diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index e248b3cbb..a80befdb6 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -958,6 +958,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) {
&General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
+ $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
$vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
$vpnsettings{'DATACIPHERS'} = $cgiparams{'DATACIPHERS'};
@@ -1292,7 +1293,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
$vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'};
$vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
$vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
- $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
$vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
#wrtie enable
@@ -2979,6 +2979,7 @@ END
$key = &General::findhasharraykey (\%confighash);
foreach my $i (39.. 45) { $confighash{$key}[$i] = ""; }
}
+ $confighash{$key}[39] = $cgiparams{'DAUTH'};
$confighash{$key}[40] = $cgiparams{'DCIPHER'};
$confighash{$key}[42] = $cgiparams{'DATACIPHERS'};
$confighash{$key}[43] = $cgiparams{'CHANNELCIPHERS'};
@@ -2986,6 +2987,23 @@ END
ADV_ENC_ERROR:
+ # Set default for hash message authentication code
+ if ($cgiparams{'DAUTH'} eq '') {
+ $cgiparams{'DAUTH'} = 'SHA512'; #[39];
+ }
+ $checked{'DAUTH'}{'BLAKE2b512'} = '';
+ $checked{'DAUTH'}{'BLAKE2s256'} = '';
+ $checked{'DAUTH'}{'SHA3-512'} = '';
+ $checked{'DAUTH'}{'SHA3-384'} = '';
+ $checked{'DAUTH'}{'SHA3-256'} = '';
+ $checked{'DAUTH'}{'SHA512'} = '';
+ $checked{'DAUTH'}{'SHA384'} = '';
+ $checked{'DAUTH'}{'SHA256'} = '';
+ $checked{'DAUTH'}{'whirlpool'} = '';
+ $checked{'DAUTH'}{'SHA1'} = '';
+ @temp = split('\|', $cgiparams{'DAUTH'});
+ foreach my $key (@temp) {$checked{'DAUTH'}{$key} = "selected='selected'"; }
+
# Set default for data-cipher-fallback (the old --cipher directive)
if ($cgiparams{'DCIPHER'} eq '') {
$cgiparams{'DCIPHER'} = 'AES-256-CBC'; #[40]
@@ -3038,11 +3056,13 @@ ADV_ENC_ERROR:
# Save settings and display default if not configured
if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) {
+ $confighash{$cgiparams{'KEY'}}[39] = $cgiparams{'DAUTH'};
$confighash{$cgiparams{'KEY'}}[40] = $cgiparams{'DCIPHER'};
$confighash{$cgiparams{'KEY'}}[42] = $cgiparams{'DATACIPHERS'};
$confighash{$cgiparams{'KEY'}}[43] = $cgiparams{'CHANNELCIPHERS'};
$confighash{$cgiparams{'KEY'}}[44] = $cgiparams{'NCHANNELCIPHERS'};
} else {
+ $cgiparams{'DAUTH'} = $vpnsettings{'DAUTH'};
$cgiparams{'DCIPHER'} = $vpnsettings{'DCIPHER'};
$cgiparams{'DATACIPHERS'} = $vpnsettings{'DATACIPHERS'};
$cgiparams{'CHANNELCIPHERS'} = $vpnsettings{'CHANNELCIPHERS'};
@@ -3148,6 +3168,35 @@ ADV_ENC_ERROR:
+
$Lang::tr{'ovpn crypt options'}:
+
+
+
+
+ |
+ $Lang::tr{'ovpn ha'} |
+
+
+
+
+ $Lang::tr{'ovpn data channel authentication'} |
+
+
+ |
+
+
+
END
;
@@ -4841,12 +4890,6 @@ if ($cgiparams{'TYPE'} eq 'net') {
$checked{'MSSFIX'}{'on'} = '';
$checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
- $selected{'DAUTH'}{'whirlpool'} = '';
- $selected{'DAUTH'}{'SHA512'} = '';
- $selected{'DAUTH'}{'SHA384'} = '';
- $selected{'DAUTH'}{'SHA256'} = '';
- $selected{'DAUTH'}{'SHA1'} = '';
- $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
$checked{'TLSAUTH'}{'off'} = '';
$checked{'TLSAUTH'}{'on'} = '';
$checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
@@ -5396,18 +5439,6 @@ END
if ($cgiparams{'MSSFIX'} eq '') {
$cgiparams{'MSSFIX'} = 'off';
}
- if ($cgiparams{'DAUTH'} eq '') {
- if (-z "${General::swroot}/ovpn/ovpnconfig") {
- $cgiparams{'DAUTH'} = 'SHA512';
- }
- foreach my $key (keys %confighash) {
- if ($confighash{$key}[3] ne 'host') {
- $cgiparams{'DAUTH'} = 'SHA512';
- } else {
- $cgiparams{'DAUTH'} = 'SHA1';
- }
- }
- }
if ($cgiparams{'TLSAUTH'} eq '') {
$cgiparams{'TLSAUTH'} = 'off';
}
@@ -5428,13 +5459,6 @@ END
$selected{'DPROTOCOL'}{'tcp'} = '';
$selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
- $selected{'DAUTH'}{'whirlpool'} = '';
- $selected{'DAUTH'}{'SHA512'} = '';
- $selected{'DAUTH'}{'SHA384'} = '';
- $selected{'DAUTH'}{'SHA256'} = '';
- $selected{'DAUTH'}{'SHA1'} = '';
- $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
-
$checked{'TLSAUTH'}{'off'} = '';
$checked{'TLSAUTH'}{'on'} = '';
$checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
@@ -5547,19 +5571,6 @@ END
|
-
- $Lang::tr{'ovpn ha'} |
-
- |
-
-
-
|
$Lang::tr{'ovpn tls auth'} |
|
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index cadf4b141..a4c166bfe 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1912,6 +1912,7 @@
'ovpn control channel v2' => 'Kontroll-Kanal TLSv2',
'ovpn control channel v3' => 'Kontroll-Kanal TLSv3',
'ovpn data encryption' => 'Daten-Kanal Verschlüsselung',
+'ovpn data channel authentication' => 'Daten-Kontrol Kanal Authentifikation',
'ovpn data channel' => 'Daten-Kanal',
'ovpn data channel fallback' => 'Daten-Kanal Fallback',
'ovpn device' => 'OpenVPN-Gerät',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 4b667f881..dc324676a 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1944,6 +1944,7 @@
'ovpn control channel v2' => 'Control-Channel TLSv2',
'ovpn control channel v3' => 'Control-Channel TLSv3',
'ovpn data encryption' => 'Data-Channel encryption',
+'ovpn data channel authentication' => 'Data and channel authentication',
'ovpn data channel' => 'Data-Channel',
'ovpn data channel fallback' => 'Data-Channel fallback',
'ovpn device' => 'OpenVPN device:',
diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl
index 65505706c..1a0272b8a 100644
--- a/langs/es/cgi-bin/es.pl
+++ b/langs/es/cgi-bin/es.pl
@@ -1337,11 +1337,13 @@
'ovpn control channel v2' => 'Canal-Control TLSv2',
'ovpn control channel v3' => 'Canal-Control TLSv3',
'ovpn data encryption' => 'Encriptación Data-Channel',
+'ovpn data channel authentication' => 'Autenticación de datos y canal',
'ovpn data channel' => 'Canal-Datos',
'ovpn data channel fallback' => 'Retroceso Canal-Datos',
'ovpn device' => 'Dispositivo OpenVPN',
'ovpn errmsg invalid data cipher input' => 'El cifrado de datos necesita al menos de un cifrado',
'ovpn dl' => 'Configuración de descargas OVPN',
+'ovpn ha' => 'Algoritmo hash',
'ovpn log' => 'Registro de log de OVPN',
'ovpn on blue' => 'OpenVPN en BLUE',
'ovpn on orange' => 'OpenVPN en ORANGE',
diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl
index cda133e5d..d5deea1c0 100644
--- a/langs/fr/cgi-bin/fr.pl
+++ b/langs/fr/cgi-bin/fr.pl
@@ -1945,6 +1945,7 @@
'ovpn control channel v2' => 'Canal de contrôle TLSv2',
'ovpn control channel v3' => 'Canal de contrôle TLSv3',
'ovpn data encryption' => 'Chiffrage du canal de données',
+'ovpn data channel authentication' => 'Authentification du canal et des données',
'ovpn data channel' => 'Canal de données',
'ovpn data channel fallback' => 'Canal de données de repli',
'ovpn device' => 'Périphérique OpenVPN :',
diff --git a/langs/it/cgi-bin/it.pl b/langs/it/cgi-bin/it.pl
index 22ce7cd4d..ad16de583 100644
--- a/langs/it/cgi-bin/it.pl
+++ b/langs/it/cgi-bin/it.pl
@@ -44,6 +44,7 @@
'Number of Ports for the pie chart' => 'Numero di porte per il grafico a torta',
'OVPN' => 'OpenVPN',
'ovpn data encryption' => 'Crittografia del canale dati',
+'ovpn data channel authentication' => 'Autenticazione di dati e di canali',
'ovpn data channel' => 'Canale-Dati',
'ovpn data channel fallback' => 'Canale-Dati di riserva',
'ovpn advanced encryption' => 'Impostazioni avanzate di crittografia',
@@ -1715,7 +1716,7 @@
'ovpn errmsg invalid data cipher input' => 'La crittografia dati necessita almeno un cifrario',
'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask',
'ovpn generating the root and host certificates' => 'Generating the root and host certifictae can take a long time.',
-'ovpn ha' => 'Hash algorithm',
+'ovpn ha' => 'Algoritmo di hash',
'ovpn hmac' => 'HMAC options',
'ovpn log' => 'OVPN-Log',
'ovpn mgmt in root range' => 'A port number of 1024 or higher is required.',
diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl
index 15482b7c7..b0f037e0c 100644
--- a/langs/nl/cgi-bin/nl.pl
+++ b/langs/nl/cgi-bin/nl.pl
@@ -1664,6 +1664,7 @@
'ovpn control channel v2' => 'Controle-Kanaal TLSv2',
'ovpn control channel v3' => 'Controle-Kanaal TLSv3',
'ovpn data encryption' => 'Datakanaalversleuteling',
+'ovpn data channel authentication' => 'Gegevens en kanaal verificatie',
'ovpn data channel' => 'Data-kanaal',
'ovpn data channel fallback' => 'Data-Kanaal terugval',
'ovpn device' => 'OpenVPN apparaat:',
@@ -1671,6 +1672,7 @@
'ovpn errmsg green already pushed' => 'Route voor het groene netwerk is altijd aangezet',
'ovpn errmsg invalid data cipher input' => 'De gegevens codering heeft ten minste één codering nodig',
'ovpn errmsg invalid ip or mask' => 'Ongeldig netwerkadres of subnetmasker',
+'ovpn ha' => 'Hash algoritme',
'ovpn log' => 'OVPN-Log',
'ovpn mgmt in root range' => 'Een poortnummer hoger dan 1024 is vereist.',
'ovpn mtu-disc' => 'Pad MTU Discovery',
diff --git a/langs/pl/cgi-bin/pl.pl b/langs/pl/cgi-bin/pl.pl
index a5bde2044..5e8ec0864 100644
--- a/langs/pl/cgi-bin/pl.pl
+++ b/langs/pl/cgi-bin/pl.pl
@@ -40,6 +40,7 @@
'ovpn advanced encryption' => 'Zaawansowane ustawienia szyfrowania',
'ovpn client version 25 cipher negotiation' => 'Negocjowanie szyfrowania',
'ovpn client version 25 warning' => 'Dostępny z klientem w wersji 2.5.0 i wyższej',
+'ovpn crypt options' => 'Opcje kryptograficzne',
'OpenVPN' => 'OpenVPN',
'Pages' => 'Stron',
'Ping' => 'Ping :',
@@ -1349,11 +1350,13 @@
'ovpn control channel v2' => 'Kanał-Kontrolny TLSv2',
'ovpn control channel v3' => 'Kanał-Kontrolny TLSv3',
'ovpn data encryption' => 'Szyfrowanie Kanału-Danych',
+'ovpn data channel authentication' => 'Uwierzytelnianie danych i kanałów',
'ovpn data channel' => 'Kanał-Danych',
'ovpn data channel fallback' => 'Awaria Kanału-Danych',
'ovpn device' => 'Urządzenie OpenVPN:',
'ovpn dl' => 'Pobierz konfig OVPN',
'ovpn errmsg invalid data cipher input' => 'Szyfr danych wymaga co najmniej jednego szyfru',
+'ovpn ha' => 'Algorytm haszyszowy',
'ovpn log' => 'Log OVPN',
'ovpn on blue' => 'OpenVPN na int. BLUE',
'ovpn on orange' => 'OpenVPN na int. ORANGE',
diff --git a/langs/ru/cgi-bin/ru.pl b/langs/ru/cgi-bin/ru.pl
index 17666de80..6e3af2d7e 100644
--- a/langs/ru/cgi-bin/ru.pl
+++ b/langs/ru/cgi-bin/ru.pl
@@ -1340,6 +1340,7 @@
'ovpn control channel v2' => 'Канал-управления TLSv2',
'ovpn control channel v3' => 'Канал-управления TLSv3',
'ovpn data encryption' => 'шифрование-каналов данных',
+'ovpn data channel authentication' => 'Аутентификация данных и каналов',
'ovpn data channel' => 'Информационный-канал',
'ovpn data channel fallback' => 'Информационный-канал отступление',
'ovpn device' => 'Устройство OpenVPN:',
@@ -1347,6 +1348,7 @@
'ovpn errmsg green already pushed' => 'Маршрут для зелёной сети всегда включён',
'ovpn errmsg invalid data cipher input' => 'Для шифра данных нужен хотя бы один шифр',
'ovpn errmsg invalid ip or mask' => 'Неправильный адрес или маска подсти',
+'ovpn ha' => 'хеш-алгоритм',
'ovpn log' => 'Журнал OVPN',
'ovpn on blue' => 'OpenVPN на BLUE',
'ovpn on orange' => 'OpenVPN на ORANGE',
diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl
index 7df486bc8..e55a73aa3 100644
--- a/langs/tr/cgi-bin/tr.pl
+++ b/langs/tr/cgi-bin/tr.pl
@@ -1849,6 +1849,7 @@
'ovpn data channel' => 'Veri-Kanalı',
'ovpn data channel fallback' => 'Veri-Kanalı geri dönüşü',
'ovpn data encryption' => 'Veri-Kanalı şifreleme',
+'ovpn data channel authentication' => 'Veri ve kanal kimlik doğrulaması',
'ovpn device' => 'OpenVPN aygıtı:',
'ovpn dh' => 'Diffie-Hellman parametre uzunluğu',
'ovpn dh new key' => 'Yeni Diffie-Hellman parametrelerini oluşturun',