@@ -958,6 +958,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) {
&General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
+ $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
$vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
$vpnsettings{'DATACIPHERS'} = $cgiparams{'DATACIPHERS'};
@@ -1292,7 +1293,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
$vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'};
$vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
$vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
- $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
$vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
#wrtie enable
@@ -2979,6 +2979,7 @@ END
$key = &General::findhasharraykey (\%confighash);
foreach my $i (39.. 45) { $confighash{$key}[$i] = ""; }
}
+ $confighash{$key}[39] = $cgiparams{'DAUTH'};
$confighash{$key}[40] = $cgiparams{'DCIPHER'};
$confighash{$key}[42] = $cgiparams{'DATACIPHERS'};
$confighash{$key}[43] = $cgiparams{'CHANNELCIPHERS'};
@@ -2986,6 +2987,23 @@ END
ADV_ENC_ERROR:
+ # Set default for hash message authentication code
+ if ($cgiparams{'DAUTH'} eq '') {
+ $cgiparams{'DAUTH'} = 'SHA512'; #[39];
+ }
+ $checked{'DAUTH'}{'BLAKE2b512'} = '';
+ $checked{'DAUTH'}{'BLAKE2s256'} = '';
+ $checked{'DAUTH'}{'SHA3-512'} = '';
+ $checked{'DAUTH'}{'SHA3-384'} = '';
+ $checked{'DAUTH'}{'SHA3-256'} = '';
+ $checked{'DAUTH'}{'SHA512'} = '';
+ $checked{'DAUTH'}{'SHA384'} = '';
+ $checked{'DAUTH'}{'SHA256'} = '';
+ $checked{'DAUTH'}{'whirlpool'} = '';
+ $checked{'DAUTH'}{'SHA1'} = '';
+ @temp = split('\|', $cgiparams{'DAUTH'});
+ foreach my $key (@temp) {$checked{'DAUTH'}{$key} = "selected='selected'"; }
+
# Set default for data-cipher-fallback (the old --cipher directive)
if ($cgiparams{'DCIPHER'} eq '') {
$cgiparams{'DCIPHER'} = 'AES-256-CBC'; #[40]
@@ -3038,11 +3056,13 @@ ADV_ENC_ERROR:
# Save settings and display default if not configured
if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) {
+ $confighash{$cgiparams{'KEY'}}[39] = $cgiparams{'DAUTH'};
$confighash{$cgiparams{'KEY'}}[40] = $cgiparams{'DCIPHER'};
$confighash{$cgiparams{'KEY'}}[42] = $cgiparams{'DATACIPHERS'};
$confighash{$cgiparams{'KEY'}}[43] = $cgiparams{'CHANNELCIPHERS'};
$confighash{$cgiparams{'KEY'}}[44] = $cgiparams{'NCHANNELCIPHERS'};
} else {
+ $cgiparams{'DAUTH'} = $vpnsettings{'DAUTH'};
$cgiparams{'DCIPHER'} = $vpnsettings{'DCIPHER'};
$cgiparams{'DATACIPHERS'} = $vpnsettings{'DATACIPHERS'};
$cgiparams{'CHANNELCIPHERS'} = $vpnsettings{'CHANNELCIPHERS'};
@@ -3148,6 +3168,35 @@ ADV_ENC_ERROR:
<br><br>
+ <h2>$Lang::tr{'ovpn crypt options'}:</h2>
+
+ <table width="100%">
+ <thead>
+ <tr>
+ <th width="15%"></th>
+ <th>$Lang::tr{'ovpn ha'}</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td width="27%">$Lang::tr{'ovpn data channel authentication'}</td>
+ <td class='boldbase'>
+ <select name='DAUTH' size='6' style='width: 100%'>
+ <option value='BLAKE2b512' $checked{'DAUTH'}{'BLAKE2b512'}>Blake2 512 $Lang::tr{'bit'} - 64-bit optimized</option>
+ <option value='BLAKE2s256' $checked{'DAUTH'}{'BLAKE2s256'}>Blake2 256 $Lang::tr{'bit'} - 8- to 32-bit optimized</option>
+ <option value='SHA3-512' $checked{'DAUTH'}{'SHA3-512'}>SHA3 512 $Lang::tr{'bit'}</option>
+ <option value='SHA3-384' $checked{'DAUTH'}{'SHA3-384'}>SHA3 384 $Lang::tr{'bit'}</option>
+ <option value='SHA3-256' $checked{'DAUTH'}{'SHA-256'}>SHA3 256 $Lang::tr{'bit'}</option>
+ <option value='SHA512' $checked{'DAUTH'}{'SHA512'}>SHA2 512 $Lang::tr{'bit'}</option>
+ <option value='SHA384' $checked{'DAUTH'}{'SHA384'}>SHA2 384 $Lang::tr{'bit'}</option>
+ <option value='SHA256' $checked{'DAUTH'}{'SHA256'}>SHA2 256 $Lang::tr{'bit'}</option>
+ <option value='whirlpool' $checked{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
+ <option value='SHA1' $checked{'DAUTH'}{'SHA1'}>SHA1 160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'}</option>
+ </select>
+ </td>
+ </tr>
+ </tbody>
+ </table>
<hr>
END
;
@@ -4841,12 +4890,6 @@ if ($cgiparams{'TYPE'} eq 'net') {
$checked{'MSSFIX'}{'on'} = '';
$checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
- $selected{'DAUTH'}{'whirlpool'} = '';
- $selected{'DAUTH'}{'SHA512'} = '';
- $selected{'DAUTH'}{'SHA384'} = '';
- $selected{'DAUTH'}{'SHA256'} = '';
- $selected{'DAUTH'}{'SHA1'} = '';
- $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
$checked{'TLSAUTH'}{'off'} = '';
$checked{'TLSAUTH'}{'on'} = '';
$checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
@@ -5396,18 +5439,6 @@ END
if ($cgiparams{'MSSFIX'} eq '') {
$cgiparams{'MSSFIX'} = 'off';
}
- if ($cgiparams{'DAUTH'} eq '') {
- if (-z "${General::swroot}/ovpn/ovpnconfig") {
- $cgiparams{'DAUTH'} = 'SHA512';
- }
- foreach my $key (keys %confighash) {
- if ($confighash{$key}[3] ne 'host') {
- $cgiparams{'DAUTH'} = 'SHA512';
- } else {
- $cgiparams{'DAUTH'} = 'SHA1';
- }
- }
- }
if ($cgiparams{'TLSAUTH'} eq '') {
$cgiparams{'TLSAUTH'} = 'off';
}
@@ -5428,13 +5459,6 @@ END
$selected{'DPROTOCOL'}{'tcp'} = '';
$selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
- $selected{'DAUTH'}{'whirlpool'} = '';
- $selected{'DAUTH'}{'SHA512'} = '';
- $selected{'DAUTH'}{'SHA384'} = '';
- $selected{'DAUTH'}{'SHA256'} = '';
- $selected{'DAUTH'}{'SHA1'} = '';
- $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
-
$checked{'TLSAUTH'}{'off'} = '';
$checked{'TLSAUTH'}{'on'} = '';
$checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
@@ -5547,19 +5571,6 @@ END
</tr>
<tr><td colspan='1'><br></td></tr>
- <tr>
- <td class='base'>$Lang::tr{'ovpn ha'}</td>
- <td><select name='DAUTH'>
- <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
- <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
- <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
- <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
- <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- </select>
- </td>
- </tr>
-
- <tr><td colspan='4'><br></td></tr>
<tr>
<td class='base'>$Lang::tr{'ovpn tls auth'}</td>
<td><input type='checkbox' name='TLSAUTH' $checked{'TLSAUTH'}{'on'} /></td>
@@ -1912,6 +1912,7 @@
'ovpn control channel v2' => 'Kontroll-Kanal TLSv2',
'ovpn control channel v3' => 'Kontroll-Kanal TLSv3',
'ovpn data encryption' => 'Daten-Kanal Verschlüsselung',
+'ovpn data channel authentication' => 'Daten-Kontrol Kanal Authentifikation',
'ovpn data channel' => 'Daten-Kanal',
'ovpn data channel fallback' => 'Daten-Kanal Fallback',
'ovpn device' => 'OpenVPN-Gerät',
@@ -1944,6 +1944,7 @@
'ovpn control channel v2' => 'Control-Channel TLSv2',
'ovpn control channel v3' => 'Control-Channel TLSv3',
'ovpn data encryption' => 'Data-Channel encryption',
+'ovpn data channel authentication' => 'Data and channel authentication',
'ovpn data channel' => 'Data-Channel',
'ovpn data channel fallback' => 'Data-Channel fallback',
'ovpn device' => 'OpenVPN device:',
@@ -1337,11 +1337,13 @@
'ovpn control channel v2' => 'Canal-Control TLSv2',
'ovpn control channel v3' => 'Canal-Control TLSv3',
'ovpn data encryption' => 'Encriptación Data-Channel',
+'ovpn data channel authentication' => 'Autenticación de datos y canal',
'ovpn data channel' => 'Canal-Datos',
'ovpn data channel fallback' => 'Retroceso Canal-Datos',
'ovpn device' => 'Dispositivo OpenVPN',
'ovpn errmsg invalid data cipher input' => 'El cifrado de datos necesita al menos de un cifrado',
'ovpn dl' => 'Configuración de descargas OVPN',
+'ovpn ha' => 'Algoritmo hash',
'ovpn log' => 'Registro de log de OVPN',
'ovpn on blue' => 'OpenVPN en BLUE',
'ovpn on orange' => 'OpenVPN en ORANGE',
@@ -1945,6 +1945,7 @@
'ovpn control channel v2' => 'Canal de contrôle TLSv2',
'ovpn control channel v3' => 'Canal de contrôle TLSv3',
'ovpn data encryption' => 'Chiffrage du canal de données',
+'ovpn data channel authentication' => 'Authentification du canal et des données',
'ovpn data channel' => 'Canal de données',
'ovpn data channel fallback' => 'Canal de données de repli',
'ovpn device' => 'Périphérique OpenVPN :',
@@ -44,6 +44,7 @@
'Number of Ports for the pie chart' => 'Numero di porte per il grafico a torta',
'OVPN' => 'OpenVPN',
'ovpn data encryption' => 'Crittografia del canale dati',
+'ovpn data channel authentication' => 'Autenticazione di dati e di canali',
'ovpn data channel' => 'Canale-Dati',
'ovpn data channel fallback' => 'Canale-Dati di riserva',
'ovpn advanced encryption' => 'Impostazioni avanzate di crittografia',
@@ -1715,7 +1716,7 @@
'ovpn errmsg invalid data cipher input' => 'La crittografia dati necessita almeno un cifrario',
'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask',
'ovpn generating the root and host certificates' => 'Generating the root and host certifictae can take a long time.',
-'ovpn ha' => 'Hash algorithm',
+'ovpn ha' => 'Algoritmo di hash',
'ovpn hmac' => 'HMAC options',
'ovpn log' => 'OVPN-Log',
'ovpn mgmt in root range' => 'A port number of 1024 or higher is required.',
@@ -1664,6 +1664,7 @@
'ovpn control channel v2' => 'Controle-Kanaal TLSv2',
'ovpn control channel v3' => 'Controle-Kanaal TLSv3',
'ovpn data encryption' => 'Datakanaalversleuteling',
+'ovpn data channel authentication' => 'Gegevens en kanaal verificatie',
'ovpn data channel' => 'Data-kanaal',
'ovpn data channel fallback' => 'Data-Kanaal terugval',
'ovpn device' => 'OpenVPN apparaat:',
@@ -1671,6 +1672,7 @@
'ovpn errmsg green already pushed' => 'Route voor het groene netwerk is altijd aangezet',
'ovpn errmsg invalid data cipher input' => 'De gegevens codering heeft ten minste één codering nodig',
'ovpn errmsg invalid ip or mask' => 'Ongeldig netwerkadres of subnetmasker',
+'ovpn ha' => 'Hash algoritme',
'ovpn log' => 'OVPN-Log',
'ovpn mgmt in root range' => 'Een poortnummer hoger dan 1024 is vereist.',
'ovpn mtu-disc' => 'Pad MTU Discovery',
@@ -40,6 +40,7 @@
'ovpn advanced encryption' => 'Zaawansowane ustawienia szyfrowania',
'ovpn client version 25 cipher negotiation' => 'Negocjowanie szyfrowania',
'ovpn client version 25 warning' => 'Dostępny z klientem w wersji 2.5.0 i wyższej',
+'ovpn crypt options' => 'Opcje kryptograficzne',
'OpenVPN' => 'OpenVPN',
'Pages' => 'Stron',
'Ping' => 'Ping :',
@@ -1349,11 +1350,13 @@
'ovpn control channel v2' => 'Kanał-Kontrolny TLSv2',
'ovpn control channel v3' => 'Kanał-Kontrolny TLSv3',
'ovpn data encryption' => 'Szyfrowanie Kanału-Danych',
+'ovpn data channel authentication' => 'Uwierzytelnianie danych i kanałów',
'ovpn data channel' => 'Kanał-Danych',
'ovpn data channel fallback' => 'Awaria Kanału-Danych',
'ovpn device' => 'Urządzenie OpenVPN:',
'ovpn dl' => 'Pobierz konfig OVPN',
'ovpn errmsg invalid data cipher input' => 'Szyfr danych wymaga co najmniej jednego szyfru',
+'ovpn ha' => 'Algorytm haszyszowy',
'ovpn log' => 'Log OVPN',
'ovpn on blue' => 'OpenVPN na int. BLUE',
'ovpn on orange' => 'OpenVPN na int. ORANGE',
@@ -1340,6 +1340,7 @@
'ovpn control channel v2' => 'Канал-управления TLSv2',
'ovpn control channel v3' => 'Канал-управления TLSv3',
'ovpn data encryption' => 'шифрование-каналов данных',
+'ovpn data channel authentication' => 'Аутентификация данных и каналов',
'ovpn data channel' => 'Информационный-канал',
'ovpn data channel fallback' => 'Информационный-канал отступление',
'ovpn device' => 'Устройство OpenVPN:',
@@ -1347,6 +1348,7 @@
'ovpn errmsg green already pushed' => 'Маршрут для зелёной сети всегда включён',
'ovpn errmsg invalid data cipher input' => 'Для шифра данных нужен хотя бы один шифр',
'ovpn errmsg invalid ip or mask' => 'Неправильный адрес или маска подсти',
+'ovpn ha' => 'хеш-алгоритм',
'ovpn log' => 'Журнал OVPN',
'ovpn on blue' => 'OpenVPN на BLUE',
'ovpn on orange' => 'OpenVPN на ORANGE',
@@ -1849,6 +1849,7 @@
'ovpn data channel' => 'Veri-Kanalı',
'ovpn data channel fallback' => 'Veri-Kanalı geri dönüşü',
'ovpn data encryption' => 'Veri-Kanalı şifreleme',
+'ovpn data channel authentication' => 'Veri ve kanal kimlik doğrulaması',
'ovpn device' => 'OpenVPN aygıtı:',
'ovpn dh' => 'Diffie-Hellman parametre uzunluğu',
'ovpn dh new key' => 'Yeni Diffie-Hellman parametrelerini oluşturun',