-HOME = .
-RANDFILE = /var/ipfire/ovpn/ca/.rnd
-oid_section = new_oids
+HOME = .
+RANDFILE = /var/ipfire/ovpn/ca/.rnd
+oid_section = new_oids
[ new_oids ]
[ ca ]
-default_ca = openvpn
+default_ca = openvpn
[ openvpn ]
-dir = /var/ipfire/ovpn
-certs = $dir/certs
-crl_dir = $dir/crl
-database = $dir/certs/index.txt
-new_certs_dir = $dir/certs
-certificate = $dir/ca/cacert.pem
-serial = $dir/certs/serial
-crl = $dir/crl.pem
-private_key = $dir/ca/cakey.pem
-RANDFILE = $dir/ca/.rand
-x509_extensions = usr_cert
-default_days = 999999
-default_crl_days= 30
-default_md = md5
-preserve = no
-policy = policy_match
-email_in_dn = no
+dir = /var/ipfire/ovpn
+certs = $dir/certs
+crl_dir = $dir/crl
+database = $dir/certs/index.txt
+new_certs_dir = $dir/certs
+certificate = $dir/ca/cacert.pem
+serial = $dir/certs/serial
+crl = $dir/crl.pem
+private_key = $dir/ca/cakey.pem
+RANDFILE = $dir/ca/.rand
+x509_extensions = usr_cert
+default_days = 999999
+default_crl_days = 30
+default_md = sha256
+preserve = no
+policy = policy_match
+email_in_dn = no
[ policy_match ]
-countryName = optional
-stateOrProvinceName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
+countryName = optional
+stateOrProvinceName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca
-string_mask = nombstr
+default_bits = 2048
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca
+string_mask = nombstr
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
unstructuredName = An optional company name
[ usr_cert ]
-basicConstraints=CA:FALSE
+basicConstraints = CA:FALSE
nsComment = "OpenSSL Generated Certificate"
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
-basicConstraints=CA:FALSE
+basicConstraints = CA:FALSE
nsCertType = server
nsComment = "OpenSSL Generated Server Certificate"
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
[ v3_req ]
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-basicConstraints = CA:true
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = CA:true
[ crl_ext ]
-authorityKeyIdentifier=keyid:always,issuer:always
+authorityKeyIdentifier = keyid:always,issuer:always
[ engine ]
-default = openssl
+default = openssl
+WARNING: translation string unused: Client status and controlc
WARNING: translation string unused: ConnSched scheduler
WARNING: translation string unused: ConnSched select profile
WARNING: translation string unused: HDD temperature
WARNING: translation string unused: network traffic graphs
WARNING: translation string unused: network updated
WARNING: translation string unused: networks settings
-WARNING: translation string unused: never
WARNING: translation string unused: new optionsfw must boot
WARNING: translation string unused: no alcatelusb firmware
WARNING: translation string unused: no cfg upload
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn config
WARNING: translation string unused: ovpn dl
-WARNING: translation string unused: ovpn engines
WARNING: translation string unused: ovpn log
-WARNING: translation string unused: ovpn reneg sec
-WARNING: translation string unused: ovpn_fastio
WARNING: translation string unused: ovpn_fragment
WARNING: translation string unused: ovpn_mssfix
WARNING: translation string unused: ovpn_mtudisc
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
+WARNING: translation string unused: reserved dst port
+WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
+WARNING: translation string unused: rsvd dst port overlap
+WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
+WARNING: translation string unused: vpn configuration main
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
+WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: addons
WARNING: untranslated string: bytes
WARNING: untranslated string: community rules
WARNING: untranslated string: dead peer detection
-WARNING: untranslated string: dns servers
-WARNING: untranslated string: downlink
WARNING: untranslated string: emerging rules
-WARNING: untranslated string: first
+WARNING: untranslated string: firewall logs country
WARNING: untranslated string: fwhost err hostip
-WARNING: untranslated string: last
WARNING: untranslated string: qos add subclass
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
-WARNING: untranslated string: uplink
+WARNING: untranslated string: source ip country
+WARNING: translation string unused: Client status and controlc
WARNING: translation string unused: ConnSched scheduler
WARNING: translation string unused: ConnSched select profile
WARNING: translation string unused: HDD temperature
WARNING: translation string unused: network traffic graphs
WARNING: translation string unused: network updated
WARNING: translation string unused: networks settings
-WARNING: translation string unused: never
WARNING: translation string unused: new optionsfw must boot
WARNING: translation string unused: no alcatelusb firmware
WARNING: translation string unused: no cfg upload
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn config
WARNING: translation string unused: ovpn dl
-WARNING: translation string unused: ovpn engines
WARNING: translation string unused: ovpn log
-WARNING: translation string unused: ovpn reneg sec
WARNING: translation string unused: ovpn_fastio
WARNING: translation string unused: ovpn_fragment
WARNING: translation string unused: ovpn_mssfix
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
+WARNING: translation string unused: reserved dst port
+WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
+WARNING: translation string unused: rsvd dst port overlap
+WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
+WARNING: translation string unused: vpn configuration main
WARNING: translation string unused: vpn incompatible use of defaultroute
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
+WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: bytes
-WARNING: untranslated string: dns servers
-WARNING: untranslated string: downlink
-WARNING: untranslated string: first
WARNING: untranslated string: fwhost err hostip
-WARNING: untranslated string: last
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
-WARNING: untranslated string: uplink
+WARNING: untranslated string: source ip country
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
+WARNING: translation string unused: reserved dst port
+WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
+WARNING: translation string unused: rsvd dst port overlap
+WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
+WARNING: translation string unused: reserved dst port
+WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
+WARNING: translation string unused: rsvd dst port overlap
+WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
+WARNING: translation string unused: reserved dst port
+WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
+WARNING: translation string unused: rsvd dst port overlap
+WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
+WARNING: translation string unused: reserved dst port
+WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
+WARNING: translation string unused: rsvd dst port overlap
+WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
+WARNING: translation string unused: reserved dst port
+WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
+WARNING: translation string unused: rsvd dst port overlap
+WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: removable device advice
WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
+WARNING: translation string unused: reserved dst port
+WARNING: translation string unused: reserved src port
WARNING: translation string unused: restore hardware settings
WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: route subnet is invalid
WARNING: translation string unused: router ip
+WARNING: translation string unused: rsvd dst port overlap
+WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< dns servers
+< downlink
< dpd delay
< dpd timeout
< drop action
< fireinfo why enable
< fireinfo why read more
< fireinfo your profile id
-< firewall logs country
< firewall rules
+< first
< flag
< forward firewall
< fw default drop
< ipsec
< ipsec network
< ipsec no connections
+< last
< least preferred
< lifetime
< mac filter
< minimum
< minute
< most preferred
-< never
< no hardware random number generator
< not a valid dh key
< notice
< ntp common settings
< ntp sync
-< Number of Countries for the pie chart
< openvpn default
< openvpn destination port used
< openvpn disabled
< ovpn crypt options
< ovpn dh
< ovpn dh name
-< ovpn engines
< ovpn generating the root and host certificates
< ovpn ha
< ovpn hmac
< ovpn mtu-disc yes
< ovpn no connections
< ovpn port in root range
-< ovpn reneg sec
< p2p block
< p2p block save notice
< proxy reports
< show dh
< snat new source ip address
< snort working
-< source ip country
< ssh
< static routes
< support donation
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
+< uplink
< upload dh key
< upload new ruleset
< uptime
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< dns servers
+< downlink
< dpd delay
< dpd timeout
< drop action
< fireinfo why enable
< fireinfo why read more
< fireinfo your profile id
-< firewall logs country
< firewall rules
+< first
< flag
< forward firewall
< fw default drop
< ipsec
< ipsec network
< ipsec no connections
+< last
< least preferred
< lifetime
< mac filter
< minimum
< minute
< most preferred
-< never
< no hardware random number generator
< not a valid dh key
< notice
-< Number of Countries for the pie chart
< openvpn default
< openvpn destination port used
< openvpn disabled
< ovpn crypt options
< ovpn dh
< ovpn dh name
-< ovpn engines
< ovpn errmsg green already pushed
< ovpn errmsg invalid ip or mask
< ovpn generating the root and host certificates
< ovpn mtu-disc yes
< ovpn no connections
< ovpn port in root range
-< ovpn reneg sec
< ovpn routes push
< ovpn routes push options
< p2p block
< Set time on boot
< show dh
< snat new source ip address
-< source ip country
< ssh
< static routes
< support donation
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
+< uplink
< upload dh key
< uptime
< uptime load average
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< dns servers
+< downlink
< dpd delay
< dpd timeout
< drop action
< extrahd unable to read
< extrahd unable to write
< extrahd you cant mount
-< firewall logs country
< firewall rules
+< first
< flag
< forward firewall
< fw default drop
< ipsec
< ipsec network
< ipsec no connections
+< last
< least preferred
< lifetime
< mac filter
< minimum
< minute
< most preferred
-< never
< no hardware random number generator
< not a valid dh key
< notice
-< Number of Countries for the pie chart
< openvpn default
< openvpn destination port used
< openvpn disabled
< ovpn crypt options
< ovpn dh
< ovpn dh name
-< ovpn engines
< ovpn errmsg green already pushed
< ovpn errmsg invalid ip or mask
< ovpn generating the root and host certificates
< ovpn mtu-disc yes
< ovpn no connections
< ovpn port in root range
-< ovpn reneg sec
< ovpn routes push
< ovpn routes push options
< p2p block
< server restart
< show dh
< snat new source ip address
-< source ip country
< ssh
< static routes
< support donation
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
+< uplink
< upload dh key
< uptime
< uptime load average
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< dns servers
+< downlink
< dpd delay
< dpd timeout
< drop action
< extrahd unable to read
< extrahd unable to write
< extrahd you cant mount
-< firewall logs country
< firewall rules
+< first
< flag
< forward firewall
< frequency
< ipsec
< ipsec network
< ipsec no connections
+< last
< least preferred
< lifetime
< mac filter
< minute
< month-graph
< most preferred
-< never
< no hardware random number generator
< not a valid dh key
< notice
-< Number of Countries for the pie chart
< openvpn default
< openvpn destination port used
< openvpn disabled
< ovpn crypt options
< ovpn dh
< ovpn dh name
-< ovpn engines
< ovpn generating the root and host certificates
< ovpn ha
< ovpn hmac
< ovpn mtu-disc yes
< ovpn no connections
< ovpn port in root range
-< ovpn reneg sec
< p2p block
< p2p block save notice
< proxy reports
< server restart
< show dh
< snat new source ip address
-< source ip country
< ssh
< static routes
< support donation
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
+< uplink
< upload dh key
< uptime
< uptime load average
}
}
-# Darren Critchley - certain ports are reserved for IPFire
-# TCP 67,68,81,222,444
-# UDP 67,68
-# Params passed in -> port, rangeyn, protocol
-sub disallowreserved
-{
- # port 67 and 68 same for tcp and udp, don't bother putting in an array
- my $msg = "";
- my @tcp_reserved = (81,222,444);
- my $prt = $_[0]; # the port or range
- my $ryn = $_[1]; # tells us whether or not it is a port range
- my $prot = $_[2]; # protocol
- my $srcdst = $_[3]; # source or destination
- if ($ryn) { # disect port range
- if ($srcdst eq "src") {
- $msg = "$Lang::tr{'rsvd src port overlap'}";
- } else {
- $msg = "$Lang::tr{'rsvd dst port overlap'}";
- }
- my @tmprng = split(/\:/,$prt);
- unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; return; }
- unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; return; }
- if ($prot eq "tcp") {
- foreach my $prange (@tcp_reserved) {
- unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { $errormessage="$msg $prange"; return; }
- }
- }
- } else {
- if ($srcdst eq "src") {
- $msg = "$Lang::tr{'reserved src port'}";
- } else {
- $msg = "$Lang::tr{'reserved dst port'}";
- }
- if ($prt == 67) { $errormessage="$msg 67"; return; }
- if ($prt == 68) { $errormessage="$msg 68"; return; }
- if ($prot eq "tcp") {
- foreach my $prange (@tcp_reserved) {
- if ($prange == $prt) { $errormessage="$msg $prange"; return; }
- }
- }
- }
- return;
-}
-
sub writeserverconf {
my %sovpnsettings = ();
print CONF "status-version 1\n";
print CONF "status /var/log/ovpnserver.log 30\n";
print CONF "cipher $sovpnsettings{DCIPHER}\n";
- print CONF "auth $sovpnsettings{DAUTH}\n";
+ if ($sovpnsettings{'DAUTH'} eq '') {
+ print CONF "";
+ } else {
+ print CONF "auth $sovpnsettings{'DAUTH'}\n";
+ }
if ($sovpnsettings{DCOMPLZO} eq 'on') {
print CONF "comp-lzo\n";
}
my @iprange=();
my %ccdhash=();
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
- $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2;
+ $iprange[0]=$ip1.".".$ip2.".".$ip3.".".($ip4+2);
for (my $i=1;$i<=$count;$i++) {
my $tmpip=$iprange[$i-1];
my $stepper=$i*4;
}
}
-
###
### Upload CA Certificate
###
$zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
}
print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
- print CLIENTCONF "auth $vpnsettings{DAUTH}\r\n";
+ if ($vpnsettings{'DAUTH'} eq '') {
+ print CLIENTCONF "";
+ } else {
+ print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
+ }
if ($vpnsettings{DCOMPLZO} eq 'on') {
print CLIENTCONF "comp-lzo\r\n";
}
} else {
$errormessage = $Lang::tr{'invalid key'};
}
- &General::firewall_reload();
+
+ &General::firewall_reload();
###
### Download PKCS12 file
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show crl'}) {
# &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- if ( -f "${General::swroot}/ovpn/crls/cacrl.pem") {
- &Header::showhttpheaders();
- &Header::openpage($Lang::tr{'ovpn'}, 1, '');
- &Header::openbigbox('100%', 'LEFT', '', '');
- &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
- my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
- &Header::closebox();
- print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
- &Header::closebigbox();
- &Header::closepage();
- exit(0);
+ if (! -e "${General::swroot}/ovpn/crls/cacrl.pem") {
+ $errormessage = $Lang::tr{'not present'};
+ } else {
+ &Header::showhttpheaders();
+ &Header::openpage($Lang::tr{'ovpn'}, 1, '');
+ &Header::openbigbox('100%', 'LEFT', '', '');
+ &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
+ my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
+ $output = &Header::cleanhtml($output,"y");
+ print "<pre>$output</pre>\n";
+ &Header::closebox();
+ print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
+ &Header::closebigbox();
+ &Header::closepage();
+ exit(0);
}
###
&Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
print <<END;
<form method='post' enctype='multipart/form-data'>
-<table width='100%' border=0>
+ <table width='100%' border='0'>
<tr>
<td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
</tr>
<tr>
<td class='base'>mssfix</td>
<td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
+ <td>$Lang::tr{'openvpn default'}: on</td>
</tr>
<tr>
<td class='base'>$Lang::tr{'ovpn mtu-disc'}</td>
</tr>
<tr><td class='base'>$Lang::tr{'ovpn ha'}</td>
<td><select name='DAUTH'>
- <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
- <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
- <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
- <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
+ <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
+ <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
+ <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
+ <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
<option value='ecdsa-with-SHA1' $selected{'DAUTH'}{'ecdsa-with-SHA1'}>ECDSA-SHA1 (160 $Lang::tr{'bit'})</option>
- <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'})</option>
+ <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'})</option>
</select>
</td>
<td>Default: <span class="base">SHA1 (160 $Lang::tr{'bit'})</span></td>
&Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'});
print <<END;
- <table width='100%' border=0>
+ <table width='100%' border='0'>
<tr><form method='post'>
<td width='10%' nowrap='nowrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
- <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' readonly /></td></tr>
+ <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' readonly='readonly' /></td></tr>
<tr><td colspan='4' align='right'><hr><input type='submit' value='$Lang::tr{'save'}' /><input type='hidden' name='ACTION' value='editsave'/>
<input type='hidden' name='ccdname' value='$cgiparams{'ccdname'}'/><input type='submit' value='$Lang::tr{'cancel'}' />
</td></tr>
print"<td>$ccdconf[0]</td><td align='center'>$ccdconf[1]</td><td align='center'>$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1)."</td><td>";
print <<END;
<form method='post' />
- <input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} />
+ <input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
<input type='hidden' name='ACTION' value='edit'/>
<input type='hidden' name='ccdname' value='$ccdconf[0]' />
<input type='hidden' name='ccdsubnet' value='$ccdconf[1]' />
<td><input type='hidden' name='ACTION' value='kill'/>
<input type='hidden' name='number' value='$count' />
<input type='hidden' name='net' value='$ccdconf[0]' />
- <input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'remove'} title=$Lang::tr{'remove'} /></form></td></tr>
+ <input type='image' src='/images/delete.gif' align='middle' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' /></form></td></tr>
END
;
}
<td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr>
<tr><td> </td><td class='base'><input type='file' name='FH' size='30'></td></tr>
<tr><td> </td><td>Import Connection Name <img src='/blob.gif' /></td></tr>
- <tr><td> </td><td class='base'><input type='text' name='n2nname' size='30'>Default : Client Packagename</td></tr>
+ <tr><td> </td><td class='base'><input type='text' name='n2nname' size='30'>$Lang::tr{'openvpn default'}: Client Packagename</td></tr>
<tr><td colspan='3'><hr /></td></tr>
<tr><td align='right' colspan='3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
<tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' /> $Lang::tr{'this field may be blank'}</td></tr>
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
goto VPNCONF_ERROR;
- }
- #Check if remote subnet is used elsewhere
- my ($n2nip,$n2nsub)=split("/",$cgiparams{'REMOTE_SUBNET'});
- $warnmessage=&General::checksubnets('',$n2nip,'ovpn');
- if ($warnmessage){
- $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
- }
+ }
+ #Check if remote subnet is used elsewhere
+ my ($n2nip,$n2nsub)=split("/",$cgiparams{'REMOTE_SUBNET'});
+ $warnmessage=&General::checksubnets('',$n2nip,'ovpn');
+ if ($warnmessage){
+ $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
+ }
+
}
# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
<tr><td> </td>
<td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
<td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
- <tr><td> </td><td class='base'>$Lang::tr{'pkcs12 file password'}:<BR>($Lang::tr{'confirmation'})</td>
+ <tr><td> </td><td class='base'>$Lang::tr{'pkcs12 file password'}:<br>($Lang::tr{'confirmation'})</td>
<td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
<tr><td colspan='3'> </td></tr>
<tr><td colspan='3'><hr /></td></tr>
&Header::closebox();
}
- if ($warnmessage) {
- &Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
- print "$warnmessage<br>";
- print "$Lang::tr{'fwdfw warn1'}<br>";
- &Header::closebox();
- print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>";
- &Header::closepage();
- exit 0;
- }
+ if ($warnmessage) {
+ &Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
+ print "$warnmessage<br>";
+ print "$Lang::tr{'fwdfw warn1'}<br>";
+ &Header::closebox();
+ print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>";
+ &Header::closepage();
+ exit 0;
+ }
my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
my $srunning = "no";
}
&Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});
print <<END;
- <table width='100%' border=0>
+ <table width='100%' border='0'>
<form method='post'>
<td width='25%'> </td>
<td width='25%'> </td>
%tr = (
%tr,
-'Act as' => 'Konfiguriert als:',
+'Act as' => 'Konfiguriert als',
'Add Level7 rule' => 'Level7-Regel hinzufügen',
'Add Port Rule' => 'Port-Regel hinzufügen',
'Add Rule' => 'Regel hinzufügen',
'Choose Rule' => 'Wählen Sie <u>eine</u> der untenstehenden Regeln aus.',
'Class' => 'Klasse',
'Class was deleted' => 'wurde mit eventuell vorhandenen Unterklassen gelöscht',
+'Client status and controlc' => 'Client-Status und -Kontrolle',
'ConnSched action' => 'Aktion:',
'ConnSched add action' => 'Aktion hinzufügen',
'ConnSched change profile title' => 'Wechsle zu Profil:',
'Local VPN IP' => 'Internes Netzwerk (GREEN)',
'MB read' => 'MB gelesen',
'MB written' => 'MB geschrieben',
-'MTU' => 'MTU Size',
-'Number of Countries for the pie chart' => 'Anzahl der angezeigten Länder im Diagramm',
+'MTU' => 'MTU Size:',
'Number of IPs for the pie chart' => 'Anzahl der angezeigten IPs im Diagramm',
'Number of Ports for the pie chart' => 'Anzahl der angezeigten Ports im Diagramm',
'OVPN' => 'OpenVPN',
'device' => 'Gerät',
'devices on blue' => 'Geräte auf Blau',
'dh' => 'Diffie-Hellman Key',
-'dh key warn' => 'Keys mit 1024 und 2048 Bit können mehreren Minuten, 3072 und 4096 Bit bis zu mehreren Stunden dauern. Bitte haben sie Geduld.',
+'dh key warn' => 'Keys mit 1024 und 2048 Bit können mehrere Minuten, 3072 und 4096 Bit bis zu mehreren Stunden dauern. Bitte haben sie Geduld.',
'dh name is invalid' => 'Name ist ungültig, bitte "dh1024.pem" verwenden.',
'dhcp advopt add' => 'DHCP Option hinzufügen',
'dhcp advopt added' => 'DHCP Option hinzugefügt',
'dns proxy server' => 'DNS-Proxyserver',
'dns saved' => 'Erfolgreich gespeichert!',
'dns saved txt' => 'Die beiden eingegebenen DNS-Server-Adressen wurde erfolgreich gespeichert.<br/>Um die Änderung wirksam zu machen, müssen Sie neustarten oder wiederverbinden!',
-'dns server' => 'DNS Server',
+'dns server' => 'DNS-Server',
+'dns servers' => 'DNS-Server',
'dns title' => 'Domain Name System',
'dnsforward' => 'DNS-Weiterleitung',
'dnsforward add a new entry' => 'Neuen Eintrag hinzufügen',
'donation-text' => '<strong>IPFire</strong> wird von Freiwilligen in ihrer Freizeit betrieben und auch betreut. Um dieses Projekt am Laufen zu halten, entstehen uns natürlich auch Kosten. Wenn Sie uns unterstützen wollen, würden wir uns über eine kleine Spende sehr freuen.',
'dos charset' => 'DOS Charset',
'down and up speed' => 'Geben Sie bitte hier ihre Download- bzw. Upload-Geschwindigkeit ein <br /> und klicken Sie danach auf <i>Speichern</i>.',
+'downlink' => 'Downlink',
'downlink speed' => 'Downlink-Geschwindigkeit (kBit/sek)',
'downlink std class' => 'Downloadstandardklasse',
'download' => 'herunterladen',
'firewall log' => 'Firewall-Protokoll',
'firewall log viewer' => 'Betrachter der Firewall-Logdateien',
'firewall logs' => 'Firewall-Logdateien',
-'firewall logs country' => 'Fw-Logdiagramme (Land)',
'firewall logs ip' => 'Fw-Logdiagramme (IP)',
'firewall logs port' => 'Fw-Logdiagramme (Port)',
'firewall rules' => 'Firewallregeln',
'firewallhits' => 'Firewalltreffer',
'firmware' => 'Firmware',
'firmware upload' => 'Hochladen der Firmware/Treiber',
+'first' => 'Erste',
'fixed ip lease added' => 'Feste IP-Zuordnung hinzugefügt',
'fixed ip lease modified' => 'Feste IP-Zuordnung geändert',
'fixed ip lease removed' => 'Feste IP-Zuordnung gelöscht',
'lan' => 'LAN',
'lang' => 'de',
'languagepurpose' => 'Wählen Sie eine Sprache, in der IPFire angezeigt werden soll:',
+'last' => 'Letzte',
'last activity' => 'Letzte Aktivität',
'lateprompting' => 'Late prompting',
'lease expires' => 'Zuordnung verfällt',
'network traffic graphs others' => 'Netzwerk (sonstige)',
'network updated' => 'Benutzerdefiniertes Netzwerk aktualisiert',
'networks settings' => 'Firewall - Netzwerkeinstellungen',
-'never' => 'Nie',
'new optionsfw later' => 'Einige Einstellungen werden erst nach einem Neustart aktiv',
'new optionsfw must boot' => 'Sie müssen Ihren IPFire neu starten',
'newer' => 'Neuer',
'ovpn dh' => 'Diffie-Hellman Key Länge',
'ovpn dh name' => 'Diffie-Hellman Key Name',
'ovpn dl' => 'OVPN-Konfiguration downloaden',
-'ovpn engines' => 'Krypto Engine',
'ovpn errmsg green already pushed' => 'Route für grünes Netzwerk wird immer gesetzt',
'ovpn errmsg invalid ip or mask' => 'Ungültige Netzwerk-Adresse oder Subnetzmaske',
'ovpn generating the root and host certificates' => 'Die Erzeugung der Root- und Host-Zertifikate kann lange Zeit dauern.',
'ovpn on orange' => 'OpenVPN auf ORANGE:',
'ovpn on red' => 'OpenVPN auf ROT:',
'ovpn port in root range' => 'Ein Port von 1024 oder höher ist erforderlich.',
-'ovpn reneg sec' => 'Session Key Lifetime',
'ovpn routes push' => 'Routen (eine pro Zeile) z.b. 192.168.10.0/255.255.255.0 192.168.20.0/24',
'ovpn routes push options' => 'Route push Optionen',
-'ovpn server status' => 'OpenVPN-Server-Status:',
+'ovpn server status' => 'OpenVPN-Server-Status',
'ovpn subnet' => 'OpenVPN-Subnetz:',
'ovpn subnet is invalid' => 'Das OpenVPN-Subnetz ist ungültig.',
'ovpn subnet overlap' => 'OpenVPNSubnetz überschneidet sich mit ',
-'ovpn_fastio' => 'Fast-IO',
'ovpn_fragment' => 'Fragmentgrösse',
'ovpn_mssfix' => 'MSSFIX-Grösse',
'ovpn_mtudisc' => 'MTU-Discovery',
'source ip' => 'Quell-IP-Adresse',
'source ip and port' => 'Quell-IP:Port',
'source ip bad' => 'Ungültige Quell-IP-Adresse.',
-'source ip country' => 'Quell-IP-Adresse Land',
'source ip in use' => 'Benutzte Quell-IP:',
'source ip or net' => 'Quellen-IP oder Netz',
'source net' => 'Quell-Netz',
'updxlrtr weekly' => 'wöchentlich',
'updxlrtr year' => 'einem Jahr',
'upgrade' => 'upgrade',
+'uplink' => 'Uplink',
'uplink speed' => 'Uplink-Geschwindigkeit (kBit/sek)',
'uplink std class' => 'Uploadstandardklasse',
'upload' => 'Hochladen',
'vpn aggrmode' => 'IKE Aggressive Mode zugelassen. Wenn möglich, vermeiden (preshared Schlüssel wird im Klartext übertragen)!',
'vpn altname syntax' => 'Der Subjekt Alternativ Name ist eine durch Komma getrennte Liste von Email, DNS, URI, RID und IP Objekten. <br />Email: eine Email Adresse. Syntax Email: \'copy\' benutzt die Email Adresse aus dem Zertifikatfeld. <br />DNS: ein gültiger Domain Name.<br />URI: eine gültige URI.<br />RID: Registriertes Objekt Identifikation.<br />IP: eine IP Adresse.<br />Bitte beachten: der Zeichensatz ist eingeschränkt und die Groß-/Kleinschreibung ist entscheidend.<br />Beispiel:<br /><b>email:</b>info@ipfire.org<b>,email:</b>copy<b>,DNS:</b>www.ipfire.org<b>,IP:</b>127.0.0.1<b>,URI:</b>http://url/nach/irgendwo',
'vpn auth-dn' => 'Peer wird identifiziert durch entweder ein IPV4_ADDR, FQDN, USER_FQDN oder DER_ASN1_DN string in Remote ID Feld',
+'vpn configuration main' => 'VPN-Konfiguration',
'vpn delayed start' => 'Verzögerung bevor VPN gestartet wird (Sekunden)',
'vpn delayed start help' => 'Falls notwendig, kann diese Verzögerung dazu verwendet werden, um Dynamic-DNS-Updates ordnungsgemäß anzuwenden. 60 ist ein gängiger Wert, wenn ROT (RED) eine dynamische IP Adresse ist.',
'vpn incompatible use of defaultroute' => 'Hostname=%defaultroute nicht zulässig',
'Choose Rule' => 'Choose <u>one</u> of the following rules.',
'Class' => 'Class',
'Class was deleted' => 'with potential subclasses was deleted',
+'Client status and controlc' => 'Client status and control:',
'ConnSched action' => 'Action:',
'ConnSched add action' => 'Add action',
'ConnSched change profile title' => 'Change to profile:',
'MB read' => 'MB read',
'MB written' => 'MB written',
'MTU' => 'MTU size:',
-'Number of Countries for the pie chart' => 'Number of Countries for the pie chart',
'Number of IPs for the pie chart' => 'Number of IPs for the pie chart',
'Number of Ports for the pie chart' => 'Number of ports for the pie chart',
'OVPN' => 'OpenVPN',
'behind a proxy' => 'Behind a proxy:',
'bewan adsl pci st' => 'TO BE REMOVED',
'bewan adsl usb' => 'TO BE REMOVED',
-'bit' => 'bit',
+'bit' => 'Bit',
'bitrate' => 'Bitrate',
'bleeding rules' => 'Bleeding Edge Snort Rules',
'blue' => 'BLUE',
'devices on blue' => 'Devices on BLUE',
'dh' => 'Diffie-Hellman Key',
'dh key warn' => 'Keys with 1024 and 2048 bit takes up to several minutes, 3072 and 4096 bit might needs several hours. Please be patient.',
-'dh name is invalid' => 'Name ist ung\9fltig, bitte "dh1024.pem" verwenden.',
+'dh name is invalid' => 'Name is invalid, please use "dh1024.pem".',
'dhcp advopt add' => 'Add a DHCP option',
'dhcp advopt added' => 'DHCP option added',
'dhcp advopt blank value' => 'DHCP Option value cannot be empty.',
'dns saved' => 'Successfully saved!',
'dns saved txt' => 'The two entered DNS server addresses have been saved successfully.<br />You have to reboot or reconnect that the changes have effect!',
'dns server' => 'DNS Server',
+'dns servers' => 'DNS Servers',
'dns title' => 'Domain Name System',
'dnsforward' => 'DNS Forwarding',
'dnsforward add a new entry' => 'Add a new entry',
'done' => 'Do it',
'dos charset' => 'DOS Charset',
'down and up speed' => 'Enter your Down- and Uplink-Speed <br /> and then press <i>Save</i>.',
+'downlink' => 'Downlink',
'downlink speed' => 'Downlink speed (kbit/sec)',
'downlink std class' => 'downlink standard class',
'download' => 'download',
'firewallhits' => 'firewallhits',
'firmware' => 'Firmware',
'firmware upload' => 'Upload Firmware/Drivers',
+'first' => 'First',
'fixed ip lease added' => 'Fixed IP lease added',
'fixed ip lease modified' => 'Fixed IP lease modified',
'fixed ip lease removed' => 'Fixed IP lease removed',
'lan' => 'LAN',
'lang' => 'en',
'languagepurpose' => 'Select the language you wish IPFire to display in:',
+'last' => 'Last',
'last activity' => 'Last Activity',
'lateprompting' => 'Lateprompting',
'lease expires' => 'Lease expires',
'network traffic graphs others' => 'Network (others)',
'network updated' => 'Custom Network updated',
'networks settings' => 'Firewall - Network settings',
-'never' => 'Never',
'new optionsfw later' => 'Some options need a reboot to take effect',
'new optionsfw must boot' => 'You must reboot your IPFire',
'newer' => 'Newer',
'ovpn dh' => 'Diffie-Hellman key lenght',
'ovpn dh name' => 'Diffie-Hellman key name',
'ovpn dl' => 'OVPN-Config Download',
-'ovpn engines' => 'Crypto engine',
'ovpn errmsg green already pushed' => 'Route for green network is always set',
'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask',
'ovpn generating the root and host certificates' => 'Generating the root and host certifictae can take a long time.',
'ovpn on orange' => 'OpenVPN on ORANGE:',
'ovpn on red' => 'OpenVPN on RED:',
'ovpn port in root range' => 'A port number of 1024 or higher is required.',
-'ovpn reneg sec' => 'Session key lifetime:',
'ovpn routes push' => 'Routes (one per line) e.g. 192.168.10.0/255.255.255.0 192.168.20.0/24',
'ovpn routes push options' => 'Route push options',
'ovpn server status' => 'Current OpenVPN server status:',
'source ip' => 'Source IP',
'source ip and port' => 'Source IP: Port',
'source ip bad' => 'Not a valid IP address or a network address.',
-'source ip country' => 'Source IP Country',
'source ip in use' => 'Source IP in use:',
'source ip or net' => 'Source IP or Net',
'source net' => 'Source Net',
'updxlrtr weekly' => 'weekly',
'updxlrtr year' => 'one year',
'upgrade' => 'upgrade',
+'uplink' => 'Uplink',
'uplink speed' => 'Uplink speed (kbit/sec)',
'uplink std class' => 'uplink standard class',
'upload' => 'Upload',
'vpn aggrmode' => 'IKE aggressive mode allowed. Avoid if possible (preshared key is transmitted in clear text)!',
'vpn altname syntax' => 'SubjectAltName is a comma separated list of e-mail, dns, uri, rid and ip objects.<br />email:an email address. Syntax email:copy takes the email field from the cert to be used.<br />DNS:a valid domain name.<br />URI:any valid uri.<br />RID:registered object identifier.<br />IP:an IP address.<br />Note:charset is limited and case is significant.<br />Example:<br /><b>e-mail:</b>ipfire@foo.org<b>,email:</b>copy<b>,DNS:</b>www.ipfire.org<b>,IP:</b>127.0.0.1<b>,URI:</b>http://url/to/something',
'vpn auth-dn' => 'Peer is identified by either IPV4_ADDR, FQDN, USER_FQDN or DER_ASN1_DN string in remote ID field',
+'vpn configuration main' => 'VPN Configuration',
'vpn delayed start' => 'Delay before launching VPN (seconds)',
'vpn delayed start help' => 'If required, this delay can be used to allow dynamic DNS updates to propagate properly. 60 is a common value when RED is a dynamic IP.',
'vpn incompatible use of defaultroute' => 'hostname=%defaultroute not allowed',
projects / people / teissler / ipfire-2.x.git / commitdiff
