPFire songlist
WARNING: untranslated string: mpfire webradio = MPFire Webradio
+WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: my new share = My new share
WARNING: untranslated string: name = Name
WARNING: untranslated string: name is invalid = Name is invalid
WARNING: untranslated string: stop ovpn server = Stop OpenVPN Server
WARNING: untranslated string: stopped = STOPPED
WARNING: untranslated string: subject = Subject
+WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: subscripted user rules = Sourcefire VRT rules with subscription
WARNING: untranslated string: summaries kept = Keep summaries for
WARNING: untranslated string: sunday = Sunday
WARNING: untranslated string: total hits for log section = Total hits for log section
WARNING: untranslated string: traffic on = Traffic on
WARNING: untranslated string: traffics = Utilization-overview
+WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: tuesday = Tuesday
WARNING: untranslated string: twelve hours = 12 Hours
WARNING: untranslated string: two weeks = Two Weeks
WARNING: untranslated string: vpn auth-dn = Peer is identified by either IPV4_ADDR, FQDN, USER_FQDN or DER_ASN1_DN string in remote ID field
WARNING: untranslated string: vpn broken = Broken
WARNING: untranslated string: vpn connecting = CONNECTING
-WARNING: untranslated string: vpn delayed start = Delay before launching VPN (seconds)
-WARNING: untranslated string: vpn delayed start help = If required, this delay can be used to allow dynamic DNS updates to propagate properly. 60 is a common value when RED is a dynamic IP.
WARNING: untranslated string: vpn force mobike = Force using MOBIKE (only IKEv2)
WARNING: untranslated string: vpn inactivity timeout = Inactivity Timeout
WARNING: untranslated string: vpn keyexchange = Keyexchange
WARNING: untranslated string: vpn no full pki = missing private key to generate cert
WARNING: untranslated string: vpn on-demand = ON-DEMAND
WARNING: untranslated string: vpn payload compression = Negotiate payload compression
-WARNING: untranslated string: vpn red name = Public IP or FQDN for RED interface or <%defaultroute>
WARNING: untranslated string: vpn remote id = Remote ID
WARNING: untranslated string: vpn start action = Start Action
WARNING: untranslated string: vpn start action add = Wait for connection initiation
WARNING: untranslated string: vpn start action route = On Demand
WARNING: untranslated string: vpn start action start = Always On
-WARNING: untranslated string: vpn statistic n2n = OpenVPN Net-to-Net Statistics
-WARNING: untranslated string: vpn statistic rw = OpenVPN Roadwarrior Statistics
+WARNING: untranslated string: vpn statistic n2n = VPN: Net-to-Net Statistics
+WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn subjectaltname = Subject Alt Name
WARNING: untranslated string: vpn wait = WAITING
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
-WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
WARNING: translation string unused: vpn configuration main
+WARNING: translation string unused: vpn delayed start
+WARNING: translation string unused: vpn delayed start help
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
WARNING: translation string unused: vpn on orange
+WARNING: translation string unused: vpn red name
WARNING: translation string unused: vpn watch
WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
WARNING: untranslated string: crypto warning = Cryptographic warning
WARNING: untranslated string: dead peer detection = Dead Peer Detection
WARNING: untranslated string: default = Default
+WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: deprecated fs warn = Deprecated filesystem! Newer kernel drop the support. Backup and reformat!
WARNING: untranslated string: details = Details
WARNING: untranslated string: dh = Diffie-Hellman parameters
WARNING: untranslated string: incoming overhead in bytes per second = Incoming Overhead
WARNING: untranslated string: info messages = unknown string
WARNING: untranslated string: integrity = Integrity:
+WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: invalid input for dpd delay = Invalid input for DPD delay
WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout
WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
+WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
+WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
+WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
+WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
+WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
WARNING: untranslated string: ipsec = IPsec
+WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec interface mode gre = GRE
+WARNING: untranslated string: ipsec interface mode none = - None (Default) -
+WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec mode transport = Transport
+WARNING: untranslated string: ipsec mode tunnel = Tunnel
WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec settings = IPsec Settings
WARNING: untranslated string: last = Last
WARNING: untranslated string: least preferred = least preferred
WARNING: untranslated string: lifetime = Lifetime:
+WARNING: untranslated string: local ip address = Local IP Address
WARNING: untranslated string: log server protocol = protocol:
WARNING: untranslated string: mac filter = MAC filter
WARNING: untranslated string: masquerade blue = Masquerade BLUE
WARNING: untranslated string: modem status = Modem Status
WARNING: untranslated string: monitor interface = Monitor Interface
WARNING: untranslated string: most preferred = most preferred
+WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: nameserver = Nameserver
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: none = none
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
WARNING: untranslated string: static routes = Static Routes
+WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: support donation = Support the IPFire project with your donation
WARNING: untranslated string: system has rdrand = This system has support for Intel(R) RDRAND.
WARNING: untranslated string: system information = System Information
WARNING: untranslated string: tor traffic limit soft = Traffic limit almost reached. Not accepting any new connections.
WARNING: untranslated string: tor traffic read written = Total traffic (read/written)
WARNING: untranslated string: tor use exit nodes = Use only these exit nodes (one per line)
+WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: twelve hours = 12 Hours
WARNING: untranslated string: two weeks = Two Weeks
WARNING: untranslated string: udp less overhead = UDP (less overhead)
WARNING: untranslated string: vpn start action add = Wait for connection initiation
WARNING: untranslated string: vpn start action route = On Demand
WARNING: untranslated string: vpn start action start = Always On
-WARNING: untranslated string: vpn statistic n2n = OpenVPN Net-to-Net Statistics
-WARNING: untranslated string: vpn statistic rw = OpenVPN Roadwarrior Statistics
+WARNING: untranslated string: vpn statistic n2n = VPN: Net-to-Net Statistics
+WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING
WARNING: untranslated string: vpn weak = Weak
WARNING: translation string unused: dmz pinhole rule removed
WARNING: translation string unused: dmzpinholes for same net not necessary
WARNING: translation string unused: dns server
-WARNING: translation string unused: dnsforward forward_server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: domain not set
WARNING: translation string unused: donation-link
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
-WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
WARNING: translation string unused: vpn configuration main
+WARNING: translation string unused: vpn delayed start
+WARNING: translation string unused: vpn delayed start help
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
WARNING: translation string unused: vpn on orange
+WARNING: translation string unused: vpn red name
WARNING: translation string unused: vpn watch
WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
WARNING: untranslated string: Captive clients = unknown string
WARNING: untranslated string: Scan for Songs = unknown string
WARNING: untranslated string: bytes = unknown string
-WARNING: untranslated string: dnsforward forward_servers = Nameservers
+WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: fwhost cust geoipgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
WARNING: untranslated string: guardian block a host = unknown string
WARNING: untranslated string: guardian watch snort alertfile = unknown string
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
WARNING: untranslated string: info messages = unknown string
-WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
+WARNING: untranslated string: interface mode = Interface
+WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
+WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
+WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
+WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
+WARNING: untranslated string: invalid input for mode = Invalid input for mode
+WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec interface mode gre = GRE
+WARNING: untranslated string: ipsec interface mode none = - None (Default) -
+WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec mode transport = Transport
+WARNING: untranslated string: ipsec mode tunnel = Tunnel
+WARNING: untranslated string: ipsec settings = IPsec Settings
+WARNING: untranslated string: local ip address = Local IP Address
+WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: pakfire ago = ago.
WARNING: untranslated string: route config changed = unknown string
WARNING: untranslated string: routing config added = unknown string
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: routing table = unknown string
+WARNING: untranslated string: subnet mask = Subnet Mask
+WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
-WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
WARNING: translation string unused: vpn configuration main
+WARNING: translation string unused: vpn delayed start
+WARNING: translation string unused: vpn delayed start help
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
WARNING: translation string unused: vpn on orange
+WARNING: translation string unused: vpn red name
WARNING: translation string unused: vpn watch
WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
WARNING: untranslated string: check all = Check all
WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
+WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
WARNING: untranslated string: dhcp dns key name = Key Name:
WARNING: untranslated string: dhcp dns update = DNS Update
WARNING: untranslated string: incoming compression in bytes per second = Incoming Compression
WARNING: untranslated string: incoming overhead in bytes per second = Incoming Overhead
WARNING: untranslated string: info messages = unknown string
+WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
+WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
+WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
+WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
+WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
+WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
+WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec interface mode gre = GRE
+WARNING: untranslated string: ipsec interface mode none = - None (Default) -
+WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec mode transport = Transport
+WARNING: untranslated string: ipsec mode tunnel = Tunnel
+WARNING: untranslated string: ipsec settings = IPsec Settings
+WARNING: untranslated string: local ip address = Local IP Address
WARNING: untranslated string: log server protocol = protocol:
WARNING: untranslated string: masquerade blue = Masquerade BLUE
WARNING: untranslated string: masquerade green = Masquerade GREEN
WARNING: untranslated string: masquerading disabled = Masquerading disabled
WARNING: untranslated string: masquerading enabled = Masquerading enabled
WARNING: untranslated string: messages = Messages
+WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: none = none
WARNING: untranslated string: one hour = One Hour
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
+WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: tcp more reliable = TCP (more reliable)
WARNING: untranslated string: ten minutes = 10 Minutes
WARNING: untranslated string: thirty minutes = 30 Minutes
+WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: twelve hours = 12 Hours
WARNING: untranslated string: two weeks = Two Weeks
WARNING: untranslated string: udp less overhead = UDP (less overhead)
WARNING: untranslated string: vpn start action add = Wait for connection initiation
WARNING: untranslated string: vpn start action route = On Demand
WARNING: untranslated string: vpn start action start = Always On
-WARNING: untranslated string: vpn statistic n2n = OpenVPN Net-to-Net Statistics
-WARNING: untranslated string: vpn statistic rw = OpenVPN Roadwarrior Statistics
+WARNING: untranslated string: vpn statistic n2n = VPN: Net-to-Net Statistics
+WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING
WARNING: untranslated string: vpn weak = Weak
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
-WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
WARNING: translation string unused: vpn configuration main
+WARNING: translation string unused: vpn delayed start
+WARNING: translation string unused: vpn delayed start help
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
WARNING: translation string unused: vpn on orange
+WARNING: translation string unused: vpn red name
WARNING: translation string unused: vpn watch
WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
WARNING: untranslated string: default = Default
+WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: dh = Diffie-Hellman parameters
WARNING: untranslated string: dh key move failed = Diffie-Hellman parameters move failed.
WARNING: untranslated string: dh key warn = Creating DH-parameters with a length of 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.
WARNING: untranslated string: incoming compression in bytes per second = Incoming Compression
WARNING: untranslated string: incoming overhead in bytes per second = Incoming Overhead
WARNING: untranslated string: info messages = unknown string
+WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
+WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
+WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
+WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
+WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
+WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
+WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec interface mode gre = GRE
+WARNING: untranslated string: ipsec interface mode none = - None (Default) -
+WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec mode transport = Transport
+WARNING: untranslated string: ipsec mode tunnel = Tunnel
+WARNING: untranslated string: ipsec settings = IPsec Settings
+WARNING: untranslated string: local ip address = Local IP Address
WARNING: untranslated string: log server protocol = protocol:
WARNING: untranslated string: masquerade blue = Masquerade BLUE
WARNING: untranslated string: masquerade green = Masquerade GREEN
WARNING: untranslated string: modem sim information = SIM Information
WARNING: untranslated string: modem status = Modem Status
WARNING: untranslated string: monitor interface = Monitor Interface
+WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: nameserver = Nameserver
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: none = none
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
+WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: ta key = TLS-Authentification-Key
WARNING: untranslated string: tcp more reliable = TCP (more reliable)
WARNING: untranslated string: ten minutes = 10 Minutes
WARNING: untranslated string: thirty minutes = 30 Minutes
+WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: twelve hours = 12 Hours
WARNING: untranslated string: two weeks = Two Weeks
WARNING: untranslated string: udp less overhead = UDP (less overhead)
WARNING: untranslated string: vpn start action add = Wait for connection initiation
WARNING: untranslated string: vpn start action route = On Demand
WARNING: untranslated string: vpn start action start = Always On
-WARNING: untranslated string: vpn statistic n2n = OpenVPN Net-to-Net Statistics
-WARNING: untranslated string: vpn statistic rw = OpenVPN Roadwarrior Statistics
+WARNING: untranslated string: vpn statistic n2n = VPN: Net-to-Net Statistics
+WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING
WARNING: untranslated string: vpn weak = Weak
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
-WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
WARNING: translation string unused: vpn configuration main
+WARNING: translation string unused: vpn delayed start
+WARNING: translation string unused: vpn delayed start help
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
WARNING: translation string unused: vpn on orange
+WARNING: translation string unused: vpn red name
WARNING: translation string unused: vpn watch
WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
WARNING: untranslated string: crypto warning = Cryptographic warning
WARNING: untranslated string: dead peer detection = Dead Peer Detection
WARNING: untranslated string: default = Default
+WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: deprecated fs warn = Deprecated filesystem! Newer kernel drop the support. Backup and reformat!
WARNING: untranslated string: details = Details
WARNING: untranslated string: dh = Diffie-Hellman parameters
WARNING: untranslated string: incoming overhead in bytes per second = Incoming Overhead
WARNING: untranslated string: info messages = unknown string
WARNING: untranslated string: integrity = Integrity:
+WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: invalid input for dpd delay = Invalid input for DPD delay
WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout
WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
+WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
+WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
+WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
+WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
+WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
WARNING: untranslated string: ipsec = IPsec
+WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec interface mode gre = GRE
+WARNING: untranslated string: ipsec interface mode none = - None (Default) -
+WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec mode transport = Transport
+WARNING: untranslated string: ipsec mode tunnel = Tunnel
WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec settings = IPsec Settings
WARNING: untranslated string: last = Last
WARNING: untranslated string: least preferred = least preferred
WARNING: untranslated string: lifetime = Lifetime:
+WARNING: untranslated string: local ip address = Local IP Address
WARNING: untranslated string: log server protocol = protocol:
WARNING: untranslated string: mac filter = MAC filter
WARNING: untranslated string: masquerade blue = Masquerade BLUE
WARNING: untranslated string: modem status = Modem Status
WARNING: untranslated string: monitor interface = Monitor Interface
WARNING: untranslated string: most preferred = most preferred
+WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: nameserver = Nameserver
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: none = none
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
WARNING: untranslated string: static routes = Static Routes
+WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: support donation = Support the IPFire project with your donation
WARNING: untranslated string: system has rdrand = This system has support for Intel(R) RDRAND.
WARNING: untranslated string: system information = System Information
WARNING: untranslated string: tor traffic limit soft = Traffic limit almost reached. Not accepting any new connections.
WARNING: untranslated string: tor traffic read written = Total traffic (read/written)
WARNING: untranslated string: tor use exit nodes = Use only these exit nodes (one per line)
+WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: twelve hours = 12 Hours
WARNING: untranslated string: two weeks = Two Weeks
WARNING: untranslated string: udp less overhead = UDP (less overhead)
WARNING: untranslated string: vpn start action add = Wait for connection initiation
WARNING: untranslated string: vpn start action route = On Demand
WARNING: untranslated string: vpn start action start = Always On
-WARNING: untranslated string: vpn statistic n2n = OpenVPN Net-to-Net Statistics
-WARNING: untranslated string: vpn statistic rw = OpenVPN Roadwarrior Statistics
+WARNING: untranslated string: vpn statistic n2n = VPN: Net-to-Net Statistics
+WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING
WARNING: untranslated string: vpn weak = Weak
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
-WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
WARNING: translation string unused: vpn configuration main
+WARNING: translation string unused: vpn delayed start
+WARNING: translation string unused: vpn delayed start help
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
WARNING: translation string unused: vpn on orange
+WARNING: translation string unused: vpn red name
WARNING: translation string unused: vpn watch
WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
WARNING: untranslated string: crypto warning = Cryptographic warning
WARNING: untranslated string: dead peer detection = Dead Peer Detection
WARNING: untranslated string: default = Default
+WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: deprecated fs warn = Deprecated filesystem! Newer kernel drop the support. Backup and reformat!
WARNING: untranslated string: details = Details
WARNING: untranslated string: dh = Diffie-Hellman parameters
WARNING: untranslated string: incoming traffic in bytes per second = Incoming Traffic
WARNING: untranslated string: info messages = unknown string
WARNING: untranslated string: integrity = Integrity:
+WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: invalid input for dpd delay = Invalid input for DPD delay
WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout
WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
+WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
+WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
+WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
+WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
+WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
WARNING: untranslated string: ipsec = IPsec
+WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec interface mode gre = GRE
+WARNING: untranslated string: ipsec interface mode none = - None (Default) -
+WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec mode transport = Transport
+WARNING: untranslated string: ipsec mode tunnel = Tunnel
WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec settings = IPsec Settings
WARNING: untranslated string: last = Last
WARNING: untranslated string: least preferred = least preferred
WARNING: untranslated string: lifetime = Lifetime:
+WARNING: untranslated string: local ip address = Local IP Address
WARNING: untranslated string: log server protocol = protocol:
WARNING: untranslated string: mac filter = MAC filter
WARNING: untranslated string: masquerade blue = Masquerade BLUE
WARNING: untranslated string: modem status = Modem Status
WARNING: untranslated string: monitor interface = Monitor Interface
WARNING: untranslated string: most preferred = most preferred
+WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: nameserver = Nameserver
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: none = none
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
WARNING: untranslated string: static routes = Static Routes
+WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: support donation = Support the IPFire project with your donation
WARNING: untranslated string: system has rdrand = This system has support for Intel(R) RDRAND.
WARNING: untranslated string: ta key = TLS-Authentification-Key
WARNING: untranslated string: tor traffic limit soft = Traffic limit almost reached. Not accepting any new connections.
WARNING: untranslated string: tor traffic read written = Total traffic (read/written)
WARNING: untranslated string: tor use exit nodes = Use only these exit nodes (one per line)
+WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: twelve hours = 12 Hours
WARNING: untranslated string: two weeks = Two Weeks
WARNING: untranslated string: udp less overhead = UDP (less overhead)
WARNING: untranslated string: vpn start action add = Wait for connection initiation
WARNING: untranslated string: vpn start action route = On Demand
WARNING: untranslated string: vpn start action start = Always On
-WARNING: untranslated string: vpn statistic n2n = OpenVPN Net-to-Net Statistics
-WARNING: untranslated string: vpn statistic rw = OpenVPN Roadwarrior Statistics
+WARNING: untranslated string: vpn statistic n2n = VPN: Net-to-Net Statistics
+WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING
WARNING: untranslated string: vpn weak = Weak
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
-WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
WARNING: translation string unused: vpn configuration main
+WARNING: translation string unused: vpn delayed start
+WARNING: translation string unused: vpn delayed start help
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
WARNING: translation string unused: vpn on orange
+WARNING: translation string unused: vpn red name
WARNING: translation string unused: vpn watch
WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
+WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: dnsforward forward_servers = Nameservers
WARNING: untranslated string: fwdfw all subnets = All subnets
WARNING: untranslated string: fwhost cust geoipgrp = unknown string
WARNING: untranslated string: guardian watch snort alertfile = unknown string
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
WARNING: untranslated string: info messages = unknown string
+WARNING: untranslated string: interface mode = Interface
+WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
+WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
+WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
+WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
+WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
+WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec interface mode gre = GRE
+WARNING: untranslated string: ipsec interface mode none = - None (Default) -
+WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec mode transport = Transport
+WARNING: untranslated string: ipsec mode tunnel = Tunnel
+WARNING: untranslated string: ipsec settings = IPsec Settings
+WARNING: untranslated string: local ip address = Local IP Address
+WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: ovpn error dh = The Diffie-Hellman parameter needs to be in minimum 2048 bit! <br>Please generate or upload a new Diffie-Hellman parameter, this can be made below in the section "Diffie-Hellman parameters options".</br>
WARNING: untranslated string: ovpn error md5 = You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
+WARNING: untranslated string: subnet mask = Subnet Mask
+WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: vpn start action add = Wait for connection initiation
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING
< choose media
< community rules
< could not connect to www ipfire org
+< cryptographic settings
< dead peer detection
+< default IP address
< dhcp server disabled on blue interface
< dhcp server enabled on blue interface
< dh name is invalid
< g.lite
< guardian
< insert removable device
-< none
+< interface mode
< notes
-< qos add subclass
< quick control
< shaping add options
< show areas
< updxlrtr used by
< upload fcdsl.o
< vpn configuration main
-< vpn force mobike
############################################################################
# Checking cgi-bin translations for language: es #
############################################################################
< countrycode
< country codes and flags
< crypto error
+< cryptographic settings
< crypto warning
< dead peer detection
< default
< default ip
+< default IP address
< deprecated fs warn
< details
< dh
< incoming firewall access
< incoming overhead in bytes per second
< integrity
+< interface mode
< invalid input for dpd delay
< invalid input for dpd timeout
< invalid input for inactivity timeout
+< invalid input for interface address
+< invalid input for interface mode
+< invalid input for interface mtu
+< invalid input for local ip address
+< invalid input for mode
< invalid input for valid till days
< invalid ip or hostname
< invalid logserver protocol
< ipsec
+< ipsec connection
+< ipsec interface mode gre
+< ipsec interface mode none
+< ipsec interface mode vti
+< ipsec mode transport
+< ipsec mode tunnel
< ipsec network
< ipsec no connections
+< ipsec settings
< last
< least preferred
< lifetime
+< local ip address
< log server protocol
< mac filter
< masquerade blue
< modem status
< monitor interface
< most preferred
+< mtu
< MTU settings
< nameserver
< never
< ssh no active logins
< ssh username
< static routes
+< subnet mask
< support donation
< system has hwrng
< system has rdrand
< tor traffic limit soft
< tor traffic read written
< tor use exit nodes
+< transport mode does not support vti
< twelve hours
< two weeks
< udp less overhead
############################################################################
# Checking cgi-bin translations for language: fr #
############################################################################
-< dnsforward forward_servers
-< invalid ip or hostname
+< cryptographic settings
+< default IP address
+< interface mode
+< invalid input for interface address
+< invalid input for interface mode
+< invalid input for interface mtu
+< invalid input for local ip address
+< invalid input for mode
+< ipsec connection
+< ipsec interface mode gre
+< ipsec interface mode none
+< ipsec interface mode vti
+< ipsec mode transport
+< ipsec mode tunnel
+< ipsec settings
+< local ip address
+< mtu
+< subnet mask
+< transport mode does not support vti
############################################################################
# Checking cgi-bin translations for language: it #
############################################################################
< Captive wrong ext
< check all
< crypto error
+< cryptographic settings
< crypto warning
+< default IP address
< dhcp dns enable update
< dhcp dns key name
< dhcp dns update
< guardian
< incoming compression in bytes per second
< incoming overhead in bytes per second
+< interface mode
< invalid input for inactivity timeout
+< invalid input for interface address
+< invalid input for interface mode
+< invalid input for interface mtu
+< invalid input for local ip address
+< invalid input for mode
< invalid input for valid till days
< invalid ip or hostname
< invalid logserver protocol
+< ipsec connection
+< ipsec interface mode gre
+< ipsec interface mode none
+< ipsec interface mode vti
+< ipsec mode transport
+< ipsec mode tunnel
+< ipsec settings
+< local ip address
< log server protocol
< masquerade blue
< masquerade green
< masquerading disabled
< masquerading enabled
< messages
+< mtu
< MTU settings
< none
< Number of Countries for the pie chart
< ssh login time
< ssh no active logins
< ssh username
+< subnet mask
< tcp more reliable
< ten minutes
< thirty minutes
+< transport mode does not support vti
< twelve hours
< two weeks
< udp less overhead
< Captive wrong ext
< check all
< crypto error
+< cryptographic settings
< crypto warning
< default
+< default IP address
< dh
< dhcp dns enable update
< dhcp dns key name
< imsi
< incoming compression in bytes per second
< incoming overhead in bytes per second
+< interface mode
< invalid input for inactivity timeout
+< invalid input for interface address
+< invalid input for interface mode
+< invalid input for interface mtu
+< invalid input for local ip address
+< invalid input for mode
< invalid input for valid till days
< invalid ip or hostname
< invalid logserver protocol
+< ipsec connection
+< ipsec interface mode gre
+< ipsec interface mode none
+< ipsec interface mode vti
+< ipsec mode transport
+< ipsec mode tunnel
+< ipsec settings
+< local ip address
< log server protocol
< masquerade blue
< masquerade green
< modem sim information
< modem status
< monitor interface
+< mtu
< MTU settings
< nameserver
< never
< ssh login time
< ssh no active logins
< ssh username
+< subnet mask
< ta key
< tcp more reliable
< ten minutes
< teovpn_fragment
< thirty minutes
+< transport mode does not support vti
< twelve hours
< two weeks
< udp less overhead
< countrycode
< country codes and flags
< crypto error
+< cryptographic settings
< crypto warning
< dead peer detection
< default
< default ip
+< default IP address
< deprecated fs warn
< details
< dh
< incoming firewall access
< incoming overhead in bytes per second
< integrity
+< interface mode
< invalid input for dpd delay
< invalid input for dpd timeout
< invalid input for inactivity timeout
+< invalid input for interface address
+< invalid input for interface mode
+< invalid input for interface mtu
+< invalid input for local ip address
+< invalid input for mode
< invalid input for valid till days
< invalid ip or hostname
< invalid logserver protocol
< ipsec
+< ipsec connection
+< ipsec interface mode gre
+< ipsec interface mode none
+< ipsec interface mode vti
+< ipsec mode transport
+< ipsec mode tunnel
< ipsec network
< ipsec no connections
+< ipsec settings
< last
< least preferred
< lifetime
+< local ip address
< log server protocol
< mac filter
< masquerade blue
< modem status
< monitor interface
< most preferred
+< mtu
< MTU settings
< nameserver
< never
< ssh no active logins
< ssh username
< static routes
+< subnet mask
< support donation
< system has hwrng
< system has rdrand
< tor traffic limit soft
< tor traffic read written
< tor use exit nodes
+< transport mode does not support vti
< twelve hours
< two weeks
< udp less overhead
< countrycode
< country codes and flags
< crypto error
+< cryptographic settings
< crypto warning
< day-graph
< dead peer detection
< default
< default ip
+< default IP address
< deprecated fs warn
< details
< dh
< incoming overhead in bytes per second
< incoming traffic in bytes per second
< integrity
+< interface mode
< invalid input for dpd delay
< invalid input for dpd timeout
< invalid input for inactivity timeout
+< invalid input for interface address
+< invalid input for interface mode
+< invalid input for interface mtu
+< invalid input for local ip address
+< invalid input for mode
< invalid input for valid till days
< invalid ip or hostname
< invalid logserver protocol
< ipsec
+< ipsec connection
+< ipsec interface mode gre
+< ipsec interface mode none
+< ipsec interface mode vti
+< ipsec mode transport
+< ipsec mode tunnel
< ipsec network
< ipsec no connections
+< ipsec settings
< last
< least preferred
< lifetime
+< local ip address
< log server protocol
< mac filter
< masquerade blue
< monitor interface
< month-graph
< most preferred
+< mtu
< MTU settings
< nameserver
< never
< ssh no active logins
< ssh username
< static routes
+< subnet mask
< support donation
< system has hwrng
< system has rdrand
< tor traffic limit soft
< tor traffic read written
< tor use exit nodes
+< transport mode does not support vti
< twelve hours
< two weeks
< udp less overhead
# Checking cgi-bin translations for language: tr #
############################################################################
< crypto error
+< cryptographic settings
< crypto warning
+< default IP address
< dnsforward forward_servers
< fwdfw all subnets
+< interface mode
+< invalid input for interface address
+< invalid input for interface mode
+< invalid input for interface mtu
+< invalid input for local ip address
+< invalid input for mode
< invalid ip or hostname
+< ipsec connection
+< ipsec interface mode gre
+< ipsec interface mode none
+< ipsec interface mode vti
+< ipsec mode transport
+< ipsec mode tunnel
+< ipsec settings
+< local ip address
+< mtu
< ovpn error dh
< ovpn error md5
< ovpn warning rfc3280
< ssh login time
< ssh no active logins
< ssh username
+< subnet mask
+< transport mode does not support vti
< vpn start action add
< vpn wait
< wlanap neighbor scan
Marcus Scholz,
Ersan Yildirim,
Joern-Ingo Weigert,
-Alfred Haas,
Wolfgang Apolinarski,
+Alfred Haas,
Lars Schuhmacher,
Rene Zingel,
Sascha Kilian,
Bernhard Bitsch,
Dominik Hassler,
Larsen,
-Gabriel Rolland,
Stéphane Pautrel,
+Gabriel Rolland,
Anton D. Seliverstov,
Bernhard Bittner,
David Kleuker,
Nico Prenzel,
Osmar Gonzalez,
Paul T. Simmons,
+Rob Brewer,
Robert Möker,
Stefan Ernst,
Stefan Ferstl,
}
#check if IPSEC is running
if ( $vpnsettings{'ENABLED'} eq 'on' || $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {
- my $ipsecip = $vpnsettings{'VPN_IP'};
print<<END;
<tr>
<td style='width:25%; text-align:center; background-color:$Header::colourvpn;'>
<a href='/cgi-bin/vpnmain.cgi' style='color:white'><b>$Lang::tr{'ipsec'}</b></a>
</td>
- <td style='width:30%; text-align:center;'>$ipsecip</td>
+ <td style='width:30%; text-align:center;'></td>
<td style='width:45%; text-align:center; color:$Header::colourgreen;'>Online</td>
</tr>
END
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+my %vpnsettings = ();
+&General::readhasharray("${General::swroot}/vpn/config", \%vpnsettings);
+
my @vpns=();
+# Make list of all IPsec graphs
+my %ipsecgraphs = ();
+foreach my $key (sort {$vpnsettings{$a}[1] <=> $vpnsettings{$b}[1]} keys %vpnsettings) {
+ my $interface_mode = $vpnsettings{$key}[36];
+ next unless ($interface_mode);
+
+ $ipsecgraphs{$vpnsettings{$key}[1]} = "${interface_mode}${key}";
+}
+
my @querry = split(/\?/,$ENV{'QUERY_STRING'});
$querry[0] = '' unless defined $querry[0];
$querry[1] = 'week' unless defined $querry[1];
if ( $querry[0] ne ""){
print "Content-type: image/png\n\n";
binmode(STDOUT);
- &Graphs::updatevpnn2ngraph($querry[0],$querry[1]);
+ if (grep { $_ eq $querry[0] } values %ipsecgraphs) {
+ &Graphs::updateifgraph($querry[0],$querry[1]);
+ } else {
+ &Graphs::updatevpnn2ngraph($querry[0],$querry[1]);
+ }
}else{
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'vpn statistic n2n'}, 1, '');
push(@vpns,$2);
}
}
- if (@vpns){
+ if (@vpns || %ipsecgraphs) {
+ foreach my $name (sort keys %ipsecgraphs) {
+ &Header::openbox('100%', 'center', "$Lang::tr{'ipsec connection'}: $name");
+ &Graphs::makegraphbox("netovpnsrv.cgi", $ipsecgraphs{$name}, "day");
+ &Header::closebox();
+ }
+
foreach (@vpns) {
&Header::openbox('100%', 'center', "$_ $Lang::tr{'graph'}");
&Graphs::makegraphbox("netovpnsrv.cgi",$_, "day");
my $identhosts = "$identdir/hosts";
-my $authdir = "/usr/lib/squid/";
+my $authdir = "/usr/lib/squid";
my $errordir = "/usr/lib/squid/errors";
my $acl_src_subnets = "$acldir/src_subnets.acl";
<tr>
<td width='40%' class='base'>$Lang::tr{'tor relay fingerprint'}:</td>
<td width='60%'>
- <a href='https://atlas.torproject.org/#details/$fingerprint' target='_blank'>$fingerprint</a>
+ <a href='https://metrics.torproject.org/rs.html#details/$fingerprint' target='_blank'>$fingerprint</a>
</td>
</tr>
END
print <<END;
<tr>
<td width='40%'>
- <a href='https://atlas.torproject.org/#details/$node->{'fingerprint'}' target='_blank'>
+ <a href='https://metrics.torproject.org/rs.html#details/$node->{'fingerprint'}' target='_blank'>
$node->{'name'}
</a>
</td>
0 => "- $Lang::tr{'unlimited'} -",
);
+# Load aliases
+my %aliases;
+&General::get_aliases(\%aliases);
+
my $col="";
$cgiparams{'ENABLED'} = 'off';
$cgiparams{'NAME'} = '';
$cgiparams{'LOCAL_SUBNET'} = '';
$cgiparams{'REMOTE_SUBNET'} = '';
+$cgiparams{'LOCAL'} = '';
$cgiparams{'REMOTE'} = '';
$cgiparams{'LOCAL_ID'} = '';
$cgiparams{'REMOTE_ID'} = '';
$cgiparams{'DPD_TIMEOUT'} = '120';
$cgiparams{'FORCE_MOBIKE'} = 'off';
$cgiparams{'START_ACTION'} = 'route';
-$cgiparams{'INACTIVITY_TIMEOUT'} = 900;
+$cgiparams{'INACTIVITY_TIMEOUT'} = 1800;
+$cgiparams{'MODE'} = "tunnel";
+$cgiparams{'INTERFACE_MODE'} = "";
+$cgiparams{'INTERFACE_ADDRESS'} = "";
+$cgiparams{'INTERFACE_MTU'} = 1500;
&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
###
#remote peer is not set? => use '%any'
$lconfighash{$key}[10] = '%any' if ($lconfighash{$key}[10] eq '');
+ # Field 6 might be "off" on old installations
+ if ($lconfighash{$key}[6] eq "off") {
+ $lconfighash{$key}[6] = $lvpnsettings{"VPN_IP"};
+ }
+
my $localside;
- if ($lconfighash{$key}[26] eq 'BLUE') {
- $localside = $netsettings{'BLUE_ADDRESS'};
- } elsif ($lconfighash{$key}[26] eq 'GREEN') {
- $localside = $netsettings{'GREEN_ADDRESS'};
- } elsif ($lconfighash{$key}[26] eq 'ORANGE') {
- $localside = $netsettings{'ORANGE_ADDRESS'};
- } else { # it is RED
- $localside = $lvpnsettings{'VPN_IP'};
+ if ($lconfighash{$key}[6]) {
+ $localside = $lconfighash{$key}[6];
+ } else {
+ $localside = "%defaultroute";
}
+ my $interface_mode = $lconfighash{$key}[36];
+
print CONF "conn $lconfighash{$key}[1]\n";
print CONF "\tleft=$localside\n";
- print CONF "\tleftsubnet=" . &make_subnets($lconfighash{$key}[8]) . "\n";
+
+ if ($interface_mode eq "gre") {
+ print CONF "\tleftprotoport=gre\n";
+ } elsif ($interface_mode eq "vti") {
+ print CONF "\tleftsubnet=0.0.0.0/0\n";
+ } else {
+ print CONF "\tleftsubnet=" . &make_subnets("left", $lconfighash{$key}[8]) . "\n";
+ }
+
print CONF "\tleftfirewall=yes\n";
print CONF "\tlefthostaccess=yes\n";
print CONF "\tright=$lconfighash{$key}[10]\n";
if ($lconfighash{$key}[3] eq 'net') {
- print CONF "\trightsubnet=" . &make_subnets($lconfighash{$key}[11]) . "\n";
+ if ($interface_mode eq "gre") {
+ print CONF "\trightprotoport=gre\n";
+ } elsif ($interface_mode eq "vti") {
+ print CONF "\trightsubnet=0.0.0.0/0\n";
+ } else {
+ print CONF "\trightsubnet=" . &make_subnets("right", $lconfighash{$key}[11]) . "\n";
+ }
}
# Local Cert and Remote Cert (unless auth is DN dn-auth)
print CONF "\tleftid=\"$lconfighash{$key}[7]\"\n" if ($lconfighash{$key}[7]);
print CONF "\trightid=\"$lconfighash{$key}[9]\"\n" if ($lconfighash{$key}[9]);
+ # Set mode
+ if ($lconfighash{$key}[35] eq "transport") {
+ print CONF "\ttype=transport\n";
+ } else {
+ print CONF "\ttype=tunnel\n";
+ }
+
+ # Add mark for VTI
+ if ($interface_mode eq "vti") {
+ print CONF "\tmark=$key\n";
+ }
+
# Is PFS enabled?
my $pfs = $lconfighash{$key}[28] eq 'on' ? 'on' : 'off';
if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
&General::readhash("${General::swroot}/vpn/settings", \%vpnsettings);
- unless (&General::validfqdn($cgiparams{'VPN_IP'}) || &General::validip($cgiparams{'VPN_IP'})
- || $cgiparams{'VPN_IP'} eq '%defaultroute' ) {
- $errormessage = $Lang::tr{'invalid input for hostname'};
- goto SAVE_ERROR;
- }
-
- unless ($cgiparams{'VPN_DELAYED_START'} =~ /^[0-9]{1,3}$/ ) { #allow 0-999 seconds !
- $errormessage = $Lang::tr{'invalid time period'};
- goto SAVE_ERROR;
- }
-
if ( $cgiparams{'RW_NET'} ne '' and !&General::validipandmask($cgiparams{'RW_NET'}) ) {
$errormessage = $Lang::tr{'urlfilter invalid ip or mask error'};
goto SAVE_ERROR;
}
$vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
- $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
- $vpnsettings{'VPN_DELAYED_START'} = $cgiparams{'VPN_DELAYED_START'};
$vpnsettings{'RW_NET'} = $cgiparams{'RW_NET'};
&General::writehash("${General::swroot}/vpn/settings", \%vpnsettings);
&writeipsecfiles();
$cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
$cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
$cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
- #$cgiparams{'free'} = $confighash{$cgiparams{'KEY'}}[6];
+ $cgiparams{'LOCAL'} = $confighash{$cgiparams{'KEY'}}[6];
$cgiparams{'LOCAL_ID'} = $confighash{$cgiparams{'KEY'}}[7];
my @local_subnets = split(",", $confighash{$cgiparams{'KEY'}}[8]);
$cgiparams{'LOCAL_SUBNET'} = join(/\|/, @local_subnets);
$cgiparams{'FORCE_MOBIKE'} = $confighash{$cgiparams{'KEY'}}[32];
$cgiparams{'START_ACTION'} = $confighash{$cgiparams{'KEY'}}[33];
$cgiparams{'INACTIVITY_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[34];
+ $cgiparams{'MODE'} = $confighash{$cgiparams{'KEY'}}[35];
+ $cgiparams{'INTERFACE_MODE'} = $confighash{$cgiparams{'KEY'}}[36];
+ $cgiparams{'INTERFACE_ADDRESS'} = $confighash{$cgiparams{'KEY'}}[37];
+ $cgiparams{'INTERFACE_MTU'} = $confighash{$cgiparams{'KEY'}}[38];
if (!$cgiparams{'DPD_DELAY'}) {
$cgiparams{'DPD_DELAY'} = 30;
$cgiparams{'INACTIVITY_TIMEOUT'} = 900;
}
+ if ($cgiparams{'MODE'} eq "") {
+ $cgiparams{'MODE'} = "tunnel";
+ }
+
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
goto VPNCONF_ERROR;
}
+ if ($cgiparams{'LOCAL'}) {
+ if (($cgiparams{'LOCAL'} ne "") && (!&General::validip($cgiparams{'LOCAL'}))) {
+ $errormessage = $Lang::tr{'invalid input for local ip address'};
+ goto VPNCONF_ERROR;
+ }
+ }
+
if ($cgiparams{'REMOTE'}) {
if (($cgiparams{'REMOTE'} ne '%any') && (! &General::validip($cgiparams{'REMOTE'}))) {
if (! &General::validfqdn ($cgiparams{'REMOTE'})) {
goto VPNCONF_ERROR;
}
}
+
+ if ($cgiparams{'MODE'} !~ /^(tunnel|transport)$/) {
+ $errormessage = $Lang::tr{'invalid input for mode'};
+ goto VPNCONF_ERROR;
+ }
+
+ if ($cgiparams{'INTERFACE_MODE'} !~ /^(|gre|vti)$/) {
+ $errormessage = $Lang::tr{'invalid input for interface mode'};
+ goto VPNCONF_ERROR;
+ }
+
+ if (($cgiparams{'INTERFACE_MODE'} eq "vti") && ($cgiparams{'MODE'} eq "transport")) {
+ $errormessage = $Lang::tr{'transport mode does not support vti'};
+ goto VPNCONF_ERROR;
+ }
+
+ if (($cgiparams{'INTERFACE_MODE'} ne "") && !&Network::check_subnet($cgiparams{'INTERFACE_ADDRESS'})) {
+ $errormessage = $Lang::tr{'invalid input for interface address'};
+ goto VPNCONF_ERROR;
+ }
+
+ if ($cgiparams{'INTERFACE_MTU'} !~ /^\d+$/) {
+ $errormessage = $Lang::tr{'invalid input for interface mtu'};
+ goto VPNCONF_ERROR;
+ }
}
if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
my $key = $cgiparams{'KEY'};
if (! $key) {
$key = &General::findhasharraykey (\%confighash);
- foreach my $i (0 .. 34) { $confighash{$key}[$i] = "";}
+ foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";}
}
$confighash{$key}[0] = $cgiparams{'ENABLED'};
$confighash{$key}[1] = $cgiparams{'NAME'};
my @remote_subnets = split(",", $cgiparams{'REMOTE_SUBNET'});
$confighash{$key}[11] = join('|', @remote_subnets);
}
+ $confighash{$key}[6] = $cgiparams{'LOCAL'};
$confighash{$key}[7] = $cgiparams{'LOCAL_ID'};
my @local_subnets = split(",", $cgiparams{'LOCAL_SUBNET'});
$confighash{$key}[8] = join('|', @local_subnets);
$confighash{$key}[32] = $cgiparams{'FORCE_MOBIKE'};
$confighash{$key}[33] = $cgiparams{'START_ACTION'};
$confighash{$key}[34] = $cgiparams{'INACTIVITY_TIMEOUT'};
+ $confighash{$key}[35] = $cgiparams{'MODE'};
+ $confighash{$key}[36] = $cgiparams{'INTERFACE_MODE'};
+ $confighash{$key}[37] = $cgiparams{'INTERFACE_ADDRESS'};
+ $confighash{$key}[38] = $cgiparams{'INTERFACE_MTU'};
# free unused fields!
- $confighash{$key}[6] = 'off';
$confighash{$key}[15] = 'off';
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
} else {
$cgiparams{'AUTH'} = 'certgen';
}
- $cgiparams{'LOCAL_SUBNET'} = "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
+
+ if ($netsettings{"GREEN_NETADDRESS"} && $netsettings{"GREEN_NETMASK"}) {
+ $cgiparams{"LOCAL_SUBNET"} = $netsettings{'GREEN_NETADDRESS'} . "/" . $netsettings{'GREEN_NETMASK'};
+ } else {
+ $cgiparams{"LOCAL_SUBNET"} = "";
+ }
$cgiparams{'CERT_EMAIL'} = $vpnsettings{'ROOTCERT_EMAIL'};
$cgiparams{'CERT_OU'} = $vpnsettings{'ROOTCERT_OU'};
$cgiparams{'CERT_ORGANIZATION'} = $vpnsettings{'ROOTCERT_ORGANIZATION'};
$cgiparams{'ONLY_PROPOSED'} = 'on'; #[24];
$cgiparams{'PFS'} = 'on'; #[28];
$cgiparams{'INACTIVITY_TIMEOUT'} = 900;
+ $cgiparams{'MODE'} = "tunnel";
+ $cgiparams{'INTERFACE_MODE'} = "";
+ $cgiparams{'INTERFACE_ADDRESS'} = "";
+ $cgiparams{'INTERFACE_MTU'} = 1500;
}
VPNCONF_ERROR:
$checked{'AUTH'}{'auth-dn'} = '';
$checked{'AUTH'}{$cgiparams{'AUTH'}} = "checked='checked'";
+ $selected{'MODE'}{'tunnel'} = '';
+ $selected{'MODE'}{'transport'} = '';
+ $selected{'MODE'}{$cgiparams{'MODE'}} = "selected='selected'";
+
+ $selected{'INTERFACE_MODE'}{''} = '';
+ $selected{'INTERFACE_MODE'}{'gre'} = '';
+ $selected{'INTERFACE_MODE'}{'vti'} = '';
+ $selected{'INTERFACE_MODE'}{$cgiparams{'INTERFACE_MODE'}} = "selected='selected'";
+
+ $selected{'LOCAL'}{''} = '';
+ foreach my $alias (sort keys %aliases) {
+ my $address = $aliases{$alias}{'IPT'};
+
+ $selected{'LOCAL'}{$address} = '';
+ }
+ $selected{'LOCAL'}{$cgiparams{'LOCAL'}} = "selected='selected'";
+
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'ipsec'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
<input type='hidden' name='DPD_TIMEOUT' value='$cgiparams{'DPD_TIMEOUT'}' />
<input type='hidden' name='FORCE_MOBIKE' value='$cgiparams{'FORCE_MOBIKE'}' />
<input type='hidden' name='START_ACTION' value='$cgiparams{'START_ACTION'}' />
+ <input type='hidden' name='INACTIVITY_TIMEOUT' value='$cgiparams{'INACTIVITY_TIMEOUT'}' />
END
;
if ($cgiparams{'KEY'}) {
my @remote_subnets = split(/\|/, $cgiparams{'REMOTE_SUBNET'});
my $remote_subnets = join(",", @remote_subnets);
- print <<END
+ print <<END;
<tr>
<td width='20%'>$Lang::tr{'enabled'}</td>
<td width='30%'>
<input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} />
</td>
- <td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'local subnet'} <img src='/blob.gif' alt='*' /></td>
- <td width='30%'>
- <input type='text' name='LOCAL_SUBNET' value='$local_subnets' />
- </td>
+ <td colspan="2"></td>
</tr>
<tr>
+ <td class='boldbase' width='20%'>$Lang::tr{'local ip address'}:</td>
+ <td width='30%'>
+ <select name="LOCAL">
+ <option value="" $selected{'LOCAL'}{''}>- $Lang::tr{'default IP address'} -</option>
+END
+
+ foreach my $alias (sort keys %aliases) {
+ my $address = $aliases{$alias}{'IPT'};
+ print <<END;
+ <option value="$address" $selected{'LOCAL'}{$address}>$alias ($address)</option>
+END
+ }
+
+ print <<END;
+ </select>
+ </td>
<td class='boldbase' width='20%'>$Lang::tr{'remote host/ip'}: $blob</td>
<td width='30%'>
<input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size="25" />
</td>
+ </tr>
+ <tr>
+ <td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'local subnet'} <img src='/blob.gif' alt='*' /></td>
+ <td width='30%'>
+ <input type='text' name='LOCAL_SUBNET' value='$local_subnets' size="25" />
+ </td>
<td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'remote subnet'} $blob</td>
<td width='30%'>
- <input $disabled type='text' name='REMOTE_SUBNET' value='$remote_subnets' />
+ <input $disabled type='text' name='REMOTE_SUBNET' value='$remote_subnets' size="25" />
</td>
</tr>
<tr>
print "</table>";
&Header::closebox();
+ if ($cgiparams{'TYPE'} eq 'net') {
+ &Header::openbox('100%', 'left', $Lang::tr{'ipsec settings'});
+ print <<EOF;
+ <table width='100%'>
+ <tbody>
+ <tr>
+ <td class='boldbase' width='20%'>$Lang::tr{'mode'}:</td>
+ <td width='30%'>
+ <select name='MODE'>
+ <option value='tunnel' $selected{'MODE'}{'tunnel'}>$Lang::tr{'ipsec mode tunnel'}</option>
+ <option value='transport' $selected{'MODE'}{'transport'}>$Lang::tr{'ipsec mode transport'}</option>
+ </select>
+ </td>
+ <td colspan='2'></td>
+ </tr>
+
+ <tr>
+ <td class='boldbase' width='20%'>$Lang::tr{'interface mode'}:</td>
+ <td width='30%'>
+ <select name='INTERFACE_MODE'>
+ <option value='' $selected{'INTERFACE_MODE'}{''}>$Lang::tr{'ipsec interface mode none'}</option>
+ <option value='gre' $selected{'INTERFACE_MODE'}{'gre'}>$Lang::tr{'ipsec interface mode gre'}</option>
+ <option value='vti' $selected{'INTERFACE_MODE'}{'vti'}>$Lang::tr{'ipsec interface mode vti'}</option>
+ </select>
+ </td>
+
+ <td class='boldbase' width='20%'>$Lang::tr{'ip address'}/$Lang::tr{'subnet mask'}:</td>
+ <td width='30%'>
+ <input type="text" name="INTERFACE_ADDRESS" value="$cgiparams{'INTERFACE_ADDRESS'}">
+ </td>
+ </tr>
+
+ <tr>
+ <td class='boldbase' width='20%'>$Lang::tr{'mtu'}:</td>
+ <td width='30%'>
+ <input type="number" name="INTERFACE_MTU" value="$cgiparams{'INTERFACE_MTU'}" min="576" max="9000">
+ </td>
+ <td colspan='2'></td>
+ </tr>
+ </tbody>
+ </table>
+EOF
+ &Header::closebox();
+ }
+
if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') {
&Header::openbox('100%', 'left', $Lang::tr{'authentication'});
print <<END
$cgiparams{'FORCE_MOBIKE'} = $confighash{$cgiparams{'KEY'}}[32];
$cgiparams{'START_ACTION'} = $confighash{$cgiparams{'KEY'}}[33];
$cgiparams{'INACTIVITY_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[34];
+ $cgiparams{'MODE'} = $confighash{$cgiparams{'KEY'}}[35];
+ $cgiparams{'INTERFACE_MODE'} = $confighash{$cgiparams{'KEY'}}[36];
+ $cgiparams{'INTERFACE_ADDRESS'} = $confighash{$cgiparams{'KEY'}}[37];
+ $cgiparams{'INTERFACE_MTU'} = $confighash{$cgiparams{'KEY'}}[38];
if (!$cgiparams{'DPD_DELAY'}) {
$cgiparams{'DPD_DELAY'} = 30;
if ($cgiparams{'INACTIVITY_TIMEOUT'} eq "") {
$cgiparams{'INACTIVITY_TIMEOUT'} = 900; # 15 min
}
+
+ if ($cgiparams{'MODE'} eq "") {
+ $cgiparams{'MODE'} = "tunnel";
+ }
}
ADVANCED_ERROR:
my @status = `/usr/local/bin/ipsecctrl I 2>/dev/null`;
- # suggest a default name for this side
- if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
- if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
- my $ipaddr = <IPADDR>;
- close IPADDR;
- chomp ($ipaddr);
- $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
- if ($cgiparams{'VPN_IP'} eq '') {
- $cgiparams{'VPN_IP'} = $ipaddr;
- }
- }
- }
- # no IP found, use %defaultroute
- $cgiparams{'VPN_IP'} ='%defaultroute' if ($cgiparams{'VPN_IP'} eq '');
-
- $cgiparams{'VPN_DELAYED_START'} = 0 if (! defined ($cgiparams{'VPN_DELAYED_START'}));
$checked{'ENABLED'} = $cgiparams{'ENABLED'} eq 'on' ? "checked='checked'" : '';
&Header::showhttpheaders();
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
- <tr>
- <td width='20%' class='base' nowrap='nowrap'>$Lang::tr{'vpn red name'}: <img src='/blob.gif' alt='*' /></td>
- <td width='20%'><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' /></td>
- <td width='20%' class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'} /></td>
- </tr>
-END
-;
-print <<END
- <tr>
- <td class='base' nowrap='nowrap'>$Lang::tr{'vpn delayed start'}: <img src='/blob.gif' alt='*' /><img src='/blob.gif' alt='*' /></td>
- <td ><input type='text' name='VPN_DELAYED_START' value='$cgiparams{'VPN_DELAYED_START'}' /></td>
- </tr>
- <tr>
- <td class='base' nowrap='nowrap'>$Lang::tr{'host to net vpn'}:</td>
- <td ><input type='text' name='RW_NET' value='$cgiparams{'RW_NET'}' /></td>
- </tr>
-</table>
-<br>
-<hr />
-<table width='100%'>
-<tr>
- <td class='base' valign='top'><img src='/blob.gif' alt='*' /></td>
- <td width='70%' class='base' valign='top'>$Lang::tr{'required field'}</td><td width='30%' align='right' class='base'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
-</tr>
-<tr>
- <td class='base' valign='top' nowrap='nowrap'><img src='/blob.gif' alt='*' /><img src='/blob.gif' alt='*' /> </td>
- <td class='base'> <font class='base'>$Lang::tr{'vpn delayed start help'}</font></td>
- <td></td>
-</tr>
+ <tr>
+ <td width='60%' class='base'>
+ $Lang::tr{'enabled'}
+ </td>
+ <td width="40%">
+ <input type='checkbox' name='ENABLED' $checked{'ENABLED'} />
+ </td>
+ </tr>
+ <tr>
+ <td class='base' nowrap='nowrap' width="60%">$Lang::tr{'host to net vpn'}:</td>
+ <td width="40%"><input type='text' name='RW_NET' value='$cgiparams{'RW_NET'}' /></td>
+ </tr>
+ <tr>
+ <td width='100%' colspan="2" align='right' class='base'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
+ </tr>
</table>
END
;
return &array_unique(\@algos);
}
-sub make_subnets($) {
+sub make_subnets($$) {
+ my $direction = shift;
my $subnets = shift;
my @nets = split(/\|/, $subnets);
my @cidr_nets = ();
foreach my $net (@nets) {
my $cidr_net = &General::ipcidr($net);
+
+ # Skip 0.0.0.0/0 for remote because this renders the
+ # while system inaccessible
+ next if (($direction eq "right") && ($cidr_net eq "0.0.0.0/0"));
+
push(@cidr_nets, $cidr_net);
}
'invalid input for hostname' => 'Ungültige Eingabe für Hostname',
'invalid input for ike lifetime' => 'Ungültige Eingabe für IKE Lebensdauer',
'invalid input for inactivity timeout' => 'Ungültige Eingabe für Inaktivitätstimeout',
+'invalid input for interface address' => 'Ungültige Eingabe für die Interface-Adresse',
+'invalid input for interface mode' => 'Ungültige Eingabe des Interface-Modus',
+'invalid input for interface mtu' => 'Ungültige Eingabe für die Interface-MTU',
'invalid input for keepalive 1' => 'Ungültige Eingabe für Keepalive ping',
'invalid input for keepalive 1:2' => 'Ungültige Eingabe für Keepalive (mindestens ein Verhältnis von 1:2)',
'invalid input for keepalive 2' => 'Ungültige Eingabe für Keepalive ping-restart',
+'invalid input for local ip address' => 'Ungültige Eingabe für die lokale IP-Adresse',
'invalid input for max clients' => 'Ungültige Eingabe für Max Clients',
+'invalid input for mode' => 'Ungültige Eingabe des Modus',
'invalid input for name' => 'Ungültige Eingabe für vollen Namen des Benutzers oder des System Hostnamens',
'invalid input for oink code' => 'Ungültige Eingabe für Oink Code',
'invalid input for organization' => 'Ungültige Eingabe für Organisation',
'ipfires hostname' => 'IPFire\'s Hostname',
'ipinfo' => 'IP-Info',
'ipsec' => 'IPsec',
+'ipsec connection' => 'IPsec-Verbindung',
+'ipsec interface mode gre' => 'GRE',
+'ipsec interface mode none' => '- Kein Interface (Standard) -',
+'ipsec interface mode vti' => 'VTI',
+'ipsec mode transport' => 'Transport',
+'ipsec mode tunnel' => 'Tunnel',
'ipsec network' => 'IPsec-Netzwerk',
'ipsec no connections' => 'Keine aktiven IPsec-Verbindungen',
+'ipsec settings' => 'IPsec-Einstellungen',
'iptable rules' => 'IPTable-Regeln',
'iptmangles' => 'IPTable Mangles',
'iptnats' => 'IPTable Network Address Translation',
'load printer' => 'Lade Drucker',
'loaded modules' => 'Geladene Module:',
'local hard disk' => 'Festplatte',
+'local ip address' => 'Lokale IP-Adresse',
'local master' => 'Local Master',
'local ntp server specified but not enabled' => 'Lokaler NTP Server angegeben aber nicht aktiviert',
'local subnet' => 'Lokales Subnetz:',
'mpfire search' => 'MPFire Suche',
'mpfire songs' => 'MPFire Songliste',
'mpfire webradio' => 'MPFire Webradio',
+'mtu' => 'MTU',
'mtu QoS' => 'Diese Einstellung ändert die MTU nicht global sondern nur für das QoS.',
'my new share' => 'Meine neue Freigabe',
'name' => 'Name',
'no modem selected' => 'Kein Modem ausgewählt',
'no set selected' => 'Es wurde kein Satz ausgewählt',
'no time limit' => 'unbregenzte Zeit',
+'none' => 'keiner',
'none found' => 'nichts gefunden',
'nonetworkname' => 'Kein Netzwerkname wurde eingegeben',
'noservicename' => 'Kein Dienstname wurde eingegeben',
'psk' => 'PSK',
'pulse' => 'Puls',
'pulse dial' => 'Pulswahl:',
+'qos add subclass' => 'Unterklasse hinzufügen',
'qos enter bandwidths' => 'Bitte geben Sie ihre Downstream- und Upstream-Bandbreite an!',
'qos graphs' => 'Qos Diagramme',
'qos warning' => 'Die Regel <strong>muss</strong> wieder gespeichert werden, ansonsten wird sie verworfen!',
'subject warn' => 'Warnung - Warnlevel erreicht',
'subnet' => 'Subnet',
'subnet is invalid' => 'Netzmaske ist ungültig',
+'subnet mask' => 'Subnetzmaske',
'subscripted user rules' => 'Sourcefire VRT Regeln mit Abonnement',
'successfully refreshed updates list' => 'Update-Liste erfolgreich aktualisiert.',
'summaries kept' => 'Zusammenfassungen aufheben für',
'trafficto' => 'Nach',
'transfer limits' => 'Transferbeschränkungen',
'transparent on' => 'Transparent auf',
+'transport mode does not support vti' => 'VTI wird im Transport-Modus nicht unterstützt',
'tripwire' => 'Tripwire',
'tripwire cronjob' => 'Tripwire Cronjob',
'tripwire functions' => 'Tripwire Funktionen',
'vpn connecting' => 'VERBINDUNGSAUFBAU',
'vpn delayed start' => 'Verzögerung, bevor VPN gestartet wird (Sek.)',
'vpn delayed start help' => 'Falls notwendig, kann diese Verzögerung dazu verwendet werden, um Dynamic-DNS-Updates ordnungsgemäß anzuwenden. 60 ist ein gängiger Wert, wenn ROT (RED) eine dynamische IP Adresse ist.',
+'vpn force mobike' => 'MOBIKE erzwingen (nur IKEv2)',
'vpn inactivity timeout' => 'Inaktivitätstimeout',
'vpn incompatible use of defaultroute' => 'Hostname=%defaultroute nicht zulässig',
'vpn keyexchange' => 'Schlüsseltausch',
'vpn start action add' => 'Auf Verbindungseingang warten',
'vpn start action route' => 'Bei Bedarf',
'vpn start action start' => 'Immer An',
-'vpn statistic n2n' => 'OpenVPN-Netz-zu-Netz-Statistik',
-'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik',
+'vpn statistic n2n' => 'VPN: Netz-zu-Netz-Statistik',
+'vpn statistic rw' => 'VPN: Roadwarrior-Statistik',
'vpn subjectaltname' => 'Subjekt Alternativer Name',
'vpn wait' => 'WARTE',
'vpn watch' => 'Netz-zu-Netz VPN neu starten, wenn sich Remote-IP ändert (DynDNS).',
'cron server' => 'CRON Server',
'crypto error' => 'Cryptographic error',
'crypto warning' => 'Cryptographic warning',
+'cryptographic settings' => 'Cryptographic Settings',
'current' => 'Current',
'current aliases' => 'Current aliases',
'current class' => 'Current class',
'deep scan directories' => 'Scan recursive',
'def lease time' => 'Default Lease Time',
'default' => 'Default',
+'default IP address' => 'Default IP Address',
'default ip' => 'Default IP address',
'default lease time' => 'Default lease time (mins):',
'default networks' => 'Default networks',
'instant update' => 'Instant Update',
'integrity' => 'Integrity:',
'interface' => 'Interface',
+'interface mode' => 'Interface',
'interfaces' => 'Interfaces',
'internet' => 'INTERNET',
'intrusion detection' => 'Intrusion Detection',
'invalid input for hostname' => 'Invalid input for hostname.',
'invalid input for ike lifetime' => 'Invalid input for IKE lifetime',
'invalid input for inactivity timeout' => 'Invalid input for Inactivity Timeout',
+'invalid input for interface address' => 'Invalid input for interface address',
+'invalid input for interface mode' => 'Invalid input for interface mode',
+'invalid input for interface mtu' => 'Invalid input to interface MTU',
'invalid input for keepalive 1' => 'Invalid input for Keepalive ping',
'invalid input for keepalive 1:2' => 'Invalid input for Keepalive use at least a ratio of 1:2',
'invalid input for keepalive 2' => 'Invalid input for Keepalive ping-restart',
+'invalid input for local ip address' => 'Invalid input for local IP address',
'invalid input for max clients' => 'Invalid input for Max Clients',
+'invalid input for mode' => 'Invalid input for mode',
'invalid input for name' => 'Invalid input for user\'s full name or system hostname',
'invalid input for oink code' => 'Invalid input for Oink code',
'invalid input for organization' => 'Invalid input for organization',
'ipfires hostname' => 'IPFire\'s Hostname',
'ipinfo' => 'IP info',
'ipsec' => 'IPsec',
+'ipsec connection' => 'IPsec Connection',
+'ipsec interface mode gre' => 'GRE',
+'ipsec interface mode none' => '- None (Default) -',
+'ipsec interface mode vti' => 'VTI',
+'ipsec mode transport' => 'Transport',
+'ipsec mode tunnel' => 'Tunnel',
'ipsec network' => 'IPsec network',
'ipsec no connections' => 'No active IPsec connections',
+'ipsec settings' => 'IPsec Settings',
'iptable rules' => 'IPTable rules',
'iptmangles' => 'IPTable Mangles',
'iptnats' => 'IPTable Network Address Translation',
'load printer' => 'Load Printer',
'loaded modules' => 'Loaded modules:',
'local hard disk' => 'Hard disk',
+'local ip address' => 'Local IP Address',
'local master' => 'Local Master',
'local ntp server specified but not enabled' => 'Local NTP server specified but not enabled',
'local subnet' => 'Local subnet:',
'mpfire search' => 'MPFire Search',
'mpfire songs' => 'MPFire songlist',
'mpfire webradio' => 'MPFire Webradio',
+'mtu' => 'MTU',
'mtu QoS' => 'This does not change the global MTU, it only sets MTU for QoS.',
'my new share' => 'My new share',
'name' => 'Name',
'subject warn' => 'Warning - warnlevel reached',
'subnet' => 'Subnet',
'subnet is invalid' => 'Netmask is invalid',
+'subnet mask' => 'Subnet Mask',
'subscripted user rules' => 'Sourcefire VRT rules with subscription',
'successfully refreshed updates list' => 'Successfully refreshed updates list.',
'summaries kept' => 'Keep summaries for',
'trafficto' => 'To',
'transfer limits' => 'Transfer limits',
'transparent on' => 'Transparent on',
+'transport mode does not support vti' => 'VTI is not support in transport mode',
'tripwire' => 'Tripwire',
'tripwire cronjob' => 'tripwire cronjob',
'tripwire functions' => 'tripwire functions',
'vpn start action add' => 'Wait for connection initiation',
'vpn start action route' => 'On Demand',
'vpn start action start' => 'Always On',
-'vpn statistic n2n' => 'OpenVPN Net-to-Net Statistics',
-'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics',
+'vpn statistic n2n' => 'VPN: Net-to-Net Statistics',
+'vpn statistic rw' => 'VPN: Roadwarrior Statistics',
'vpn subjectaltname' => 'Subject Alt Name',
'vpn wait' => 'WAITING',
'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).',
'Captive 1day' => '1 jour',
'Captive 1month' => '1 mois',
'Captive 1week' => '1 semaine',
-'Captive ACTIVATE' => 'ACTIVATION',
-'Captive GAIN ACCESS' => 'GAIN ACCESS',
+'Captive ACTIVATE' => 'ACTIVER',
+'Captive GAIN ACCESS' => 'ACCEDER',
'Captive WiFi coupon' => 'Coupon wifi',
'Captive activate' => 'Activation',
'Captive activated' => 'Activé',
'Captive auth_lic' => 'Licence',
'Captive auth_vou' => 'Reçu',
'Captive authentication' => 'Type d\'accès',
-'Captive brand color' => 'Couleur de la marque',
+'Captive brand color' => 'Couleur de fond personnalisée',
'Captive branding' => 'Personnalisation',
'Captive client session expiry time' => 'Délai d\'expiration de la session',
'Captive config' => 'Paramètres',
'Captive noexpiretime' => 'Aucune plage de temps de connexion valide donnée',
'Captive nolimit' => 'illimité',
'Captive nr' => 'Number',
-'Captive please accept the terms and conditions' => 'Veuillez accepter les termes & conditions',
+'Captive please accept the terms and conditions' => 'Veuillez accepter les termes et conditions',
'Captive please enter a coupon code' => 'Veuillez saisir un code de coupon',
'Captive portal' => 'Portail captif IPFire',
'Captive portal coupons' => 'Coupons portail captif',
'connections' => 'Connexions',
'connections are associated with this ca. deleting the ca will delete these connections as well.' => 'Les connexions sont associées avec ce CA. La suppression de ce CA entraînera la suppression des connexions associées.',
'connscheduler' => 'Planificateur de connexion',
-'core notice 1' => '<strong>Remarque :</strong> Il y a une mise à jour de',
-'core notice 2' => 'pour',
-'core notice 3' => 'disponible.',
+'core notice 1' => '<strong>Remarque :</strong> Il y a une mise à jour disponible de',
+'core notice 2' => 'vers',
+'core notice 3' => '.',
'could not be opened' => 'ne peut pas être ouvert',
'could not connect to' => 'Impossible de se connecter à ',
'could not connect to www ipcop org' => 'Impossible de se connecter à www.ipcop.org',
'dnsforward configuration' => 'Configuration de transfert DNS',
'dnsforward edit an entry' => 'Modifier une entrée existante',
'dnsforward entries' => 'Entrées actuelles',
-'dnsforward forward_server' => 'Nom du serveur ',
+'dnsforward forward_servers' => 'Nom des serveurs ',
'dnsforward zone' => 'Zone ',
'dnssec aware' => 'DNSSEC Aware',
'dnssec disabled warning' => 'AVERTISSEMENT : DNSSEC a été désactivé',
'domain not set' => 'Domaine non établi.',
'donation' => 'Faire un don',
'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif',
-'donation-text' => '<strong>IPFire</strong> est développé et maintenu par des volontaires durant leur temps libre.<br>Afin d\'assurer les coûts du projet et si vous souhaitez nous encourager, vous pouvez effectuer un don.',
+'donation-text' => '<strong>IPFire</strong> est développé et maintenu par des volontaires durant leur temps libre.<br>Afin d\'assurer les coûts du projet et nous encourager, vous pouvez effectuer un don.',
'done' => 'Faites le',
'dos charset' => 'DOS Charset',
'down and up speed' => 'Entrez votre débit descendant et montant <br /> et cliquez sur <i>Sauvegarder</i>.',
'download tls-auth key' => 'Télécharger la clé tls-auth',
'dpd action' => 'Détection du peer mort',
'dpd delay' => 'Retard',
-'dpd timeout' => 'Timeout',
+'dpd timeout' => 'Délai dépassé',
'driver' => 'Pilote',
'drop action' => 'Comportement par défaut du pare-feu (avancé) en mode "Bloqué"',
'drop action1' => 'Comportement par défaut du pare-feu (sortant) en mode "Bloqué"',
'editor' => 'Editeur',
'eg' => 'ex. :',
'eight hours' => '8 heures',
-'email config' => 'Configuration',
-'email empty field' => 'Champs vide',
+'email config' => 'Configuration du courrier',
+'email empty field' => 'Champ vide',
'email error' => 'ERREUR : Le message de test n\'a pas pu être envoyé',
'email invalid' => 'Champ invalide',
'email invalid mailfqdn' => 'Serveur de mail fqdn invalide',
'email invalid mailip' => 'Adresse IP serveur de mail invalide',
'email invalid mailport' => 'Port serveur de mail invalide',
-'email mailaddr' => 'Adresse serveur email (smtp)',
+'email mailaddr' => 'Adresse du serveur (SMTP)',
'email mailpass' => 'Mot de passe',
-'email mailport' => 'Port serveur email',
-'email mailrcpt' => 'Destinataire email',
-'email mailsender' => 'Expéditeur email',
+'email mailport' => 'Port du serveur (SMTP)',
+'email mailrcpt' => 'Email du destinataire',
+'email mailsender' => 'Email de l\'expéditeur',
'email mailuser' => 'Nom d\'utilisateur',
'email server can not be empty' => 'Le serveur mail ne peut pas être vide',
-'email settings' => 'Service email',
+'email settings' => 'Service de messagerie',
'email subject' => 'Test email IPFire',
'email success' => 'Email de test envoyé avec succès',
-'email testmail' => 'Envoyer email de test',
+'email testmail' => 'Envoyer un message de test',
'email text' => 'Email de test depuis le service de mail IPFire',
'email tls' => 'Utiliser une connexion chiffrée TLS',
-'email usemail' => 'Activation service email',
+'email usemail' => 'Activation du service',
'emailreportlevel' => 'Niveau de rapport des mails',
'emerging rules' => 'Règles de la communauté Emergingthreats.net',
'empty' => 'Ce champ peut être laissé vide',
'fwdfw dnat nochoice' => 'Veuillez choisir un NAT source ou un NAT de destination dans la section NAT.',
'fwdfw dnat porterr' => 'Vous devez choisir un seul port ou plage de ports (tcp / udp) pour NAT',
'fwdfw dnat porterr2' => 'Impossible d\'utiliser un port externe (NAT) si aucun port de destination n\'est défini.',
-'fwdfw edit' => 'Edit',
+'fwdfw edit' => 'Edition',
'fwdfw err concon' => 'Nombre invalide pour les connexions concurrentes',
'fwdfw err nosrc' => 'Aucune source sélectionnée.',
'fwdfw err nosrcip' => 'Veuillez fournir une adresse IP source.',
'fwdfw wd_thu' => 'Jeu',
'fwdfw wd_tue' => 'Mar',
'fwdfw wd_wed' => 'Mer',
-'fwdfw xt access' => 'Input',
+'fwdfw xt access' => 'Entrée',
'fwhost Custom Host' => 'Hôte',
'fwhost Custom Network' => 'Réseau',
'fwhost IpSec Host' => 'Hôte IPsec',
'graph per' => 'par',
'green' => 'VERT',
'green interface' => 'Interface VERTE',
-'grouptype' => 'Grouptype :',
+'grouptype' => 'Type de groupe :',
'guaranteed bandwith' => 'Bande passante garantie',
'guardian' => 'Gardien',
'guest ok' => 'autoriser l\'accès aux invités',
'invalid input for state or province' => 'Région ou département non valide.',
'invalid input for valid till days' => 'Entrée invalide pour Valide jusqu\à (jours).',
'invalid ip' => 'IP Adresse non valide',
+'invalid ip or hostname' => 'Adresse IP ou nom d\'hôte invalide',
'invalid keep time' => 'Le temps restant doit être un nombre valide',
'invalid key' => 'Clef non valide.',
'invalid loaded file' => 'Fichier chargé non valide',
'pakfire ago' => '',
'pakfire available addons' => 'Modules disponibles :',
'pakfire configuration' => 'Configuration Pakfire',
-'pakfire core update auto' => 'Installer les mises à jour du noyau et des modules automatiquement :',
+'pakfire core update auto' => 'Installer automatiquement les mises à jour du noyau et des modules :',
'pakfire core update level' => 'Niveau de mise à jour du noyau ',
'pakfire health check' => 'Vérifier si le miroir est accessible (ping) :',
'pakfire install description' => 'Veuillez choisir un ou plusieurs modules dans la liste ci-dessous<br>et cliquez sur le signe PLUS pour les installer.',
-'pakfire install package' => 'Vous voulez installer les paquets suivants : ',
+'pakfire install package' => 'Vous souhaitez installer les paquets suivants : ',
'pakfire installed addons' => 'Modules installés :',
'pakfire last core list update' => 'Dernière mise à jour de la liste du noyau : ',
'pakfire last package update' => 'Dernière mise à jour de la liste des paquets : ',
'reconnect' => 'Reconnecter',
'reconnection' => 'Reconnexion',
'red' => 'Internet',
-'red1' => 'RED',
+'red1' => 'ROUGE',
'references' => 'Références',
'refresh' => 'Rafraîchir',
'refresh index page while connected' => 'Rafraîchir la page index.cgi tout en restant connecté',
'tor 0 = disabled' => '0 = désactivé',
'tor accounting' => 'Accounting',
'tor accounting bytes' => 'Trafic (lu / écrit)',
-'tor accounting bytes left' => 'left',
+'tor accounting bytes left' => 'restant',
'tor accounting interval' => 'Interval (UTC)',
'tor accounting limit' => 'Accounting limit (Mo)',
'tor accounting period' => 'Accounting period',
'unlimited' => 'illimité',
'unnamed' => 'Sans nom',
'update' => 'Mettre à jour',
-'update accelerator' => 'Paramètres accélérateur',
+'update accelerator' => 'Accélérateur (cache)',
'update time' => 'Mettre à jour l\'heure :',
'update transcript' => 'Mettre à jour transcript',
'updatedatabase' => 'Mettre à jour la base de données avec le dernier rapport',
'updxlrtr condition outdated' => 'Périmé',
'updxlrtr condition suspended' => 'Suspendu',
'updxlrtr condition unknown' => 'Inconnu',
-'updxlrtr configuration' => 'Mise à jour de l\'accélérateur',
+'updxlrtr configuration' => 'Paramètres de l\'accélérateur',
'updxlrtr current downloads' => 'Les fichiers suivants sont en cours de téléchargement dans le cache local :',
-'updxlrtr current files' => 'Les fichiers courants sont dans le cache local',
+'updxlrtr current files' => 'Les fichiers suivants sont dans le cache local',
'updxlrtr daily' => 'Quotidienne',
'updxlrtr data from cache' => 'Données du cache (octets)',
'updxlrtr disk usage' => 'Utilisation du disque',
'used swap' => 'Swap utilisée',
'user' => 'Utilisateur',
'user log' => 'log utilisateur',
-'user proxy logs' => 'user proxy log',
+'user proxy logs' => 'log utilisateur proxy',
'username' => 'Nom utilisateur :',
'username not set' => 'Nom d\'utilisateur non défini.',
'users department' => 'Département de l\'utilisateur',
'vpn connecting' => 'CONNEXION',
'vpn delayed start' => 'Délai avant le lancement du VPN (secondes) ',
'vpn delayed start help' => 'Si requis, ce délai peut être utilisé pour autoriser les mises à jour de DNS dynamique à la propagation appropriée. 60 est une valeur souvent utilisée lorsque l\'interface ROUGE est une IP dynamique.',
-'vpn force mobike' => 'Force using MOBIKE (only IKEv2)',
+'vpn force mobike' => 'Force utilisation MOBIKE (seulement IKEv2)',
'vpn inactivity timeout' => 'Délai dépassé inactivité',
'vpn incompatible use of defaultroute' => 'hostname=%defaultroute non admis',
'vpn keyexchange' => 'Keyexchange',
'vpn start action' => 'Hareketi BaÅŸlat',
'vpn start action route' => 'Ä°stek Ãœzerine',
'vpn start action start' => 'Her Zaman',
-'vpn statistic n2n' => 'AÄŸdan AÄŸa OpenVPN Ä°statistiÄŸi',
-'vpn statistic rw' => 'Roadwarrior OpenVPN Ä°statistiÄŸi',
+'vpn statistic n2n' => 'AÄŸdan AÄŸa VPN Ä°statistiÄŸi',
+'vpn statistic rw' => 'Roadwarrior VPN Ä°statistiÄŸi',
'vpn subjectaltname' => 'Alternatif konu adı',
'vpn watch' => 'Karşı eş IP değiştirdiğinde (dyndns) ağdan-ağa VPN bağlantısını yeniden başlat. Bu DPD ye yardımcı olur.',
'vpn weak' => 'Hafta',
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 9.11.5-P1
+VER = 9.11.6
THISAPP = bind-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 2825d818db51008f88a0030507edfa8a
+$(DL_FILE)_MD5 = 4882bd3eeef779e05b515b32354cc081
install : $(TARGET)
--prefix=/usr \
--enable-threads \
--with-libtool \
+ --without-python \
--disable-static
cd $(DIR_APP) && make -C lib/isc install
cd $(DIR_APP) && make -C lib/dns install
cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices.default
# Oneliner configfiles
echo "ENABLED=off" > $(CONFIG_ROOT)/vpn/settings
- echo "VPN_DELAYED_START=0" >>$(CONFIG_ROOT)/vpn/settings
echo "01" > $(CONFIG_ROOT)/certs/serial
echo "nameserver 1.2.3.4" > $(CONFIG_ROOT)/ppp/fake-resolv.conf
echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 6.38
+VER = 7.1
THISAPP = ipset-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 0e5d9c85f6b78e7dff0c996e2900574b
+$(DL_FILE)_MD5 = 72b477d1ce076d681b0799f88280f2f3
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.8.3
+VER = 1.8.4
THISAPP = libgcrypt-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 3139c2402e844985a67fb288a930534d
+$(DL_FILE)_MD5 = fbfdaebbbc6d7e5fbbf6ffdb3e139573
install : $(TARGET)
include Config
-VER = 1.1.1a
+VER = 1.1.1b
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 963deb2272d6be7d4c2458afd2517b73
+$(DL_FILE)_MD5 = 4532712e7bcc9414f5bce995e4e13930
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 2.4.6
+VER = 2.4.7
THISAPP = openvpn-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 3a1f3f63bdaede443b4df49957df9405
+$(DL_FILE)_MD5 = 4ad8a008e1e7f261b3aa0024e79e7fb7
install : $(TARGET)
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 0.40
+
+THISAPP = spectre-meltdown-checker-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = spectre-meltdown-checker
+PAK_VER = 1
+
+DEPS = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = cc1ed68faf3fde13b1ff3bd15a22d46d
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && install -v -m 754 spectre-meltdown-checker.sh \
+ /usr/sbin/spectre-meltdown-checker
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 4.5
+VER = 4.6
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8275da5846f9f2243ad2625e5aef2ee0
+$(DL_FILE)_MD5 = e25e7cc37754ad14d8aa368c0c210e54
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-4.5-fix-max-file-descriptors.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-4.6-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi
cd $(DIR_APP)/libltdl && autoreconf -vfi
--disable-kqueue \
--disable-esi \
--disable-arch-native \
- --enable-ipv6 \
--enable-poll \
--enable-ident-lookups \
--enable-storeio=aufs,diskd,ufs \
/usr/lib/firewall/rules.pl
install -m 644 $(DIR_SRC)/config/firewall/firewall-lib.pl \
/usr/lib/firewall/firewall-lib.pl
- install -m 755 $(DIR_SRC)/config/firewall/ipsec-block \
- /usr/lib/firewall/ipsec-block
+ install -m 755 $(DIR_SRC)/config/firewall/ipsec-policy \
+ /usr/lib/firewall/ipsec-policy
# Nobody user
-mkdir -p /home/nobody
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-disable-ipv6.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-ipfire.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-ipfire-interfaces.patch
cd $(DIR_APP) && ./configure \
--prefix="/usr" \
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.31
+VER = 1.32
THISAPP = tar-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 77afa35b696c8d760331fa0e12c2fac9
+$(DL_FILE)_MD5 = 17917356fff5cb4bd3cd5a6c3e727b05
install : $(TARGET)
include Config
-VER = 0.3.5.7
+VER = 0.3.5.8
THISAPP = tor-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tor
-PAK_VER = 32
+PAK_VER = 33
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8076f11045b5a94fd4ef0a0114b845f6
+$(DL_FILE)_MD5 = e4b0feca80cc221ab235c9544851b146
install : $(TARGET)
include Config
-VER = 1.8.3
+VER = 1.9.0
THISAPP = unbound-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4646203343d3b8f5aeb1b57753c27ead
+$(DL_FILE)_MD5 = 1026159991a3883518525bc18e25582f
install : $(TARGET)
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.21" # Version number
-CORE="128" # Core Level (Filename)
+CORE="129" # Core Level (Filename)
PAKFIRE_CORE="128" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
lfsmake2 xr819-firmware
lfsmake2 zd1211-firmware
lfsmake2 rpi-firmware
+ lfsmake2 intel-microcode
lfsmake2 bc
lfsmake2 u-boot MKIMAGE=1
lfsmake2 cpio
lfsmake2 linux-initrd KCFG="-multi"
;;
esac
- lfsmake2 intel-microcode
lfsmake2 xtables-addons USPACE="1"
lfsmake2 libgpg-error
lfsmake2 libgcrypt
lfsmake2 borgbackup
lfsmake2 libedit
lfsmake2 knot
+ lfsmake2 spectre-meltdown-checker
}
buildinstaller() {
#!/bin/bash
-eval $(/usr/local/bin/readhash /var/ipfire/vpn/settings)
-
-sleep $VPN_DELAYED_START && /usr/local/bin/ipsecctrl S &
-
-exit 0
+exec /usr/local/bin/ipsecctrl S
iptables -t nat -N REDNAT
iptables -t nat -A POSTROUTING -j REDNAT
- # Populate IPsec block chain
- /usr/lib/firewall/ipsec-block
+ # Populate IPsec chains
+ /usr/lib/firewall/ipsec-policy
# Apply OpenVPN firewall rules
/usr/local/bin/openvpnctrl --firewall-rules
fi
fi
+ # Create IPsec interfaces
+ /usr/local/bin/ipsec-interfaces
+
/etc/rc.d/init.d/static-routes start
;;
safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
}
-/*
- ACCEPT the ipsec protocol ah, esp & udp (for nat traversal) on the specified interface
-*/
-void open_physical (char *interface, int nat_traversal_port) {
- char str[STRING_SIZE];
-
- // IKE
- sprintf(str, "/sbin/iptables --wait -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
- safe_system(str);
- sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface);
- safe_system(str);
- sprintf(str, "/sbin/iptables --wait -D IPSECOUTPUT -p udp -o %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
- safe_system(str);
- sprintf(str, "/sbin/iptables --wait -A IPSECOUTPUT -p udp -o %s --dport 500 -j ACCEPT", interface);
- safe_system(str);
-
- if (! nat_traversal_port)
- return;
-
- sprintf(str, "/sbin/iptables --wait -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port);
- safe_system(str);
- sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
- safe_system(str);
- sprintf(str, "/sbin/iptables --wait -D IPSECOUTPUT -p udp -o %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port);
- safe_system(str);
- sprintf(str, "/sbin/iptables --wait -A IPSECOUTPUT -p udp -o %s --dport %i -j ACCEPT", interface, nat_traversal_port);
- safe_system(str);
-}
-
-void ipsec_norules() {
- /* clear input rules */
- safe_system("/sbin/iptables --wait -F IPSECINPUT");
- safe_system("/sbin/iptables --wait -F IPSECFORWARD");
- safe_system("/sbin/iptables --wait -F IPSECOUTPUT");
-}
-
/*
return values from the vpn config file or false if not 'on'
*/
"/usr/sbin/ipsec down %s >/dev/null", name);
safe_system(command);
- // Reload the IPsec block chain
- safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
+ // Reload the IPsec firewall policy
+ safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
+
+ // Create or destroy interfaces
+ safe_system("/usr/local/bin/ipsec-interfaces >/dev/null");
// Reload the configuration into the daemon (#10339).
ipsec_reload();
// Bring the connection up again.
snprintf(command, STRING_SIZE - 1,
- "/usr/sbin/ipsec up %s >/dev/null", name);
+ "/usr/sbin/ipsec stroke up-nb %s >/dev/null", name);
safe_system(command);
}
// Reload, so the connection is dropped.
ipsec_reload();
- // Reload the IPsec block chain
- safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
+ // Reload the IPsec firewall policy
+ safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
+
+ // Create or destroy interfaces
+ safe_system("/usr/local/bin/ipsec-interfaces >/dev/null");
}
int main(int argc, char *argv[]) {
- char configtype[STRING_SIZE];
- char redtype[STRING_SIZE] = "";
struct keyvalue *kv = NULL;
if (argc < 2) {
}
if (!(initsetuid()))
exit(1);
-
- FILE *file = NULL;
-
+
+ FILE *file = NULL;
if (strcmp(argv[1], "I") == 0) {
safe_system("/usr/sbin/ipsec status");
if (argc == 2) {
if (strcmp(argv[1], "D") == 0) {
safe_system("/usr/sbin/ipsec stop >/dev/null 2>&1");
- ipsec_norules();
+ safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
+ safe_system("/usr/local/bin/ipsec-interfaces >/dev/null");
exit(0);
}
}
exit(0);
}
- /* read interface settings */
- kv=initkeyvalues();
- if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))
- {
- fprintf(stderr, "Cannot read ethernet settings\n");
- exit(1);
- }
- if (!findkey(kv, "CONFIG_TYPE", configtype))
- {
- fprintf(stderr, "Cannot read CONFIG_TYPE\n");
- exit(1);
- }
- findkey(kv, "RED_TYPE", redtype);
-
-
- /* Loop through the config file to find physical interface that will accept IPSEC */
- int enable_red=0; // states 0: not used
- int enable_green=0; // 1: error condition
- int enable_orange=0; // 2: good
- int enable_blue=0;
- char if_red[STRING_SIZE] = "";
- char if_green[STRING_SIZE] = "";
- char if_orange[STRING_SIZE] = "";
- char if_blue[STRING_SIZE] = "";
char s[STRING_SIZE];
- // when RED is up, find interface name in special file
- FILE *ifacefile = NULL;
- if ((ifacefile = fopen(CONFIG_ROOT "/red/iface", "r"))) {
- if (fgets(if_red, STRING_SIZE, ifacefile)) {
- if (if_red[strlen(if_red) - 1] == '\n')
- if_red[strlen(if_red) - 1] = '\0';
- }
- fclose (ifacefile);
-
- if (VALID_DEVICE(if_red))
- enable_red++;
- }
-
- // Check if GREEN is enabled.
- findkey(kv, "GREEN_DEV", if_green);
- if (VALID_DEVICE(if_green))
- enable_green++;
-
- // Check if ORANGE is enabled.
- findkey(kv, "ORANGE_DEV", if_orange);
- if (VALID_DEVICE(if_orange))
- enable_orange++;
-
- // Check if BLUE is enabled.
- findkey(kv, "BLUE_DEV", if_blue);
- if (VALID_DEVICE(if_blue))
- enable_blue++;
-
- freekeyvalues(kv);
-
- // exit if nothing to do
- if ((enable_red+enable_green+enable_orange+enable_blue) == 0)
- exit(0);
-
- // open needed ports
- if (enable_red > 0)
- open_physical(if_red, 4500);
-
- if (enable_green > 0)
- open_physical(if_green, 4500);
-
- if (enable_orange > 0)
- open_physical(if_orange, 4500);
-
- if (enable_blue > 0)
- open_physical(if_blue, 4500);
-
- // start the system
+ // start the system
if ((argc == 2) && strcmp(argv[1], "S") == 0) {
- safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
+ safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
+ safe_system("/usr/local/bin/ipsec-interfaces >/dev/null");
safe_system("/usr/sbin/ipsec restart >/dev/null");
exit(0);
}
--- /dev/null
+--- strongswan-5.7.0/src/_updown/_updown.in.bak 2019-02-06 18:19:25.723893992 +0000
++++ strongswan-5.7.0/src/_updown/_updown.in 2019-02-06 18:28:21.520560665 +0000
+@@ -130,6 +130,13 @@
+ # address family.
+ #
+
++VARS=(
++ id status name lefthost type ctype psk local local_id leftsubnets
++ remote_id remote rightsubnets x3 x4 x5 x6 x7 x8 x9 x10 x11 x12
++ x13 x14 x15 x16 x17 x18 x19 proto x20 x21 x22
++ route x23 mode interface_mode interface_address interface_mtu rest
++)
++
+ function ip_encode() {
+ local IFS=.
+
+@@ -319,6 +326,13 @@
+ fi
+ ;;
+ up-client:iptables)
++ # Read IPsec configuration
++ while IFS="," read -r "${VARS[@]}"; do
++ if [ "${PLUTO_CONNECTION}" = "${name}" ]; then
++ break
++ fi
++ done < /var/ipfire/vpn/config
++
+ # connection to client subnet, with (left/right)firewall=yes, coming up
+ # This is used only by the default updown script, not by your custom
+ # ones, so do not mess with it; see CAUTION comment up at top.
+@@ -383,23 +397,25 @@
+ "tunnel+ $PLUTO_PEER -- $PLUTO_ME"
+ fi
+
+- # Add source nat so also the gateway can access the other nets
+- eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+- for _src in ${GREEN_ADDRESS} ${BLUE_ADDRESS} ${ORANGE_ADDRESS}; do
+- ip_in_subnet "${_src}" "${PLUTO_MY_CLIENT}"
+- if [ $? -eq 0 ]; then
+- src=${_src}
+- break
++ if [ -z "${interface_mode}" ]; then
++ # Add source nat so also the gateway can access the other nets
++ eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
++ for _src in ${GREEN_ADDRESS} ${BLUE_ADDRESS} ${ORANGE_ADDRESS}; do
++ ip_in_subnet "${_src}" "${PLUTO_MY_CLIENT}"
++ if [ $? -eq 0 ]; then
++ src=${_src}
++ break
++ fi
++ done
++
++ if [ -n "${src}" ]; then
++ iptables --wait -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
++ logger -t $TAG -p $FAC_PRIO \
++ "snat+ $PLUTO_INTERFACE-$PLUTO_ME : $PLUTO_PEER_CLIENT - $src"
++ else
++ logger -t $TAG -p $FAC_PRIO \
++ "Cannot create NAT rule because no IP of the IPFire does match the subnet. $PLUTO_MY_CLIENT"
+ fi
+- done
+-
+- if [ -n "${src}" ]; then
+- iptables --wait -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
+- logger -t $TAG -p $FAC_PRIO \
+- "snat+ $PLUTO_INTERFACE-$PLUTO_ME : $PLUTO_PEER_CLIENT - $src"
+- else
+- logger -t $TAG -p $FAC_PRIO \
+- "Cannot create NAT rule because no IP of the IPFire does match the subnet. $PLUTO_MY_CLIENT"
+ fi
+
+ # Flush routing cache
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2015 IPFire Team #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+shopt -s nullglob
+
+VPN_CONFIG="/var/ipfire/vpn/config"
+
+eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/vpn/settings)
+
+VARS=(
+ id status name lefthost type ctype psk local local_id leftsubnets
+ remote_id remote rightsubnets x3 x4 x5 x6 x7 x8 x9 x10 x11 x12
+ x13 x14 x15 x16 x17 x18 x19 proto x20 x21 x22
+ route x23 mode interface_mode interface_address interface_mtu rest
+)
+
+log() {
+ logger -t ipsec "$@"
+}
+
+resolve_hostname() {
+ local hostname="${1}"
+
+ dig +short A "${hostname}" | tail -n1
+}
+
+main() {
+ # Register local variables
+ local "${VARS[@]}"
+ local action
+
+ local interfaces=()
+
+ # We are done when IPsec is not enabled
+ if [ "${ENABLED}" = "on" ]; then
+ while IFS="," read -r "${VARS[@]}"; do
+ # Check if the connection is enabled
+ [ "${status}" = "on" ] || continue
+
+ # Check if this a net-to-net connection
+ [ "${type}" = "net" ] || continue
+
+ # Determine the interface name
+ case "${interface_mode}" in
+ gre|vti)
+ local intf="${interface_mode}${id}"
+ ;;
+ *)
+ continue
+ ;;
+ esac
+
+ # Add the interface to the list of all interfaces
+ interfaces+=( "${intf}" )
+
+ # Compat for older connections
+ if [ "${local}" = "off" ]; then
+ if [ "${VPN_IP}" = "%defaultroute" ]; then
+ local=""
+ else
+ local="${VPN_IP}"
+ fi
+ fi
+
+ # Handle %defaultroute
+ if [ -z "${local}" ]; then
+ if [ -r "/var/ipfire/red/local-ipaddress" ]; then
+ local="$(</var/ipfire/red/local-ipaddress)"
+
+ elif [ "${RED_TYPE}" = "STATIC" -a -n "${RED_ADDRESS}" ]; then
+ local="${RED_ADDRESS}"
+ fi
+ fi
+
+ # Resolve any hostnames
+ if [[ ! ${remote} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+ remote="$(resolve_hostname "${remote}")"
+ fi
+
+ local args=(
+ "local" "${local}"
+ "remote" "${remote}"
+ )
+
+ case "${interface_mode}" in
+ gre)
+ # Add TTL
+ args+=( "ttl" "255" )
+ ;;
+
+ vti)
+ # Add key for VTI
+ args+=( "key" "${id}" )
+ ;;
+ esac
+
+ # Update the settings when the interface already exists
+ if [ -d "/sys/class/net/${intf}" ]; then
+ ip link change dev "${intf}" \
+ type "${interface_mode}" "${args[@]}" &>/dev/null
+
+ # Create a new interface and bring it up
+ else
+ log "Creating interface ${intf}"
+ if ! ip link add name "${intf}" type "${interface_mode}" "${args[@]}"; then
+ log "Could not create interface ${intf}"
+ continue
+ fi
+ fi
+
+ # Add an IP address
+ ip addr flush dev "${intf}"
+ ip addr add "${interface_address}" dev "${intf}"
+
+ # Set MTU
+ ip link set dev "${intf}" mtu "${interface_mtu}"
+
+ # Bring up the interface
+ ip link set dev "${intf}" up
+ done < "${VPN_CONFIG}"
+ fi
+
+ # Delete all other interfaces
+ local intf
+ for intf in /sys/class/net/gre[0-9]* /sys/class/net/vti[0-9]*; do
+ intf="$(basename "${intf}")"
+
+ # Ignore a couple of interfaces that cannot be deleted
+ case "${intf}" in
+ gre0|gretap0)
+ continue
+ ;;
+ esac
+
+ # Check if interface is on the list
+ local i found="false"
+ for i in ${interfaces[@]}; do
+ if [ "${intf}" = "${i}" ]; then
+ found="true"
+ break
+ fi
+ done
+
+ # Nothing to do if interface was found
+ ${found} && continue
+
+ # Delete the interface
+ log "Deleting interface ${intf}"
+ ip link del "${intf}" &>/dev/null
+ done
+}
+
+main || exit $?