Merge remote-tracking branch 'ms/modem-status' into next
authorMichael Tremer <michael.tremer@ipfire.org>
Mon, 21 Apr 2014 12:02:17 +0000 (14:02 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Mon, 21 Apr 2014 12:02:17 +0000 (14:02 +0200)
Conflicts:
doc/language_issues.es
doc/language_issues.fr
doc/language_issues.nl
doc/language_issues.pl
doc/language_issues.ru
doc/language_issues.tr
doc/language_missings

25 files changed:
config/menu/70-log.menu
config/ovpn/openssl/ovpn.cnf
config/rootfiles/common/ppp
config/rootfiles/common/squid
config/rootfiles/common/vnstat
config/rootfiles/common/vnstati [deleted file]
doc/language_issues.de
doc/language_issues.en
doc/language_issues.es
doc/language_issues.fr
doc/language_issues.nl
doc/language_issues.pl
doc/language_issues.ru
doc/language_issues.tr
doc/language_missings
html/cgi-bin/logs.cgi/firewalllogcountry.dat [new file with mode: 0644]
html/cgi-bin/logs.cgi/showrequestfromcountry.dat [new file with mode: 0644]
html/cgi-bin/ovpnmain.cgi
langs/de/cgi-bin/de.pl
langs/en/cgi-bin/en.pl
lfs/ppp
lfs/squid
lfs/vnstat
lfs/vnstati [deleted file]
make.sh

index 25ba090..08973de 100644 (file)
                                 'title' => "$Lang::tr{'firewall logs port'}",
                                 'enabled' => 1
                                 };
+    $sublogs->{'43.firewallcountry'} = {'caption' => $Lang::tr{'firewall logs country'},
+                                'uri' => '/cgi-bin/logs.cgi/firewalllogcountry.dat',
+                                'title' => "$Lang::tr{'firewall logs country'}",
+                                'enabled' => 1
+                                };
     $sublogs->{'50.ids'} = {'caption' => $Lang::tr{'ids logs'},
                                'uri' => '/cgi-bin/logs.cgi/ids.dat',
                                'title' => "$Lang::tr{'ids logs'}",
index d82c04b..ab026c1 100644 (file)
@@ -1,46 +1,46 @@
-HOME           = .
-RANDFILE       = /var/ipfire/ovpn/ca/.rnd
-oid_section    = new_oids
+HOME                           = .
+RANDFILE                       = /var/ipfire/ovpn/ca/.rnd
+oid_section                    = new_oids
 
 [ new_oids ]
 
 [ ca ]
-default_ca     = openvpn
+default_ca                     = openvpn
 
 [ openvpn ]
-dir            = /var/ipfire/ovpn
-certs          = $dir/certs
-crl_dir                = $dir/crl
-database       = $dir/certs/index.txt
-new_certs_dir  = $dir/certs
-certificate    = $dir/ca/cacert.pem
-serial         = $dir/certs/serial
-crl            = $dir/crl.pem
-private_key    = $dir/ca/cakey.pem
-RANDFILE       = $dir/ca/.rand
-x509_extensions        = usr_cert
-default_days   = 999999
-default_crl_days= 30
-default_md     = md5
-preserve       = no
-policy         = policy_match
-email_in_dn    = no
+dir                            = /var/ipfire/ovpn
+certs                          = $dir/certs
+crl_dir                                = $dir/crl
+database                       = $dir/certs/index.txt
+new_certs_dir                  = $dir/certs
+certificate                    = $dir/ca/cacert.pem
+serial                         = $dir/certs/serial
+crl                            = $dir/crl.pem
+private_key                    = $dir/ca/cakey.pem
+RANDFILE                       = $dir/ca/.rand
+x509_extensions                        = usr_cert
+default_days                   = 999999
+default_crl_days               = 30
+default_md                     = sha256
+preserve                       = no
+policy                         = policy_match
+email_in_dn                    = no
 
 [ policy_match ]
-countryName            = optional
-stateOrProvinceName    = optional
-organizationName       = optional
-organizationalUnitName = optional
-commonName             = supplied
-emailAddress           = optional
+countryName                    = optional
+stateOrProvinceName            = optional
+organizationName               = optional
+organizationalUnitName         = optional
+commonName                     = supplied
+emailAddress                   = optional
 
 [ req ]
-default_bits           = 1024
-default_keyfile        = privkey.pem
-distinguished_name     = req_distinguished_name
-attributes             = req_attributes
-x509_extensions        = v3_ca
-string_mask = nombstr
+default_bits                   = 2048
+default_keyfile                = privkey.pem
+distinguished_name             = req_distinguished_name
+attributes                     = req_attributes
+x509_extensions                        = v3_ca
+string_mask                    = nombstr
 
 [ req_distinguished_name ]
 countryName                    = Country Name (2 letter code)
@@ -73,31 +73,31 @@ challengePassword_max               = 20
 unstructuredName               = An optional company name
 
 [ usr_cert ]
-basicConstraints=CA:FALSE
+basicConstraints               = CA:FALSE
 nsComment                      = "OpenSSL Generated Certificate"
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+subjectKeyIdentifier           = hash
+authorityKeyIdentifier         = keyid,issuer:always
 
 [ server ]
 
 # JY ADDED -- Make a cert with nsCertType set to "server"
-basicConstraints=CA:FALSE
+basicConstraints               = CA:FALSE
 nsCertType                     = server
 nsComment                      = "OpenSSL Generated Server Certificate"
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always 
+subjectKeyIdentifier           = hash
+authorityKeyIdentifier         = keyid,issuer:always 
 
 [ v3_req ]
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+basicConstraints               = CA:FALSE
+keyUsage                       = nonRepudiation, digitalSignature, keyEncipherment
 
 [ v3_ca ]
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-basicConstraints = CA:true
+subjectKeyIdentifier           = hash
+authorityKeyIdentifier         = keyid:always,issuer:always
+basicConstraints               = CA:true
 
 [ crl_ext ]
-authorityKeyIdentifier=keyid:always,issuer:always
+authorityKeyIdentifier         = keyid:always,issuer:always
 
 [ engine ]
-default = openssl
+default                        = openssl
index 60e6f5b..709e0d0 100644 (file)
@@ -14,8 +14,10 @@ etc/ppp/standardloginscript
 #usr/include/pppd/chap_ms.h
 #usr/include/pppd/eap.h
 #usr/include/pppd/ecp.h
+#usr/include/pppd/eui64.h
 #usr/include/pppd/fsm.h
 #usr/include/pppd/ipcp.h
+#usr/include/pppd/ipv6cp.h
 #usr/include/pppd/ipxcp.h
 #usr/include/pppd/lcp.h
 #usr/include/pppd/magic.h
@@ -31,18 +33,18 @@ etc/ppp/standardloginscript
 #usr/include/pppd/tdb.h
 #usr/include/pppd/upap.h
 usr/lib/pppd
-usr/lib/pppd/2.4.5
-usr/lib/pppd/2.4.5/minconn.so
-usr/lib/pppd/2.4.5/openl2tp.so
-usr/lib/pppd/2.4.5/passprompt.so
-usr/lib/pppd/2.4.5/passwordfd.so
-usr/lib/pppd/2.4.5/pppoatm.so
-usr/lib/pppd/2.4.5/pppol2tp.so
-usr/lib/pppd/2.4.5/radattr.so
-usr/lib/pppd/2.4.5/radius.so
-usr/lib/pppd/2.4.5/radrealms.so
-usr/lib/pppd/2.4.5/rp-pppoe.so
-usr/lib/pppd/2.4.5/winbind.so
+usr/lib/pppd/2.4.6
+usr/lib/pppd/2.4.6/minconn.so
+usr/lib/pppd/2.4.6/openl2tp.so
+usr/lib/pppd/2.4.6/passprompt.so
+usr/lib/pppd/2.4.6/passwordfd.so
+usr/lib/pppd/2.4.6/pppoatm.so
+usr/lib/pppd/2.4.6/pppol2tp.so
+usr/lib/pppd/2.4.6/radattr.so
+usr/lib/pppd/2.4.6/radius.so
+usr/lib/pppd/2.4.6/radrealms.so
+usr/lib/pppd/2.4.6/rp-pppoe.so
+usr/lib/pppd/2.4.6/winbind.so
 usr/sbin/chat
 usr/sbin/pppd
 usr/sbin/pppdump
index 9515dc3..76abbe8 100644 (file)
@@ -34,7 +34,7 @@ usr/lib/squid/basic_smb_auth
 usr/lib/squid/basic_smb_auth.sh
 #usr/lib/squid/cachemgr.cgi
 usr/lib/squid/cert_tool
-usr/lib/squid/digest_edirectory_auth
+usr/lib/squid/cert_valid.pl
 usr/lib/squid/digest_file_auth
 usr/lib/squid/digest_ldap_auth
 usr/lib/squid/diskd
@@ -1374,6 +1374,7 @@ usr/lib/squid/errors/pl/error-details.txt
 #usr/lib/squid/errors/pt-br/ERR_WRITE_ERROR
 #usr/lib/squid/errors/pt-br/ERR_ZERO_SIZE_OBJECT
 #usr/lib/squid/errors/pt-br/error-details.txt
+#usr/lib/squid/errors/pt-bz
 #usr/lib/squid/errors/pt-pt
 #usr/lib/squid/errors/pt/ERR_ACCESS_DENIED
 #usr/lib/squid/errors/pt/ERR_ACL_TIME_QUOTA_EXCEEDED
@@ -2148,6 +2149,7 @@ usr/lib/squid/mib.txt
 usr/lib/squid/negotiate_wrapper_auth
 usr/lib/squid/ntlm_fake_auth
 usr/lib/squid/ntlm_smb_lm_auth
+usr/lib/squid/storeid_file_rewrite
 usr/lib/squid/unlinkd
 usr/lib/squid/url_fake_rewrite
 usr/lib/squid/url_fake_rewrite.sh
@@ -2173,6 +2175,7 @@ usr/sbin/updxlrator
 #usr/share/man/man8/ext_wbinfo_group_acl.8
 #usr/share/man/man8/log_db_daemon.8
 #usr/share/man/man8/squid.8
+#usr/share/man/man8/storeid_file_rewrite.8
 #var/cache/squid
 var/ipfire/proxy/errorpage-ipfire.css
 var/ipfire/proxy/errorpage-squid.css
@@ -2190,4 +2193,3 @@ var/log/cache
 var/log/squid/access.log
 var/log/updatexlrator
 #var/logs
-#var/run/squid
index 57c54db..faabf47 100644 (file)
@@ -2,5 +2,10 @@
 #etc/cron.d/vnstat
 etc/vnstat.conf
 usr/bin/vnstat
+usr/bin/vnstati
+#usr/sbin/vnstatd
+#usr/share/man/man5/vnstat.conf.5
+#usr/share/man/man1/vnstatd.1
+#usr/share/man/man1/vnstati.1
 #usr/share/man/man1/vnstat.1
 #var/lib/vnstat
diff --git a/config/rootfiles/common/vnstati b/config/rootfiles/common/vnstati
deleted file mode 100644 (file)
index a40fc8c..0000000
+++ /dev/null
@@ -1,2 +0,0 @@
-usr/bin/vnstati
-#usr/share/man/man1/vnstati.1.gz
index 32deb09..8dbfc90 100644 (file)
@@ -378,7 +378,6 @@ WARNING: translation string unused: optionsfw portlist hint
 WARNING: translation string unused: optionsfw warning
 WARNING: translation string unused: or
 WARNING: translation string unused: original
-WARNING: translation string unused: other countries
 WARNING: translation string unused: our donors
 WARNING: translation string unused: out
 WARNING: translation string unused: outgoing firewall
@@ -401,11 +400,9 @@ WARNING: translation string unused: outgoing firewall reset
 WARNING: translation string unused: outgoing firewall view group
 WARNING: translation string unused: outgoing firewall warning
 WARNING: translation string unused: override mtu
-WARNING: translation string unused: ovpn
 WARNING: translation string unused: ovpn config
 WARNING: translation string unused: ovpn dl
 WARNING: translation string unused: ovpn log
-WARNING: translation string unused: ovpn_fastio
 WARNING: translation string unused: ovpn_fragment
 WARNING: translation string unused: ovpn_mssfix
 WARNING: translation string unused: ovpn_mtudisc
@@ -591,6 +588,7 @@ WARNING: translation string unused: use dov
 WARNING: translation string unused: use ibod
 WARNING: translation string unused: view log
 WARNING: translation string unused: vpn aggrmode
+WARNING: translation string unused: vpn configuration main
 WARNING: translation string unused: vpn incompatible use of defaultroute
 WARNING: translation string unused: vpn mtu invalid
 WARNING: translation string unused: vpn on blue
@@ -606,12 +604,14 @@ WARNING: translation string unused: xtaccess all error
 WARNING: translation string unused: xtaccess bad transfert
 WARNING: translation string unused: year-graph
 WARNING: translation string unused: yearly firewallhits
+WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: addons
 WARNING: untranslated string: bytes
 WARNING: untranslated string: community rules
 WARNING: untranslated string: dead peer detection
 WARNING: untranslated string: emerging rules
+WARNING: untranslated string: firewall logs country
 WARNING: untranslated string: fwhost err hostip
 WARNING: untranslated string: monitor interface
 WARNING: untranslated string: qos add subclass
@@ -619,3 +619,4 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: source ip country
index 4e15460..79dafe5 100644 (file)
@@ -404,7 +404,6 @@ WARNING: translation string unused: optionsfw portlist hint
 WARNING: translation string unused: optionsfw warning
 WARNING: translation string unused: or
 WARNING: translation string unused: original
-WARNING: translation string unused: other countries
 WARNING: translation string unused: our donors
 WARNING: translation string unused: out
 WARNING: translation string unused: outgoing firewall
@@ -427,7 +426,6 @@ WARNING: translation string unused: outgoing firewall reset
 WARNING: translation string unused: outgoing firewall view group
 WARNING: translation string unused: outgoing firewall warning
 WARNING: translation string unused: override mtu
-WARNING: translation string unused: ovpn
 WARNING: translation string unused: ovpn config
 WARNING: translation string unused: ovpn dl
 WARNING: translation string unused: ovpn log
@@ -625,6 +623,7 @@ WARNING: translation string unused: use dov
 WARNING: translation string unused: use ibod
 WARNING: translation string unused: view log
 WARNING: translation string unused: vpn aggrmode
+WARNING: translation string unused: vpn configuration main
 WARNING: translation string unused: vpn incompatible use of defaultroute
 WARNING: translation string unused: vpn mtu invalid
 WARNING: translation string unused: vpn on blue
@@ -640,6 +639,7 @@ WARNING: translation string unused: xtaccess all error
 WARNING: translation string unused: xtaccess bad transfert
 WARNING: translation string unused: year-graph
 WARNING: translation string unused: yearly firewallhits
+WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: bytes
 WARNING: untranslated string: fwhost err hostip
@@ -648,3 +648,4 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: source ip country
index d999375..f7649af 100644 (file)
@@ -360,7 +360,6 @@ WARNING: translation string unused: optionsfw portlist hint
 WARNING: translation string unused: optionsfw warning
 WARNING: translation string unused: or
 WARNING: translation string unused: original
-WARNING: translation string unused: other countries
 WARNING: translation string unused: out
 WARNING: translation string unused: outgoing firewall
 WARNING: translation string unused: outgoing firewall mode0
@@ -371,7 +370,6 @@ WARNING: translation string unused: outgoing firewall p2p description
 WARNING: translation string unused: outgoing firewall reset
 WARNING: translation string unused: outgoing firewall warning
 WARNING: translation string unused: override mtu
-WARNING: translation string unused: ovpn
 WARNING: translation string unused: ovpn config
 WARNING: translation string unused: ovpn dl
 WARNING: translation string unused: ovpn log
@@ -558,6 +556,7 @@ WARNING: translation string unused: use dov
 WARNING: translation string unused: use ibod
 WARNING: translation string unused: view log
 WARNING: translation string unused: vpn aggrmode
+WARNING: translation string unused: vpn configuration main
 WARNING: translation string unused: vpn incompatible use of defaultroute
 WARNING: translation string unused: vpn mtu invalid
 WARNING: translation string unused: vpn on blue
@@ -580,6 +579,7 @@ WARNING: untranslated string: ConnSched reboot
 WARNING: untranslated string: ConnSched shutdown
 WARNING: untranslated string: MB read
 WARNING: untranslated string: MB written
+WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: Set time on boot
 WARNING: untranslated string: addons
@@ -636,6 +636,9 @@ WARNING: untranslated string: countrycode
 WARNING: untranslated string: dead peer detection
 WARNING: untranslated string: deprecated fs warn
 WARNING: untranslated string: details
+WARNING: untranslated string: dh
+WARNING: untranslated string: dh key warn
+WARNING: untranslated string: dh name is invalid
 WARNING: untranslated string: dnat address
 WARNING: untranslated string: dns servers
 WARNING: untranslated string: dnsforward
@@ -674,6 +677,7 @@ WARNING: untranslated string: fireinfo why descr2
 WARNING: untranslated string: fireinfo why enable
 WARNING: untranslated string: fireinfo why read more
 WARNING: untranslated string: fireinfo your profile id
+WARNING: untranslated string: firewall logs country
 WARNING: untranslated string: firewall rules
 WARNING: untranslated string: first
 WARNING: untranslated string: flag
@@ -820,6 +824,8 @@ WARNING: untranslated string: fwhost stdnet
 WARNING: untranslated string: fwhost type
 WARNING: untranslated string: fwhost used
 WARNING: untranslated string: fwhost welcome
+WARNING: untranslated string: gen dh
+WARNING: untranslated string: generate dh key
 WARNING: untranslated string: grouptype
 WARNING: untranslated string: hardware support
 WARNING: untranslated string: imei
@@ -853,6 +859,7 @@ WARNING: untranslated string: modem status
 WARNING: untranslated string: monitor interface
 WARNING: untranslated string: most preferred
 WARNING: untranslated string: no hardware random number generator
+WARNING: untranslated string: not a valid dh key
 WARNING: untranslated string: notice
 WARNING: untranslated string: openvpn default
 WARNING: untranslated string: openvpn destination port used
@@ -867,8 +874,14 @@ WARNING: untranslated string: other
 WARNING: untranslated string: outgoing firewall access
 WARNING: untranslated string: outgoing firewall p2p allow
 WARNING: untranslated string: outgoing firewall p2p deny
+WARNING: untranslated string: ovpn crypt options
+WARNING: untranslated string: ovpn dh
+WARNING: untranslated string: ovpn dh name
 WARNING: untranslated string: ovpn errmsg green already pushed
 WARNING: untranslated string: ovpn errmsg invalid ip or mask
+WARNING: untranslated string: ovpn generating the root and host certificates
+WARNING: untranslated string: ovpn ha
+WARNING: untranslated string: ovpn hmac
 WARNING: untranslated string: ovpn mgmt in root range
 WARNING: untranslated string: ovpn mtu-disc
 WARNING: untranslated string: ovpn mtu-disc and mtu not 1500
@@ -896,8 +909,10 @@ WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: server restart
+WARNING: untranslated string: show dh
 WARNING: untranslated string: snat new source ip address
 WARNING: untranslated string: software version
+WARNING: untranslated string: source ip country
 WARNING: untranslated string: ssh
 WARNING: untranslated string: static routes
 WARNING: untranslated string: support donation
@@ -953,6 +968,7 @@ WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
 WARNING: untranslated string: uplink
+WARNING: untranslated string: upload dh key
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: vendor
index 2195676..a3084e8 100644 (file)
@@ -360,7 +360,6 @@ WARNING: translation string unused: optionsfw portlist hint
 WARNING: translation string unused: optionsfw warning
 WARNING: translation string unused: or
 WARNING: translation string unused: original
-WARNING: translation string unused: other countries
 WARNING: translation string unused: out
 WARNING: translation string unused: outgoing firewall
 WARNING: translation string unused: outgoing firewall add ip group
@@ -382,7 +381,6 @@ WARNING: translation string unused: outgoing firewall reset
 WARNING: translation string unused: outgoing firewall view group
 WARNING: translation string unused: outgoing firewall warning
 WARNING: translation string unused: override mtu
-WARNING: translation string unused: ovpn
 WARNING: translation string unused: ovpn config
 WARNING: translation string unused: ovpn dl
 WARNING: translation string unused: ovpn log
@@ -571,6 +569,7 @@ WARNING: translation string unused: use dov
 WARNING: translation string unused: use ibod
 WARNING: translation string unused: view log
 WARNING: translation string unused: vpn aggrmode
+WARNING: translation string unused: vpn configuration main
 WARNING: translation string unused: vpn incompatible use of defaultroute
 WARNING: translation string unused: vpn mtu invalid
 WARNING: translation string unused: vpn on blue
@@ -591,6 +590,7 @@ WARNING: untranslated string: ConnSched reboot
 WARNING: untranslated string: ConnSched shutdown
 WARNING: untranslated string: MB read
 WARNING: untranslated string: MB written
+WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: addons
 WARNING: untranslated string: advproxy cache-digest
@@ -646,6 +646,9 @@ WARNING: untranslated string: countrycode
 WARNING: untranslated string: dead peer detection
 WARNING: untranslated string: deprecated fs warn
 WARNING: untranslated string: details
+WARNING: untranslated string: dh
+WARNING: untranslated string: dh key warn
+WARNING: untranslated string: dh name is invalid
 WARNING: untranslated string: dnat address
 WARNING: untranslated string: dns address deleted txt
 WARNING: untranslated string: dns servers
@@ -685,6 +688,7 @@ WARNING: untranslated string: fireinfo why descr2
 WARNING: untranslated string: fireinfo why enable
 WARNING: untranslated string: fireinfo why read more
 WARNING: untranslated string: fireinfo your profile id
+WARNING: untranslated string: firewall logs country
 WARNING: untranslated string: firewall rules
 WARNING: untranslated string: first
 WARNING: untranslated string: flag
@@ -831,6 +835,8 @@ WARNING: untranslated string: fwhost stdnet
 WARNING: untranslated string: fwhost type
 WARNING: untranslated string: fwhost used
 WARNING: untranslated string: fwhost welcome
+WARNING: untranslated string: gen dh
+WARNING: untranslated string: generate dh key
 WARNING: untranslated string: grouptype
 WARNING: untranslated string: hardware support
 WARNING: untranslated string: imei
@@ -864,6 +870,7 @@ WARNING: untranslated string: modem status
 WARNING: untranslated string: monitor interface
 WARNING: untranslated string: most preferred
 WARNING: untranslated string: no hardware random number generator
+WARNING: untranslated string: not a valid dh key
 WARNING: untranslated string: notice
 WARNING: untranslated string: ntp common settings
 WARNING: untranslated string: ntp sync
@@ -878,6 +885,12 @@ WARNING: untranslated string: openvpn prefix remote subnet
 WARNING: untranslated string: openvpn subnet is used
 WARNING: untranslated string: other
 WARNING: untranslated string: outgoing firewall access
+WARNING: untranslated string: ovpn crypt options
+WARNING: untranslated string: ovpn dh
+WARNING: untranslated string: ovpn dh name
+WARNING: untranslated string: ovpn generating the root and host certificates
+WARNING: untranslated string: ovpn ha
+WARNING: untranslated string: ovpn hmac
 WARNING: untranslated string: ovpn mgmt in root range
 WARNING: untranslated string: ovpn mtu-disc
 WARNING: untranslated string: ovpn mtu-disc and mtu not 1500
@@ -903,9 +916,11 @@ WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: server restart
+WARNING: untranslated string: show dh
 WARNING: untranslated string: snat new source ip address
 WARNING: untranslated string: snort working
 WARNING: untranslated string: software version
+WARNING: untranslated string: source ip country
 WARNING: untranslated string: ssh
 WARNING: untranslated string: static routes
 WARNING: untranslated string: support donation
@@ -961,6 +976,7 @@ WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
 WARNING: untranslated string: uplink
+WARNING: untranslated string: upload dh key
 WARNING: untranslated string: upload new ruleset
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter file ext block
index cd54bc1..747f406 100644 (file)
@@ -364,7 +364,6 @@ WARNING: translation string unused: optionsfw portlist hint
 WARNING: translation string unused: optionsfw warning
 WARNING: translation string unused: or
 WARNING: translation string unused: original
-WARNING: translation string unused: other countries
 WARNING: translation string unused: our donors
 WARNING: translation string unused: out
 WARNING: translation string unused: outgoing firewall
@@ -387,7 +386,6 @@ WARNING: translation string unused: outgoing firewall reset
 WARNING: translation string unused: outgoing firewall view group
 WARNING: translation string unused: outgoing firewall warning
 WARNING: translation string unused: override mtu
-WARNING: translation string unused: ovpn
 WARNING: translation string unused: ovpn config
 WARNING: translation string unused: ovpn dl
 WARNING: translation string unused: ovpn log
@@ -574,6 +572,7 @@ WARNING: translation string unused: use dov
 WARNING: translation string unused: use ibod
 WARNING: translation string unused: view log
 WARNING: translation string unused: vpn aggrmode
+WARNING: translation string unused: vpn configuration main
 WARNING: translation string unused: vpn incompatible use of defaultroute
 WARNING: translation string unused: vpn mtu invalid
 WARNING: translation string unused: vpn on blue
@@ -595,6 +594,7 @@ WARNING: untranslated string: ConnSched reboot
 WARNING: untranslated string: ConnSched shutdown
 WARNING: untranslated string: MB read
 WARNING: untranslated string: MB written
+WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: addons
 WARNING: untranslated string: advproxy cache-digest
@@ -612,6 +612,9 @@ WARNING: untranslated string: country codes and flags
 WARNING: untranslated string: countrycode
 WARNING: untranslated string: dead peer detection
 WARNING: untranslated string: details
+WARNING: untranslated string: dh
+WARNING: untranslated string: dh key warn
+WARNING: untranslated string: dh name is invalid
 WARNING: untranslated string: dnat address
 WARNING: untranslated string: dns servers
 WARNING: untranslated string: dnsforward
@@ -632,6 +635,7 @@ WARNING: untranslated string: drop outgoing
 WARNING: untranslated string: encryption
 WARNING: untranslated string: entropy
 WARNING: untranslated string: entropy graphs
+WARNING: untranslated string: firewall logs country
 WARNING: untranslated string: firewall rules
 WARNING: untranslated string: first
 WARNING: untranslated string: flag
@@ -778,6 +782,8 @@ WARNING: untranslated string: fwhost stdnet
 WARNING: untranslated string: fwhost type
 WARNING: untranslated string: fwhost used
 WARNING: untranslated string: fwhost welcome
+WARNING: untranslated string: gen dh
+WARNING: untranslated string: generate dh key
 WARNING: untranslated string: grouptype
 WARNING: untranslated string: hardware support
 WARNING: untranslated string: imei
@@ -810,9 +816,16 @@ WARNING: untranslated string: modem status
 WARNING: untranslated string: monitor interface
 WARNING: untranslated string: most preferred
 WARNING: untranslated string: no hardware random number generator
+WARNING: untranslated string: not a valid dh key
 WARNING: untranslated string: notice
 WARNING: untranslated string: openvpn network
 WARNING: untranslated string: outgoing firewall access
+WARNING: untranslated string: ovpn crypt options
+WARNING: untranslated string: ovpn dh
+WARNING: untranslated string: ovpn dh name
+WARNING: untranslated string: ovpn generating the root and host certificates
+WARNING: untranslated string: ovpn ha
+WARNING: untranslated string: ovpn hmac
 WARNING: untranslated string: ovpn mgmt in root range
 WARNING: untranslated string: ovpn no connections
 WARNING: untranslated string: ovpn port in root range
@@ -824,8 +837,10 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: show dh
 WARNING: untranslated string: snat new source ip address
 WARNING: untranslated string: software version
+WARNING: untranslated string: source ip country
 WARNING: untranslated string: ssh
 WARNING: untranslated string: support donation
 WARNING: untranslated string: system has hwrng
@@ -879,6 +894,7 @@ WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
 WARNING: untranslated string: uplink
+WARNING: untranslated string: upload dh key
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: vendor
index d999375..f7649af 100644 (file)
@@ -360,7 +360,6 @@ WARNING: translation string unused: optionsfw portlist hint
 WARNING: translation string unused: optionsfw warning
 WARNING: translation string unused: or
 WARNING: translation string unused: original
-WARNING: translation string unused: other countries
 WARNING: translation string unused: out
 WARNING: translation string unused: outgoing firewall
 WARNING: translation string unused: outgoing firewall mode0
@@ -371,7 +370,6 @@ WARNING: translation string unused: outgoing firewall p2p description
 WARNING: translation string unused: outgoing firewall reset
 WARNING: translation string unused: outgoing firewall warning
 WARNING: translation string unused: override mtu
-WARNING: translation string unused: ovpn
 WARNING: translation string unused: ovpn config
 WARNING: translation string unused: ovpn dl
 WARNING: translation string unused: ovpn log
@@ -558,6 +556,7 @@ WARNING: translation string unused: use dov
 WARNING: translation string unused: use ibod
 WARNING: translation string unused: view log
 WARNING: translation string unused: vpn aggrmode
+WARNING: translation string unused: vpn configuration main
 WARNING: translation string unused: vpn incompatible use of defaultroute
 WARNING: translation string unused: vpn mtu invalid
 WARNING: translation string unused: vpn on blue
@@ -580,6 +579,7 @@ WARNING: untranslated string: ConnSched reboot
 WARNING: untranslated string: ConnSched shutdown
 WARNING: untranslated string: MB read
 WARNING: untranslated string: MB written
+WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: Set time on boot
 WARNING: untranslated string: addons
@@ -636,6 +636,9 @@ WARNING: untranslated string: countrycode
 WARNING: untranslated string: dead peer detection
 WARNING: untranslated string: deprecated fs warn
 WARNING: untranslated string: details
+WARNING: untranslated string: dh
+WARNING: untranslated string: dh key warn
+WARNING: untranslated string: dh name is invalid
 WARNING: untranslated string: dnat address
 WARNING: untranslated string: dns servers
 WARNING: untranslated string: dnsforward
@@ -674,6 +677,7 @@ WARNING: untranslated string: fireinfo why descr2
 WARNING: untranslated string: fireinfo why enable
 WARNING: untranslated string: fireinfo why read more
 WARNING: untranslated string: fireinfo your profile id
+WARNING: untranslated string: firewall logs country
 WARNING: untranslated string: firewall rules
 WARNING: untranslated string: first
 WARNING: untranslated string: flag
@@ -820,6 +824,8 @@ WARNING: untranslated string: fwhost stdnet
 WARNING: untranslated string: fwhost type
 WARNING: untranslated string: fwhost used
 WARNING: untranslated string: fwhost welcome
+WARNING: untranslated string: gen dh
+WARNING: untranslated string: generate dh key
 WARNING: untranslated string: grouptype
 WARNING: untranslated string: hardware support
 WARNING: untranslated string: imei
@@ -853,6 +859,7 @@ WARNING: untranslated string: modem status
 WARNING: untranslated string: monitor interface
 WARNING: untranslated string: most preferred
 WARNING: untranslated string: no hardware random number generator
+WARNING: untranslated string: not a valid dh key
 WARNING: untranslated string: notice
 WARNING: untranslated string: openvpn default
 WARNING: untranslated string: openvpn destination port used
@@ -867,8 +874,14 @@ WARNING: untranslated string: other
 WARNING: untranslated string: outgoing firewall access
 WARNING: untranslated string: outgoing firewall p2p allow
 WARNING: untranslated string: outgoing firewall p2p deny
+WARNING: untranslated string: ovpn crypt options
+WARNING: untranslated string: ovpn dh
+WARNING: untranslated string: ovpn dh name
 WARNING: untranslated string: ovpn errmsg green already pushed
 WARNING: untranslated string: ovpn errmsg invalid ip or mask
+WARNING: untranslated string: ovpn generating the root and host certificates
+WARNING: untranslated string: ovpn ha
+WARNING: untranslated string: ovpn hmac
 WARNING: untranslated string: ovpn mgmt in root range
 WARNING: untranslated string: ovpn mtu-disc
 WARNING: untranslated string: ovpn mtu-disc and mtu not 1500
@@ -896,8 +909,10 @@ WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: server restart
+WARNING: untranslated string: show dh
 WARNING: untranslated string: snat new source ip address
 WARNING: untranslated string: software version
+WARNING: untranslated string: source ip country
 WARNING: untranslated string: ssh
 WARNING: untranslated string: static routes
 WARNING: untranslated string: support donation
@@ -953,6 +968,7 @@ WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
 WARNING: untranslated string: uplink
+WARNING: untranslated string: upload dh key
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: vendor
index 9821311..0af9d3c 100644 (file)
@@ -354,7 +354,6 @@ WARNING: translation string unused: optionsfw portlist hint
 WARNING: translation string unused: optionsfw warning
 WARNING: translation string unused: or
 WARNING: translation string unused: original
-WARNING: translation string unused: other countries
 WARNING: translation string unused: out
 WARNING: translation string unused: outgoing firewall
 WARNING: translation string unused: outgoing firewall add ip group
@@ -376,7 +375,6 @@ WARNING: translation string unused: outgoing firewall reset
 WARNING: translation string unused: outgoing firewall view group
 WARNING: translation string unused: outgoing firewall warning
 WARNING: translation string unused: override mtu
-WARNING: translation string unused: ovpn
 WARNING: translation string unused: ovpn config
 WARNING: translation string unused: ovpn dl
 WARNING: translation string unused: ovpn log
@@ -563,6 +561,7 @@ WARNING: translation string unused: use dov
 WARNING: translation string unused: use ibod
 WARNING: translation string unused: view log
 WARNING: translation string unused: vpn aggrmode
+WARNING: translation string unused: vpn configuration main
 WARNING: translation string unused: vpn incompatible use of defaultroute
 WARNING: translation string unused: vpn mtu invalid
 WARNING: translation string unused: vpn on blue
@@ -584,6 +583,7 @@ WARNING: untranslated string: ConnSched shutdown
 WARNING: untranslated string: Edit an existing route
 WARNING: untranslated string: MB read
 WARNING: untranslated string: MB written
+WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: addons
 WARNING: untranslated string: advproxy cache-digest
@@ -640,6 +640,9 @@ WARNING: untranslated string: countrycode
 WARNING: untranslated string: dead peer detection
 WARNING: untranslated string: deprecated fs warn
 WARNING: untranslated string: details
+WARNING: untranslated string: dh
+WARNING: untranslated string: dh key warn
+WARNING: untranslated string: dh name is invalid
 WARNING: untranslated string: disk access per
 WARNING: untranslated string: dnat address
 WARNING: untranslated string: dns servers
@@ -669,6 +672,7 @@ WARNING: untranslated string: extrahd maybe the device is in use
 WARNING: untranslated string: extrahd to
 WARNING: untranslated string: extrahd to root
 WARNING: untranslated string: extrahd you cant mount
+WARNING: untranslated string: firewall logs country
 WARNING: untranslated string: firewall rules
 WARNING: untranslated string: first
 WARNING: untranslated string: flag
@@ -815,6 +819,8 @@ WARNING: untranslated string: fwhost stdnet
 WARNING: untranslated string: fwhost type
 WARNING: untranslated string: fwhost used
 WARNING: untranslated string: fwhost welcome
+WARNING: untranslated string: gen dh
+WARNING: untranslated string: generate dh key
 WARNING: untranslated string: grouptype
 WARNING: untranslated string: hardware support
 WARNING: untranslated string: imei
@@ -849,6 +855,7 @@ WARNING: untranslated string: modem status
 WARNING: untranslated string: monitor interface
 WARNING: untranslated string: most preferred
 WARNING: untranslated string: no hardware random number generator
+WARNING: untranslated string: not a valid dh key
 WARNING: untranslated string: notice
 WARNING: untranslated string: openvpn default
 WARNING: untranslated string: openvpn destination port used
@@ -862,6 +869,12 @@ WARNING: untranslated string: openvpn subnet is used
 WARNING: untranslated string: other
 WARNING: untranslated string: outgoing firewall access
 WARNING: untranslated string: outgoing traffic in bytes per second
+WARNING: untranslated string: ovpn crypt options
+WARNING: untranslated string: ovpn dh
+WARNING: untranslated string: ovpn dh name
+WARNING: untranslated string: ovpn generating the root and host certificates
+WARNING: untranslated string: ovpn ha
+WARNING: untranslated string: ovpn hmac
 WARNING: untranslated string: ovpn mgmt in root range
 WARNING: untranslated string: ovpn mtu-disc
 WARNING: untranslated string: ovpn mtu-disc and mtu not 1500
@@ -886,8 +899,10 @@ WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: server restart
+WARNING: untranslated string: show dh
 WARNING: untranslated string: snat new source ip address
 WARNING: untranslated string: software version
+WARNING: untranslated string: source ip country
 WARNING: untranslated string: ssh
 WARNING: untranslated string: static routes
 WARNING: untranslated string: support donation
@@ -942,6 +957,7 @@ WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
 WARNING: untranslated string: uplink
+WARNING: untranslated string: upload dh key
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: vendor
index 3e07adf..bbb832d 100644 (file)
@@ -404,7 +404,6 @@ WARNING: translation string unused: optionsfw portlist hint
 WARNING: translation string unused: optionsfw warning
 WARNING: translation string unused: or
 WARNING: translation string unused: original
-WARNING: translation string unused: other countries
 WARNING: translation string unused: our donors
 WARNING: translation string unused: out
 WARNING: translation string unused: outgoing firewall
@@ -427,7 +426,6 @@ WARNING: translation string unused: outgoing firewall reset
 WARNING: translation string unused: outgoing firewall view group
 WARNING: translation string unused: outgoing firewall warning
 WARNING: translation string unused: override mtu
-WARNING: translation string unused: ovpn
 WARNING: translation string unused: ovpn config
 WARNING: translation string unused: ovpn dl
 WARNING: translation string unused: ovpn log
@@ -625,6 +623,7 @@ WARNING: translation string unused: use dov
 WARNING: translation string unused: use ibod
 WARNING: translation string unused: view log
 WARNING: translation string unused: vpn aggrmode
+WARNING: translation string unused: vpn configuration main
 WARNING: translation string unused: vpn incompatible use of defaultroute
 WARNING: translation string unused: vpn mtu invalid
 WARNING: translation string unused: vpn on blue
@@ -644,12 +643,19 @@ WARNING: untranslated string: ConnSched dial
 WARNING: untranslated string: ConnSched hangup
 WARNING: untranslated string: ConnSched reboot
 WARNING: untranslated string: ConnSched shutdown
+WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: bytes
 WARNING: untranslated string: capabilities
 WARNING: untranslated string: count
+WARNING: untranslated string: dh
+WARNING: untranslated string: dh key warn
+WARNING: untranslated string: dh name is invalid
+WARNING: untranslated string: firewall logs country
 WARNING: untranslated string: fwdfw many
 WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: gen dh
+WARNING: untranslated string: generate dh key
 WARNING: untranslated string: imei
 WARNING: untranslated string: imsi
 WARNING: untranslated string: incoming firewall access
@@ -667,10 +673,20 @@ WARNING: untranslated string: modem no connection message
 WARNING: untranslated string: modem sim information
 WARNING: untranslated string: modem status
 WARNING: untranslated string: monitor interface
+WARNING: untranslated string: not a valid dh key
 WARNING: untranslated string: outgoing firewall access
+WARNING: untranslated string: ovpn crypt options
+WARNING: untranslated string: ovpn dh
+WARNING: untranslated string: ovpn dh name
+WARNING: untranslated string: ovpn generating the root and host certificates
+WARNING: untranslated string: ovpn ha
+WARNING: untranslated string: ovpn hmac
 WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: show dh
 WARNING: untranslated string: software version
+WARNING: untranslated string: source ip country
+WARNING: untranslated string: upload dh key
 WARNING: untranslated string: vendor
index 7b0a391..6d7bb92 100644 (file)
@@ -77,6 +77,9 @@
 < default ip
 < deprecated fs warn
 < details
+< dh
+< dh key warn
+< dh name is invalid
 < dnat address
 < dns address deleted txt
 < dnsforward
 < fw settings dropdown
 < fw settings remark
 < fw settings ruletable
+< gen dh
+< generate dh key
 < grouptype
 < hardware support
 < imei
 < modem status
 < most preferred
 < no hardware random number generator
+< not a valid dh key
 < notice
 < ntp common settings
 < ntp sync
 < other
 < our donors
 < outgoing firewall access
+< ovpn crypt options
+< ovpn dh
+< ovpn dh name
+< ovpn generating the root and host certificates
+< ovpn ha
+< ovpn hmac
 < ovpn mgmt in root range
 < ovpn mtu-disc
 < ovpn mtu-disc and mtu not 1500
 < qos enter bandwidths
 < red1
 < server restart
+< show dh
 < snat new source ip address
 < snort working
 < software version
 < updxlrtr sources
 < updxlrtr standard view
 < uplink
+< upload dh key
 < upload new ruleset
 < uptime
 < uptime load average
 < default ip
 < deprecated fs warn
 < details
+< dh
+< dh key warn
+< dh name is invalid
 < dnat address
 < dnsforward
 < dnsforward add a new entry
 < fw settings dropdown
 < fw settings remark
 < fw settings ruletable
+< gen dh
+< generate dh key
 < grouptype
 < hardware support
 < imei
 < modem status
 < most preferred
 < no hardware random number generator
+< not a valid dh key
 < notice
 < openvpn default
 < openvpn destination port used
 < outgoing firewall p2p description 2
 < outgoing firewall p2p description 3
 < outgoing firewall view group
+< ovpn crypt options
+< ovpn dh
+< ovpn dh name
 < ovpn errmsg green already pushed
 < ovpn errmsg invalid ip or mask
+< ovpn generating the root and host certificates
+< ovpn ha
+< ovpn hmac
 < ovpn mgmt in root range
 < ovpn mtu-disc
 < ovpn mtu-disc and mtu not 1500
 < red1
 < server restart
 < Set time on boot
+< show dh
 < snat new source ip address
 < software version
 < ssh
 < updxlrtr sources
 < updxlrtr standard view
 < uplink
+< upload dh key
 < uptime
 < uptime load average
 < urlfilter redirect template
 < default ip
 < deprecated fs warn
 < details
+< dh
+< dh key warn
+< dh name is invalid
 < dnat address
 < dnsforward
 < dnsforward add a new entry
 < fw settings dropdown
 < fw settings remark
 < fw settings ruletable
+< gen dh
+< generate dh key
 < grouptype
 < hardware support
 < imei
 < modem status
 < most preferred
 < no hardware random number generator
+< not a valid dh key
 < notice
 < openvpn default
 < openvpn destination port used
 < other
 < our donors
 < outgoing firewall access
+< ovpn crypt options
+< ovpn dh
+< ovpn dh name
 < ovpn errmsg green already pushed
 < ovpn errmsg invalid ip or mask
+< ovpn generating the root and host certificates
+< ovpn ha
+< ovpn hmac
 < ovpn mgmt in root range
 < ovpn mtu-disc
 < ovpn mtu-disc and mtu not 1500
 < qos enter bandwidths
 < red1
 < server restart
+< show dh
 < snat new source ip address
 < software version
 < ssh
 < updxlrtr sources
 < updxlrtr standard view
 < uplink
+< upload dh key
 < uptime
 < uptime load average
 < urlfilter redirect template
 < default ip
 < deprecated fs warn
 < details
+< dh
+< dh key warn
+< dh name is invalid
 < disk access per
 < dnat address
 < dnsforward
 < fw settings dropdown
 < fw settings remark
 < fw settings ruletable
+< gen dh
+< generate dh key
 < grouptype
 < hardware support
 < hour-graph
 < month-graph
 < most preferred
 < no hardware random number generator
+< not a valid dh key
 < notice
 < openvpn default
 < openvpn destination port used
 < our donors
 < outgoing firewall access
 < outgoing traffic in bytes per second
+< ovpn crypt options
+< ovpn dh
+< ovpn dh name
+< ovpn generating the root and host certificates
+< ovpn ha
+< ovpn hmac
 < ovpn mgmt in root range
 < ovpn mtu-disc
 < ovpn mtu-disc and mtu not 1500
 < qos enter bandwidths
 < red1
 < server restart
+< show dh
 < snat new source ip address
 < software version
 < ssh
 < updxlrtr sources
 < updxlrtr standard view
 < uplink
+< upload dh key
 < uptime
 < uptime load average
 < urlfilter redirect template
diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat b/html/cgi-bin/logs.cgi/firewalllogcountry.dat
new file mode 100644 (file)
index 0000000..af14279
--- /dev/null
@@ -0,0 +1,523 @@
+#!/usr/bin/perl
+#
+# SmoothWall CGIs
+#
+# This code is distributed under the terms of the GPL
+#
+# JC HERITIER 
+# page inspired from the initial firewalllog.dat
+#
+# Modified for IPFire by Christian Schmidt
+#                            and Michael Tremer (www.ipfire.org)
+
+use strict;
+use Geo::IP::PurePerl;
+use Getopt::Std;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+use POSIX();
+
+my %cgiparams=();
+my %settings=();
+my $pienumber;
+my $otherspie;
+my $showpie;
+my $sortcolumn;
+my $errormessage = '';
+
+$cgiparams{'pienumber'} = 10;
+$cgiparams{'otherspie'} = 1;
+$cgiparams{'showpie'} = 1;
+$cgiparams{'sortcolumn'} = 1;
+
+my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug',
+        'Sep', 'Oct', 'Nov', 'Dec' );
+my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'},
+        $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'},
+        $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'},
+        $Lang::tr{'december'} );
+
+my @now = localtime();
+my $dow = $now[6];
+my $doy = $now[7];
+my $tdoy = $now[7];
+my $year = $now[5]+1900;
+
+$cgiparams{'DAY'} = $now[3];
+$cgiparams{'MONTH'} = $now[4];
+$cgiparams{'ACTION'} = '';
+
+&General::readhash("${General::swroot}/fwlogs/ipsettings", \%settings);
+if ($settings{'pienumber'} != 0) { $cgiparams{'pienumber'} = $settings{'pienumber'} };
+if ($settings{'otherspie'} != 0) { $cgiparams{'otherspie'} = $settings{'otherspie'} };
+if ($settings{'showpie'} != 0) { $cgiparams{'showpie'} = $settings{'showpie'} };
+if ($settings{'sortcolumn'} != 0) { $cgiparams{'sortcolumn'} = $settings{'sortcolumn'} };
+
+&Header::getcgihash(\%cgiparams);
+if ($cgiparams{'pienumber'} != 0) { $settings{'pienumber'} = $cgiparams{'pienumber'} };
+if ($cgiparams{'otherspie'} != 0) { $settings{'otherspie'} = $cgiparams{'otherspie'} };
+if ($cgiparams{'showpie'} != 0) { $settings{'showpie'} = $cgiparams{'showpie'} };
+if ($cgiparams{'sortcolumn'} != 0) { $settings{'sortcolumn'} = $cgiparams{'sortcolumn'} };
+
+if ($cgiparams{'ACTION'} eq $Lang::tr{'save'})
+{
+   &General::writehash("${General::swroot}/fwlogs/ipsettings", \%settings);
+}
+
+my $start = -1;
+if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'})
+{
+        my @temp = split(',',$ENV{'QUERY_STRING'});
+        $start = $temp[0];
+        $cgiparams{'MONTH'} = $temp[1];
+        $cgiparams{'DAY'} = $temp[2];
+}
+
+if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) ||
+    !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/))
+{
+        $cgiparams{'DAY'} = $now[3];
+        $cgiparams{'MONTH'} = $now[4];
+}
+elsif($cgiparams{'ACTION'} eq '>>')
+{
+        my @temp_then=();
+        my @temp_now = localtime(time);
+        $temp_now[4] = $cgiparams{'MONTH'};
+        $temp_now[3] = $cgiparams{'DAY'};
+        @temp_then = localtime(POSIX::mktime(@temp_now) + 86400);
+           ## Retrieve the same time on the next day -
+           ## 86400 seconds in a day
+        $cgiparams{'MONTH'} = $temp_then[4];
+        $cgiparams{'DAY'} = $temp_then[3];
+}
+elsif($cgiparams{'ACTION'} eq '<<')
+{
+        my @temp_then=();
+        my @temp_now = localtime(time);
+        $temp_now[4] = $cgiparams{'MONTH'};
+        $temp_now[3] = $cgiparams{'DAY'};
+        @temp_then = localtime(POSIX::mktime(@temp_now) - 86400);
+           ## Retrieve the same time on the previous day -
+           ## 86400 seconds in a day
+        $cgiparams{'MONTH'} = $temp_then[4];
+        $cgiparams{'DAY'} = $temp_then[3];
+}
+
+if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4]))
+{
+        my @then = ();
+        if ( (  $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) ||
+                        ( $cgiparams{'MONTH'} > $now[4] ) ) {
+                @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 ));
+        } else {
+                @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 ));
+        }
+        $tdoy = $then[7];
+        my $lastleap=($year-1)%4;
+        if ($tdoy>$doy) {
+                if ($lastleap == 0 && $tdoy < 60) {
+                        $doy=$tdoy+366;
+                } else {
+                        $doy=$doy+365;
+                }
+        }
+}
+
+my $datediff=0;
+my $dowd=0;
+my $multifile=0;
+if ($tdoy ne $doy) {
+        $datediff=int(($doy-$tdoy)/7);
+        $dowd=($doy-$tdoy)%7;
+        if (($dow-$dowd)<1) {
+                $datediff=$datediff+1;
+        }
+        if (($dow-$dowd)==0) {
+                $multifile=1;
+        }
+}
+
+my $monthstr = $shortmonths[$cgiparams{'MONTH'}];
+my $longmonthstr = $longmonths[$cgiparams{'MONTH'}];
+my $day = $cgiparams{'DAY'};
+my $daystr='';
+if ($day <= 9) {
+        $daystr = " $day"; }
+else {
+        $daystr = $day;
+}
+
+my $skip=0;
+my $filestr='';
+if ($datediff==0) {
+        $filestr="/var/log/messages";
+} else {
+       $filestr="/var/log/messages.$datediff";
+       $filestr = "$filestr.gz" if -f "$filestr.gz";
+}
+
+if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) {
+        $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}";
+        $skip=1;
+        # Note: This is in case the log does not exist for that date
+}
+my $lines = 0;
+my @log=();
+
+if (!$skip)
+{
+        while (<FILE>)
+        {
+                if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
+                        $log[$lines] = $_;
+                        $lines++;
+                }
+        }
+        close (FILE);   
+}
+
+$skip=0;
+if ($multifile) {
+        $datediff=$datediff-1;
+        if ($datediff==0) {
+                $filestr="/var/log/messages";
+        } else {
+                $filestr="/var/log/messages.$datediff";
+                $filestr = "$filestr.gz" if -f "$filestr.gz";
+        }
+        if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) {
+                $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}";
+                $skip=1;
+        }
+        if (!$skip) {
+                while (<FILE>) {
+                        if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
+                                $log[$lines] = $_;
+                                $lines++;
+                        }
+                }
+                close (FILE);
+        }
+}
+
+my $MODNAME="fwlogs";
+
+&Header::showhttpheaders();
+&Header::openpage($Lang::tr{'firewall log'}, 1, '');
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+
+if ($errormessage) {
+        &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+        print "<font class='base'>$errormessage&nbsp;</font>\n";
+        &Header::closebox();
+}
+
+&Header::openbox('100%', 'left', "$Lang::tr{'settings'}");
+
+print <<END
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<table width='100%'>
+<tr>
+        <td width='10%' class='base'>$Lang::tr{'month'}:&nbsp;</td>
+        <td width='10%'>
+        <select name='MONTH'>
+END
+;
+my $month;
+for ($month = 0; $month < 12; $month++)
+{
+        print "\t<option ";
+        if ($month == $cgiparams{'MONTH'}) {
+                print "selected='selected' "; }
+        print "value='$month'>$longmonths[$month]</option>\n";
+}
+print <<END
+        </select>
+        </td>
+        <td width='10%' class='base' align='right'>&nbsp;$Lang::tr{'day'}:&nbsp;</td>
+        <td width='40%'>
+        <select name='DAY'>
+END
+;
+for ($day = 1; $day <= 31; $day++) 
+{
+        print "\t<option ";
+        if ($day == $cgiparams{'DAY'}) {
+                print "selected='selected' "; }
+        print "value='$day'>$day</option>\n";
+}
+
+if( $cgiparams{'pienumber'} != 0){$pienumber=$cgiparams{'pienumber'};}
+if( $cgiparams{'otherspie'} != 0){$otherspie=$cgiparams{'otherspie'};}
+if( $cgiparams{'showpie'} != 0){$showpie=$cgiparams{'showpie'};}
+if( $cgiparams{'sortcolumn'} != 0){$sortcolumn=$cgiparams{'sortcolumn'};}
+
+print <<END
+</select>
+</td>
+<td width='5%'  align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day before'}' value='&lt;&lt;' /></td>
+<td width='5%'  align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day after'}' value='&gt;&gt;' /></td>
+<td width='20%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td>
+</tr>
+<tr>
+       <td colspan='3' align='left' valign="left">$Lang::tr{'Number of Countries for the pie chart'}:</td>
+       <td colspan='3' align='left' valign="center"><input type='text' name='pienumber' value='$pienumber' size='4'></td>
+       <td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
+</tr>
+</table>
+</form>
+END
+;
+
+&Header::closebox();
+
+&Header::openbox('100%', 'left', 'Firewall Logs');
+print "<p><b>$Lang::tr{'firewall hits'} $longmonthstr $daystr: $lines</b></p>";
+
+my $linesjc = 0;
+my %tabjc;
+my $gi = Geo::IP::PurePerl->new();
+
+if ($pienumber == -1 || $pienumber > $lines || $sortcolumn == 2) { $pienumber = $lines; };
+$lines = 0;
+foreach $_ (@log)
+{
+  /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+  my $packet = $4;
+  $packet =~ /IN=(\w+)/;       my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
+  $packet =~ /SRC=([\d\.]+)/;  my $srcaddr=$1;
+
+  if($iface eq 'red0') {
+    if($srcaddr ne '') {
+      my $ccode = $gi->country_code_by_name($srcaddr);
+      if( $ccode eq '') {
+          $ccode = 'unknown';
+      }
+      $tabjc{$ccode} = $tabjc{$ccode} + 1 ;
+      if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; }
+      $linesjc++;
+    }
+  }
+  else {
+    if($iface ne '') {
+        $tabjc{$iface} = $tabjc{$iface} + 1 ;
+        if(($tabjc{$iface} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; }
+        $linesjc++;
+    }
+  }
+}
+
+$pienumber = $lines;
+
+my @keytabjc = keys %tabjc;
+
+my @slice;
+my $go;
+my $nblinejc;
+
+if( $cgiparams{'linejc'} eq 'all' ){ $nblinejc = $linesjc; $go=1; }
+if( ($cgiparams{'linejc'} != 0) && ($cgiparams{'linejc'} ne 'all') ){ $nblinejc = $cgiparams{'linejc'}; $go=1;}
+if( $go != 1){ $nblinejc = 1000; }
+
+my @key;
+my @value;
+my $indice=0;
+my @tabjc2;
+
+if ($sortcolumn == 1)
+{
+        @tabjc2 = sort { $b <=> $a } values (%tabjc);
+}
+else
+{
+        @tabjc2 = sort { $a <=> $b } keys (%tabjc);
+}
+
+my $colour=1;
+
+##############################################
+#pie chart generation
+use GD::Graph::pie;
+use GD::Graph::colour;
+#ips sort by hits number
+my $v;
+
+if ($sortcolumn == 1)
+{
+        for ($v=0;$v<$pienumber;$v++){
+          findkey($tabjc2[$v]);
+        }
+}
+else
+{
+        foreach $v (@tabjc2) {
+          $key[$indice] = $v;
+          $value[$indice] = $tabjc{$v};
+          $indice++;
+        }
+}
+
+my @ips;
+my @numb;
+
+@ips = @key;
+@numb = @value;
+
+my $o;
+
+if($cgiparams{'otherspie'} == 2 ){}
+else{ 
+        my $numothers;
+        for($o=0;$o<$pienumber;$o++){
+          $numothers = $numothers + $numb[$o];
+        }
+        $numothers =  $linesjc - $numothers;
+        if ($numothers > 0) {
+                $ips[$pienumber]="$Lang::tr{'otherip'}";
+                $numb[$pienumber] =  $numothers;
+        }
+}
+
+my @data = (\@ips,\@numb);
+use GD::Graph::colour qw( :files );
+
+my $color=0;
+my %color = ();
+my %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+if ($showpie != 2 && $pienumber <= 50 && $pienumber != 0) {
+        my $mygraph = GD::Graph::pie->new(500, 350);
+        $mygraph->set(
+              'title' => '',
+              'pie_height' => 50,
+              'start_angle' => 89
+             ) or warn $mygraph->error;
+
+        $mygraph->set_value_font(GD::gdMediumBoldFont);
+        $mygraph->set( dclrs => [ "$color{'color1'}" , "$color{'color2'}" , "$color{'color3'}" , "$color{'color4'}" , "$color{'color5'}" , "$color{'color6'}" , "$color{'color7'}" , "$color{'color8'}" , "$color{'color9'}" , "$color{'color10'}" ] );
+        my $myimage = $mygraph->plot(\@data) or die $mygraph->error;
+
+        my @filenames = glob("/srv/web/ipfire/html/graphs/fwlog-country*.png");
+        unlink(@filenames);
+        my $imagerandom = rand(1000000);
+        my $imagename = "/srv/web/ipfire/html/graphs/fwlog-country$imagerandom.png";
+        open(FILE,">$imagename");
+        print FILE $myimage->png;
+        close(FILE);
+        #####################################################
+        print "<div style='text-align:center;'>";
+        print "<img src='/graphs/fwlog-country$imagerandom.png'>";
+        print "</div>";
+}
+
+print <<END
+<table width='100%' class='tbl'>
+<tr>
+<th width='10%' align='center' class='boldbase'></th>
+<th width='30%' align='center' class='boldbase'><b>$Lang::tr{'country'}</b></th>
+<th width='30%' align='center' class='boldbase'><b>Count</b></th>
+<th width='30%' align='center' class='boldbase'><b>$Lang::tr{'percentage'}</b></th>
+</tr>
+END
+;
+
+my $total=0;
+my $show=0;
+
+my $s;
+my $percent;
+my $col="";
+
+for($s=0;$s<$lines;$s++)
+{
+  $show++;
+  $percent = $value[$s] * 100 / $linesjc;
+  $percent = sprintf("%.f", $percent);
+  $total = $total + $value[$s];
+  my $colorIndex = $color % 10;
+  if($colorIndex == 0) {
+    $colorIndex = 10;
+  }
+  $col="bgcolor='$color{\"color$colorIndex\"}'";
+  $color++;
+  print "<tr>";
+
+  print "<td align='center' $col><form method='post' action='showrequestfromcountry.dat'><input type='hidden' name='MONTH' value='$cgiparams{'MONTH'}'> <input type='hidden' name='DAY' value='$cgiparams{'DAY'}'> <input type='hidden' name='country' value='$key[$s]'> <input type='submit' value='details'></form></td>";
+  if($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq 'orange0') {
+      print "<td align='center' $col>$key[$s]</td>";
+  }
+  else {
+      if($key[$s] ne 'unknown' ) {
+          my $fcode = lc($key[$s]);
+          print "<td align='center' $col><a href='/cgi-bin/country.cgi#$fcode'><img src='/images/flags/$fcode.png' border='0' align='absmiddle' alt='$key[$s]' title='$key[$s]'></a></td>";}
+      else {
+          print "<td align='center' $col>$key[$s]</td>";
+      }
+  }
+  print "<td align='center' $col>$value[$s]</td>";
+  print "<td align='center' $col>$percent</td>";
+  print "</tr>";
+}
+
+if($cgiparams{'otherspie'} == 2 ){}
+else{
+  my $colorIndex = $color % 10;
+  if($colorIndex == 0) {
+    $colorIndex = 10;
+  }
+  $col="bgcolor='$color{\"color$colorIndex\"}'";
+  print "<tr>";
+
+if ( $linesjc ne "0")
+{
+my $dif;
+$dif = $linesjc - $total;
+$percent = $dif * 100 / $linesjc;
+$percent = sprintf("%.f", $percent);
+print <<END
+<td align='center' $col></TD>
+<td align='center' $col>$Lang::tr{'other countries'}</td>
+<td align='center' $col>$dif</TD>
+<td align='center' $col>$percent</TD>
+</tr>
+END
+;
+}
+}
+print <<END
+</TABLE>
+END
+;
+
+&Header::closebox();
+&Header::closebigbox();
+&Header::closepage();
+
+sub findkey {
+  my $v;
+  foreach $v (@keytabjc) {
+    if ($tabjc{$v} eq $_[0]) {
+      delete $tabjc{$v};
+      $key[$indice] = "$v";
+      $value[$indice] = $_[0];
+      $indice++;
+      last;
+    }
+  }
+}
+sub checkversion {
+        #Automatic Updates is disabled
+        return "0","0";
+}
+
diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
new file mode 100644 (file)
index 0000000..5283c42
--- /dev/null
@@ -0,0 +1,412 @@
+#!/usr/bin/perl
+# SmoothWall CGIs
+#
+# This code is distributed under the terms of the GPL
+#
+# JC HERITIER 
+# page inspired from the initial firewalllog.dat
+#
+# Modified for IPFire by Christian Schmidt (www.ipfire.org)
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+#use strict;
+use Geo::IP::PurePerl;
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+use POSIX();
+
+#workaround to suppress a warning when a variable is used only once
+my @dummy = ( ${Header::table2colour} );
+undef (@dummy);
+
+my %cgiparams=();
+my %logsettings=();
+my $errormessage = '';
+
+my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug',
+       'Sep', 'Oct', 'Nov', 'Dec' );
+my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'},
+       $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'},
+       $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'},
+       $Lang::tr{'december'} );
+
+my @now = localtime();
+my $dow = $now[6];
+my $doy = $now[7];
+my $tdoy = $now[7];
+my $year = $now[5]+1900;
+
+$cgiparams{'DAY'} = $now[3];
+$cgiparams{'MONTH'} = $now[4];
+$cgiparams{'ACTION'} = '';
+
+&Header::getcgihash(\%cgiparams);
+
+$logsettings{'LOGVIEW_REVERSE'} = 'off';
+&General::readhash("${General::swroot}/logging/settings", \%logsettings);
+
+my $start = -1;
+if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'})
+{
+       my @temp = split(',',$ENV{'QUERY_STRING'});
+       $start = $temp[0];
+       $cgiparams{'MONTH'} = $temp[1];
+       $cgiparams{'DAY'} = $temp[2];
+       $cgiparams{country} = $temp[3];
+}
+
+if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) ||
+       !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/))
+{
+       $cgiparams{'DAY'} = $now[3];
+       $cgiparams{'MONTH'} = $now[4];
+}
+elsif($cgiparams{'ACTION'} eq '>>')
+{
+        my @temp_then=();
+        my @temp_now = localtime(time);
+        $temp_now[4] = $cgiparams{'MONTH'};
+        $temp_now[3] = $cgiparams{'DAY'};
+        @temp_then = localtime(POSIX::mktime(@temp_now) + 86400);
+           ## Retrieve the same time on the next day -
+           ## 86400 seconds in a day
+        $cgiparams{'MONTH'} = $temp_then[4];
+        $cgiparams{'DAY'} = $temp_then[3];
+}
+elsif($cgiparams{'ACTION'} eq '<<')
+{
+        my @temp_then=();
+        my @temp_now = localtime(time);
+        $temp_now[4] = $cgiparams{'MONTH'};
+        $temp_now[3] = $cgiparams{'DAY'};
+        @temp_then = localtime(POSIX::mktime(@temp_now) - 86400);
+           ## Retrieve the same time on the previous day -
+           ## 86400 seconds in a day
+        $cgiparams{'MONTH'} = $temp_then[4];
+        $cgiparams{'DAY'} = $temp_then[3];
+}
+
+if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4]))
+{
+        my @then = ();
+        if ( (  $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) ||
+                        ( $cgiparams{'MONTH'} > $now[4] ) ) {
+                @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 ));
+        } else {
+                @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 ));
+        }
+        $tdoy = $then[7];
+        my $lastleap=($year-1)%4;
+        if ($tdoy>$doy) {
+                if ($lastleap == 0 && $tdoy < 60) {
+                        $doy=$tdoy+366;
+                } else {
+                        $doy=$doy+365;
+                }
+        }
+}
+my $datediff=0;
+my $dowd=0;
+my $multifile=0;
+if ($tdoy ne $doy) {
+        $datediff=int(($doy-$tdoy)/7);
+        $dowd=($doy-$tdoy)%7;
+        if (($dow-$dowd)<1) {
+                $datediff=$datediff+1;
+        }
+        if (($dow-$dowd)==0) {
+                $multifile=1;
+        }
+}
+
+my $monthstr = $shortmonths[$cgiparams{'MONTH'}];
+my $longmonthstr = $longmonths[$cgiparams{'MONTH'}];
+my $day = $cgiparams{'DAY'};
+my $daystr='';
+if ($day <= 9) {
+       $daystr = " $day"; }
+else {
+       $daystr = $day;
+}
+
+my $skip=0;
+my $filestr='';
+if ($datediff==0) {
+        $filestr="/var/log/messages";
+} else {
+       $filestr="/var/log/messages.$datediff";
+       $filestr = "$filestr.gz" if -f "$filestr.gz";
+}
+
+if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) {
+        $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}";
+        $skip=1;
+        # Note: This is in case the log does not exist for that date
+}
+my $lines = 0;
+my @log=();
+my $country = $cgiparams{country};
+my $gi = Geo::IP::PurePerl->new();
+
+if (!$skip)
+{
+    while (<FILE>)
+    {
+               if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
+            my $packet = $2;
+            $packet =~ /IN=(\w+)/;       my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
+            $packet =~ /SRC=([\d\.]+)/;  my $srcaddr=$1;
+
+            if($iface eq $country) {
+                $log[$lines] = $_;
+                $lines++;
+            }
+            elsif($srcaddr ne '') {
+                my $ccode = $gi->country_code_by_name($srcaddr);
+                if($ccode eq $country){
+                    $log[$lines] = $_;
+                    $lines++;
+                }
+            }
+               }
+       }
+       close (FILE);   
+}
+
+$skip=0;
+if ($multifile) {
+        $datediff=$datediff-1;
+        if ($datediff==0) {
+                $filestr="/var/log/messages";
+        } else {
+                $filestr="/var/log/messages.$datediff";
+                $filestr = "$filestr.gz" if -f "$filestr.gz";
+        }
+        if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) {
+                $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}";
+                $skip=1;
+        }
+        if (!$skip) {
+               while (<FILE>) {
+                       if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
+                if($_ =~  /SRC\=([\d\.]+)/){
+                    my $srcaddr=$1;
+                    my $ccode = $gi->country_code_by_name($srcaddr);
+                    if($ccode eq $country){
+                        $log[$lines] = $_;
+                        $lines++;
+                    }
+                }
+                       }
+               }
+               close (FILE);
+       }
+}
+
+&Header::showhttpheaders();
+&Header::openpage($Lang::tr{'firewall log'}, 1, '');
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+if ($errormessage) {
+       &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+       print "<font class='base'>$errormessage&nbsp;</font>\n";
+       &Header::closebox();
+}
+
+&Header::openbox('100%', 'left', "$Lang::tr{'settings'}:");
+
+print <<END
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<table width='100%'>
+<tr>
+       <td width='10%' class='base'>$Lang::tr{'month'}:&nbsp;</td>
+       <td width='10%'>
+       <select name='MONTH'>
+END
+;
+my $month;
+for ($month = 0; $month < 12; $month++)
+{
+       print "\t<option ";
+       if ($month == $cgiparams{'MONTH'}) {
+               print "selected='selected' "; }
+       print "value='$month'>$longmonths[$month]</option>\n";
+}
+print <<END
+       </select>
+       </td>
+       <td width='10%' class='base' align='right'>&nbsp;$Lang::tr{'day'}:&nbsp;</td>
+       <td width='40%'>
+       <select name='DAY'>
+END
+;
+for ($day = 1; $day <= 31; $day++) 
+{
+       print "\t<option ";
+       if ($day == $cgiparams{'DAY'}) {
+               print "selected='selected' "; }
+       print "value='$day'>$day</option>\n";
+}
+print <<END
+</select>
+</td>
+<td width='5%'  align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day before'}' value='&lt;&lt;' /></td>
+<td width='5%'  align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day after'}' value='&gt;&gt;' /></td>
+<td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td>
+<tr><td width='15%'>$Lang::tr{'source ip country'}</td><td><input type='text' name='country' value='$cgiparams{country}'size='15'></td></tr>
+</tr>
+</table>
+</form>
+END
+;
+
+&Header::closebox();
+
+&Header::openbox('100%', 'left', $Lang::tr{'firewall log'});
+print "<p><b>$Lang::tr{'firewall hits'} $longmonthstr $daystr: $lines</b></p>";
+
+if ($start == -1) {
+        $start = $lines - ${Header::viewsize}; }
+if ($start >= $lines - ${Header::viewsize}) { $start = $lines - ${Header::viewsize}; };
+if ($start < 0) { $start = 0; }
+
+my $prev = $start - ${Header::viewsize};
+my $next = $start + ${Header::viewsize};
+
+if ($prev < 0) { $prev = 0; }
+if ($next >= $lines) { $next = -1 }
+if ($start == 0) { $prev = -1; }
+
+if ($lines != 0) { &oldernewer(); }
+
+print <<END
+<table width='100%'>
+<tr>
+<td width='10%' align='center' class='boldbase'><b>$Lang::tr{'time'}</b></td>
+<td width='13%' align='center' class='boldbase'><b>$Lang::tr{'chain'}</b></td>
+<td width='5%' align='center' class='boldbase'><b>$Lang::tr{'iface'}</b></td>
+<td width='5%' align='center' class='boldbase'><b>$Lang::tr{'proto'}</b></td>
+<td width='16%' align='center' class='boldbase'><b>$Lang::tr{'source'}</b></td>
+<td width='10%' align='center' class='boldbase'><b>$Lang::tr{'src port'}</b></td>
+<td width='16%' align='center' class='boldbase'><b>$Lang::tr{'destination'}</b></td>
+<td width='16%' align='center' class='boldbase'><b>$Lang::tr{'dst port'}</b></td>
+</tr>
+END
+;
+
+my @slice = splice(@log, $start, ${Header::viewsize});
+
+if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @slice = reverse @slice; }
+
+$lines = 0;
+foreach $_ (@slice)
+{
+  $a = $_;
+  /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+  my $packet = $4;
+  $packet =~ /IN=(\w+)/;       my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
+  $packet =~ /SRC=([\d\.]+)/;  my $srcaddr=$1;
+
+  if($iface eq $country || $srcaddr ne '') {
+    my $ccode;
+    if($iface ne $country) {
+      $ccode = $gi->country_code_by_name($srcaddr);
+    }
+    if($iface eq $country || $ccode eq $country) {
+         my $chain = '';
+      my $in = '-'; my $out = '-';
+      my $srcaddr = ''; my $dstaddr = '';
+      my $protostr = '';
+      my $srcport = ''; my $dstport = '';
+
+      $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+      my $timestamp = $1; my $chain = $2; my $packet = $3;
+      $timestamp =~ /(...) (..) (..:..:..)/;
+      my $month = $1; my $day = $2; my $time = $3;
+
+      if ($a =~ /IN\=(\w+)/) { $iface = $1; }
+      if ($a =~ /OUT\=(\w+)/) { $out = $1; }
+      if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
+      if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
+      if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
+      my $protostrlc = lc($protostr);
+      if ($a =~  /SPT\=([\d\.]+)/){ $srcport = $1; }
+      if ($a =~  /DPT\=([\d\.]+)/){ $dstport = $1; }
+
+      if ($lines % 2) {
+        print "<tr bgcolor='${Header::table1colour}'>\n"; }
+      else {
+        print "<tr bgcolor='${Header::table2colour}'>\n"; }
+      print <<END
+      <td align='center'>$time</td>
+      <td align='center'>$chain</td>
+      <td align='center'>$iface</td>
+      <td align='center'>$protostr</td>
+      <td align='center'>
+      <table width='100%' cellpadding='0' cellspacing='0'><tr>
+      <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a></td>
+      </tr></table>
+      </td>
+      <td align='center'>$srcport</td>
+      <td align='center'>
+      <table width='100%' cellpadding='0' cellspacing='0'><tr>
+      <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td>
+      </tr></table>
+      </td>
+      <td align='center'>$dstport</td>
+      </tr>
+END
+       ;
+      $lines++;
+    }
+  }
+}
+
+print <<END
+</table>
+END
+;
+
+&oldernewer();
+
+&Header::closebox();
+
+&Header::closebigbox();
+
+&Header::closepage();
+
+sub oldernewer
+{
+  print <<END
+  <table width='100%'>
+  <tr>
+END
+;
+
+  print "<td align='center' width='50%'>";
+  if ($prev != -1) {
+    print "<a href='/cgi-bin/logs.cgi/showrequestfromcountry.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{country}'>$Lang::tr{'older'}</a>"; }
+  else {
+    print "$Lang::tr{'older'}"; }
+  print "</td>\n";
+
+  print "<td align='center' width='50%'>";
+  if ($next != -1) {
+    print "<a href='/cgi-bin/logs.cgi/showrequestfromcountry.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{country}'>$Lang::tr{'newer'}</a>"; }
+  else {
+   print "$Lang::tr{'newer'}"; }
+  print "</td>\n";
+
+print <<END
+  </tr>
+  </table>
+END
+;
+}
+
index 877e09c..dec27b7 100644 (file)
@@ -19,7 +19,7 @@
 #                                                                             #
 ###############################################################################
 ###
-# Based on IPFireCore 55
+# Based on IPFireCore 76
 ###
 use CGI;
 use CGI qw/:standard/;
@@ -80,6 +80,8 @@ $cgiparams{'COMPRESSION'} = 'off';
 $cgiparams{'ONLY_PROPOSED'} = 'off';
 $cgiparams{'ACTION'} = '';
 $cgiparams{'CA_NAME'} = '';
+$cgiparams{'DH_NAME'} = 'dh1024.pem';
+$cgiparams{'DHLENGHT'} = '';
 $cgiparams{'DHCP_DOMAIN'} = '';
 $cgiparams{'DHCP_DNS'} = '';
 $cgiparams{'DHCP_WINS'} = '';
@@ -88,6 +90,8 @@ $cgiparams{'DCOMPLZO'} = 'off';
 $cgiparams{'MSSFIX'} = '';
 $cgiparams{'number'} = '';
 $cgiparams{'PMTU_DISCOVERY'} = '';
+$cgiparams{'DAUTH'} = '';
+$cgiparams{'DCIPHER'} = '';
 $routes_push_file = "${General::swroot}/ovpn/routes_push";
 unless (-e $routes_push_file)    { system("touch $routes_push_file"); }
 unless (-e "${General::swroot}/ovpn/ccd.conf")    { system("touch ${General::swroot}/ovpn/ccd.conf"); }
@@ -222,6 +226,7 @@ sub checkportinc
        }
 }
 
+
 sub writeserverconf {
     my %sovpnsettings = ();  
     my @temp = ();  
@@ -243,14 +248,14 @@ sub writeserverconf {
     print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
     print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";
     print CONF "tls-server\n";
-    print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n";
-    print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n";
-    print CONF "key /var/ipfire/ovpn/certs/serverkey.pem\n";
-    print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n";
+    print CONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
+    print CONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
+    print CONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
+       print CONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n";
     my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'});
     print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
     #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
-   
+
     # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500.
     # If we doesn't use one of them, we can use the configured mtu value.
     if ($sovpnsettings{'MSSFIX'} eq 'on') 
@@ -258,8 +263,8 @@ sub writeserverconf {
     elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') 
        { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
     elsif (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
-          ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
-          ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
+       ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+       ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
        { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } 
     else 
        { print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; }
@@ -294,10 +299,10 @@ sub writeserverconf {
        print CONF "client-to-client\n";
     }
     if ($sovpnsettings{MSSFIX} eq 'on') {
-       print CONF "mssfix\n";
+               print CONF "mssfix\n";
     }
     if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
-       print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";   
+               print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
     }
 
     # Check if a valid operating mode has been choosen and use it.
@@ -313,6 +318,11 @@ sub writeserverconf {
     print CONF "status-version 1\n";
     print CONF "status /var/log/ovpnserver.log 30\n";
     print CONF "cipher $sovpnsettings{DCIPHER}\n";
+    if ($sovpnsettings{'DAUTH'} eq '') {
+        print CONF "";
+    } else {
+           print CONF "auth $sovpnsettings{'DAUTH'}\n";
+       }
     if ($sovpnsettings{DCOMPLZO} eq 'on') {
         print CONF "comp-lzo\n";
     }
@@ -731,6 +741,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
     $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
     $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
     $vpnsettings{'PMTU_DISCOVERY'} = $cgiparams{'PMTU_DISCOVERY'};
+    $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
     my @temp=();
     
     if ($cgiparams{'FRAGMENT'} eq '') {
@@ -925,9 +936,11 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
   print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; 
   print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n"; 
   print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n"; 
-  print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n"; 
+  print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n";
   print SERVERCONF "# Cipher\n"; 
-  print SERVERCONF "cipher AES-256-CBC\n"; 
+  print SERVERCONF "cipher $cgiparams{'DCIPHER'}\n";
+  print SERVERCONF "# HMAC algorithm\n";
+  print SERVERCONF "auth $cgiparams{'DAUTH'}\n";
   if ($cgiparams{'COMPLZO'} eq 'on') {
    print SERVERCONF "# Enable Compression\n";
    print SERVERCONF "comp-lzo\r\n";
@@ -952,6 +965,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
 
 if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client')
 {
+
         my @ovsubnettemp =  split(/\./,$cgiparams{'OVPN_SUBNET'});
         my $ovsubnet =  "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
         my @remsubnet =  split(/\//,$cgiparams{'REMOTE_SUBNET'});
@@ -1014,12 +1028,14 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
   print CLIENTCONF "# Auth. Client\n"; 
   print CLIENTCONF "tls-client\n"; 
   print CLIENTCONF "# Cipher\n"; 
-  print CLIENTCONF "cipher AES-256-CBC\n"; 
+  print CLIENTCONF "cipher $cgiparams{'DCIPHER'}\n";
+  print CLIENTCONF "# HMAC algorithm\n";
+  print CLIENTCONF "auth $cgiparams{'DAUTH'}\n";
   print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n";
   if ($cgiparams{'COMPLZO'} eq 'on') {
    print CLIENTCONF "# Enable Compression\n";
    print CLIENTCONF "comp-lzo\r\n";
-     }
+  }
   print CLIENTCONF "# Debug Level\n"; 
   print CLIENTCONF "verb 3\n"; 
   print CLIENTCONF "# Tunnel check\n"; 
@@ -1058,7 +1074,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
     
     if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) {
             $errormessage = $Lang::tr{'ovpn subnet is invalid'};
-       goto SETTINGS_ERROR;
+                       goto SETTINGS_ERROR;
     }
     my @tmpovpnsubnet = split("\/",$cgiparams{'DOVPN_SUBNET'});
     
@@ -1114,11 +1130,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
        $errormessage = $Lang::tr{'invalid port'};
        goto SETTINGS_ERROR;
     }
-       
-       if ($cgiparams{'DDEST_PORT'} <= 1023) {
-               $errormessage = $Lang::tr{'ovpn port in root range'};
-               goto SETTINGS_ERROR;
-       }
 
     $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
     $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
@@ -1144,7 +1155,7 @@ SETTINGS_ERROR:
 ###
 ### Reset all step 2
 ###
-}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reset'} && $cgiparams{'AREUSURE'} eq 'yes') {
+}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'} && $cgiparams{'AREUSURE'} eq 'yes') {
     my $file = '';
     &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
@@ -1154,37 +1165,64 @@ SETTINGS_ERROR:
        }
     }
     while ($file = glob("${General::swroot}/ovpn/ca/*")) {
-       unlink $file
+               unlink $file
     }
     while ($file = glob("${General::swroot}/ovpn/certs/*")) {
-       unlink $file
+               unlink $file
     }
     while ($file = glob("${General::swroot}/ovpn/crls/*")) {
-       unlink $file
+               unlink $file
     }
-    &cleanssldatabase();
+       &cleanssldatabase();
     if (open(FILE, ">${General::swroot}/ovpn/caconfig")) {
         print FILE "";
         close FILE;
     }
-    &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-    #&writeserverconf();
+       if (open(FILE, ">${General::swroot}/ovpn/ccdroute")) {
+               print FILE "";
+               close FILE;
+       }
+       if (open(FILE, ">${General::swroot}/ovpn/ccdroute2")) {
+               print FILE "";
+               close FILE;
+       }
+       while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
+               unlink $file
+       }
+       if (open(FILE, ">${General::swroot}/ovpn/ovpn-leases.db")) {
+               print FILE "";
+               close FILE;
+       }
+       if (open(FILE, ">${General::swroot}/ovpn/ovpnconfig")) {
+               print FILE "";
+               close FILE;
+       }
+       while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) {
+               system ("rm -rf $file")
+       }
 ###
 ### Reset all step 1
 ###
-}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reset'}) {
+}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'}) {
     &Header::showhttpheaders();
-    &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
-    &Header::openbigbox('100%', 'LEFT', '', '');
-    &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'});
-    print <<END
-       <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
-           <tr><td align='center'>             
-               <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: 
-               $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}
-           <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' />
-               <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td></tr>
-       </form></table>
+    &Header::openpage($Lang::tr{'ovpn'}, 1, '');
+    &Header::openbigbox('100%', 'left', '', '');
+    &Header::openbox('100%', 'left', $Lang::tr{'are you sure'});
+    print <<END;
+       <form method='post'>
+               <table width='100%'>
+                       <tr>
+                               <td align='center'>
+                               <input type='hidden' name='AREUSURE' value='yes' />
+                               <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: 
+                               $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}</td>
+                       </tr>
+                       <tr>
+                               <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' />
+                               <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td>
+                       </tr>
+               </table>
+       </form>
 END
     ;
     &Header::closebox();
@@ -1192,6 +1230,106 @@ END
     &Header::closepage();
     exit (0);
 
+###
+### Generate DH key step 2
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'} && $cgiparams{'AREUSURE'} eq 'yes') {
+       # Delete if old key exists
+    if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
+        unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
+       }
+       # Create Diffie Hellmann Parameter
+       system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache',
+       '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
+       if ($?) {
+               $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
+               unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
+       }
+
+###
+### Generate DH key step 1
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'}) {
+       &Header::showhttpheaders();
+       &Header::openpage($Lang::tr{'ovpn'}, 1, '');
+       &Header::openbigbox('100%', 'LEFT', '', '');
+       &Header::openbox('100%', 'LEFT', "$Lang::tr{'gen dh'}:");
+       print <<END;
+       <table width='100%'>
+       <tr>
+               <td width='15%'> </td> <td width='15%'></td> <td width='65%'></td>
+    </tr>
+       <tr>
+               <td class='base'>$Lang::tr{'ovpn dh'}:</td>
+               <td align='center'>
+               <form method='post'><input type='hidden' name='AREUSURE' value='yes' />
+               <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
+                       <select name='DHLENGHT'>
+                               <option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'}</option>
+                               <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
+                               <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
+                               <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
+                       </select>
+               </td>
+       </tr>
+       <tr><td colspan='4'><br></td></tr>
+       </table>
+       <table width='100%'>
+       <tr>
+               <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}:</font></b>
+               $Lang::tr{'dh key warn'}
+               </td>
+       </tr>
+       <tr>
+               <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
+               </form>
+       </tr>
+       </table>
+
+END
+       ;
+       &Header::closebox();
+       print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
+       &Header::closebigbox();
+       &Header::closepage();
+       exit (0);
+
+###
+### Upload DH key
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload dh key'}) {
+    if ($cgiparams{'DH_NAME'} !~ /dh1024.pem/) {
+        $errormessage = $Lang::tr{'dh name is invalid'};
+        goto UPLOADCA_ERROR;
+       }
+    if (ref ($cgiparams{'FH'}) ne 'Fh') {
+         $errormessage = $Lang::tr{'there was no file upload'};
+         goto UPLOADCA_ERROR;
+    }
+       # Move uploaded dh key to a temporary file
+    (my $fh, my $filename) = tempfile( );
+    if (copy ($cgiparams{'FH'}, $fh) != 1) {
+        $errormessage = $!;
+           goto UPLOADCA_ERROR;
+    }
+       my $temp = `/usr/bin/openssl dhparam -text -in $filename`;
+    if ($temp !~ /DH Parameters: \((1024|2048|3072|4096) bit\)/) {
+        $errormessage = $Lang::tr{'not a valid dh key'};
+        unlink ($filename);
+        goto UPLOADCA_ERROR;
+    } else {
+    # Delete if old key exists
+    if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
+        unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
+       }
+    move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
+               if ($? ne 0) {
+                       $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
+                       unlink ($filename);
+                       goto UPLOADCA_ERROR;
+               }
+    }
+
 ###
 ### Upload CA Certificate
 ###
@@ -1210,7 +1348,7 @@ END
 
     if ($cgiparams{'CA_NAME'} eq 'ca') {
        $errormessage = $Lang::tr{'name is invalid'};
-       goto UPLOAD_CA_ERROR;
+       goto UPLOADCA_ERROR;
     }
 
     # Check if there is no other entry with this name
@@ -1268,7 +1406,7 @@ END
 
     if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") {
        &Header::showhttpheaders();
-       &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+       &Header::openpage($Lang::tr{'ovpn'}, 1, '');
        &Header::openbigbox('100%', 'LEFT', '', $errormessage);
        &Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:");
        my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
@@ -1345,10 +1483,10 @@ END
        }
        if ($assignedcerts) {
            &Header::showhttpheaders();
-           &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+           &Header::openpage($Lang::tr{'ovpn'}, 1, '');
            &Header::openbigbox('100%', 'LEFT', '', $errormessage);
            &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'});
-           print <<END
+           print <<END;
                <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
                       <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
                    <tr><td align='center'>
@@ -1380,7 +1518,7 @@ END
     $cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
     my $output;
     &Header::showhttpheaders();
-    &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+    &Header::openpage($Lang::tr{'ovpn'}, 1, '');
     &Header::openbigbox('100%', 'LEFT', '', '');
     if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
        &Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:");
@@ -1646,7 +1784,7 @@ END
            }
        } else {        # child
            unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
-                       '-days', '999999', '-newkey', 'rsa:2048',
+                       '-days', '999999', '-newkey', 'rsa:4096',
                        '-keyout', "${General::swroot}/ovpn/ca/cakey.pem",
                        '-out', "${General::swroot}/ovpn/ca/cacert.pem",
                        '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
@@ -1677,7 +1815,7 @@ END
            }
        } else {        # child
            unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
-                       '-newkey', 'rsa:1024',
+                       '-newkey', 'rsa:2048',
                        '-keyout', "${General::swroot}/ovpn/certs/serverkey.pem",
                        '-out', "${General::swroot}/ovpn/certs/serverreq.pem",
                        '-extensions', 'server',
@@ -1729,8 +1867,7 @@ END
        }
        # Create Diffie Hellmann Parameter
        system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache',
-              '-out', "${General::swroot}/ovpn/ca/dh1024.pem",
-              '1024' );
+              '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
        if ($?) {
            $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
            unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
@@ -1748,7 +1885,7 @@ END
     ROOTCERT_ERROR:
     if ($cgiparams{'ACTION'} ne '') {
        &Header::showhttpheaders();
-       &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+       &Header::openpage($Lang::tr{'ovpn'}, 1, '');
        &Header::openbigbox('100%', 'LEFT', '', '');
        if ($errormessage) {
            &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
@@ -1757,7 +1894,7 @@ END
            &Header::closebox();
        }
        &Header::openbox('100%', 'LEFT', "$Lang::tr{'generate root/host certificates'}:");
-       print <<END
+    print <<END;
        <form method='post' enctype='multipart/form-data'>
        <table width='100%' border='0' cellspacing='1' cellpadding='0'>
        <tr><td width='30%' class='base'>$Lang::tr{'organization name'}:</td>
@@ -1790,19 +1927,35 @@ END
            }
            print ">$country</option>";
        }
-       print <<END
-           </select></td>
-           <td colspan='2'>&nbsp;</td></tr>
+    print <<END;
+       </select></td>
+       <tr><td class='base'>$Lang::tr{'ovpn dh'}:</td>
+               <td class='base'><select name='DHLENGHT'>
+                               <option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'}</option>
+                               <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
+                               <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
+                               <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
+                       </select>
+               </td>
+       </tr>
+
        <tr><td>&nbsp;</td>
            <td><input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' /></td>
            <td>&nbsp;</td><td>&nbsp;</td></tr> 
        <tr><td class='base' colspan='4' align='left'>
            <img src='/blob.gif' valign='top' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
-       <tr><td class='base' colspan='4' align='left'>
-           <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: 
-           $Lang::tr{'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient'}
-       </td></tr>
-       <tr><td colspan='4' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
+       <tr><td colspan='4'><br><br></td></tr>
+       <tr><td class='base' colspan='4' align='center'>
+           <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}:</font></b>
+               $Lang::tr{'ovpn generating the root and host certificates'}
+               </td>
+       </tr>
+       <tr><td class='base' colspan='4' align='center'>
+               $Lang::tr{'dh key warn'}
+               </td>
+       </tr>
+
+       <tr><td colspan='4'><hr></td></tr>
        <tr><td class='base' nowrap='nowrap'>$Lang::tr{'upload p12 file'}:</td>
            <td nowrap='nowrap'><input type='file' name='FH' size='32'></td>
            <td colspan='2'>&nbsp;</td></tr>
@@ -1813,12 +1966,13 @@ END
            <td><input type='submit' name='ACTION' value='$Lang::tr{'upload p12 file'}' /></td>
             <td colspan='2'>&nbsp;</td></tr>
        <tr><td class='base' colspan='4' align='left'>
-           <img src='/blob.gif' valign='top' al='*' >&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
+           <img src='/blob.gif' valign='top' al='*' >&nbsp;$Lang::tr{'this field may be blank'}</td>
+       </tr>
        </form></table>
 END
        ;
        &Header::closebox();
-
+       print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
        &Header::closebigbox();
        &Header::closepage();
         exit(0)
@@ -1951,12 +2105,14 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
    print CLIENTCONF "# Auth. Client\n"; 
    print CLIENTCONF "tls-client\n"; 
    print CLIENTCONF "# Cipher\n"; 
-   print CLIENTCONF "cipher AES-256-CBC\n"; 
+   print CLIENTCONF "cipher $confighash{$cgiparams{'KEY'}}[40]\n";
+   print CLIENTCONF "# HMAC algorithm\n";
+   print CLIENTCONF "auth $confighash{$cgiparams{'KEY'}}[39]\n";
     if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") { 
         print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n";
      $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
    } 
-    if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') {
+   if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') {
    print CLIENTCONF "# Enable Compression\n";
    print CLIENTCONF "comp-lzo\r\n";
      }
@@ -2051,6 +2207,11 @@ else
        $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";    
     }
     print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
+       if ($vpnsettings{'DAUTH'} eq '') {
+        print CLIENTCONF "";
+    } else {
+           print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
+       }
     if ($vpnsettings{DCOMPLZO} eq 'on') {
         print CLIENTCONF "comp-lzo\r\n";
     }
@@ -2159,7 +2320,8 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
     } else {
        $errormessage = $Lang::tr{'invalid key'};
     }
-       &General::firewall_reload();
+
+    &General::firewall_reload();
 
 ###
 ### Download PKCS12 file
@@ -2180,7 +2342,7 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
 
     if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
        &Header::showhttpheaders();
-       &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+       &Header::openpage($Lang::tr{'ovpn'}, 1, '');
        &Header::openbigbox('100%', 'LEFT', '', '');
        &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
        my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
@@ -2192,25 +2354,50 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
        &Header::closepage();
        exit(0);
     }
+
+###
+### Display Diffie-Hellman key
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show dh'}) {
+
+    if (! -e "${General::swroot}/ovpn/ca/dh1024.pem") {
+               $errormessage = $Lang::tr{'not present'};
+       } else {
+               &Header::showhttpheaders();
+               &Header::openpage($Lang::tr{'ovpn'}, 1, '');
+               &Header::openbigbox('100%', 'LEFT', '', '');
+               &Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:");
+               my $output = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
+               $output = &Header::cleanhtml($output,"y");
+               print "<pre>$output</pre>\n";
+               &Header::closebox();
+               print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
+               &Header::closebigbox();
+               &Header::closepage();
+               exit(0);
+    }
+
 ###
 ### Display Certificate Revoke List
 ###
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show crl'}) {
 #    &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
-    if ( -f "${General::swroot}/ovpn/crls/cacrl.pem") {
-       &Header::showhttpheaders();
-       &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
-       &Header::openbigbox('100%', 'LEFT', '', '');
-       &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
-       my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
-       $output = &Header::cleanhtml($output,"y");
-       print "<pre>$output</pre>\n";
-       &Header::closebox();
-       print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
-       &Header::closebigbox();
-       &Header::closepage();
-       exit(0);
+       if (! -e "${General::swroot}/ovpn/crls/cacrl.pem") {
+               $errormessage = $Lang::tr{'not present'};
+       } else {
+        &Header::showhttpheaders();
+           &Header::openpage($Lang::tr{'ovpn'}, 1, '');
+           &Header::openbigbox('100%', 'LEFT', '', '');
+           &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
+           my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
+           $output = &Header::cleanhtml($output,"y");
+           print "<pre>$output</pre>\n";
+           &Header::closebox();
+           print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
+           &Header::closebigbox();
+           &Header::closepage();
+           exit(0);
     }
 
 ###
@@ -2231,19 +2418,22 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
 #    }
 ADV_ERROR:
     if ($cgiparams{'MAX_CLIENTS'} eq '') {
-       $cgiparams{'MAX_CLIENTS'} =  '100';     
+               $cgiparams{'MAX_CLIENTS'} =  '100';
     }
     if ($cgiparams{'KEEPALIVE_1'} eq '') {
-       $cgiparams{'KEEPALIVE_1'} =  '10';     
+               $cgiparams{'KEEPALIVE_1'} =  '10';
     }
     if ($cgiparams{'KEEPALIVE_2'} eq '') {
-       $cgiparams{'KEEPALIVE_2'} =  '60';     
+               $cgiparams{'KEEPALIVE_2'} =  '60';
     }
     if ($cgiparams{'LOG_VERB'} eq '') {
-       $cgiparams{'LOG_VERB'} =  '3';
+               $cgiparams{'LOG_VERB'} =  '3';
     }
     if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
-       $cgiparams{'PMTU_DISCOVERY'} = 'off';
+               $cgiparams{'PMTU_DISCOVERY'} = 'off';
+    }
+    if ($cgiparams{'DAUTH'} eq '') {
+               $cgiparams{'DAUTH'} = 'SHA1';
     }
     $checked{'CLIENT2CLIENT'}{'off'} = '';
     $checked{'CLIENT2CLIENT'}{'on'} = '';
@@ -2251,7 +2441,6 @@ ADV_ERROR:
     $checked{'REDIRECT_GW_DEF1'}{'off'} = '';
     $checked{'REDIRECT_GW_DEF1'}{'on'} = '';
     $checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED';
-    $selected{'ENGINES'}{$cgiparams{'ENGINES'}} = 'SELECTED';
     $checked{'MSSFIX'}{'off'} = '';
     $checked{'MSSFIX'}{'on'} = '';
     $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
@@ -2269,7 +2458,14 @@ ADV_ERROR:
     $selected{'LOG_VERB'}{'11'} = '';
     $selected{'LOG_VERB'}{'0'} = '';
     $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
-   
+    $selected{'DAUTH'}{'whirlpool'} = '';
+    $selected{'DAUTH'}{'SHA512'} = '';
+    $selected{'DAUTH'}{'SHA384'} = '';
+    $selected{'DAUTH'}{'SHA256'} = '';
+    $selected{'DAUTH'}{'ecdsa-with-SHA1'} = '';
+    $selected{'DAUTH'}{'SHA1'} = '';
+    $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
+
     &Header::showhttpheaders();
     &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
     &Header::openbigbox('100%', 'LEFT', '', $errormessage);    
@@ -2280,34 +2476,34 @@ ADV_ERROR:
        &Header::closebox();
     }
     &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
-    print <<END
+    print <<END;
     <form method='post' enctype='multipart/form-data'>
     <table width='100%' border='0'>
-    <tr>
-       <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
+       <tr>
+               <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
     </tr>
     <tr>
-       <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
+               <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
     </tr>      
     <tr>               
-       <td class='base'>Domain</td>
+               <td class='base'>Domain</td>
         <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30'  /></td>
     </tr>
     <tr>       
-       <td class='base'>DNS</td>
-       <td><input type='TEXT' name='DHCP_DNS' value='$cgiparams{'DHCP_DNS'}' size='30' /></td>
+               <td class='base'>DNS</td>
+               <td><input type='TEXT' name='DHCP_DNS' value='$cgiparams{'DHCP_DNS'}' size='30' /></td>
     </tr>      
     <tr>       
-       <td class='base'>WINS</td>
-       <td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td>
-       </tr>
+               <td class='base'>WINS</td>
+               <td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td>
+       </tr>
     <tr>
-       <td colspan='4'><b>$Lang::tr{'ovpn routes push options'}</b></td>
+               <td colspan='4'><b>$Lang::tr{'ovpn routes push options'}</b></td>
     </tr>
     <tr>       
-       <td class='base'>$Lang::tr{'ovpn routes push'}</td>
-  <td colspan='2'>
-       <textarea name='ROUTES_PUSH' cols='26' rows='6' wrap='off'>
+               <td class='base'>$Lang::tr{'ovpn routes push'}</td>
+               <td colspan='2'>
+               <textarea name='ROUTES_PUSH' cols='26' rows='6' wrap='off'>
 END
 ;
 
@@ -2322,42 +2518,40 @@ print <<END;
     </tr>
 </table>
 <hr size='1'>
-    <table width='100%'>
+<table width='100%'>
     <tr>
-       <td class'base'><b>$Lang::tr{'misc-options'}</b></td>
+               <td class'base'><b>$Lang::tr{'misc-options'}</b></td>
     </tr>
     <tr>
-       <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
+               <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
     </tr>
     <tr>
-       <td class='base'>Client-To-Client</td>
-       <td><input type='checkbox' name='CLIENT2CLIENT' $checked{'CLIENT2CLIENT'}{'on'} /></td>
+               <td class='base'>Client-To-Client</td>
+               <td><input type='checkbox' name='CLIENT2CLIENT' $checked{'CLIENT2CLIENT'}{'on'} /></td>
     </tr>
     <tr>       
-       <td class='base'>Redirect-Gateway def1</td>
-       <td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td>
+               <td class='base'>Redirect-Gateway def1</td>
+               <td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td>
     </tr>
     <tr>       
         <td class='base'>Max-Clients</td>
         <td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='10' /></td>
     </tr>      
-       <tr>
+       <tr>
          <td class='base'>Keepalive <br />
            (ping/ping-restart)</td>
          <td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='10' /></td>
          <td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='10' /></td>
     </tr>
-       <tr>
+       <tr>
          <td class='base'>fragment <br></td>
          <td><input type='TEXT' name='FRAGMENT' value='$cgiparams{'FRAGMENT'}' size='10' /></td>
-        <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td>
-      </tr>
-       <tr>
+       </tr>
+       <tr>
          <td class='base'>mssfix</td>
          <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
-         <td>$Lang::tr{'openvpn default'}: on</td>
-         </tr>
-
+             <td>$Lang::tr{'openvpn default'}: on</td>
+       </tr>
        <tr>
                <td class='base'>$Lang::tr{'ovpn mtu-disc'}</td>
                <td><input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}</td>
@@ -2367,46 +2561,55 @@ print <<END;
        </tr>
 </table>
 
-<!--
 <hr size='1'>
-    <table width='100%'>
+<table width='100%'>
     <tr>
<td class'base'><b>Crypto-Engines</b></td>
              <td class'base'><b>$Lang::tr{'log-options'}</b></td>
     </tr>
     <tr>
-       <td width='15%'></td> <td width='30%'> </td><td width='25%'> </td><td width='30%'></td>
-    </tr>      
-    <tr><td class='base'>Engines:</td>        
-        <td><select name='ENGINES'><option value="none" $selected{'ENGINES'}{'none'}>none</option>
-                                   <option value="cryptodev" $selected{'ENGINES'}{'cryptodev'}>cryptodev</option>
-                                   <option value="padlock" $selected{'ENGINES'}{'padlock'}>padlock</option>
+               <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td>
+    </tr>
+
+    <tr><td class='base'>VERB</td>
+        <td><select name='LOG_VERB'>
+                               <option value='0'  $selected{'LOG_VERB'}{'0'}>0</option>
+                               <option value='1'  $selected{'LOG_VERB'}{'1'}>1</option>
+                               <option value='2'  $selected{'LOG_VERB'}{'2'}>2</option>
+                               <option value='3'  $selected{'LOG_VERB'}{'3'}>3</option>
+                               <option value='4'  $selected{'LOG_VERB'}{'4'}>4</option>
+                               <option value='5'  $selected{'LOG_VERB'}{'5'}>5</option>
+                               <option value='6'  $selected{'LOG_VERB'}{'6'}>6</option>
+                               <option value='7'  $selected{'LOG_VERB'}{'7'}>7</option>
+                               <option value='8'  $selected{'LOG_VERB'}{'8'}>8</option>
+                               <option value='9'  $selected{'LOG_VERB'}{'9'}>9</option>
+                               <option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
+                               <option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
                        </select>
-               </td>   
+               </td>
+       </tr>
 </table>
--->
+
 <hr size='1'>
-    <table width='100%'>
-    <tr>
-       <td class'base'><b>$Lang::tr{'log-options'}</b></td>
-    </tr>
+<table width='100%'>
     <tr>
-       <td width='15%'></td> <td width='30%'> </td><td width='25%'> </td><td width='30%'></td>
+               <td class'base'><b>$Lang::tr{'ovpn crypt options'}</b></td>
+       </tr>
+       <tr>
+               <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td>
     </tr>      
-       
-    <tr><td class='base'>VERB</td>        
-        <td><select name='LOG_VERB'><option value='1'  $selected{'LOG_VERB'}{'1'}>1</option>
-                                   <option value='2'  $selected{'LOG_VERB'}{'2'}>2</option>
-                                   <option value='3'  $selected{'LOG_VERB'}{'3'}>3</option>
-                                   <option value='4'  $selected{'LOG_VERB'}{'4'}>4</option>
-                                   <option value='5'  $selected{'LOG_VERB'}{'5'}>5</option>
-                                   <option value='6'  $selected{'LOG_VERB'}{'6'}>6</option>                                                                
-                                   <option value='7'  $selected{'LOG_VERB'}{'7'}>7</option>
-                                   <option value='8'  $selected{'LOG_VERB'}{'8'}>8</option>
-                                   <option value='9'  $selected{'LOG_VERB'}{'9'}>9</option>
-                                   <option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
-                                   <option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
-                                   <option value='0'  $selected{'LOG_VERB'}{'0'}>0</option></select></td>      
+    <tr><td class='base'>$Lang::tr{'ovpn ha'}</td>
+               <td><select name='DAUTH'>
+                               <option value='whirlpool'                       $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
+                               <option value='SHA512'                          $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
+                               <option value='SHA384'                          $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
+                               <option value='SHA256'                          $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
+                               <option value='ecdsa-with-SHA1'         $selected{'DAUTH'}{'ecdsa-with-SHA1'}>ECDSA-SHA1 (160 $Lang::tr{'bit'})</option>
+                               <option value='SHA1'                            $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'})</option>
+                       </select>
+               </td>
+               <td>Default: <span class="base">SHA1 (160 $Lang::tr{'bit'})</span></td>
 </table><hr>
+
 END
 
 if ( -e "/var/run/openvpn.pid"){
@@ -2484,7 +2687,7 @@ if ($cgiparams{'ACTION'} eq "edit"){
        
        &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'});
 
-       print <<END
+    print <<END;
     <table width='100%' border='0'>
     <tr><form method='post'>
        <td width='10%' nowrap='nowrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
@@ -2498,7 +2701,7 @@ END
        &Header::closebox();
 
        &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
-       print <<END
+    print <<END;
     <table width='100%' border='0'  cellpadding='0' cellspacing='1'>
     <tr>
        <td class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd used'}</td><td width='3%'></td><td width='3%'></td></tr>
@@ -2528,7 +2731,7 @@ END
                print "$Lang::tr{'ccd noaddnet'}<br><hr>";
        }
        
-       print <<END
+    print <<END;
     <table width='100%' cellpadding='0' cellspacing='1'>
     <tr>
        <td class='boldbase' align='center' nowrap='nowrap' width='20%'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center' width='8%'><b>$Lang::tr{'network'}</td><td class='boldbase' width='8%' align='center' nowrap='nowrap'><b>$Lang::tr{'ccd used'}</td><td width='1%' align='center'></td><td width='1%' align='center'></td></tr>
@@ -2546,7 +2749,7 @@ END
                if ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}
                else{            print" <tr bgcolor='$color{'color20'}'>";}
                print"<td>$ccdconf[0]</td><td align='center'>$ccdconf[1]</td><td align='center'>$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1)."</td><td>";
-print <<END
+        print <<END;
                <form method='post' />
                <input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
                <input type='hidden' name='ACTION' value='edit'/>
@@ -2582,7 +2785,7 @@ END
 #
 #      <td><b>$Lang::tr{'protocol'}</b></td>
 # protocol temp removed 
-    print <<END
+    print <<END;
     <table width='100%' cellpadding='2' cellspacing='0' class='tbl'>
     <tr>
        <th><b>$Lang::tr{'common name'}</b></th>
@@ -2661,7 +2864,7 @@ END
        }
        
        print "</table>";
-       print <<END
+    print <<END;
        <table width='100%' border='0' cellpadding='2' cellspacing='0'>
        <tr><td></td></tr>
        <tr><td></td></tr>
@@ -2770,13 +2973,13 @@ END
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') {
        &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
        &Header::showhttpheaders();
-       &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+       &Header::openpage($Lang::tr{'ovpn'}, 1, '');
        &Header::openbigbox('100%', 'LEFT', '', '');
        &Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'});
 
 if ( -s "${General::swroot}/ovpn/settings") {
 
-       print <<END
+    print <<END;
            <b>$Lang::tr{'connection type'}:</b><br />
            <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
            <tr><td><input type='radio' name='TYPE' value='host' checked /></td>
@@ -2797,7 +3000,7 @@ END
        
 
 } else {
-       print <<END
+    print <<END;
                    <b>$Lang::tr{'connection type'}:</b><br />
            <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
            <tr><td><input type='radio' name='TYPE' value='host' checked /></td> <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
@@ -2809,6 +3012,7 @@ END
 }
 
        &Header::closebox();
+       print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
        &Header::closebigbox();
        &Header::closepage();
        exit (0);
@@ -2943,8 +3147,9 @@ END
        
 my $complzoactive;
 my $mssfixactive;
+my $authactive;
 my $n2nfragment;
-my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]);;
+my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]);
 my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
 my @n2nproto = split(/-/, $n2nproto2[1]);
 my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]);
@@ -2961,6 +3166,8 @@ my @n2novpnsub =  split(/\./,$n2novpnsuball[1]);
 my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]);
 my @n2nmgmt =  split(/ /, (grep { /^management/ } @firen2nconf)[0]);
 my @n2nlocalsub  = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]);
+my @n2ncipher = split(/ /, (grep { /^cipher/ } @firen2nconf)[0]);
+my @n2nauth = split(/ /, (grep { /^auth/ } @firen2nconf)[0]);
 
 
 ###
@@ -2980,6 +3187,8 @@ $n2nlocalsub[2] =~ s/\n|\r//g;
 $n2nfragment[1] =~ s/\n|\r//g;
 $n2nmgmt[2] =~ s/\n|\r//g;
 $n2nmtudisc[1] =~ s/\n|\r//g;
+$n2ncipher[1] =~ s/\n|\r//g;
+$n2nauth[1] =~ s/\n|\r//g;
 chomp ($complzoactive);
 chomp ($mssfixactive);
 
@@ -3016,7 +3225,7 @@ foreach my $dkey (keys %confighash) {
        }
 
 ###
-# Check im Dest Port is vaild
+# Check if Dest Port is vaild
 ###
 
 foreach my $dkey (keys %confighash) {
@@ -3033,7 +3242,7 @@ foreach my $dkey (keys %confighash) {
        
   $key = &General::findhasharraykey (\%confighash);
 
-       foreach my $i (0 .. 39) { $confighash{$key}[$i] = "";}
+       foreach my $i (0 .. 41) { $confighash{$key}[$i] = "";}
 
        $confighash{$key}[0] = 'off';
        $confighash{$key}[1] = $n2nname[0];
@@ -3055,7 +3264,8 @@ foreach my $dkey (keys %confighash) {
        $confighash{$key}[30] = $complzoactive;
        $confighash{$key}[31] = $n2ntunmtu[1];
        $confighash{$key}[38] = $n2nmtudisc[1]; 
-
+       $confighash{$key}[39] = $n2nauth[1];
+       $confighash{$key}[40] = $n2ncipher[1];
 
   &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
  
@@ -3075,7 +3285,7 @@ foreach my $dkey (keys %confighash) {
                &Header::openbox('100%', 'LEFT', 'import ipfire net2net config');
        }
        if ($errormessage eq ''){
-               print <<END             
+        print <<END;
                <!-- ipfire net2net config gui -->
                <table width='100%'>
                <tr><td width='25%'>&nbsp;</td><td width='25%'>&nbsp;</td></tr>
@@ -3084,16 +3294,18 @@ foreach my $dkey (keys %confighash) {
                <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td><td><b>$confighash{$key}[6]</b></td></tr>                                                              
                <tr><td class='boldbase' nowrap='nowrap'>Remote Host </td><td><b>$confighash{$key}[10]</b></td></tr>
                <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td><td><b>$confighash{$key}[8]</b></td></tr>
-               <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td><td><b>$confighash{$key}[11]</b></td></tr>
+               <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}:</td><td><b>$confighash{$key}[11]</b></td></tr>
                <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td><td><b>$confighash{$key}[27]</b></td></tr>
                <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td><td><b>$confighash{$key}[28]</b></td></tr>
                <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'destination port'}:</td><td><b>$confighash{$key}[29]</b></td></tr>
                <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td><td><b>$confighash{$key}[30]</b></td></tr>
-               <tr><td class='boldbase' nowrap='nowrap'>MSSFIX </td><td><b>$confighash{$key}[23]</b></td></tr>
-               <tr><td class='boldbase' nowrap='nowrap'>Fragment </td><td><b>$confighash{$key}[24]</b></td></tr>
+               <tr><td class='boldbase' nowrap='nowrap'>MSSFIX:</td><td><b>$confighash{$key}[23]</b></td></tr>
+               <tr><td class='boldbase' nowrap='nowrap'>Fragment:</td><td><b>$confighash{$key}[24]</b></td></tr>
                <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
-               <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td><td><b>$confighash{$key}[38]</b></td></tr>
-               <tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
+               <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}:</td><td><b>$confighash{$key}[38]</b></td></tr>
+               <tr><td class='boldbase' nowrap='nowrap'>Management Port:</td><td><b>$confighash{$key}[22]</b></td></tr>
+               <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn hmac'}:</td><td><b>$confighash{$key}[39]</b></td></tr>
+               <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td><td><b>$confighash{$key}[40]</b></td></tr>
                <tr><td>&nbsp;</td><td>&nbsp;</td></tr> 
     </table>
 END
@@ -3111,7 +3323,7 @@ END
        }       
        &Header::closebigbox();
        &Header::closepage();
-       exit(0);        
+       exit(0);
 
 
 ##
@@ -3164,33 +3376,35 @@ if ($confighash{$cgiparams{'KEY'}}) {
                    $errormessage = $Lang::tr{'invalid key'};
                    goto VPNCONF_END;
                }
-               $cgiparams{'ENABLED'}                   = $confighash{$cgiparams{'KEY'}}[0];
-               $cgiparams{'NAME'}                              = $confighash{$cgiparams{'KEY'}}[1];
-               $cgiparams{'TYPE'}                              = $confighash{$cgiparams{'KEY'}}[3];
-               $cgiparams{'AUTH'}                              = $confighash{$cgiparams{'KEY'}}[4];
-               $cgiparams{'PSK'}                               = $confighash{$cgiparams{'KEY'}}[5];
-               $cgiparams{'SIDE'}                              = $confighash{$cgiparams{'KEY'}}[6];
-               $cgiparams{'LOCAL_SUBNET'}              = $confighash{$cgiparams{'KEY'}}[8];
-               $cgiparams{'REMOTE'}                    = $confighash{$cgiparams{'KEY'}}[10];
+               $cgiparams{'ENABLED'}           = $confighash{$cgiparams{'KEY'}}[0];
+               $cgiparams{'NAME'}              = $confighash{$cgiparams{'KEY'}}[1];
+               $cgiparams{'TYPE'}              = $confighash{$cgiparams{'KEY'}}[3];
+               $cgiparams{'AUTH'}              = $confighash{$cgiparams{'KEY'}}[4];
+               $cgiparams{'PSK'}               = $confighash{$cgiparams{'KEY'}}[5];
+               $cgiparams{'SIDE'}              = $confighash{$cgiparams{'KEY'}}[6];
+               $cgiparams{'LOCAL_SUBNET'}      = $confighash{$cgiparams{'KEY'}}[8];
+               $cgiparams{'REMOTE'}            = $confighash{$cgiparams{'KEY'}}[10];
                $cgiparams{'REMOTE_SUBNET'}     = $confighash{$cgiparams{'KEY'}}[11];
-               $cgiparams{'OVPN_MGMT'}                 = $confighash{$cgiparams{'KEY'}}[22];
-               $cgiparams{'MSSFIX'}                    = $confighash{$cgiparams{'KEY'}}[23];
-               $cgiparams{'FRAGMENT'}                  = $confighash{$cgiparams{'KEY'}}[24];
-               $cgiparams{'REMARK'}                    = $confighash{$cgiparams{'KEY'}}[25];
-               $cgiparams{'INTERFACE'}                 = $confighash{$cgiparams{'KEY'}}[26];
-               $cgiparams{'OVPN_SUBNET'}               = $confighash{$cgiparams{'KEY'}}[27];
-               $cgiparams{'PROTOCOL'}                  = $confighash{$cgiparams{'KEY'}}[28];
-               $cgiparams{'DEST_PORT'}                 = $confighash{$cgiparams{'KEY'}}[29];
-               $cgiparams{'COMPLZO'}                   = $confighash{$cgiparams{'KEY'}}[30];
-               $cgiparams{'MTU'}                               = $confighash{$cgiparams{'KEY'}}[31];
-               $cgiparams{'CHECK1'}                    = $confighash{$cgiparams{'KEY'}}[32];
+               $cgiparams{'OVPN_MGMT'}         = $confighash{$cgiparams{'KEY'}}[22];
+               $cgiparams{'MSSFIX'}            = $confighash{$cgiparams{'KEY'}}[23];
+               $cgiparams{'FRAGMENT'}          = $confighash{$cgiparams{'KEY'}}[24];
+               $cgiparams{'REMARK'}            = $confighash{$cgiparams{'KEY'}}[25];
+               $cgiparams{'INTERFACE'}         = $confighash{$cgiparams{'KEY'}}[26];
+               $cgiparams{'OVPN_SUBNET'}       = $confighash{$cgiparams{'KEY'}}[27];
+               $cgiparams{'PROTOCOL'}          = $confighash{$cgiparams{'KEY'}}[28];
+               $cgiparams{'DEST_PORT'}         = $confighash{$cgiparams{'KEY'}}[29];
+               $cgiparams{'COMPLZO'}           = $confighash{$cgiparams{'KEY'}}[30];
+               $cgiparams{'MTU'}               = $confighash{$cgiparams{'KEY'}}[31];
+               $cgiparams{'CHECK1'}            = $confighash{$cgiparams{'KEY'}}[32];
                $name=$cgiparams{'CHECK1'}      ;
-               $cgiparams{$name}                               = $confighash{$cgiparams{'KEY'}}[33];
-               $cgiparams{'RG'}                                = $confighash{$cgiparams{'KEY'}}[34];
-               $cgiparams{'CCD_DNS1'}                  = $confighash{$cgiparams{'KEY'}}[35];
-               $cgiparams{'CCD_DNS2'}                  = $confighash{$cgiparams{'KEY'}}[36];
-               $cgiparams{'CCD_WINS'}                  = $confighash{$cgiparams{'KEY'}}[37];
+               $cgiparams{$name}               = $confighash{$cgiparams{'KEY'}}[33];
+               $cgiparams{'RG'}                = $confighash{$cgiparams{'KEY'}}[34];
+               $cgiparams{'CCD_DNS1'}          = $confighash{$cgiparams{'KEY'}}[35];
+               $cgiparams{'CCD_DNS2'}          = $confighash{$cgiparams{'KEY'}}[36];
+               $cgiparams{'CCD_WINS'}          = $confighash{$cgiparams{'KEY'}}[37];
                $cgiparams{'PMTU_DISCOVERY'}    = $confighash{$cgiparams{'KEY'}}[38];
+               $cgiparams{'DAUTH'}             = $confighash{$cgiparams{'KEY'}}[39];
+               $cgiparams{'DCIPHER'}           = $confighash{$cgiparams{'KEY'}}[40];
        } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
        $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
        
@@ -3500,7 +3714,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
                  goto VPNCONF_ERROR;
                }
 
-       if ($cgiparams{'OVPN_MGMT'} eq  '') {
+       if ($cgiparams{'OVPN_MGMT'} eq '') {
                $cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'};              
                }
        
@@ -3509,13 +3723,14 @@ if ($cgiparams{'TYPE'} eq 'net') {
                  unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
            rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
                  goto VPNCONF_ERROR;
-       }
-       #Check if remote subnet is used elsewhere
-       my ($n2nip,$n2nsub)=split("/",$cgiparams{'REMOTE_SUBNET'});
-       $warnmessage=&General::checksubnets('',$n2nip,'ovpn');
-       if ($warnmessage){
-               $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
-       }
+       }
+       #Check if remote subnet is used elsewhere
+       my ($n2nip,$n2nsub)=split("/",$cgiparams{'REMOTE_SUBNET'});
+       $warnmessage=&General::checksubnets('',$n2nip,'ovpn');
+       if ($warnmessage){
+               $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
+       }
 }
 
 #      if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
@@ -3727,6 +3942,8 @@ if ($cgiparams{'TYPE'} eq 'net') {
            }
            if ($cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
                $errormessage = $Lang::tr{'invalid input for name'};
+               unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+               rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
                goto VPNCONF_ERROR;
            }
            if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) {
@@ -3799,7 +4016,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
                }
            } else {    # child
                unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
-                       '-newkey', 'rsa:1024',
+                       '-newkey', 'rsa:2048',
                        '-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
                        '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
                        '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
@@ -3868,7 +4085,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
        
        if (! $key) {
            $key = &General::findhasharraykey (\%confighash);
-           foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";}
+           foreach my $i (0 .. 41) { $confighash{$key}[$i] = "";}
        }
        $confighash{$key}[0]            = $cgiparams{'ENABLED'};
        $confighash{$key}[1]            = $cgiparams{'NAME'};
@@ -3887,13 +4104,13 @@ if ($cgiparams{'TYPE'} eq 'net') {
            $confighash{$key}[6]        = $cgiparams{'SIDE'};
            $confighash{$key}[11]       = $cgiparams{'REMOTE_SUBNET'};
        }
-       $confighash{$key}[8]                    = $cgiparams{'LOCAL_SUBNET'};
+       $confighash{$key}[8]            = $cgiparams{'LOCAL_SUBNET'};
        $confighash{$key}[10]           = $cgiparams{'REMOTE'};
-  if ($cgiparams{'OVPN_MGMT'} eq '') {
+       if ($cgiparams{'OVPN_MGMT'} eq '') {
        $confighash{$key}[22]           = $confighash{$key}[29];
-  } else {
+       } else {
        $confighash{$key}[22]           = $cgiparams{'OVPN_MGMT'};
-  }
+       }
        $confighash{$key}[23]           = $cgiparams{'MSSFIX'};
        $confighash{$key}[24]           = $cgiparams{'FRAGMENT'};
        $confighash{$key}[25]           = $cgiparams{'REMARK'};
@@ -3911,8 +4128,9 @@ if ($cgiparams{'TYPE'} eq 'net') {
        $confighash{$key}[35]           = $cgiparams{'CCD_DNS1'};
        $confighash{$key}[36]           = $cgiparams{'CCD_DNS2'};
        $confighash{$key}[37]           = $cgiparams{'CCD_WINS'};
-       $confighash{$key}[38]                   = $cgiparams{'PMTU_DISCOVERY'};
-
+       $confighash{$key}[38]           = $cgiparams{'PMTU_DISCOVERY'};
+       $confighash{$key}[39]           = $cgiparams{'DAUTH'};
+       $confighash{$key}[40]           = $cgiparams{'DCIPHER'};
 
        &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
        
@@ -4022,11 +4240,12 @@ if ($cgiparams{'TYPE'} eq 'net') {
 ###    
         $cgiparams{'MSSFIX'} = 'on';
         $cgiparams{'FRAGMENT'} = '1300';
-       $cgiparams{'PMTU_DISCOVERY'} = 'off';
+        $cgiparams{'PMTU_DISCOVERY'} = 'off';
+        $cgiparams{'DAUTH'} = 'SHA1';
 ###
 # m.a.d n2n end
 ###    
-       $cgiparams{'SIDE'} = 'left';
+        $cgiparams{'SIDE'} = 'left';
        if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) {
            $cgiparams{'AUTH'} = 'psk';
        } elsif ( ! -f "${General::swroot}/ovpn/ca/cacert.pem") {
@@ -4087,10 +4306,35 @@ if ($cgiparams{'TYPE'} eq 'net') {
     }
     $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
 
+    $selected{'DAUTH'}{'whirlpool'} = '';
+    $selected{'DAUTH'}{'SHA512'} = '';
+    $selected{'DAUTH'}{'SHA384'} = '';
+    $selected{'DAUTH'}{'SHA256'} = '';
+    $selected{'DAUTH'}{'ecdsa-with-SHA1'} = '';
+    $selected{'DAUTH'}{'SHA1'} = '';
+    $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
+
+    $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
+    $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
+    $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
+    $selected{'DCIPHER'}{'AES-256-CBC'} = '';
+    $selected{'DCIPHER'}{'AES-192-CBC'} = '';
+    $selected{'DCIPHER'}{'AES-128-CBC'} = '';
+    $selected{'DCIPHER'}{'DESX-CBC'} = '';
+    $selected{'DCIPHER'}{'SEED-CBC'} = '';
+    $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
+    $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
+    $selected{'DCIPHER'}{'CAST5-CBC'} = '';
+    $selected{'DCIPHER'}{'BF-CBC'} = '';
+    $selected{'DCIPHER'}{'RC2-CBC'} = '';
+    $selected{'DCIPHER'}{'DES-CBC'} = '';
+    $selected{'DCIPHER'}{'RC2-64-CBC'} = '';
+    $selected{'DCIPHER'}{'RC2-40-CBC'} = '';
+    $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
 
     if (1) {
        &Header::showhttpheaders();
-       &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+       &Header::openpage($Lang::tr{'ovpn'}, 1, '');
        &Header::openbigbox('100%', 'LEFT', '', $errormessage);
        if ($errormessage) {
            &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
@@ -4116,28 +4360,25 @@ if ($cgiparams{'TYPE'} eq 'net') {
 
        &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:");
        print "<table width='100%'  border='0'>\n";
-       
-       
-       
+
        print "<tr><td width='14%' class='boldbase'>$Lang::tr{'name'}: </td>";
        
        if ($cgiparams{'TYPE'} eq 'host') {
            if ($cgiparams{'KEY'}) {
                print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
            } else {
-                       
                print "<td width='35%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' size='30' /></td>";
            }
 #          print "<tr><td>$Lang::tr{'interface'}</td>";
 #          print "<td><select name='INTERFACE'>";
 #          print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED</option>";
-#          if ($netsettings{'BLUE_DEV'} ne '') {
-#              print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE</option>";
-#          }
-#          print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN</option>";
-#          print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>";
-#          print "</select></td></tr>";
-#          print <<END
+#              if ($netsettings{'BLUE_DEV'} ne '') {
+#                      print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE</option>";
+#              }
+#              print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN</option>";
+#              print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>";
+#              print "</select></td></tr>";
+#              print <<END;
        } else {
            print "<input type='hidden' name='INTERFACE' value='red' />";
            if ($cgiparams{'KEY'}) {
@@ -4145,58 +4386,95 @@ if ($cgiparams{'TYPE'} eq 'net') {
            } else {
                print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>";
            }
-           
-           
-           
-           print <<END
+
+           print <<END;
                    <td width='25%'>&nbsp;</td>
                    <td width='25%'>&nbsp;</td></tr>
+
                <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>
                    <td><select name='SIDE'><option value='server' $selected{'SIDE'}{'server'}>$Lang::tr{'openvpn server'}</option>
                                            <option value='client' $selected{'SIDE'}{'client'}>$Lang::tr{'openvpn client'}</option></select></td>
+
                    <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
                    <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td></tr>
+
                <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
                    <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td>
+
                    <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
                    <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td></tr>
+
                <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td>
-                   <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td></tr>
-               <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
-                
-     <td><select name='PROTOCOL'><option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
-                                               <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>   
-                   
-        <td class='boldbase'>$Lang::tr{'destination port'}:</td>
-                   <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td></tr>
-               <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'} &nbsp;<img src='/blob.gif'</td>
-                   <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
-                   
-                     <tr><td class='boldbase' nowrap='nowrap'>mssfix &nbsp;<img src='/blob.gif' /></td>
-                   <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
-        <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td>
-        
-          <tr><td class='boldbase' nowrap='nowrap'>fragment &nbsp;<img src='/blob.gif' /></td>
-                   <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td>
-                   <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td>
-                   
-               <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;<img src='/blob.gif' /></td>
-                   <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td>
-        <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td>
-        
-        <tr><td class='boldbase' nowrap='nowrap'>Management Port&nbsp;<img src='/blob.gif' /></td>
-                   <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
-        <td colspan='2'>$Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}</span></td>
+                   <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td>
 
-       <tr>
-               <td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td>
-               <td colspan='3'>
-                       <input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}
-                       <input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}
-                       <input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}
-                       <input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'}
-               </td>
-       </tr>
+                       <td class='boldbase'>$Lang::tr{'destination port'}:</td>
+                       <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td>
+
+               <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
+                       <td><select name='PROTOCOL'><option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
+                                               <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>
+
+               <td class='boldbase' nowrap='nowrap'>Management Port ($Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}): &nbsp;<img src='/blob.gif' /></td>
+                       <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
+               </tr>
+
+               <tr><td class='boldbase'>$Lang::tr{'cipher'}</td>
+                       <td><select name='DCIPHER'>
+                                       <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
+                                       <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (196 $Lang::tr{'bit'})</option>
+                                       <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
+                                       <option value='AES-256-CBC'     $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option>
+                                       <option value='AES-192-CBC'     $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
+                                       <option value='AES-128-CBC'     $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
+                                       <option value='DES-EDE3-CBC'    $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'})</option>
+                                       <option value='DESX-CBC'        $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'})</option>
+                                       <option value='SEED-CBC'        $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
+                                       <option value='DES-EDE-CBC'     $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'})</option>
+                                       <option value='BF-CBC'          $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'})</option>
+                                       <option value='CAST5-CBC'       $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'})</option>
+                                       <option value='RC2-CBC'         $selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC (128 $Lang::tr{'bit'})</option>
+                                       <option value='DES-CBC'         $selected{'DCIPHER'}{'DES-CBC'}>DES-CBC (64 $Lang::tr{'bit'} not recommended)</option>
+                                       <option value='RC2-64-CBC'      $selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-CBC (64 $Lang::tr{'bit'} not recommended)</option>
+                                       <option value='RC2-40-CBC'      $selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-CBC (40 $Lang::tr{'bit'} not recommended)</option>
+                               </select>
+                       </td>
+
+                       <td class='boldbase'>$Lang::tr{'ovpn ha'}:</td>
+                       <td><select name='DAUTH'>
+                                       <option value='whirlpool'       $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
+                                       <option value='SHA512'          $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
+                                       <option value='SHA384'          $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
+                                       <option value='SHA256'          $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
+                                       <option value='ecdsa-with-SHA1' $selected{'DAUTH'}{'ecdsa-with-SHA1'}>ECDSA-SHA1 (160 $Lang::tr{'bit'})</option>
+                                       <option value='SHA1'            $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'} Default)</option>
+                               </select>
+                       </td>
+               </tr>
+
+               <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;<img src='/blob.gif' /></td>
+                       <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td>
+                       <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td>
+
+               <tr><td class='boldbase' nowrap='nowrap'>fragment: &nbsp;<img src='/blob.gif' /></td>
+                       <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td>
+                       <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td>
+
+               <tr><td class='boldbase' nowrap='nowrap'>mssfix: &nbsp;<img src='/blob.gif' /></td>
+                       <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
+                       <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td>
+
+        <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'} &nbsp;<img src='/blob.gif'</td>
+                       <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
+               </tr>
+
+               <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}:</td>
+                       <td colspan='3'>
+                               <input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}
+                               <input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}
+                               <input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}
+                               <input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'}
+                       </td>
+               </tr>
 
 END
 ;
@@ -4260,7 +4538,7 @@ if ($cgiparams{'TYPE'} eq 'host') {
  
  if ($cgiparams{'TYPE'} eq 'host') {
 
-print <<END
+    print <<END;
            <table width='100%' cellpadding='0' cellspacing='5' border='0'>
            
            <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td><td class='base'>$Lang::tr{'upload a certificate request'}</td><td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr>
@@ -4285,7 +4563,7 @@ END
 
 } else {
 
-print <<END
+    print <<END;
            <table width='100%' cellpadding='0' cellspacing='5' border='0'>
       
            <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
@@ -4319,7 +4597,7 @@ END
 ###
 
 if ($cgiparams{'TYPE'} eq 'host') {
-           print <<END
+    print <<END;
            </select></td></tr>
 
        <td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):</td>
@@ -4335,7 +4613,7 @@ if ($cgiparams{'TYPE'} eq 'host') {
      </table>
 END
 }else{
-           print <<END
+    print <<END;
            </select></td></tr>
    <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
         <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
@@ -4511,18 +4789,24 @@ END
     
 #default setzen
     if ($cgiparams{'DCIPHER'} eq '') {
-       $cgiparams{'DCIPHER'} =  'AES-256-CBC';
+               $cgiparams{'DCIPHER'} =  'AES-256-CBC';
     }
     if ($cgiparams{'DDEST_PORT'} eq '') {
-       $cgiparams{'DDEST_PORT'} =  '1194';     
+               $cgiparams{'DDEST_PORT'} =  '1194';
     }
     if ($cgiparams{'DMTU'} eq '') {
-       $cgiparams{'DMTU'} =  '1400';     
+               $cgiparams{'DMTU'} =  '1400';
+    }
+    if ($cgiparams{'MSSFIX'} eq '') {
+               $cgiparams{'MSSFIX'} = 'off';
+    }
+       if ($cgiparams{'DAUTH'} eq '') {
+               $cgiparams{'DAUTH'} = 'SHA1';
     }
     if ($cgiparams{'DOVPN_SUBNET'} eq '') {
-       $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
+               $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
     }
-       $checked{'ENABLED'}{'off'} = '';
+    $checked{'ENABLED'}{'off'} = '';
     $checked{'ENABLED'}{'on'} = '';
     $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
     $checked{'ENABLED_BLUE'}{'off'} = '';
@@ -4538,26 +4822,37 @@ END
     $selected{'DPROTOCOL'}{'udp'} = '';
     $selected{'DPROTOCOL'}{'tcp'} = '';
     $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
-    
-    $selected{'DCIPHER'}{'DES-CBC'} = '';
-    $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
+
+    $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
+    $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
+    $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
+    $selected{'DCIPHER'}{'AES-256-CBC'} = '';
+    $selected{'DCIPHER'}{'AES-192-CBC'} = '';
+    $selected{'DCIPHER'}{'AES-128-CBC'} = '';
     $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
     $selected{'DCIPHER'}{'DESX-CBC'} = '';
+    $selected{'DCIPHER'}{'SEED-CBC'} = '';
+    $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
+    $selected{'DCIPHER'}{'CAST5-CBC'} = '';
+    $selected{'DCIPHER'}{'BF-CBC'} = '';
     $selected{'DCIPHER'}{'RC2-CBC'} = '';
-    $selected{'DCIPHER'}{'RC2-40-CBC'} = '';
+    $selected{'DCIPHER'}{'DES-CBC'} = '';
     $selected{'DCIPHER'}{'RC2-64-CBC'} = '';
-    $selected{'DCIPHER'}{'BF-CBC'} = '';
-    $selected{'DCIPHER'}{'CAST5-CBC'} = '';    
-    $selected{'DCIPHER'}{'AES-128-CBC'} = '';
-    $selected{'DCIPHER'}{'AES-192-CBC'} = '';
-    $selected{'DCIPHER'}{'AES-256-CBC'} = '';
-    $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
-    $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
-    $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
+    $selected{'DCIPHER'}{'RC2-40-CBC'} = '';
     $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
+
+    $selected{'DAUTH'}{'whirlpool'} = '';
+    $selected{'DAUTH'}{'SHA512'} = '';
+    $selected{'DAUTH'}{'SHA384'} = '';
+    $selected{'DAUTH'}{'SHA256'} = '';
+    $selected{'DAUTH'}{'ecdsa-with-SHA1'} = '';
+    $selected{'DAUTH'}{'SHA1'} = '';
+    $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
+
     $checked{'DCOMPLZO'}{'off'} = '';
     $checked{'DCOMPLZO'}{'on'} = '';
     $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
+
 # m.a.d
     $checked{'MSSFIX'}{'off'} = '';
     $checked{'MSSFIX'}{'on'} = '';
@@ -4574,15 +4869,15 @@ END
        &Header::closebox();
     }
 
-       if ($warnmessage) {
-               &Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
-               print "$warnmessage<br>";
-               print "$Lang::tr{'fwdfw warn1'}<br>";
-               &Header::closebox();
-               print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>";
-               &Header::closepage();
-               exit 0;
-       }
+    if ($warnmessage) {
+        &Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
+        print "$warnmessage<br>";
+        print "$Lang::tr{'fwdfw warn1'}<br>";
+        &Header::closebox();
+        print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>";
+        &Header::closepage();
+        exit 0;
+    }
 
     my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
     my $srunning = "no";
@@ -4595,7 +4890,7 @@ END
        $activeonrun = "disabled='disabled'";
     }  
     &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});    
-       print <<END     
+       print <<END;
     <table width='100%' border='0'>
     <form method='post'>
     <td width='25%'>&nbsp;</td>
@@ -4615,7 +4910,7 @@ END
        print "<tr><td class='boldbase'>$Lang::tr{'ovpn on orange'}</td>";
        print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'}{'on'} /></td>";
     }  
-    print <<END        
+    print <<END;
     <tr><td class='base' nowrap='nowrap' colspan='2'>$Lang::tr{'local vpn hostname/ip'}:<br /><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' size='30' /></td>
        <td class='boldbase' nowrap='nowrap' colspan='2'>$Lang::tr{'ovpn subnet'}<br /><input type='TEXT' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}' size='30' /></td></tr>
     <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn device'}</td>
@@ -4629,26 +4924,29 @@ END
         <td><input type='TEXT' name='DDEST_PORT' value='$cgiparams{'DDEST_PORT'}' size='5' /></td></tr>
     <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;</td>
         <td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}'size='5' /></td>
+               <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
+               <td><select name='DCIPHER'>
+                               <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
+                               <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (196 $Lang::tr{'bit'})</option>
+                               <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
+                               <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option>
+                               <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
+                               <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
+                               <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'})</option>
+                               <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'})</option>
+                               <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
+                               <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'})</option>
+                               <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'})</option>
+                               <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'})</option>
+                               <option value='RC2-CBC' $selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC (128 $Lang::tr{'bit'})</option>
+                               <option value='DES-CBC' $selected{'DCIPHER'}{'DES-CBC'}>DES-CBC (64 $Lang::tr{'bit'} not recommended)</option>
+                               <option value='RC2-64-CBC' $selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-CBC (64 $Lang::tr{'bit'} not recommended)</option>
+                               <option value='RC2-40-CBC' $selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-CBC (40 $Lang::tr{'bit'} not recommended)</option>
+                       </select>
+               </td>
     <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
         <td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'} /></td>
-        <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
-        <td><select name='DCIPHER'>
-               <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-256-CBC</option>
-               <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-192-CBC</option>
-               <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-128-CBC</option>
-               <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option>
-               <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>
-               <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>
-               <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>
-               <option value='RC2-64-CBC' $selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>
-               <option value='RC2-40-CBC' $selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>
-               <option value='RC2-CBC' $selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC</option>
-               <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC</option>
-               <option value='DES-CBC' $selected{'DCIPHER'}{'DES-CBC'}>DES-CBC</option>
-               <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>
-               <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>
-               <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC</option>
-       </select></td></tr>
+       </tr>
     <tr><td colspan='4'><br><br></td></tr>
 END
 ;                                 
@@ -4676,163 +4974,15 @@ END
     }
     print "</form></table>";
     &Header::closebox();
-    &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}");
-    print <<EOF#'
-    <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
-    <tr>
-       <th width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
-       <th width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></th>
-       <th width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></th>
-    </tr>
-EOF
-    ;
-    my $col1="bgcolor='$color{'color22'}'";
-       my $col2="bgcolor='$color{'color20'}'";
-    if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
-       my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
-       $casubject    =~ /Subject: (.*)[\n]/;
-       $casubject    = $1;
-       $casubject    =~ s+/Email+, E+;
-       $casubject    =~ s/ ST=/ S=/;
-       print <<END
-       <tr>
-       <td class='base' $col1>$Lang::tr{'root certificate'}</td>
-       <td class='base' $col1>$casubject</td>
-       <form method='post' name='frmrootcrta'><td width='3%' align='center' $col1>
-           <input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' />
-           <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' width='20' height='20' border='0' />
-       </td></form>
-       <form method='post' name='frmrootcrtb'><td width='3%' align='center' $col1>
-           <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' />
-           <input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' />
-       </td></form>
-       <td width='4%' $col1>&nbsp;</td></tr>
-END
-       ;
-    } else {
-       # display rootcert generation buttons
-       print <<END
-       <tr>
-       <td class='base' $col1>$Lang::tr{'root certificate'}:</td>
-       <td class='base' $col1>$Lang::tr{'not present'}</td>
-       <td colspan='3' $col1>&nbsp;</td></tr>
-END
-       ;
-    }
-
-    if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
-       my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
-       $hostsubject    =~ /Subject: (.*)[\n]/;
-       $hostsubject    = $1;
-       $hostsubject    =~ s+/Email+, E+;
-       $hostsubject    =~ s/ ST=/ S=/;
-
-       print <<END
-       <tr>
-       <td class='base' $col2>$Lang::tr{'host certificate'}</td>
-       <td class='base' $col2>$hostsubject</td>
-       <form method='post' name='frmhostcrta'><td width='3%' align='center' $col2>
-           <input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' />
-           <input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' width='20' height='20' border='0' />
-       </td></form>
-       <form method='post' name='frmhostcrtb'><td width='3%' align='center' $col2>
-           <input type='image' name="$Lang::tr{'download host certificate'}" src='/images/media-floppy.png' alt="$Lang::tr{'download host certificate'}" title="$Lang::tr{'download host certificate'}" border='0' />
-           <input type='hidden' name='ACTION' value="$Lang::tr{'download host certificate'}" />
-       </td></form>
-       <td width='4%' $col2>&nbsp;</td></tr>
-END
-       ;
-    } else {
-       # Nothing
-       print <<END
-       <tr>
-       <td width='25%' class='base' $col2>$Lang::tr{'host certificate'}:</td>
-       <td class='base' $col2>$Lang::tr{'not present'}</td>
-       </td><td colspan='3' $col2>&nbsp;</td></tr>
-END
-       ;
-    }
-
-    if (! -f "${General::swroot}/ovpn/ca/cacert.pem") {
-        print "<tr><td colspan='5' align='center'><form method='post'>";
-       print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />";
-        print "</form></td></tr>\n";
-    }
-
-    if (keys %cahash > 0) {
-       foreach my $key (keys %cahash) {
-           if (($key + 1) % 2) {
-               print "<tr bgcolor='$color{'color20'}'>\n";
-           } else {
-               print "<tr bgcolor='$color{'color22'}'>\n";
-           }
-           print "<td class='base'>$cahash{$key}[0]</td>\n";
-           print "<td class='base'>$cahash{$key}[1]</td>\n";
-           print <<END
-           <form method='post' name='cafrm${key}a'><td align='center'>
-               <input type='image' name='$Lang::tr{'show ca certificate'}' src='/images/info.gif' alt='$Lang::tr{'show ca certificate'}' title='$Lang::tr{'show ca certificate'}' border='0' />
-               <input type='hidden' name='ACTION' value='$Lang::tr{'show ca certificate'}' />
-               <input type='hidden' name='KEY' value='$key' />
-           </td></form>
-           <form method='post' name='cafrm${key}b'><td align='center'>
-               <input type='image' name='$Lang::tr{'download ca certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download ca certificate'}' title='$Lang::tr{'download ca certificate'}' border='0' />
-               <input type='hidden' name='ACTION' value='$Lang::tr{'download ca certificate'}' />
-               <input type='hidden' name='KEY' value='$key' />
-           </td></form>
-           <form method='post' name='cafrm${key}c'><td align='center'>
-               <input type='hidden' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
-               <input type='image'  name='$Lang::tr{'remove ca certificate'}' src='/images/delete.gif' alt='$Lang::tr{'remove ca certificate'}' title='$Lang::tr{'remove ca certificate'}' width='20' height='20' border='0' />
-               <input type='hidden' name='KEY' value='$key' />
-           </td></form></tr>
-END
-           ;
-       }
-    }
 
-    print "</table>";
-
-    # If the file contains entries, print Key to action icons
-    if ( -f "${General::swroot}/ovpn/ca/cacert.pem") {
-    print <<END
-    <table>
-    <tr>
-       <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
-       <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
-       <td class='base'>$Lang::tr{'show certificate'}</td>
-       <td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' /></td>
-       <td class='base'>$Lang::tr{'download certificate'}</td>
-    </tr>
-    </table>
-END
-;
-    }
-    
-print <<END
-<form method='post' enctype='multipart/form-data'>
-<table width='100%' border='0'>
-<tr><td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td><td nowrap='nowrap' width='8%'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'/></td><td nowrap='nowrap' align='right'><input type='file' name='FH' size='25' /><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td></tr>
-<tr><td colspan='4'><br></td></tr>
-<tr align='right'><td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td></tr>
-</table>
-END
-;
-
-    &Header::closebox();
-    if ( $srunning eq "yes" ) {    
-       print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' disabled='disabled' /></div></form>\n";    
-    }else{
-       print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' /></div></form>\n";
-    }      
     if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
-
 ###
 # m.a.d net2net
 #<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b><br /><img src='/images/null.gif' width='125' height='1' border='0' alt='L2089' /></td>
 ###
 
-    &Header::openbox('100%', 'LEFT', $Lang::tr{'Client status and controlc' });
-    print <<END
+    &Header::openbox('100%', 'LEFT', $Lang::tr{'connection status and controlc' });
+    print <<END;
 
 
     <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
@@ -4907,7 +5057,7 @@ END
 #EXITING       -- A graceful exit is in progress.
 ####
 
-               if (($tustate[1] eq 'CONNECTED') || ($tustate[1] eq 'WAIT')) {
+               if ($tustate[1] eq 'CONNECTED') {
                        $col1="bgcolor='${Header::colourgreen}'";
                        $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>";
                }else {
@@ -4938,7 +5088,7 @@ END
 }
 
 
-       print <<END
+    print <<END;
        <td align='center' $col1>$active</td>
                
        <form method='post' name='frm${key}a'><td align='center' $col>
@@ -4949,7 +5099,7 @@ END
 END
        ;
        if ($confighash{$key}[4] eq 'cert') {
-           print <<END
+           print <<END;
            <form method='post' name='frm${key}b'><td align='center' $col>
                <input type='image' name='$Lang::tr{'show certificate'}' src='/images/info.gif' alt='$Lang::tr{'show certificate'}' title='$Lang::tr{'show certificate'}' border='0' />
                <input type='hidden' name='ACTION' value='$Lang::tr{'show certificate'}' />
@@ -4960,7 +5110,7 @@ END
            print "<td>&nbsp;</td>";
        }
        if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") { 
-           print <<END
+           print <<END;
            <form method='post' name='frm${key}c'><td align='center' $col>
                <input type='image' name='$Lang::tr{'download pkcs12 file'}' src='/images/media-floppy.png' alt='$Lang::tr{'download pkcs12 file'}' title='$Lang::tr{'download pkcs12 file'}' border='0' />
                <input type='hidden' name='ACTION' value='$Lang::tr{'download pkcs12 file'}' />
@@ -4968,7 +5118,7 @@ END
            </td></form>
 END
        ; } elsif ($confighash{$key}[4] eq 'cert') {
-           print <<END
+           print <<END;
            <form method='post' name='frm${key}c'><td align='center' $col>
                <input type='image' name='$Lang::tr{'download certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' title='$Lang::tr{'download certificate'}' border='0' />
                <input type='hidden' name='ACTION' value='$Lang::tr{'download certificate'}' />
@@ -5004,45 +5154,215 @@ END
 
     # If the config file contains entries, print Key to action icons
     if ( $id ) {
-    print <<END
+    print <<END;
     <table border='0'>
     <tr>
-       <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
-       <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
-       <td class='base'>$Lang::tr{'click to disable'}</td>
-       <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
-       <td class='base'>$Lang::tr{'show certificate'}</td>
-       <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
-       <td class='base'>$Lang::tr{'edit'}</td>
-       <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
-       <td class='base'>$Lang::tr{'remove'}</td>
+               <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
+               <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
+               <td class='base'>$Lang::tr{'click to disable'}</td>
+               <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
+               <td class='base'>$Lang::tr{'show certificate'}</td>
+               <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
+               <td class='base'>$Lang::tr{'edit'}</td>
+               <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
+               <td class='base'>$Lang::tr{'remove'}</td>
     </tr>
     <tr>
-       <td>&nbsp; </td>
-       <td>&nbsp; <img src='/images/off.gif' alt='?OFF' /></td>
-       <td class='base'>$Lang::tr{'click to enable'}</td>
-       <td> <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
-       <td class='base'>$Lang::tr{'download certificate'}</td>
-       <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td>
-       <td class='base'>$Lang::tr{'dl client arch'}</td>
-    </tr>
+               <td>&nbsp; </td>
+               <td>&nbsp; <img src='/images/off.gif' alt='?OFF' /></td>
+               <td class='base'>$Lang::tr{'click to enable'}</td>
+               <td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
+               <td class='base'>$Lang::tr{'download certificate'}</td>
+               <td>&nbsp; &nbsp; <img src='/images/openvpn.png' alt='?RELOAD'/></td>
+               <td class='base'>$Lang::tr{'dl client arch'}</td>
+               </tr>
     </table><br>
 END
     ;
     }
 
-    print <<END
+    print <<END;
     <table width='100%'>
     <form method='post'>
-    <tr><td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' />
-    <input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td></tr>
+    <tr><td align='right'>
+               <input type='submit' name='ACTION' value='$Lang::tr{'add'}' />
+               <input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td>
+       </tr>
     </form>
     </table>
 END
-    ;    
-    &Header::closebox();
-}
-&Header::closepage();
+    ;
+       &Header::closebox();
+       }
+    &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}");
+    print <<END;
+    <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
+    <tr>
+               <th width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
+               <th width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></th>
+               <th width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></th>
+    </tr>
+END
+    ;
+    my $col1="bgcolor='$color{'color22'}'";
+       my $col2="bgcolor='$color{'color20'}'";
+    if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
+               my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
+               $casubject    =~ /Subject: (.*)[\n]/;
+               $casubject    = $1;
+               $casubject    =~ s+/Email+, E+;
+               $casubject    =~ s/ ST=/ S=/;
+               print <<END;
+               <tr>
+                       <td class='base' $col1>$Lang::tr{'root certificate'}</td>
+                       <td class='base' $col1>$casubject</td>
+               <form method='post' name='frmrootcrta'><td width='3%' align='center' $col1>
+                       <input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' />
+                       <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' width='20' height='20' border='0' />
+               </td></form>
+               <form method='post' name='frmrootcrtb'><td width='3%' align='center' $col1>
+                       <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' />
+                       <input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' />
+               </td></form>
+               <td width='4%' $col1>&nbsp;</td></tr>
+END
+               ;
+    } else {
+               # display rootcert generation buttons
+               print <<END;
+               <tr>
+                       <td class='base' $col1>$Lang::tr{'root certificate'}:</td>
+                       <td class='base' $col1>$Lang::tr{'not present'}</td>
+                       <td colspan='3' $col1>&nbsp;</td></tr>
+END
+               ;
+    }
 
+    if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
+               my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
+               $hostsubject    =~ /Subject: (.*)[\n]/;
+               $hostsubject    = $1;
+               $hostsubject    =~ s+/Email+, E+;
+               $hostsubject    =~ s/ ST=/ S=/;
 
+               print <<END;
+               <tr>
+                       <td class='base' $col2>$Lang::tr{'host certificate'}</td>
+                       <td class='base' $col2>$hostsubject</td>
+               <form method='post' name='frmhostcrta'><td width='3%' align='center' $col2>
+                       <input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' />
+                       <input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' width='20' height='20' border='0' />
+               </td></form>
+               <form method='post' name='frmhostcrtb'><td width='3%' align='center' $col2>
+                       <input type='image' name="$Lang::tr{'download host certificate'}" src='/images/media-floppy.png' alt="$Lang::tr{'download host certificate'}" title="$Lang::tr{'download host certificate'}" border='0' />
+                       <input type='hidden' name='ACTION' value="$Lang::tr{'download host certificate'}" />
+               </td></form>
+               <td width='4%' $col2>&nbsp;</td></tr>
+END
+               ;
+    } else {
+               # Nothing
+               print <<END;
+               <tr>
+                       <td width='25%' class='base' $col2>$Lang::tr{'host certificate'}:</td>
+                       <td class='base' $col2>$Lang::tr{'not present'}</td>
+               </td><td colspan='3' $col2>&nbsp;</td></tr>
+END
+               ;
+    }
+
+    if (! -f "${General::swroot}/ovpn/ca/cacert.pem") {
+        print "<tr><td colspan='5' align='center'><form method='post'>";
+               print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />";
+        print "</form></td></tr>\n";
+    }
+
+    if (keys %cahash > 0) {
+               foreach my $key (keys %cahash) {
+                       if (($key + 1) % 2) {
+                               print "<tr bgcolor='$color{'color20'}'>\n";
+                       } else {
+                               print "<tr bgcolor='$color{'color22'}'>\n";
+                       }
+                       print "<td class='base'>$cahash{$key}[0]</td>\n";
+                       print "<td class='base'>$cahash{$key}[1]</td>\n";
+                       print <<END;
+                       <form method='post' name='cafrm${key}a'><td align='center'>
+                               <input type='image' name='$Lang::tr{'show ca certificate'}' src='/images/info.gif' alt='$Lang::tr{'show ca certificate'}' title='$Lang::tr{'show ca certificate'}' border='0' />
+                               <input type='hidden' name='ACTION' value='$Lang::tr{'show ca certificate'}' />
+                               <input type='hidden' name='KEY' value='$key' />
+                       </td></form>
+                       <form method='post' name='cafrm${key}b'><td align='center'>
+                               <input type='image' name='$Lang::tr{'download ca certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download ca certificate'}' title='$Lang::tr{'download ca certificate'}' border='0' />
+                               <input type='hidden' name='ACTION' value='$Lang::tr{'download ca certificate'}' />
+                               <input type='hidden' name='KEY' value='$key' />
+                       </td></form>
+                       <form method='post' name='cafrm${key}c'><td align='center'>
+                               <input type='hidden' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
+                               <input type='image'  name='$Lang::tr{'remove ca certificate'}' src='/images/delete.gif' alt='$Lang::tr{'remove ca certificate'}' title='$Lang::tr{'remove ca certificate'}' width='20' height='20' border='0' />
+                               <input type='hidden' name='KEY' value='$key' />
+                       </td></form></tr>
+END
+                       ;
+               }
+    }
+
+    print "</table>";
+
+    # If the file contains entries, print Key to action icons
+    if ( -f "${General::swroot}/ovpn/ca/cacert.pem") {
+               print <<END;
+               <table>
+               <tr>
+                       <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
+                       <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
+                       <td class='base'>$Lang::tr{'show certificate'}</td>
+                       <td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' /></td>
+                       <td class='base'>$Lang::tr{'download certificate'}</td>
+               </tr>
+               </table>
+END
+               ;
+    }
+
+       print <<END
+       <hr size='1'>
+       <form method='post' enctype='multipart/form-data'>
+       <table width='100%' border='0'cellspacing='1' cellpadding='0'>
+       <tr>
+               <td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td>
+               <td nowrap='nowrap'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'/></td>
+               <td nowrap='nowrap'><input type='file' name='FH' size='25' />
+               <td nowrap='nowrap' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td>
+       </tr>
+
+       <tr>
+               <td class='base' nowrap='nowrap'>$Lang::tr{'ovpn dh name'}:</td>
+               <td nowrap='nowrap'><input type='text' name='DH_NAME' value='$cgiparams{'DH_NAME'}' size='15' align='left'/></td>
+               <td nowrap='nowrap'><input type='file' name='FH' size='25' />
+               <td nowrap='nowrap' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}' /></td>
+       </tr>
+       <tr><td colspan='4'><br></td></tr>
+       <tr>
+               <td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
+               <td colspan='4' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'show dh'}' /></td>
+       </tr>
+
+       <tr align='right'>
+               <td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>
+       </tr>
+       </table>
+END
+       ;
+
+    if ( $srunning eq "yes" ) {
+               print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' disabled='disabled' /></div></form>\n";
+    } else {
+               print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' /></div></form>\n";
+    }
+       &Header::closebox();
+END
+       ;
+
+&Header::closepage();
 
index c24e181..720cce1 100644 (file)
@@ -39,7 +39,7 @@
 'Local VPN IP' => 'Internes Netzwerk (GREEN)',
 'MB read' => 'MB gelesen',
 'MB written' => 'MB geschrieben',
-'MTU' => 'MTU Size',
+'MTU' => 'MTU Size:',
 'Number of IPs for the pie chart' => 'Anzahl der angezeigten IPs im Diagramm',
 'Number of Ports for the pie chart' => 'Anzahl der angezeigten Ports im Diagramm',
 'OVPN' => 'OpenVPN',
 'check for net traffic update' => 'Prüfe auf Net-Traffic-Updates',
 'check vpn lr' => 'Überprüfen',
 'choose config' => 'Konfiguration auswählen',
-'cipher' => 'Verschlüsselung',
+'cipher' => 'Verschlüsselung:',
 'city' => 'Stadt',
 'class in use' => 'Die aktuelle Klasse wird bereits verwendet.',
 'clear cache' => 'Zwischenspeicher löschen',
 'details' => 'Mehr',
 'device' => 'Gerät',
 'devices on blue' => 'Geräte auf Blau',
+'dh' => 'Diffie-Hellman Key',
+'dh key warn' => 'Keys mit 1024 und 2048 Bit können mehrere Minuten, 3072 und 4096 Bit bis zu mehreren Stunden dauern. Bitte haben sie Geduld.',
+'dh name is invalid' => 'Name ist ungültig, bitte "dh1024.pem" verwenden.',
 'dhcp advopt add' => 'DHCP Option hinzufügen',
 'dhcp advopt added' => 'DHCP Option hinzugefügt',
 'dhcp advopt blank value' => 'Wert für DHCP Option darf nicht leer sein',
 'fwhost wo subnet' => '(Ohne Subnetz)',
 'gateway' => 'Gateway',
 'gateway ip' => 'Gateway-IP',
+'gen dh' => 'Diffie-Hellman Key erzeugen',
 'gen static key' => 'Statischen Schlüssel erzeugen',
 'generate' => 'Root/Host-Zertifikate generieren',
 'generate a certificate' => 'Erzeuge ein Zertifikat:',
+'generate dh key' => 'Diffie-Hellman Key generieren',
 'generate iso' => 'ISO erstellen',
 'generate root/host certificates' => 'Erzeuge Root/Host-Zertifikate',
 'generate tripwire keys and init' => 'Tripwire Initalisierung',
 'log view' => 'Log Anzeige',
 'log viewer' => 'Protokollansicht',
 'log viewing options' => 'Log Ansichts-Optionen',
-'log-options' => 'Logfile options',
+'log-options' => 'Logfile Optionen',
 'loged in at' => 'Angemeldet seit',
 'logging' => 'Logging',
 'logging server' => 'Protokollierungs-Server',
 'nonetworkname' => 'Kein Netzwerkname wurde eingegeben',
 'noservicename' => 'Kein Dienstname wurde eingegeben',
 'not a valid ca certificate' => 'Kein gültiges CA Zertifikat.',
+'not a valid dh key' => 'Kein gültiger Diffie-Hellman Schlüssel. Bitte nur 1024, 2048, 3072 oder 4096 Bit im PKCS#3 Format verwenden.',
 'not enough disk space' => 'Nicht genügend Plattenplatz vorhanden',
 'not present' => '<B>Nicht</B> vorhanden',
 'not running' => 'nicht gestartet',
 'ovpn' => 'OpenVPN',
 'ovpn con stat' => 'OpenVPN Verbindungs-Statistik',
 'ovpn config' => 'OVPN-Konfiguration',
-'ovpn device' => 'OpenVPN-Gerät',
+'ovpn crypt options' => 'Kryptografieoptionen',
+'ovpn device' => 'OpenVPN-Gerät:',
+'ovpn dh' => 'Diffie-Hellman Key Länge',
+'ovpn dh name' => 'Diffie-Hellman Key Name',
 'ovpn dl' => 'OVPN-Konfiguration downloaden',
 'ovpn errmsg green already pushed' => 'Route für grünes Netzwerk wird immer gesetzt',
 'ovpn errmsg invalid ip or mask' => 'Ungültige Netzwerk-Adresse oder Subnetzmaske',
+'ovpn generating the root and host certificates' => 'Die Erzeugung der Root- und Host-Zertifikate kann lange Zeit dauern.',
+'ovpn ha' => 'Hash Algorithmus',
+'ovpn hmac' => 'HMAC Optionen',
 'ovpn log' => 'OVPN-Log',
 'ovpn mgmt in root range' => 'Ein Port von 1024 oder höher ist erforderlich.',
 'ovpn mtu-disc' => 'Path MTU Discovery',
 'ovpn mtu-disc with mssfix or fragment' => 'Path MTU Discovery kann nicht gemeinsam mit mssfix oder fragment verwendet werden.',
 'ovpn mtu-disc yes' => 'Forciert',
 'ovpn no connections' => 'Keine aktiven OpenVPN Verbindungen',
-'ovpn on blue' => 'OpenVPN auf BLAU',
-'ovpn on orange' => 'OpenVPN auf ORANGE',
-'ovpn on red' => 'OpenVPN auf ROT',
+'ovpn on blue' => 'OpenVPN auf BLAU:',
+'ovpn on orange' => 'OpenVPN auf ORANGE:',
+'ovpn on red' => 'OpenVPN auf ROT:',
 'ovpn port in root range' => 'Ein Port von 1024 oder höher ist erforderlich.',
 'ovpn routes push' => 'Routen (eine pro Zeile) z.b. 192.168.10.0/255.255.255.0 192.168.20.0/24',
 'ovpn routes push options' => 'Route push Optionen',
 'ovpn server status' => 'OpenVPN-Server-Status',
-'ovpn subnet' => 'OpenVPN-Subnetz (z.B. 10.0.10.0/255.255.255.0)',
+'ovpn subnet' => 'OpenVPN-Subnetz:',
 'ovpn subnet is invalid' => 'Das OpenVPN-Subnetz ist ungültig.',
 'ovpn subnet overlap' => 'OpenVPNSubnetz überschneidet sich mit  ',
-'ovpn_fastio' => 'Fast-IO',
 'ovpn_fragment' => 'Fragmentgrösse',
 'ovpn_mssfix' => 'MSSFIX-Grösse',
 'ovpn_mtudisc' => 'MTU-Discovery',
 'profile saved' => 'Profil gespeichert: ',
 'profiles' => 'Profile:',
 'proto' => 'Proto',
-'protocol' => 'Protokoll',
+'protocol' => 'Protokoll:',
 'proxy' => 'Proxy',
 'proxy access graphs' => 'Diagramme zur Proxyauslastung',
 'proxy admin password' => 'Cache Administrator Passwort',
 'resetglobals' => 'Globale Einstellungen zurücksetzen',
 'resetpolicy' => 'Policy zurücksetzen',
 'resetshares' => 'Shares zurücksetzen?',
-'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'Das Zurücksetzen der VPN-Konfiguration wird die Root-CA, die Host-Zertifikate und alle weiteren Zertifikate und alle zertifikatsbasierten Verbindungen entfernen',
+'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'Das Löschen des X509 wird die Root-CA, die Host-Zertifikate und alle zertifikatsbasierten Verbindungen entfernen.',
 'restart' => 'Neustart',
 'restart ovpn server' => 'OpenVPN-Server neu starten',
 'restore' => 'Wiederherstellen',
 'show ca certificate' => 'CA Zertifikat anzeigen',
 'show certificate' => 'Zertifikat anzeigen',
 'show crl' => 'Certificate Revocation List anzeigen',
+'show dh' => 'Diffie-Hellman Key anzeigen',
 'show host certificate' => 'Host-Zertifikat anzeigen',
 'show last x lines' => 'die letzten x Zeilen anzeigen',
 'show root certificate' => 'Root-Zertifikat anzeigen',
 'upload a certificate' => 'Ein Zertifikat hochladen:',
 'upload a certificate request' => 'Eine Zertifikatsanfrage hochladen:',
 'upload ca certificate' => 'CA-Zertifikat hochladen',
+'upload dh key' => 'Diffie-Hellman Key hochladen',
 'upload file' => 'Datei zum hochladen',
 'upload new ruleset' => 'Neuen Regelsatz hochladen',
 'upload p12 file' => 'PKCS12-Datei hochladen',
index 1935ca2..d41a7ad 100644 (file)
 'details' => 'Details',
 'device' => 'Device',
 'devices on blue' => 'Devices on BLUE',
+'dh' => 'Diffie-Hellman Key',
+'dh key warn' => 'Keys with 1024 and 2048 bit takes up to several minutes, 3072 and 4096 bit might needs several hours. Please be patient.',
+'dh name is invalid' => 'Name is invalid, please use "dh1024.pem".',
 'dhcp advopt add' => 'Add a DHCP option',
 'dhcp advopt added' => 'DHCP option added',
 'dhcp advopt blank value' => 'DHCP Option value cannot be empty.',
 'firewall log' => 'Firewall log',
 'firewall log viewer' => 'Firewall Log Viewer',
 'firewall logs' => 'Firewall Logs',
+'firewall logs country' => 'Fw-Loggraphs (Country)',
 'firewall logs ip' => 'Fw-Loggraphs (IP)',
 'firewall logs port' => 'Fw-Loggraphs (Port)',
 'firewall rules' => 'Firewall Rules',
 'g.lite' => 'TO BE REMOVED',
 'gateway' => 'Gateway',
 'gateway ip' => 'Gateway IP',
+'gen dh' => 'Generate Diffie-Hellman key',
 'gen static key' => 'Generate a static key',
 'generate' => 'Generate root/host zertifikate',
 'generate a certificate' => 'Generate a certificate:',
+'generate dh key' => 'Generate Diffie-Hellman key',
 'generate iso' => 'Generate ISO',
 'generate root/host certificates' => 'Generate root/host certificates',
 'generate tripwire keys and init' => 'generate tripwire keys and init',
 'local hard disk' => 'Hard disk',
 'local master' => 'Local Master',
 'local ntp server specified but not enabled' => 'Local NTP server specified but not enabled',
-'local subnet' => 'Local Subnet:',
+'local subnet' => 'Local subnet:',
 'local subnet is invalid' => 'Local subnet is invalid.',
 'local vpn hostname/ip' => 'Local VPN Hostname/IP',
 'localkey' => 'Localkey',
 'nonetworkname' => 'No Network Name entered',
 'noservicename' => 'No Service Name entered',
 'not a valid ca certificate' => 'Not a valid CA certificate.',
+'not a valid dh key' => 'Not a valid Diffie-Hellman key. Please use 1024, 2048, 3072 or 4096 bit in PKCS#3 format.',
 'not enough disk space' => 'Not enough disk space',
 'not present' => '<b>Not</b> present',
 'not running' => 'not running',
 'ovpn' => 'OpenVPN',
 'ovpn con stat' => 'OpenVPN Connection Statistics',
 'ovpn config' => 'OVPN-Config',
+'ovpn crypt options' => 'Cryptographic options',
 'ovpn device' => 'OpenVPN device:',
+'ovpn dh' => 'Diffie-Hellman key lenght',
+'ovpn dh name' => 'Diffie-Hellman key name',
 'ovpn dl' => 'OVPN-Config Download',
 'ovpn errmsg green already pushed' => 'Route for green network is always set',
 'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask',
+'ovpn generating the root and host certificates' => 'Generating the root and host certifictae can take a long time.',
+'ovpn ha' => 'Hash algorithm',
+'ovpn hmac' => 'HMAC options',
 'ovpn log' => 'OVPN-Log',
 'ovpn mgmt in root range' => 'A port number of 1024 or higher is required.',
 'ovpn mtu-disc' => 'Path MTU Discovery',
 'ovpn mtu-disc with mssfix or fragment' => 'Path MTU Discovery cannot be used with mssfix or fragment.',
 'ovpn mtu-disc yes' => 'Forced',
 'ovpn no connections' => 'No active OpenVPN connections',
-'ovpn on blue' => 'OpenVPN on BLUE',
-'ovpn on orange' => 'OpenVPN on ORANGE',
-'ovpn on red' => 'OpenVPN on RED',
+'ovpn on blue' => 'OpenVPN on BLUE:',
+'ovpn on orange' => 'OpenVPN on ORANGE:',
+'ovpn on red' => 'OpenVPN on RED:',
 'ovpn port in root range' => 'A port number of 1024 or higher is required.',
 'ovpn routes push' => 'Routes (one per line) e.g. 192.168.10.0/255.255.255.0 192.168.20.0/24',
 'ovpn routes push options' => 'Route push options',
 'ovpn server status' => 'Current OpenVPN server status:',
-'ovpn subnet' => 'OpenVPN subnet (e.g. 10.0.10.0/255.255.255.0)',
+'ovpn subnet' => 'OpenVPN subnet:',
 'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.',
 'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ',
 'ovpn_fastio' => 'Fast-IO',
 'profile saved' => 'Profile saved: ',
 'profiles' => 'Profiles:',
 'proto' => 'Proto',
-'protocol' => 'Protocol',
+'protocol' => 'Protocol:',
 'proxy' => 'Proxy',
 'proxy access graphs' => 'Proxy access graphs',
 'proxy admin password' => 'Cache administrator password',
 'resetglobals' => 'Reset global settings',
 'resetpolicy' => 'Reset policy to default',
 'resetshares' => 'Reset shares?',
-'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'Resetting the VPN configuration will remove the root CA, the host certificate and all certificate based connections',
+'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'Resetting the X509 remove the root CA, the host certificate and all certificate based connections.',
 'restart' => 'Restart',
 'restart ovpn server' => 'Restart OpenVPN server',
 'restore' => 'Restore',
 'show ca certificate' => 'Show CA certificate',
 'show certificate' => 'Show certificate',
 'show crl' => 'Show certificate revocation list',
+'show dh' => 'Show Diffie-Hellman key',
 'show host certificate' => 'Show host certificate',
 'show last x lines' => 'Show last x lines',
 'show lines' => 'Show lines',
 'upload a certificate' => 'Upload a certificate:',
 'upload a certificate request' => 'Upload a certificate request:',
 'upload ca certificate' => 'Upload CA certificate',
+'upload dh key' => 'Upload Diffie-Hellman key',
 'upload fcdsl.o' => 'TO BE REMOVED',
 'upload file' => 'Upload file',
 'upload new ruleset' => 'Upload new ruleset',
diff --git a/lfs/ppp b/lfs/ppp
index 5d772fc..ba72f4c 100644 (file)
--- a/lfs/ppp
+++ b/lfs/ppp
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.4.5
+VER        = 2.4.6
 
 THISAPP    = ppp-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 4621bc56167b6953ec4071043fe0ec57
+$(DL_FILE)_MD5 = 3434d2cc9327167a0723aaaa8670083b
 
 install : $(TARGET)
 
@@ -73,13 +73,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h
-#      cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.2-pppoatm.patch
-#      cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.2-pppoatm-persist.patch
-#      cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.1-oedod.patch
-#      cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.2-pppoatm-modprobe.patch
-#      cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.2-signal.patch
-#      cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.2-printstats.patch
-#      cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp-2.4.2-close.patch
        cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h
        cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
        cd $(DIR_APP) && make $(MAKETUNING) CC="gcc $(CFLAGS)"
index 3c5f6c5..00dc12a 100644 (file)
--- a/lfs/squid
+++ b/lfs/squid
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.3.11
+VER        = 3.4.4
 
 THISAPP    = squid-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = dd016ff5f14b2548083b3882207914f6
+$(DL_FILE)_MD5 = dc2bcb967fc6b15bbbc6b961010c0c00
 
 install : $(TARGET)
 
@@ -53,6 +53,7 @@ md5 : $(subst %,%_MD5,$(objects))
 ###############################################################################
 # Downloading, checking, md5sum
 ###############################################################################
+
 $(patsubst %,$(DIR_CHK)/%,$(objects)) :
        @$(CHECK)
 
@@ -116,7 +117,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                --enable-kill-parent-hack \
                --disable-wccpv2 \
                --enable-icap-client \
-               --disable-esi
+               --disable-esi \
+               --enable-zph-qos
 
        cd $(DIR_APP) && make $(MAKETUNING)
        cd $(DIR_APP) && make install
index 2e7b46c..b8c8b27 100644 (file)
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.6
+VER        = 1.11
 
 THISAPP    = vnstat-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = ccaffe8e70d47e0cf2f25e52daa25712
+$(DL_FILE)_MD5 = a5a113f9176cd61fb954f2ba297f5fdb
 
 install : $(TARGET)
 
@@ -73,7 +73,7 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-       cd $(DIR_APP) && make $(MAKETUNING)                                                                             LOCAL_CONFIGURE_OPTIONS="--enable-readline=yes"
+       cd $(DIR_APP) && make all $(MAKETUNING)                                                                         LOCAL_CONFIGURE_OPTIONS="--enable-readline=yes"
        cd $(DIR_APP) && make install
        sed -i 's|eth0|green0|g' /etc/vnstat.conf
        sed -i 's|/var/lib/vnstat|/var/log/rrd/vnstat|g' /etc/vnstat.conf
diff --git a/lfs/vnstati b/lfs/vnstati
deleted file mode 100644 (file)
index c7cd6ed..0000000
+++ /dev/null
@@ -1,79 +0,0 @@
-###############################################################################
-#                                                                             #
-# IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
-#                                                                             #
-# This program is free software: you can redistribute it and/or modify        #
-# it under the terms of the GNU General Public License as published by        #
-# the Free Software Foundation, either version 3 of the License, or           #
-# (at your option) any later version.                                         #
-#                                                                             #
-# This program is distributed in the hope that it will be useful,             #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
-# GNU General Public License for more details.                                #
-#                                                                             #
-# You should have received a copy of the GNU General Public License           #
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
-#                                                                             #
-###############################################################################
-
-###############################################################################
-# Definitions
-###############################################################################
-
-include Config
-
-VER        = beta3
-
-THISAPP    = vnstati-$(VER)
-DL_FILE    = $(THISAPP).tar.gz
-DL_FROM    = $(URL_IPFIRE)
-DIR_APP    = $(DIR_SRC)/$(THISAPP)
-TARGET     = $(DIR_INFO)/$(THISAPP)
-
-###############################################################################
-# Top-level Rules
-###############################################################################
-
-objects = $(DL_FILE)
-
-$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-
-$(DL_FILE)_MD5 = 5652b955e16716cec48da464b083c76f
-
-install : $(TARGET)
-
-check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-
-download :$(patsubst %,$(DIR_DL)/%,$(objects))
-
-md5 : $(subst %,%_MD5,$(objects))
-
-dist: 
-       @$(PAK)
-
-###############################################################################
-# Downloading, checking, md5sum
-###############################################################################
-
-$(patsubst %,$(DIR_CHK)/%,$(objects)) :
-       @$(CHECK)
-
-$(patsubst %,$(DIR_DL)/%,$(objects)) :
-       @$(LOAD)
-
-$(subst %,%_MD5,$(objects)) :
-       @$(MD5)
-
-###############################################################################
-# Installation Details
-###############################################################################
-
-$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
-       @$(PREBUILD)
-       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-       cd $(DIR_APP) && make $(MAKETUNING)                                                                             LOCAL_CONFIGURE_OPTIONS="--enable-readline=yes"
-       cd $(DIR_APP) && make install
-       @rm -rf $(DIR_APP)
-       @$(POSTBUILD)
diff --git a/make.sh b/make.sh
index eb9cd31..d280d9c 100755 (executable)
--- a/make.sh
+++ b/make.sh
@@ -694,7 +694,6 @@ buildipfire() {
   ipfiremake git
   ipfiremake squidclamav
   ipfiremake vnstat
-  ipfiremake vnstati
   ipfiremake iw
   ipfiremake wpa_supplicant
   ipfiremake hostapd