@@ -250,6 +250,20 @@ sub pkiconfigcheck
}
}
+ # Warning if deprecated 64-bit-block ciphers or weak HMAC is in usage
+ if (-f "${General::swroot}/ovpn/server.conf") {
+ my $oldciphers = "${General::swroot}/ovpn/server.conf";
+ open(FH, $oldciphers);
+ while(my $cipherstring = <FH>) {
+ if ($cipherstring =~ /BF-CBC|CAST5-CBC|DESX-CBC|DES-EDE-CBC|DES-EDE3-CBC|SHA1/) {
+ my @tempcipherstring = split(" ", $cipherstring);
+ $cryptowarning = "<br>$Lang::tr{'ovpn warning algorithm'}: <font color='red'>$tempcipherstring[1]</font></br>$Lang::tr{'ovpn warning 64 bit block cipher'}";
+ goto CRYPTO_WARNING;
+ }
+ }
+ close(FH);
+ }
+
CRYPTO_WARNING:
}
@@ -5242,6 +5256,9 @@ END
my @status = `/bin/cat /var/run/ovpnserver.log`;
+ # Perform crypto and configration test to display warnings or errors
+ &pkiconfigcheck;
+
if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
my $ipaddr = <IPADDR>;
@@ -1948,6 +1948,8 @@
'ovpn subnet is invalid' => 'Das OpenVPN-Subnetz ist ungültig.',
'ovpn subnet overlap' => 'OpenVPNSubnetz überschneidet sich mit ',
'ovpn tls auth' => 'TLS-Kanalabsicherung:',
+'ovpn warning 64 bit block cipher' => 'Diser Algorithmus ist unsicher und wird bald entfernt. <br>Bitte ändern Sie dies so schnell wie möglich!</br>',
+'ovpn warning algorithm' => 'Folgender Algorithmus wurde konfiguriert',
'ovpn warning rfc3280' => 'Das Host Zertifikat ist nicht RFC3280 Regelkonform. <br>Bitte IPFire auf die letzte Version updaten und generieren sie ein neues Root und Host Zertifikat so bald wie möglich.</br><br>Es müssen dann alle OpenVPN clients erneuert werden!</br>',
'ovpn_fastio' => 'Fast-IO',
'ovpn_fragment' => 'Fragmentgrösse',
@@ -1980,6 +1980,8 @@
'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.',
'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ',
'ovpn tls auth' => 'TLS Channel Protection:',
+'ovpn warning 64 bit block cipher' => 'This encryption algorithm is broken and will soon be removed. <br>Please change this as soon as possible!</br>',
+'ovpn warning algorithm' => 'You configured the algorithm',
'ovpn warning rfc3280' => 'Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>',
'ovpn_fastio' => 'Fast-IO',
'ovpn_mssfix' => 'MSSFIX Size',
@@ -552,6 +552,8 @@
'credits' => 'Creditos',
'crl' => 'Lista de revocación de certificados',
'cron server' => 'Servidor CRON',
+'crypto error' => 'Error de criptografía',
+'crypto warning' => 'Advertencias sobre la criptografía',
'current' => 'Actual',
'current aliases' => 'Alias actuales',
'current class' => 'Clase actual',
@@ -1345,6 +1347,8 @@
'ovpn subnet' => 'Subred de OpenVPN (ej. 10.0.10.0/255.255.255.0',
'ovpn subnet is invalid' => 'Subred de OpenVPN no es válida.',
'ovpn subnet overlap' => 'La subred de OpenVPN se traslapa con:',
+'ovpn warning 64 bit block cipher' => 'Este algoritmo de cifrado del está roto y pronto se eliminará. <br>¡Por favor, cambie esto lo antes posible!</br>',
+'ovpn warning algorithm' => 'Se configuró el siguiente algoritmo',
'ovpn_fastio' => 'Fast-IO',
'ovpn_fragment' => 'Tamaño de Fragmento',
'ovpn_mssfix' => 'Tamaño MSSFIX',
@@ -1981,6 +1981,8 @@
'ovpn subnet is invalid' => 'Sous-réseau OpenVPN non valide.',
'ovpn subnet overlap' => 'Le sous-réseau OpenVPN se chevauche avec : ',
'ovpn tls auth' => 'Protection du canal TLS :',
+'ovpn warning 64 bit block cipher' => 'Ce L\'algorithme de chiffage du n\'est plus sûr et sera bientôt supprimé. <br>Veuillez changer cela dès que possible!</br>',
+'ovpn warning algorithm' => 'L\'algorithme suivant a été configuré',
'ovpn warning rfc3280' => 'Votre certificat d\'hôte n\'est pas conforme avec la RFC3280.<br>Veuillez mettre à jour la dernière version d\'IPFire et générer dès que possible un nouveau certificat racine et hôte.</br><br>Tous les clients OpenVPN doivent ensuite être renouvelés !</br>',
'ovpn_fastio' => 'Fast-IO',
'ovpn_fragment' => 'Taille du fragment',
@@ -622,6 +622,8 @@
'credits' => 'Credits',
'crl' => 'Certificate Revocation List',
'cron server' => 'CRON Server',
+'crypto error' => 'Errore di crittografia',
+'crypto warning' => 'Avvertenze di crittografia',
'current' => 'Current',
'current aliases' => 'Current aliases',
'current class' => 'Current class',
@@ -1733,6 +1735,8 @@
'ovpn subnet' => 'OpenVPN subnet (e.g. 10.0.10.0/255.255.255.0)',
'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.',
'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ',
+'ovpn warning 64 bit block cipher' => 'L\'algoritmo di crittografia è insicuro e verrà presto disinstallato.<br>Si prega di cambiare il più presto possibile!</br>',
+'ovpn warning algorithm' => 'È stato configurato il seguente algoritmo',
'ovpn_fastio' => 'Fast-IO',
'ovpn_mssfix' => 'MSSFIX Size',
'ovpn_mtudisc' => 'MTU-Discovery',
@@ -616,6 +616,8 @@
'credits' => 'Credits',
'crl' => 'Certificaatintrekkingslijst',
'cron server' => 'CRON Server',
+'crypto error' => 'Cryptografische fout',
+'crypto warning' => 'Cryptografie waarschuwingen',
'current' => 'Huidig',
'current aliases' => 'Huidige aliassen:',
'current class' => 'Huidige klasse',
@@ -1686,6 +1688,9 @@
'ovpn subnet' => 'OpenVPN subnet (bijv. 10.0.10.0/255.255.255.0)',
'ovpn subnet is invalid' => 'OpenVPN subnet is ongeldig.',
'ovpn subnet overlap' => 'OpenVPN subnet overlapt met : ',
+'ovpn warning 64 bit block cipher' => 'Dit encryptie algoritme is verbroken en zal binnenkort worden verwijderd. <br>Verander dit zo snel mogelijk!</br>',
+'ovpn warning algorithm' => 'U hebt het algoritme geconfigureerd',
+'ovpn warning rfc3280' => 'Uw gastheercertificaat is niet RFC3280-conform. <br>Please-update naar de nieuwste IPFire-versie en genereer zo snel mogelijk een nieuw root- en host-certificaat.</br><br>Alle OpenVPN-clients moeten dan vernieuwd worden!</br>',
'ovpn_fastio' => 'Fast-IO',
'ovpn_fragment' => 'Fragmentgrootte',
'ovpn_mssfix' => 'MSSFIX-grootte',
@@ -553,6 +553,8 @@
'credits' => 'Credits',
'crl' => 'Lista odwołań certyfikatów',
'cron server' => 'Serwer CRON',
+'crypto error' => 'Błąd kryptograficzny',
+'crypto warning' => 'Ostrzeżenia kryptograficzne',
'current' => 'Aktualne',
'current aliases' => 'Aktualne alias:',
'current class' => 'Aktualna klasa',
@@ -1357,6 +1359,8 @@
'ovpn subnet' => 'Podsieć OpenVPN (np. 10.0.10.0/255.255.255.0)',
'ovpn subnet is invalid' => 'Podsieć OpenVPN jest niepoprawna.',
'ovpn subnet overlap' => 'Podsieć OpenVPN zachodzi na : ',
+'ovpn warning 64 bit block cipher' => 'Szyfr danych wymaga co najmniej jednego szyfru. <br>Proszę to zmienić jak najszybciej!</br>',
+'ovpn warning algorithm' => 'Skonfigurowałeś algorytm',
'ovpn_fastio' => 'Fast-IO',
'ovpn_fragment' => 'Rozmiar fragmentu',
'ovpn_mssfix' => 'MSSFIX Size',
@@ -551,6 +551,8 @@
'credits' => 'О Проекте',
'crl' => 'Список отозванных сертификатов',
'cron server' => 'CRON Сервер',
+'crypto error' => 'Ошибка криптографии',
+'crypto warning' => 'крипто-предупреждение',
'current' => 'Current',
'current aliases' => 'Действующие псевдонимы:',
'current class' => 'Текущий класс',
@@ -1352,6 +1354,8 @@
'ovpn subnet' => 'Подсеть OpenVPN (e.g. 10.0.10.0/255.255.255.0)',
'ovpn subnet is invalid' => 'Подсеть OpenVPN задана неверно.',
'ovpn subnet overlap' => 'Подсеть OpenVPN пересекается с: ',
+'ovpn warning 64 bit block cipher' => 'Этот алгоритм шифрования сломан и вскоре будет удален. <br>Пожалуйста, измените это как можно скорее!</br>',
+'ovpn warning algorithm' => 'Вы настроили алгоритм',
'ovpn_fastio' => 'Fast-IO',
'ovpn_fragment' => 'Fragmentsize',
'ovpn_mssfix' => 'MSSFIX Size',
@@ -682,6 +682,8 @@
'credits' => 'Yazarlar',
'crl' => 'Sertifika İptal Listesi',
'cron server' => 'CRON Sunucusu',
+'crypto error' => 'Kriptografi hatası',
+'crypto warning' => 'Kriptografi uyarıları',
'current' => 'Geçerli',
'current aliases' => 'Geçerli takma adlar:',
'current class' => 'Geçerli sınıflar',
@@ -1878,6 +1880,8 @@
'ovpn subnet' => 'OpenVPN alt ağı (örneğin 10.0.10.0/255.255.255.0)',
'ovpn subnet is invalid' => 'Geçersiz OpenVPN alt ağı.',
'ovpn subnet overlap' => 'OpenVPN alt ağı ile örtüşenler: ',
+'ovpn warning 64 bit block cipher' => 'Bu şifreleme algoritması bozuldu ve yakında kaldırılacak. <br> Lütfen bunu mümkün olan en kısa sürede değiştirin!</br>',
+'ovpn warning algorithm' => 'Algoritmayı sen yapılandırdın',
'ovpn_fastio' => 'Hızlı-IO',
'ovpn_mssfix' => 'MSSFIX Boyutu',
'ovpn_mtudisc' => 'MTU-Keşfi',