From c16d97c617b8a7a663f536da61f7b161251c6500 Mon Sep 17 00:00:00 2001 From: Erik Kapfer Date: Wed, 28 May 2014 08:12:52 +0200 Subject: [PATCH] openvpn: Added DH parameter to CA chart. Added also a 'Default' mark in N2N cipher menu for AES-256-CBC. --- doc/language_issues.es | 3 ++ doc/language_issues.fr | 3 ++ doc/language_issues.nl | 3 ++ doc/language_issues.pl | 3 ++ doc/language_issues.ru | 3 ++ doc/language_issues.tr | 3 ++ doc/language_missings | 12 ++++++++ html/cgi-bin/ovpnmain.cgi | 58 +++++++++++++++++++++++++++++++++------ langs/de/cgi-bin/de.pl | 3 ++ langs/en/cgi-bin/en.pl | 3 ++ 10 files changed, 86 insertions(+), 8 deletions(-) diff --git a/doc/language_issues.es b/doc/language_issues.es index e13636b9f9..7b59a5e6c2 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -632,12 +632,14 @@ WARNING: untranslated string: countries WARNING: untranslated string: country codes and flags WARNING: untranslated string: countrycode WARNING: untranslated string: dead peer detection +WARNING: untranslated string: default WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: details WARNING: untranslated string: dh WARNING: untranslated string: dh key move failed WARNING: untranslated string: dh key warn WARNING: untranslated string: dh key warn1 +WARNING: untranslated string: dh parameter WARNING: untranslated string: dnat address WARNING: untranslated string: dns servers WARNING: untranslated string: dnsforward @@ -648,6 +650,7 @@ WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone WARNING: untranslated string: downlink +WARNING: untranslated string: download dh parameter WARNING: untranslated string: dpd delay WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 759c18d581..2446583c0c 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -642,12 +642,14 @@ WARNING: untranslated string: countries WARNING: untranslated string: country codes and flags WARNING: untranslated string: countrycode WARNING: untranslated string: dead peer detection +WARNING: untranslated string: default WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: details WARNING: untranslated string: dh WARNING: untranslated string: dh key move failed WARNING: untranslated string: dh key warn WARNING: untranslated string: dh key warn1 +WARNING: untranslated string: dh parameter WARNING: untranslated string: dnat address WARNING: untranslated string: dns address deleted txt WARNING: untranslated string: dns servers @@ -659,6 +661,7 @@ WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone WARNING: untranslated string: downlink +WARNING: untranslated string: download dh parameter WARNING: untranslated string: dpd delay WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action diff --git a/doc/language_issues.nl b/doc/language_issues.nl index c1173f781b..8dd0a3c949 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -650,11 +650,14 @@ WARNING: untranslated string: Scan for Songs WARNING: untranslated string: atm device WARNING: untranslated string: bytes WARNING: untranslated string: capabilities +WARNING: untranslated string: default WARNING: untranslated string: dh WARNING: untranslated string: dh key move failed WARNING: untranslated string: dh key warn WARNING: untranslated string: dh key warn1 +WARNING: untranslated string: dh parameter WARNING: untranslated string: dns servers +WARNING: untranslated string: download dh parameter WARNING: untranslated string: drop outgoing WARNING: untranslated string: firewall logs country WARNING: untranslated string: fwhost err hostip diff --git a/doc/language_issues.pl b/doc/language_issues.pl index e13636b9f9..7b59a5e6c2 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -632,12 +632,14 @@ WARNING: untranslated string: countries WARNING: untranslated string: country codes and flags WARNING: untranslated string: countrycode WARNING: untranslated string: dead peer detection +WARNING: untranslated string: default WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: details WARNING: untranslated string: dh WARNING: untranslated string: dh key move failed WARNING: untranslated string: dh key warn WARNING: untranslated string: dh key warn1 +WARNING: untranslated string: dh parameter WARNING: untranslated string: dnat address WARNING: untranslated string: dns servers WARNING: untranslated string: dnsforward @@ -648,6 +650,7 @@ WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone WARNING: untranslated string: downlink +WARNING: untranslated string: download dh parameter WARNING: untranslated string: dpd delay WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 0589067d00..2d12fc6040 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -636,12 +636,14 @@ WARNING: untranslated string: countries WARNING: untranslated string: country codes and flags WARNING: untranslated string: countrycode WARNING: untranslated string: dead peer detection +WARNING: untranslated string: default WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: details WARNING: untranslated string: dh WARNING: untranslated string: dh key move failed WARNING: untranslated string: dh key warn WARNING: untranslated string: dh key warn1 +WARNING: untranslated string: dh parameter WARNING: untranslated string: disk access per WARNING: untranslated string: dnat address WARNING: untranslated string: dns servers @@ -653,6 +655,7 @@ WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone WARNING: untranslated string: downlink +WARNING: untranslated string: download dh parameter WARNING: untranslated string: dpd delay WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 2d9ebf7cee..7ce95e02af 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -648,10 +648,13 @@ WARNING: untranslated string: Number of Countries for the pie chart WARNING: untranslated string: Scan for Songs WARNING: untranslated string: bytes WARNING: untranslated string: capabilities +WARNING: untranslated string: default WARNING: untranslated string: dh WARNING: untranslated string: dh key move failed WARNING: untranslated string: dh key warn WARNING: untranslated string: dh key warn1 +WARNING: untranslated string: dh parameter +WARNING: untranslated string: download dh parameter WARNING: untranslated string: firewall logs country WARNING: untranslated string: fwhost err hostip WARNING: untranslated string: gen dh diff --git a/doc/language_missings b/doc/language_missings index 2def4819eb..7ae53f8a22 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -76,6 +76,7 @@ < countries < countrycode < country codes and flags +< default < default ip < deprecated fs warn < details @@ -83,6 +84,7 @@ < dh key move failed < dh key warn < dh key warn1 +< dh parameter < dnat address < dns address deleted txt < dnsforward @@ -93,6 +95,7 @@ < dnsforward forward_server < dnsforward zone < dns servers +< download dh parameter < dpd delay < dpd timeout < drop action @@ -593,6 +596,7 @@ < countries < countrycode < country codes and flags +< default < default ip < deprecated fs warn < details @@ -600,6 +604,7 @@ < dh key move failed < dh key warn < dh key warn1 +< dh parameter < dnat address < dnsforward < dnsforward add a new entry @@ -609,6 +614,7 @@ < dnsforward forward_server < dnsforward zone < dns servers +< download dh parameter < dpd delay < dpd timeout < drop action @@ -1101,6 +1107,7 @@ < countries < countrycode < country codes and flags +< default < default ip < deprecated fs warn < details @@ -1108,6 +1115,7 @@ < dh key move failed < dh key warn < dh key warn1 +< dh parameter < dnat address < dnsforward < dnsforward add a new entry @@ -1117,6 +1125,7 @@ < dnsforward forward_server < dnsforward zone < dns servers +< download dh parameter < dpd delay < dpd timeout < drop action @@ -1587,6 +1596,7 @@ < countrycode < country codes and flags < day-graph +< default < default ip < deprecated fs warn < details @@ -1594,6 +1604,7 @@ < dh key move failed < dh key warn < dh key warn1 +< dh parameter < disk access per < dnat address < dnsforward @@ -1604,6 +1615,7 @@ < dnsforward forward_server < dnsforward zone < dns servers +< download dh parameter < dpd delay < dpd timeout < drop action diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 8736260e8f..921009fc70 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -1023,7 +1023,6 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General ### Save main settings ### - if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') { &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too, @@ -1034,8 +1033,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg goto SETTINGS_ERROR; } } - if ($errormessage) { goto SETTINGS_ERROR; } - + if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) { $errormessage = $Lang::tr{'ovpn subnet is invalid'}; goto SETTINGS_ERROR; @@ -1520,6 +1518,18 @@ END print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`; exit(0); } + +### +### Download Diffie-Hellman parameter +### +}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download dh parameter'}) { + if ( -f "${General::swroot}/ovpn/ca/dh1024.pem" ) { + print "Content-Type: application/octet-stream\r\n"; + print "Content-Disposition: filename=dh1024.pem\r\n\r\n"; + print `/usr/bin/openssl dhparam -in ${General::swroot}/ovpn/ca/dh1024.pem`; + exit(0); + } + ### ### Form for generating a root certificate ### @@ -4470,7 +4480,7 @@ if ($cgiparams{'TYPE'} eq 'net') { - + @@ -5216,7 +5226,9 @@ END END ; my $col1="bgcolor='$color{'color22'}'"; - my $col2="bgcolor='$color{'color20'}'"; + my $col2="bgcolor='$color{'color20'}'"; + my $col3="bgcolor='$color{'color22'}'"; + if (-f "${General::swroot}/ovpn/ca/cacert.pem") { my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`; $casubject =~ /Subject: (.*)[\n]/; @@ -5282,6 +5294,39 @@ END ; } + # Adding DH parameter to chart + if (-f "${General::swroot}/ovpn/ca/dh1024.pem") { + my $dhsubject = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`; + $dhsubject =~ /PKCS#3 (.*)[\n]/; + $dhsubject = $1; + + + print < + $Lang::tr{'dh parameter'} + $dhsubject +
+ + +
+
+ + +
+   +END + ; + } else { + # Nothing + print < + $Lang::tr{'dh parameter'}: + $Lang::tr{'not present'} +   +END + ; + } + if (! -f "${General::swroot}/ovpn/ca/cacert.pem") { print "
"; print ""; @@ -5367,9 +5412,6 @@ END - - -
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 6d270129ac..5df9ba8399 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -635,6 +635,7 @@ 'december' => 'Dezember', 'deep scan directories' => 'rekursiv scannen', 'def lease time' => 'Standardzeit für Zuordnung', +'default' => 'Voreinstellung', 'default ip' => 'Standard IP-Adresse', 'default lease time' => 'Haltezeit-Voreinstellung in min:', 'default networks' => 'Standard Netzwerke', @@ -666,6 +667,7 @@ 'dh key move failed' => 'Verschieben der Diffie-Hellman-Parameter fehlgeschlagen.', 'dh key warn' => 'Das Generieren der Diffie-Hellman-Parameter mit 1024 oder 2048 Bit dauert üblicherweise mehrere Minuten. Schlüssellängen von 3072 oder 4096 Bit beanspruchen mehrere Stunden. Bitte haben Sie etwas Geduld.', 'dh key warn1' => 'Bei schwachen Systemen oder Systeme mit wenig Entropie wird empfohlen lange Diffie-Hellman-Parameter über die Upload-Funktion hochzuladen.', +'dh parameter' => 'Diffie-Hellman-Parameter', 'dhcp advopt add' => 'DHCP Option hinzufügen', 'dhcp advopt added' => 'DHCP Option hinzugefügt', 'dhcp advopt blank value' => 'Wert für DHCP Option darf nicht leer sein', @@ -768,6 +770,7 @@ 'download' => 'herunterladen', 'download ca certificate' => 'CA-Zertifikat herunterladen', 'download certificate' => 'Zertifikate herunterladen', +'download dh parameter' => 'Diffie-Hellman-Parameter herunterladen', 'download host certificate' => 'Host-Zertifikat herunterladen', 'download new ruleset' => 'Neuen Regelsatz herunterladen', 'download pkcs12 file' => 'PKCS12-Datei herunterladen', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index f7bfcd812b..e0686f3aa1 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -657,6 +657,7 @@ 'december' => 'December', 'deep scan directories' => 'Scan recursive', 'def lease time' => 'Default Lease Time', +'default' => 'Default', 'default ip' => 'Default IP address', 'default lease time' => 'Default lease time (mins):', 'default networks' => 'Default networks', @@ -689,6 +690,7 @@ 'dh key warn' => 'Creating Diffie-Hellman parameters with lengths of 1024 or 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.', 'dh key warn1' => 'For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.', 'dh name is invalid' => 'Name is invalid, please use "dh1024.pem".', +'dh parameter' => 'Diffie-Hellman parameters', 'dhcp advopt add' => 'Add a DHCP option', 'dhcp advopt added' => 'DHCP option added', 'dhcp advopt blank value' => 'DHCP Option value cannot be empty.', @@ -794,6 +796,7 @@ 'download' => 'download', 'download ca certificate' => 'Download CA certificate', 'download certificate' => 'Download certificate', +'download dh parameter' => 'Download Diffie-Hellman parameters', 'download host certificate' => 'Download host certificate', 'download new ruleset' => 'Download new ruleset', 'download pkcs12 file' => 'Download PKCS12 file', -- 2.39.2