@@ -327,7 +327,7 @@ sub writeserverconf {
}
print CONF "status-version 1\n";
print CONF "status /var/run/ovpnserver.log 30\n";
- print CONF "cipher $sovpnsettings{DCIPHER}\n";
+ print CONF "data-ciphers-fallback $sovpnsettings{DCIPHER}\n";
# Data channel encryption
# Set seperator for data ciphers
@@ -928,6 +928,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) {
&General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
+ $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
$vpnsettings{'DATACIPHERS'} = $cgiparams{'DATACIPHERS'};
# --data-ciphers needs at least one cipher
@@ -1245,7 +1246,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
$vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'};
$vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
$vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
- $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
$vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
$vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
#wrtie enable
@@ -2915,10 +2915,30 @@ END
$key = &General::findhasharraykey (\%confighash);
foreach my $i (39.. 45) { $confighash{$key}[$i] = ""; }
}
+ $confighash{$key}[40] = $cgiparams{'DCIPHER'};
$confighash{$key}[42] = $cgiparams{'DATACIPHERS'};
ADV_ENC_ERROR:
+ # Set default for data-cipher-fallback (the old --cipher directive)
+ if ($cgiparams{'DCIPHER'} eq '') {
+ $cgiparams{'DCIPHER'} = 'AES-256-CBC'; #[40]
+ }
+ $checked{'DCIPHER'}{'AES-256-CBC'} = '';
+ $checked{'DCIPHER'}{'AES-192-CBC'} = '';
+ $checked{'DCIPHER'}{'AES-128-CBC'} = '';
+ $checked{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
+ $checked{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
+ $checked{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
+ $checked{'DCIPHER'}{'SEED-CBC'} = '';
+ $checked{'DCIPHER'}{'DES-EDE3-CBC'} = '';
+ $checked{'DCIPHER'}{'DESX-CBC'} = '';
+ $checked{'DCIPHER'}{'DES-EDE-CBC'} = '';
+ $checked{'DCIPHER'}{'BF-CBC'} = '';
+ $checked{'DCIPHER'}{'CAST5-CBC'} = '';
+ @temp = split('\|', $cgiparams{'DCIPHER'});
+ foreach my $key (@temp) {$checked{'DCIPHER'}{$key} = "selected='selected'"; }
+
# Set default data channel ciphers
if ($cgiparams{'DATACIPHERS'} eq '') {
$cgiparams{'DATACIPHERS'} = 'ChaCha20-Poly1305|AES-256-GCM'; #[42];
@@ -2932,8 +2952,10 @@ ADV_ENC_ERROR:
# Save settings and display default if not configured
if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) {
+ $confighash{$cgiparams{'KEY'}}[40] = $cgiparams{'DCIPHER'};
$confighash{$cgiparams{'KEY'}}[42] = $cgiparams{'DATACIPHERS'};
} else {
+ $cgiparams{'DCIPHER'} = $vpnsettings{'DCIPHER'};
$cgiparams{'DATACIPHERS'} = $vpnsettings{'DATACIPHERS'};
}
@@ -2968,6 +2990,7 @@ ADV_ENC_ERROR:
<tr>
<th width="15%"></th>
<th>$Lang::tr{'ovpn data channel'}</th>
+ <th>$Lang::tr{'ovpn data channel fallback'}</th>
</tr>
</thead>
<tbody>
@@ -2981,7 +3004,25 @@ ADV_ENC_ERROR:
<option value='AES-128-GCM' $checked{'DATACIPHERS'}{'AES-128-GCM'}>128 $Lang::tr{'bit'} AES-GCM</option>
</select>
</td>
+
+ <td class='boldbase'>
+ <select name='DCIPHER' size='6' style='width: 100%'>
+ <option value='AES-256-CBC' $checked{'DCIPHER'}{'AES-256-CBC'}>256 $Lang::tr{'bit'} AES-CBC</option>
+ <option value='AES-192-CBC' $checked{'DCIPHER'}{'AES-192-CBC'}>192 $Lang::tr{'bit'} AES-CBC</option>
+ <option value='AES-128-CBC' $checked{'DCIPHER'}{'AES-128-CBC'}>128 bit AES-CBC</option>
+ <option value='CAMELLIA-256-CBC' $checked{'DCIPHER'}{'CAMELLIA-256-CBC'}>256 $Lang::tr{'bit'} Camellia-CBC</option>
+ <option value='CAMELLIA-192-CBC' $checked{'DCIPHER'}{'CAMELLIA-192-CBC'}>192 $Lang::tr{'bit'} CAMELLIA-CBC</option>
+ <option value='CAMELLIA-128-CBC' $checked{'DCIPHER'}{'CAMELLIA-128-CBC'}>128 $Lang::tr{'bit'} Camellia-CBC</option>
+ <option value='SEED-CBC' $checked{'DCIPHER'}{'SEED-CBC'}>128 $Lang::tr{'bit'} SEED-CBC</option>
+ <option value='DES-EDE3-CBC' $checked{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC 192 $Lang::tr{'bit'} - $Lang::tr{'vpn weak'}</option>
+ <option value='DESX-CBC' $checked{'DCIPHER'}{'DESX-CBC'}>DESX-CBC 192 $Lang::tr{'bit'} - $Lang::tr{'vpn weak'}</option>
+ <option value='DES-EDE-CBC' $checked{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC 128 $Lang::tr{'bit'} - $Lang::tr{'vpn weak'}</option>
+ <option value='BF-CBC' $checked{'DCIPHER'}{'BF-CBC'}>BF-CBC 128 $Lang::tr{'bit'} - $Lang::tr{'vpn weak'}</option>
+ <option value='CAST5-CBC' $checked{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC 128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'}</option>
+ </select>
+ </td>
</tr>
+
</tbody>
</table>
<hr>
@@ -4677,28 +4718,6 @@ if ($cgiparams{'TYPE'} eq 'net') {
$checked{'MSSFIX'}{'on'} = '';
$checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
- $selected{'DCIPHER'}{'AES-256-GCM'} = '';
- $selected{'DCIPHER'}{'AES-192-GCM'} = '';
- $selected{'DCIPHER'}{'AES-128-GCM'} = '';
- $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
- $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
- $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
- $selected{'DCIPHER'}{'AES-256-CBC'} = '';
- $selected{'DCIPHER'}{'AES-192-CBC'} = '';
- $selected{'DCIPHER'}{'AES-128-CBC'} = '';
- $selected{'DCIPHER'}{'DESX-CBC'} = '';
- $selected{'DCIPHER'}{'SEED-CBC'} = '';
- $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
- $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
- $selected{'DCIPHER'}{'CAST5-CBC'} = '';
- $selected{'DCIPHER'}{'BF-CBC'} = '';
- $selected{'DCIPHER'}{'DES-CBC'} = '';
- # If no cipher has been chossen yet, select
- # the old default (AES-256-CBC) for compatiblity reasons.
- if ($cgiparams{'DCIPHER'} eq '') {
- $cgiparams{'DCIPHER'} = 'AES-256-CBC';
- }
- $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
$selected{'DAUTH'}{'whirlpool'} = '';
$selected{'DAUTH'}{'SHA512'} = '';
$selected{'DAUTH'}{'SHA384'} = '';
@@ -5236,9 +5255,6 @@ END
}
#default setzen
- if ($cgiparams{'DCIPHER'} eq '') {
- $cgiparams{'DCIPHER'} = 'AES-256-CBC';
- }
if ($cgiparams{'DDEST_PORT'} eq '') {
$cgiparams{'DDEST_PORT'} = '1194';
}
@@ -5280,24 +5296,6 @@ END
$selected{'DPROTOCOL'}{'tcp'} = '';
$selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
- $selected{'DCIPHER'}{'AES-256-GCM'} = '';
- $selected{'DCIPHER'}{'AES-192-GCM'} = '';
- $selected{'DCIPHER'}{'AES-128-GCM'} = '';
- $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
- $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
- $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
- $selected{'DCIPHER'}{'AES-256-CBC'} = '';
- $selected{'DCIPHER'}{'AES-192-CBC'} = '';
- $selected{'DCIPHER'}{'AES-128-CBC'} = '';
- $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
- $selected{'DCIPHER'}{'DESX-CBC'} = '';
- $selected{'DCIPHER'}{'SEED-CBC'} = '';
- $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
- $selected{'DCIPHER'}{'CAST5-CBC'} = '';
- $selected{'DCIPHER'}{'BF-CBC'} = '';
- $selected{'DCIPHER'}{'DES-CBC'} = '';
- $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
-
$selected{'DAUTH'}{'whirlpool'} = '';
$selected{'DAUTH'}{'SHA512'} = '';
$selected{'DAUTH'}{'SHA384'} = '';
@@ -5427,26 +5425,6 @@ END
<option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
</select>
</td>
-
- <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
- <td><select name='DCIPHER'>
- <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option>
- <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option>
- <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option>
- <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
- <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
- <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
- <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option>
- <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
- <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
- <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
- <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- </select>
- </td>
</tr>
<tr><td colspan='4'><br></td></tr>
@@ -6002,3 +5980,4 @@ END
&Header::closepage();
+
@@ -1910,6 +1910,7 @@
'ovpn crypt options' => 'Kryptografieoptionen',
'ovpn data encryption' => 'Daten-Kanal Verschlüsselung',
'ovpn data channel' => 'Daten-Kanal',
+'ovpn data channel fallback' => 'Daten-Kanal Fallback',
'ovpn device' => 'OpenVPN-Gerät',
'ovpn dh' => 'Diffie-Hellman-Parameter-Länge',
'ovpn dh new key' => 'Neuen Diffie-Hellman Parameter erstellen',
@@ -1942,6 +1942,7 @@
'ovpn crypt options' => 'Cryptographic options',
'ovpn data encryption' => 'Data-Channel encryption',
'ovpn data channel' => 'Data-Channel',
+'ovpn data channel fallback' => 'Data-Channel fallback',
'ovpn device' => 'OpenVPN device:',
'ovpn dh' => 'Diffie-Hellman parameters length',
'ovpn dh new key' => 'Generate new Diffie-Hellman parameters',
@@ -1333,6 +1333,7 @@
'ovpn config' => 'Configruación de OVPN',
'ovpn data encryption' => 'Encriptación Data-Channel',
'ovpn data channel' => 'Canal-Datos',
+'ovpn data channel fallback' => 'Retroceso Canal-Datos',
'ovpn device' => 'Dispositivo OpenVPN',
'ovpn errmsg invalid data cipher input' => 'El cifrado de datos necesita al menos de un cifrado',
'ovpn dl' => 'Configuración de descargas OVPN',
@@ -1943,6 +1943,7 @@
'ovpn crypt options' => 'Options cryptographiques',
'ovpn data encryption' => 'Chiffrage du canal de données',
'ovpn data channel' => 'Canal de données',
+'ovpn data channel fallback' => 'Canal de données de repli',
'ovpn device' => 'Périphérique OpenVPN :',
'ovpn dh' => 'Longueur de paramètres Diffie-Hellman ',
'ovpn dh new key' => 'Générer de nouveaux paramètres Diffie-Hellman ',
@@ -45,6 +45,7 @@
'OVPN' => 'OpenVPN',
'ovpn data encryption' => 'Crittografia del canale dati',
'ovpn data channel' => 'Canale-Dati',
+'ovpn data channel fallback' => 'Canale-Dati di riserva',
'ovpn advanced encryption' => 'Impostazioni avanzate di crittografia',
'ovpn client version 25 cipher negotiation' => 'Negozazione cirttografia',
'ovpn client version 25 warning' => 'Disponibile con client 2.5.0 o più recente',
@@ -1660,6 +1660,7 @@
'ovpn config' => 'OVPN-Configuratie',
'ovpn data encryption' => 'Datakanaalversleuteling',
'ovpn data channel' => 'Data-kanaal',
+'ovpn data channel fallback' => 'Data-Kanaal terugval',
'ovpn device' => 'OpenVPN apparaat:',
'ovpn dl' => 'OVPN-Configuratie download',
'ovpn errmsg green already pushed' => 'Route voor het groene netwerk is altijd aangezet',
@@ -1345,6 +1345,7 @@
'ovpn config' => 'OVPN-Konfig',
'ovpn data encryption' => 'Szyfrowanie Kanału-Danych',
'ovpn data channel' => 'Kanał-Danych',
+'ovpn data channel fallback' => 'Awaria Kanału-Danych',
'ovpn device' => 'Urządzenie OpenVPN:',
'ovpn dl' => 'Pobierz konfig OVPN',
'ovpn errmsg invalid data cipher input' => 'Szyfr danych wymaga co najmniej jednego szyfru',
@@ -1336,6 +1336,7 @@
'ovpn config' => 'Настройки OVPN',
'ovpn data encryption' => 'шифрование-каналов данных',
'ovpn data channel' => 'Информационный-канал',
+'ovpn data channel fallback' => 'Информационный-канал отступление',
'ovpn device' => 'Устройство OpenVPN:',
'ovpn dl' => 'Загрузка настроек OVPN',
'ovpn errmsg green already pushed' => 'Маршрут для зелёной сети всегда включён',
@@ -1842,6 +1842,7 @@
'ovpn config' => 'OVPN-Yapılandırması',
'ovpn crypt options' => 'Şifreleme seçenekleri',
'ovpn data channel' => 'Veri-Kanalı',
+'ovpn data channel fallback' => 'Veri-Kanalı geri dönüşü',
'ovpn data encryption' => 'Veri-Kanalı şifreleme',
'ovpn device' => 'OpenVPN aygıtı:',
'ovpn dh' => 'Diffie-Hellman parametre uzunluğu',