From patchwork Thu Dec 10 16:59:20 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Erik Kapfer <erik.kapfer@ipfire.org>
X-Patchwork-Id: 3713
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CsKs34PR9z3wg0
	for <patchwork@web04.haj.ipfire.org>; Thu, 10 Dec 2020 16:59:35 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4CsKs324tRz2Pm;
	Thu, 10 Dec 2020 16:59:35 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CsKs31fMyz2xjX;
	Thu, 10 Dec 2020 16:59:35 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CsKs15125z2xZk
 for <development@lists.ipfire.org>; Thu, 10 Dec 2020 16:59:33 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4CsKs06wk7z1V4;
 Thu, 10 Dec 2020 16:59:32 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1607619573;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=vI4kgo5GoU9BbYTj8rHIwkvFFLbaq8m6slCFNn8KrFE=;
 b=27usqNTrjKzvg9iU2PurI6x5yuHxCyRjxVPawskffRr7hOweHD/nAKvjOxF5cle9pKP9vD
 YzxaQg05Ny01BaAw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1607619573;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=vI4kgo5GoU9BbYTj8rHIwkvFFLbaq8m6slCFNn8KrFE=;
 b=mNZCpYrA9maS3VOJ3zXt+ZYGF5a77t7/jtYo+GnRZAGgTaJ1wDQn7CFnO0/gdR0tNNwx9O
 BKFEXfWqFB+4zrLYcbtW+LQ53g43m1k/aYgSFBq0OscS3ietTCH20kL31tMf27t5WDomZ/
 UUBdV0XcHzVlTRrdQI3xNzHKcUKfqDThGz9Ab2q+ix6vuIWzy6LiNVIzcVMZt/ycRNj/s1
 ECQmQ5fW22SmZYB08QUa0rWtIh2aKKNe+AvaYi92CmnnuOInHsiYe6w9/JHBr7zs1axorw
 suE5/AOv24dCg4c4rRcqiXmuC2X0bKESKuA9xO3t1Fc3cgBSyHwEGhM8HzQicg==
From: ummeegge <erik.kapfer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH v2 2/7] OpenVPN: Substitute --cipher with
 --data-cipher-fallback
Date: Thu, 10 Dec 2020 16:59:20 +0000
Message-Id: <20201210165925.25037-2-erik.kapfer@ipfire.org>
In-Reply-To: <20201210165925.25037-1-erik.kapfer@ipfire.org>
References: <20201203120807.20694-1-erik.kapfer@ipfire.org>
 <20201210165925.25037-1-erik.kapfer@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

- Since --cipher is with OpenVPN version 2.5.0 deprecated and will be handled via
--data-cipher-fallback, the VAR name and the index has been kept but
renamed from --cipher to --data-cipher-fallback. Old default AES-256-CBC
has also been kept.
- All old ciphers except the GCM familiy are included.

Code is needed to change in server.conf the directive from 'cipher'
to 'data-cipher-fallback' for the update process in update.sh.

Code start block:

/usr/local/bin/openvpnctrl -k > /dev/null
if grep -q 'cipher' /var/ipfire/ovpn/server.conf; then
sed -i 's/cipher/data-ciphers-fallback/' /var/ipfire/ovpn/server.conf
fi
/usr/local/bin/openvpnctrl -s > /dev/null

Code block end

Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
---
 html/cgi-bin/ovpnmain.cgi | 109 +++++++++++++++-----------------------
 langs/de/cgi-bin/de.pl    |   1 +
 langs/en/cgi-bin/en.pl    |   1 +
 langs/es/cgi-bin/es.pl    |   1 +
 langs/fr/cgi-bin/fr.pl    |   1 +
 langs/it/cgi-bin/it.pl    |   1 +
 langs/nl/cgi-bin/nl.pl    |   1 +
 langs/pl/cgi-bin/pl.pl    |   1 +
 langs/ru/cgi-bin/ru.pl    |   1 +
 langs/tr/cgi-bin/tr.pl    |   1 +
 10 files changed, 53 insertions(+), 65 deletions(-)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 40ae58673..dbf8a8d2e 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -327,7 +327,7 @@ sub writeserverconf {
     }	
     print CONF "status-version 1\n";
     print CONF "status /var/run/ovpnserver.log 30\n";
-    print CONF "cipher $sovpnsettings{DCIPHER}\n";
+    print CONF "data-ciphers-fallback $sovpnsettings{DCIPHER}\n";
 
 	# Data channel encryption
 	# Set seperator for data ciphers
@@ -928,6 +928,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
 if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) {
 	&General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
 
+	$vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
 	$vpnsettings{'DATACIPHERS'} = $cgiparams{'DATACIPHERS'};
 
 	# --data-ciphers needs at least one cipher
@@ -1245,7 +1246,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
     $vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'};
     $vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
     $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
-    $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
     $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
     $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
 #wrtie enable
@@ -2915,10 +2915,30 @@ END
 		$key = &General::findhasharraykey (\%confighash);
 		foreach my $i (39.. 45) { $confighash{$key}[$i] = ""; }
 	}
+	$confighash{$key}[40] = $cgiparams{'DCIPHER'};
 	$confighash{$key}[42] = $cgiparams{'DATACIPHERS'};
 
 ADV_ENC_ERROR:
 
+	# Set default for data-cipher-fallback (the old --cipher directive)
+	if ($cgiparams{'DCIPHER'} eq '') {
+		$cgiparams{'DCIPHER'} =  'AES-256-CBC'; #[40]
+	}
+	$checked{'DCIPHER'}{'AES-256-CBC'} = '';
+	$checked{'DCIPHER'}{'AES-192-CBC'} = '';
+	$checked{'DCIPHER'}{'AES-128-CBC'} = '';
+	$checked{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
+	$checked{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
+	$checked{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
+	$checked{'DCIPHER'}{'SEED-CBC'} = '';
+	$checked{'DCIPHER'}{'DES-EDE3-CBC'} = '';
+	$checked{'DCIPHER'}{'DESX-CBC'} = '';
+	$checked{'DCIPHER'}{'DES-EDE-CBC'} = '';
+	$checked{'DCIPHER'}{'BF-CBC'} = '';
+	$checked{'DCIPHER'}{'CAST5-CBC'} = '';
+	@temp = split('\|', $cgiparams{'DCIPHER'});
+	foreach my $key (@temp) {$checked{'DCIPHER'}{$key} = "selected='selected'"; }
+
 	# Set default data channel ciphers
 	if ($cgiparams{'DATACIPHERS'} eq '') {
 		$cgiparams{'DATACIPHERS'} = 'ChaCha20-Poly1305|AES-256-GCM'; #[42];
@@ -2932,8 +2952,10 @@ ADV_ENC_ERROR:
 
 	# Save settings and display default if not configured
 	if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) {
+		$confighash{$cgiparams{'KEY'}}[40] = $cgiparams{'DCIPHER'};
 		$confighash{$cgiparams{'KEY'}}[42] = $cgiparams{'DATACIPHERS'};
 	} else {
+		$cgiparams{'DCIPHER'} = $vpnsettings{'DCIPHER'};
 		$cgiparams{'DATACIPHERS'} = $vpnsettings{'DATACIPHERS'};
 	}
 
@@ -2968,6 +2990,7 @@ ADV_ENC_ERROR:
 			<tr>
 				<th width="15%"></th>
 				<th>$Lang::tr{'ovpn data channel'}</th>
+				<th>$Lang::tr{'ovpn data channel fallback'}</th>
 			</tr>
 		</thead>
 		<tbody>
@@ -2981,7 +3004,25 @@ ADV_ENC_ERROR:
 						<option value='AES-128-GCM' $checked{'DATACIPHERS'}{'AES-128-GCM'}>128 $Lang::tr{'bit'} AES-GCM</option>
 					</select>
 				</td>
+
+				<td class='boldbase'>
+					<select name='DCIPHER' size='6' style='width: 100%'>
+						<option value='AES-256-CBC' $checked{'DCIPHER'}{'AES-256-CBC'}>256 $Lang::tr{'bit'} AES-CBC</option>
+						<option value='AES-192-CBC' $checked{'DCIPHER'}{'AES-192-CBC'}>192 $Lang::tr{'bit'} AES-CBC</option>
+						<option value='AES-128-CBC' $checked{'DCIPHER'}{'AES-128-CBC'}>128 bit AES-CBC</option>
+						<option value='CAMELLIA-256-CBC' $checked{'DCIPHER'}{'CAMELLIA-256-CBC'}>256 $Lang::tr{'bit'} Camellia-CBC</option>
+						<option value='CAMELLIA-192-CBC' $checked{'DCIPHER'}{'CAMELLIA-192-CBC'}>192 $Lang::tr{'bit'} CAMELLIA-CBC</option>
+						<option value='CAMELLIA-128-CBC' $checked{'DCIPHER'}{'CAMELLIA-128-CBC'}>128 $Lang::tr{'bit'} Camellia-CBC</option>
+						<option value='SEED-CBC' $checked{'DCIPHER'}{'SEED-CBC'}>128 $Lang::tr{'bit'} SEED-CBC</option>
+						<option value='DES-EDE3-CBC' $checked{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC 192 $Lang::tr{'bit'} - $Lang::tr{'vpn weak'}</option>
+						<option value='DESX-CBC' $checked{'DCIPHER'}{'DESX-CBC'}>DESX-CBC 192 $Lang::tr{'bit'} - $Lang::tr{'vpn weak'}</option>
+						<option value='DES-EDE-CBC' $checked{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC 128 $Lang::tr{'bit'} - $Lang::tr{'vpn weak'}</option>
+						<option value='BF-CBC' $checked{'DCIPHER'}{'BF-CBC'}>BF-CBC 128 $Lang::tr{'bit'} - $Lang::tr{'vpn weak'}</option>
+						<option value='CAST5-CBC' $checked{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC 128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'}</option>
+					</select>
+				</td>
 			</tr>
+
 		</tbody>
 	</table>
 	<hr>
@@ -4677,28 +4718,6 @@ if ($cgiparams{'TYPE'} eq 'net') {
     $checked{'MSSFIX'}{'on'} = '';
     $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
 
-    $selected{'DCIPHER'}{'AES-256-GCM'} = '';
-    $selected{'DCIPHER'}{'AES-192-GCM'} = '';
-    $selected{'DCIPHER'}{'AES-128-GCM'} = '';
-    $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
-    $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
-    $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
-    $selected{'DCIPHER'}{'AES-256-CBC'} = '';
-    $selected{'DCIPHER'}{'AES-192-CBC'} = '';
-    $selected{'DCIPHER'}{'AES-128-CBC'} = '';
-    $selected{'DCIPHER'}{'DESX-CBC'} = '';
-    $selected{'DCIPHER'}{'SEED-CBC'} = '';
-    $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
-    $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
-    $selected{'DCIPHER'}{'CAST5-CBC'} = '';
-    $selected{'DCIPHER'}{'BF-CBC'} = '';
-    $selected{'DCIPHER'}{'DES-CBC'} = '';
-    # If no cipher has been chossen yet, select
-    # the old default (AES-256-CBC) for compatiblity reasons.
-    if ($cgiparams{'DCIPHER'} eq '') {
-	$cgiparams{'DCIPHER'} = 'AES-256-CBC';
-    }
-    $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
     $selected{'DAUTH'}{'whirlpool'} = '';
     $selected{'DAUTH'}{'SHA512'} = '';
     $selected{'DAUTH'}{'SHA384'} = '';
@@ -5236,9 +5255,6 @@ END
     }
     
 #default setzen
-    if ($cgiparams{'DCIPHER'} eq '') {
-		$cgiparams{'DCIPHER'} =  'AES-256-CBC';
-    }
     if ($cgiparams{'DDEST_PORT'} eq '') {
 		$cgiparams{'DDEST_PORT'} =  '1194';
     }
@@ -5280,24 +5296,6 @@ END
     $selected{'DPROTOCOL'}{'tcp'} = '';
     $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
 
-    $selected{'DCIPHER'}{'AES-256-GCM'} = '';
-    $selected{'DCIPHER'}{'AES-192-GCM'} = '';
-    $selected{'DCIPHER'}{'AES-128-GCM'} = '';
-    $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
-    $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
-    $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
-    $selected{'DCIPHER'}{'AES-256-CBC'} = '';
-    $selected{'DCIPHER'}{'AES-192-CBC'} = '';
-    $selected{'DCIPHER'}{'AES-128-CBC'} = '';
-    $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
-    $selected{'DCIPHER'}{'DESX-CBC'} = '';
-    $selected{'DCIPHER'}{'SEED-CBC'} = '';
-    $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
-    $selected{'DCIPHER'}{'CAST5-CBC'} = '';
-    $selected{'DCIPHER'}{'BF-CBC'} = '';
-    $selected{'DCIPHER'}{'DES-CBC'} = '';
-    $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
-
     $selected{'DAUTH'}{'whirlpool'} = '';
     $selected{'DAUTH'}{'SHA512'} = '';
     $selected{'DAUTH'}{'SHA384'} = '';
@@ -5427,26 +5425,6 @@ END
 				<option value='SHA1'			$selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
 			</select>
 		</td>
-
-		<td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
-		<td><select name='DCIPHER'>
-				<option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option>
-				<option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option>
-				<option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option>
-				<option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
-				<option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
-				<option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
-				<option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option>
-				<option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
-				<option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
-				<option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
-				<option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
-				<option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
-				<option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
-				<option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
-				<option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
-			</select>
-		</td>
 	</tr>
 
     <tr><td colspan='4'><br></td></tr>
@@ -6002,3 +5980,4 @@ END
 
 &Header::closepage();
 
+
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 0d0705845..08827b08a 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1910,6 +1910,7 @@
 'ovpn crypt options' => 'Kryptografieoptionen',
 'ovpn data encryption' => 'Daten-Kanal Verschlüsselung',
 'ovpn data channel' => 'Daten-Kanal',
+'ovpn data channel fallback' => 'Daten-Kanal Fallback',
 'ovpn device' => 'OpenVPN-Gerät',
 'ovpn dh' => 'Diffie-Hellman-Parameter-Länge',
 'ovpn dh new key' => 'Neuen Diffie-Hellman Parameter erstellen',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index affa43cd3..880cae5f7 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1942,6 +1942,7 @@
 'ovpn crypt options' => 'Cryptographic options',
 'ovpn data encryption' => 'Data-Channel encryption',
 'ovpn data channel' => 'Data-Channel',
+'ovpn data channel fallback' => 'Data-Channel fallback',
 'ovpn device' => 'OpenVPN device:',
 'ovpn dh' => 'Diffie-Hellman parameters length',
 'ovpn dh new key' => 'Generate new Diffie-Hellman parameters',
diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl
index 3d6efc21a..c86580e81 100644
--- a/langs/es/cgi-bin/es.pl
+++ b/langs/es/cgi-bin/es.pl
@@ -1333,6 +1333,7 @@
 'ovpn config' => 'Configruación de OVPN',
 'ovpn data encryption' => 'Encriptación Data-Channel',
 'ovpn data channel' => 'Canal-Datos',
+'ovpn data channel fallback' => 'Retroceso Canal-Datos',
 'ovpn device' => 'Dispositivo OpenVPN',
 'ovpn errmsg invalid data cipher input' => 'El cifrado de datos necesita al menos de un cifrado',
 'ovpn dl' => 'Configuración de descargas OVPN',
diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl
index df19ef316..1a1f37cbe 100644
--- a/langs/fr/cgi-bin/fr.pl
+++ b/langs/fr/cgi-bin/fr.pl
@@ -1943,6 +1943,7 @@
 'ovpn crypt options' => 'Options cryptographiques',
 'ovpn data encryption' => 'Chiffrage du canal de données',
 'ovpn data channel' => 'Canal de données',
+'ovpn data channel fallback' => 'Canal de données de repli',
 'ovpn device' => 'Périphérique OpenVPN :',
 'ovpn dh' => 'Longueur de paramètres Diffie-Hellman ',
 'ovpn dh new key' => 'Générer de nouveaux paramètres Diffie-Hellman ',
diff --git a/langs/it/cgi-bin/it.pl b/langs/it/cgi-bin/it.pl
index 1c190eff2..2c1dc9559 100644
--- a/langs/it/cgi-bin/it.pl
+++ b/langs/it/cgi-bin/it.pl
@@ -45,6 +45,7 @@
 'OVPN' => 'OpenVPN',
 'ovpn data encryption' => 'Crittografia del canale dati',
 'ovpn data channel' => 'Canale-Dati',
+'ovpn data channel fallback' => 'Canale-Dati di riserva',
 'ovpn advanced encryption' => 'Impostazioni avanzate di crittografia',
 'ovpn client version 25 cipher negotiation' => 'Negozazione cirttografia',
 'ovpn client version 25 warning' => 'Disponibile con client 2.5.0 o più recente',
diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl
index 8207399e2..635cbd3b8 100644
--- a/langs/nl/cgi-bin/nl.pl
+++ b/langs/nl/cgi-bin/nl.pl
@@ -1660,6 +1660,7 @@
 'ovpn config' => 'OVPN-Configuratie',
 'ovpn data encryption' => 'Datakanaalversleuteling',
 'ovpn data channel' => 'Data-kanaal',
+'ovpn data channel fallback' => 'Data-Kanaal terugval',
 'ovpn device' => 'OpenVPN apparaat:',
 'ovpn dl' => 'OVPN-Configuratie download',
 'ovpn errmsg green already pushed' => 'Route voor het groene netwerk is altijd aangezet',
diff --git a/langs/pl/cgi-bin/pl.pl b/langs/pl/cgi-bin/pl.pl
index f9fbe57df..4ceaeef8a 100644
--- a/langs/pl/cgi-bin/pl.pl
+++ b/langs/pl/cgi-bin/pl.pl
@@ -1345,6 +1345,7 @@
 'ovpn config' => 'OVPN-Konfig',
 'ovpn data encryption' => 'Szyfrowanie Kanału-Danych',
 'ovpn data channel' => 'Kanał-Danych',
+'ovpn data channel fallback' => 'Awaria Kanału-Danych',
 'ovpn device' => 'Urządzenie OpenVPN:',
 'ovpn dl' => 'Pobierz konfig OVPN',
 'ovpn errmsg invalid data cipher input' => 'Szyfr danych wymaga co najmniej jednego szyfru',
diff --git a/langs/ru/cgi-bin/ru.pl b/langs/ru/cgi-bin/ru.pl
index 700a8d838..1d81eb62c 100644
--- a/langs/ru/cgi-bin/ru.pl
+++ b/langs/ru/cgi-bin/ru.pl
@@ -1336,6 +1336,7 @@
 'ovpn config' => 'Настройки OVPN',
 'ovpn data encryption' => 'шифрование-каналов данных',
 'ovpn data channel' => 'Информационный-канал',
+'ovpn data channel fallback' => 'Информационный-канал отступление',
 'ovpn device' => 'Устройство OpenVPN:',
 'ovpn dl' => 'Загрузка настроек OVPN',
 'ovpn errmsg green already pushed' => 'Маршрут для зелёной сети всегда включён',
diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl
index 0c64063c7..5fbd9f3d3 100644
--- a/langs/tr/cgi-bin/tr.pl
+++ b/langs/tr/cgi-bin/tr.pl
@@ -1842,6 +1842,7 @@
 'ovpn config' => 'OVPN-Yapılandırması',
 'ovpn crypt options' => 'Şifreleme seçenekleri',
 'ovpn data channel' => 'Veri-Kanalı',
+'ovpn data channel fallback' => 'Veri-Kanalı geri dönüşü',
 'ovpn data encryption' => 'Veri-Kanalı şifreleme',
 'ovpn device' => 'OpenVPN aygıtı:',
 'ovpn dh' => 'Diffie-Hellman parametre uzunluğu',