From patchwork Thu Dec 10 16:59:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Erik Kapfer X-Patchwork-Id: 3718 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CsKsC1YWmz3wx8 for ; Thu, 10 Dec 2020 16:59:43 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4CsKs769Wdz2t7; Thu, 10 Dec 2020 16:59:39 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CsKs75jfwz2xny; Thu, 10 Dec 2020 16:59:39 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CsKs61Jlhz2xq4 for ; Thu, 10 Dec 2020 16:59:38 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4CsKs55yq7z2qs; Thu, 10 Dec 2020 16:59:37 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1607619578; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mH7HObkkfXC0lT5JwNC8x3P2cHhT8/ShbyD9jKe3Jhc=; b=f255NbZVD2fqkAtI+5qwVKYforhdgZkCYbnt++KK5SDZVoTg/2fh8cSi9gczZikOsQziN1 WAZsVL8WYeUTvLDg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1607619578; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mH7HObkkfXC0lT5JwNC8x3P2cHhT8/ShbyD9jKe3Jhc=; b=rFsEykTNQEgWXDUMLof8R+N6vVmMIP40mYm4JNqTmUSFhjGSy61NfiDz+qNBNauhbnXx8P BL2UJJcAQRslEC0OluJKHDYedCV6Nz9Xn/ZGk4dwXDVeo+hEQlqDfD2QLDzpZ4YYDtay2U +abqslr7j7e+QxUFoHLdGXzoV0lN+gE1blD/Th9/XFzoyf7rwpWt2YTX7Ed6koKFGWCA9y 4qaTGGQo0aZ4SpESvjzWEFRrA42zMtmbKQTy4PR7l6ryn0m42QqJdxKKT1Me+OAIOQIf2r zAZSZCJMW5wfEWTS0iNSyhEU0nZ2lHhngD04yu2FmqYj/h5MZKPXBfyLLBgYSQ== From: ummeegge To: development@lists.ipfire.org Subject: [PATCH v2 7/7] OpenVPN: Moved TLS auth to advanced encryption section Date: Thu, 10 Dec 2020 16:59:25 +0000 Message-Id: <20201210165925.25037-7-erik.kapfer@ipfire.org> In-Reply-To: <20201210165925.25037-1-erik.kapfer@ipfire.org> References: <20201203120807.20694-1-erik.kapfer@ipfire.org> <20201210165925.25037-1-erik.kapfer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - The TLS authentication has been enhanced with --tls-crypt and with OpenVPN version 2.5.0 new introduced --tls-crypt-v2 . - New keys will be shown and can partly be downloaded over the "Certificate Authorities and -Keys" table. - The global section has been completely cleaned up from encryption settings which follows the IPSec WUI style. Signed-off-by: ummeegge --- html/cgi-bin/ovpnmain.cgi | 304 +++++++++++++++++++++++++++++++------- langs/de/cgi-bin/de.pl | 10 +- langs/en/cgi-bin/en.pl | 12 +- langs/es/cgi-bin/es.pl | 10 ++ langs/fr/cgi-bin/fr.pl | 12 +- langs/it/cgi-bin/it.pl | 7 +- langs/nl/cgi-bin/nl.pl | 13 +- langs/pl/cgi-bin/pl.pl | 10 ++ langs/ru/cgi-bin/ru.pl | 11 ++ langs/tr/cgi-bin/tr.pl | 9 ++ 10 files changed, 334 insertions(+), 64 deletions(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index a80befdb6..23085e763 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -371,9 +371,19 @@ sub writeserverconf { # Set TLSv2 as minimum print CONF "tls-version-min 1.2\n"; - if ($sovpnsettings{'TLSAUTH'} eq 'on') { - print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n"; - } + # TLS control channel authentication + if ($sovpnsettings{'TLSAUTH'} ne 'off') { + if ($sovpnsettings{'TLSAUTH'} eq 'on') { + print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n"; + } + if ($sovpnsettings{'TLSAUTH'} eq 'tls-crypt') { + print CONF "tls-crypt ${General::swroot}/ovpn/certs/tc.key\n"; + } + if ($sovpnsettings{'TLSAUTH'} eq 'tls-crypt-v2') { + print CONF "tls-crypt-v2 ${General::swroot}/ovpn/certs/tc-v2-server.key\n"; + } + } + if ($sovpnsettings{DCOMPLZO} eq 'on') { print CONF "comp-lzo\n"; } @@ -959,6 +969,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) { &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'}; + $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'}; $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'}; $vpnsettings{'DATACIPHERS'} = $cgiparams{'DATACIPHERS'}; @@ -982,6 +993,39 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) { $vpnsettings{'NCHANNELCIPHERS'} = $cgiparams{'NCHANNELCIPHERS'}; } + # Create ta.key for tls-auth if not presant + if ($cgiparams{'TLSAUTH'} eq 'on') { + if ( ! -e "${General::swroot}/ovpn/certs/ta.key") { + system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key"); + if ($?) { + $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; + goto ADV_ENC_ERROR; + } + } + } + + # Create tc.key for tls-crypt if not presant + if ($cgiparams{'TLSAUTH'} eq 'tls-crypt') { + if ( ! -e "${General::swroot}/ovpn/certs/tc.key") { + system('/usr/sbin/openvpn', '--genkey', 'tls-crypt', "${General::swroot}/ovpn/certs/tc.key"); + if ($?) { + $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; + goto ADV_ENC_ERROR; + } + } + } + + # Create tc-v2-server.key for tls-crypt-v2 server if not presant + if ($cgiparams{'TLSAUTH'} eq 'tls-crypt-v2') { + if ( ! -e "${General::swroot}/ovpn/certs/tc-v2-server.key") { + system('/usr/sbin/openvpn', '--genkey', 'tls-crypt-v2-server', "${General::swroot}/ovpn/certs/tc-v2-server.key"); + if ($?) { + $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; + goto ADV_ENC_ERROR; + } + } + } + &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings); &writeserverconf(); } @@ -1272,17 +1316,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg goto SETTINGS_ERROR; } - # Create ta.key for tls-auth if not presant - if ($cgiparams{'TLSAUTH'} eq 'on') { - if ( ! -e "${General::swroot}/ovpn/certs/ta.key") { - system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key"); - if ($?) { - $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; - goto SETTINGS_ERROR; - } - } - } - $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'}; $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'}; $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'}; @@ -1293,7 +1326,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg $vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'}; $vpnsettings{'DMTU'} = $cgiparams{'DMTU'}; $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'}; - $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'}; #wrtie enable if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");} @@ -1723,12 +1755,34 @@ END ### Download tls-auth key ### }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-auth key'}) { - if ( -f "${General::swroot}/ovpn/certs/ta.key" ) { - print "Content-Type: application/octet-stream\r\n"; - print "Content-Disposition: filename=ta.key\r\n\r\n"; - print `/bin/cat ${General::swroot}/ovpn/certs/ta.key`; - exit(0); - } + if ( -f "${General::swroot}/ovpn/certs/ta.key" ) { + print "Content-Type: application/octet-stream\r\n"; + print "Content-Disposition: filename=ta.key\r\n\r\n"; + print `/bin/cat ${General::swroot}/ovpn/certs/ta.key`; + exit(0); + } + +### +### Download tls-crypt key +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-crypt key'}) { + if ( -f "${General::swroot}/ovpn/certs/tc.key" ) { + print "Content-Type: application/octet-stream\r\n"; + print "Content-Disposition: filename=tc.key\r\n\r\n"; + print `/bin/cat ${General::swroot}/ovpn/certs/tc.key`; + exit(0); + } + +### +### Download tls-crypt-v2 key +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-crypt-v2 key'}) { + if ( -f "${General::swroot}/ovpn/certs/tc-v2-server.key" ) { + print "Content-Type: application/octet-stream\r\n"; + print "Content-Disposition: filename=tc-v2-server.key\r\n\r\n"; + print `/bin/cat ${General::swroot}/ovpn/certs/tc-v2-server.key`; + exit(0); + } ### ### Form for generating a root certificate @@ -2451,13 +2505,37 @@ else print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n"; - if ($vpnsettings{'TLSAUTH'} eq 'on') { - if ($cgiparams{'MODE'} eq 'insecure') { - print CLIENTCONF ";"; - } - print CLIENTCONF "tls-auth ta.key\r\n"; - $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "Can't add file ta.key\n"; + # Comment TLS-Auth directive if 'insecure' mode has been choosen + if ($vpnsettings{'TLSAUTH'} eq 'on') { + if ($cgiparams{'MODE'} eq 'insecure') { + print CLIENTCONF ";"; + } + print CLIENTCONF "tls-auth ta.key\r\n"; + $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "Can't add file ta.key\n"; } + + # Comment TLS-Crypt directive if 'insecure' mode has been choosen + if ($vpnsettings{'TLSAUTH'} eq 'tls-crypt') { + if ($cgiparams{'MODE'} eq 'insecure') { + print CLIENTCONF ";"; + } + print CLIENTCONF "tls-crypt tc.key\r\n"; + $zip->addFile( "${General::swroot}/ovpn/certs/tc.key", "tc.key") or die "Can't add file tc.key\n"; + } + + # Comment TLS-Crypt-v2 directive if 'insecure' mode has been choosen and generate individual key + if ($vpnsettings{'TLSAUTH'} eq 'tls-crypt-v2') { + if ($cgiparams{'MODE'} eq 'insecure') { + print CLIENTCONF ";"; + } + print CLIENTCONF "tls-crypt-v2 tc-v2-client-$confighash{$cgiparams{'KEY'}}[1].key\r\n"; + # Generate individual tls-crypt-v2 client key + my $cryptfile = "$tempdir/tc-v2-client-$confighash{$cgiparams{'KEY'}}[1].key"; + system('/usr/sbin/openvpn', '--tls-crypt-v2', "${General::swroot}/ovpn/certs/tc-v2-server.key", '--genkey', 'tls-crypt-v2-client', "$cryptfile"); + # Add individual tls-crypt-v2 client key to client package + $zip->addFile( "$cryptfile", "tc-v2-client-$confighash{$cgiparams{'KEY'}}[1].key") or die "Can't add file tc-v2-client-$confighash{$cgiparams{'KEY'}}[1].key\n"; + } + if ($vpnsettings{DCOMPLZO} eq 'on') { print CLIENTCONF "comp-lzo\r\n"; } @@ -2514,7 +2592,33 @@ else print CLIENTCONF "\r\n\r\n"; close(FILE); - # TLS auth + # Create individual tls-crypt-v2 client key and print it to client.conf if 'insecure' has been selected + if ($vpnsettings{'TLSAUTH'} eq 'tls-crypt-v2') { + my $cryptfile = "$tempdir/tc-v2-client-$confighash{$cgiparams{'KEY'}}[1].key"; + system('/usr/sbin/openvpn', '--tls-crypt-v2', "${General::swroot}/ovpn/certs/tc-v2-server.key", '--genkey', 'tls-crypt-v2-client', "$cryptfile"); + open(FILE, "<$cryptfile"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + } + + # Print TLS-Crypt key to client.ovpn if 'insecure' has been selected + if ($vpnsettings{'TLSAUTH'} eq 'tls-crypt') { + open(FILE, "<${General::swroot}/ovpn/certs/tc.key"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + } + + # Print TLS-Auth key to client.ovpn if 'insecure' has been selected if ($vpnsettings{'TLSAUTH'} eq 'on') { open(FILE, "<${General::swroot}/ovpn/certs/ta.key"); print CLIENTCONF "\r\n"; @@ -2706,6 +2810,50 @@ else exit(0); } +### +### Display tls-crypt key +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show tls-crypt key'}) { + + if (! -e "${General::swroot}/ovpn/certs/tc.key") { + $errormessage = $Lang::tr{'not present'}; + } else { + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'tc key'}"); + my $output = `/bin/cat ${General::swroot}/ovpn/certs/tc.key`; + $output = &Header::cleanhtml($output,"y"); + print "
$output
\n"; + &Header::closebox(); + print ""; + &Header::closebigbox(); + &Header::closepage(); + exit(0); + } + +### +### Display tls-crypt-v2 server key +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show tls-crypt-v2 key'}) { + + if (! -e "${General::swroot}/ovpn/certs/tc-v2-server.key") { + $errormessage = $Lang::tr{'not present'}; + } else { + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'tc v2 key'}"); + my $output = `/bin/cat ${General::swroot}/ovpn/certs/tc-v2-server.key`; + $output = &Header::cleanhtml($output,"y"); + print "
$output
\n"; + &Header::closebox(); + print ""; + &Header::closebigbox(); + &Header::closepage(); + exit(0); + } + ### ### Display Certificate Revoke List ### @@ -2758,9 +2906,6 @@ ADV_ERROR: if ($cgiparams{'LOG_VERB'} eq '') { $cgiparams{'LOG_VERB'} = '3'; } - if ($cgiparams{'TLSAUTH'} eq '') { - $cgiparams{'TLSAUTH'} = 'off'; - } $checked{'CLIENT2CLIENT'}{'off'} = ''; $checked{'CLIENT2CLIENT'}{'on'} = ''; $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED'; @@ -2981,6 +3126,7 @@ END } $confighash{$key}[39] = $cgiparams{'DAUTH'}; $confighash{$key}[40] = $cgiparams{'DCIPHER'}; + $confighash{$key}[41] = $cgiparams{'TLSAUTH'}; $confighash{$key}[42] = $cgiparams{'DATACIPHERS'}; $confighash{$key}[43] = $cgiparams{'CHANNELCIPHERS'}; $confighash{$key}[44] = $cgiparams{'NCHANNELCIPHERS'}; @@ -3004,6 +3150,17 @@ ADV_ENC_ERROR: @temp = split('\|', $cgiparams{'DAUTH'}); foreach my $key (@temp) {$checked{'DAUTH'}{$key} = "selected='selected'"; } + # Set default for TLS control authentication + if ($cgiparams{'TLSAUTH'} eq '') { + $cgiparams{'TLSAUTH'} = 'tls-crypt'; #[41] + } + $checked{'TLSAUTH'}{'on'} = ''; + $checked{'TLSAUTH'}{'off'} = ''; + $checked{'TLSAUTH'}{'tls-crypt'} = ''; + $checked{'TLSAUTH'}{'tls-crypt-v2'} = ''; + @temp = split('\|', $cgiparams{'TLSAUTH'}); + foreach my $key (@temp) {$checked{'TLSAUTH'}{$key} = "selected='selected'"; } + # Set default for data-cipher-fallback (the old --cipher directive) if ($cgiparams{'DCIPHER'} eq '') { $cgiparams{'DCIPHER'} = 'AES-256-CBC'; #[40] @@ -3058,12 +3215,14 @@ ADV_ENC_ERROR: if ($cgiparams{'ACTION'} eq $Lang::tr{'save-enc-options'}) { $confighash{$cgiparams{'KEY'}}[39] = $cgiparams{'DAUTH'}; $confighash{$cgiparams{'KEY'}}[40] = $cgiparams{'DCIPHER'}; + $confighash{$cgiparams{'KEY'}}[41] = $cgiparams{'TLSAUTH'}; $confighash{$cgiparams{'KEY'}}[42] = $cgiparams{'DATACIPHERS'}; $confighash{$cgiparams{'KEY'}}[43] = $cgiparams{'CHANNELCIPHERS'}; $confighash{$cgiparams{'KEY'}}[44] = $cgiparams{'NCHANNELCIPHERS'}; } else { $cgiparams{'DAUTH'} = $vpnsettings{'DAUTH'}; $cgiparams{'DCIPHER'} = $vpnsettings{'DCIPHER'}; + $cgiparams{'TLSAUTH'} = $vpnsettings{'TLSAUTH'}; $cgiparams{'DATACIPHERS'} = $vpnsettings{'DATACIPHERS'}; $cgiparams{'CHANNELCIPHERS'} = $vpnsettings{'CHANNELCIPHERS'}; $cgiparams{'NCHANNELCIPHERS'} = $vpnsettings{'NCHANNELCIPHERS'}; @@ -3175,6 +3334,7 @@ ADV_ENC_ERROR: $Lang::tr{'ovpn ha'} + $Lang::tr{'ovpn tls auth'} @@ -3193,6 +3353,14 @@ ADV_ENC_ERROR: + + + @@ -3972,7 +4140,6 @@ if ($confighash{$cgiparams{'KEY'}}) { $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37]; $cgiparams{'DAUTH'} = $confighash{$cgiparams{'KEY'}}[39]; $cgiparams{'DCIPHER'} = $confighash{$cgiparams{'KEY'}}[40]; - $cgiparams{'TLSAUTH'} = $confighash{$cgiparams{'KEY'}}[41]; # Index from [39] to [44] has been reserved by advanced encryption $cgiparams{'CLIENTVERSION'} = $confighash{$cgiparams{'KEY'}}[45]; } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { @@ -4890,10 +5057,6 @@ if ($cgiparams{'TYPE'} eq 'net') { $checked{'MSSFIX'}{'on'} = ''; $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED'; - $checked{'TLSAUTH'}{'off'} = ''; - $checked{'TLSAUTH'}{'on'} = ''; - $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED'; - if (1) { &Header::showhttpheaders(); &Header::openpage($Lang::tr{'ovpn'}, 1, ''); @@ -5439,9 +5602,6 @@ END if ($cgiparams{'MSSFIX'} eq '') { $cgiparams{'MSSFIX'} = 'off'; } - if ($cgiparams{'TLSAUTH'} eq '') { - $cgiparams{'TLSAUTH'} = 'off'; - } if ($cgiparams{'DOVPN_SUBNET'} eq '') { $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0'; } @@ -5459,10 +5619,6 @@ END $selected{'DPROTOCOL'}{'tcp'} = ''; $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED'; - $checked{'TLSAUTH'}{'off'} = ''; - $checked{'TLSAUTH'}{'on'} = ''; - $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED'; - $checked{'DCOMPLZO'}{'off'} = ''; $checked{'DCOMPLZO'}{'on'} = ''; $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED'; @@ -5565,17 +5721,6 @@ END -
- - $Lang::tr{'ovpn crypt options'}: - -
- - - $Lang::tr{'ovpn tls auth'} - - -

END ; @@ -5874,6 +6019,10 @@ END my $col3="bgcolor='$color{'color22'}'"; # ta.key line my $col4="bgcolor='$color{'color20'}'"; + # tc-v2.key line + my $col5="bgcolor='$color{'color22'}'"; + # tc.key + my $col6="bgcolor='$color{'color20'}'"; if (-f "${General::swroot}/ovpn/ca/cacert.pem") { my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`; @@ -6003,7 +6152,7 @@ END # Nothing print < - $Lang::tr{'ta key'}: + $Lang::tr{'ta key'} $Lang::tr{'not present'}   @@ -6011,6 +6160,51 @@ END ; } + # Adding tc-v2.key to chart + if (-f "${General::swroot}/ovpn/certs/tc-v2-server.key") { + my $tcvsubject = `/bin/cat ${General::swroot}/ovpn/certs/tc-v2-server.key`; + $tcvsubject =~ /-----BEGIN (.*)-----[\n]/; + $tcvsubject = $1; + print < + $Lang::tr{'tc v2 key'} + $tcvsubject +
+ + +
+
+   + +END +; + } + + # Adding tc.key to chart + if (-f "${General::swroot}/ovpn/certs/tc.key") { + my $tcsubject = `/bin/cat ${General::swroot}/ovpn/certs/tc.key`; + $tcsubject =~ /# (.*)[\n]/; + $tcsubject = $1; + print < + $Lang::tr{'tc key'} + $tcsubject + + + + +
+ + +
+   + +END +; + } + if (! -f "${General::swroot}/ovpn/ca/cacert.pem") { print "
"; print ""; diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index a4c166bfe..b6093be3e 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -894,6 +894,9 @@ 'download new ruleset' => 'Neuen Regelsatz herunterladen', 'download pkcs12 file' => 'PKCS12-Datei herunterladen', 'download root certificate' => 'Root-Zertifikat herunterladen', +'download tls-auth key' => 'TLS-Auth Schlüssel herunterladen', +'download tls-crypt key' => 'TLS-Crypt Schlüssel herunterladen', +'download tls-crypt-v2 key' => 'TLS-Crypt-v2 Schlüssel herunterladen', 'download tls-auth key' => 'tls-auth Key herunterladen', 'dpd action' => 'Aktion für Erkennung toter Gegenstellen (Dead Peer Detection)', 'dpd delay' => 'Verzögerung', @@ -1951,7 +1954,7 @@ 'ovpn subnet' => 'OpenVPN-Subnetz:', 'ovpn subnet is invalid' => 'Das OpenVPN-Subnetz ist ungültig.', 'ovpn subnet overlap' => 'OpenVPNSubnetz überschneidet sich mit ', -'ovpn tls auth' => 'TLS-Kanalabsicherung:', +'ovpn tls auth' => 'TLS-Kanalabsicherung', 'ovpn warning 64 bit block cipher' => 'Diser Algorithmus ist unsicher und wird bald entfernt.
Bitte ändern Sie dies so schnell wie möglich!
', 'ovpn warning algorithm' => 'Folgender Algorithmus wurde konfiguriert', 'ovpn warning rfc3280' => 'Das Host Zertifikat ist nicht RFC3280 Regelkonform.
Bitte IPFire auf die letzte Version updaten und generieren sie ein neues Root und Host Zertifikat so bald wie möglich.

Es müssen dann alle OpenVPN clients erneuert werden!
', @@ -2226,6 +2229,9 @@ 'show last x lines' => 'die letzten x Zeilen anzeigen', 'show root certificate' => 'Root-Zertifikat anzeigen', 'show share options' => 'Anzeige der Freigabeeinstellungen', +'show tls-auth key' => 'TLS-Auth Schlüssel anzeigen', +'show tls-crypt key' => 'TLS-Crypt Schlüssel anzeigen', +'show tls-crypt-v2 key' => 'TLS-Crypt-v2 Schlüssel anzeigen', 'shuffle' => 'Zufall', 'shutdown' => 'Herunterfahren', 'shutdown ask' => 'Herunterfahren?', @@ -2352,6 +2358,8 @@ 'system logs' => 'Systemprotokolldateien', 'system status information' => 'System-Statusinformationen', 'ta key' => 'TLS-Authentifizierungsschlüssel', +'tc key' => 'TLS-Kryptografie-Schlüssel', +'tc v2 key' => 'TLS-Kryptografie-Schlüssel-Version2', 'taa zombieload2' => 'TSX Async Abort / ZombieLoad v2', 'tcp more reliable' => 'TCP (zuverlässiger)', 'telephone not set' => 'Telefonnummer nicht angegeben.', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index dc324676a..fe2a9d65d 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -918,7 +918,9 @@ 'download new ruleset' => 'Download new ruleset', 'download pkcs12 file' => 'Download PKCS12 file', 'download root certificate' => 'Download root certificate', -'download tls-auth key' => 'Download tls-auth key', +'download tls-auth key' => 'Download TLS-Auth key', +'download tls-crypt key' => 'Download TLS-Crypt key', +'download tls-crypt-v2 key' => 'Download TLS-Crypt-v2 server key', 'dpd action' => 'Action', 'dpd delay' => 'Delay', 'dpd timeout' => 'Timeout', @@ -1983,7 +1985,7 @@ 'ovpn subnet' => 'OpenVPN subnet:', 'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.', 'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ', -'ovpn tls auth' => 'TLS Channel Protection:', +'ovpn tls auth' => 'TLS Channel Protection', 'ovpn warning 64 bit block cipher' => 'This encryption algorithm is broken and will soon be removed.
Please change this as soon as possible!
', 'ovpn warning algorithm' => 'You configured the algorithm', 'ovpn warning rfc3280' => 'Your host certificate is not RFC3280 compliant.
Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.

All OpenVPN clients needs then to be renewed!
', @@ -2262,7 +2264,9 @@ 'show lines' => 'Show lines', 'show root certificate' => 'Show root certificate', 'show share options' => 'Show shares options', -'show tls-auth key' => 'Show tls-auth key', +'show tls-auth key' => 'Show TLS-Auth key', +'show tls-crypt key' => 'Show TLS-Crypt key', +'show tls-crypt-v2 key' => 'Show TLS-Crypt-v2 key', 'shuffle' => 'Shuffle', 'shutdown' => 'Shutdown', 'shutdown ask' => 'Shutdown?', @@ -2390,6 +2394,8 @@ 'system logs' => 'System Logs', 'system status information' => 'System Status Information', 'ta key' => 'TLS-Authentification-Key', +'tc key' => 'TLS-Cryptografic-Key', +'tc v2 key' => 'TLS-Cryptografic-Key-version2', 'taa zombieload2' => 'TSX Async Abort / ZombieLoad v2', 'tcp more reliable' => 'TCP (more reliable)', 'telephone not set' => 'Telephone not set.', diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl index 1a0272b8a..99aa73482 100644 --- a/langs/es/cgi-bin/es.pl +++ b/langs/es/cgi-bin/es.pl @@ -717,6 +717,9 @@ 'download new ruleset' => 'Descargar nuevo grupo de reglas', 'download pkcs12 file' => 'Descargar archivo PKCS12', 'download root certificate' => 'Descargar certificado root', +'download tls-auth key' => 'Descargar llave TLS-Auth', +'download tls-crypt key' => 'Descargar llave TLS-Crypt', +'download tls-crypt-v2 key' => 'Descargar llave servidor TLS-Crypt-v2', 'dpd action' => 'Acción al detectar Dead Peer', 'driver' => 'Driver', 'drop input' => 'Registrar paquetes descartados', @@ -1352,6 +1355,7 @@ 'ovpn subnet' => 'Subred de OpenVPN (ej. 10.0.10.0/255.255.255.0', 'ovpn subnet is invalid' => 'Subred de OpenVPN no es válida.', 'ovpn subnet overlap' => 'La subred de OpenVPN se traslapa con:', +'ovpn tls auth' => 'Protección Canal TLS', 'ovpn warning 64 bit block cipher' => 'Este algoritmo de cifrado del está roto y pronto se eliminará.
¡Por favor, cambie esto lo antes posible!
', 'ovpn warning algorithm' => 'Se configuró el siguiente algoritmo', 'ovpn_fastio' => 'Fast-IO', @@ -1596,6 +1600,9 @@ 'show lines' => 'Mostrar líneas', 'show root certificate' => 'Mostrar certificado root', 'show share options' => 'Mostrar opciones de recursos compartidos', +'show tls-auth key' => 'Mostrar llave TLS-Auth', +'show tls-crypt key' => 'Mostrar llave TLS-Crypt', +'show tls-crypt-v2 key' => 'Mostrar llave TLS-Crypt-v2', 'shuffle' => 'Al azar', 'shutdown' => 'Apagar', 'shutdown ask' => '¿Apagar?', @@ -1698,6 +1705,9 @@ 'system log viewer' => 'Visor de registros (logs) del sistema', 'system logs' => 'Registros del sistema', 'system status information' => 'Información de status del sistema', +'ta key' => 'Clave de Autentificación-TLS', +'tc key' => 'Clave Criptográfica-TLS', +'tc v2 key' => 'Clave Criptográfica-TLS versión 2', 'telephone not set' => 'Teléfono no establecido.', 'template' => 'Preestablecido', 'template warning' => 'Tiene dos opciones para establecer QoS. La primera, presionar el botón Guardar y generar clases y reglas por ud. mismo. La segunda, presione el botón preestablecidos y las clases y reglas se generarán a partir de una plantilla', diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index d5deea1c0..349ebb83d 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -921,7 +921,9 @@ 'download new ruleset' => 'Télécharger de nouvelles règles', 'download pkcs12 file' => 'Télécharger le fichier PKCS12', 'download root certificate' => 'Télécharger le certificat Root', -'download tls-auth key' => 'Télécharger la clé tls-auth', +'download tls-auth key' => 'Télécharger la clé TLS-Auth', +'download tls-crypt key' => 'Télécharger la clef TLS-Crypt', +'download tls-crypt-v2 key' => 'Télécharger la clef server TLS-Crypt-v2', 'dpd action' => 'Détection du pair mort', 'dpd delay' => 'Retard', 'dpd timeout' => 'Délai dépassé', @@ -1984,7 +1986,7 @@ 'ovpn subnet' => 'Sous-réseau OpenVPN', 'ovpn subnet is invalid' => 'Sous-réseau OpenVPN non valide.', 'ovpn subnet overlap' => 'Le sous-réseau OpenVPN se chevauche avec : ', -'ovpn tls auth' => 'Protection du canal TLS :', +'ovpn tls auth' => 'Protection du canal TLS', 'ovpn warning 64 bit block cipher' => 'Ce L\'algorithme de chiffage du n\'est plus sûr et sera bientôt supprimé.
Veuillez changer cela dès que possible!
', 'ovpn warning algorithm' => 'L\'algorithme suivant a été configuré', 'ovpn warning rfc3280' => 'Votre certificat d\'hôte n\'est pas conforme avec la RFC3280.
Veuillez mettre à jour la dernière version d\'IPFire et générer dès que possible un nouveau certificat racine et hôte.

Tous les clients OpenVPN doivent ensuite être renouvelés !
', @@ -2266,7 +2268,9 @@ 'show lines' => 'Montrer les lignes', 'show root certificate' => 'Afficher le certificat root', 'show share options' => 'Montrer les options partagées', -'show tls-auth key' => 'Afficher clef tls-auth', +'show tls-auth key' => 'Afficher clef TLS-Auth', +'show tls-crypt key' => 'Montrer la clef TLS-Crypt', +'show tls-crypt-v2 key' => 'Montrer la clef TLS-Crypt-v2', 'shuffle' => 'Mélanger', 'shutdown' => 'Arrêter', 'shutdown ask' => 'Arrêter ?', @@ -2394,6 +2398,8 @@ 'system logs' => 'Rapports système', 'system status information' => 'Informations sur le statut du système', 'ta key' => 'Clé d\'authentification TLS', +'tc key' => 'Clef de chiffrage TLS', +'tc v2 key' => 'Clef de chiffrage TLS version2', 'taa zombieload2' => 'TSX Async Abort / ZombieLoad v2', 'tcp more reliable' => 'TCP (plus fiable)', 'telephone not set' => 'Numéro de téléphone non défini.', diff --git a/langs/it/cgi-bin/it.pl b/langs/it/cgi-bin/it.pl index ad16de583..cbbb3bb80 100644 --- a/langs/it/cgi-bin/it.pl +++ b/langs/it/cgi-bin/it.pl @@ -1739,6 +1739,7 @@ 'ovpn subnet' => 'OpenVPN subnet (e.g. 10.0.10.0/255.255.255.0)', 'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.', 'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ', +'ovpn tls auth' => 'Protezione del canale TLS', 'ovpn warning 64 bit block cipher' => 'L\'algoritmo di crittografia è insicuro e verrà presto disinstallato.
Si prega di cambiare il più presto possibile!
', 'ovpn warning algorithm' => 'È stato configurato il seguente algoritmo', 'ovpn_fastio' => 'Fast-IO', @@ -1994,7 +1995,9 @@ 'show lines' => 'Show lines', 'show root certificate' => 'Show root certificate', 'show share options' => 'Show shares options', -'show tls-auth key' => 'Show tls-auth key', +'show tls-auth key' => 'Mostra la chiave TLS-Auth', +'show tls-crypt key' => 'Mostra la chiave TLS-Crypt', +'show tls-crypt-v2 key' => 'Mostra la chiave TLS-Crypt v2', 'shuffle' => 'Shuffle', 'shutdown' => 'Spegni', 'shutdown ask' => 'Spegni?', @@ -2107,6 +2110,8 @@ 'system logs' => 'Log di Sistema', 'system status information' => 'Informazioni e stato del sistema', 'ta key' => 'TLS-Authentification-Key', +'tc key' => 'Chiave-Crittografica-TLS', +'tc v2 key' => 'Chiave-Crittografica-TLS-v2', 'telephone not set' => 'Telephone not set.', 'template' => 'Preset', 'template warning' => 'Ci sono due opzioni per impostare il Qos. La prima: si preme il pulsante Salva e poi si generano le classi e le regole da soli. La seconda: si preme il tasto di preset e le classi e le regole saranno automaticamente generate da un modello.', diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl index b0f037e0c..23ccaedf9 100644 --- a/langs/nl/cgi-bin/nl.pl +++ b/langs/nl/cgi-bin/nl.pl @@ -794,6 +794,9 @@ 'download new ruleset' => 'Download nieuwe regelset', 'download pkcs12 file' => 'Download PKCS12 bestand', 'download root certificate' => 'Download root certificaat', +'download tls-auth key' => 'Download TLS-Auth sleutel', +'download tls-crypt key' => 'Download TLS-Crypt sleutel', +'download tls-crypt-v2 key' => 'Download TLS-Crypt-v2 server sleutel', 'dpd action' => 'Dead peer-detectie actie', 'dpd delay' => 'Vertraging', 'dpd timeout' => 'Timeout', @@ -1660,12 +1663,13 @@ 'ovpn' => 'OpenVPN', 'ovpn con stat' => 'OpenVPN connectiestatistieken', 'ovpn config' => 'OVPN-Configuratie', +'ovpn crypt options' => 'Cryptografische opties', 'ovpn channel encryption' => 'Control-kanaal versleuteling', 'ovpn control channel v2' => 'Controle-Kanaal TLSv2', 'ovpn control channel v3' => 'Controle-Kanaal TLSv3', 'ovpn data encryption' => 'Datakanaalversleuteling', 'ovpn data channel authentication' => 'Gegevens en kanaal verificatie', -'ovpn data channel' => 'Data-kanaal', +'ovpn data channel' => 'Data-Kanaal', 'ovpn data channel fallback' => 'Data-Kanaal terugval', 'ovpn device' => 'OpenVPN apparaat:', 'ovpn dl' => 'OVPN-Configuratie download', @@ -1693,6 +1697,7 @@ 'ovpn subnet' => 'OpenVPN subnet (bijv. 10.0.10.0/255.255.255.0)', 'ovpn subnet is invalid' => 'OpenVPN subnet is ongeldig.', 'ovpn subnet overlap' => 'OpenVPN subnet overlapt met : ', +'ovpn tls auth' => 'TLS Kanaal bescherming', 'ovpn warning 64 bit block cipher' => 'Dit encryptie algoritme is verbroken en zal binnenkort worden verwijderd.
Verander dit zo snel mogelijk!
', 'ovpn warning algorithm' => 'U hebt het algoritme geconfigureerd', 'ovpn warning rfc3280' => 'Uw gastheercertificaat is niet RFC3280-conform.
Please-update naar de nieuwste IPFire-versie en genereer zo snel mogelijk een nieuw root- en host-certificaat.

Alle OpenVPN-clients moeten dan vernieuwd worden!
', @@ -1948,6 +1953,9 @@ 'show lines' => 'Toon regels', 'show root certificate' => 'Toon root certificaat', 'show share options' => 'Toon shares opties', +'show tls-auth key' => 'Toon TLS-Auth sleutel', +'show tls-crypt key' => 'Toon TLS-Crypt sleutel', +'show tls-crypt-v2 key' => 'Toon TLS-Crypt-v2 sleutel', 'shuffle' => 'Willekeurige volgorde', 'shutdown' => 'Afsluiten', 'shutdown ask' => 'Afsluiten?', @@ -2057,6 +2065,9 @@ 'system log viewer' => 'Systeem Log Viewer', 'system logs' => 'Systeem logs', 'system status information' => 'Systeem Status Informatie', +'ta key' => 'TLS-Authentificatie-sleutel', +'tc key' => 'TLS-Cryptografische-sleutel', +'tc v2 key' => 'TLS-Cryptografische sleutel-versie2', 'telephone not set' => 'Telefoon niet ingesteld.', 'template' => 'Vooringesteld', 'template warning' => 'U heeft twee opties voor QoS. Bij de eerste klikt u op de knop opslaan en genereert u zelf de klassen en regels. Voor de tweede klikt u op de "vooringesteld" knop en worden de regels middels een sjabloon voor u ingesteld.', diff --git a/langs/pl/cgi-bin/pl.pl b/langs/pl/cgi-bin/pl.pl index 5e8ec0864..fb7c12e85 100644 --- a/langs/pl/cgi-bin/pl.pl +++ b/langs/pl/cgi-bin/pl.pl @@ -719,6 +719,9 @@ 'download new ruleset' => 'Pobierz nowy zestaw reguł', 'download pkcs12 file' => 'Pobierz plik PKCS12', 'download root certificate' => 'Pobierz certyfikat root', +'download tls-auth key' => 'Pobierz klucz TLS-Auth', +'download tls-crypt key' => 'Pobierz klucz TLS-Crypt', +'download tls-crypt-v2 key' => 'Pobierz klucz serwera TLS-Crypt-v2', 'dpd action' => 'Dead Peer Detection action', 'driver' => 'Sterownik', 'drop input' => 'Loguj odrzucone pakiety wejściowe (input packets)', @@ -1365,6 +1368,7 @@ 'ovpn subnet' => 'Podsieć OpenVPN (np. 10.0.10.0/255.255.255.0)', 'ovpn subnet is invalid' => 'Podsieć OpenVPN jest niepoprawna.', 'ovpn subnet overlap' => 'Podsieć OpenVPN zachodzi na : ', +'ovpn tls auth' => 'Ochrona Kanału-TLS', 'ovpn warning 64 bit block cipher' => 'Szyfr danych wymaga co najmniej jednego szyfru.
Proszę to zmienić jak najszybciej!
', 'ovpn warning algorithm' => 'Skonfigurowałeś algorytm', 'ovpn_fastio' => 'Fast-IO', @@ -1609,6 +1613,9 @@ 'show lines' => 'Pokaż linie', 'show root certificate' => 'Pokaż certyfikat root', 'show share options' => 'Pokaż opcje zasobu', +'show tls-auth key' => 'Pokaż klucz TLS-Auth', +'show tls-crypt key' => 'Pokaż klucz TLS-Crypt', +'show tls-crypt-v2 key' => 'Pokaż klucz TLS-Crypt-v2', 'shuffle' => 'Losowo', 'shutdown' => 'Wyłącz', 'shutdown ask' => 'Wyłączyć?', @@ -1712,6 +1719,9 @@ 'system log viewer' => 'Przegląd logów systemu', 'system logs' => 'Logi systemu', 'system status information' => 'Informacje o stanie systemu', +'ta key' => 'TLS-Klucz-Uwierzytelniający', +'tc key' => 'TLS-Klucz-Kryptograficzny', +'tc v2 key' => 'TLS-Klucz-Kryptograficzny-wersja2', 'telephone not set' => 'Telephone not set.', 'template' => 'Schemat', 'template warning' => 'Masz 2 możliwości skonfigurowania QoS. Pierwsza to naciśnięcie przycisku zapisz i skonfigurowanie klas i reguł samodzielnie. Druga to wciśnięcie przycisku schemat aby utworzyć klasy i reguły ze schematu.', diff --git a/langs/ru/cgi-bin/ru.pl b/langs/ru/cgi-bin/ru.pl index 6e3af2d7e..c4520ae2c 100644 --- a/langs/ru/cgi-bin/ru.pl +++ b/langs/ru/cgi-bin/ru.pl @@ -714,6 +714,9 @@ 'download new ruleset' => 'Загрузить новые правила', 'download pkcs12 file' => 'Загрузить PKCS12 файл', 'download root certificate' => 'Загрузить root сертификат', +'download tls-auth key' => 'Скачать TLS-Auth ключ', +'download tls-crypt key' => 'Скачать TLS-Crypt ключ', +'download tls-crypt-v2 key' => 'Скачать серверный ключ TLS-Crypt-v2', 'dpd action' => 'Действие при обнаружении Dead Peer', 'driver' => 'Драйвер', 'drop input' => 'Записывать сброшенные входящие пакеты', @@ -1339,6 +1342,7 @@ 'ovpn channel encryption' => 'Шифрование каналов управления', 'ovpn control channel v2' => 'Канал-управления TLSv2', 'ovpn control channel v3' => 'Канал-управления TLSv3', +'ovpn crypt options' => 'Криптографические опции', 'ovpn data encryption' => 'шифрование-каналов данных', 'ovpn data channel authentication' => 'Аутентификация данных и каналов', 'ovpn data channel' => 'Информационный-канал', @@ -1359,6 +1363,7 @@ 'ovpn subnet' => 'Подсеть OpenVPN (e.g. 10.0.10.0/255.255.255.0)', 'ovpn subnet is invalid' => 'Подсеть OpenVPN задана неверно.', 'ovpn subnet overlap' => 'Подсеть OpenVPN пересекается с: ', +'ovpn tls auth' => 'Защита канала TLS', 'ovpn warning 64 bit block cipher' => 'Этот алгоритм шифрования сломан и вскоре будет удален.
Пожалуйста, измените это как можно скорее!
', 'ovpn warning algorithm' => 'Вы настроили алгоритм', 'ovpn_fastio' => 'Fast-IO', @@ -1603,6 +1608,9 @@ 'show lines' => 'Показать строки', 'show root certificate' => 'Показать root сертификат', 'show share options' => 'Показать настройки общих ресурсов', +'show tls-auth key' => 'Показать ключ TLS-Auth', +'show tls-crypt key' => 'Показать ключ TLS-Crypt', +'show tls-crypt-v2 key' => 'Показать ключ TLS-Crypt-клавиша-v2', 'shuffle' => 'Перемешать', 'shutdown' => 'Выключить', 'shutdown ask' => 'Выключить?', @@ -1706,6 +1714,9 @@ 'system log viewer' => 'System Log Viewer', 'system logs' => 'Системные журналы', 'system status information' => 'System Status Information', +'ta key' => 'TLS-Аутентификация-Кей', +'tc key' => 'TLS-криптографический-ключ', +'tc v2 key' => 'TLS-криптографическая-версия2', 'telephone not set' => 'Telephone not set.', 'template' => 'Задать', 'template warning' => 'У Вас есть две опции для установки Qos. Первая - нажать кнопку сохранения и сгенерировать классы и правила самостоятельно. Вторая - задать правила по шаблону.', diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl index e55a73aa3..1cde33dc7 100644 --- a/langs/tr/cgi-bin/tr.pl +++ b/langs/tr/cgi-bin/tr.pl @@ -879,6 +879,9 @@ 'download new ruleset' => 'Yeni Kural Kümesi İndir', 'download pkcs12 file' => 'PKCS12 dosyasını indir', 'download root certificate' => 'Root sertifikasını indir', +'download tls-auth key' => 'TLS-Auth anahtarını indirin', +'download tls-crypt key' => 'TLS-Crypt anahtarını indirin', +'download tls-crypt-v2 key' => 'TLS-Crypt-v2 sunucu anahtarını indirin', 'download tls-auth key' => 'Tls kimlik doğrulama anahtarını indir', 'dpd action' => 'Hareketsiz eş algılama eylemi', 'dpd delay' => 'Gecikme', @@ -1884,6 +1887,7 @@ 'ovpn subnet' => 'OpenVPN alt ağı (örneğin 10.0.10.0/255.255.255.0)', 'ovpn subnet is invalid' => 'Geçersiz OpenVPN alt ağı.', 'ovpn subnet overlap' => 'OpenVPN alt ağı ile örtüşenler: ', +'ovpn tls auth' => 'TLS Kanal Koruması', 'ovpn warning 64 bit block cipher' => 'Bu şifreleme algoritması bozuldu ve yakında kaldırılacak.
Lütfen bunu mümkün olan en kısa sürede değiştirin!
', 'ovpn warning algorithm' => 'Algoritmayı sen yapılandırdın', 'ovpn_fastio' => 'Hızlı-IO', @@ -2148,6 +2152,9 @@ 'show root certificate' => 'Root sertifikasını göster', 'show share options' => 'Paylaşım seçeneklerini göster', 'show tls-auth key' => 'Tls kimlik doğrulama anahtarını göster', +'show tls-auth key' => 'TLS-Auth anahtarını göster', +'show tls-crypt key' => 'TLS-Crypt anahtarını göster', +'show tls-crypt-v2 key' => 'TLS-Crypt-v2 anahtarını göster', 'shuffle' => 'Karma', 'shutdown' => 'Kapat', 'shutdown ask' => 'Kapat?', @@ -2260,6 +2267,8 @@ 'system logs' => 'Sistem Günlükleri', 'system status information' => 'Sistem Durum Bilgisi', 'ta key' => 'TLS Kimlik Doğrulama Anahtarı', +'tc key' => 'TLS-Şifreleme-Anahtarı', +'tc v2 key' => 'TLS-Şifreleme-Anahtarı-versiyon 2', 'tcp more reliable' => 'TCP (daha güvenli)', 'telephone not set' => 'Telefon ayarlanmamış.', 'template' => 'Ön Ayar',