WARNING: translation string unused: zoneconf val vlan tag assignment error
WARNING: translation string unused: zoneconf val vlan tag range error
WARNING: translation string unused: zoneconf val zoneslave amount error
+WARNING: untranslated string: AES-128-CBC = AES - CBC Mode - 128 Bit
+WARNING: untranslated string: AES-128-GCM = AES - GCM Mode - 128 Bit
+WARNING: untranslated string: AES-256-CBC = AES - CBC Mode - 256 Bit
+WARNING: untranslated string: AES-256-GCM = AES - GCM Mode - 256 Bit
+WARNING: untranslated string: CHACHA20-POLY1305 = ChaCha20-Poly1305
WARNING: untranslated string: access point name = Access Point Name
WARNING: untranslated string: access point name is invalid = Access Point Name is invalid
WARNING: untranslated string: access point name is required = Access Point Name is required
WARNING: untranslated string: no entries = No entries at the moment.
WARNING: untranslated string: oops something went wrong = Oops, something went wrong...
WARNING: untranslated string: optional = Optional
+WARNING: untranslated string: ovpn ciphers = Ciphers
WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
+WARNING: untranslated string: ovpn if ncp is disabled we must have cipher = If you want to disable cipher negotiation, you will have to select a fallback cipher.
WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Server
+WARNING: untranslated string: ovpn unsupported cipher selected = Unknown cipher selected
WARNING: untranslated string: pakfire invalid tree = Invalid repository selected
WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS)
WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
WARNING: untranslated string: 24 hours = 24 Hours
+WARNING: untranslated string: AES-128-CBC = AES - CBC Mode - 128 Bit
+WARNING: untranslated string: AES-128-GCM = AES - GCM Mode - 128 Bit
+WARNING: untranslated string: AES-256-CBC = AES - CBC Mode - 256 Bit
+WARNING: untranslated string: AES-256-GCM = AES - GCM Mode - 256 Bit
WARNING: untranslated string: Act as = Act as:
WARNING: untranslated string: Add Level7 rule = Add Level7 rule
WARNING: untranslated string: Add Port Rule = Add port rule
WARNING: untranslated string: Add Rule = Add rule
WARNING: untranslated string: Add a route = Add a route
+WARNING: untranslated string: CHACHA20-POLY1305 = ChaCha20-Poly1305
WARNING: untranslated string: Captive = Captive Portal
WARNING: untranslated string: Captive ACTIVATE = unknown string
WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS
WARNING: untranslated string: outgoing traffic in bytes per second = Outgoing Traffic
WARNING: untranslated string: ovpn = OpenVPN
WARNING: untranslated string: ovpn add conf = Additional configuration
+WARNING: untranslated string: ovpn ciphers = Ciphers
WARNING: untranslated string: ovpn con stat = OpenVPN Connection Statistics
WARNING: untranslated string: ovpn connection name = Connection Name
WARNING: untranslated string: ovpn crypt options = Cryptographic options
WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
WARNING: untranslated string: ovpn ha = Hash algorithm
+WARNING: untranslated string: ovpn if ncp is disabled we must have cipher = If you want to disable cipher negotiation, you will have to select a fallback cipher.
WARNING: untranslated string: ovpn mgmt in root range = A port number of 1024 or higher is required.
WARNING: untranslated string: ovpn no connections = No active OpenVPN connections
WARNING: untranslated string: ovpn on blue = OpenVPN on BLUE:
WARNING: untranslated string: ovpn subnet is invalid = OpenVPN subnet is invalid.
WARNING: untranslated string: ovpn subnet overlap = OpenVPN Subnet overlaps with :
WARNING: untranslated string: ovpn tls auth = TLS Channel Protection:
+WARNING: untranslated string: ovpn unsupported cipher selected = Unknown cipher selected
WARNING: untranslated string: pagerefresh = Page is beeing refreshed, please wait.
WARNING: untranslated string: pak update = Update
WARNING: untranslated string: pakfire accept all = Do you want to install all packages?
WARNING: translation string unused: zoneconf val vlan tag assignment error
WARNING: translation string unused: zoneconf val vlan tag range error
WARNING: translation string unused: zoneconf val zoneslave amount error
+WARNING: untranslated string: AES-128-CBC = AES - CBC Mode - 128 Bit
+WARNING: untranslated string: AES-128-GCM = AES - GCM Mode - 128 Bit
+WARNING: untranslated string: AES-256-CBC = AES - CBC Mode - 256 Bit
+WARNING: untranslated string: AES-256-GCM = AES - GCM Mode - 256 Bit
+WARNING: untranslated string: CHACHA20-POLY1305 = ChaCha20-Poly1305
WARNING: untranslated string: Captive ACTIVATE = unknown string
WARNING: untranslated string: Captive clients = unknown string
WARNING: untranslated string: Scan for Songs = unknown string
WARNING: untranslated string: oops something went wrong = Oops, something went wrong...
WARNING: untranslated string: openvpn cert expires soon = Expires Soon
WARNING: untranslated string: openvpn cert has expired = Expired
+WARNING: untranslated string: ovpn ciphers = Ciphers
WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
+WARNING: untranslated string: ovpn if ncp is disabled we must have cipher = If you want to disable cipher negotiation, you will have to select a fallback cipher.
WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Server
+WARNING: untranslated string: ovpn unsupported cipher selected = Unknown cipher selected
WARNING: untranslated string: pakfire ago = ago.
WARNING: untranslated string: processors = Processors
WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS)
WARNING: translation string unused: zoneconf val vlan tag assignment error
WARNING: translation string unused: zoneconf val vlan tag range error
WARNING: translation string unused: zoneconf val zoneslave amount error
+WARNING: untranslated string: AES-128-CBC = AES - CBC Mode - 128 Bit
+WARNING: untranslated string: AES-128-GCM = AES - GCM Mode - 128 Bit
+WARNING: untranslated string: AES-256-CBC = AES - CBC Mode - 256 Bit
+WARNING: untranslated string: AES-256-GCM = AES - GCM Mode - 256 Bit
+WARNING: untranslated string: CHACHA20-POLY1305 = ChaCha20-Poly1305
WARNING: untranslated string: core notice 3 = available.
WARNING: untranslated string: data transfer = Data Transfer
WARNING: untranslated string: enable disable client = unknown string
WARNING: untranslated string: ids provider eol = (EOL)
WARNING: untranslated string: load average = Load Average
WARNING: untranslated string: oops something went wrong = Oops, something went wrong...
+WARNING: untranslated string: ovpn ciphers = Ciphers
WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
+WARNING: untranslated string: ovpn if ncp is disabled we must have cipher = If you want to disable cipher negotiation, you will have to select a fallback cipher.
WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Server
+WARNING: untranslated string: ovpn unsupported cipher selected = Unknown cipher selected
WARNING: untranslated string: pakfire ago = ago.
WARNING: untranslated string: processors = Processors
WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS)
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: 24 hours = 24 Hours
+WARNING: untranslated string: AES-128-CBC = AES - CBC Mode - 128 Bit
+WARNING: untranslated string: AES-128-GCM = AES - GCM Mode - 128 Bit
+WARNING: untranslated string: AES-256-CBC = AES - CBC Mode - 256 Bit
+WARNING: untranslated string: AES-256-GCM = AES - GCM Mode - 256 Bit
+WARNING: untranslated string: CHACHA20-POLY1305 = ChaCha20-Poly1305
WARNING: untranslated string: Captive = Captive Portal
WARNING: untranslated string: Captive ACTIVATE = unknown string
WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS
WARNING: untranslated string: outgoing compression in bytes per second = Outgoing compression
WARNING: untranslated string: outgoing overhead in bytes per second = Outgoing Overhead
WARNING: untranslated string: ovpn add conf = Additional configuration
+WARNING: untranslated string: ovpn ciphers = Ciphers
WARNING: untranslated string: ovpn connection name = Connection Name
WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
+WARNING: untranslated string: ovpn if ncp is disabled we must have cipher = If you want to disable cipher negotiation, you will have to select a fallback cipher.
WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Server
WARNING: untranslated string: ovpn rw connection log = OpenVPN Roadwarrior Connections Log
WARNING: untranslated string: ovpn tls auth = TLS Channel Protection:
+WARNING: untranslated string: ovpn unsupported cipher selected = Unknown cipher selected
WARNING: untranslated string: pak update = Update
WARNING: untranslated string: pakfire already busy = Pakfire is already performing a task. Please try again later.
WARNING: untranslated string: pakfire finished = Pakfire has finished! Returning...
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: 24 hours = 24 Hours
+WARNING: untranslated string: AES-128-CBC = AES - CBC Mode - 128 Bit
+WARNING: untranslated string: AES-128-GCM = AES - GCM Mode - 128 Bit
+WARNING: untranslated string: AES-256-CBC = AES - CBC Mode - 256 Bit
+WARNING: untranslated string: AES-256-GCM = AES - GCM Mode - 256 Bit
+WARNING: untranslated string: CHACHA20-POLY1305 = ChaCha20-Poly1305
WARNING: untranslated string: Captive = Captive Portal
WARNING: untranslated string: Captive ACTIVATE = unknown string
WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS
WARNING: untranslated string: outgoing compression in bytes per second = Outgoing compression
WARNING: untranslated string: outgoing overhead in bytes per second = Outgoing Overhead
WARNING: untranslated string: ovpn add conf = Additional configuration
+WARNING: untranslated string: ovpn ciphers = Ciphers
WARNING: untranslated string: ovpn connection name = Connection Name
WARNING: untranslated string: ovpn crypt options = Cryptographic options
WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
WARNING: untranslated string: ovpn ha = Hash algorithm
+WARNING: untranslated string: ovpn if ncp is disabled we must have cipher = If you want to disable cipher negotiation, you will have to select a fallback cipher.
WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Server
WARNING: untranslated string: ovpn rw connection log = OpenVPN Roadwarrior Connections Log
WARNING: untranslated string: ovpn tls auth = TLS Channel Protection:
+WARNING: untranslated string: ovpn unsupported cipher selected = Unknown cipher selected
WARNING: untranslated string: pakfire already busy = Pakfire is already performing a task. Please try again later.
WARNING: untranslated string: pakfire finished = Pakfire has finished! Returning...
WARNING: untranslated string: pakfire finished error = Pakfire has finished! Errors occurred, please check the log output before proceeding.
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: 24 hours = 24 Hours
+WARNING: untranslated string: AES-128-CBC = AES - CBC Mode - 128 Bit
+WARNING: untranslated string: AES-128-GCM = AES - GCM Mode - 128 Bit
+WARNING: untranslated string: AES-256-CBC = AES - CBC Mode - 256 Bit
+WARNING: untranslated string: AES-256-GCM = AES - GCM Mode - 256 Bit
+WARNING: untranslated string: CHACHA20-POLY1305 = ChaCha20-Poly1305
WARNING: untranslated string: Captive = Captive Portal
WARNING: untranslated string: Captive ACTIVATE = unknown string
WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS
WARNING: untranslated string: outgoing firewall access = Outgoing Firewall Access
WARNING: untranslated string: outgoing overhead in bytes per second = Outgoing Overhead
WARNING: untranslated string: ovpn add conf = Additional configuration
+WARNING: untranslated string: ovpn ciphers = Ciphers
WARNING: untranslated string: ovpn connection name = Connection Name
WARNING: untranslated string: ovpn crypt options = Cryptographic options
WARNING: untranslated string: ovpn errmsg green already pushed = Route for green network is always set
WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
WARNING: untranslated string: ovpn ha = Hash algorithm
+WARNING: untranslated string: ovpn if ncp is disabled we must have cipher = If you want to disable cipher negotiation, you will have to select a fallback cipher.
WARNING: untranslated string: ovpn mgmt in root range = A port number of 1024 or higher is required.
WARNING: untranslated string: ovpn no connections = No active OpenVPN connections
WARNING: untranslated string: ovpn port in root range = A port number of 1024 or higher is required.
WARNING: untranslated string: ovpn routes push options = Route push options
WARNING: untranslated string: ovpn rw connection log = OpenVPN Roadwarrior Connections Log
WARNING: untranslated string: ovpn tls auth = TLS Channel Protection:
+WARNING: untranslated string: ovpn unsupported cipher selected = Unknown cipher selected
WARNING: untranslated string: pak update = Update
WARNING: untranslated string: pakfire already busy = Pakfire is already performing a task. Please try again later.
WARNING: untranslated string: pakfire finished = Pakfire has finished! Returning...
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: 24 hours = 24 Hours
+WARNING: untranslated string: AES-128-CBC = AES - CBC Mode - 128 Bit
+WARNING: untranslated string: AES-128-GCM = AES - GCM Mode - 128 Bit
+WARNING: untranslated string: AES-256-CBC = AES - CBC Mode - 256 Bit
+WARNING: untranslated string: AES-256-GCM = AES - GCM Mode - 256 Bit
WARNING: untranslated string: Add a route = Add a route
+WARNING: untranslated string: CHACHA20-POLY1305 = ChaCha20-Poly1305
WARNING: untranslated string: Captive = Captive Portal
WARNING: untranslated string: Captive ACTIVATE = unknown string
WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS
WARNING: untranslated string: outgoing overhead in bytes per second = Outgoing Overhead
WARNING: untranslated string: outgoing traffic in bytes per second = Outgoing Traffic
WARNING: untranslated string: ovpn add conf = Additional configuration
+WARNING: untranslated string: ovpn ciphers = Ciphers
WARNING: untranslated string: ovpn connection name = Connection Name
WARNING: untranslated string: ovpn crypt options = Cryptographic options
WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
WARNING: untranslated string: ovpn ha = Hash algorithm
+WARNING: untranslated string: ovpn if ncp is disabled we must have cipher = If you want to disable cipher negotiation, you will have to select a fallback cipher.
WARNING: untranslated string: ovpn mgmt in root range = A port number of 1024 or higher is required.
WARNING: untranslated string: ovpn no connections = No active OpenVPN connections
WARNING: untranslated string: ovpn port in root range = A port number of 1024 or higher is required.
WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Server
WARNING: untranslated string: ovpn rw connection log = OpenVPN Roadwarrior Connections Log
WARNING: untranslated string: ovpn tls auth = TLS Channel Protection:
+WARNING: untranslated string: ovpn unsupported cipher selected = Unknown cipher selected
WARNING: untranslated string: pak update = Update
WARNING: untranslated string: pakfire already busy = Pakfire is already performing a task. Please try again later.
WARNING: untranslated string: pakfire finished = Pakfire has finished! Returning...
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
+WARNING: untranslated string: AES-128-CBC = AES - CBC Mode - 128 Bit
+WARNING: untranslated string: AES-128-GCM = AES - GCM Mode - 128 Bit
+WARNING: untranslated string: AES-256-CBC = AES - CBC Mode - 256 Bit
+WARNING: untranslated string: AES-256-GCM = AES - GCM Mode - 256 Bit
+WARNING: untranslated string: CHACHA20-POLY1305 = ChaCha20-Poly1305
WARNING: untranslated string: Captive clients = unknown string
WARNING: untranslated string: Captive delete logo = Delete Logo
WARNING: untranslated string: Disabled = Disabled
WARNING: untranslated string: openvpn cert has expired = Expired
WARNING: untranslated string: optional = Optional
WARNING: untranslated string: otp qrcode = OTP QRCode
+WARNING: untranslated string: ovpn ciphers = Ciphers
WARNING: untranslated string: ovpn connection name = Connection Name
WARNING: untranslated string: ovpn fallback cipher = Fallback Cipher
WARNING: untranslated string: ovpn fallback cipher help = This cipher is being used by clients that do not support cipher negotiation.
+WARNING: untranslated string: ovpn if ncp is disabled we must have cipher = If you want to disable cipher negotiation, you will have to select a fallback cipher.
WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Server
WARNING: untranslated string: ovpn rw connection log = OpenVPN Roadwarrior Connections Log
WARNING: untranslated string: ovpn tls auth = TLS Channel Protection:
+WARNING: untranslated string: ovpn unsupported cipher selected = Unknown cipher selected
WARNING: untranslated string: pak update = Update
WARNING: untranslated string: pakfire already busy = Pakfire is already performing a task. Please try again later.
WARNING: untranslated string: pakfire finished = Pakfire has finished! Returning...
< access point name is invalid
< access point name is required
< advproxy update information
+< AES-128-CBC
+< AES-128-GCM
+< AES-256-CBC
+< AES-256-GCM
< aliases default interface
< ansi t1.483
< backup archive
< Captive heading voucher
< Captive invalid coupon
< Captive please enter a coupon code
+< CHACHA20-POLY1305
< choose media
< could not connect to www ipfire org
< cryptographic settings
< okay
< oops something went wrong
< optional
+< ovpn ciphers
< ovpn fallback cipher
< ovpn fallback cipher help
+< ovpn if ncp is disabled we must have cipher
< ovpn roadwarrior server
+< ovpn unsupported cipher selected
< quick control
< random number generator daemon
< regenerate host certificate
< access point name is invalid
< access point name is required
< addon
+< AES-128-CBC
+< AES-128-GCM
+< AES-256-CBC
+< AES-256-GCM
+< CHACHA20-POLY1305
< cpu frequency
< data transfer
< dhcp fixed ip address in dynamic range
< oops something went wrong
< openvpn cert expires soon
< openvpn cert has expired
+< ovpn ciphers
< ovpn fallback cipher
< ovpn fallback cipher help
+< ovpn if ncp is disabled we must have cipher
< ovpn roadwarrior server
+< ovpn unsupported cipher selected
< processors
< regenerate host certificate
< reg_file_data_sampling
############################################################################
# Checking cgi-bin translations for language: fr #
############################################################################
+< AES-128-CBC
+< AES-128-GCM
+< AES-256-CBC
+< AES-256-GCM
< ansi t1.483
< bewan adsl pci st
< bewan adsl usb
+< CHACHA20-POLY1305
< data transfer
< extrahd because it it outside the allowed mount path
< fwdfw syn flood protection
< ids unsupported provider
< load average
< oops something went wrong
+< ovpn ciphers
< ovpn fallback cipher
< ovpn fallback cipher help
+< ovpn if ncp is disabled we must have cipher
< ovpn roadwarrior server
+< ovpn unsupported cipher selected
< processors
< reg_file_data_sampling
< system time
< advproxy wpad label dst_noproxy_url
< advproxy wpad title
< advproxy wpad view pac
+< AES-128-CBC
+< AES-128-GCM
+< AES-256-CBC
+< AES-256-GCM
< aliases default interface
< asn lookup failed
< autonomous system
< Captive vout
< Captive WiFi coupon
< Captive wrong ext
+< CHACHA20-POLY1305
< check all
< core update
< cpu frequency
< outgoing compression in bytes per second
< outgoing overhead in bytes per second
< ovpn add conf
+< ovpn ciphers
< ovpn connection name
< ovpn error md5
< ovpn fallback cipher
< ovpn fallback cipher help
+< ovpn if ncp is disabled we must have cipher
< ovpn roadwarrior server
< ovpn rw connection log
< ovpn tls auth
+< ovpn unsupported cipher selected
< ovpn warning rfc3280
< pakfire already busy
< pakfire finished
< advproxy wpad label dst_noproxy_url
< advproxy wpad title
< advproxy wpad view pac
+< AES-128-CBC
+< AES-128-GCM
+< AES-256-CBC
+< AES-256-GCM
< aliases default interface
< asn lookup failed
< atm device
< Captive vout
< Captive WiFi coupon
< Captive wrong ext
+< CHACHA20-POLY1305
< check all
< cpu frequency
< crypto error
< outgoing compression in bytes per second
< outgoing overhead in bytes per second
< ovpn add conf
+< ovpn ciphers
< ovpn connection name
< ovpn crypt options
< ovpn engines
< ovpn fallback cipher help
< ovpn generating the root and host certificates
< ovpn ha
+< ovpn if ncp is disabled we must have cipher
< ovpn reneg sec
< ovpn roadwarrior server
< ovpn rw connection log
< ovpn tls auth
+< ovpn unsupported cipher selected
< ovpn warning rfc3280
< pakfire already busy
< pakfire finished
< advproxy wpad label dst_noproxy_url
< advproxy wpad title
< advproxy wpad view pac
+< AES-128-CBC
+< AES-128-GCM
+< AES-256-CBC
+< AES-256-GCM
< age second
< age seconds
< age shour
< ccd routes
< ccd subnet
< ccd used
+< CHACHA20-POLY1305
< check all
< community rules
< ConnSched dial
< outgoing firewall access
< outgoing overhead in bytes per second
< ovpn add conf
+< ovpn ciphers
< ovpn connection name
< ovpn crypt options
< ovpn engines
< ovpn fallback cipher help
< ovpn generating the root and host certificates
< ovpn ha
+< ovpn if ncp is disabled we must have cipher
< ovpn mgmt in root range
< ovpn mtu-disc
< ovpn mtu-disc and mtu not 1500
< ovpn routes push options
< ovpn rw connection log
< ovpn tls auth
+< ovpn unsupported cipher selected
< ovpn warning rfc3280
< pakfire already busy
< pakfire finished
< advproxy wpad label dst_noproxy_url
< advproxy wpad title
< advproxy wpad view pac
+< AES-128-CBC
+< AES-128-GCM
+< AES-256-CBC
+< AES-256-GCM
< age second
< age seconds
< age shour
< ccd routes
< ccd subnet
< ccd used
+< CHACHA20-POLY1305
< check all
< community rules
< ConnSched dial
< outgoing overhead in bytes per second
< outgoing traffic in bytes per second
< ovpn add conf
+< ovpn ciphers
< ovpn connection name
< ovpn crypt options
< ovpn engines
< ovpn fallback cipher help
< ovpn generating the root and host certificates
< ovpn ha
+< ovpn if ncp is disabled we must have cipher
< ovpn mgmt in root range
< ovpn mtu-disc
< ovpn mtu-disc and mtu not 1500
< ovpn roadwarrior server
< ovpn rw connection log
< ovpn tls auth
+< ovpn unsupported cipher selected
< ovpn warning rfc3280
< pakfire already busy
< pakfire finished
< advproxy wpad label dst_noproxy_url
< advproxy wpad title
< advproxy wpad view pac
+< AES-128-CBC
+< AES-128-GCM
+< AES-256-CBC
+< AES-256-GCM
< aliases default interface
< asn lookup failed
< autonomous system
< cake profile pppoe-vcmux 32
< cake profile raw 0
< Captive delete logo
+< CHACHA20-POLY1305
< core update
< cpu frequency
< crypto error
< openvpn cert has expired
< optional
< otp qrcode
+< ovpn ciphers
< ovpn connection name
< ovpn error md5
< ovpn fallback cipher
< ovpn fallback cipher help
+< ovpn if ncp is disabled we must have cipher
< ovpn roadwarrior server
< ovpn rw connection log
< ovpn tls auth
+< ovpn unsupported cipher selected
< ovpn warning rfc3280
< pakfire already busy
< pakfire finished
my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+# Supported ciphers for NCP
+my @SUPPORTED_CIPHERS = (
+ "AES-256-GCM",
+ "AES-128-GCM",
+ "AES-256-CBC",
+ "AES-128-CBC",
+ "CHACHA20-POLY1305",
+);
+
+my $DEFAULT_CIPHERS = "AES-256-GCM|AES-128-GCM|CHACHA20-POLY1305";
+
+# Translations for the cipher selection
+my %CIPHERS = (
+ # AES
+ "AES-256-GCM" => $Lang::tr{'AES-256-GCM'},
+ "AES-128-GCM" => $Lang::tr{'AES-128-GCM'},
+ "AES-256-CBC" => $Lang::tr{'AES-256-CBC'},
+ "AES-128-CBC" => $Lang::tr{'AES-128-CBC'},
+
+ # ChaCha20-Poly1305
+ "CHACHA20-POLY1305" => $Lang::tr{'CHACHA20-POLY1305'},
+);
+
###
### Initialize variables
###
}
print CONF "status-version 1\n";
print CONF "status /var/run/ovpnserver.log 30\n";
- print CONF "ncp-disable\n";
- print CONF "cipher $sovpnsettings{DCIPHER}\n";
+
+ # Cryptography
+ if ($sovpnsettings{'DATACIPHERS'} eq '') {
+ print CONF "ncp-disable\n";
+ } else {
+ print CONF "data-ciphers " . $sovpnsettings{'DATACIPHERS'} =~ s/\|/:/gr . "\n";
+ }
+
+ # Enable fallback cipher?
+ if ($sovpnsettings{'DCIPHER'} ne '') {
+ print CONF "data-ciphers-fallback $sovpnsettings{'DCIPHER'}\n";
+ }
+
print CONF "auth $sovpnsettings{'DAUTH'}\n";
# Set TLSv2 as minimum
print CONF "tls-version-min 1.2\n";
$vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
$vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
$vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
+ $vpnsettings{'DATACIPHERS'} = $cgiparams{'DATACIPHERS'};
$vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
$vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
$vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
my @temp=();
+ # If NCP is disabled, we need the fallback cipher
+ if ($cgiparams{'DATACIPHERS'} eq '' && $cgiparams{'DCIPHER'} eq '') {
+ $errormessage = $Lang::tr{'ovpn if ncp is disabled we must have cipher'};
+ goto ADV_ERROR;
+ }
+
+ # Split data ciphers
+ my @dataciphers = split(/\|/, $cgiparams{'DATACIPHERS'});
+
+ # Check if all ciphers are supported
+ foreach my $cipher (@dataciphers) {
+ if (!grep(/^$cipher$/, @SUPPORTED_CIPHERS)) {
+ $errormessage = $Lang::tr{'ovpn unsupported cipher selected'};
+ goto ADV_ERROR;
+ }
+ }
+
if ($cgiparams{'FRAGMENT'} eq '') {
delete $vpnsettings{'FRAGMENT'};
} else {
$zip->addFile( "${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
$zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
}
- print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
+
+ # Cryptography
+
+ # If no data ciphers have been selected, we try to use the fallback cipher
+ if ($vpnsettings{'DATACIPHERS'} eq '') {
+ print CLIENTCONF "ncp-disable\r\n";
+
+ if ($vpnsettings{'DCIPHER'} ne '') {
+ print CLIENTCONF "cipher $vpnsettings{'DCIPHER'}\r\n";
+ }
+ } else {
+ # Otherwise we don't write anything because the server and client will negotiate
+ }
+
print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
if ($vpnsettings{'TLSAUTH'} eq 'on') {
read_routepushfile;
ADV_ERROR:
+ if ($cgiparams{'DATACIPHERS'} eq '') {
+ $cgiparams{'DATACIPHERS'} = $DEFAULT_CIPHERS;
+ }
if ($cgiparams{'DAUTH'} eq '') {
$cgiparams{'DAUTH'} = 'SHA512';
}
$selected{'LOG_VERB'}{'11'} = '';
$selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
+ # Split data ciphers
+ my @data_ciphers = split(/\|/, $cgiparams{'DATACIPHERS'});
+
+ # Select the correct ones
+ $selected{'DATACIPHERS'} = ();
+ foreach my $cipher (@SUPPORTED_CIPHERS) {
+ $selected{'DATACIPHERS'}{$cipher} = grep(/^$cipher$/, @data_ciphers) ? "selected" : "";
+ }
+
$selected{'DCIPHER'}{'AES-256-GCM'} = '';
$selected{'DCIPHER'}{'AES-192-GCM'} = '';
$selected{'DCIPHER'}{'AES-128-GCM'} = '';
</td>
</tr>
+ <tr>
+ <td width="25%">
+ $Lang::tr{'ovpn ciphers'}
+ </td>
+
+ <td>
+ <select name='DATACIPHERS' multiple>
+END
+
+ foreach my $cipher (@SUPPORTED_CIPHERS) {
+ my $name = $CIPHERS{$cipher} // $cipher;
+
+ print <<END;
+ <option value='$cipher' $selected{'DATACIPHERS'}{$cipher}>
+ $name
+ </option>
+END
+ }
+
+ print <<END;
+ </select>
+ </td>
+ </tr>
+
<tr>
<td>
$Lang::tr{'ovpn ha'}
</tr>
<tr>
- <td width="25%">
+ <td>
$Lang::tr{'ovpn fallback cipher'}
</td>
%tr,
'24 hours' => '24 Hours',
+'AES-128-CBC' => 'AES - CBC Mode - 128 Bit',
+'AES-128-GCM' => 'AES - GCM Mode - 128 Bit',
+'AES-256-CBC' => 'AES - CBC Mode - 256 Bit',
+'AES-256-GCM' => 'AES - GCM Mode - 256 Bit',
'Act as' => 'Act as:',
'Add Level7 rule' => 'Add Level7 rule',
'Add Port Rule' => 'Add port rule',
'Add Rule' => 'Add rule',
'Add a route' => 'Add a route',
'Async logging enabled' => 'Enable asynchronous writing of the syslog file',
+'CHACHA20-POLY1305' => 'ChaCha20-Poly1305',
'Captive' => 'Captive Portal',
'Captive 1day' => '1 day',
'Captive 1month' => '1 month',
'override mtu' => 'Override default MTU',
'ovpn' => 'OpenVPN',
'ovpn add conf' => 'Additional configuration',
+'ovpn ciphers' => 'Ciphers',
'ovpn con stat' => 'OpenVPN Connection Statistics',
'ovpn config' => 'OVPN-Config',
'ovpn connection name' => 'Connection Name',
'ovpn fallback cipher help' => 'This cipher is being used by clients that do not support cipher negotiation.',
'ovpn generating the root and host certificates' => 'Generating the root and host certificate can take a long time.',
'ovpn ha' => 'Hash algorithm',
+'ovpn if ncp is disabled we must have cipher' => 'If you want to disable cipher negotiation, you will have to select a fallback cipher.',
'ovpn log' => 'OVPN-Log',
'ovpn mgmt in root range' => 'A port number of 1024 or higher is required.',
'ovpn mtu-disc' => 'Path MTU Discovery',
'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.',
'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ',
'ovpn tls auth' => 'TLS Channel Protection:',
+'ovpn unsupported cipher selected' => 'Unknown cipher selected',
'ovpn warning rfc3280' => 'Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>',
'ovpn_fastio' => 'Fast-IO',
'ovpn_mssfix' => 'MSSFIX Size',
projects / people / ms / ipfire-2.x.git / commitdiff
