my $col="";
my $local_serverconf = "${General::swroot}/ovpn/scripts/server.conf.local";
my $local_clientconf = "${General::swroot}/ovpn/scripts/client.conf.local";
+my @advcipherchar=();
my $dhparameter = "/etc/ssl/ffdhe4096.pem";
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
$cgiparams{'DCIPHER'} = '';
$cgiparams{'DAUTH'} = '';
$cgiparams{'TLSAUTH'} = '';
+$cgiparams{'DATACIPHERS'} = '';
$routes_push_file = "${General::swroot}/ovpn/routes_push";
# Perform crypto and configration test
&pkiconfigcheck;
if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt")) {
print FILE "";
close FILE;
- }
+ }my @advcipherchar=();
if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt.attr")) {
print FILE "";
close FILE;
}
}
+ # Warning if deprecated 64-bit-block ciphers or weak HMAC is in usage
+ if (-f "${General::swroot}/ovpn/server.conf") {
+ my $oldciphers = "${General::swroot}/ovpn/server.conf";
+ open(FH, $oldciphers);
+ while(my $cipherstring = <FH>) {
+ if ($cipherstring =~ /BF-CBC|CAST5-CBC|DESX-CBC|DES-EDE-CBC|DES-EDE3-CBC|SHA1/) {
+ my @tempcipherstring = split(" ", $cipherstring);
+ $cryptowarning = "<br>$Lang::tr{'ovpn warning algorithm'}: <font color='red'>$tempcipherstring[1]</font></br>$Lang::tr{'ovpn warning 64 bit block cipher'}";
+ goto CRYPTO_WARNING;
+ }
+ }
+ close(FH);
+ }
+
CRYPTO_WARNING:
}
}
print CONF "status-version 1\n";
print CONF "status /var/run/ovpnserver.log 30\n";
- print CONF "ncp-disable\n";
- print CONF "cipher $sovpnsettings{DCIPHER}\n";
- print CONF "auth $sovpnsettings{'DAUTH'}\n";
+ print CONF "data-ciphers-fallback $sovpnsettings{DCIPHER}\n";
+
+ # Data channel encryption
+ # Set seperator for data ciphers
+ @advcipherchar = ($sovpnsettings{'DATACIPHERS'} =~ s/\|/:/g);
+ # Add also algorithm from --data-ciphers directive
+ if ($sovpnsettings{'DATACIPHERS'} ne '') {
+ print CONF "data-ciphers $sovpnsettings{'DATACIPHERS'}\n";
+ }
+
+ print CONF "auth $sovpnsettings{'DAUTH'}\n";
# Set TLSv2 as minimum
print CONF "tls-version-min 1.2\n";
- if ($sovpnsettings{'TLSAUTH'} eq 'on') {
- print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n";
- }
+ # TLS control channel authentication
+ if ($sovpnsettings{'TLSAUTH'} ne 'off') {
+ if ($sovpnsettings{'TLSAUTH'} eq 'on') {
+ print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n";
+ }
+ if ($sovpnsettings{'TLSAUTH'} eq 'tls-crypt') {
+ print CONF "tls-crypt ${General::swroot}/ovpn/certs/tc.key\n";
+ }
+ }
+
if ($sovpnsettings{DCOMPLZO} eq 'on') {
print CONF "comp-lzo\n";
}
###
if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
- &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
- #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
- #DAN this value has to leave.
-#new settings for daemon
- $vpnsettings{'LOG_VERB'} = $cgiparams{'LOG_VERB'};
- $vpnsettings{'KEEPALIVE_1'} = $cgiparams{'KEEPALIVE_1'};
- $vpnsettings{'KEEPALIVE_2'} = $cgiparams{'KEEPALIVE_2'};
- $vpnsettings{'MAX_CLIENTS'} = $cgiparams{'MAX_CLIENTS'};
- $vpnsettings{'REDIRECT_GW_DEF1'} = $cgiparams{'REDIRECT_GW_DEF1'};
- $vpnsettings{'CLIENT2CLIENT'} = $cgiparams{'CLIENT2CLIENT'};
- $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
- $vpnsettings{'ADDITIONAL_CONFIGS'} = $cgiparams{'ADDITIONAL_CONFIGS'};
- $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'};
- $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
- $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
- $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
- my @temp=();
+ &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
+ $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
+ $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
+ $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
+ $vpnsettings{'DATACIPHERS'} = $cgiparams{'DATACIPHERS'};
+ $vpnsettings{'LOG_VERB'} = $cgiparams{'LOG_VERB'};
+ $vpnsettings{'KEEPALIVE_1'} = $cgiparams{'KEEPALIVE_1'};
+ $vpnsettings{'KEEPALIVE_2'} = $cgiparams{'KEEPALIVE_2'};
+ $vpnsettings{'MAX_CLIENTS'} = $cgiparams{'MAX_CLIENTS'};
+ $vpnsettings{'REDIRECT_GW_DEF1'} = $cgiparams{'REDIRECT_GW_DEF1'};
+ $vpnsettings{'CLIENT2CLIENT'} = $cgiparams{'CLIENT2CLIENT'};
+ $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
+ $vpnsettings{'ADDITIONAL_CONFIGS'} = $cgiparams{'ADDITIONAL_CONFIGS'};
+ $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'};
+ $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
+ $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
+ $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
+ my @temp=();
+
+ # --data-ciphers needs at least one cipher
+ if ($cgiparams{'DATACIPHERS'} eq '') {
+ $errormessage = $Lang::tr{'ovpn errmsg invalid data cipher input'};
+ goto ADV_ENC_ERROR;
+ }
- if ($cgiparams{'FRAGMENT'} eq '') {
- delete $vpnsettings{'FRAGMENT'};
- } else {
+ # Create ta.key for tls-auth if not present
+ if ($cgiparams{'TLSAUTH'} eq 'on') {
+ if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
+ system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+ if ($?) {
+ $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
+ goto ADV_ENC_ERROR;
+ }
+ }
+ }
+
+ # Create tc.key for tls-crypt if not present
+ if ($cgiparams{'TLSAUTH'} eq 'tls-crypt') {
+ if ( ! -e "${General::swroot}/ovpn/certs/tc.key") {
+ system('/usr/sbin/openvpn', '--genkey', 'tls-crypt', "${General::swroot}/ovpn/certs/tc.key");
+ if ($?) {
+ $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
+ goto ADV_ENC_ERROR;
+ }
+ }
+ }
+
+ if ($cgiparams{'FRAGMENT'} eq '') {
+ delete $vpnsettings{'FRAGMENT'};
+ } else {
if ($cgiparams{'FRAGMENT'} !~ /^[0-9]+$/) {
- $errormessage = "Incorrect value, please insert only numbers.";
- goto ADV_ERROR;
- } else {
- $vpnsettings{'FRAGMENT'} = $cgiparams{'FRAGMENT'};
- }
- }
+ $errormessage = "Incorrect value, please insert only numbers.";
+ goto ADV_ERROR;
+ } else {
+ $vpnsettings{'FRAGMENT'} = $cgiparams{'FRAGMENT'};
+ }
+ }
- if ($cgiparams{'MSSFIX'} ne 'on') {
- delete $vpnsettings{'MSSFIX'};
- } else {
- $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
- }
+ if ($cgiparams{'MSSFIX'} ne 'on') {
+ delete $vpnsettings{'MSSFIX'};
+ } else {
+ $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
+ }
- if ($cgiparams{'DHCP_DOMAIN'} ne ''){
- unless (&General::validdomainname($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
- $errormessage = $Lang::tr{'invalid input for dhcp domain'};
- goto ADV_ERROR;
- }
- }
- if ($cgiparams{'DHCP_DNS'} ne ''){
- unless (&General::validfqdn($cgiparams{'DHCP_DNS'}) || &General::validip($cgiparams{'DHCP_DNS'})) {
- $errormessage = $Lang::tr{'invalid input for dhcp dns'};
- goto ADV_ERROR;
- }
- }
- if ($cgiparams{'DHCP_WINS'} ne ''){
- unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) {
- $errormessage = $Lang::tr{'invalid input for dhcp wins'};
+ if ($cgiparams{'DHCP_DOMAIN'} ne ''){
+ unless (&General::validdomainname($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
+ $errormessage = $Lang::tr{'invalid input for dhcp domain'};
goto ADV_ERROR;
- }
- }
- if ($cgiparams{'ROUTES_PUSH'} ne ''){
- @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'});
- undef $vpnsettings{'ROUTES_PUSH'};
+ }
+ }
+
+ if ($cgiparams{'DHCP_DNS'} ne ''){
+ unless (&General::validfqdn($cgiparams{'DHCP_DNS'}) || &General::validip($cgiparams{'DHCP_DNS'})) {
+ $errormessage = $Lang::tr{'invalid input for dhcp dns'};
+ goto ADV_ERROR;
+ }
+ }
+
+ if ($cgiparams{'DHCP_WINS'} ne ''){
+ unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) {
+ $errormessage = $Lang::tr{'invalid input for dhcp wins'};
+ goto ADV_ERROR;
+ }
+ }
+
+ if ($cgiparams{'ROUTES_PUSH'} ne ''){
+ @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'});
+ undef $vpnsettings{'ROUTES_PUSH'};
foreach my $tmpip (@temp)
{
$vpnsettings{'ROUTES_PUSH'} .= $tmpip."\n";
}
}
- &write_routepushfile;
- undef $vpnsettings{'ROUTES_PUSH'};
- }
- else {
- undef $vpnsettings{'ROUTES_PUSH'};
&write_routepushfile;
- }
- if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 1024 )) {
- $errormessage = $Lang::tr{'invalid input for max clients'};
- goto ADV_ERROR;
- }
- if ($cgiparams{'KEEPALIVE_1'} ne '') {
- if ($cgiparams{'KEEPALIVE_1'} !~ /^[0-9]+$/) {
- $errormessage = $Lang::tr{'invalid input for keepalive 1'};
- goto ADV_ERROR;
- }
- }
- if ($cgiparams{'KEEPALIVE_2'} ne ''){
- if ($cgiparams{'KEEPALIVE_2'} !~ /^[0-9]+$/) {
- $errormessage = $Lang::tr{'invalid input for keepalive 2'};
- goto ADV_ERROR;
- }
- }
- if ($cgiparams{'KEEPALIVE_2'} < ($cgiparams{'KEEPALIVE_1'} * 2)){
- $errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
- goto ADV_ERROR;
- }
- &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
- &writeserverconf();#hier ok
+ undef $vpnsettings{'ROUTES_PUSH'};
+ } else {
+ undef $vpnsettings{'ROUTES_PUSH'};
+ &write_routepushfile;
+ }
+
+ if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 1024 )) {
+ $errormessage = $Lang::tr{'invalid input for max clients'};
+ goto ADV_ERROR;
+ }
+
+ if ($cgiparams{'KEEPALIVE_1'} ne '') {
+ if ($cgiparams{'KEEPALIVE_1'} !~ /^[0-9]+$/) {
+ $errormessage = $Lang::tr{'invalid input for keepalive 1'};
+ goto ADV_ERROR;
+ }
+ }
+
+ if ($cgiparams{'KEEPALIVE_2'} ne ''){
+ if ($cgiparams{'KEEPALIVE_2'} !~ /^[0-9]+$/) {
+ $errormessage = $Lang::tr{'invalid input for keepalive 2'};
+ goto ADV_ERROR;
+ }
+ }
+
+ if ($cgiparams{'KEEPALIVE_2'} < ($cgiparams{'KEEPALIVE_1'} * 2)){
+ $errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
+ goto ADV_ERROR;
+ }
+
+ &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
+ &writeserverconf();#hier ok
}
###
if ($cgiparams{'PROTOCOL'} eq 'tcp') {
print SERVERCONF "proto tcp4-server\n";
- print SERVERCONF "# Packet size\n";
+ print SERVERCONF "# Packet size\n";&writeserverconf();#hier ok
if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
print SERVERCONF "tun-mtu $tunmtu\n";
}
print SERVERCONF "# Cipher\n";
print SERVERCONF "cipher $cgiparams{'DCIPHER'}\n";
- # If GCM cipher is used, do not use --auth
+ # If AEAD cipher is used, do not use --auth
if (($cgiparams{'DCIPHER'} eq 'AES-256-GCM') ||
($cgiparams{'DCIPHER'} eq 'AES-192-GCM') ||
- ($cgiparams{'DCIPHER'} eq 'AES-128-GCM')) {
+ ($cgiparams{'DCIPHER'} eq 'AES-128-GCM') ||
+ ($cgiparams{'DCIPHER'} eq 'ChaCha20-Poly1305')) {&writeserverconf();#hier ok
print SERVERCONF unless "# HMAC algorithm\n";
print SERVERCONF unless "auth $cgiparams{'DAUTH'}\n";
} else {
print CLIENTCONF "cipher $cgiparams{'DCIPHER'}\n";
print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n";
- # If GCM cipher is used, do not use --auth
+ # If AEAD cipher is used, do not use --auth
if (($cgiparams{'DCIPHER'} eq 'AES-256-GCM') ||
($cgiparams{'DCIPHER'} eq 'AES-192-GCM') ||
- ($cgiparams{'DCIPHER'} eq 'AES-128-GCM')) {
+ ($cgiparams{'DCIPHER'} eq 'AES-128-GCM') ||
+ ($cgiparams{'DCIPHER'} eq 'ChaCha20-Poly1305')) {
print CLIENTCONF unless "# HMAC algorithm\n";
print CLIENTCONF unless "auth $cgiparams{'DAUTH'}\n";
} else {
goto SETTINGS_ERROR;
}
- # Create ta.key for tls-auth if not presant
- if ($cgiparams{'TLSAUTH'} eq 'on') {
- if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
- # This system call is safe, because all arguements are passed as an array.
- system("/usr/sbin/openvpn", "--genkey", "secret", "${General::swroot}/ovpn/certs/ta.key");
- if ($?) {
- $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
- goto SETTINGS_ERROR;
- }
- }
- }
-
$vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
$vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
$vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
$vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'};
$vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
$vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
- $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
- $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
- $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
#wrtie enable
if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {
### Download tls-auth key
###
}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-auth key'}) {
- if ( -f "${General::swroot}/ovpn/certs/ta.key" ) {
- print "Content-Type: application/octet-stream\r\n";
- print "Content-Disposition: filename=ta.key\r\n\r\n";
+ if ( -f "${General::swroot}/ovpn/certs/ta.key" ) {
+ print "Content-Type: application/octet-stream\r\n";
+ print "Content-Disposition: filename=ta.key\r\n\r\n";
- open(FILE, "${General::swroot}/ovpn/certs/ta.key");
- my @tmp = <FILE>;
- close(FILE);
+ open(FILE, "${General::swroot}/ovpn/certs/ta.key");
+ my @tmp = <FILE>;
+ close(FILE);
- print @tmp;
+ print @tmp;
- exit(0);
- }
+ exit(0);
+ }
+
+###
+### Download tls-crypt key
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-crypt key'}) {
+ if ( -f "${General::swroot}/ovpn/certs/tc.key" ) {
+ print "Content-Type: application/octet-stream\r\n";
+ print "Content-Disposition: filename=tc.key\r\n\r\n";
+
+ open(FILE, "${General::swroot}/ovpn/certs/tc.key");
+ my @tmp = <FILE>;
+ close(FILE);
+
+ print @tmp;
+
+
+ exit(0);
+ }
###
### Form for generating a root certificate
$zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
}
- # If GCM cipher is used, do not use --auth
+ # If AEAD cipher is used, do not use --auth
if (($confighash{$cgiparams{'KEY'}}[40] eq 'AES-256-GCM') ||
($confighash{$cgiparams{'KEY'}}[40] eq 'AES-192-GCM') ||
- ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-128-GCM')) {
+ ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-128-GCM') ||
+ ($confighash{$cgiparams{'KEY'}}[40] eq 'ChaCha20-Poly1305')) {
print CLIENTCONF unless "# HMAC algorithm\n";
print CLIENTCONF unless "auth $confighash{$cgiparams{'KEY'}}[39]\n";
} else {
$zip->addFile( "${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
$zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
}
- print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
+
+ # Set seperator for --data-ciphers algorithms
+ @advcipherchar = ($vpnsettings{'DATACIPHERS'} =~ s/\|/:/g);
+ print CLIENTCONF "data-ciphers $vpnsettings{'DATACIPHERS'}\r\n";
+
print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
- if ($vpnsettings{'TLSAUTH'} eq 'on') {
- if ($cgiparams{'MODE'} eq 'insecure') {
- print CLIENTCONF ";";
- }
- print CLIENTCONF "tls-auth ta.key\r\n";
- $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "Can't add file ta.key\n";
+ # Comment TLS-Auth directive if 'insecure' mode has been choosen
+ if ($vpnsettings{'TLSAUTH'} eq 'on') {
+ if ($cgiparams{'MODE'} eq 'insecure') {
+ print CLIENTCONF ";";
+ }
+ print CLIENTCONF "tls-auth ta.key\r\n";
+ $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "Can't add file ta.key\n";
}
+
+ # Comment TLS-Crypt directive if 'insecure' mode has been choosen
+ if ($vpnsettings{'TLSAUTH'} eq 'tls-crypt') {
+ if ($cgiparams{'MODE'} eq 'insecure') {
+ print CLIENTCONF ";";
+ }
+ print CLIENTCONF "tls-crypt tc.key\r\n";
+ $zip->addFile( "${General::swroot}/ovpn/certs/tc.key", "tc.key") or die "Can't add file tc.key\n";
+ }
+
+
if ($vpnsettings{DCOMPLZO} eq 'on') {
print CLIENTCONF "comp-lzo\r\n";
}
print CLIENTCONF "</key>\r\n\r\n";
close(FILE);
- # TLS auth
+ # Print TLS-Crypt key to client.ovpn if 'insecure' has been selected
+ if ($vpnsettings{'TLSAUTH'} eq 'tls-crypt') {
+ open(FILE, "<${General::swroot}/ovpn/certs/tc.key");
+ print CLIENTCONF "<tls-crypt>\r\n";
+ while (<FILE>) {
+ chomp($_);
+ print CLIENTCONF "$_\r\n";
+ }
+ print CLIENTCONF "</tls-crypt>\r\n\r\n";
+ close(FILE);
+ }
+
+ # Print TLS-Auth key to client.ovpn if 'insecure' has been selected
if ($vpnsettings{'TLSAUTH'} eq 'on') {
open(FILE, "<${General::swroot}/ovpn/certs/ta.key");
print CLIENTCONF "<tls-auth>\r\n";
&Header::closepage();
exit(0);
}
+
+###
+### Display tls-crypt key
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show tls-crypt key'}) {
+
+ if (! -e "${General::swroot}/ovpn/certs/tc.key") {
+ $errormessage = $Lang::tr{'not present'};
+ } else {
+ &Header::showhttpheaders();
+ &Header::openpage($Lang::tr{'ovpn'}, 1, '');
+ &Header::openbigbox('100%', 'LEFT', '', '');
+ &Header::openbox('100%', 'LEFT', "$Lang::tr{'tc key'}");
+ my $output = `/bin/cat ${General::swroot}/ovpn/certs/tc.key`;
+ $output = &Header::cleanhtml($output,"y");
+ print "<pre>$output</pre>\n";
+ &Header::closebox();
+ print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
+ &Header::closebigbox();
+ &Header::closepage();
+ exit(0);
+ }
###
### Display Certificate Revoke List
%cgiparams = ();
%cahash = ();
%confighash = ();
+ my @temp=();
my $disabled;
&General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
read_routepushfile;
if ($cgiparams{'LOG_VERB'} eq '') {
$cgiparams{'LOG_VERB'} = '3';
}
- if ($cgiparams{'TLSAUTH'} eq '') {
- $cgiparams{'TLSAUTH'} = 'off';
- }
$checked{'CLIENT2CLIENT'}{'off'} = '';
$checked{'CLIENT2CLIENT'}{'on'} = '';
$checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
&Header::closebox();
}
&Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
+
+ my $key = $cgiparams{'KEY'};
+ if (! $key) {
+ $key = &General::findhasharraykey (\%confighash);
+ foreach my $i (39.. 45) { $confighash{$key}[$i] = ""; }
+ }
+ $confighash{$key}[39] = $cgiparams{'DAUTH'};
+ $confighash{$key}[40] = $cgiparams{'DCIPHER'};
+ $confighash{$key}[41] = $cgiparams{'TLSAUTH'};
+ $confighash{$key}[42] = $cgiparams{'DATACIPHERS'};
+
+ADV_ENC_ERROR:
+
+ # Set default for hash message authentication code
+ if ($cgiparams{'DAUTH'} eq '') {
+ $cgiparams{'DAUTH'} = 'SHA512'; #[39];
+ }
+ $checked{'DAUTH'}{'SHA3-512'} = '';
+ $checked{'DAUTH'}{'SHA512'} = '';
+ $checked{'DAUTH'}{'SHA384'} = '';
+ $checked{'DAUTH'}{'SHA256'} = '';
+ $checked{'DAUTH'}{'whirlpool'} = '';
+ $checked{'DAUTH'}{'SHA1'} = '';
+ @temp = split('\|', $cgiparams{'DAUTH'});
+ foreach my $key (@temp) {$checked{'DAUTH'}{$key} = "selected='selected'"; }
+
+ # Set default for TLS control authentication
+ if ($cgiparams{'TLSAUTH'} eq '') {
+ $cgiparams{'TLSAUTH'} = 'tls-crypt'; #[41]
+ }
+ $checked{'TLSAUTH'}{'on'} = '';
+ $checked{'TLSAUTH'}{'off'} = '';
+ $checked{'TLSAUTH'}{'tls-crypt'} = '';
+ @temp = split('\|', $cgiparams{'TLSAUTH'});
+ foreach my $key (@temp) {$checked{'TLSAUTH'}{$key} = "selected='selected'"; }
+
+ # Set default for data-cipher-fallback (the old --cipher directive)
+ if ($cgiparams{'DCIPHER'} eq '') {
+ $cgiparams{'DCIPHER'} = 'AES-256-CBC'; #[40]
+ }
+ $checked{'DCIPHER'}{'AES-256-CBC'} = '';
+ $checked{'DCIPHER'}{'AES-192-CBC'} = '';
+ $checked{'DCIPHER'}{'AES-128-CBC'} = '';
+ $checked{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
+ $checked{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
+ $checked{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
+ $checked{'DCIPHER'}{'SEED-CBC'} = '';
+ $checked{'DCIPHER'}{'DES-EDE3-CBC'} = '';
+ $checked{'DCIPHER'}{'DESX-CBC'} = '';
+ $checked{'DCIPHER'}{'DES-EDE-CBC'} = '';
+ $checked{'DCIPHER'}{'BF-CBC'} = '';
+ $checked{'DCIPHER'}{'CAST5-CBC'} = '';
+ @temp = split('\|', $cgiparams{'DCIPHER'});
+ foreach my $key (@temp) {$checked{'DCIPHER'}{$key} = "selected='selected'"; }
+
+ # Set default data channel ciphers
+ if ($cgiparams{'DATACIPHERS'} eq '') {
+ $cgiparams{'DATACIPHERS'} = 'ChaCha20-Poly1305|AES-256-GCM'; #[42];
+ }
+ $checked{'DATACIPHERS'}{'ChaCha20-Poly1305'} = '';
+ $checked{'DATACIPHERS'}{'AES-256-GCM'} = '';
+ $checked{'DATACIPHERS'}{'AES-192-GCM'} = '';
+ $checked{'DATACIPHERS'}{'AES-128-GCM'} = '';
+ @temp = split('\|', $cgiparams{'DATACIPHERS'});
+ foreach my $key (@temp) {$checked{'DATACIPHERS'}{$key} = "selected='selected'"; }
+
+ # Save settings and display default if not configured
+ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
+ $confighash{$cgiparams{'KEY'}}[39] = $cgiparams{'DAUTH'};
+ $confighash{$cgiparams{'KEY'}}[40] = $cgiparams{'DCIPHER'};
+ $confighash{$cgiparams{'KEY'}}[41] = $cgiparams{'TLSAUTH'};
+ $confighash{$cgiparams{'KEY'}}[42] = $cgiparams{'DATACIPHERS'};
+ } else {
+ $cgiparams{'DAUTH'} = $vpnsettings{'DAUTH'};
+ $cgiparams{'DCIPHER'} = $vpnsettings{'DCIPHER'};
+ $cgiparams{'TLSAUTH'} = $vpnsettings{'TLSAUTH'};
+ $cgiparams{'DATACIPHERS'} = $vpnsettings{'DATACIPHERS'};
+ }
+
+ADV_ENC_ERROR:
+
+ print<<END
+ <br />
+ <tr>
+ <td class='base'><b>$Lang::tr{'ovpn advanced encryption'}</b></td>
+ </tr>
+
+ <form method='post' enctype='multipart/form-data' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
+
+ <table width='100%'>
+ <thead>
+ <tr>
+ <th width="15%"></th>
+ <th>$Lang::tr{'ovpn data channel'}</th>
+ <th>$Lang::tr{'ovpn data channel fallback'}</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td class='boldbase' width="27%">$Lang::tr{'ovpn data encryption'}</td>
+ <td class='boldbase'>
+ <select name='DATACIPHERS' multiple='multiple' size='6' style='width: 100%'>
+ <option value='ChaCha20-Poly1305' $checked{'DATACIPHERS'}{'ChaCha20-Poly1305'}>256 bit ChaCha20-Poly1305</option>
+ <option value='AES-256-GCM' $checked{'DATACIPHERS'}{'AES-256-GCM'}>256 $Lang::tr{'bit'} AES-GCM</option>
+ <option value='AES-192-GCM' $checked{'DATACIPHERS'}{'AES-192-GCM'}>192 $Lang::tr{'bit'} AES-GCM</option>
+ <option value='AES-128-GCM' $checked{'DATACIPHERS'}{'AES-128-GCM'}>128 $Lang::tr{'bit'} AES-GCM</option>
+ </select>
+ </td>
+
+ <td class='boldbase'>
+ <select name='DCIPHER' size='6' style='width: 100%'>
+ <option value='AES-256-CBC' $checked{'DCIPHER'}{'AES-256-CBC'}>256 $Lang::tr{'bit'} AES-CBC</option>
+ <option value='AES-192-CBC' $checked{'DCIPHER'}{'AES-192-CBC'}>192 $Lang::tr{'bit'} AES-CBC</option>
+ <option value='AES-128-CBC' $checked{'DCIPHER'}{'AES-128-CBC'}>128 bit AES-CBC</option>
+ <option value='CAMELLIA-256-CBC' $checked{'DCIPHER'}{'CAMELLIA-256-CBC'}>256 $Lang::tr{'bit'} Camellia-CBC</option>
+ <option value='CAMELLIA-192-CBC' $checked{'DCIPHER'}{'CAMELLIA-192-CBC'}>192 $Lang::tr{'bit'} Camellia-CBC</option>
+ <option value='CAMELLIA-128-CBC' $checked{'DCIPHER'}{'CAMELLIA-128-CBC'}>128 $Lang::tr{'bit'} Camellia-CBC</option>
+ <option value='SEED-CBC' $checked{'DCIPHER'}{'SEED-CBC'}>128 $Lang::tr{'bit'} SEED-CBC</option>
+ <option value='DES-EDE3-CBC' $checked{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC 192 $Lang::tr{'bit'} - $Lang::tr{'vpn weak'}</option>
+ <option value='DESX-CBC' $checked{'DCIPHER'}{'DESX-CBC'}>DESX-CBC 192 $Lang::tr{'bit'} - $Lang::tr{'vpn weak'}</option>
+ <option value='DES-EDE-CBC' $checked{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC 128 $Lang::tr{'bit'} - $Lang::tr{'vpn weak'}</option>
+ <option value='BF-CBC' $checked{'DCIPHER'}{'BF-CBC'}>BF-CBC 128 $Lang::tr{'bit'} - $Lang::tr{'vpn weak'}</option>
+ <option value='CAST5-CBC' $checked{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC 128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'}</option>
+ </select>
+ </td>
+ </tr>
+ </tbody>
+ </table>
+
+ <br /><br />
+
+
+ <tr>
+ <td class='base'><b>$Lang::tr{'ovpn crypt options'}</b></td>
+ </tr>
+
+
+
+ <table width="100%">
+ <thead>
+ <tr>
+ <th width="15%"></th>
+ <th>$Lang::tr{'ovpn ha'}</th>
+ <th>$Lang::tr{'ovpn tls auth'}</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+
+ <td width="27%">$Lang::tr{'ovpn data channel authentication'}</td>
+ <td class='boldbase'>
+ <select name='DAUTH' size='6' style='width: 100%'>
+ <option value='SHA3-512' $checked{'DAUTH'}{'SHA3-512'}>SHA3 512 $Lang::tr{'bit'}</option>
+ <option value='SHA512' $checked{'DAUTH'}{'SHA512'}>SHA2 512 $Lang::tr{'bit'}</option>
+ <option value='SHA384' $checked{'DAUTH'}{'SHA384'}>SHA2 384 $Lang::tr{'bit'}</option>
+ <option value='SHA256' $checked{'DAUTH'}{'SHA256'}>SHA2 256 $Lang::tr{'bit'}</option>
+ <option value='whirlpool' $checked{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
+ <option value='SHA1' $checked{'DAUTH'}{'SHA1'}>SHA1 160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'}</option>
+ </select>
+
+ <td class='boldbase'>
+ <select name='TLSAUTH' size='6' style='width: 100%' style="margin-right:-17px" size="11">
+ <option value='tls-crypt' $checked{'TLSAUTH'}{'tls-crypt'}>TLS-Crypt</option>
+ <option value='on' $checked{'TLSAUTH'}{'on'}>TLS-Auth</option>
+ <option value='off' $checked{'TLSAUTH'}{'off'}>Off</option>
+ </select>
+ </td>
+ </tr>
+ </tbody>
+ </table>
+ <br />
+ <hr>
+END
+;
+
print <<END;
<form method='post' enctype='multipart/form-data'>
<table width='100%' border=0>
+ <br />
<tr>
<td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
- </tr>
- <tr>
+ </tr>
+ <tr>
<td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
- </tr>
- <tr>
+ </tr>
+ <tr>
<td class='base'>Domain</td>
<td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td>
- </tr>
- <tr>
+ </tr>
+ <tr>
<td class='base'>DNS</td>
<td><input type='TEXT' name='DHCP_DNS' value='$cgiparams{'DHCP_DNS'}' size='30' /></td>
- </tr>
- <tr>
+ </tr>
+ <tr>
<td class='base'>WINS</td>
<td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td>
</tr>
- <tr>
+ <tr>
<td colspan='4'><b>$Lang::tr{'ovpn routes push options'}</b></td>
- </tr>
- <tr>
+ </tr>
+ <tr>
<td class='base'>$Lang::tr{'ovpn routes push'}</td>
<td colspan='2'>
<textarea name='ROUTES_PUSH' cols='26' rows='6' wrap='off'>
print <<END;
</textarea></td>
-</tr>
- </tr>
+ </tr>
+ </tr>
</table>
+<br />
<hr size='1'>
+
<table width='100%'>
+ <br />
<tr>
<td class='base'><b>$Lang::tr{'misc-options'}</b></td>
</tr>
<td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='10' /></td>
</tr>
</table>
+<br />
<hr size='1'>
<table width='100%'>
- <tr>
- <td class='base'><b>$Lang::tr{'log-options'}</b></td>
- </tr>
- <tr>
- <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td>
- </tr>
-
- <tr><td class='base'>VERB</td>
- <td><select name='LOG_VERB'>
+ <br />
+ <tr>
+ <td class='base'><b>$Lang::tr{'log-options'}</b></td>
+ </tr>
+ <tr>
+ <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td>
+ </tr>
+
+ <tr><td class='base'>VERB</td>
+ <td><select name='LOG_VERB'>
<option value='0' $selected{'LOG_VERB'}{'0'}>0</option>
<option value='1' $selected{'LOG_VERB'}{'1'}>1</option>
<option value='2' $selected{'LOG_VERB'}{'2'}>2</option>
<option value='9' $selected{'LOG_VERB'}{'9'}>9</option>
<option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
<option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
- </td></select>
- </table>
-
+ </td></select>
+ </table>
+ <br />
<hr size='1'>
END
if ( -e "/var/run/openvpn.pid"){
print" <br><b><font color='#990000'>$Lang::tr{'attention'}:</b></font><br>
- $Lang::tr{'server restart'}<br><br>
+ $Lang::tr{'server restart'}<br /><br />
<hr>";
print<<END;
<table width='100%'>
&Header::closepage();
exit(0);
-
# A.Marx CCD Add,delete or edit CCD net
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ccd net'} ||
$errormessage = $Lang::tr{'invalid key'};
goto VPNCONF_END;
}
- $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0];
+ $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0];
$cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1];
$cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
- $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
+ $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
$cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
$cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
$cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
$cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
- $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
- $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22];
- $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23];
- $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
+ $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
+ $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22];
+ $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23];
+ $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
$cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
- $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
+ $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
$cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27];
- $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28];
- $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29];
- $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30];
- $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31];
- $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32];
+ $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28];
+ $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29];
+ $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30];
+ $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31];
+ $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32];
$name=$cgiparams{'CHECK1'} ;
$cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33];
$cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34];
- $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35];
- $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36];
- $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37];
+ $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35];
+ $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36];
+ $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37];
$cgiparams{'DAUTH'} = $confighash{$cgiparams{'KEY'}}[39];
- $cgiparams{'DCIPHER'} = $confighash{$cgiparams{'KEY'}}[40];
- $cgiparams{'TLSAUTH'} = $confighash{$cgiparams{'KEY'}}[41];
- $cgiparams{'OTP_STATE'} = $confighash{$cgiparams{'KEY'}}[43];
+ $cgiparams{'DCIPHER'} = $confighash{$cgiparams{'KEY'}}[40];
+ $cgiparams{'OTP_STATE'} = $confighash{$cgiparams{'KEY'}}[43];
+
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
$confighash{$key}[41] = "no-pass";
}
}
-
- $confighash{$key}[42] = 'HOTP/T30/6';
+
+ $confighash{$key}[42] = 'HOTP/T30/6';
$confighash{$key}[43] = $cgiparams{'OTP_STATE'};
if (($confighash{$key}[43] eq 'on') && ($confighash{$key}[44] eq '')) {
my @otp_secret = &General::system_output("/usr/bin/openssl", "rand", "-hex", "20");
- chomp($otp_secret[0]);
+ chomp($otp_secret[0]);
$confighash{$key}[44] = $otp_secret[0];
} elsif ($confighash{$key}[43] eq '') {
$confighash{$key}[44] = '';
$checked{'MSSFIX'}{'on'} = '';
$checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
- $selected{'DCIPHER'}{'AES-256-GCM'} = '';
- $selected{'DCIPHER'}{'AES-192-GCM'} = '';
- $selected{'DCIPHER'}{'AES-128-GCM'} = '';
- $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
- $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
- $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
- $selected{'DCIPHER'}{'AES-256-CBC'} = '';
- $selected{'DCIPHER'}{'AES-192-CBC'} = '';
- $selected{'DCIPHER'}{'AES-128-CBC'} = '';
- $selected{'DCIPHER'}{'DESX-CBC'} = '';
- $selected{'DCIPHER'}{'SEED-CBC'} = '';
- $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
- $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
- $selected{'DCIPHER'}{'CAST5-CBC'} = '';
- $selected{'DCIPHER'}{'BF-CBC'} = '';
- $selected{'DCIPHER'}{'DES-CBC'} = '';
- # If no cipher has been chossen yet, select
- # the old default (AES-256-CBC) for compatiblity reasons.
- if ($cgiparams{'DCIPHER'} eq '') {
- $cgiparams{'DCIPHER'} = 'AES-256-CBC';
- }
- $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
- $selected{'DAUTH'}{'whirlpool'} = '';
- $selected{'DAUTH'}{'SHA512'} = '';
- $selected{'DAUTH'}{'SHA384'} = '';
- $selected{'DAUTH'}{'SHA256'} = '';
- $selected{'DAUTH'}{'SHA1'} = '';
- $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
- $checked{'TLSAUTH'}{'off'} = '';
- $checked{'TLSAUTH'}{'on'} = '';
- $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
-
if (1) {
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'ovpn'}, 1, '');
<tr><td class='boldbase'>$Lang::tr{'cipher'}</td>
<td><select name='DCIPHER' id="n2ncipher" required>
+ <option value='ChaCha20-Poly1305' $selected{'DCIPHER'}{'ChaCha20-Poly1305'}>CHACHA20-POLY1305 (256 $Lang::tr{'bit'})</option>
<option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option>
<option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option>
<option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option>
<option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
<option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
<option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
- <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'}, $Lang::tr{'default'})</option>
- <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
- <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
- <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
- <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
+ <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'}, $Lang::tr{'default'})</option>
+ <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
+ <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
+ <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
+ <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
+ <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
+ <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
+ <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
</select>
</td>
<td class='boldbase'>$Lang::tr{'ovpn ha'}:</td>
<td><select name='DAUTH' id="n2nhmac" $hmacdisabled>
- <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
- <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
- <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
- <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
- <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
+ <option value='SHA3-512' $selected{'DAUTH'}{'SHA3-512'}>SHA3 512 $Lang::tr{'bit'}</option>
+ <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
+ <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
+ <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
+ <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
+ <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
</select>
</td>
</tr>
<script>
var disable_options = false;
document.getElementById('n2ncipher').onchange = function () {
- if((this.value == "AES-256-GCM"||this.value == "AES-192-GCM"||this.value == "AES-128-GCM")) {
+ if((this.value == "AES-256-GCM"||this.value == "AES-192-GCM"||this.value == "AES-128-GCM"||this.value == "CHACHA20-POLY1305")) {
document.getElementById('n2nhmac').setAttribute('disabled', true);
} else {
document.getElementById('n2nhmac').removeAttribute('disabled');
print <<END;
<table border='0' width='100%'>
<tr><td width='20%'>$Lang::tr{'enable otp'}:</td><td colspan='3'><input type='checkbox' name='OTP_STATE' $checked{'OTP_STATE'}{'on'} /></td></tr>
- <tr><td width='20%'>Redirect Gateway:</td><td colspan='3'><input type='checkbox' name='RG' $checked{'RG'}{'on'} /></td></tr>
+ <tr><td width='30%'>Redirect Gateway:</td><td colspan='3'><input type='checkbox' name='RG' $checked{'RG'}{'on'} /></td></tr>
<tr><td colspan='4'><b><br>$Lang::tr{'ccd routes'}</b></td></tr>
<tr><td colspan='4'> </td></tr>
<tr><td valign='top'>$Lang::tr{'ccd iroute'}</td><td align='left' width='30%'><textarea name='IR' cols='26' rows='6' wrap='off'>
my @status = <FILE>;
close(FILE);
+ # Perform crypto and configration test to display warnings or errors
+ &pkiconfigcheck;
+
if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
my $ipaddr = <IPADDR>;
}
#default setzen
- if ($cgiparams{'DCIPHER'} eq '') {
- $cgiparams{'DCIPHER'} = 'AES-256-CBC';
- }
if ($cgiparams{'DDEST_PORT'} eq '') {
$cgiparams{'DDEST_PORT'} = '1194';
}
if ($cgiparams{'MSSFIX'} eq '') {
$cgiparams{'MSSFIX'} = 'off';
}
- if ($cgiparams{'DAUTH'} eq '') {
- if (-z "${General::swroot}/ovpn/ovpnconfig") {
- $cgiparams{'DAUTH'} = 'SHA512';
- }
- foreach my $key (keys %confighash) {
- if ($confighash{$key}[3] ne 'host') {
- $cgiparams{'DAUTH'} = 'SHA512';
- } else {
- $cgiparams{'DAUTH'} = 'SHA1';
- }
- }
- }
- if ($cgiparams{'TLSAUTH'} eq '') {
- $cgiparams{'TLSAUTH'} = 'off';
- }
if ($cgiparams{'DOVPN_SUBNET'} eq '') {
$cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
}
$selected{'DPROTOCOL'}{'tcp'} = '';
$selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
- $selected{'DCIPHER'}{'AES-256-GCM'} = '';
- $selected{'DCIPHER'}{'AES-192-GCM'} = '';
- $selected{'DCIPHER'}{'AES-128-GCM'} = '';
- $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
- $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
- $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
- $selected{'DCIPHER'}{'AES-256-CBC'} = '';
- $selected{'DCIPHER'}{'AES-192-CBC'} = '';
- $selected{'DCIPHER'}{'AES-128-CBC'} = '';
- $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
- $selected{'DCIPHER'}{'DESX-CBC'} = '';
- $selected{'DCIPHER'}{'SEED-CBC'} = '';
- $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
- $selected{'DCIPHER'}{'CAST5-CBC'} = '';
- $selected{'DCIPHER'}{'BF-CBC'} = '';
- $selected{'DCIPHER'}{'DES-CBC'} = '';
- $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
-
- $selected{'DAUTH'}{'whirlpool'} = '';
- $selected{'DAUTH'}{'SHA512'} = '';
- $selected{'DAUTH'}{'SHA384'} = '';
- $selected{'DAUTH'}{'SHA256'} = '';
- $selected{'DAUTH'}{'SHA1'} = '';
- $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
-
- $checked{'TLSAUTH'}{'off'} = '';
- $checked{'TLSAUTH'}{'on'} = '';
- $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
-
$checked{'DCOMPLZO'}{'off'} = '';
$checked{'DCOMPLZO'}{'on'} = '';
$checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
<td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}' size='5' /></td>
</tr>
- <tr><td colspan='4'><br></td></tr>
- <tr>
- <td class='base'><b>$Lang::tr{'ovpn crypt options'}:</b></td>
- </tr>
- <tr><td colspan='1'><br></td></tr>
-
- <tr>
- <td class='base'>$Lang::tr{'ovpn ha'}</td>
- <td><select name='DAUTH'>
- <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
- <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
- <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
- <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
- <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- </select>
- </td>
-
- <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
- <td><select name='DCIPHER'>
- <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option>
- <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option>
- <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option>
- <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
- <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
- <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
- <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option>
- <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
- <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
- <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
- <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- </select>
- </td>
- </tr>
-
- <tr><td colspan='4'><br></td></tr>
- <tr>
- <td class='base'>$Lang::tr{'ovpn tls auth'}</td>
- <td><input type='checkbox' name='TLSAUTH' $checked{'TLSAUTH'}{'on'} /></td>
- </tr>
-
<tr><td colspan='4'><br><br></td></tr>
END
;
my $col3="bgcolor='$color{'color22'}'";
# ta.key line
my $col4="bgcolor='$color{'color20'}'";
+ # tc-v2.key line
+ my $col5="bgcolor='$color{'color22'}'";
+ # tc.key
+ my $col6="bgcolor='$color{'color20'}'";
if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
my @casubject = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
# Nothing
print <<END;
<tr>
- <td width='25%' class='base' $col4>$Lang::tr{'ta key'}:</td>
+ <td width='25%' class='base' $col4>$Lang::tr{'ta key'}</td>
<td class='base' $col4>$Lang::tr{'not present'}</td>
<td colspan='3' $col4> </td>
</tr>
;
}
+ # Adding tc.key to chart
+ if (-f "${General::swroot}/ovpn/certs/tc.key") {
+ my $tcsubject = `/bin/cat ${General::swroot}/ovpn/certs/tc.key`;
+ $tcsubject =~ /# (.*)[\n]/;
+ $tcsubject = $1;
+ print <<END;
+
+ <tr>
+ <td class='base' $col6>$Lang::tr{'tc key'}</td>
+ <td class='base' $col6>$tcsubject</td>
+ <form method='post' name='frmtckey'><td width='3%' align='center' $col6>
+ <input type='hidden' name='ACTION' value='$Lang::tr{'show tls-crypt key'}' />
+ <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show tls-crypt key'}' title='$Lang::tr{'show tls-crypt key'}' width='20' height='20' border='0' />
+ </form>
+ <form method='post' name='frmtckey'><td width='3%' align='center' $col6>
+ <input type='image' name='$Lang::tr{'download tls-crypt key'}' src='/images/media-floppy.png' alt='$Lang::tr{'download tls-crypt key'}' title='$Lang::tr{'download tls-crypt key'}' border='0' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'download tls-crypt key'}' />
+ </form>
+ <td width='4%' $col6> </td>
+ </tr>
+END
+;
+ }
+
if (! -f "${General::swroot}/ovpn/ca/cacert.pem") {
print "<tr><td colspan='5' align='center'><form method='post'>";
print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />";
'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*',
'advproxy wpad label dst_noproxy_ip' => 'Excluded IP Subnets (one per line)',
'advproxy wpad label dst_noproxy_url' => 'Excluded URL s (one per line)',
+'advproxy wpad notice' => 'Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>.',
'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)',
'advproxy wpad view pac' => 'Open PAC File',
'again' => 'Again:',
'dhcp dns update' => 'DNS Update',
'dhcp dns update algo' => 'Algorithm',
'dhcp dns update secret' => 'Secret',
-'dhcp fixed ip address in dynamic range' => 'Fixed IP Address in dynamic range',
'dhcp fixed lease err1' => 'For a fix lease you have to enter the MAC address or the hostname, or you enter both.',
'dhcp fixed lease help1' => 'IP Addresses might be entered as FQDN',
'dhcp make fixed lease' => 'Add to fix leases',
'display hostname in window title' => 'Display hostname in window title',
'display traffic at home' => 'Display calculated traffic on startpage',
'display webinterface effects' => 'Activate effects',
-'dl client arch' => 'Download Encrypted Client Package (zip)',
+'dl client arch' => 'Download Client Package (zip)',
'dl client arch insecure' => 'Download insecure Client Package (zip)',
'dmz' => 'DMZ',
'dmz pinhole configuration' => 'DMZ pinhole configuration',
'done' => 'Do it',
'dos charset' => 'DOS Charset',
'down and up speed' => 'Enter your Down- and Uplink-Speed <br /> and then press <i>Save</i>.',
-'downfall gather data sampling' => 'Downfall/Gather Data Sampling',
'downlink' => 'Downlink',
'downlink speed' => 'Downlink speed (kbit/sec)',
'downlink std class' => 'downlink standard class',
'download new ruleset' => 'Download new ruleset',
'download pkcs12 file' => 'Download PKCS12 file',
'download root certificate' => 'Download root certificate',
-'download tls-auth key' => 'Download tls-auth key',
+'download tls-auth key' => 'Download TLS-Auth key',
+'download tls-crypt key' => 'Download TLS-Crypt key',
+'download tls-crypt-v2 key' => 'Download TLS-Crypt-v2 server key',
'dpd action' => 'Action',
'dpd delay' => 'Delay',
'dpd timeout' => 'Timeout',
'external access rule removed' => ' External access rule removed; restarting access controller',
'external aliases configuration' => 'External aliases configuration',
'extrahd' => 'ExtraHD',
-'extrahd because it it outside the allowed mount path' => ', because it is outside the allowed mount path',
'extrahd because there is already a device mounted' => ', because there is already a device mounted',
'extrahd cant umount' => 'Can\'t umount',
'extrahd detected drives' => 'detected drives',
'extrahd install or load driver' => 'If your device isn\'t listed here, you need to install or load the driver.<br />If you can see your device but no partitions you have to create them first.',
'extrahd maybe the device is in use' => '. Maybe the device is in use',
-'extrahd mounted' => 'Mounted',
-'extrahd no mount point given' => 'No mount point given',
-'extrahd not configured' => 'Not configured',
-'extrahd not mounted' => 'Not mounted',
'extrahd to' => 'to',
'extrahd to root' => 'to root',
'extrahd unable to read' => 'Unable to read',
'open connections' => 'Open Connections',
'open to all' => 'Override external access to ALL',
'openssl produced an error' => 'OpenSSL produced an error',
-'openvpn cert expires soon' => 'Expires Soon',
-'openvpn cert has expired' => 'Expired',
'openvpn client' => 'OpenVPN client',
'openvpn default' => 'Default',
'openvpn destination port used' => 'The destination port is already used by another OpenVPN server.',
'override mtu' => 'Override default MTU',
'ovpn' => 'OpenVPN',
'ovpn add conf' => 'Additional configuration',
+'ovpn advanced encryption' => 'Advanced encryption settings',
+'ovpn client version 25 cipher negotiation' => 'Negotiate encryption',
+'ovpn client version 25 warning' => 'Available with client version 2.5.0 and higher',
'ovpn con stat' => 'OpenVPN Connection Statistics',
'ovpn config' => 'OVPN-Config',
'ovpn connection name' => 'Connection Name',
'ovpn crypt options' => 'Cryptographic options',
+'ovpn data encryption' => 'Data-Channel encryption',
+'ovpn data channel authentication' => 'Data and channel authentication',
+'ovpn data channel' => 'Data-Channel',
+'ovpn data channel fallback' => 'Data-Channel fallback',
'ovpn device' => 'OpenVPN device:',
'ovpn dl' => 'OVPN-Config Download',
'ovpn engines' => 'Crypto engine',
'ovpn errmsg green already pushed' => 'Route for green network is always set',
+'ovpn errmsg invalid data cipher input' => 'The data cipher needs at least one cipher',
'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask',
'ovpn error md5' => 'You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>',
'ovpn generating the root and host certificates' => 'Generating the root and host certificate can take a long time.',
'ovpn subnet' => 'OpenVPN subnet:',
'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.',
'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ',
-'ovpn tls auth' => 'TLS Channel Protection:',
+'ovpn tls auth' => 'TLS Channel Protection',
+'ovpn warning 64 bit block cipher' => 'This encryption algorithm is broken and will be removed in OpenVPN-2.7 <br>Please change this as soon as possible!</br>',
+'ovpn warning algorithm' => 'You configured the algorithm',
'ovpn warning rfc3280' => 'Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>',
'ovpn_fastio' => 'Fast-IO',
'ovpn_mssfix' => 'MSSFIX Size',
'refresh index page while connected' => 'Refresh index.cgi page while connected',
'refresh update list' => 'Refresh update list',
'registered user rules' => 'Talos VRT rules for registered users',
-'reiserfs warning1' => 'Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.',
-'reiserfs warning2' => 'Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.',
'release' => 'Release',
'released' => 'Released',
'reload' => 'reload',
'show otp qrcode' => 'Show OTP QRCode',
'show root certificate' => 'Show root certificate',
'show share options' => 'Show shares options',
-'show tls-auth key' => 'Show tls-auth key',
+'show tls-auth key' => 'Show TLS-Auth key',
+'show tls-crypt key' => 'Show TLS-Crypt key',
+'show tls-crypt-v2 key' => 'Show TLS-Crypt-v2 key',
'shuffle' => 'Shuffle',
'shutdown' => 'Shutdown',
'shutdown ask' => 'Shutdown?',
'source port overlaps' => 'Source port range overlaps an existing port range.',
'speaker off' => 'Speaker off:',
'speaker on' => 'Speaker on:',
-'spec rstack overflow' => 'Speculative Return Stack Overflow',
'spectre variant 1' => 'Spectre Variant 1',
'spectre variant 2' => 'Spectre Variant 2',
'spectre variant 4' => 'Spectre Variant 4',
'system logs' => 'System Logs',
'system status information' => 'System Status Information',
'ta key' => 'TLS-Authentification-Key',
-'taa zombieload2' => 'TSX Async Abort/ZombieLoad v2',
+'tc key' => 'TLS-Cryptografic-Key',
+'tc v2 key' => 'TLS-Cryptografic-Key-version2',
+'taa zombieload2' => 'TSX Async Abort / ZombieLoad v2',
'tcp more reliable' => 'TCP (more reliable)',
'telephone not set' => 'Telephone not set.',
'template' => 'Preset',
projects / people / bonnietwin / ipfire-2.x.git / commitdiff
