my %selected=();
my $warnmessage = '';
my $errormessage = '';
-my $cryptoerror = '';
-my $cryptowarning = '';
my %settings=();
my $routes_push_file = '';
my $confighost="${General::swroot}/fwhosts/customhosts";
close(CLIENTCONF);
}
-
-###
-### Check for cryptography problems
-###
-
-# Warning if DH parameter is 1024 bit
-if (-f "${General::swroot}/ovpn/ca/dh1024.pem") {
- my $dhlenght = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
- if ($dhlenght =~ /1024 bit/) {
- $cryptoerror = "$Lang::tr{'ovpn error dh'}";
- goto CRYPTO_ERROR;
- }
-}
-
-# Warning if md5 is in usage
-if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
- my $signature = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
- if ($signature =~ /md5WithRSAEncryption/) {
- $cryptoerror = "$Lang::tr{'ovpn error md5'}";
- goto CRYPTO_ERROR;
- }
-}
-
-CRYPTO_ERROR:
-
-# Warning if certificate is not compliant to RFC3280 TLS rules
-if (-f "${General::swroot}/ovpn/openssl/ovpn.cnf") {
- my $extendkeyusage = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
- if ($extendkeyusage =~ /TLS Web Server Authentication/) {
- $cryptowarning = "$Lang::tr{'ovpn warning rfc3280'}";
- goto CRYPTO_WARNING;
- }
-}
-
-CRYPTO_WARNING:
-
+
###
### Save main settings
###
&Header::closebox();
}
- if ($cryptoerror) {
- &Header::openbox('100%', 'LEFT', $Lang::tr{'crypto error'});
- print "<class name='base'>$cryptoerror";
- print " </class>";
- &Header::closebox();
- }
-
- if ($cryptowarning) {
- &Header::openbox('100%', 'LEFT', $Lang::tr{'crypto warning'});
- print "<class name='base'>$cryptowarning";
- print " </class>";
- &Header::closebox();
- }
-
if ($warnmessage) {
&Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
print "$warnmessage<br>";
'credits' => 'Credits',
'crl' => 'Certificate Revocation List',
'cron server' => 'Cron-Server',
-'crypto error' => 'Kryptografiefehler',
-'crypto warning' => 'Kryptografiewarnungen',
'current' => 'Aktuell',
'current aliases' => 'Aktuelle Alias-Adresse',
'current class' => 'Aktuelle Klasse',
'ovpn engines' => 'Krypto Engine',
'ovpn errmsg green already pushed' => 'Route für grünes Netzwerk wird immer gesetzt',
'ovpn errmsg invalid ip or mask' => 'Ungültige Netzwerk-Adresse oder Subnetzmaske',
-'ovpn error dh' => 'Der Diffie-Hellman Parameter muss mindestens 2048 bit lang sein! <br>Bitte einen neuen Diffie-Hellman Parameter erzeugen oder hochladen, dies kann unten über den Bereich "Diffie-Hellman-Parameter Optionen" gemacht werden.</br>',
-'ovpn error md5' => 'Das Host Zertifikat nutzt einen MD5 Algorithmus welcher nicht mehr akzeptiert wird. <br>Bitte IPFire auf die neueste Version updaten und generieren sie ein neues Root und Host Zertifikate.</br><br>Es müssen dann alle OpenVPN clients erneuert werden!</br>',
'ovpn generating the root and host certificates' => 'Die Erzeugung der Root- und Host-Zertifikate kann lange Zeit dauern.',
'ovpn ha' => 'Hash-Algorithmus',
'ovpn hmac' => 'HMAC-Optionen',
'ovpn subnet' => 'OpenVPN-Subnetz:',
'ovpn subnet is invalid' => 'Das OpenVPN-Subnetz ist ungültig.',
'ovpn subnet overlap' => 'OpenVPNSubnetz überschneidet sich mit ',
-'ovpn warning rfc3280' => 'Das Host Zertifikat ist nicht RFC3280 Regelkonform. <br>Bitte IPFire auf die letzte Version updaten und generieren sie ein neues Root und Host Zertifikat so bald wie möglich.</br><br>Es müssen dann alle OpenVPN clients erneuert werden!</br>',
'ovpn_fastio' => 'Fast-IO',
'ovpn_fragment' => 'Fragmentgrösse',
'ovpn_mssfix' => 'MSSFIX-Grösse',
'credits' => 'Credits',
'crl' => 'Certificate Revocation List',
'cron server' => 'CRON Server',
-'crypto error' => 'Cryptographic error',
-'crypto warning' => 'Cryptographic warning',
'current' => 'Current',
'current aliases' => 'Current aliases',
'current class' => 'Current class',
'ovpn engines' => 'Crypto engine',
'ovpn errmsg green already pushed' => 'Route for green network is always set',
'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask',
-'ovpn error dh' => 'The Diffie-Hellman parameter needs to be in minimum 2048 bit! <br>Please generate or upload a new Diffie-Hellman parameter, this can be made below in the section "Diffie-Hellman parameters options".</br>',
-'ovpn error md5' => 'You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>',
'ovpn generating the root and host certificates' => 'Generating the root and host certifictae can take a long time.',
'ovpn ha' => 'Hash algorithm',
'ovpn hmac' => 'HMAC options',
'ovpn subnet' => 'OpenVPN subnet:',
'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.',
'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ',
-'ovpn warning rfc3280' => 'Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>',
'ovpn_fastio' => 'Fast-IO',
'ovpn_mssfix' => 'MSSFIX Size',
'ovpn_mtudisc' => 'MTU-Discovery',
projects / people / pmueller / ipfire-2.x.git / commitdiff
