From c94d1976d3bf2fd760834a0093eeb286a90c8fdd Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 20 Apr 2017 12:53:53 +0100 Subject: [PATCH] IPsec: Mark MODP<=1024 and MD5 as broken and SHA1 as weak Since we somehow have to support these algorithms this patch adds some information for the user that it is very strongly discouraged to use them in production. Signed-off-by: Michael Tremer --- doc/language_issues.es | 2 ++ doc/language_issues.fr | 2 ++ doc/language_issues.it | 2 ++ doc/language_issues.nl | 2 ++ doc/language_issues.pl | 2 ++ doc/language_issues.ru | 2 ++ doc/language_issues.tr | 2 ++ doc/language_missings | 8 ++++++++ html/cgi-bin/vpnmain.cgi | 16 ++++++++-------- langs/de/cgi-bin/de.pl | 2 ++ langs/en/cgi-bin/en.pl | 2 ++ 11 files changed, 34 insertions(+), 8 deletions(-) diff --git a/doc/language_issues.es b/doc/language_issues.es index 3dec2dbb36..48afe09bb0 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1143,6 +1143,7 @@ WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: vendor WARNING: untranslated string: visit us at +WARNING: untranslated string: vpn broken WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn keyexchange WARNING: untranslated string: vpn on-demand @@ -1152,6 +1153,7 @@ WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n +WARNING: untranslated string: vpn weak WARNING: untranslated string: wlan client WARNING: untranslated string: wlan client advanced settings WARNING: untranslated string: wlan client and diff --git a/doc/language_issues.fr b/doc/language_issues.fr index fa5387c8b1..a048e983a5 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -1160,6 +1160,7 @@ WARNING: untranslated string: urlfilter mode block WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: vendor WARNING: untranslated string: visit us at +WARNING: untranslated string: vpn broken WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn keyexchange WARNING: untranslated string: vpn on-demand @@ -1169,6 +1170,7 @@ WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n +WARNING: untranslated string: vpn weak WARNING: untranslated string: wlan client WARNING: untranslated string: wlan client advanced settings WARNING: untranslated string: wlan client and diff --git a/doc/language_issues.it b/doc/language_issues.it index 09338a28ab..077ab75e1f 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -819,6 +819,7 @@ WARNING: untranslated string: search WARNING: untranslated string: unblock WARNING: untranslated string: unblock all WARNING: untranslated string: uncheck all +WARNING: untranslated string: vpn broken WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn on-demand WARNING: untranslated string: vpn start action @@ -827,3 +828,4 @@ WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n +WARNING: untranslated string: vpn weak diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 3390ef368d..c27d5e7646 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -867,6 +867,7 @@ WARNING: untranslated string: unblock all WARNING: untranslated string: uncheck all WARNING: untranslated string: upload dh key WARNING: untranslated string: vendor +WARNING: untranslated string: vpn broken WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn on-demand WARNING: untranslated string: vpn start action @@ -875,3 +876,4 @@ WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n +WARNING: untranslated string: vpn weak diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 3dec2dbb36..48afe09bb0 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1143,6 +1143,7 @@ WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: vendor WARNING: untranslated string: visit us at +WARNING: untranslated string: vpn broken WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn keyexchange WARNING: untranslated string: vpn on-demand @@ -1152,6 +1153,7 @@ WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n +WARNING: untranslated string: vpn weak WARNING: untranslated string: wlan client WARNING: untranslated string: wlan client advanced settings WARNING: untranslated string: wlan client and diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 303e19b959..c8595703d8 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1138,6 +1138,7 @@ WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: vendor WARNING: untranslated string: visit us at +WARNING: untranslated string: vpn broken WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn keyexchange WARNING: untranslated string: vpn on-demand @@ -1147,6 +1148,7 @@ WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n +WARNING: untranslated string: vpn weak WARNING: untranslated string: wlan client WARNING: untranslated string: wlan client advanced settings WARNING: untranslated string: wlan client and diff --git a/doc/language_issues.tr b/doc/language_issues.tr index af17e3756c..ad150abc2a 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -753,8 +753,10 @@ WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: vpn broken WARNING: untranslated string: vpn on-demand WARNING: untranslated string: vpn start action WARNING: untranslated string: vpn start action route WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistics n2n +WARNING: untranslated string: vpn weak diff --git a/doc/language_missings b/doc/language_missings index a6c7188a66..aaf0604106 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -561,6 +561,7 @@ < urlfilter redirect template < vendor < visit us at +< vpn broken < vpn keyexchange < vpn on-demand < vpn start action @@ -568,6 +569,7 @@ < vpn start action start < vpn statistic n2n < vpn statistic rw +< vpn weak < wlanap access point < wlanap channel < wlanap country @@ -1180,6 +1182,7 @@ < urlfilter redirect template < vendor < visit us at +< vpn broken < vpn keyexchange < vpn on-demand < vpn start action @@ -1187,6 +1190,7 @@ < vpn start action start < vpn statistic n2n < vpn statistic rw +< vpn weak < wlanap country < wlan client < wlan client advanced settings @@ -1764,6 +1768,7 @@ < urlfilter redirect template < vendor < visit us at +< vpn broken < vpn keyexchange < vpn on-demand < vpn start action @@ -1771,6 +1776,7 @@ < vpn start action start < vpn statistic n2n < vpn statistic rw +< vpn weak < wlanap country < wlan client < wlan client advanced settings @@ -2353,6 +2359,7 @@ < urlfilter redirect template < vendor < visit us at +< vpn broken < vpn keyexchange < vpn on-demand < vpn start action @@ -2360,6 +2367,7 @@ < vpn start action start < vpn statistic n2n < vpn statistic rw +< vpn weak < week-graph < wlanap country < wlan client diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 4da18dea82..88159499b0 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -2503,8 +2503,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || - - + + @@ -2513,8 +2513,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || - - + + @@ -2550,8 +2550,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || - - + + @@ -2575,8 +2575,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || - - + + diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index bda0e26923..0d6836b9a6 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -2605,6 +2605,7 @@ 'vpn aggrmode' => 'IKE Aggressive Mode zugelassen. Wenn möglich, vermeiden (preshared Schlüssel wird im Klartext übertragen)!', 'vpn altname syntax' => 'Der Subjekt Alternativ Name ist eine durch Komma getrennte Liste von Email, DNS, URI, RID und IP Objekten.
Email: eine Email Adresse. Syntax Email: \'copy\' benutzt die Email Adresse aus dem Zertifikatfeld.
DNS: ein gültiger Domain Name.
URI: eine gültige URI.
RID: Registriertes Objekt Identifikation.
IP: eine IP Adresse.
Bitte beachten: der Zeichensatz ist eingeschränkt und die Groß-/Kleinschreibung ist entscheidend.
Beispiel:
email:info@ipfire.org,email:copy,DNS:www.ipfire.org,IP:127.0.0.1,URI:http://url/nach/irgendwo', 'vpn auth-dn' => 'Peer wird identifiziert durch entweder ein IPV4_ADDR, FQDN, USER_FQDN oder DER_ASN1_DN string in Remote ID Feld', +'vpn broken' => 'Gebrochen', 'vpn delayed start' => 'Verzögerung bevor VPN gestartet wird (Sekunden)', 'vpn delayed start help' => 'Falls notwendig, kann diese Verzögerung dazu verwendet werden, um Dynamic-DNS-Updates ordnungsgemäß anzuwenden. 60 ist ein gängiger Wert, wenn ROT (RED) eine dynamische IP Adresse ist.', 'vpn incompatible use of defaultroute' => 'Hostname=%defaultroute nicht zulässig', @@ -2627,6 +2628,7 @@ 'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik', 'vpn subjectaltname' => 'Subjekt Alternativer Name', 'vpn watch' => 'Netz-zu-Netz VPN neu starten, wenn sich Remote-IP ändert (DynDNS).', +'vpn weak' => 'Schwach', 'waiting to synchronize clock' => 'Bitte warten, die Uhr wird synchronisiert', 'warn when traffic reaches' => 'Warnen wenn Traffic x % erreicht', 'warning messages' => 'Warnhinweise', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 6608ceb639..925f665282 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -2648,6 +2648,7 @@ 'vpn aggrmode' => 'IKE aggressive mode allowed. Avoid if possible (preshared key is transmitted in clear text)!', 'vpn altname syntax' => 'SubjectAltName is a comma separated list of e-mail, dns, uri, rid and ip objects.
email:an email address. Syntax email:copy takes the email field from the cert to be used.
DNS:a valid domain name.
URI:any valid uri.
RID:registered object identifier.
IP:an IP address.
Note:charset is limited and case is significant.
Example:
e-mail:ipfire@foo.org,email:copy,DNS:www.ipfire.org,IP:127.0.0.1,URI:http://url/to/something', 'vpn auth-dn' => 'Peer is identified by either IPV4_ADDR, FQDN, USER_FQDN or DER_ASN1_DN string in remote ID field', +'vpn broken' => 'Broken', 'vpn configuration main' => 'VPN Configuration', 'vpn delayed start' => 'Delay before launching VPN (seconds)', 'vpn delayed start help' => 'If required, this delay can be used to allow dynamic DNS updates to propagate properly. 60 is a common value when RED is a dynamic IP.', @@ -2672,6 +2673,7 @@ 'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics', 'vpn subjectaltname' => 'Subject Alt Name', 'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).', +'vpn weak' => 'Weak', 'waiting to synchronize clock' => 'Waiting to synchronize clock', 'warn when traffic reaches' => 'Warn when traffic reaches x %', 'warning messages' => 'Warning messages', -- 2.39.2