From f873bcdb07001cfc5571cb6cf98e3df3a8e83515 Mon Sep 17 00:00:00 2001
From: Erik Kapfer <erik.kapfer@ipfire.org>
Date: Mon, 13 Mar 2023 13:56:41 +0100
Subject: [PATCH] OpenVPN: Added correct index for ovpnconfig, modified legend
 in WUI

- Fix for #11048 which includes now an index parameter for 'pass' or 'no-pass' for all connections.
- Modification via update.sh to deliver an 'pass' (all crypted *.p12 files) or 'no-pass' (N2N and not encrypted files) index for all existing connections.
- Only one place for two different icons (encrypted or not encrypted) in HTML section in 'Connection Status and -Control'.
- Added new icon with already existing openvpn.png combined with an lock icon from https://www.freepik.com/ with the specific address https://www.flaticon.com/free-icon/lock_891399 which is free for personla and commercial use.
- Change 'Legend' order in 'Connection status and -Control' for better overview and change table width.
- Added new icon 'openvpn_encrypted.png' in 'Legend' section.

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
---
 config/rootfiles/core/174/update.sh    |  28 ++++++++++
 html/cgi-bin/ovpnmain.cgi              |  74 ++++++++++++++-----------
 html/html/images/openvpn_encrypted.png | Bin 0 -> 6562 bytes
 langs/de/cgi-bin/de.pl                 |   2 +-
 langs/en/cgi-bin/en.pl                 |   2 +-
 5 files changed, 73 insertions(+), 33 deletions(-)
 create mode 100644 html/html/images/openvpn_encrypted.png

diff --git a/config/rootfiles/core/174/update.sh b/config/rootfiles/core/174/update.sh
index 7acaad64e9..e15b31df2a 100644
--- a/config/rootfiles/core/174/update.sh
+++ b/config/rootfiles/core/174/update.sh
@@ -184,6 +184,34 @@ if [ -e "/opt/pakfire/db/installed/meta-perl-TimeDate" ] && [ -e "/opt/pakfire/d
 		/opt/pakfire/db/rootfiles/perl-TimeDate
 fi
 
+## Modify ovpnconfig according to bug 11048 for pass, no-pass modification in ovpnconfig index
+# Check if ovpnconfig is not empty and exists
+if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
+	# Sort all N2N connections out since they do not use encryption
+	awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+
+	# Investigate roadwarrior connection names for *.p12 files
+	for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
+		# Sort all unencrypted roadwarriors out and set 'no-pass' in [43] index
+		if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'Encrypted') ]]; then
+			awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+		fi
+	done
+
+	# Investigate connection names for *.p12 files
+	for x in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
+		# Sort all encrypted roadwarriors out and set 'pass' in [43] index
+		if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${x}.p12 -noout -password pass:'' 2>&1 | grep 'error')  ]]; then
+			awk -v var="$x" '{FS=OFS=","} {if($3==var) {$43="pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+		fi
+	done
+fi
+
+# Renew existing ovpnconfig with refreshed index
+mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
+# Set correct ownerschip
+chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
+
 # This update needs a reboot...
 touch /var/run/need_reboot
 
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 87bda4f1ef..f2c3e81f34 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -4327,8 +4327,14 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	$confighash{$key}[39]		= $cgiparams{'DAUTH'};
 	$confighash{$key}[40]		= $cgiparams{'DCIPHER'};
 
-	if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
-		$confighash{$key}[41] = "no-pass";
+	if ($confighash{$key}[41] eq "") {
+		if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
+			$confighash{$key}[41] = "no-pass";
+		} elsif (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} ne "")) {
+			$confighash{$key}[41] = "pass";
+		} elsif ($cgiparams{'TYPE'} eq 'net') {
+			$confighash{$key}[41] = "no-pass";
+		}
 	}
 
    $confighash{$key}[42] = 'HOTP/T30/6';
@@ -5459,20 +5465,24 @@ END
 }
 
 
-    print <<END;
-	<td align='center' $col1>$active</td>
-
-	<form method='post' name='frm${key}a'><td align='center' $col>
-	    <input type='image'  name='$Lang::tr{'dl client arch'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
-	    <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
-	    <input type='hidden' name='KEY' value='$key' />
-	</td></form>
+	if ($confighash{$key}[41] eq "pass") {
+		print <<END;
+			<td align='center' $col1>$active</td>
+
+			<form method='post' name='frm${key}a'><td align='center' $col>
+			    <input type='image'  name='$Lang::tr{'dl client arch'}' src='/images/openvpn_encrypted.png'
+					alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
+			    <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
+			    <input type='hidden' name='MODE' value='secure' />
+			    <input type='hidden' name='KEY' value='$key' />
+			</td></form>
 END
-	;
 
-	if ($confighash{$key}[41] eq "no-pass") {
+	; } elsif ($confighash{$key}[41] eq "no-pass") {
 		print <<END;
-			<form method='post' name='frm${key}g'><td align='center' $col>
+			<td align='center' $col1>$active</td>
+
+			<form method='post' name='frm${key}a'><td align='center' $col>
 				<input type='image'  name='$Lang::tr{'dl client arch insecure'}' src='/images/openvpn.png'
 					alt='$Lang::tr{'dl client arch insecure'}' title='$Lang::tr{'dl client arch insecure'}' border='0' />
 				<input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
@@ -5480,7 +5490,7 @@ END
 				<input type='hidden' name='KEY' value='$key' />
 			</td></form>
 END
-	} else {
+	; } else {
 		print "<td $col>&nbsp;</td>";
 	}
 
@@ -5556,30 +5566,32 @@ END
     # If the config file contains entries, print Key to action icons
     if ( $id ) {
     print <<END;
-    <table border='0'>
-    <tr>
+	<table width='85%' border='0'>
+	<tr>
 		<td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
-		<td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
-		<td class='base'>$Lang::tr{'click to disable'}</td>
+		<td>&nbsp; &nbsp; <img src='/images/openvpn.png' alt='?RELOAD'/></td>
+		<td class='base'>$Lang::tr{'dl client arch insecure'}</td>
+		<td>&nbsp; &nbsp; <img src='/images/openvpn_encrypted.png' alt='?RELOAD'/></td>
+		<td class='base'>$Lang::tr{'dl client arch'}</td>
 		<td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
 		<td class='base'>$Lang::tr{'show certificate'}</td>
+		<td>&nbsp; &nbsp; <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td>
+		<td class='base'>$Lang::tr{'show otp qrcode'}</td>
+	</tr>
+	<tr>
+		<td>&nbsp; </td>
+		<td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
+		<td class='base'>$Lang::tr{'download certificate'}</td>
+		<td>&nbsp; <img src='/images/off.gif' alt='?OFF' /></td>
+		<td class='base'>$Lang::tr{'click to enable'}</td>
+		<td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
+		<td class='base'>$Lang::tr{'click to disable'}</td>
 		<td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
 		<td class='base'>$Lang::tr{'edit'}</td>
 		<td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
 		<td class='base'>$Lang::tr{'remove'}</td>
-    </tr>
-    <tr>
-		<td>&nbsp; </td>
-		<td>&nbsp; <img src='/images/off.gif' alt='?OFF' /></td>
-		<td class='base'>$Lang::tr{'click to enable'}</td>
-		<td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
-		<td class='base'>$Lang::tr{'download certificate'}</td>
-		<td>&nbsp; &nbsp; <img src='/images/openvpn.png' alt='?RELOAD'/></td>
-		<td class='base'>$Lang::tr{'dl client arch'}</td>
-		<td>&nbsp; &nbsp; <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td>
-		<td class='base'>$Lang::tr{'show otp qrcode'}</td>
-		</tr>
-    </table><br>
+	</tr>
+	</table><br>
 END
     ;
     }
diff --git a/html/html/images/openvpn_encrypted.png b/html/html/images/openvpn_encrypted.png
new file mode 100644
index 0000000000000000000000000000000000000000..fdedc7b33c43556abf397efa2183f4a266f1667e
GIT binary patch
literal 6562
zc-rk)XIN8Nw+=ltK@bERF(@FA9w3C?q!;NTiYX@{KoTUOcLXaUDkx2g0|HV80Tq=Z
zDqRt0C?lYtARsb;!UsYSZ-S2F-1|M>{dJ$`{_rH{<m|Q9e%D&>UVEQ?a@xtkQc`T2
z7zhNCw6-#L=Kf0aPOvcds<iNh00M~+BV0Y%&V*1%U=Wi+3jiSO@IU|pgwZG<P}pFR
z=b_8v>YLW6ay5c`a=kWzanulGSKb3K)g$=j`PuC7&Q^uQQ>mupyDLp!;LA!;xczfP
zbuHWOU3qE;>Ix2gUa6h5F*NjuoWJv-Xruw5aF}m7aF_q>4|np`w%Ydg*fc5J@I$N)
zY?XN$^O@2vFE*sSpOmp1WfuQT94+u?Ko_<2?Eq{se0FTMFxTh~qCo$)kMc+!i7!IA
z0E2vH+&s38UrFTQx;Pw*<*%$A8MX0Mt&gaj5CyG>7B4H$`_ete&L3~A`gnV4GG_T|
zMZ5N%C;{E3WhKteqP&CQ`Covyo)s-VoZ~qqto7}y9A?FVfg0+}wHAqz8u~QjEsfya
zCKLH?dem!4C{|RZb3v}jgLb5OaDG~^(Z*Ebp1j4jUf<_Yvo>N|l^xrJBq?v_+5JwQ
zo{uIFvj`a6<RMtjZrUtTVr|v*S@oMfgEF^reXv>P(PZS?^G&mks^zy_;@bzdYJ6&`
zZ$7a-`)+g#5^36HY%ld-ne(|OT=FQAo)&rr9QS9Nx#Qx2gn8+mNaX97-;z3!0&!ql
zRowA_Q-b|!dpgI(S-bgD<pj0rx_1YO2&BnK;W|)>5)AdZB2-ZiCQbI2p#mkMu!?hg
zLELsxNpeeuw9#Jo$4<7pThg2z_V(>5eVa;h(4D+^NA0$Z4SR38w@s;qO<6%}mS1I2
zzxpjv+c;m94(Gx%R{owf%|VZ5PViL(&la@hdOvGe94ykY_~hGLc<`*d9R0YZLeKdN
zmWsjczL!)?X|0)*T%dnn4J>g`jM0+regx>-Th>snSkV;yB~A<7|B2uyrHSyLg1ybk
zhpEz7!Vmwj;2#5A;^HQrX8yWGnK_|NJpzf{jmojht})3*Ar(}Qd9m-Zq7+^}`K<BE
z`?OEkSQF4qpI%SBI}*-0ed}gds$ud~&Efpjsu1efV4Y*U`bv)4^~02z*|j?<O$}da
z3RcRcZccF&wdxj;OL{Y>TQ&C@e72}HKGN~oH_5zP?cxP-B;Li3rdPTwHubLmB{Uf*
zem0D){S+~9ow*GCoSY?1g9jOu6@ExLR#YR|$?sn@G%dOL<4Z@Fb{b%s*M-6ANNf=t
zSGo3X4?b5oCD`y4^?LA$32D4i=e@i`#kqWj3srk5A;S9~WtvgMmd3>!V(cV;y^>Uw
zHxey;eRdHo319z|Sl^yDRO5ScG`D|Dn-w#tW(008j=kyg!v7ex2Tsrqt<2Yj2;^=R
z`WFls5)HebKj!JSN2zDCxa-UN@m(r!h|K)@v{>zYCZxlBQ1K6B<{rZnHiBg<gXiZH
zx;r<w6~=g%;SV_(AQ8`z*=GzaEGk<9;u8fr@z>E#V)DWj^kQ;`hRuSkWR1@qDxZJe
zVPm^jkK;5mRprW`^M&je44<OfDQ&?D#e#AwMN0d660wR-@xl*kCE>31&r4n;L=&It
z)0M&7Z)CiMj}TvP4lS*BA(mz(H&ymzBCB7^uuV&Fha^g}7cRZBleg-z)K2w-9~b&<
z30Fn4RNwg^gf3%dcUVHFYT72|<^?Rv8*C|FkTh7z&##Gn|E5Ib#tCFDuHT5Sw5lLW
z(yS`^NwwR7#eE5Sk%F<(e##Llg?Bs7KxlV98b0_1JDPD+`mvn<oO}=%eCej}p@6F0
zsSoYbM)g&mY^|xQJ`$2eX$&)d`FLXV04zlD#Z|kGm*p`XqvwNQxjhLO=g@cNc|u;A
z7Hi?hs~4+c+?unKAKx%|89n;kIdcpqPv&eLjp!%4YHG)eq7N5EXpSyh{mDKT@Ajw>
zLge?G1c;Z*q69KV>mtn`*-N<>Cn<h(?k$%S9CcN^{Z7u<1GCpk&WP10c9YYv>7BKX
zjEif$`*Ruvyx2!qGuC&`mUqx}D4r@-e{%kl9jdhfQV<pmZAQ9VHAkg)rHegb#y`*a
zSO1l;4-aYM#B1uRPFqlV^lrPzW6R~aS$*e>bySHZN8Y+~?nUKz*g+ItO@puX$UN)=
zH*C(1Z>Ka2qK=vJ9lT9XP>emBI}yI~*<}PH&aeGhHfWCy$;k+mA8v*3v#}~mhiRiZ
z+1D60iMLCVMgwA)39-ZGYZjQfUD7f7yQ++`!L1tLvf!L!R$WV3zXg|7KtE=Q#=dkL
z=hNF~v*{vh_}-=n&f&RSKeV9w_B$E|lTxvHfi~tlGSwfJ^e-<S=$~}G<XCw9gjso?
zxAdlT&*!OGLY$C3Y)0U=MW1KxicS8Sh4HmaRcX}W!3c53!m;8Z>hSws!&_d4Qm#XG
z_bNHErIv%`>>1fx`=XI_R?k5-PRFlsIarrO4%<oUWO}Qd{+^|2y>97=#+leQ{qonA
z*Y-|2`3%{+XbV)mzXIGWTA)-Mxw&2P<ZkDkvt#&bkBYTl(9wF8@mDm?>HfNXP0ele
zm-=IAw#%gl$45Qqeh=n&ZJ$VM+4`yK&Dy5m<x!Mhp&vO}efzuZ+8hs%&1~j@4+0T0
zU%J<n3RlwMLlWx!AP`?7&CJZn+RW^)r!Dsxn-hJ(!0M6ljus!6B4@81Gmtl_1;N$F
zl}?c=OgF11dKI{dT(WJ-x3<0b=8amN{Ejuxa(o@`{q(3hI6(<g33oUHcYgEbqUl)$
zsT9tK*;iw;J0Z0<>@Xaexa)`ZtE6vXt+=7)#f%<;iTtR{%zx=x+dN`Ly?oR*a3A;V
zqv7%-xJ>90pWy{u^YjUedK3K`TA%Kmtfl8c_tVc#w@KcEd{7>cyE1~ivO_+M^0=Kc
zaa#E?vGip6E(&0#oU4*@Bg<jMv>QlYkf&A*9=#g*aq9`O)lT#PEd`onp=pu;7Ls&z
zN=m|2;P<JZYx5T8&*NfFdyCywKRWJdEV+%`CbcfobYJVN%O!@hn&@KFA4`@J;2Hiu
zuhV0dhC(=k^F{(55d%K{d^LH6I`_R6!3x8|@XGsH)gs=rphu3uFH(1QIJ&6G$1h`6
zuj?b(;(`OiukajPG^o1QZB-bD6Ku6fYnc5o8~^Iny20=7=0vI=2R+y%s3FhY6@}5b
zyB|+`J3NU=hZD$5A^;Dg2ZDHqzEM~pf#eUcAw+;mV;Df^?l(apG_nEIL(3j%A7}>n
z(ySta0G9{{S5kyONtX;YG8EGf!*c=X0Gj{_qX#fp_%H+L1}>g^&l4k{kPQ>IzX8<K
z-U(vH3<4lnI2MkCS%lF-&`?7$h<*^6f_FCG{|$oMGJyKB*@1WjA~ZA<9*Ti8gQy6U
zuC6WuiAJE&Fs=oR70zH2!e9)RG7sV_hB?3@1<?Z8G$sSWYZHjfV737i%GE>uijN*>
zZ~q;h!TQDmmk&f3ArOIrBN22u;>R8=wnYg0Klfm{ayO9(XMn{F4k7^-ApnD|{38UJ
z^u2#za8STTI%E<82mt6@Qx+Ek^$(Yp*7i>SpnyuF2X6G@hW`&sHjP60_p$Lb8^Qgz
z?EiBn8^#+P;mw((U|x9E<_1une>|B<qLJ|%w>n5HMh8XIg5f9xEDVd|UUaq56qvRS
z0i{JmQcy$^`3ER#28&H#kN_SOR|2PTamZvXqBcqg2h&B7kT9$+Nf$=YAptNVibT@Y
z(bmNhw16KV9D``wsw4#b7!?nS%!2}uI4z785k|t`xY3}9WEfG0jDcwrDJT*ONkAdV
zIvY@A5`I53h)&=RCyh>^0*F8cbwj};9B<-eZ2(2Xk$+2^0tjphw}S!Hj>ZTM`&;2k
zqXRB%0*_6UwhoR<hmH<b2Z=#paDN-Q13@fqCGs#)NH_+)q2Ub+FBxtM1onm&^;ed7
zvmk)LW(K)3nE?h+9t4Ef^Sj!fJDtb`Ho=_02DqR|GzO2v;87S?6bi3}=6*GhC_M59
zdnTDi3IE@$d6NgC|CMAb8jI^cd_(kgM!5jTzP7$L1883xkc~-!Cy>6Tz#@bIU&s5q
zisVaRPyz1hf%vDK_HRl-hfKkdxrGD65OoMJEKwH=BjPX=7==s(w6w?s66ISdd`Dq1
zDeO=}5MV;(^2p_iTaz1HLDV(|YTrMtLwy0pR|;TA4D4?Tu-_;^d`lSdW5)W3|G~*u
zgC7<d-r9xuws>*ZLd5sQ@Ed3U$Hz}6Kb`z^^3%yrCqJG1bn^eoiP+z-Qvidz3kv1F
zEOBHfbGR>B!bDq3bI=#wC%>Wi5?3M`XmyYU0*TA=PCigpjsjOG!nU@z5SbK^6vJwZ
zdp<ybK>QWf<|eMVF8al%{;nPht+A8Ck&_M+%8GY01@$UQ<t3AdMZ$tcmrdVQZ+UFt
zVNvqM+GJI!Zpw6!ac}CjoOdlTV6(ur=jKFV*)}`$r4_5$C&Q85;rHuSoL9>?)z>#I
zG|nxQh>v{vn0;%>A1!(kzq&q>)xS!eU<_Nw<}uqj)#r-Q_m+Q2USBhLGHvuGC$f0`
zcO?yU=vc}pP=5pG#q8&yfJVRPdfLYq_<vK?5Ik#}Q#UWyrY@J}T-UHm$*F(vIOX>!
zlW2OPU4I5X@&fY8Bg577?)P+e+s%|EeV0D<(wicnWP_aio1YM7JJDKtZCw+od(Pcu
ze>l|pXLfRKbL&IQcrQ(z`4KcFF<R9Rg)UY&7S(i`PZd0s28d~xsU>vLW98LxiQ}tc
zw{8i+r3R-0gicO|p8`9toQfKL;B&X@WS?k?CEyvE_^z>;eKOgtwWH5Z(En`C@QZf$
zKbqo$_Vraez8*eUPc*+XP;6wSdvIUA(Px>Ooju{}Y1kCSnVITz4QgC(oy1XD=xwJq
zYEKJ|@<v;`YP=IT<54MVw08E@*>LZI&el>5eTMw9H!@|8@%ibbU#`E;Vn$_HmB1M1
z%DJQ-&ud;Hc6o1?M330Vv<~&JHj2w%RDiute2uGfzkKpS+fpU*$sKdRa<{WnMq%R-
zpg7N{7NsRWxx+?0m%0gbr~$Q0b0x}qM)qpT?mQ8>xS$MWU8nBOT@MP<`Dg;t)2X6G
z;8pvnU}HCvPKfevi&m)@dq@4H1^w@h0&#vFlTXsjRu4N3rK;p#-+blbwo81q&I{sQ
z=U6pLX&-BMFnZ&?#ieU~uO-CoO1KjDK2CDpT*+b7ys}^C{_@CeubL4%mDdc`RU++_
wGe3Cm-c(sTnK(X7Vzawyxc3NF?DD!mWI^~brIw*s-k%HB77pf>rbiS03!u|@5C8xG

literal 0
Hc-jL100001

diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 33730f0c31..b9665e62d4 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -817,7 +817,7 @@
 'display hostname in window title' => 'Hostname im Fenstertitel anzeigen',
 'display traffic at home' => 'Berechneten Traffic auf der Startseite anzeigen',
 'display webinterface effects' => 'Ãberblendeffekte einschalten',
-'dl client arch' => 'Client Paket herunterladen (zip)',
+'dl client arch' => 'VerschlÃ¼sseltes Client Paket herunterladen (zip)',
 'dl client arch insecure' => 'Ungesichertes Client-Paket herunterladen (zip)',
 'dmz' => 'DMZ',
 'dmz pinhole configuration' => 'Einstellungen des DMZ-Schlupfloches',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 729516538b..7b16704945 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -859,7 +859,7 @@
 'display hostname in window title' => 'Display hostname in window title',
 'display traffic at home' => 'Display calculated traffic on startpage',
 'display webinterface effects' => 'Activate effects',
-'dl client arch' => 'Download Client Package (zip)',
+'dl client arch' => 'Download Encrypted Client Package (zip)',
 'dl client arch insecure' => 'Download insecure Client Package (zip)',
 'dmz' => 'DMZ',
 'dmz pinhole configuration' => 'DMZ pinhole configuration',
-- 
2.47.2