initial commit of file from CVS for smeserver-openvpn-bridge on Sat Sep 7 19:57:25 AEST 2024

2024-09-07 19:57:25 +10:00 · 2024-09-07 19:57:25 +10:00 · 9dcb47db31
commit 9dcb47db31
parent d755aea606
73 changed files with 14036 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,4 @@
+*.rpm
+*.log
+*spec-20*
+*.tar.xz
--- a/21
+++ b/21
@ -0,0 +1,21 @@
+# Makefile for source rpm: smeserver-openvpn-bridge
+# $Id: Makefile,v 1.1 2021/02/04 16:20:56 brianr Exp $
+NAME := smeserver-openvpn-bridge
+SPECFILE = $(firstword $(wildcard *.spec))
+
+define find-makefile-common
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+endef
+
+MAKEFILE_COMMON := $(shell $(find-makefile-common))
+
+ifeq ($(MAKEFILE_COMMON),)
+# attept a checkout
+define checkout-makefile-common
+test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
+endef
+
+MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
+endif
+
+include $(MAKEFILE_COMMON)
--- a/README.md
+++ b/README.md
@ -1,3 +1,15 @@
-# smeserver-openvpn-bridge
+# <img src="https://www.koozali.org/images/koozali/Logo/Png/Koozali_logo_2016.png" width="25%" vertical="auto" style="vertical-align:bottom"> smeserver-openvpn-bridge

-SMEServer Koozali developed git repo for smeserver-openvpn-bridge smecontribs
+SMEServer Koozali developed git repo for smeserver-openvpn-bridge smecontribs
+
+## Wiki
+<br />https://wiki.koozali.org/
+
+## Bugzilla
+Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-openvpn-bridge&product=SME%20Contribs&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
+
+## Description
+
+<br />*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.*
+*Once it has been checked, then this comment will be deleted*
+<br />
--- a/1
+++ b/1
@ -0,0 +1 @@
+contribs10
--- a/57
+++ b/57
@ -0,0 +1,57 @@
+#!/usr/bin/perl -w
+
+use esmith::Build::CreateLinks qw(:all);
+
+safe_symlink("restart", "root/etc/e-smith/events/openvpn-bridge-update/services2adjust/openvpn-bridge");
+safe_symlink("restart", "root/etc/e-smith/events/network-create/services2adjust/openvpn-bridge");
+safe_symlink("restart", "root/etc/e-smith/events/network-delete/services2adjust/openvpn-bridge");
+
+
+panel_link("openvpnbridge", 'manager');
+
+templates2events("/etc/openvpn/bridge/openvpn.conf", "openvpn-bridge-update");
+
+templates2events("/etc/openvpn/bridge/management-pass.txt", qw(openvpn-bridge-update bootstrap-console-save));
+templates2events("/etc/openvpn/bridge/openvpn.conf", qw(openvpn-bridge-update bootstrap-console-save network-create network-delete));
+templates2events("/etc/crontab", qw(openvpn-bridge-update));
+
+event_link("openvpn-bridge-reload-ccd", "openvpn-bridge-update", "20");
+event_link("openvpn-bridge-update-crl", "openvpn-bridge-update", "30");
+event_link("openvpn-bridge-reload-ccd", "openvpn-bridge-reload-ccd", "20");
+event_link("openvpn-bridge-update-crl", "openvpn-bridge-reload-ccd", "30");
+
+event_link("openvpn-bridge-jail", "openvpn-bridge-update" , "03");
+event_link("openvpn-bridge-jail", "bootstrap-console-save" , "03");
+
+# our event specific for updating with yum without reboot
+$event = "smeserver-openvpn-bridge-update";
+#add here the path to your templates needed to expand
+#see the /etc/systemd/system-preset/49-koozali.preset should be present for systemd integration on all you yum update event
+
+foreach my $file (qw(
+                /etc/systemd/system-preset/49-koozali.preset
+                /etc/crontab
+                /etc/openvpn/bridge/management-pass.txt
+                /etc/openvpn/bridge/openvpn.conf
+
+))
+{
+    templates2events( $file, $event );
+}
+
+#action needed in case we have a systemd unit
+event_link("systemd-default", $event, "88");
+event_link("systemd-reload", $event, "89");
+event_link("openvpn-bridge-jail", $event, "03");
+#action specific to this package
+event_link("openvpn-bridge-update", $event, "60");
+#services we need to restart
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/openvpn-bridge");
+
+
+use esmith::Build::Backup qw(:all);
+backup_includes("smeserver-openvpn-bridge", qw(
+/etc/openvpn/bridge/priv
+/etc/openvpn/bridge/pub
+/var/log/openvpn-bridge
+));
--- a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/Cipher
+++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/Cipher
@ -0,0 +1 @@
+AES-128-CBC
--- a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/ConfigRequired
+++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/ConfigRequired
@ -0,0 +1 @@
+disabled
--- a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/CrlUrl
+++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/CrlUrl
@ -0,0 +1 @@
+http://localhost:940/phpki/index.php?stage=dl_crl_pem
--- a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/HMAC
+++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/HMAC
@ -0,0 +1 @@
+SHA256
--- a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/UDPPort
+++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/UDPPort
@ -0,0 +1 @@
+1194
--- a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/access
+++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/access
@ -0,0 +1 @@
+public
--- a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/clientToClient
+++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/clientToClient
@ -0,0 +1 @@
+disabled
--- a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/maxClients
+++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/maxClients
@ -0,0 +1 @@
+20
--- a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/redirectGW
+++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/redirectGW
@ -0,0 +1 @@
+PerClient
--- a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/status
+++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/status
@ -0,0 +1 @@
+disabled
--- a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/tapIf
+++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/tapIf
@ -0,0 +1 @@
+tap0
--- a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/type
+++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/type
@ -0,0 +1 @@
+service
--- a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/userAuth
+++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/userAuth
@ -0,0 +1 @@
+CrtWithPass
--- a/root/etc/e-smith/db/configuration/migrate/50openvpn-bridge-management-pass
+++ b/root/etc/e-smith/db/configuration/migrate/50openvpn-bridge-management-pass
@ -0,0 +1,12 @@
+{
+    my $openvpn = $DB->get('openvpn-bridge') || $DB->new_record('openvpn-bridge', {type => 'service'});
+    my $management = $openvpn->prop('management') || '';
+    # If the management interface is already defined, return nothing
+    return "" if ($management ne '');
+
+    # Else, we generate a random password
+    
+    $pass=`/usr/bin/openssl rand -base64 20 | tr -c -d '[:alnum:]'`;
+    $openvpn->set_prop('management',"localhost:11194:$pass");
+}
+
--- a/root/etc/e-smith/db/configuration/migrate/50openvpn-bridge-range
+++ b/root/etc/e-smith/db/configuration/migrate/50openvpn-bridge-range
@ -0,0 +1,36 @@
+{
+    my $openvpn = $DB->get('openvpn-bridge') || $DB->new_record('openvpn-bridge', {type => 'service'});
+    my $start = $openvpn->prop('startPool') || '';
+    my $end = $openvpn->prop('endPool') || '';
+    
+    # If start and end are define, we return an empty string
+    return "" if ($start ne '' and $end ne '');
+
+    # Else, we compute valid address
+
+    $start = '0.0.0.10';
+    $end = '0.0.0.30';
+
+    $start =  esmith::util::IPquadToAddr($start);
+    $end =  esmith::util::IPquadToAddr($end);
+    my $netmask = esmith::util::IPquadToAddr($LocalNetmask);
+    my $localnet = esmith::util::IPquadToAddr($LocalIP) & $netmask;
+
+    # AND-out the host bits from the start and end ips.
+    # And, OR our local network with our start and end host values.
+    $start = $localnet | ($start & ~$netmask);
+    $end = $localnet | ($end & ~$netmask);
+
+    # Make sure that $start is less than $end (might not be if netmask has changed)
+    if ($start > $end)
+    {   
+        my $temp = $start;
+        $start = $end;
+        $end = $temp;
+    } 
+    
+    $openvpn->merge_props(startPool => esmith::util::IPaddrToQuad($start),
+                        endPool => esmith::util::IPaddrToQuad($end));
+
+
+}
--- a/root/etc/e-smith/db/configuration/migrate/50openvpn-cipher
+++ b/root/etc/e-smith/db/configuration/migrate/50openvpn-cipher
@ -0,0 +1,16 @@
+{
+    #migrate cipher to Cipher that is used in all other openvpn contribs
+    my $opv = $DB->get('openvpn-bridge') || $DB->new_record('openvpn-bridge', {type => 'service'});
+
+    my %old2new = (
+		'cipher'       => "Cipher",
+                );
+
+    for my $keyt ( keys %old2new )
+    {
+        next unless (  $opv->prop($keyt) );
+        my $value = $DB->get_prop_and_delete('openvpn-bridge', $keyt);
+	next if ( $opv->prop($old2new{$keyt}) );
+        $DB->set_prop('openvpn-bridge', $old2new{$keyt}, $value);
+    }
+}
--- a/root/etc/e-smith/events/actions/openvpn-bridge-jail
+++ b/root/etc/e-smith/events/actions/openvpn-bridge-jail
@ -0,0 +1,6 @@
+#!/bin/bash
+
+#copy any files needed for the jail
+
+#be sure we have the needed timezone
+/bin/cp -L /etc/localtime  /etc/openvpn/bridge/etc
--- a/root/etc/e-smith/events/actions/openvpn-bridge-reload-ccd
+++ b/root/etc/e-smith/events/actions/openvpn-bridge-reload-ccd
@ -0,0 +1,39 @@
+#!/usr/bin/perl -w
+
+
+use esmith::ConfigDB;
+my $config_db = esmith::ConfigDB->open_ro();
+my $db_rules = esmith::ConfigDB->open_ro('openvpn-bridge');
+my @rules = $db_rules->get_all_by_prop(type => 'rule');
+my $netmask = $config_db->get('LocalNetmask')->value;
+my $userAuth = ${'openvpn-bridge'}{userAuth};
+
+my $ccd = "/etc/openvpn/bridge/ccd";
+unlink <$ccd/*>;
+
+foreach (@rules){
+	my $rule = $_->key;
+	my $rec_rule = $db_rules->get("$rule");
+	my $ip = $rec_rule->prop('ip') || '';
+	my $redirectGW = $rec_rule->prop('redirectGW') || 'disabled';
+	my $access = $rec_rule->prop('access') || 'allowed';
+	unless (open (CCD, ">$ccd/$rule")){
+		die "Error opening $ccd/$rule";
+	}
+
+	if ($ip ne ''){
+		print CCD "--ifconfig-push $ip $netmask\n";
+	}
+	else{
+		print CCD "# No fixed IP defined\n";
+	}
+	if ($access eq 'denied'){
+		print CCD "--disable\n";
+	}
+	if ($redirectGW eq 'enabled'){
+		print CCD "push \"redirect-gateway def1\"\n";
+	}
+	close CCD;
+}
+
+
--- a/root/etc/e-smith/events/actions/openvpn-bridge-update-crl
+++ b/root/etc/e-smith/events/actions/openvpn-bridge-update-crl
@ -0,0 +1,29 @@
+#!/bin/bash
+
+URL=$(/sbin/e-smith/db configuration getprop openvpn-bridge CrlUrl)
+DOMAIN=$(/sbin/e-smith/db configuration get DomainName)
+
+/usr/bin/wget $URL -O /tmp/cacrl.pem > /dev/null 2>&1
+
+/usr/bin/openssl crl -inform PEM -in /tmp/cacrl.pem -text > /dev/null 2>&1
+
+if [ "$?" -eq "0" ]; then
+	/bin/mv -f /tmp/cacrl.pem /etc/openvpn/bridge/pub/cacrl.pem > /dev/null 2>&1
+else
+	cat > /tmp/crlmail <<END
+
+An error occured while updating the CRL for OpenVPN-Bridge
+because openssl didn't recognize the file as a valid CRL.
+Below is the copy of the latest CRL downloaded from
+$URL
+
+
+END
+
+	cat /tmp/cacrl.pem >> /tmp/crlmail
+	mail -s 'CRL update failed' admin@$DOMAIN < /tmp/crlmail
+fi
+
+rm -f /tmp/cacrl.pem
+rm -f /tmp/crlmail
+
--- a/root/etc/e-smith/locale/bg/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/bg/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="bg">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Конфигурация на процеса на Bridged OpenVPN</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[Тази страница Ви позволява да управлявате процеса на bridged OpenVPN.<br> Режимът Bridged позволява VPN клиентите да имат IP адрес от локалната мрежа, и така те да имат достъп до всички ресурси в нея.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Състояние на услугата</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Режим на автентикация</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>Обхват от IP адреси</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Управление на конфигурацията на правилата</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Показване на включените клиенти</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Конфигурация на услугата</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Конфигурация на сертификатите</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Състояние на сертификатите</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">Има проблем с конфигурацията на сертификатите, трябва да ги проверите.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Сертификатите са готови</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Само сертификат</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Сертификат с име и парола</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[Тази страница Ви позволява да създадете правила за конфигуриране. В зависимост от сертификата на клиента можете:<br> - Да му дадете фиксиран IP адрес<br> - Да конфигурирате пренасочване на шлюза<br> - Временно да забраните достъпа<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Действащи правила</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>Няма правило]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Добави правило</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Common Name</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>IP адрес</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Коментар</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Пренасочване на шлюза</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Достъп</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Промени</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Премахване</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Динамичен</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Включен</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Изключен</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Позволен</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Забранен</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Създаване или промяна</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Въведете common name. Ако клиент се свърже със сертификати, в които common name съвпадат, ще бъде приложена съответната конфигурация.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Въведете коментар (по желание)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>Ако въведете IP адрес, той винаги ще бъде асоцииран на клиента, свързващ се с този сертификат. Този IP адрес трябва да е от локалната мрежа (но, може да е извън обхвата VPN). Уверете се че този IP адрес не е използван от друг хост в мрежата.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Резервиран IP адрес</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Пренасочването на шлюза ще препрати целия трафик на клиента през VPN. Това може да защити неговите данни, когато се свързват от несигурни мрежи като WiFi hotspots. <b>Внимание</b>: включването тази опция може да намали скоростта на интернет (както за клиента, така и за локалните мрежи)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Пренасочване на шлюза</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>Можете временно да блокирате клиент. Това не осигурява голяма сигурност. Ако искате за постоянно да забраните клиент, трябва да оттеглите (revoke) неговия сертификат.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>Ще премахнете следното правило:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[Тази страница ще Ви покаже свързаните клиенти]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Опресни</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>Възникна грешка при свързване със сървъра. Проверете дали услугата работи.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>Няма клиенти, които са свързани в момента.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>Тази страница в позволява да настройвате услугата</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Искате ли да включите услугата?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Изберете метод на автентикация. "Само сертификат" може да бъде полезно ако искате да свързвате хостове без човешка намеса, но той не предоставя същото ниво на сигурност, което дава "Сертификат с име и парола"</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>Трябва да изберете обхват от IP адреси за VPN клиентите. Този обхват трябва да е от локалната мрежа. Моля, проверете че никой от тези адреси не се използва от друг хост. Въведете началния IP адрес</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>Начален IP адрес</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Въведете последния IP адрес</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Последен IP адрес</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[Тази страница Ви позволява да конфигурирате файловете със сертификати, използвани от процеса на OpenVPN. OpenVPN се нуждае от следните файлове:<br> - Сертификат на издателя (CA). Този сертификат се използва за проверка на сертификатите на клиентите<br> - Сертификат на сървъра. Той ще бъде представен на клиентите, така че те да са сигурни че се свързват към Вашия сървър<br> - Таен ключ, асоцииран със сертификата на сървъра<br> - Файл с параметрите на Diffie-Helman. Той ще позволи динамична обмяна на ключове<br> - Споделен таен ключ. Този ключ ще позволи допълнителна автентикация за TLS<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Въведете основния сертификат във формат PEM</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Въведете сертификата на сървъра във формат PEM</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Въведете тайния ключ, асоцииран със сертификата на сървъра във формат PEM</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Въведете параметрите на Diffie-Helman</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Въведете статичния споделен ключ. Този ключ ще се използва за допълнителна автентикация. Той е по желание, но може да повиши сигурността</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>Новите параметри бяха запазени</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>Трябва да въведете валиден IP адрес</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>Трябва да въведете IP адрес от локалната мрежа</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Покажи работещ файл с конфигурация на клиента</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[Това е примерен конфигурационен файл, който да се ползва от клиентите.<br>Трябва също да свалите и файла със сертификата във формат # PKCS12 (който съдържа сертификата на издателя, сертификата на потребителя и тайния ключ на потребителя).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Реален IP адрес</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP адрес</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Изпратени байтове</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Получени байтове</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Свързан от</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Разкачи</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Некоректна стойност</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Отменено</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans>Ще разкачите този потребител. Искате ли да продължите?</trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>Клиентът беше разкачен</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" съдържа забранени символи</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">Услугата bridge трябва да бъде включена.<br>Следните команди ще я включат:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" не е валиден URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Въведете URL за актуализация на CRL. (ако phpki работи на същия сървър, можете да оставите стандартната стойност)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL за актуализация на CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>Сертификат на удостоверителя (CA)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Сертификат на сървъра</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Частен ключ на сървъра</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH параметри</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Статичен ключ</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC е част от кодирането на канала за данни на openvpn (където пътуват данните) след кодирането със шифъра. Стандартен е несигурния SHA1, предлагаме Ви да ползват поне SHA256. Тази настройка трябва да е еднаква на сървъра и клиента</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC алгоритъм</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>Шифърът, използван за канала с данни за openvpn. Стандартно се използва несигурния алгоритъм BlowFish. Предлагаме Ви да ползвате AES-128-CBC или по-висок. Тази настройка трябва да е еднаква за сървъра и клиента.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Алгоритъм на шифъра за кодиране</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>Състояние на връзката</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Горе</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd отговаря че услугата е</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Моля, променете несигурния параметър</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Предложена стойност</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Стандартно</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Грешка</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/da/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/da/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="da">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Konfiguration af OpenVPN daemon</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[På denne side kan du administrere bridged OpenVPN daemon.<br> Bridged mode tillader VPN klienter at have en IP adresse på det lokale netværk, og dermed adgang til alle ressourcer på det lokale netværk.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Service status</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Autentificeringsmetode</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP-adresseområde</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Administrer konfigurationsregler</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Vis tilsluttede klienter</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Opsætning af service</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Opsætning af certifikater</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Status på certifikater</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">Der er et problem med opsætningen af dine certifikater, du bør kontrollere opsætning.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certifikater er klar til brug</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Kun certifikat</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certifikat og login/adgangskode</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[På denne side kan du danne konfigurations-"regler". Afhængig af klientens certifikat kan du:<br> - Give ham en fast IP addresse<br> - Konfigure gatewayens viderestilling<br> - Midlertidigt nægte adgang<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Aktuel regel</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>Der er ingen regel]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Tilføj en regel</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Common name</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>IP-adresse</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Kommentar</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway omadressering</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Adgang</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Ændre</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Fjern</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dynamisk</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Aktiveret</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Deaktiveret</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Tilladt</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Blokeret</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Oprette eller ændre</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Angiv et 'common name'. Hvis en klient tilslutter med et certifikat som har dette 'common name', vil den tilsvarende opsætnig blive anvendt.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Tilføj en kommentar (valgfri)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>Angiver du en IP adresse, vil den blive anvendt til den klient som tilslutter sig med dette certifikat. Denne IP adresse skal være i dit lokale net (men må gerne være udenfor VPN-området). Du skal sikre at IP-adressen ikke anvendes af en anden vært på dit net.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Reserveret IP-adresse</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway omadressering vil viderestille alle dine klienters trafik over VPN. Det kan beskytte deres data når de tilslutter fra usikre net so WIFI hotspots. <b>Advarsel</b>: aktivering af denne mulighed kan sløve internetadgangen (for for såvel klienter som dine lokale net)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway omadressering</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>Du kan blokkere en klient midlertidigt. Dette tilbyder ikke nogen stærk sikkerhed. Ønsker du at nægte en klient permanet, bør du tilbagekalde det tilsvarende certifikatet.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>Du er ved at fjerne følgende regel:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[Denne side viser de aktuelt tilsluttede klienter]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Genopfrisk</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>Fejl under forsøg på at forbinde til manager. Kontroller at tjenesten kører.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>Der er aktuelt ikke tilsluttet nogen klienter.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>På denne side kan du opsætte tjenesten</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Ønsker du at aktivere tjenesten?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Vælg formen for autentificering. "Kun certifikat" er anvendelig hvis du ønsker at forbinde værter uden menneskelig indblanden, men der ydes ikke samme sikkerhed som ved "Certifikat og brugernavn/adgangskode"</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>Du skal vælge et IP-adresseområde til VPN-klienter. Området skal ligge indenfor det lokale net. Sørg for at ingen IP-adresser i dette område bliver brugt af andre værter. Angiv den første IP-adresse</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>Første IP-adresse</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Angiv sidste IP-adresse</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Sidste IP-adresse</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[På denne side kan du konfigure certifikationsfilerne som bruges af OpenVPN daemon. OpenVPN skal bruge følgende filer:<br> - Et certificeringscenter (CA). Dette certifikat bruges til at kontrollere brugercertifikater<br> - Et server certifikat. Det vil blive præsenteret for brugeren så de er sikre på, at de forbinder til din server<br> - Den hemmelige nøgle tilknyttet servercertifikatet<br> - En Diffie-Helman parameter fil. Den vil tillade dynamisk nøgleudveksling<br> - En fælles hemmelig nøgle. Denne nøgle giver mulighed for ekstra TLS autencitet<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Indtast master certifikat i PEM format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Indtast server certifikat i PEM format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Indtast server certifikatets hemmelige nøgle i PEM format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Indtast Diffie-Helman parametre</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Indtast den statiske fælles nøgle. Denne nøgle vil blive brugt som supplerende autentificering. Nøglen er valgfri, men kan bruges til at højne sikkerheden</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>De nye indstillinger er gemt</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>Indtast et gyldigt IP nummer</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>Indtast et IP nummer fra det lokale netværk</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Vis en fungerende klientkonfigurationsfil</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[Dette er et eksempel på en konfigurationsfil til klienter.<br>Du må også downloade certifikatet i # PKCS12 format (som indeholder CA certifikatet, brugercertifikatet og brugerens hemmelige nøgle).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Reel IP adresse</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP adresse</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bytes sendt</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bytes modtaget</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Tilsluttet siden</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Afbryd</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Fejl i værdi</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Fortryd</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans>Du er ved at afbryde forbindelsen for denne bruger. Er du sikker?</trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>Klientens forbindelse er afbrudt</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" indeholder ugyldige karakterer</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">Bridge service skal være startet.<br>Følgende kommando vil starte bridge service:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" er ikke en gyldig URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Indtast URL til at opdatere CRL. (hvis phpki ligger på den samme server, kan du bruge default værdien)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL til at opdatere CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA certifikat</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Server certifikat</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Servers hemmelige nøgle</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH parametre</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Statisk nøgle</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>algoritme</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>Status på Mailman</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemtjenester</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Nuværende værdi</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>standard</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Fejl</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/de/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/de/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="de">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Konfiguration von Bridged-OpenVPN-Dämon</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[ Auf dieser Seite können Sie einen Bridged-OpenVPN-Dämon verwalten.<br>Der Bridge-Modus erlaubt VPN-Clients, eine IP-Adresse aus dem lokalen Netzwerk zu erhalten und damit Zugriff auf alle Ressourcen Ihres lokalen Netzwerks zu erlangen<br><br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Status des Dienstes</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Authentifizierungsmodus</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP-Adressbereich</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Verwaltung der Konfigurationsregeln</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Verbundene Clients anzeigen</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Konfiguration des Dienstes</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Zertifikat-Konfiguration</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Zertifikate-Status</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">Es gibt ein Problem mit der Konfiguration Ihrer Zertifikate, Sie sollten diese überprüfen.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Zertifikate sind bereit</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Nur Zertifikat</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Zertifikat und Login/Passwort</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[ Auf dieser Seite können Sie "Regeln" konfigurieren. Abhängig vom Zertifikat eines Clients können Sie:<br> - Diesem eine feste IP-Adresse zuweisen<br> - Gateway Redirection konfigurieren<br> - Temporär den Zugriff verweigern<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Aktuelle Regeln</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>Es gibt keine Regel]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Regel hinzufügen</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Common Name</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>IP-Adresse</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Kommentar</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway Redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Zugriff</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Ändern</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Entfernen</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dynamisch</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Aktiviert</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Deaktiviert</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Erlaubt</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Verboten</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Erstellen oder ändern</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Geben Sie einen Common Name ein. Wenn sich ein Client mit einem Zertifikat verbindet, das den gleichen Common Name besitzt wird die zugehörige Konfiguration angewendet.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Geben Sie einen Kommentar ein (optional)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>Wenn Sie eine IP-Adresse angeben wird diese immer dem Client zugewiesen, der sich mittels dieses Zertifikats verbindet. Diese IP-Adresse muss aus Ihrem lokalen Netzwerk stammen (aber darf sich ausserhalb des VPN-Bereichs befinden). Stellen Sie sicher, dass diese IP nicht von einem anderen Rechner in Ihrem Netzwerk verwendet wird.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Reservierte IP-Adresse</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[ Mit Gateway Redirection wird sämtlicher Datenverkehr Ihrer Clients durch die VPN weitergeleitet. Dies kann die Daten der Clients schützen wenn sich diese von unsicheren Netzwerken wie z.B. öffentlichen WLAN-Hotspots aus verbinden. <b>Warnung</b>: Das Aktivieren dieser Option kann Ihren Internetzugang verlangsamen (sowohl für die Clients als auch für lokale Netzwerke) ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway Redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>Sie können einen Client temporär blockieren. Dies stellt keine starke Sicherheitsmaßnahme dar. Wenn Sie einen Client dauerhaft blockieren wollen sollten Sie dessen Zertifikat zurückziehen (revoke).</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>Sie sind dabei, die folgende Regel zu entfernen:</b> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[Diese Seite wird Ihnen die aktuell verbundenen Clients anzeigen]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Aktualisieren</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[ Beim Verbinden mit dem Manager ist ein Fehler aufgetreten. Prüfen Sie, ob der Dienst läuft. ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>Zur Zeit ist kein Client verbunden.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>Auf dieser Seite können Sie den Dienst konfigurieren</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Wollen Sie den Dienst aktivieren?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Wählen Sie einen Authentifizierungsmodus. "Nur Zertifikat" kann nützlich sein, wenn Sie Rechner ohne menschliches Zutun verbinden müssen, bietet aber nicht das gleiche Maß an Sicherheit wie "Zertifikat und Login/Passwort"</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>Sie müssen einen IP-Adressbereich für die VPN-Clients auswählen. Der Bereich muss sich innerhalb des lokalen Netzwerks befinden. Bitte stellen Sie sicher, dass keine IP-Adresse innerhalb dieses Bereichs bereits von einem anderen Rechner verwendet wird. Geben Sie die erste IP-Adresse des Bereichs an</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>Erste IP-Adresse</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Geben Sie die letzte IP-Adresse an</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Letzte IP-Adresse</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[ Auf dieser Seite können Sie die Zertifikatsdateien konfigurieren, die vom OpenVPN-Daemon verwendet werden. OpenVPN benötigt die folgenden Dateien:<br> - Ein authoritatives Zertifikat (CA). Dieses Zertifikat wird dazu verwendet, die Client-Zertifikate zu überprüfen<br> - Ein Server-Zertifikat. Dieses wird an den Client gesendet, damit dieser sicher sein kann ,dass er sich mit Ihrem Server verbindet<br> - Eine Diffie-Hellman-Parameter-Datei. Diese ermöglicht einen dynamischen Schlüsselaustausch<br> - Einen geteilten geheimen Schlüssel. Dieser Schlüssel erlaubt eine zusätzliche Authentifizierung mittels TLS Authentifizierung<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Geben Sie das Master-Zertifikat im PEM-Format ein</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Geben Sie das Server-Zertifikat im PEM-Format ein</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Geben Sie den zum Server-Zertifikat gehörigen geheimen Schlüssel im PEM-Format ein</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Geben Sie die Diffie-Hellman-Parameter ein</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Geben Sie den statischen geteilten Schlüssel ein. Dieser Schlüssel wird für eine zusätzliche Authentifizierung verwendet. Dieser Schlüssel ist optional, bietet aber einen Zugewinn an Sicherheit</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>Die neuen Einstellungen wurden gespeichert</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>Sie müssen eine gültige IP angeben</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>Sie müssen eine IP-Adresse aus Ihrem lokalen Netzwerk angeben</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Zeige eine funktionierende Client-Konfigurationsdatei an</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[ Dies ist eine Beispiel-Konfigurationsdatei die auf Clients verwendet werden kann.<br> Sie müssen ebenfalls die Zertifikatsdatei im # PKCS12-Format herunterladen (diese enthält das CA-Zertifikat, das Benutzerzertifikat und den geheimen Schlüssel des Benutzers). <br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Reale IP-Adresse</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN-IP-Adresse</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Gesendete Bytes</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Empfangene Bytes</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Verbunden seit</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Trennen</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Ungültiger Wert</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Abgebrochen</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans>Sie sind dabei, diesen Benutzer zu trennen. Sind Sie sicher dass Sie fortfahren möchten?</trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>Der Client wurde getrennt</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" enthält nicht erlaubte Zeichen</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">Der Bridge-Dienst muss aktiviert sein.<br>Mit folgenden Befehlen können Sie ihn aktivieren:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" ist keine gültige URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Geben Sie die URL für die Aktualisierung der CRL ein (wenn phpki auf dem selben Server läuft können Sie die Standardeinstellung belassen)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL für die Aktualisierung der CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA-Zertifikat</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Server-Zertifikat</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Privater Schlüssel des Servers</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH-Parameter</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Statischer Schlüssel</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>Algorithmus</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>Anmeldestatus</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>System Dienste</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Aktueller Wert</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Fehler</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Fehler</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/el/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/el/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="el">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Bridged OpenVPN daemon configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[This page lets you manage a bridged OpenVPN daemon.<br> Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Service Status</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Authentication mode</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP Address range</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Configuration rules management</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Display connected clients</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Service configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Certificates configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Certificates status</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">There's a problem with the configuration of your certificates, you should check it.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificates are ready</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Certificate only</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificate and login/password</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[This page lets you create configuration "rules". Depending on the certificate of a client, you can:<br> - Give him a fixed IP address<br> - Configure the gateway redirection<br> - Temporarily denied the access<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actual rules</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>There's no rule]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Add a rule</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Common Name</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>Διεύθυνση IP</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Σχόλιο</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway Redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Πρόσβαση</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Τροποποίηση</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Διαγραφή</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dynamic</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Ενεργοποιήθηκε</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Απενεργοποιημένος/η/ο</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Allowed</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Denied</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Create or modify</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Enter a comment (Optional)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Reserved IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway redirection will forward all your client's traffic throught the VPN. This can protect their data when they connects from unsecure networks like WiFi hotspots. <b>Warning</b>: enabling this option can slow down your internet access (for both your client and your local networks)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>You are about to remove the following rule:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[This page will show you actually connected clients]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Refresh</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>An error occured while connecting to the manager. Check the service is running.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>There's no client connected at this time.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>This page lets you configure the service</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Do you want to enable the service?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>First IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Enter the last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[This page lets you configure the certification files used by OpenVPN daemon. OpenVPN needs the following files:<br> - An authoritative certificate (CA). This certificate is used to check the clients certificates<br> - A server certificate. It will be presented to the client so they are sure they are connecting to your server<br> - The secret key associated with the server certificate<br> - A Diffie-Helman parameter file. It will allow dynamic key exchange<br> - A shared secret key. This key will allow an additional TLS authentication<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Enter the master certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Enter the server certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Enter the secret key associated with the server certificate, in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Enter Diffie-Helman parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>The new settings have been saved</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>You have to enter a valid IP number</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>You have to enter an IP address in your local network</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Display a functional client configuration file</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[This is a sample configuration file to be used on clients.<br>You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Real IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bytes sent</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bytes received</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Connected since</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Disconnect</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Incorrect value</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Cancelled</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans><![CDATA[ Πρόκειται να διαγράψετε το ψευδώνυμο:<br> <b>Είστε σίγουροι ότι επιθυμείτε να συνεχίσετε;</b> ]]></trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>The client has been disconnected</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" contains forbiden characters</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">The bridge service must be enabled.<br>The following commands will enable it:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" isn't a valid URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL to update the CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Server certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Server private key</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Static key</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>Κατάσταση σύνδεσης</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Τρέχουσα τιμή</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Προεπιλογή</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Σφάλμα</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,468 @@
+<lexicon lang="en-us">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Bridged OpenVPN daemon configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[This page lets you manage a bridged OpenVPN daemon.<br>
+Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Service Status</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Authentication mode</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP Address range</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Configuration rules management</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Display connected clients</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Service configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Certificates configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Certificates status</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">There's a problem with the configuration of your certificates, you should check it.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificates are ready</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Certificate only</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificate and login/password</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[This page lets you create configuration "rules". Depending on the certificate of a client, you can:<br>
+- Give him a fixed IP address<br>
+- Configure the gateway redirection<br>
+- Temporarily denied the access<br>
+]]>
+</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actual rules</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>There's no rule]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Add a rule</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Common Name</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Comment</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway Redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Access</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Modify</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Remove</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dynamic</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Enabled</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Disabled</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Allowed</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Denied</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Create or modify</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Enter a comment (Optional)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Reserved IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway redirection will forward all your client's traffic throught the VPN. This can protect their data when they connects from unsecure networks like WiFi hotspots.
+<b>Warning</b>: enabling this option can slow down your internet access (for both your client and your local networks)]]>
+		</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate.
+		</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>You are about to remove the following rule:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[This page will show you actually connected clients]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Refresh</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>An error occured while connecting to the manager. Check the service is running.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>There's no client connected at this time.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>This page lets you configure the service</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Do you want to enable the service?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check 
+that none IP address in this range is used by another host. Enter the first IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>First IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Enter the last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[This page lets you configure the certification files used by OpenVPN daemon. OpenVPN needs the following files:<br>
+- An authoritative certificate (CA). This certificate is used to check the clients certificates<br>
+- A server certificate. It will be presented to the client so they are sure they are connecting to your server<br>
+- The secret key associated with the server certificate<br>
+- A Diffie-Helman parameter file. It will allow dynamic key exchange<br>
+- A shared secret key. This key will allow an additional TLS authentication<br>]]>
+		</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Enter the master certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Enter the server certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Enter the secret key associated with the server certificate, in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Enter Diffie-Helman parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>The new settings have been saved</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>You have to enter a valid IP number</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>You have to enter an IP address in your local network</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Display a functional client configuration file</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[This is a sample configuration file to be used on clients.<br>You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Real IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bytes sent</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bytes received</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Connected since</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Disconnect</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Incorrect value</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Cancelled</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans>You are going to diconnect this user. Are you sure you want to continue?</trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>The client has been disconnected</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" contains forbiden characters</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">The bridge service must be enabled.<br>The following commands will enable it:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" isn't a valid URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL to update the CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Server certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Server private key</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Static key</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>Link status</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Sugested value</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Default</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Error</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/es/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/es/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="es">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Bridged OpenVPN daemon configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[This page lets you manage a bridged OpenVPN daemon.<br> Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Estado del Servicio</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Authentication mode</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP Address range</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Configuration rules management</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Display connected clients</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Service configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Certificates configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Certificates status</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">There's a problem with the configuration of your certificates, you should check it.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificates are ready</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Certificate only</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificate and login/password</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[This page lets you create configuration "rules". Depending on the certificate of a client, you can:<br> - Give him a fixed IP address<br> - Configure the gateway redirection<br> - Temporarily denied the access<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actual rules</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>There's no rule]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Add a rule</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Nombre Común</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>Dirección IP</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Comentario</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Pasarela de Redirección</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Acceso</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Modificar</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Eliminar</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dinámico</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Habilitado</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Deshabilitado</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Permitido</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Denegado</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Create or modify</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Introduzca un nombre común. Si un cliente conecta con un certificado que tiene éste nombre común, entonces se aplicará la configuración correspondiente.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Introducir un comentario (Opcional)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Reserved IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway redirection will forward all your client's traffic throught the VPN. This can protect their data when they connects from unsecure networks like WiFi hotspots. <b>Warning</b>: enabling this option can slow down your internet access (for both your client and your local networks)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>You are about to remove the following rule:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[This page will show you actually connected clients]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Recargar</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>An error occured while connecting to the manager. Check the service is running.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>There's no client connected at this time.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>This page lets you configure the service</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>¿ Desea reenviar estos correos ?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>First IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Introduzca la última dirección IP</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[This page lets you configure the certification files used by OpenVPN daemon. OpenVPN needs the following files:<br> - An authoritative certificate (CA). This certificate is used to check the clients certificates<br> - A server certificate. It will be presented to the client so they are sure they are connecting to your server<br> - The secret key associated with the server certificate<br> - A Diffie-Helman parameter file. It will allow dynamic key exchange<br> - A shared secret key. This key will allow an additional TLS authentication<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Enter the master certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Enter the server certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Enter the secret key associated with the server certificate, in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Enter Diffie-Helman parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>The new settings have been saved</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>You have to enter a valid IP number</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>You have to enter an IP address in your local network</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Mostrar un archivo de configuración funcional de cliente</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[This is a sample configuration file to be used on clients.<br>You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Real IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bytes sent</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bytes received</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Connected since</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Desconectar</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Incorrect value</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Cancelled</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans><![CDATA[ Esta usted a punto de eliminar el seudónimo:<br> <b>¿Está seguro de que desea continuar?</b> ]]></trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>The client has been disconnected</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" contains forbiden characters</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">The bridge service must be enabled.<br>The following commands will enable it:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" isn't a valid URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL to update the CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Server certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Server private key</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Static key</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>algoritmo</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>estado de la sesión</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Valor actual</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Predeterminado</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Error</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/et/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/et/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="et">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Bridged OpenVPN daemon configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[This page lets you manage a bridged OpenVPN daemon.<br> Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Service Status</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Authentication mode</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP Address range</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Configuration rules management</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Display connected clients</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Service configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Certificates configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Certificates status</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">There's a problem with the configuration of your certificates, you should check it.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificates are ready</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Certificate only</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificate and login/password</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[This page lets you create configuration "rules". Depending on the certificate of a client, you can:<br> - Give him a fixed IP address<br> - Configure the gateway redirection<br> - Temporarily denied the access<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actual rules</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>There's no rule]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Add a rule</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Common Name</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>IP aadress</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Kommentaar</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway Redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Juurdepääs</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Muuda</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Eemalda</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dynamic</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Lubatud</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Keelatud</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Allowed</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Denied</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Create or modify</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Enter a comment (Optional)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Reserved IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway redirection will forward all your client's traffic throught the VPN. This can protect their data when they connects from unsecure networks like WiFi hotspots. <b>Warning</b>: enabling this option can slow down your internet access (for both your client and your local networks)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>You are about to remove the following rule:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[This page will show you actually connected clients]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Värskenda</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>An error occured while connecting to the manager. Check the service is running.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>There's no client connected at this time.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>This page lets you configure the service</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Do you want to enable the service?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>First IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Enter the last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[This page lets you configure the certification files used by OpenVPN daemon. OpenVPN needs the following files:<br> - An authoritative certificate (CA). This certificate is used to check the clients certificates<br> - A server certificate. It will be presented to the client so they are sure they are connecting to your server<br> - The secret key associated with the server certificate<br> - A Diffie-Helman parameter file. It will allow dynamic key exchange<br> - A shared secret key. This key will allow an additional TLS authentication<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Enter the master certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Enter the server certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Enter the secret key associated with the server certificate, in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Enter Diffie-Helman parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>The new settings have been saved</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>You have to enter a valid IP number</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>You have to enter an IP address in your local network</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Display a functional client configuration file</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[This is a sample configuration file to be used on clients.<br>You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Real IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bytes sent</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bytes received</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Connected since</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Disconnect</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Incorrect value</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Cancelled</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans><![CDATA[ Oled alustanud aliase eemaldamist:<br> <b>Oled kindel, et tahad jätkata?</b> ]]></trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>The client has been disconnected</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" contains forbiden characters</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">The bridge service must be enabled.<br>The following commands will enable it:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" isn't a valid URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL to update the CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Server certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Server private key</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Static key</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>logimise staatus</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Hetke väärtus</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Vaikimisi</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Viga</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="fr">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Configuration du démon OpenVPN en mode Bridge</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[Cette page vous permet de gérer votre serveur OpenVPN en mode bridge.<br> Le mode permet à vos clients d'obtenir une adresse IP sur le réseau interne, et ainsi d'accéder à toutes les ressources normalement réservées aux utilisateurs internes.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>État du service</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Mode d'authentification</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>Plage d'adresses IP</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Gestion des règles de configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Afficher les clients connectés</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Configuration du service</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Configuration des certificats</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>État des certificats</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">La configuration des certificats ne semble pas correct, veuillez la vérifier.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Les certificats sont en place</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Certificat uniquement</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificat et nom d'utilisateur/mot de passe</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[Cette page vous permet de créer des "règles" de configuration. Vous pouvez ainsi, en fonction du certificat présenté à la connexion :<br> - Attribuer une adresse IP fixe<br> - Configurer la redirection de passerelle<br> - Bloquer temporairement l'accès<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Règles actuelles</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>Il n'y a aucune règle définie]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Ajouter une règle</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Nom Commun</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>Adresse IP</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Commentaire</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Redirection de passerelle</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Accès</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Modifier</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Supprimer</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dynamique</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Activé</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Désactivé</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Autorisé</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Refusé</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Créer ou modifier</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Entrez un nom commun. Si un client présente un certificat portant ce nom commun, la configuration correspondante sera appliquée.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Entrez un commentaire (optionnel)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>Si vous entrez une adresse IP, elle sera toujours affectée au client présentant ce certificat. L'adresse doit faire partie du réseau local (mais peut être en dehors de l'intervalle VPN). Assurez-vous que cette adresse n'est pas utilisée par une autre machine de votre réseau.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Adresse IP réservée</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[La redirection de passerelle redirigera tout le trafic des clients à travers le VPN. Cela permet de protéger les données lorsque les clients se connectent depuis des réseaux non sécurisés comme des points d'accès WiFi. <b>Attention :<b> l'activation de cette option peut ralentir votre accès internet (à la fois pour votre client, et pour vos réseaux locaux)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Redirection de passerelle</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>Vous pouvez bloquer un client de façon temporaire. Ce blocage n'offre pas une sécurité forte. Si vous voulez bloquer un client de façon permanente, il est conseillé de révoquer son certificat.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>Vous êtes sur le point de supprimer la règle suivante :</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[Cette page vous permet de voir les clients effectivement connectés]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Rafraîchir</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>Une erreur est survenue lors de la connexion à l'interface de contrôle. Vérifiez que le service est activé.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>Il n'y a aucun client connecté actuellement.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>Cette page vous permet de configurer le service</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Voulez-vous activer le service ?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Choisissez le mode d'authentification des clients. Le mode "certificat uniquement" peut être utile si vous avez besoin de connecter certaines machines sans intervention humaine, mais il n'offre pas la même sécurité que le mode "certificat et nom d'utilisateur/mot de passe"</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>Vous devez choisir une plage d'adresses IP pour les clients VPN. Cette plage doit faire partie du réseau local. Vérifier qu'aucune adresse parmi cette plage n'est utilisée par une autre machine. Entrez ici l'adresse du début de la plage</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>Adresse IP de début</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Entrez l'adresse IP de fin de plage</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Adresse IP de fin</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[Cette page vous permet de configurer les certificats utilisés par le démon OpenVPN. Pour fonctionner, OpenVPN a besoin des fichiers suivants :<br> - Un certificat d'une autorité de certification (CA). C'est lui qui permettra de vérifier que les clients sont de confiance<br> - Un certificat serveur. C'est lui qui sera présenté aux clients<br> - Une clef secrète associée au certificat du serveur<br> - Un fichier de paramètre Diffie-Helman. Il permettra l'échange de clef de session<br> - Une clef partagée. Cette clef permet d'utiliser une authentification TLS supplémentaire<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Copiez ici le certificat de l'autorité de certification (cacert.pem) au format pem</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Copiez ici le certificat du serveur au format pem</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Copiez ici la clef secrète associée au certificat ci-dessus, au format pem</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Copiez ici les paramètres Diffie-Helman</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Copiez ici la clef statique partagée. Cette clef sera utilisée pour une authentification supplémentaire. Cette clef est optionnelle mais elle peut renforcer la sécurité</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>Les nouveaux paramètres ont été appliqués avec succès</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>Veuillez entrer une adresse IP valide</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>Vous devez entrez une adresse IP de votre réseau local</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Afficher un fichier de configuration client fonctionnel</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[Ceci est un exemple de fichier de configuration sur les postes clients. <br>Vous devez également télécharger sur le poste du client le fichier de certification au format #PKCS12 (qui comprend le certificat de l'AC, le certificat utilisateur et la clef privée de l'utilisateur).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Adresse IP réelle</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>Adresse IP VPN</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bits envoyés</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bits reçus</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Connecté depuis</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Déconnecter</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Valeur incorrecte</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Annulé</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans>Vous êtes sur le point de déconnecter cet utilisateur. Êtes-vous sûre de vouloir le faire ?</trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>Le client a été déconnecté</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" comporte des caractères non autorisés</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">Le service bridge doit être activé.<br> Les commandes suivantes permettrons de l'activer :<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" n'est pas une URL valide</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Entrez ici l'URL de mise à jour de la CRL. (Si phpki est installé sur la même machine, vous pouvez laisser la valeur par défaut)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL de mise à jour de la CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>Certificat de l'AC (autorité de certification)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Certificat du serveur</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Clef privée du serveur</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>Paramètres DH</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Clef statique</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC fait partie du cryptage du canal de données pour openvpn (où vos données voyagent) après cryptage avec le chiffrement. La valeur par défaut est le SHA1 non sécurisé, nous vous suggérons d'utiliser au moins SHA256. Ce paramètre doit correspondre à la fois sur le serveur et le client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>Algorithme HMAC</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>Le chiffrement (cipher) utilisé pour votre canal de données pour openvpn. La valeur par défaut est d'utiliser l'algorithme BlowFish non sécurisé. Nous vous suggérons l'AES-128-CBC ou supérieur. Ce paramètre doit correspondre à la fois sur le serveur et sur le client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Algorithme de cryptage par chiffrement</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>Statut de connexion</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>En ligne</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd montre le service comme </trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Veuillez modifier ce paramètre non sécurisé</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Valeur suggérée</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Par défaut</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Erreur</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/he/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/he/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="he">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Bridged OpenVPN daemon configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[This page lets you manage a bridged OpenVPN daemon.<br> Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Service Status</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Authentication mode</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP Address range</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Configuration rules management</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Display connected clients</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Service configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Certificates configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Certificates status</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">There's a problem with the configuration of your certificates, you should check it.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificates are ready</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Certificate only</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificate and login/password</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[This page lets you create configuration "rules". Depending on the certificate of a client, you can:<br> - Give him a fixed IP address<br> - Configure the gateway redirection<br> - Temporarily denied the access<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actual rules</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>There's no rule]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Add a rule</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Common Name</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>כתובת IP</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Comment</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway Redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Access</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>שנה</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>הסרה</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dynamic</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Enabled</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Disabled</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Allowed</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Denied</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Create or modify</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Enter a comment (Optional)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Reserved IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway redirection will forward all your client's traffic throught the VPN. This can protect their data when they connects from unsecure networks like WiFi hotspots. <b>Warning</b>: enabling this option can slow down your internet access (for both your client and your local networks)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>You are about to remove the following rule:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[This page will show you actually connected clients]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>רענון</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>An error occured while connecting to the manager. Check the service is running.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>There's no client connected at this time.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>This page lets you configure the service</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Do you want to enable the service?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>First IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Enter the last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[This page lets you configure the certification files used by OpenVPN daemon. OpenVPN needs the following files:<br> - An authoritative certificate (CA). This certificate is used to check the clients certificates<br> - A server certificate. It will be presented to the client so they are sure they are connecting to your server<br> - The secret key associated with the server certificate<br> - A Diffie-Helman parameter file. It will allow dynamic key exchange<br> - A shared secret key. This key will allow an additional TLS authentication<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Enter the master certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Enter the server certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Enter the secret key associated with the server certificate, in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Enter Diffie-Helman parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>The new settings have been saved</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>You have to enter a valid IP number</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>You have to enter an IP address in your local network</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Display a functional client configuration file</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[This is a sample configuration file to be used on clients.<br>You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Real IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bytes sent</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bytes received</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Connected since</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Disconnect</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Incorrect value</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Cancelled</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans>You are going to diconnect this user. Are you sure you want to continue?</trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>The client has been disconnected</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" contains forbiden characters</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">The bridge service must be enabled.<br>The following commands will enable it:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" isn't a valid URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL to update the CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Server certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Server private key</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Static key</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>מצב חיבור</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>ערך נוכחי</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>ברירת מחדל</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>שגיאה</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/hu/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/hu/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="hu">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Bridged OpenVPN daemon configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[This page lets you manage a bridged OpenVPN daemon.<br> Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Service Status</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Authentication mode</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP Address range</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Configuration rules management</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Display connected clients</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Service configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Certificates configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Certificates status</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">There's a problem with the configuration of your certificates, you should check it.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificates are ready</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Certificate only</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificate and login/password</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[This page lets you create configuration "rules". Depending on the certificate of a client, you can:<br> - Give him a fixed IP address<br> - Configure the gateway redirection<br> - Temporarily denied the access<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actual rules</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>There's no rule]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Add a rule</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Common Name</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>IP cím</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Megjegyzés</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway Redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Hozzáférés</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Módosítás</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Eltávolít</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dinamikus</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Engedélyezve</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Letiltva</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Allowed</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Denied</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Create or modify</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Enter a comment (Optional)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Reserved IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway redirection will forward all your client's traffic throught the VPN. This can protect their data when they connects from unsecure networks like WiFi hotspots. <b>Warning</b>: enabling this option can slow down your internet access (for both your client and your local networks)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>You are about to remove the following rule:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[This page will show you actually connected clients]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Frissítés</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>An error occured while connecting to the manager. Check the service is running.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>There's no client connected at this time.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>This page lets you configure the service</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Do you want to enable the service?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>First IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Enter the last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[This page lets you configure the certification files used by OpenVPN daemon. OpenVPN needs the following files:<br> - An authoritative certificate (CA). This certificate is used to check the clients certificates<br> - A server certificate. It will be presented to the client so they are sure they are connecting to your server<br> - The secret key associated with the server certificate<br> - A Diffie-Helman parameter file. It will allow dynamic key exchange<br> - A shared secret key. This key will allow an additional TLS authentication<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Enter the master certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Enter the server certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Enter the secret key associated with the server certificate, in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Enter Diffie-Helman parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>The new settings have been saved</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>You have to enter a valid IP number</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>You have to enter an IP address in your local network</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Display a functional client configuration file</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[This is a sample configuration file to be used on clients.<br>You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Real IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bytes sent</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bytes received</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Connected since</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Bontás</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Incorrect value</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Cancelled</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans><![CDATA[ Ezen fedőnév eltávolítására készül:<br> <b>Biztos hogy folytatja?</b> ]]></trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>The client has been disconnected</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" contains forbiden characters</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">The bridge service must be enabled.<br>The following commands will enable it:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" isn't a valid URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL to update the CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Server certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Server private key</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Static key</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>bejelentkezési állapot</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Érvényes érték</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Alapértelmezett</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Hiba</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/id/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/id/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="id">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Bridged OpenVPN daemon configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[This page lets you manage a bridged OpenVPN daemon.<br> Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Service Status</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Authentication mode</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP Address range</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Configuration rules management</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Display connected clients</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Service configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Certificates configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Certificates status</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">There's a problem with the configuration of your certificates, you should check it.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificates are ready</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Certificate only</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificate and login/password</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[This page lets you create configuration "rules". Depending on the certificate of a client, you can:<br> - Give him a fixed IP address<br> - Configure the gateway redirection<br> - Temporarily denied the access<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actual rules</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>There's no rule]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Add a rule</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Common Name</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>Alamat IP</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Komentar</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway Redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Akses</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Ubah</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Hapus</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dynamic</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Enabled</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Disabled</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Allowed</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Denied</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Create or modify</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Enter a comment (Optional)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Reserved IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway redirection will forward all your client's traffic throught the VPN. This can protect their data when they connects from unsecure networks like WiFi hotspots. <b>Warning</b>: enabling this option can slow down your internet access (for both your client and your local networks)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>You are about to remove the following rule:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[This page will show you actually connected clients]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Refresh</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>An error occured while connecting to the manager. Check the service is running.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>There's no client connected at this time.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>This page lets you configure the service</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Do you want to enable the service?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>First IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Enter the last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[This page lets you configure the certification files used by OpenVPN daemon. OpenVPN needs the following files:<br> - An authoritative certificate (CA). This certificate is used to check the clients certificates<br> - A server certificate. It will be presented to the client so they are sure they are connecting to your server<br> - The secret key associated with the server certificate<br> - A Diffie-Helman parameter file. It will allow dynamic key exchange<br> - A shared secret key. This key will allow an additional TLS authentication<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Enter the master certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Enter the server certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Enter the secret key associated with the server certificate, in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Enter Diffie-Helman parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>The new settings have been saved</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>You have to enter a valid IP number</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>You have to enter an IP address in your local network</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Display a functional client configuration file</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[This is a sample configuration file to be used on clients.<br>You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Real IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bytes sent</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bytes received</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Connected since</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Disconnect</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Incorrect value</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Cancelled</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans><![CDATA[ Anda akan menghapus pseudonym:<br> <b>Anda yakin ingin melanjutkan?</b> ]]></trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>The client has been disconnected</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" contains forbiden characters</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">The bridge service must be enabled.<br>The following commands will enable it:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" isn't a valid URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL to update the CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Server certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Server private key</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Static key</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>Link status</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Nilai sekarang</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Default</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Kesalahan</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/it/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/it/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="it">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Configurazione del daemon per bridged OpenVPN</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[Questa scheda consente di gestire il daemon OpenVPN su una connessione bridged.<br> La modalità Bridged consente ai client VPN di ottenere un indirizzo IP sulla rete locale, garantendo così l'accesso a tutte le risorse della rete locale.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Stato servizio</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Modalità di autenticazione</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>Intervallo indirizzi IP</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Gestione delle regole di configurazione</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Mostra i client connessi</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Configurazione servizio</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Configurazione certificati</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Stato dei certificati</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">Si è verificato un problema dei tuoi certificati; controllali.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">I certificati sono pronti</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Solo certificato</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificato e login/password</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[Questa scheda consente la creazione di "regole" di configurazione. In funzione del certificato del client, è possibile:<br> - Assegnare un indirizzo IP fisso<br> - Configurare il reindirizzamento del gateway<br> - Negare temporaneamente l'accesso<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Regole effettive</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>Non ci sono regole]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Aggiungi una regola</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>"Common name"</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>Indirizzo IP</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Commento</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Reindirizzamento del Gateway</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Accesso</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Modifica</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Rimuovi</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dinamico</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Abilitato</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Disabilitato</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Permesso</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Negato</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Crea o modifica</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Inserire un "Common name". Se un client si connette con un certificato contente quel "Common name", verrà utilizzata la configurazione corrispondente.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Commento (opzionale)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>Se si inserisce un indirizzo IP, esso sarà sempre associato al client che si connette con questo certificato. L'indirizzo IP deve essere nella tua rete locale (ma può essere fuori dal range della VPN), e non deve essere già in uso nella rete.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Indirizzo IP riservato</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Il reindirizzamento del gateway inoltrerà tutto il traffico dei client attraverso la VPN. Ciò proteggerà i dati in caso di connessione da reti non sicure come gli hotspot WIFI. <b>Attenzione</b>: l'abilitazione di questa opzione può rallentare la velocità di connessione ad internet (sia per i client che per le reti locali)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Reindirizzamento del Gateway</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>Si può bloccare temporaneamente un client. Questo non offre una grossa sicurezza. Se si vuole bloccare definitivamente un client è necessario revocare il suo certificato.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>Si sta per eliminare la seguente regola:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[Questa pagina visualizzerà i client attualmente collegati]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Aggiorna</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>Si è verificato un errore nell'apertura della pagina di configurazione. Verificare che il servizio sia attivo.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>Al momento non ci sono client connessi.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>Questa pagina permette di configurare il servizio</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Si desidera attivare il servizio?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Scegliere la modalità di autenticazione. "Certificate only" può essere utile nel caso di connessione tra host senza necessità di interneto umano, ma non fornice lo stesso livello di sicurezza fornito da "Certificate and login/password"</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>Scelta dell'intervallo di indirizzi IP per i client VPN. L'intervallo deve essere nella rete locale. Per cortesia, assicurarsi che nessun IP sia utilizzato in rete locale. Inserire il primo indirizzo IP</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>Primo indirizzo IP</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Inserire l'ultimo indirizzo IP</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Ultimo indirizzo IP</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[Questa scheda permette di configurare i file dei certificati utilizzati dal daemon OpenVPN. Open VPN necessita dei seguenti file:<br> - Un certificato di autenticazione (CA). Il certificati viene utilizzato per verificare i certificati dei client<br> - Un certificato server. Il certificato viene esibito ai client per assicurare che la connessione viene stabilita con il server corretto.<br> - La chiave segreta associata con il certificato del server<br> - Un file di parametri Diffie-Helman. Consentirà un cambio dinamico della chiave<br> - Una chiave segreta condivisa. Questa chiave consente un'autenticazione TLS aggiuntiva<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Inserire il certificato principale in formato pem</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Inserire il certificato del server in formasto pem</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Inserire la chiave segreta associata con il certificato del server, in formato pem</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Introdurre i parametri Diffie-Helman</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Introdurre la chiave statica condivisa. La chiave verrà utilizzata per un'autenticazione aggiuntiva. La chiave è facoltativa ma può migliorare la sicurezza.</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>La nuova configurazione è stata salvata.</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>Devi inserire un indirizzo IP valido.</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>Devi inserire un indirizzo IP valido nella tua rete locale.</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Mostra un file di configurazione client funzionante.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[Questo è un file di configurazione di esempio utilizzabile su un client.<br>Deve anche essere scaricato il file di certificazione in formato # PKCS12 (che contiene il certificato CA, il certificato utente e la chiave segreta).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Indirizzo IP reale</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>Indirizzo IP vpn</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Byte inviati</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Byte ricevuti</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Connesso da</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Disconnettersi</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Valore non corretto</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Cancellata</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans>Stai per disconnettere questo utente. Sei sicuro di voler continuare ?</trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>Il client è stato disconnesso</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" contiene dei caratteri non consentiti</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">Il servizio "bridge" deve essere abilitato.<br>Il comandi per abilitarlo sono i seguenti:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" non è un URL valido</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Inserire l'URL per aggiornare il CRL. (se phpki è attivato sul medesimo server, può essere mantenuto il valore di default)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL per aggiornare il CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>Certificato CA</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Certificato server</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Chiave privata server</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>Parametri DH</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Chiave statica</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC fa parte della crittografia del canale dati per openvpn (dove viaggiano i dati) dopo la crittografia con il cipher. L'impostazione predefinita è SHA1 insicuro, ti consigliamo di utilizzare almeno SHA256. Questa impostazione dovrebbe corrispondere sia sul server che sul client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>Algoritmo HMAC</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>Il cipher utilizzato per il tuo canale dati per openvpn. L'impostazione predefinita è utilizzare l'algoritmo BlowFish insicuro. Ti consigliamo AES-128-CBC o superiore. Questa impostazione dovrebbe corrispondere sia sul server che sul client. </trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Algoritmo di crittografia Cipher</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>Staus del link</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd restituisce il servizio come</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Per favore cambia questo parametro insicuro</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Valore suggerito</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Default</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Errore</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/ja/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/ja/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="ja">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Bridged OpenVPN daemon configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[This page lets you manage a bridged OpenVPN daemon.<br> Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Service Status</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Authentication mode</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP Address range</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Configuration rules management</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Display connected clients</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Service configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Certificates configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Certificates status</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">There's a problem with the configuration of your certificates, you should check it.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificates are ready</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Certificate only</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificate and login/password</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[This page lets you create configuration "rules". Depending on the certificate of a client, you can:<br> - Give him a fixed IP address<br> - Configure the gateway redirection<br> - Temporarily denied the access<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actual rules</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>There's no rule]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Add a rule</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Common Name</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>IPアドレス</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Comment</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway Redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Access</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>更新</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>削除</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>動的</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Enabled</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Disabled</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Allowed</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Denied</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Create or modify</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Enter a comment (Optional)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Reserved IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway redirection will forward all your client's traffic throught the VPN. This can protect their data when they connects from unsecure networks like WiFi hotspots. <b>Warning</b>: enabling this option can slow down your internet access (for both your client and your local networks)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>You are about to remove the following rule:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[This page will show you actually connected clients]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>リフレッシュ</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>An error occured while connecting to the manager. Check the service is running.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>There's no client connected at this time.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>This page lets you configure the service</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Do you want to enable the service?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>First IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Enter the last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[This page lets you configure the certification files used by OpenVPN daemon. OpenVPN needs the following files:<br> - An authoritative certificate (CA). This certificate is used to check the clients certificates<br> - A server certificate. It will be presented to the client so they are sure they are connecting to your server<br> - The secret key associated with the server certificate<br> - A Diffie-Helman parameter file. It will allow dynamic key exchange<br> - A shared secret key. This key will allow an additional TLS authentication<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Enter the master certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Enter the server certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Enter the secret key associated with the server certificate, in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Enter Diffie-Helman parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>The new settings have been saved</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>You have to enter a valid IP number</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>You have to enter an IP address in your local network</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Display a functional client configuration file</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[This is a sample configuration file to be used on clients.<br>You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Real IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bytes sent</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bytes received</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Connected since</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>未接続</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Incorrect value</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Cancelled</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans>You are going to diconnect this user. Are you sure you want to continue?</trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>The client has been disconnected</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" contains forbiden characters</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">The bridge service must be enabled.<br>The following commands will enable it:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" isn't a valid URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL to update the CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Server certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Server private key</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Static key</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>Link status</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>現在の値</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>デフォルト</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>エラー</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/nb/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/nb/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="nb">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Bridged OpenVPN daemon configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[This page lets you manage a bridged OpenVPN daemon.<br> Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Service Status</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Authentication mode</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP Address range</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Configuration rules management</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Display connected clients</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Service configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Certificates configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Certificates status</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">There's a problem with the configuration of your certificates, you should check it.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificates are ready</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Certificate only</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificate and login/password</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[This page lets you create configuration "rules". Depending on the certificate of a client, you can:<br> - Give him a fixed IP address<br> - Configure the gateway redirection<br> - Temporarily denied the access<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actual rules</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>There's no rule]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Add a rule</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Common Name</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>IP adresse</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Kommentar</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway Redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Tilgang</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Endre</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Fjern</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dynamisk</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>aktivert</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Deaktivert</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Allowed</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Denied</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Create or modify</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Enter a comment (Optional)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Reserved IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway redirection will forward all your client's traffic throught the VPN. This can protect their data when they connects from unsecure networks like WiFi hotspots. <b>Warning</b>: enabling this option can slow down your internet access (for both your client and your local networks)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>You are about to remove the following rule:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[This page will show you actually connected clients]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Oppdater</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>An error occured while connecting to the manager. Check the service is running.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>There's no client connected at this time.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>This page lets you configure the service</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Do you want to enable the service?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>First IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Enter the last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[This page lets you configure the certification files used by OpenVPN daemon. OpenVPN needs the following files:<br> - An authoritative certificate (CA). This certificate is used to check the clients certificates<br> - A server certificate. It will be presented to the client so they are sure they are connecting to your server<br> - The secret key associated with the server certificate<br> - A Diffie-Helman parameter file. It will allow dynamic key exchange<br> - A shared secret key. This key will allow an additional TLS authentication<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Enter the master certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Enter the server certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Enter the secret key associated with the server certificate, in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Enter Diffie-Helman parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>The new settings have been saved</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>You have to enter a valid IP number</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>You have to enter an IP address in your local network</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Display a functional client configuration file</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[This is a sample configuration file to be used on clients.<br>You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Real IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bytes sent</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bytes received</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Connected since</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Koble fra</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Incorrect value</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Cancelled</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans><![CDATA[ Du er i ferd med å fjerne pseudonymet:<br> <b>Er du sikker på at du vil fortsette?</b> ]]></trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>The client has been disconnected</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" contains forbiden characters</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">The bridge service must be enabled.<br>The following commands will enable it:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" isn't a valid URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL to update the CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Server certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Server private key</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Static key</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>Link status</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Gjeldende verdi</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Standard</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Feil</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/nl/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/nl/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="nl">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>OpenVPN brug dienst configuratie</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[Deze pagina laat U de OpenVPN brug dient beheren.Brug modus verbind  VPN werkstations met een IP adres in het lokale netwerk zodat zij toegang hebben tot alle diensten in het lokale netwerk.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Status van de dienst</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Authenticatie methode</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP adres bereik</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Configuratie regels beheren</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Geef verbonden systemen weer</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Configuratie van de dienst</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Certificaat configuratie</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Certificaat status</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">Er is een probleem met de configuratie van Uw certificaten, controleer dit.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificaten zijn klaar</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Alleen certificaat</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificaat met login en wachtwoord</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[Deze pagina is voor het opzetten van configuratie "regels". Afhankelijk van het werkstation certificaat kunt U:- Een vast IP adres aanwijzen<br> - Gateway verwijzing configureren<br> - Tijdelijk toegang weigeren<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actuele regels</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>Er zijn geen regels</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Voeg een regel toe</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Algemene naam</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>IP adres</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Commentaar</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway verwijzing</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Toegang</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Wijzigen</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Verwijderen</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dynamisch</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Actief</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Inactief</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Toegestaan</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Geweigerd</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Aanmaken of wijzigen</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Voer een algemene naam in. Als een werkstation verbinding maakt met een certificaat dat deze algemene naam bevat, zal de corresponderende configuratie toegepast worden.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Voer een opmerking in (optioneel)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>Als U een IP adres invoert zal dit altijd toegepast worden voor een werkstation met dit certificaat. Het IP adres moet in het lokale netwerk zijn (maar kan buiten het VPN bereik zijn). Let op dat dit IP adres niet door een ander werkstation in uw netwerk gebruikt word.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Gereserveerd IP adres</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway verwijzing zal al het werkstation's verkeer doorsturen door de VPN verbinding. Dit beveiligt hun data wanneer zij met verbinding maken met onbeveiligde netwerken zoals WiFi hotspots. <b>Waarschuwing</b>: het aanzetten van deze optie kan Internet toegang vertragen (zowel voor het werkstation en de lokale netwerken)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway verwijzing</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>U kan een werkstation tijdelijk blokkeren. Dit is niet een hele sterke beveiliging. Als U een werkstation permanent wilt blokkeren, moet U het certificaat van dat werkstation innemen.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>U staat op het punt de volgende regel te verwijderen:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[Deze pagina geeft u een overzicht van verbonden systemen]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Verversen</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>Er is een fout opgetreden bij het verbinden met de beheersservice. Controleer of der service is gestart.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>Er is momenteel niemand verbonden.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>Deze pagina stelt u in de gelegenheid de dienst te configureren</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Wilt u de service inschakelen?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Kies de autorisatie methode. "Alleen certificaat" kan handig zijn als U werkstations moet verbinden zonder menselijke interventie, maar het voorziet niet in dezelfde niveau van beveiliging als "Certificaat met login en wachtwoord".</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>Kies een IP adres serie voor VPN werkstations. Deze serie moet in het lokale netwerk passen. Controleer dat er geen andere werkstations zijn die IP adressen gebruiken in deze serie. Voer het eerste IP adres in</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>Eerste IP adres</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Voer het laatste IP adres in</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Laatste IP adres</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[Deze pagina is voor het configureren van OpenVPN certificaten. OpenVPN vereist de volgende bestanden: - Een Authoritative Certificate (CA). Dit certificaat wordt gebruikt om werkstation certificaten te controleren.<br> - Een Server Certificaat. Dit zal aan de werkstations gepresenteerd worden zodat zij zeker zijn dat ze met Uw server verbinding maken.<br> - Een geheime sleutel geassocieerd met het Server Certificaat.<br> - Een Diffie-Helman configuratie bestand. Dit staat dynamische sleutel uitwisseling toe.<br> - Een gedeelde geheime sleutel. Deze sleutel laat additionele TLS autorisatie toe.<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Voer het meester certificaat in pem formaat in</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Voer het server certificaat in pem formaat in</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Voer de geheime sleutel geassocieerd met het server certificaat in pem formaat in</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Voer de Diffie-Helman configuratie informatie in</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Voer de statische gedeelde sleutel in. Deze sleutel zal voor additionele authenticatie gebruikt worden. Deze sleutel is optioneel maar kan de beveiliging verstevigen</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>De nieuwe instellingen zijn opgeslagen</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>U moet een geldig IP nummer invoeren</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>U moet een IP adres invoeren dat in het bereik van uw locale netwerk valt</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Laat een functioneel werkstation configuratie bestand zien</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[Dit is een voorbeeld configuratie bestand voor gebruik op werkstations.U zult ook het certificaat bestand in # PKCS12 formaat moeten downloaden (dit bevat het CA certificaat, het gebruikers certificaat en de gebruikers geheime sleutel).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Echt IP adres</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP adres</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bytes verstuurd</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bytes ontvangen</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Verbonden sinds</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Verbreek</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Ongeldige waarde</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Geannuleerd</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans>U staat op het punt de verbinding van deze gebruiker te verbreken. Weet u zeker dat u wilt doorgaan?</trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>De verbinding met het systeem is verbroken</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" bevat ongeldige tekens</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">De brug dienst moet aanstaan.<br>De volgende commando's zullen het aanzetten:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" is geen geldig adres</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Voer de URL voor het aanpassen van de CRL in. (als phpki aanwezig is op dezelfde server kunt U de standaard instelling laten).</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL voor het aanpassen van de CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA certificaat</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Server certificaat</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Server privé sleutel</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH configuratie gegevens</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Statische sleutel</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>Login Status</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systeem diensten</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Huidige waarde</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Standaard</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Fout</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/pl/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/pl/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="pl">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Bridged OpenVPN daemon configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[This page lets you manage a bridged OpenVPN daemon.<br> Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Service Status</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Authentication mode</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP Address range</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Configuration rules management</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Display connected clients</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Service configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Certificates configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Certificates status</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">There's a problem with the configuration of your certificates, you should check it.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificates are ready</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Certificate only</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificate and login/password</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[This page lets you create configuration "rules". Depending on the certificate of a client, you can:<br> - Give him a fixed IP address<br> - Configure the gateway redirection<br> - Temporarily denied the access<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actual rules</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>There's no rule]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Add a rule</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Common Name</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>Adres IP</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Comment</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway Redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Dostęp</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Zmodyfikuj</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Usuń</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dynamiczny</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Enabled</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Disabled</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Allowed</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Denied</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Create or modify</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Enter a comment (Optional)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Reserved IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway redirection will forward all your client's traffic throught the VPN. This can protect their data when they connects from unsecure networks like WiFi hotspots. <b>Warning</b>: enabling this option can slow down your internet access (for both your client and your local networks)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>You are about to remove the following rule:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[This page will show you actually connected clients]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Odśwież</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>An error occured while connecting to the manager. Check the service is running.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>There's no client connected at this time.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>This page lets you configure the service</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Czy chcesz uruchomić ten test?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>First IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Enter the last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[This page lets you configure the certification files used by OpenVPN daemon. OpenVPN needs the following files:<br> - An authoritative certificate (CA). This certificate is used to check the clients certificates<br> - A server certificate. It will be presented to the client so they are sure they are connecting to your server<br> - The secret key associated with the server certificate<br> - A Diffie-Helman parameter file. It will allow dynamic key exchange<br> - A shared secret key. This key will allow an additional TLS authentication<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Enter the master certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Enter the server certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Enter the secret key associated with the server certificate, in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Enter Diffie-Helman parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>The new settings have been saved</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>You have to enter a valid IP number</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>You have to enter an IP address in your local network</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Display a functional client configuration file</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[This is a sample configuration file to be used on clients.<br>You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Real IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bytes sent</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bytes received</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Connected since</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Rozłącz</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Incorrect value</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Cancelled</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans>You are going to diconnect this user. Are you sure you want to continue?</trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>The client has been disconnected</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" contains forbiden characters</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">The bridge service must be enabled.<br>The following commands will enable it:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" isn't a valid URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL to update the CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Server certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Server private key</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Static key</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>status logowania</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Wartość Obecna</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Domyślnie</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Błąd</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/pt-br/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/pt-br/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="pt-br">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Configuração do daemon OpenVPN Bridged</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[Esta página permite que você gerencia o daemon  OpenVPN bridged.Modo Bridged permite aos clientes usando VPN ter um endereço IP na rede local tendo assim acesso a todos recursos nela disponibilizados.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Status do Serviço</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Modo de autenticação</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>região de endereços IP</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Gerenciamento de regras de configuração</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Mostrar clientes conectados</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Configuração do serviço</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Configuração dos certificados</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Status dos certificados</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">Há um problem com a configuração dos seus certificados, você precisa verificar novamente.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Os certificates estão prontos</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Apenas certificado</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificado e login/senha</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[Esta página permite você criar "perfis" de configuração. Dependendo do certificado de um cliente você pode:- Dar-lhe um endereço IP fixo<br> - Configurar um redirecionamento do gateway <br> - Temporariamente bloquear o acesso<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Perfis Atuais</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>Não há perfis]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Adicionar um perfil</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Nome Comum</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>Endereço IP</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Comentário</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway de redirecionamento</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Acesso</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Modificar</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Remover</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dinâmico</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Habilitado</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Desabilitado</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Permitido</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Negado</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Criar ou modificar</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Entre um nome comum. Se um cliente conecta com um certificado que tem esse nome comum, a configuração correspondente será aplicada.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Entre um comentário (opcional)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>Se você digitar um endereço IP, ele será sempre designado para o cliente conectando com este certificado. Este endereço IP deve ser da sua rede local (mas fora da região da VPN). Assegure-se de que este IP não esteja em uso por outro dispositivo em sua rede.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Endereço IP reservado</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway de redirecionamento encaminhará todo tráfego de seus clientes através da VPN. Isso protegerá seus dados quando eles conectam de redes inseguras como hotspots WiFi. <b>Aviso</b>: habilitando esta opção pode diminuir a velocidade de navegação na internet (tanto para seu cliente quanto para sua rede local)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway de redirecionamento</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>Você pode bloquear um cliente temporariamente. Isso não oferece uma segurança fore. Se você quer bloquear permanentemente um cliente, você deveria revogar o certificado dele.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>Você está prestes a remover a seguinte regra:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[Esta página lhe mostrará os clientes realmente conectados]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Atualizar</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>Ocorreu um erro enquanto conectando ao Gerenciador. Verifique se o serviço está rodando.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>Não há clientes conectados agora.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>Esta página permite que você configure o serviço</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Você deseja habilitar o serviço ?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Escolha o modo de autenticação. "Apenas certificado" pode ser útil se você necessita conectar hosts sem intervenção humana, mas não provê o mesmo nível de segurança que "Certificado E login/senha" </trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>Você precisa escolher uma região de endereços IP para os clientes VPN. Esta região deve estar dentro da rede local. Por favor, verifique que nenhum IP nesta região esteja sendo usado por outro host. Digite o primeiro endereço IP</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>Primeiro endereço IP</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Digite o último endereço IP</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Último endereço IP</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[Esta página permite que você configure os arquivos de certificação usados pelo daemon OpenVPN. OpenVPN precisa dos seguintes arquivos <br> - Uma autoridade certificadora (CA). Este certificado é usado para verificar os certificados dos clientes<br> - Um certificado de servidor. Ele será mostrado para o cliente para que este saiba que está se conectando ao seu servidor<br> - A chave secreta associada com o certificado do servidor<br> - Um arquivo de parâmetro Diffie-Helman. Ele permite a troca dinâmica de chave<br> - Uma chave secreta compartilhada. Esta chave permitirá uma autenticação TLS adicional<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Entre o certificado master no formato pem</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Entre o certificado do servidor no formato pem</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Entre a chave secreta associada com o certificado do servidor, no formato PEM</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Entrar com os parametros Diffie-Helman</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Entrar com a chave estática compartilhada. Esta chave será usada para uma autenticação adicional. Esta chave é opcional mas pode aumentar a segurança.</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>As novas configurações foram salvas</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>Você precisa digitar um endereço IP válido</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>Você deve digitar um endereço IP de sua rede local</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Mostrar um arquivo de configuração do cliente que funcione</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[Este é um exemplo de arquivo de configuração para ser usado em clientes.Você também deve baixar o arquivo de certificação no formato # PKCS12 (o qual contém o certificado CA, o certificado do usuário e a chave secreta do usuário).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Endereço IP real</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>Endereço IP VPN</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bytes enviados</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bytes recebidos</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Conectado desde</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Desconectado</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Valor incorreto</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Cancelado</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans>Você ira desconectar este usuário. Você tem certeza que deseja continuar?</trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>O cliente foi desconectado</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" contém caracteres proibidos</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">O serviço de bridge precisa estar ativado.<br>Os seguintes comandos irão habilitá-lo:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" não é uma URL válida</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Digite a URL para atualizar o CRL. (Se phpki estiver rodando no mesmo servidor, você pode deixar o valor padrão)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL para atualizar o CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>Certificado CA</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Certificado do Servidor</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Chave privada do Servidor</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>Parametros DH</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Chave estática</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>status do login</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Valor atual</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Padrão</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Erro</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/pt/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/pt/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="pt">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Bridged OpenVPN daemon configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[This page lets you manage a bridged OpenVPN daemon.<br> Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Service Status</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Authentication mode</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP Address range</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Configuration rules management</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Display connected clients</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Service configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Certificates configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Certificates status</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">There's a problem with the configuration of your certificates, you should check it.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificates are ready</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Certificate only</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificate and login/password</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[This page lets you create configuration "rules". Depending on the certificate of a client, you can:<br> - Give him a fixed IP address<br> - Configure the gateway redirection<br> - Temporarily denied the access<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actual rules</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>There's no rule]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Add a rule</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Common Name</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>Endereço IP</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Comentário</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway Redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Acesso</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Modificar</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Remover</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dinâmico</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Habilitado</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Desabilitado</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Allowed</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Denied</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Create or modify</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Enter a comment (Optional)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Reserved IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway redirection will forward all your client's traffic throught the VPN. This can protect their data when they connects from unsecure networks like WiFi hotspots. <b>Warning</b>: enabling this option can slow down your internet access (for both your client and your local networks)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>You are about to remove the following rule:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[This page will show you actually connected clients]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Atualizar</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>An error occured while connecting to the manager. Check the service is running.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>There's no client connected at this time.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>This page lets you configure the service</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Você deseja encaminhar estes e-mails ?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>First IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Enter the last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[This page lets you configure the certification files used by OpenVPN daemon. OpenVPN needs the following files:<br> - An authoritative certificate (CA). This certificate is used to check the clients certificates<br> - A server certificate. It will be presented to the client so they are sure they are connecting to your server<br> - The secret key associated with the server certificate<br> - A Diffie-Helman parameter file. It will allow dynamic key exchange<br> - A shared secret key. This key will allow an additional TLS authentication<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Enter the master certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Enter the server certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Enter the secret key associated with the server certificate, in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Enter Diffie-Helman parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>The new settings have been saved</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>You have to enter a valid IP number</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>You have to enter an IP address in your local network</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Display a functional client configuration file</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[This is a sample configuration file to be used on clients.<br>You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Real IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bytes sent</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bytes received</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Connected since</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Desligar</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Incorrect value</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Cancelled</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans><![CDATA[ Você está prestes a remover um pseudônimo:<br> <b>Você tem certeza que deseja continuar?</b> ]]></trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>The client has been disconnected</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" contains forbiden characters</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">The bridge service must be enabled.<br>The following commands will enable it:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" isn't a valid URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL to update the CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Server certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Server private key</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Static key</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>status do login</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Valor actual</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Padrão</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Erro</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/ro/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/ro/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="ro">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Bridged OpenVPN daemon configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[This page lets you manage a bridged OpenVPN daemon.<br> Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Service Status</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Authentication mode</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP Address range</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Configuration rules management</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Display connected clients</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Service configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Certificates configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Certificates status</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">There's a problem with the configuration of your certificates, you should check it.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificates are ready</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Certificate only</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificate and login/password</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[This page lets you create configuration "rules". Depending on the certificate of a client, you can:<br> - Give him a fixed IP address<br> - Configure the gateway redirection<br> - Temporarily denied the access<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actual rules</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>There's no rule]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Add a rule</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Common Name</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Comment</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway Redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Access</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Modifică</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Remove</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dynamic</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Activat</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Disabled</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Allowed</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Denied</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Create or modify</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Enter a comment (Optional)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Reserved IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway redirection will forward all your client's traffic throught the VPN. This can protect their data when they connects from unsecure networks like WiFi hotspots. <b>Warning</b>: enabling this option can slow down your internet access (for both your client and your local networks)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>You are about to remove the following rule:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[This page will show you actually connected clients]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Reactualizează</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>An error occured while connecting to the manager. Check the service is running.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>There's no client connected at this time.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>This page lets you configure the service</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Vreți sa retransmiteți aceste mailuri?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>First IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Enter the last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[This page lets you configure the certification files used by OpenVPN daemon. OpenVPN needs the following files:<br> - An authoritative certificate (CA). This certificate is used to check the clients certificates<br> - A server certificate. It will be presented to the client so they are sure they are connecting to your server<br> - The secret key associated with the server certificate<br> - A Diffie-Helman parameter file. It will allow dynamic key exchange<br> - A shared secret key. This key will allow an additional TLS authentication<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Enter the master certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Enter the server certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Enter the secret key associated with the server certificate, in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Enter Diffie-Helman parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>The new settings have been saved</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>You have to enter a valid IP number</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>You have to enter an IP address in your local network</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Display a functional client configuration file</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[This is a sample configuration file to be used on clients.<br>You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Real IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bytes sent</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bytes received</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Connected since</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Disconnect</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Incorrect value</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Cancelled</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans>You are going to diconnect this user. Are you sure you want to continue?</trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>The client has been disconnected</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" contains forbiden characters</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">The bridge service must be enabled.<br>The following commands will enable it:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" isn't a valid URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL to update the CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Server certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Server private key</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Static key</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>Link status</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Valoare curentă</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Implicit</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Eroare</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/ru/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/ru/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="ru">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Bridged OpenVPN daemon configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[This page lets you manage a bridged OpenVPN daemon.<br> Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Состояние службы</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Режим аутентификации</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>Диапазон IP-адресов</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Управление конфигурацией правил</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Показать подключенных клиентов</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Конфигурация службы</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Конфигурация сертификатов</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Состояние сертификатов</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">There's a problem with the configuration of your certificates, you should check it.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificates are ready</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Только сертификат</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Сертификат и логин/пароль</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[This page lets you create configuration "rules". Depending on the certificate of a client, you can:<br> - Give him a fixed IP address<br> - Configure the gateway redirection<br> - Temporarily denied the access<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actual rules</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>There's no rule]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Добавить правило</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Общее имя</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>IP адрес</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Комментарий</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway Redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Доступ</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Изменить</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Удалить</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Динамический</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Включен</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Отключен</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Разрешён</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Запрешён</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Create or modify</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Введите комментарий (необязательно)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Зарезервированные IP-адреса</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway redirection will forward all your client's traffic throught the VPN. This can protect their data when they connects from unsecure networks like WiFi hotspots. <b>Warning</b>: enabling this option can slow down your internet access (for both your client and your local networks)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>You are about to remove the following rule:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[This page will show you actually connected clients]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Обновить</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>An error occured while connecting to the manager. Check the service is running.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>There's no client connected at this time.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>На этой странице вы можете сконфигурировать службу</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Вы хотите включить службу ?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>Первый IP-адрес</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Введите последний IP-адрес</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Последний IP-адрес</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[This page lets you configure the certification files used by OpenVPN daemon. OpenVPN needs the following files:<br> - An authoritative certificate (CA). This certificate is used to check the clients certificates<br> - A server certificate. It will be presented to the client so they are sure they are connecting to your server<br> - The secret key associated with the server certificate<br> - A Diffie-Helman parameter file. It will allow dynamic key exchange<br> - A shared secret key. This key will allow an additional TLS authentication<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Введите основной сертификат в формате pem</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Введите сертификат сервера в формате pem</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Введите секретный ключ, связанный с сертификатом сервера в формате pem</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Enter Diffie-Helman parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>Новые параметры были сохранены</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>Вы должны ввести действительный номер IP</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>Вы должны ввести IP-адрес в вашей локальной сети</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Display a functional client configuration file</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[This is a sample configuration file to be used on clients.<br>You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Реальный IP-адрес</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>IP-адрес VPN</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Байт отправлено</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Байт получено</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Connected since</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Отключить</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Неверное значение</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Отменено</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans><![CDATA[ Вы собираетесь удаить псевдоним:<br> <b>Вы действительно хотите продолжить?</b> ]]></trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>Клиент был отключен</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" contains forbiden characters</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">The bridge service must be enabled.<br>The following commands will enable it:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" не допустимый URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL to update the CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA сертификат</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Сертификат сервера</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Закрытый ключ сервера</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>Параметры DH</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Статический ключ</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>статус логина</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Текущее значение</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>По умолчанию</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Ошибка</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/sl/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/sl/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="sl">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Bridged OpenVPN daemon configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[This page lets you manage a bridged OpenVPN daemon.<br> Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Service Status</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Authentication mode</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP Address range</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Configuration rules management</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Display connected clients</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Service configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Certificates configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Certificates status</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">There's a problem with the configuration of your certificates, you should check it.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificates are ready</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Certificate only</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificate and login/password</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[This page lets you create configuration "rules". Depending on the certificate of a client, you can:<br> - Give him a fixed IP address<br> - Configure the gateway redirection<br> - Temporarily denied the access<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actual rules</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>There's no rule]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Add a rule</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Common Name</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>IP naslov</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Comment</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway Redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Access</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Uredi</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Odstrani</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dynamic</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Omogoceno</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Onemogoceno</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Allowed</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Denied</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Create or modify</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Enter a comment (Optional)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Reserved IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway redirection will forward all your client's traffic throught the VPN. This can protect their data when they connects from unsecure networks like WiFi hotspots. <b>Warning</b>: enabling this option can slow down your internet access (for both your client and your local networks)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>You are about to remove the following rule:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[This page will show you actually connected clients]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Refresh</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>An error occured while connecting to the manager. Check the service is running.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>There's no client connected at this time.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>This page lets you configure the service</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Do you want to enable the service?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>First IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Enter the last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[This page lets you configure the certification files used by OpenVPN daemon. OpenVPN needs the following files:<br> - An authoritative certificate (CA). This certificate is used to check the clients certificates<br> - A server certificate. It will be presented to the client so they are sure they are connecting to your server<br> - The secret key associated with the server certificate<br> - A Diffie-Helman parameter file. It will allow dynamic key exchange<br> - A shared secret key. This key will allow an additional TLS authentication<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Enter the master certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Enter the server certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Enter the secret key associated with the server certificate, in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Enter Diffie-Helman parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>The new settings have been saved</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>You have to enter a valid IP number</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>You have to enter an IP address in your local network</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Display a functional client configuration file</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[This is a sample configuration file to be used on clients.<br>You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Real IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bytes sent</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bytes received</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Connected since</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Disconnect</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Incorrect value</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Cancelled</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans><![CDATA[ Si tik pred tem, da odstranis vzdevek:<br> <b>Ali si preprican, da to zelis?</b> ]]></trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>The client has been disconnected</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" contains forbiden characters</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">The bridge service must be enabled.<br>The following commands will enable it:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" isn't a valid URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL to update the CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Server certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Server private key</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Static key</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>Status</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Trenutna vrednost</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Privzeto</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Napaka</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/sv/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/sv/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="sv">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Konfiguration för Bridged OpenVPN daemon</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[This page lets you manage a bridged OpenVPN daemon.<br> Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Servicestatus</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Autentisieringsmod</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>Område för IP-adresserna</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Hantering av konfigureringsregler</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Visa anslutna klienter</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Tjänstekonfiguration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Konfigurering av certifikat</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Status för certifikat</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">There's a problem with the configuration of your certificates, you should check it.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificates are ready</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Endast certifikat</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certifikat och inloggning/lösenord</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[This page lets you create configuration "rules". Depending on the certificate of a client, you can:<br> - Give him a fixed IP address<br> - Configure the gateway redirection<br> - Temporarily denied the access<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actual rules</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>There's no rule]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Lägg till en regel</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Gemensamt namn</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>IP-adress</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Kommentar</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway vidarebefordran</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Åtkomst</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Ändra</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Radera</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dynamisk</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Tillåten</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Ej tillåten</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Tillåten</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Ej tillåten</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Create or modify</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Ange ett gemensamt namn. Om en klient ansluter med ett certifikat som har detta namn kommer den korresponderade konfigurationen att användas.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Ange en kommentar (option)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>Om du anger en IP-adress, kommer Ip-adressen alltid bli knuten till klienten som ansluter med detta certifikat. Denna IP-adress måste finnas på ditt lokala nätverk (men kan finnas utom VPN-omfånget). Var säker på att detta IP inte används av någon annan på ditt nätverk.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Reserverad IP-adress</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway redirection will forward all your client's traffic throught the VPN. This can protect their data when they connects from unsecure networks like WiFi hotspots. <b>Warning</b>: enabling this option can slow down your internet access (for both your client and your local networks)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway-vidarebefordran</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>Du kan tillfälligt blockera en klient. Detta ger inte ett starkt skydd. Om du önskar blockera en klient permanent skall du ta bort klientens certifikat.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>You are about to remove the following rule:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[This page will show you actually connected clients]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Uppdatera</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>An error occured while connecting to the manager. Check the service is running.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>There's no client connected at this time.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>Denna sida låter dig konfigurera tjänsten</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Vill du aktivera denna tjänst ?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Välj autentisieringsmetod. "Endast certifikat" kan vara användbart om du behöver ansluta värdar utan manuell inblandning, men detta ger inte samma säkerhetsnivå som "Certifikat och lösenord" ger</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>Du har valt ett IP-adressområde för VPN-klienter. Detta område måste vara inom det lokala nätverkets område. Kontrollera så att ingen annan använder en IP-adress inom detta område. Ange den första IP-adressen</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>Första IP-adressen</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Ange den sista IP-adressen</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Sista IP-adressen</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[This page lets you configure the certification files used by OpenVPN daemon. OpenVPN needs the following files:<br> - An authoritative certificate (CA). This certificate is used to check the clients certificates<br> - A server certificate. It will be presented to the client so they are sure they are connecting to your server<br> - The secret key associated with the server certificate<br> - A Diffie-Helman parameter file. It will allow dynamic key exchange<br> - A shared secret key. This key will allow an additional TLS authentication<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Ange mastercertifikatet i pem-format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Ange servercertifikatet i pem-format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Ange den hemliga nyckel som är associerad med servercertifikatet i pem-format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Ange Diffie-Helman parametrarna</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Ange den statiska delade nyckeln. Denna nyckel kommer att användas som extra autentisiering. Denna nyckel är valbar men den kan förstärka säkerheten</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>De nya inställningarna har sparats</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>Du måste ange ett giltigt IP-nummer</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>Du måste ange en IP-adress i ditt lokala nätverk</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Visa en fungerande konfigurationsfil för en klient</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[This is a sample configuration file to be used on clients.<br>You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Verklig IP-adress</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP-adress</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Skickade bytes</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Mottagna bytes</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Ansluten sedan</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Koppla ifrån</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Ogiltigt värde</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Avbruten</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans>Du håller på att koppla ifrån denna användare. Är du säker på att du vill fortsätta ?</trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>Klienten har blivit frånkopplad</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" innehåller otillåtna tecken</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">The bridge service must be enabled.<br>The following commands will enable it:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" är inte en tillåten URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Ange URL för att uppdatera CRL (om phpki körs på samma server så kan du använda det förvalda värdet)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL för att uppdatera CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA certifikat</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Servercertifikat</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Serverns privata nyckel</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH-parametrar</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Statisk nyckel</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>inloggningsstatus</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemtjänster</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Aktuellt värde</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Förvalt</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Fel</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/th/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/th/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="th">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Bridged OpenVPN daemon configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[This page lets you manage a bridged OpenVPN daemon.<br> Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Service Status</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Authentication mode</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP Address range</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Configuration rules management</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Display connected clients</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Service configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Certificates configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Certificates status</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">There's a problem with the configuration of your certificates, you should check it.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificates are ready</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Certificate only</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificate and login/password</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[This page lets you create configuration "rules". Depending on the certificate of a client, you can:<br> - Give him a fixed IP address<br> - Configure the gateway redirection<br> - Temporarily denied the access<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actual rules</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>There's no rule]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Add a rule</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Common Name</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>หมายเลข IP</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>บันทึกเพิ่มเติม</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway Redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>สิทธิการเข้าถึง</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>แก้ไข</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>ลบ</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dynamic</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>เปิดใช้งาน</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>ปิดไม่ใช้งาน</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Allowed</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Denied</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Create or modify</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Enter a comment (Optional)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Reserved IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway redirection will forward all your client's traffic throught the VPN. This can protect their data when they connects from unsecure networks like WiFi hotspots. <b>Warning</b>: enabling this option can slow down your internet access (for both your client and your local networks)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>You are about to remove the following rule:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[This page will show you actually connected clients]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>เขียนจอใหม่, ฟื้นฟู, เรียกใหม่</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>An error occured while connecting to the manager. Check the service is running.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>There's no client connected at this time.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>This page lets you configure the service</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Do you want to enable the service?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>First IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Enter the last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[This page lets you configure the certification files used by OpenVPN daemon. OpenVPN needs the following files:<br> - An authoritative certificate (CA). This certificate is used to check the clients certificates<br> - A server certificate. It will be presented to the client so they are sure they are connecting to your server<br> - The secret key associated with the server certificate<br> - A Diffie-Helman parameter file. It will allow dynamic key exchange<br> - A shared secret key. This key will allow an additional TLS authentication<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Enter the master certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Enter the server certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Enter the secret key associated with the server certificate, in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Enter Diffie-Helman parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>The new settings have been saved</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>You have to enter a valid IP number</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>You have to enter an IP address in your local network</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Display a functional client configuration file</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[This is a sample configuration file to be used on clients.<br>You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Real IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bytes sent</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bytes received</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Connected since</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Disconnect</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Incorrect value</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Cancelled</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans><![CDATA[ คุณกำลังจะลบนามแฝง:<br> <b>คุณแน่ใจที่จะทำการลบนี้หรือไม่ ?</b> ]]></trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>The client has been disconnected</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" contains forbiden characters</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">The bridge service must be enabled.<br>The following commands will enable it:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" isn't a valid URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL to update the CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Server certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Server private key</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Static key</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>Link status</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>ค่าปัจจุบัน</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>ค่าปริยาย</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>ข้อผิดพลาด</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/tr/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/tr/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="tr">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Bridged OpenVPN daemon configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[This page lets you manage a bridged OpenVPN daemon.<br> Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>Service Status</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>Authentication mode</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP Address range</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>Configuration rules management</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>Display connected clients</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>Service configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>Certificates configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>Certificates status</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">There's a problem with the configuration of your certificates, you should check it.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificates are ready</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Certificate only</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificate and login/password</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[This page lets you create configuration "rules". Depending on the certificate of a client, you can:<br> - Give him a fixed IP address<br> - Configure the gateway redirection<br> - Temporarily denied the access<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actual rules</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>There's no rule]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>Add a rule</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>Common Name</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>IP Adresi</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>Açıklama</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>Gateway Redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>Giriş</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>Değiştir</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>Kaldır</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>Dynamic</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>Etkin</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>Etkin değil</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>Allowed</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>Denied</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Create or modify</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>Enter a comment (Optional)</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network.</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>Reserved IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway redirection will forward all your client's traffic throught the VPN. This can protect their data when they connects from unsecure networks like WiFi hotspots. <b>Warning</b>: enabling this option can slow down your internet access (for both your client and your local networks)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>Gateway redirection</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>You are about to remove the following rule:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[This page will show you actually connected clients]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>Yenile</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>An error occured while connecting to the manager. Check the service is running.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>There's no client connected at this time.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>This page lets you configure the service</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>Do you want to enable the service?</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>First IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>Enter the last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>Last IP Address</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[This page lets you configure the certification files used by OpenVPN daemon. OpenVPN needs the following files:<br> - An authoritative certificate (CA). This certificate is used to check the clients certificates<br> - A server certificate. It will be presented to the client so they are sure they are connecting to your server<br> - The secret key associated with the server certificate<br> - A Diffie-Helman parameter file. It will allow dynamic key exchange<br> - A shared secret key. This key will allow an additional TLS authentication<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Enter the master certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Enter the server certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Enter the secret key associated with the server certificate, in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Enter Diffie-Helman parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>The new settings have been saved</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>You have to enter a valid IP number</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>You have to enter an IP address in your local network</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Display a functional client configuration file</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[This is a sample configuration file to be used on clients.<br>You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>Real IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP address</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>Bytes sent</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>Bytes received</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>Connected since</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>Disconnect</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>Incorrect value</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>Cancelled</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans><![CDATA[ Takma adı silmek üzeresiniz:<br> <b>Devam etmek istediğinizden eminmisiniz?</b> ]]></trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>The client has been disconnected</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" contains forbiden characters</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">The bridge service must be enabled.<br>The following commands will enable it:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" isn't a valid URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL to update the CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>Server certificate</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>Server private key</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Static key</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>algoritma</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>oturum durumu</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>Güncel değer</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>Varsayılan</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>Hata</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/zh-cn/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/zh-cn/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="zh-cn">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>Bridged OpenVPN daemon configuration</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[This page lets you manage a bridged OpenVPN daemon.<br> Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>服务状态</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>认证模式</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP 地址范围</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>规则配置管理</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>显示已连接的客户端</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>服务配置</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>证书配置</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>证书状态</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">There's a problem with the configuration of your certificates, you should check it.</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">Certificates are ready</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>Certificate only</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>Certificate and login/password</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[This page lets you create configuration "rules". Depending on the certificate of a client, you can:<br> - Give him a fixed IP address<br> - Configure the gateway redirection<br> - Temporarily denied the access<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>Actual rules</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>There's no rule]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>添加规则</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>通用名称</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>IP地址</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>备注</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>网关重定向</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>访问</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>修改</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>移除</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>动态的</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>启用</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>禁用</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>允许的</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>拒绝的</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>Create or modify</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied.</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>请输入注释（可选项）</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>如果输入IP地址， 它就会与客户端证书相关联。该IP地址必须在本地网络（但可以在VPN分配范围之外）。请确保这个IP没有被本地其他机器占用。</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>预设IP地址</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[Gateway redirection will forward all your client's traffic throught the VPN. This can protect their data when they connects from unsecure networks like WiFi hotspots. <b>Warning</b>: enabling this option can slow down your internet access (for both your client and your local networks)]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>网关重定向</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>您可以临时阻止某个客户端访问。这只具有临时的安全性。如果您想要永久禁止某个客户端，您只需删除它的证书即可。</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>You are about to remove the following rule:</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[This page will show you actually connected clients]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>刷新</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>An error occured while connecting to the manager. Check the service is running.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>There's no client connected at this time.</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>这个页面允许您配置服务</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>是否启用该服务？</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>请选择认证模式。“只需要证书”选项无须人机交互，但它的安全性不如“证书和账户及密码”。</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>您必须选择VPN客户端的IP地址范围。IP地址范围必须在本地网络之内。请检查这个范围内的IP没有被其它机器占用。请输入起始IP地址</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>第一个IP地址</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>请输入最后一个IP地址</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>最后一个IP地址</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[This page lets you configure the certification files used by OpenVPN daemon. OpenVPN needs the following files:<br> - An authoritative certificate (CA). This certificate is used to check the clients certificates<br> - A server certificate. It will be presented to the client so they are sure they are connecting to your server<br> - The secret key associated with the server certificate<br> - A Diffie-Helman parameter file. It will allow dynamic key exchange<br> - A shared secret key. This key will allow an additional TLS authentication<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>Enter the master certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>Enter the server certificate in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>Enter the secret key associated with the server certificate, in pem format</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>Enter Diffie-Helman parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>新的设置已被保存</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>您输入了无效的IP地址</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>必须输入本地网络的IP地址</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>Display a functional client configuration file</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[This is a sample configuration file to be used on clients.<br>You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>真实IP地址</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP 地址</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>发送字节</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>收到字节</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>连接始于</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>断开</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>不正确的值</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>删除的</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans>即将断开这个用户。是否继续？</trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>客户端已被断开</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}" 包含被禁止的字符</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">The bridge service must be enabled.<br>The following commands will enable it:<br>db configuration setprop bridge status enabled<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}" 不是有效的URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value)</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL to update the CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA 证书</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>服务器证书</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>服务器私钥</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH parameters</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>Static key</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>mailman状态</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>当前值</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>默认</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>错误</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/locale/zh-tw/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/locale/zh-tw/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,452 @@
+<lexicon lang="zh-tw">
+	<entry>
+    	<base>FORM_TITLE</base>
+    	<trans>橋接OpenVPN背景服務設定</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_FIRST_PAGE</base>
+    	<trans><![CDATA[此頁面讓您管理橋接OpenVPN背景程式。<br>橋接模式允許VPN終端機擁有區網中的IP位址，因此，他們有權存取您區網中的任一資源。<br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_STATUS</base>
+    	<trans>服務狀態</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_AUTH_TYPE</base>
+    	<trans>認證模式</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_IP_POOL</base>
+    	<trans>IP位址範圍</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULE_BUTTON</base>
+    	<trans>設定規則管理</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_SHOW_CLIENTS_BUTTON</base>
+    	<trans>顯示連接終端機</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_BUTTON</base>
+    	<trans>服務設定</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_BUTTON</base>
+    	<trans>憑證設定</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_STATUS</base>
+    	<trans>憑證狀態</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_ERROR</base>
+    	<trans><![CDATA[<span style="color:red">您的憑證設定有問題，您應當檢查它。</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_CONFIG_OK</base>
+    	<trans><![CDATA[<span style="color:green">憑證已就緒</span>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_ONLY</base>
+    	<trans>憑證專用</trans>
+    </entry>
+
+	<entry>
+    	<base>CRT_WITH_PASS</base>
+    	<trans>憑證與登入／密碼</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES_PAGE</base>
+    	<trans><![CDATA[此頁面讓您建立設定＂規則＂。根據終端機憑證，您能：<br> - 給他固定IP位址<br> - 設定閘道轉向<br> - 暫時拒絕存取<br> ]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_RULES</base>
+    	<trans><![CDATA[<b>實際規則</b>]]></trans>
+    </entry>
+NO_RULE
+	<entry>
+    	<base>NO_RULE</base>
+    	<trans><![CDATA[<b>尚無規則]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_RULE_BUTTON</base>
+    	<trans>增加規則</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMON_NAME</base>
+    	<trans>通用名稱</trans>
+    </entry>
+
+	<entry>
+    	<base>IP_ADDRESS</base>
+    	<trans>IP 地址</trans>
+    </entry>
+
+	<entry>
+    	<base>COMMENT</base>
+    	<trans>備註</trans>
+    </entry>
+
+	<entry>
+    	<base>GATEWAY_REDIRECTION</base>
+    	<trans>閘道再導向</trans>
+    </entry>
+
+	<entry>
+    	<base>ACCESS</base>
+    	<trans>存取</trans>
+    </entry>
+
+	<entry>
+    	<base>MODIFY</base>
+    	<trans>修改</trans>
+    </entry>
+
+	<entry>
+    	<base>REMOVE</base>
+    	<trans>移除</trans>
+    </entry>
+
+	<entry>
+    	<base>DYNAMIC</base>
+    	<trans>動態的</trans>
+    </entry>
+
+	<entry>
+    	<base>ENABLED</base>
+    	<trans>啟用</trans>
+    </entry>
+
+	<entry>
+    	<base>DISABLED</base>
+    	<trans>禁用</trans>
+    </entry>
+
+	<entry>
+    	<base>ALLOWED</base>
+    	<trans>允許的</trans>
+    </entry>
+
+	<entry>
+    	<base>DENIED</base>
+    	<trans>拒絕的</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ADD_OR_MODIFY_PAGE</base>
+    	<trans><![CDATA[<b>建立或修正</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMON_NAME</base>
+    	<trans>輸入通用名稱。倘若終端的連接伴隨指定的通用名稱，將套用符應的設定值。</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_COMMENT</base>
+    	<trans>請輸入註釋（選項）</trans>
+   </entry>
+
+	<entry>
+    	<base>DESC_RESERVED_IP</base>
+    	<trans>倘若輸入IP位址，它將被終端連接的憑證所影響。該IP位址必須在區網（但可在VPN分配範圍之外）。請確保此IP沒有被網路其他主機佔用。</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_RESERVED_IP</base>
+    	<trans>保留的IP位址</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_GW_REDIRECTION</base>
+    	<trans><![CDATA[閘道再導向將透過VPN轉送所有終端流量。此能保護其資料，尤其是當其資料連接是來自於不安全的網路如WiFi熱點。<b>注意</b>：啟用此選項會降低網際網路存取速度（包含終端主機和區網）]]></trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_GW_REDIRECTION</base>
+    	<trans>閘道再導向</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_ACCESS</base>
+    	<trans>您可以暫時鎖定某終端機。這無法提供足夠的安全性。倘若您欲永久拒絕某終端機，您應取消該終端機的憑證。</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_REMOVE_PAGE</base>
+    	<trans><![CDATA[<b>即將移除後續規則：</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONNECTED_CLIENTS_PAGE</base>
+    	<trans><![CDATA[此頁面顯示已實際連接的終端機]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REFRESH</base>
+    	<trans>重新整理</trans>
+    </entry>
+
+	<entry>
+    	<base>ERROR_CONNECT_TO_MANAGER</base>
+    	<trans><![CDATA[<b>連接到控制台出錯。請檢查服務是否執行。</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NO_CLIENTS_CONNECTED</base>
+    	<trans><![CDATA[<b>此時無終端機連接。</b>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CONFIG_PAGE</base>
+    	<trans>此頁面允許您設定服務</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_STATUS</base>
+    	<trans>是否啟用該服務？</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_AUTH_TYPE</base>
+    	<trans>請選擇認證模式。倘若您需要無人為干預的方式連結主機，＂只有憑證＂將是有用的，但其無法提供如同＂憑證與登入／密碼＂同等級的安全性。</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_START_POOL</base>
+    	<trans>您必須為VPN終端機選擇IP位址範圍。此範圍必須在區網內。請檢查此範圍內的IP位址沒有被其它機器使用。請輸入起始IP位址</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_START_POOL</base>
+    	<trans>第一IP位址</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_END_POOL</base>
+    	<trans>請輸入最後的IP位址</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_END_POOL</base>
+    	<trans>最後的IP位址</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_CONFIG_PAGE</base>
+    	<trans><![CDATA[此頁面可讓您藉由OpenVPN背景程式設定憑證檔。OpenVPN需要下列檔案：<br> - 授權憑證(CA)。該憑證被用來檢測終端機的憑證<br> - 伺服器憑證。他將被顯示到終端機使得他們可以確認他們正連接到伺服器<br> - 安全金鑰與伺服器連結<br> - Diffie-Helman金鑰交換參數檔。它將允許動態金鑰交換<br> - 共享安全金鑰。此金鑰將允許增加TLS授權<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CA_PEM</base>
+    	<trans>以pem格式輸入主要授權</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRT_PEM</base>
+    	<trans>以pem格式輸入伺服器授權</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_KEY_PEM</base>
+    	<trans>以pem格式連結伺服器授權輸入安全金鑰</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DH_PEM</base>
+    	<trans>輸入Diffie-Helman金鑰交換參數</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_TA_PEM</base>
+    	<trans>輸入靜態共享金鑰。此金鑰將被用來額外授權。該金鑰為選擇性，但可強化安全性。</trans>
+    </entry>
+
+	<entry>
+    	<base>SUCCESS</base>
+    	<trans>新設定已保存</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_IP</base>
+    	<trans>您必須輸入有效的IP位址</trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_IN_LOCAL_NET</base>
+    	<trans>您必須在區網中輸入有效的IP位址</trans>
+    </entry>
+
+	<entry>
+    	<base>SHOW_SAMPLE_CONFIG</base>
+    	<trans>顯示功能性終端機設定檔</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_DISPLAY_CLIENT_CONF</base>
+    	<trans><![CDATA[此為終端機中使用的樣本設定檔。<br>您亦須以# PKCS12格式下載認證檔（包含CA認證、使用者認證與使用者安全金鑰ret key）。<br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>REAL_IP</base>
+    	<trans>真實IP位址</trans>
+    </entry>
+
+	<entry>
+    	<base>VIRTUAL_IP</base>
+    	<trans>VPN IP位址</trans>
+    </entry>
+
+	<entry>
+    	<base>SENT</base>
+    	<trans>傳送位元</trans>
+    </entry>
+
+	<entry>
+    	<base>RECEIVED</base>
+    	<trans>接收位元</trans>
+    </entry>
+
+	<entry>
+    	<base>CONNECTED_SINCE</base>
+    	<trans>連接源於</trans>
+    </entry>
+
+	<entry>
+    	<base>DISCONNECT</base>
+    	<trans>中斷連線</trans>
+    </entry>
+
+	<entry>
+    	<base>BAD_VALUE</base>
+    	<trans>錯誤值</trans>
+    </entry>
+
+
+	<entry>
+    	<base>CANCELED</base>
+    	<trans>已刪除的</trans>
+    </entry>
+	
+	<entry>
+    	<base>DESC_CLIENT_DISCONECT_PAGE</base>
+    	<trans>您即將中斷此使用者。您確定要繼續？</trans>
+    </entry>
+	
+	<entry>
+    	<base>CLIENT_DISCONNECTED</base>
+    	<trans>此終端機已中斷</trans>
+    </entry>
+
+	<entry>
+    	<base>INVALID_CHARS</base>
+    	<trans>"{$string}"包含禁止字元</trans>
+    </entry>
+
+	<entry>
+    	<base>BRIDGE_NOT_ENABLED</base>
+    	<trans><![CDATA[<span style="color:red">橋接服務需啟動。<br>下列命令將啟用它：<br>資料庫設定橋接狀態啟動<br>/etc/init.d/bridge start</span><br><br>]]></trans>
+    </entry>
+
+	<entry>
+    	<base>NOT_A_VALID_URL</base>
+    	<trans>"{$string}"不是有效URL</trans>
+    </entry>
+
+	<entry>
+    	<base>DESC_CRL_URL</base>
+    	<trans>輸入網址更新憑證撤銷清單。（若phpki同時在伺服器上執行，您可使用預設值）</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRL_URL</base>
+    	<trans>URL更新CRL</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CA_PEM</base>
+    	<trans>CA憑證</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_CRT_PEM</base>
+    	<trans>伺服器憑證</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_KEY_PEM</base>
+    	<trans>伺服器私鑰</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_DH_PEM</base>
+    	<trans>DH參數</trans>
+    </entry>
+
+	<entry>
+    	<base>LABEL_TA_PEM</base>
+    	<trans>靜態金鑰</trans>
+    </entry>
+    <entry>
+        <base>DESC_HMAC</base>
+        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
+    </entry>
+    <entry>
+        <base>LABEL_HMAC</base>
+        <trans>HMAC algorithm</trans>
+    </entry>
+    <entry>
+        <base>DESC_CIPHER</base>
+        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
+    </entry>
+    <entry>
+        <base>LABEL_CIPHER</base>
+        <trans>Cipher encryption algorithm</trans>
+    </entry>
+    <entry>
+        <base>LINK</base>
+        <trans>Mailman狀態</trans>
+    </entry>
+    <entry>
+        <base>UP</base>
+        <trans>Up</trans>
+    </entry>
+    <entry>
+        <base>SYSTEMD_RETURNED</base>
+        <trans>Systemd returned service as</trans>
+    </entry>
+    <entry>
+        <base>CHANGEME_INSECURE</base>
+        <trans>Please change this insecure parameter</trans>
+    </entry>
+    <entry>
+        <base>SUGGESTED</base>
+        <trans>現值</trans>
+    </entry>
+    <entry>
+        <base>DEFAULT</base>
+        <trans>預設</trans>
+    </entry>
+    <entry>
+        <base>ERROR</base>
+        <trans>錯誤</trans>
+    </entry>
+
+</lexicon>
--- a/root/etc/e-smith/templates.metadata/etc/openvpn/bridge/management-pass.txt
+++ b/root/etc/e-smith/templates.metadata/etc/openvpn/bridge/management-pass.txt
@ -0,0 +1,4 @@
+PERMS=0600
+UID="root"
+GID="root"
+
--- a/root/etc/e-smith/templates/etc/crontab/openvpn-bridge-crl
+++ b/root/etc/e-smith/templates/etc/crontab/openvpn-bridge-crl
@ -0,0 +1,7 @@
+{
+my $url = ${'openvpn-bridge'}{'CrlUrl'} || '';
+if ($url =~ /^http(s)?:\/\/.*$/){
+	$OUT .= "# Update OpenVPN bridge's CRL\n";
+	$OUT .= "5 * * * * root /etc/e-smith/events/actions/openvpn-bridge-update-crl 2>&1 /dev/null\n";
+}
+}
--- a/root/etc/e-smith/templates/etc/openvpn/bridge/ccd/.gitignore
+++ b/root/etc/e-smith/templates/etc/openvpn/bridge/ccd/.gitignore
--- a/root/etc/e-smith/templates/etc/openvpn/bridge/management-pass.txt/10pass
+++ b/root/etc/e-smith/templates/etc/openvpn/bridge/management-pass.txt/10pass
@ -0,0 +1,7 @@
+{
+	my $management = ${'openvpn-bridge'}{'management'} || 'localhost:11194:password';
+    my @param = split(/:/,$management);
+    my $pass = $param[2];
+    $OUT = "$pass";
+
+}
--- a/root/etc/e-smith/templates/etc/openvpn/bridge/management-pass.txt/template-begin
+++ b/root/etc/e-smith/templates/etc/openvpn/bridge/management-pass.txt/template-begin
--- a/root/etc/e-smith/templates/etc/openvpn/bridge/management-pass.txt/template-end
+++ b/root/etc/e-smith/templates/etc/openvpn/bridge/management-pass.txt/template-end
--- a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/10dev
+++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/10dev
@ -0,0 +1,23 @@
+# Virtual Interface Configuration
+{
+    my $OUT='';
+    my $protocol = ${'openvpn-bridge'}{protocol} || 'udp';
+    my $port='';
+    if ($protocol eq 'udp'){
+        $port = ${'openvpn-bridge'}{UDPPort} || '1194';	
+    }
+    if ($protocol eq 'tcp'){
+        $port = ${'openvpn-bridge'}{TCPPort} || '1194';
+        $protocol = 'tcp-server';
+    }
+    my $tapIf = ${'openvpn-bridge'}{tapIf} || 'tap0';
+
+$OUT .=<<"HERE";
+
+port $port
+proto $protocol
+dev $tapIf
+
+HERE
+
+}
--- a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/20daemon
+++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/20daemon
@ -0,0 +1,8 @@
+# Drop down privileges
+user nobody
+group nobody
+chroot /etc/openvpn/bridge
+
+persist-key
+persist-tun
+
--- a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/30cert
+++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/30cert
@ -0,0 +1,18 @@
+# Certificates config
+dh pub/dh.pem
+ca pub/cacert.pem
+cert pub/cert.pem
+key priv/key.pem
+tls-server
+
+{
+
+$OUT .= "tls-auth priv/takey.pem 0\n" if 
+    (-e "/etc/openvpn/bridge/priv/takey.pem" && 
+    !-z "/etc/openvpn/bridge/priv/takey.pem");
+
+}
+
+# CRL file for certificates verification
+crl-verify pub/cacrl.pem
+
--- a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/35encryption
+++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/35encryption
@ -0,0 +1,33 @@
+{
+    #HMAC default is SHA1 if empty, we really want higher on new setup, but keep empty for default on existing one...
+    # need to be changed on both side
+    my $HMAC = ( ${'openvpn-bridge'}{'HMAC'} ) ?  ${'openvpn-bridge'}{'HMAC'} : undef;
+    # cipher default to BF if empty,  we really want higher on new setup, but keep empty for default on existing one...
+    # # here openvpn uses encrypt-then-mc so no issue using CBC rather than GCM, and GCM not implemented before openvpn 2.4 for data channel
+    my $cipher = ( ${'openvpn-bridge'}{'Cipher'} && ${'openvpn-bridge'}{'Cipher'} ne 'auto')? ${'openvpn-bridge'}{'Cipher'}  : undef;
+
+    ## we do not want any tls 1.1 or lower, this does not break anything to force, unless the client is very old and limited to 1.1 or lower
+    my $tlsVmin = (  ${'openvpn-bridge'}{'tlsVmin'} && ( ${'openvpn-bridge'}{'tlsVmin'} =~ /^1\.[0-9]{1}$/  ) ) ? ${'openvpn-bridge'}{'tlsVmin'}  : "1.2";
+    # TLS 1.3 encryption settings
+    my $tlsCipherSuites13 = (  ${'openvpn-bridge'}{'tlsCipherSuites13'} ) ?  ${'openvpn-bridge'}{'tlsCipherSuites13'} : "TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
+    # # TLS 1.2 encryption settings
+    my $tlsCipher12 = (  ${'openvpn-bridge'}{'tlsCipher12'} ) ? ${'openvpn-bridge'}{'tlsCipher12'} : "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256";
+
+
+
+     $OUT .= "#securing control channel\n";
+     $OUT .= "tls-version-min $tlsVmin\n";
+     $OUT .= "tls-cipher $tlsCipher12\n" if defined $tlsCipher12;
+     $OUT .= "tls-ciphersuites $tlsCipherSuites13\n" if defined $tlsCipherSuites13;
+     #$OUT .= "# we might be able to disable dh param with this one, NSA-'s recommended curve\n";
+     #$OUT .= "ecdh-curve secp384r1\n";
+
+     # data channel
+     $OUT .= "#securing data channel\n";
+     $OUT .= (defined $cipher) ? "cipher $cipher\n" : "# no cipher defined default to Blowfish, this is INSECURE, please consider AES-128-CBC or higher on both client and server\n";
+     #auth SHA512
+     $OUT .= (defined $HMAC )? "auth $HMAC\n" : "# no HMAC defined, default to SHA1, please consider SHA256 or higher on both client and server\n";
+
+
+
+}
--- a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/40userAuth
+++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/40userAuth
@ -0,0 +1,27 @@
+# Plugin for user-auth
+{
+    my $userAuth = ${'openvpn-bridge'}{userAuth} || 'CrtWithPass';
+    if ($userAuth eq 'CrtWithPass'){
+        # This the the old default location of the plugin
+        my $plugin = "/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so";
+        # This is the new (since openvpn 2.3.1-2) of the plugin, for x86
+        if ( -e "/usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so" ){
+            $plugin = "/usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so";
+        }
+        # Same for x86_64
+        elsif ( -e "/usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so" ){
+            $plugin = "/usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so";
+        }
+        # This is the location for openvpn before 2.3.1-2
+        elsif ( -e "/usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so" ){
+            $plugin = "/usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so";
+        }
+        # Same for x86_64
+        elsif ( -e "/usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so" ){
+            $plugin = "/usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so";
+        }
+        $OUT .= "plugin " . $plugin . " login\n";
+    }
+	$OUT .= '';
+}
+
--- a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/50server_mode
+++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/50server_mode
@ -0,0 +1,9 @@
+# Server mode
+{
+    my $OUT = '';
+    my $ip = $LocalIP;
+    my $netmask = $LocalNetmask;
+    my $min = ${'openvpn-bridge'}{startPool} || '';
+    my $max = ${'openvpn-bridge'}{endPool} || '';
+    $OUT = "server-bridge $ip $netmask $min $max\n";
+}
--- a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/60options
+++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/60options
@ -0,0 +1,48 @@
+# Options
+{
+
+my $mtuTest = ${'openvpn-bridge'}{mtuTest} || 'enabled';
+my $tunMtu = ${'openvpn-bridge'}{tunMtu};
+my $fragment = ${'openvpn-bridge'}{fragment};
+my $redirectGW = ${'openvpn-bridge'}{redirectGW} || 'PerClient';
+my $proto = ${'openvpn-bridge'}{protocol} || 'udp';
+my $duplicate = ${'openvpn-bridge'}{duplicateCN} || 'disabled';
+my $passtos = ${'openvpn-bridge'}{PassTOS} || 'enabled';
+
+if ($proto eq 'tcp'){
+    $mtuTest = 'disabled';
+    $fragment = '';
+}
+
+$OUT .=<<"HERE";
+keepalive 10 120
+push "dhcp-option DOMAIN $DomainName"
+push "dhcp-option DNS $LocalIP"
+push "dhcp-option WINS $LocalIP"
+
+HERE
+
+if ($mtuTest eq 'enabled'){
+    $OUT .= "mtu-test\n";
+}
+elsif (($mtuTest eq 'disabled')){
+    if ($tunMtu ne ''){
+        $OUT .= "tun-mtu $tunMtu\n";
+    }
+    if (($proto eq 'udp') && ($fragment ne '')){
+        $OUT .= "fragment $fragment\nmssfix\n";
+    }
+}
+
+if ($duplicate eq 'enabled'){
+    $OUT .= "duplicate-cn\n";
+}
+
+if ($passtos eq 'enabled'){
+    $OUT .= "passtos\n";
+}
+
+}
+
+nice 5
+
--- a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/65routes
+++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/65routes
@ -0,0 +1,33 @@
+# Routes
+
+{
+
+my $pushRoutes =  ${'openvpn-bridge'}{PushLocalNetworks} || 'enabled';
+my $redirectGW = ${'openvpn-bridge'}{redirectGW} || 'PerClient';
+
+use esmith::NetworksDB;
+my $ndb = esmith::NetworksDB->open_ro() ||
+    die('Can not open Networks DB');
+
+my @networks = $ndb->networks();
+
+if ($redirectGW eq 'always'){
+    $OUT .= "push \"redirect-gateway def1\"\n";
+}
+elsif ($pushRoutes eq 'enabled'){
+    foreach my $network (@networks) {
+        my $route = '';
+        my $addr = $network->key;
+        my $mask = $network->prop('Mask');
+        my $gw = $network->prop('Router') || '';
+        my $vpn = $network->prop('VPN') || '';
+        my $doPush = $network->prop('PushRoute') || 'enabled';
+        if ( ($gw ne '' || $vpn ne '')  && $doPush eq 'enabled' ){
+            $route .= "push \"route $addr $mask";
+            $route .= " $gw" if ($vpn eq '');
+            $OUT .= "$route\"\n";
+        }
+    }
+}
+
+}
--- a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/70management
+++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/70management
@ -0,0 +1,7 @@
+# Management interface
+{
+    my $management = ${'openvpn-bridge'}{'management'} || 'localhost:11194:password';
+    my ($host,$port,$pass) = split(/:/,$management);
+    $OUT ="management $host $port management-pass.txt\n";
+
+}
--- a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/80clients
+++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/80clients
@ -0,0 +1,27 @@
+# Clients options
+{
+    my $OUT = '';
+    my $maxClient = ${'openvpn-bridge'}{maxClients} || '20';
+    my $clientToClient = ${'openvpn-bridge'}{clientToClient} || 'disabled';
+    my $compLzo = ${'openvpn-bridge'}{compLzo} || 'enabled';
+    my $configRequired = ${'openvpn-bridge'}{ConfigRequired} || 'disabled';
+
+    if ($clientToClient eq 'enabled'){
+        $OUT .= "client-to-client\n";
+    }
+	
+    $OUT .= "client-config-dir ccd\n";
+
+    if ($configRequired eq 'enabled'){
+        $OUT .= 'ccd-exclusive\n';
+    }
+	
+    $OUT .= "max-clients $maxClient\n";
+	
+    if ( $compLzo eq 'enabled'){
+        $OUT .= "comp-lzo adaptive\n";
+        $OUT .= "push \"comp-lzo adaptive\"\n";
+    }
+    $OUT .= '';
+}
+
--- a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/90log
+++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/90log
@ -0,0 +1,9 @@
+# Log
+status-version 2
+status bridge-status.txt
+{
+	my $OUT = '';
+	my $verb = ${'openvpn-bridge'}{verbose} || '3';
+	$OUT .= "verb $verb\n";
+}
+log-append /var/log/openvpn-bridge/openvpn-bridge.log
--- a/root/etc/e-smith/web/functions/openvpnbridge
+++ b/root/etc/e-smith/web/functions/openvpnbridge
@ -0,0 +1,373 @@
+#! /usr/bin/perl -wT
+# vim: ft=xml:
+
+#----------------------------------------------------------------------
+# heading     : Configuration
+# description : OpenVPN-Bridge
+# navigation  : 6000 6750
+#
+#----------------------------------------------------------------------
+# copyright (C) 2008 Berteaud Daniel
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+# 
+#----------------------------------------------------------------------
+use strict;
+use esmith::FormMagick;
+use esmith::ConfigDB;
+use esmith::FormMagick::Panel::openvpnbridge;
+
+my $fm = esmith::FormMagick::Panel::openvpnbridge->new();
+my $q = $fm->{cgi};
+$fm->display();
+
+
+__DATA__
+
+<form
+    title="FORM_TITLE"
+    header="/etc/e-smith/web/common/head.tmpl"
+    footer="/etc/e-smith/web/common/foot.tmpl">
+
+    <page name="FIRST"
+        pre-event="print_status_message()">
+	<field
+            type="literal"
+            id="first_desc"
+            value="">
+            <description>DESC_FIRST_PAGE</description>
+        </field>
+
+        <field 
+            type="literal" 
+            id="current_status" 
+            display=""
+            value="get_status()">
+            <label>LABEL_STATUS</label>
+        </field>
+
+        <field 
+            type="literal" 
+            id="current_link_status" 
+            display=""
+            value="print_link_status()">
+            <label>LINK</label>
+        </field>
+        
+        <field 
+            type="literal" 
+            id="current_auth_type" 
+            display=""
+            value="get_auth_type()">
+            <label>LABEL_AUTH_TYPE</label>
+        </field>
+		
+        <field 
+            type="literal" 
+            id="current_ip_pool" 
+            display=""
+            value="get_ip_pool()">
+            <label>LABEL_IP_POOL</label>
+        </field>
+
+        <field 
+            type="literal" 
+            id="current_crt_status" 
+            display=""
+            value="print_crt_not_ready_warning()">
+            <label>LABEL_CRT_STATUS</label>
+        </field>
+
+        <field 
+            type="literal" 
+            id="current_hmac_status" 
+            display=""
+            value="get_hmac_status()">
+            <label>LABEL_HMAC</label>
+        </field>
+        <field 
+            type="literal" 
+            id="current_cipher_status" 
+            display=""
+            value="get_cipher_status()">
+            <label>LABEL_CIPHER</label>
+        </field>
+        
+        <subroutine src="print_section_bar()" />
+        <subroutine src="print_custom_button('DESC_RULE_BUTTON','RULES_PAGE')"/>
+        <subroutine src="print_custom_button('SHOW_SAMPLE_CONFIG','DISPLAY_CLIENT_CONF_PAGE')"/> 
+        <subroutine src="print_custom_button('DESC_SHOW_CLIENTS_BUTTON','SHOW_CLIENTS_PAGE')"/>
+        <subroutine src="print_section_bar()" />
+        <subroutine src="print_custom_button('DESC_CONFIG_BUTTON','CONFIG_PAGE')"/>
+        <subroutine src="print_custom_button('DESC_CRT_CONFIG_BUTTON','CRT_CONFIG_PAGE')" />
+
+    </page>
+
+    <page name="CONFIG_PAGE"
+        pre-event="print_status_message()"
+        post-event="apply_settings()">
+
+        <field
+            type="literal"
+            id="first_desc"
+            value="">
+            <description>DESC_CONFIG_PAGE</description>
+        </field>
+
+        <field type="select" 
+            id="status" 
+            options="'enabled' => 'ENABLED', 'disabled' => 'DISABLED'" 
+            value="get_prop('status')">
+            <label>LABEL_STATUS</label>
+            <description>DESC_STATUS</description>
+        </field>
+
+        <field type="select" 
+            id="auth_type"
+            options="'CrtOnly' => 'CRT_ONLY', 'CrtWithPass' => 'CRT_WITH_PASS'" 
+            value="get_prop('userAuth')">
+            <label>LABEL_AUTH_TYPE</label>
+           <description>DESC_AUTH_TYPE</description>
+        </field>
+
+        <field type="text"
+            id="start_pool"
+            value="get_prop('startPool')"
+            validation="ip_is_in_local_net, not_in_dhcp_range">
+            <label>LABEL_START_POOL</label>
+            <description>DESC_START_POOL</description>
+    	</field>
+
+        <field type="text"
+            id="end_pool"
+            value="get_prop('endPool')"
+            validation="ip_is_in_local_net, not_in_dhcp_range">
+            <label>LABEL_END_POOL</label>
+            <description>DESC_END_POOL</description>
+        </field>
+
+        <field type="select" id="hmac"  options="get_digests_options()" value="get_current_hmac()">
+            <description>DESC_HMAC</description>
+            <label>LABEL_HMAC</label>
+        </field>
+
+        <field type="select" id="cipher" options="get_ciphers_options()" value="get_current_cipher()">
+            <description>DESC_CIPHER</description>
+            <label>LABEL_CIPHER</label>
+        </field>
+
+
+        <subroutine src="print_button('SAVE')" />
+    </page>
+
+
+	// Règles
+	// Page d'accueil, liste des certificats
+    <page name="RULES_PAGE"
+        pre-event="print_status_message">
+
+        <field
+            type="literal"
+            id="desc_rules_page"
+            value="">
+            <description>DESC_RULES_PAGE</description>
+        </field>
+
+        <subroutine 
+            src="print_custom_button(
+                'DESC_ADD_RULE_BUTTON',
+                'CREATE_OR_MODIFY_RULE_PAGE'
+                )"
+        /> 
+
+        <field
+            type="literal"
+            id="desc_rules"
+            value="">
+            <description>DESC_RULES</description>
+        </field>
+
+        <subroutine src="print_rules()" />
+
+    </page>
+
+    // Ajout ou modif d'une règle
+    <page name="CREATE_OR_MODIFY_RULE_PAGE"
+        pre-event="turn_off_buttons()"
+        post-event="create_or_modify_rule()">
+
+        <field
+            type="literal"
+            id="desc_add_rule"
+            value="">
+            <description>DESC_ADD_OR_MODIFY_PAGE</description>
+        </field>
+
+        <subroutine src="print_common_name_field()" />
+
+        <field type="text"
+            id="comment">
+            <label>COMMENT</label>
+	    <description>DESC_COMMENT</description>
+    	</field>
+
+        <field type="text"
+            id="reserved_ip"
+            validation="ip_is_in_local_net_or_blank, not_in_dhcp_range">
+            <label>LABEL_RESERVED_IP</label>
+            <description>DESC_RESERVED_IP</description>
+        </field>
+
+        <field type="select" 
+            id="gw_redirection"
+            options="'enabled' => 'ENABLED', 'disabled' => 'DISABLED'" >
+            <label>LABEL_GW_REDIRECTION</label>
+            <description>DESC_GW_REDIRECTION</description>
+        </field>
+
+        <field type="select" 
+            id="access"
+            options="'allowed' => 'ALLOWED', 'denied' => 'DENIED'" >
+            <label>ACCESS</label>
+            <description>DESC_ACCESS</description>
+        </field>
+
+        <subroutine src="print_button('SAVE')"/>
+    </page>
+
+    // Révocation d'un certificat client
+    <page name="REMOVE_RULE_PAGE"
+        pre-event="turn_off_buttons()"
+        post-event="remove_rule()">
+
+        <field type="literal"
+            id="desc_remove_rule"
+            value="">
+            <description>DESC_REMOVE_PAGE</description>
+        </field>
+
+        <subroutine src="print_rule_to_remove()" />
+    </page>
+
+    // Display de la config
+    <page name="DISPLAY_CLIENT_CONF_PAGE">
+        <subroutine src="turn_off_buttons()" />
+
+        <field type="literal"
+            id="desc_create_client_conf"
+            value="">
+            <description>DESC_DISPLAY_CLIENT_CONF</description>
+        </field>
+        <subroutine src="print_client_config()" />
+    </page>
+
+    // Configuration initiale
+    // CA
+    <page name="CRT_CONFIG_PAGE"
+        pre-event="turn_off_buttons()"
+        post-event="write_pem()">
+
+        <field type="literal"
+            id="desc_initial_config"
+            value="">
+            <description>DESC_CRT_CONFIG_PAGE</description>
+	</field>
+
+	<field type="text"
+            id="crl_url"
+            size="60"
+            value="get_prop('CrlUrl')"
+            validation="is_url">
+            <label>LABEL_CRL_URL</label>
+            <description>DESC_CRL_URL</description>
+        </field>
+
+        <field type="textarea"
+            id="ca_pem"
+            rows="15"
+            cols="70"
+            value="read_pem('cacert.pem')">
+            <label>LABEL_CA_PEM</label>
+            <description>DESC_CA_PEM</description>
+        </field>
+
+        <field type="textarea"
+            id="crt_pem"
+            rows="15"
+            cols="70"
+            value="read_pem('cert.pem')">
+            <label>LABEL_CRT_PEM</label>
+            <description>DESC_CRT_PEM</description>
+        </field>
+
+        <field type="textarea"
+            id="key_pem"
+            rows="15"
+            cols="70"
+            value="read_pem('key.pem')">
+            <label>LABEL_KEY_PEM</label>
+            <description>DESC_KEY_PEM</description>
+        </field>
+
+        <field type="textarea"
+            id="dhpar_pem"
+            rows="15"
+            cols="70"
+            value="read_pem('dh.pem')">
+            <label>LABEL_DH_PEM</label>
+            <description>DESC_DH_PEM</description>
+        </field>
+
+        <field type="textarea"
+            id="ta_pem"
+            rows="15"
+            cols="70"
+            value="read_pem('takey.pem')">
+            <label>LABEL_TA_PEM</label>
+            <description>DESC_TA_PEM</description>
+        </field>
+
+        <subroutine src="print_button('SAVE')" />
+    </page>
+
+    // Clients connectés
+    <page name="SHOW_CLIENTS_PAGE"
+        pre-event="print_status_message()">
+        <description>DESC_CONNECTED_CLIENTS_PAGE</description>
+
+        <subroutine 
+            src="print_custom_button(
+                'REFRESH',
+                'SHOW_CLIENTS_PAGE'
+            )"
+        /> 
+        <subroutine src="print_clients_table()" />   
+    </page>
+
+    // Déconnecter un client
+    <page name="CLIENT_DISCONNECT_PAGE"		
+        pre-event="turn_off_buttons()"
+        post-event="disconnect_client()">
+
+        <field type="literal"
+            id="desc_client_disconnect"
+            value="">
+            <description>DESC_CLIENT_DISCONECT_PAGE</description>
+        </field>
+
+        <subroutine src="print_client_to_disconnect()" />
+    </page>
+</form>
+
--- a/root/etc/logrotate.d/openvpn-bridge
+++ b/root/etc/logrotate.d/openvpn-bridge
@ -0,0 +1,8 @@
+/var/log/openvpn-bridge/*.log{
+    monthly
+    rotate 6
+    compress
+    copytruncate
+    missingok
+}
+
--- a/root/etc/openvpn/ccd-bridge/.config
+++ b/root/etc/openvpn/ccd-bridge/.config
--- a/root/usr/lib/systemd/system/openvpn-bridge.service
+++ b/root/usr/lib/systemd/system/openvpn-bridge.service
@ -0,0 +1,27 @@
+[Unit]
+Description=OpenVPN Server to Server
+After=network.service
+After=bridge.service
+Requires=bridge.service
+
+[Service]
+Type=notify
+PrivateTmp=true
+WorkingDirectory=/etc/openvpn/bridge
+
+ExecStart=/usr/sbin/openvpn --status /var/log/openvpn-bridge/status.log --status-version 2 --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config /etc/openvpn/bridge/openvpn.conf --cd /etc/openvpn/bridge 
+
+PrivateTmp=true
+CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
+LimitNPROC=10
+DeviceAllow=/dev/null rw
+DeviceAllow=/dev/net/tun rw
+ProtectSystem=true
+ProtectHome=true
+KillMode=process
+RestartSec=5s
+Restart=on-failure
+
+[Install]
+WantedBy=sme-server.target
+
--- a/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpnbridge.pm
+++ b/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpnbridge.pm
@ -0,0 +1,990 @@
+#!/usr/bin/perl -w 
+
+package esmith::FormMagick::Panel::openvpnbridge;
+
+use strict;
+use warnings;
+use esmith::ConfigDB;
+use esmith::FormMagick;
+use esmith::cgi;
+use esmith::util;
+use Net::OpenVPN::Manage;
+use Net::IP;
+
+our @ISA = qw(esmith::FormMagick Exporter);
+
+our @EXPORT = qw(
+    get_prop
+    get_status
+    print_link_status
+    get_auth_type
+    get_ip_pool
+    print_crt_not_ready
+    print_client_config
+    print_downloads_links
+    download_file
+    print_custom_button
+    print_section_bar
+    write_pem
+    read_pem
+    disconnect_client
+    get_cipher_status
+    get_hmac_status
+    get_current_hmac
+    get_current_cipher
+    get_digests_options
+    get_ciphers_options
+);
+
+our $config_db = esmith::ConfigDB->open || die "Couldn't open ConfigDB\n";
+our $rules_db = esmith::ConfigDB->open('openvpn-bridge') || esmith::ConfigDB->create('openvpn-bridge');
+our $base_url = "?page=0&page_stack=&Next=Next&wherenext=";
+
+our $pubdir = '/etc/openvpn/bridge/pub';
+our $privdir = '/etc/openvpn/bridge/priv';
+
+*wherenext = \&CGI::FormMagick::wherenext;
+sub new {
+    shift;
+    my $fm = esmith::FormMagick->new();
+    $fm->{calling_package} = (caller)[0];
+    bless $fm;
+    return $fm;
+}
+
+# Retourne le paramètre demandé
+sub get_prop{
+    my ($fm, $prop, $default) = @_;
+    return $config_db->get_prop("openvpn-bridge", $prop) || $default;
+}
+
+# Retourne l'état du service
+sub get_status{
+    my ($fm) = @_;
+    my $status = get_prop('','status','disabled');
+    if ($status eq 'enabled'){
+        return $fm->localise('ENABLED');
+    }
+    else{
+        return $fm->localise('DISABLED');
+    }
+}
+
+# Retourne le mode d'authentification
+sub get_auth_type{
+    my ($fm) = @_;
+    my $auth_type = get_prop('','userAuth');
+    if ($auth_type eq 'CrtOnly'){
+        return $fm->localise('CRT_ONLY');
+    }
+    elsif ($auth_type eq 'CrtWithPass'){
+        return $fm->localise('CRT_WITH_PASS');
+    }
+    else{
+        return $fm->localise('BAD_VALUE');
+    }	
+}
+
+# Retourne la plage d'adresses
+sub get_ip_pool{
+    my ($fm) = @_;
+    my $start = get_prop('','startPool') || "x.x.x.x";
+    my $end = get_prop('','endPool') || "x.x.x.x";
+    return "$start - $end";
+}
+
+# Inscrit les valeurs de la configuration dans la db
+sub apply_settings{
+    my $fm = shift;
+    my $q = $fm->{'cgi'};
+
+    $config_db->set_prop('openvpn-bridge', 'status', $q->param("status"));
+    $config_db->set_prop('openvpn-bridge', 'userAuth', $q->param("auth_type"));
+    $config_db->set_prop('openvpn-bridge', 'startPool', $q->param("start_pool"));
+    $config_db->set_prop('openvpn-bridge', 'endPool', $q->param("end_pool"));
+    if ($q->param("hmac") eq 'SHA1') {
+        my $tmpk = $config_db->get('openvpn-bridge');
+        $tmpk->delete_prop('HMAC');
+    }
+    else {
+        $config_db->set_prop('openvpn-bridge', 'HMAC', $q->param("hmac"));
+    }
+    if ($q->param("cipher") eq 'BF-CBC') {
+        my $tmpk = $config_db->get('openvpn-bridge');
+        $tmpk->delete_prop('Cipher');
+    }
+    else {
+	$config_db->set_prop('openvpn-bridge', 'Cipher', $q->param("cipher"));
+    }
+
+    unless ( system ("/sbin/e-smith/signal-event", "openvpn-bridge-update") == 0 ){
+        return $fm->error('ERROR_OCCURED', 'FIRST');;
+    }
+
+    return $fm->success('SUCCESS','FIRST');
+}
+
+#status global du lien
+sub print_link_status{
+    my $fm = shift;
+    my $q = $fm->{cgi};
+    my $common_name = $fm->localise('COMMON_NAME');
+    my $real_ip = $fm->localise('REAL_IP');
+    my $virtual_ip      = $fm->localise('VIRTUAL_IP');
+    my $sent      = $fm->localise('SENT');
+    my $received     = $fm->localise('RECEIVED');
+    my $connected_since    = $fm->localise('CONNECTED_SINCE');
+    my $disconnect    = $fm->localise('DISCONNECT');
+
+    # test status db
+    return get_status($fm) if  get_status($fm) eq $fm->localise('DISABLED');
+    # test systemd
+    my $act = `/usr/bin/systemctl is-active openvpn-bridge.service`;
+    chomp $act;
+    return "<span style='color:red'>" . $fm->localise('SYSTEMD_RETURNED') . " $act </span>"  unless $act eq "active";
+
+    # On récupère les paramètre et on les parse
+    my $param = get_prop('',"management");
+    my @param = split(/:/,$param);
+    my $host = $param[0];
+    my $port = $param[1];
+    my $pass = $param[2];
+
+    # On cré l'objet vpn
+    my $vpn = Net::OpenVPN::Manage->new({
+        host => $host,
+        port => $port,
+        password => $pass,
+        timeout => 3
+    });
+
+    # On se connecte ou on retourne le message d'erreur
+    unless($vpn->connect()){
+        print  "<span style='color:red'>" . $fm->localise('ERROR_CONNECT_TO_MANAGER'). "</span>";
+        return "";
+    }
+    my $r = $vpn->status_ref();
+    return  "<span style='color:green'>" . $fm->localise('UP') ."</span>"  if $r->{TITLE};
+    return  "<span style='color:red'>" . $fm->localise('ERROR') ."</span>";
+}
+
+
+# Affiche les connexions en cours
+sub print_clients_table{
+    my $fm = shift;
+    my $q = $fm->{cgi};
+    my $common_name = $fm->localise('COMMON_NAME');
+    my $real_ip = $fm->localise('REAL_IP');
+    my $virtual_ip      = $fm->localise('VIRTUAL_IP');
+    my $sent      = $fm->localise('SENT');
+    my $received     = $fm->localise('RECEIVED');
+    my $connected_since    = $fm->localise('CONNECTED_SINCE');
+    my $disconnect    = $fm->localise('DISCONNECT');
+
+    # On récupère les paramètre et on les parse
+    my $param = get_prop('',"management");
+    my @param = split(/:/,$param);
+    my $host = $param[0];
+    my $port = $param[1];
+    my $pass = $param[2];
+
+    # On cré l'objet vpn
+    my $vpn = Net::OpenVPN::Manage->new({
+        host => $host,
+        port => $port,
+        password => $pass,
+        timeout => 3
+    });
+	
+    # On se connecte ou on retourne le message d'erreur
+    unless($vpn->connect()){
+        print $q->Tr($q->td($fm->localise('ERROR_CONNECT_TO_MANAGER')));
+        return "";
+    }
+    my $r = $vpn->status_ref();
+
+    my %virtIP;
+    my %realIP;
+    my %remotePort;
+    my %sentBytes;
+    my %receivedBytes;
+    my %connectedSince;
+    my @commonNames;
+    my $count = 0;
+
+    foreach( @{$r->{CLIENT_LIST}} ){
+    	my $CN = $$_[0];
+        unshift (@commonNames,$CN);
+        $virtIP{$_} = $$_[1];
+        my @ipPort = split (/:/,$$_[1]);
+        $realIP{$CN} = $ipPort[0];
+        $remotePort{$CN} = $ipPort[1];
+        $virtIP{$CN} = $$_[2];
+        $receivedBytes{$CN} = $$_[3]/1048576;
+        $receivedBytes{$CN} = sprintf("%.2f", $receivedBytes{$CN});
+        $sentBytes{$CN} = $$_[4]/1048576;
+        $sentBytes{$CN} = sprintf("%.2f", $sentBytes{$CN});
+        $connectedSince{$CN} = $$_[5];
+    }
+	
+    # Si @commonName est vide, il n'y a aucun client connecté
+    unless ( scalar @commonNames ){
+        print $q->Tr($q->td($fm->localise('NO_CLIENTS_CONNECTED')));
+        return "";
+    }
+	
+    print $q->start_table({-CLASS => "sme-border"}),"\n";
+    print $q->Tr (
+            esmith::cgi::genSmallCell($q, $common_name,"header"),
+            esmith::cgi::genSmallCell($q, $real_ip,"header"),
+            esmith::cgi::genSmallCell($q, $virtual_ip,"header"),
+            esmith::cgi::genSmallCell($q, $sent,"header"),
+            esmith::cgi::genSmallCell($q, $received,"header"),
+            esmith::cgi::genSmallCell($q, $connected_since,"header"),
+            esmith::cgi::genSmallCell($q, $disconnect,"header", 3)),"\n";
+	
+    foreach my $cn (@commonNames){
+        print $q->Tr (esmith::cgi::genSmallCell($q,"$cn"),
+            esmith::cgi::genSmallCell($q,"$realIP{$cn} ($remotePort{$cn})"),
+            esmith::cgi::genSmallCell ($q, "$virtIP{$cn}"),
+            esmith::cgi::genSmallCell ($q, "$sentBytes{$cn}".' MB'),
+            esmith::cgi::genSmallCell ($q, "$receivedBytes{$cn}".' MB'),
+            esmith::cgi::genSmallCell ($q, "$connectedSince{$cn}"),
+            esmith::cgi::genSmallCell ($q, $q->a ({href => $q->url (-absolute => 1).
+                                $base_url."CLIENT_DISCONNECT_PAGE&common_name=".
+         			$cn}, $disconnect)));
+	
+    }
+    print $q->end_table,"\n";
+    return "";
+}
+
+# Retourne la liste des règles
+sub print_rules{
+    my $fm = shift;
+    my $q = $fm->{cgi};
+
+    my @rules = $rules_db->get_all_by_prop(type => 'rule');
+
+    unless (@rules){
+        print $q->Tr($q->td($fm->localise('NO_RULE')));
+        return "";
+    }
+
+    print $q->start_table({-CLASS => "sme-border"}),"\n";
+    print $q->Tr (
+        esmith::cgi::genSmallCell(
+            $q, $fm->localise('COMMON_NAME'),"header"),
+        esmith::cgi::genSmallCell(
+            $q, $fm->localise('IP_ADDRESS'),"header"),
+        esmith::cgi::genSmallCell(
+            $q, $fm->localise('COMMENT'),"header"),
+        esmith::cgi::genSmallCell(
+            $q, $fm->localise('GATEWAY_REDIRECTION'),"header"),
+        esmith::cgi::genSmallCell(
+            $q, $fm->localise('ACCESS'),"header"),
+        esmith::cgi::genSmallCell(
+            $q, $fm->localise('MODIFY'),"header"),
+        esmith::cgi::genSmallCell(
+            $q, $fm->localise('REMOVE'),"header")
+     ),"\n";
+		
+	
+    foreach (@rules){
+
+        my $rule = $_->key;
+        my $rec_rule = $rules_db->get("$rule");
+
+        my $ip = $rec_rule->prop("ip") || $fm->localise('DYNAMIC');
+        my $gw = $rec_rule->prop("redirectGW") || 'disabled';
+        my $access = $rec_rule->prop("access") || 'allowed';
+        $gw = ( $gw eq 'enabled') 
+            ? $fm->localise('ENABLED')
+            : $fm->localise('DISABLED');
+        $access = ( $access eq 'allowed') 
+            ? $fm->localise('ALLOWED')
+            : $fm->localise('DENIED');
+        print $q->Tr (esmith::cgi::genSmallCell($q,"$rule"),
+            esmith::cgi::genSmallCell($q,"$ip"),
+            esmith::cgi::genSmallCell($q,$rec_rule->prop("comment")),
+            esmith::cgi::genSmallCell($q,$gw),
+            esmith::cgi::genSmallCell($q,$access),
+            esmith::cgi::genSmallCell ($q,
+                $q->a ({href => $q->url (-absolute => 1).
+                $base_url."CREATE_OR_MODIFY_RULE_PAGE&action=modify&common_name=".$rule}, $fm->localise('MODIFY'))),
+            esmith::cgi::genSmallCell ($q,
+                $q->a ({href => $q->url (-absolute => 1).
+                $base_url."REMOVE_RULE_PAGE&common_name=".$rule}, $fm->localise('REMOVE'))));
+    }
+    print $q->end_table,"\n";
+    return "";
+}
+
+# Ajouter ou modifier une règle
+sub create_or_modify_rule{
+    my ($fm) = @_;
+    my $q = $fm->{cgi};
+    my $rule = $q->param('common_name');
+    my $comment = $q->param('comment');
+    my $ip = $q->param('reserved_ip');
+    my $gw_redirection = $q->param('gw_redirection');
+    my $access = $q->param('access');
+    my $action = $q->param('action');
+
+    if ($action eq 'create'){
+        if ($rules_db->get($rule)){
+            $fm->error('CN_CONFLICT','RULES_PAGE');
+            return undef;
+        }
+        my $msg = $fm->validate_common_name($rule);
+        unless ($msg eq "OK"){
+            return $fm->error($msg,'RULES_PAGE');
+        }
+        else{
+            $rules_db->new_record(
+                $rule,{
+                    comment   => $comment,
+                    ip => $ip,
+                    redirectGW => $gw_redirection,
+                    access => $access,
+                    type   => 'rule',
+                }
+            );
+        }
+
+        $fm->success('SUCCESS','RULES_PAGE');
+    }
+    elsif ($action eq 'modify'){
+        my $rec_rule = $rules_db->get($rule);
+        $rec_rule->set_prop('comment',$comment);
+        $rec_rule->set_prop('ip',$ip);
+        $rec_rule->set_prop('redirectGW',$gw_redirection);
+        $rec_rule->set_prop('access',$access);
+    }
+    unless ( system ("/sbin/e-smith/signal-event", "openvpn-bridge-reload-ccd") == 0 ){
+        $fm->error('ERROR_OCCURED','RULES_PAGE');
+        return undef;
+    }
+    $fm->success('SUCCESS','RULES_PAGE');		
+}
+
+# Afficher le champ Nom Commun
+sub print_common_name_field {
+    my $fm = shift;
+    my $q = $fm->{cgi};
+    my $rule = $fm->{cgi}->param('common_name') || '';
+    my $action = $fm->{cgi}->param('action') || '';
+    print qq(<tr><td colspan="2">) . $fm->localise('DESC_COMMON_NAME').qq(</td></tr>);
+    print qq(<tr><td class="sme-noborders-label">) . 
+    $fm->localise('COMMON_NAME') . qq(</td>\n);
+    if ($action eq 'modify' and $rule) {
+        print qq(
+            <td class="sme-noborders-content">$rule 
+            <input type="hidden" name="name" value="$rule">
+            <input type="hidden" name="action" value="modify">
+            </td>
+        );
+
+        my $rec_rule = $rules_db->get($rule);
+        if ($rec_rule){
+            $q->param(-name=>'comment',-value=>
+                $rec_rule->prop('comment'));
+            $q->param(-name=>'reserved_ip',-value=>
+                $rec_rule->prop('ip'));
+            $q->param(-name=>'gw_redirection',-value=>
+                $rec_rule->prop('redirectGW'));
+			$q->param(-name=>'access',-value=>
+                $rec_rule->prop('access'));
+        }
+    }
+    else {
+        print qq(
+            <td><input type="text" name="common_name" value="$rule">
+            <input type="hidden" name="action" value="create">
+            </td>
+        );
+    }
+
+    print qq(</tr>\n);
+    return undef;
+}
+
+
+sub print_rule_to_remove{
+    my ($fm) = @_;
+    my $q = $fm->{cgi};
+    my $rule = $q->param('common_name');
+    my $rec_rule = $rules_db->get($rule);
+    my $comment = $rec_rule->prop('comment');
+
+    print $q->Tr(
+            $q->td(
+                { -class => 'sme-noborders-label' },
+                $fm->localise('COMMON_NAME')
+            ),
+            $q->td( { -class => 'sme-noborders-content' }, $rule )
+          ),
+          "\n";
+    print $q->Tr(
+            $q->td(
+                { -class => 'sme-noborders-label' },
+                $fm->localise('COMMENT')
+            ),
+            $q->td( { -class => 'sme-noborders-content' }, $comment )
+          ),
+          "\n";
+
+    print $q->table(
+        { -width => '100%' },
+        $q->Tr(
+            $q->th(
+                { -class => 'sme-layout' },
+                $q->submit(
+                    -name  => 'cancel',
+                    -value => $fm->localise('CANCEL')
+                ),
+                ' ',
+                $q->submit(
+                    -name  => 'remove',
+                    -value => $fm->localise('REMOVE')
+                )
+            )
+        )
+      ),
+      "\n";
+
+    # Clear these values to prevent collisions when the page reloads.
+    $q->delete("cancel");
+    $q->delete("remove");
+
+    return undef;
+}
+
+sub print_client_to_disconnect{
+    my ($fm) = @_;
+    my $q = $fm->{cgi};
+    my $cn = $q->param('common_name');
+
+    print $q->Tr(
+           $q->td(
+               { -class => 'sme-noborders-label' },
+               $fm->localise('COMMON_NAME')
+            ),
+            $q->td( { -class => 'sme-noborders-content' }, $cn )
+          ),
+          "\n";
+	
+    print $q->table(
+              { -width => '100%' },
+              $q->Tr(
+                  $q->th(
+                      { -class => 'sme-layout' },
+                      $q->submit(
+                         -name  => 'cancel',
+                         -value => $fm->localise('CANCEL')
+                      ),
+                      ' ',
+                      $q->submit(
+                         -name  => 'disconnect',
+                         -value => $fm->localise('DISCONNECT')
+                      )
+                  )
+              )
+          ),
+          "\n";
+
+    # Clear these values to prevent collisions when the page reloads.
+    $q->delete("cancel");
+    $q->delete("disconnect");
+
+    return undef;
+}
+
+sub disconnect_client{
+    my ($fm) = @_;
+    my $q = $fm->{cgi};
+    my $cn = $q->param('common_name');
+    # On récupère les paramètre et on les parse
+    my $param = get_prop('',"management");
+    my @param = split(/:/,$param);
+    my $host = $param[0];
+    my $port = $param[1];
+    my $pass = $param[2];
+    my $vpn = Net::OpenVPN::Manage->new({
+        host => $host,
+        port => $port,
+        password => $pass,
+        timeout => 3
+    });
+    unless($q->param('cancel')){
+        unless($vpn->connect()){
+            $fm->error('ERROR_CONNECT_TO_MANAGER','SHOW_CLIENTS_PAGE');
+            return undef;
+        }
+        unless($vpn->kill($cn)){
+            $fm->error('ERROR_CONNECT_TO_MANAGER','SHOW_CLIENTS_PAGE');
+            return undef;
+        }
+        $fm->success('CLIENT_DISCONNECTED','SHOW_CLIENTS_PAGE');
+        return undef;
+    }
+    $fm->error('CANCELED','SHOW_CLIENTS_PAGE');
+    return undef;
+}
+
+sub print_crt_not_ready_warning{
+    my ($fm) = @_;
+
+    # First, check the service "bridge" is running
+    my $bridge = $config_db->get_prop('bridge', 'status') || 'disabled';
+
+    unless ($bridge eq 'enabled'){
+        return $fm->localise('BRIDGE_NOT_ENABLED');
+    }
+
+    # If any of the required files is missing or empty
+    # Warn the user	
+    if (
+        (( -z "$pubdir/cacert.pem" ) || ( ! -e "$pubdir/cacert.pem" )) ||
+        (( -z "$pubdir/cert.pem") || ( ! -e "$pubdir/cert.pem" )) ||
+        (( -z "$privdir/key.pem") || ( ! -e "$privdir/key.pem" )) ||
+        (( -z "$pubdir/cacrl.pem") || ( ! -e "$pubdir/cacrl.pem" )) ||
+        (( -z "$pubdir/dh.pem") || ( ! -e "$pubdir/dh.pem" ))
+        ){
+
+        return $fm->localise('CRT_CONFIG_ERROR');
+    }
+    return $fm->localise('CRT_CONFIG_OK');
+}
+
+sub print_client_config{
+    my ($fm) = @_;
+    my $q = $fm->{cgi};
+    my $proto = get_prop('','proto','udp');
+    $proto = 'tcp-client' if ($proto eq 'tcp');
+    my $port = ($proto eq 'udp' ? (get_prop('','UDPPort','1194')):(get_prop('','TCPPort','1194')));
+    my $mtutest = get_prop('','mtuTest','enabled');
+    my $fragment = get_prop('','fragment','');
+    my $tunmtu = get_prop('','tunMtu','');
+    my $cipher = get_prop('','Cipher','');
+    my $hmac = get_prop('','HMAC','');
+    if ($proto eq 'tcp'){
+        $mtutest = 'disabled';
+        $fragment = '';
+    }
+    my $fic = '';
+
+    $fic .= "rport $port\n";
+    $fic .= "proto $proto\n";
+    $fic .= "dev tap\n";
+    $fic .= "nobind\n";
+    $fic .= "# Uncomment the following line if your system\n# support passtos (not supported on Windows)\n";
+    $fic .= "# passtos\n";
+    $fic .= "remote ".$config_db->get('SystemName')->value.".".$config_db->get('DomainName')->value."\n\n";
+    $fic .= "tls-client\n";
+    $fic .= "tls-auth takey.pem 1\n"
+        if (( -e "$privdir/takey.pem")&&( !-z "$privdir/takey.pem"));
+    $fic .= "ns-cert-type server\n\n";
+    $fic .= "cipher $cipher\n" if (($cipher ne '') && ($cipher ne 'auto'));
+    $fic .= "auth $hmac\n" if (($hmac ne '') && ($hmac ne 'auto'));
+    $fic .= "\n";
+    $fic .= (get_prop('','userAuth','CrtWithPass') eq 'CrtWithPass' ? "auth-user-pass\n\n" : "\n");
+    $fic .= "\n";
+    if ($mtutest eq 'enabled'){
+        $fic .= "mtu-test\n";
+    }
+    elsif (($mtutest eq 'disabled')){
+        if ($tunmtu ne ''){
+            $fic .= "tun-mtu $tunmtu\n";
+        }
+        if (($proto eq 'udp') && ($fragment ne '')){
+            $fic .= "fragment $fragment\nmssfix\n";
+        }
+    }
+    $fic .= "comp-lzo\n";
+    $fic .= "pull\n";
+    $fic .= "\n";
+    $fic .= "# Uncomment and replace user.p12 \n# with the certificate bundle in PKCS12 format\n";
+    $fic .= "#pkcs12 user.p12\n\n";
+    $fic .= "# You can replace the pkcs12\n# directive with the old ones\n";
+    $fic .= "#ca cacert.pem\n#cert user.pem\n#key user-key.pem\n\n";
+    $fic .= "# Alternatively you can paste your cert and private key here:\n";
+    #infile file support
+    $fic .= "# client certificate - uncomment and paste between delimiters \n";
+    $fic .= "#<cert>\n";
+    $fic .= "#</cert>\n";
+    $fic .= "# client private key - uncomment and paste between delimiters\n";
+    $fic .= "#<key>\n";
+    $fic .= "#</key>\n";
+    $fic .= "\n";
+    $fic .= "# CA certificate\n";
+    $fic .= "<ca>\n";
+    $fic .= read_pem($fm,'cacert.pem')."\n";
+    $fic .= "</ca>\n";
+    if (( -e "$privdir/takey.pem")&&( !-z "$privdir/takey.pem")) {
+      $fic .= "\n# Shared TLS key\n";
+      $fic .= "<tls-auth>\n";
+      $fic .= read_pem($fm,'takey.pem')."\n";
+      $fic .= "</tls-auth>\n";
+    }
+
+
+    print(esmith::cgi::genTextRow($q, 
+        $q->textarea (
+            -name => "config_file",
+            -override => 1,
+            -default  => $fic,
+            -rows     => 30,
+            -columns  => 100)
+        )
+    );
+	return "";
+}
+
+
+sub remove_rule{
+    my ($fm) = @_;
+    my $q = $fm->{cgi};
+    my $rule = $q->param('common_name');
+    unless($q->param("cancel")){
+        unless ($rules_db->get($rule)->delete()){
+            $fm->error('ERROR_OCCURED','RULES_PAGE');
+            return undef;
+        }
+        unless (system ("/sbin/e-smith/signal-event", "openvpn-bridge-reload-ccd") == 0 ){
+            $fm->error('ERROR_OCCURED','RULES_PAGE');
+            return undef;
+        }
+        $fm->success('SUCCESS','RULES_PAGE');
+        return undef;
+    }
+    $fm->error('CANCELED','RULES_PAGE');
+    return undef;
+}
+
+sub print_custom_button{
+    my ($fm,$desc,$url) = @_;
+    my $q = $fm->{cgi};
+    $url="openvpnbridge?page=0&page_stack=&Next=Next&wherenext=".$url;
+
+    print "  <tr>\n    <td colspan='2'>\n";
+    print $q->p($q->a({href => $url, -class => "button-like"},
+            $fm->localise($desc)));
+    print qq(</tr>\n);
+    return undef;
+}
+
+sub print_section_bar{
+    my ($fm) = @_;
+    print "  <tr>\n    <td colspan='2'>\n";
+    print "<hr class=\"sectionbar\"/>\n";
+    return undef;
+}
+
+sub read_pem{
+    my ($fm,$pem) = @_;
+    my $q = $fm->{cgi};
+    my $dir = '';
+    my $ret;
+    if (($pem eq 'cacert.pem') || ($pem eq 'cert.pem') || ($pem eq 'dh.pem')){
+        $dir = $pubdir;
+    }
+    elsif (($pem eq 'key.pem') || ($pem eq 'takey.pem')){
+        $dir = $privdir;
+    }
+
+    if (! open (PEM, "<$dir/$pem")){
+        $fm->error('ERROR_OPEN_PEM','FIRST');
+        # Tell the user something bad has happened
+        return;
+    }
+    while (<PEM>){
+        $ret .= $_;
+    }
+    close PEM;
+
+    return $ret;
+}
+
+sub write_pem{
+    my ($fm) = @_;
+    my $q = $fm->{cgi};
+
+    my $ca  = $q->param('ca_pem');
+    my $crt = $q->param('crt_pem');
+    my $key = $q->param('key_pem');
+    my $dh = $q->param('dhpar_pem');
+    my $ta = $q->param('ta_pem');
+
+    $config_db->set_prop('openvpn-bridge', 'CrlUrl', $q->param('crl_url'));
+
+    if (! open (CA, ">$pubdir/cacert.pem")){
+        $fm->error('ERROR_OPEN_CA','FIRST');
+        # Tell the user something bad has happened
+        return;
+    }
+    print CA $ca;
+    close CA;
+
+    if (! open (CRT, ">$pubdir/cert.pem")){
+        $fm->error('ERROR_OPEN_CRT','FIRST');
+        # Tell the user something bad has happened
+        return;
+    }
+    print CRT $crt;
+    close CRT;
+
+    if (! open (KEY, ">$privdir/key.pem")){
+        $fm->error('ERROR_OPEN_KEY','FIRST');
+        # Tell the user something bad has happened
+        return;
+    }
+    print KEY $key;
+    close KEY;
+    chmod(0600, "$privdir/key.pem" );
+    esmith::util::chownFile("root", "root","$privdir/key.pem" );
+    if (! open (DH, ">$pubdir/dh.pem")){
+        $fm->error('ERROR_OPEN_DH','FIRST');
+        # Tell the user something bad has happened
+        return;
+    }
+    print DH $dh;
+    close DH;
+
+    if (! open (TA, ">$privdir/takey.pem")){
+        $fm->error('ERROR_OPEN_TA','FIRST');
+        # Tell the user something bad has happened
+        return;
+    }
+    print TA $ta;
+    close TA;
+    chmod(0600, "$privdir/takey.pem" );
+    esmith::util::chownFile("root", "root","$privdir/takey.pem" );
+
+    # Restrict permissions on sensitive data
+    esmith::util::chownFile("root", "root","$privdir");
+    esmith::util::chownFile("root", "root","$pubdir");
+    chmod 0700, "$privdir";
+    chmod 0755, "$pubdir";
+
+    unless(system("/sbin/e-smith/signal-event openvpn-bridge-update") == 0){
+        $fm->error('ERROR_OCCURED','RULES_PAGE');
+        return undef;
+    }
+    $fm->success('SUCCESS','FIRST');
+    return undef;
+}
+
+
+# Validations
+
+sub is_ip{
+    my ($fm,$ip) = @_;
+    return CGI::FormMagick::Validator::ip_number($fm, $ip);
+}
+
+sub ip_is_in_local_net {
+    my ($fm,$ip) = @_;
+
+    unless(is_ip($fm, $ip) eq 'OK'){
+        return $fm->localise('NOT_A_VALID_IP',{ip => $ip});
+    }
+
+    my $local_ip = $config_db->get('LocalIP')->value();
+    my $local_netmask = $config_db->get('LocalNetmask')->value;
+    my ($local_network, $local_broadcast) = 
+        esmith::util::computeNetworkAndBroadcast( $local_ip, $local_netmask );
+
+    my ($ip_network,$ip_broadcast) =
+        esmith::util::computeNetworkAndBroadcast($ip, $local_netmask);
+
+    if ($ip_network ne $local_network){
+        return $fm->localise('NOT_IN_LOCAL_NET',{ip => $ip});
+    }
+    return "OK";
+}
+
+sub ip_is_in_local_net_or_blank {
+    my ($fm,$ip) = @_;
+
+    if ($ip eq ''){
+        return 'OK';
+    }
+    return ip_is_in_local_net ($fm,$ip);
+}
+
+sub end_is_after_start{
+    my ($fm,$end) = @_;
+    my $start = $fm->{cgi}->param('start_pool');
+    my $start_ip = new Net::IP($start);
+    my $end_ip = new Net::IP($end);
+    unless ($end_ip->bincomp('gt',$start_ip)){
+        return $fm->localise('START_AFTER_END');
+    }
+    return 'OK';
+}
+
+sub not_in_dhcp_range
+{
+    my $fm = shift;
+    my $address = shift;
+    my $status = $config_db->get('dhcpd')->prop('status') || "disabled";
+    return "OK" unless $status eq "enabled";
+    my $start = $config_db->get('dhcpd')->prop('start');
+    my $end = $config_db->get('dhcpd')->prop('end');
+    if (esmith::util::IPquadToAddr($start)
+        <= esmith::util::IPquadToAddr($address)
+        &&
+        esmith::util::IPquadToAddr($address)
+        <= esmith::util::IPquadToAddr($end)){
+        return $fm->localise("ADDR_IN_DHCP_RANGE",{ip => $address});
+    }
+    else{  
+        return "OK";
+    }
+}
+
+sub validate_common_name
+{
+    my ($fm, $common_name) = @_;
+
+    unless ($common_name =~ /^([a-zA-Z0-9][\_\.\-a-zA-Z0-9]*)$/){
+        return $fm->localise('INVALID_CHARS',{string => $common_name});
+    }
+    return "OK";
+}
+
+sub is_url
+{
+   my ($fm, $url) = @_;
+
+   unless ($url =~ /^(http:\/\/)|(https:\/\/)/){
+        return $fm->localise('NOT_A_VALID_URL',{string => $url});
+   }
+    return "OK";
+}
+
+###### those could almost be copy paste for bridge and s2s
+##
+=head2 get_hmac_status
+
+=cut
+sub get_hmac_status{
+    my ($fm) = @_;
+    my $hmac   = get_current_hmac();
+    $hmac= "<span style='color:red'>". $fm->localise('CHANGEME_INSECURE'). ": $hmac</span> " unless ($hmac eq "whirlpool" || $hmac =~ /(512|256|384|224)$/);
+    return $hmac;
+}
+
+=head2 get_cipher_status
+list obtained using
+openvpn --show-digests | egrep 'digest size' | awk {'print "'\''" $1 "'\'' => '\''" $1 "'\''," '}
+=cut
+sub get_cipher_status{
+    my ($fm) = @_;
+    my $cipher  = get_current_cipher();
+    $cipher = "<span style='color:red'>". $fm->localise('CHANGEME_INSECURE'). ": $cipher</span> " unless ($cipher =~ /(128|192|256|512|SEED)/ );
+    return $cipher;
+}
+
+=head2 get_current_hmac
+
+=cut
+sub get_current_hmac{
+    my ($self) = @_;
+    my $cvpn= $config_db->get('openvpn-bridge') or return "SHA256" ;
+    return "SHA1" unless defined $cvpn->prop('HMAC');
+    return $cvpn->prop('HMAC') ;
+}
+
+=head2 get_current_cipher
+list obtained using
+openvpn --show-digests | egrep 'digest size' | awk {'print "'\''" $1 "'\'' => '\''" $1 "'\''," '}
+=cut
+sub get_current_cipher{
+    my ($self) = @_;
+    my $cvpn= $config_db->get('openvpn-bridge') or return "AES-128-CBC";
+    return "BF-CBC" unless defined $cvpn->prop('Cipher');
+    return $cvpn->prop('Cipher') ;
+}
+
+
+=head2 get_digests_options 
+
+=cut
+sub get_digests_options{
+   my ($self) = @_;
+   my $translate = $self->localise('DEFAULT');
+   my $suggested = $self->localise('SUGGESTED');
+   my %options= (
+        'whirlpool' => 'whirlpool (512)',
+        'SHA512' => 'SHA512',
+        'SHA384' => 'SHA384',
+        'SHA256' => 'SHA256' . ": $suggested",
+        'SHA224' => 'SHA224',
+        'SHA1' => 'SHA1 (160)' . ": $translate",
+        'SHA' => 'SHA (160)',
+        'ecdsa-with-SHA1' => 'ecdsa-with-SHA1 (160)',
+        'RIPEMD160' => 'RIPEMD160',
+        'MD5' => 'MD5 (128)',
+        'MD4' => 'MD4 (128)',
+        );
+   return \%options;
+}
+
+
+=head2 get_ciphers_options 
+list obtained using
+openvpn --show-ciphers | egrep '^[A-Z]{2}' |  sed 's/ by//; s/ default//; s/block,/block/; s/)// ' | awk {'print "    '\''" $1 "'\'' => '\''" $1 $2 " " $4 " "  $5 " "  $7")'\''," '}
+then reduced to remove most of insecure ciphers
+Using a CBC or GCM mode is recommended.
+In static key mode only CBC mode is allowed.
+
+=cut
+sub get_ciphers_options{
+   my ($self) = @_;
+   my $translate = $self->localise('DEFAULT');
+   my $suggested = $self->localise('SUGGESTED');
+   my %options= (
+    'AES-128-CBC' => 'AES-128-CBC (128 key, 128 block)'.": $suggested",
+    'AES-128-CFB' => 'AES-128-CFB (128 key, 128 block)',
+    'AES-128-CFB1' => 'AES-128-CFB1 (128 key, 128 block)',
+    'AES-128-CFB8' => 'AES-128-CFB8 (128 key, 128 block)',
+    'AES-128-GCM' => 'AES-128-GCM (128 key, 128 block)',
+    'AES-128-OFB' => 'AES-128-OFB (128 key, 128 block)',
+    'AES-192-CBC' => 'AES-192-CBC (192 key, 128 block)',
+    'AES-192-CFB' => 'AES-192-CFB (192 key, 128 block)',
+    'AES-192-CFB1' => 'AES-192-CFB1 (192 key, 128 block)',
+    'AES-192-CFB8' => 'AES-192-CFB8 (192 key, 128 block)',
+    'AES-192-GCM' => 'AES-192-GCM (192 key, 128 block)',
+    'AES-192-OFB' => 'AES-192-OFB (192 key, 128 block)',
+    'AES-256-CBC' => 'AES-256-CBC (256 key, 128 block)',
+    'AES-256-CFB' => 'AES-256-CFB (256 key, 128 block)',
+    'AES-256-CFB1' => 'AES-256-CFB1 (256 key, 128 block)',
+    'AES-256-CFB8' => 'AES-256-CFB8 (256 key, 128 block)',
+    'AES-256-GCM' => 'AES-256-GCM (256 key, 128 block)',
+    'AES-256-OFB' => 'AES-256-OFB (256 key, 128 block)',
+    'CAMELLIA-128-CBC' => 'CAMELLIA-128-CBC (128 key, 128 block)',
+    'CAMELLIA-128-CFB' => 'CAMELLIA-128-CFB (128 key, 128 block)',
+    'CAMELLIA-128-CFB1' => 'CAMELLIA-128-CFB1 (128 key, 128 block)',
+    'CAMELLIA-128-CFB8' => 'CAMELLIA-128-CFB8 (128 key, 128 block)',
+    'CAMELLIA-128-OFB' => 'CAMELLIA-128-OFB (128 key, 128 block)',
+    'CAMELLIA-192-CBC' => 'CAMELLIA-192-CBC (192 key, 128 block)',
+    'CAMELLIA-192-CFB' => 'CAMELLIA-192-CFB (192 key, 128 block)',
+    'CAMELLIA-192-CFB1' => 'CAMELLIA-192-CFB1 (192 key, 128 block)',
+    'CAMELLIA-192-CFB8' => 'CAMELLIA-192-CFB8 (192 key, 128 block)',
+    'CAMELLIA-192-OFB' => 'CAMELLIA-192-OFB (192 key, 128 block)',
+    'CAMELLIA-256-CBC' => 'CAMELLIA-256-CBC (256 key, 128 block)',
+    'CAMELLIA-256-CFB' => 'CAMELLIA-256-CFB (256 key, 128 block)',
+    'CAMELLIA-256-CFB1' => 'CAMELLIA-256-CFB1 (256 key, 128 block)',
+    'CAMELLIA-256-CFB8' => 'CAMELLIA-256-CFB8 (256 key, 128 block)',
+    'CAMELLIA-256-OFB' => 'CAMELLIA-256-OFB (256 key, 128 block)',
+    'SEED-CBC' => 'SEED-CBC (128 key, 128 block)',
+    'SEED-CFB' => 'SEED-CFB (128 key, 128 block)',
+    'SEED-OFB' => 'SEED-OFB (128 key, 128 block)',
+    'BF-CBC' => 'BF-CBC(128 key, 64 block)'. ": $translate ",
+        );
+   return \%options;
+}
+
+1;
--- a/smeserver-openvpn-bridge.spec
+++ b/smeserver-openvpn-bridge.spec
@ -0,0 +1,362 @@
+# $Id: smeserver-openvpn-bridge.spec,v 1.17 2024/09/06 01:23:30 terryfage Exp $
+# Authority: vip-ire
+# Name: Daniel Berteaud
+
+Summary: OpenVPN, a strong VPN solution build over SSL, pre-configured for bridge mode
+%define name smeserver-openvpn-bridge
+Name: %{name}
+%define version 2.1
+%define release 24
+Version: %{version}
+Release: %{release}%{?dist}
+License: GPL
+Group: Networking/Remote access
+Source: %{name}-%{version}.tar.xz
+
+
+BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
+BuildArchitectures: noarch
+
+BuildRequires: e-smith-devtools
+
+Provides: perl(esmith::FormMagick::Panel::openvpnbridge)
+Requires: e-smith-base
+Requires: openvpn
+Requires: smeserver-bridge-interface
+Requires: perl(Net::OpenVPN::Manage)
+Obsoletes: smeserver-openvpn-bridge-fws
+Obsoletes: smeserver-openvpn-bridge.fws
+
+%description
+This package contains all the needed scripts and templates
+to have a full working openvpn server running in bridge mode.
+
+%changelog
+* Sat Sep 07 2024 cvs2git.sh aka Brian Read <brianr@koozali.org> 2.1-24.sme
+- Roll up patches and move to git repo [SME: 12338]
+
+* Sat Sep 07 2024 BogusDateBot
+- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
+  by assuming the date is correct and changing the weekday.
+
+* Fri Sep 06 2024 Terry Fage <terry@fage.id.au> 2.1-23.sme
+- apply locale 2024-09-06.patch
+
+* Wed Nov 23 2022 Jean-Philippe Pialasse <tests@pialasse.com> 2.1-22.sme
+- log to dedicated file [SME: 12242]
+- use locale timezone for logging [SME: 6155]
+
+* Fri Nov 11 2022 Jean-Philippe Pialasse <tests@pialasse.com> 2.1-19.sme
+- apply locale 2022-11-1 patch
+
+* Sat Jul 30 2022 Jean-Philippe Pialasse <tests@pialasse.com> 2.1-18.sme
+- add Provides perl(esmith::FormMagick::Panel::openvpnbridge)
+
+* Sat Jul 30 2022 Brian Read <brianr@bjsystems.co.uk> 2.1-17.sme
+- Re-build and link to latest devtools [SME: 11997]
+
+* Sat Jul 23 2022 Jean-Philippe Pialasse <tests@pialasse.com> 2.1-16.sme
+- add to core backup [SME: 12018]
+
+* Wed Sep 08 2021 Terry Fage <terry.fage@gmail.com> 2.1-15.sme
+- apply locale 2021-09-08 patch
+
+* Mon Aug 23 2021 Terry Fage <terry.fage@gmail.com> 2.1-14.sme
+- apply locale 2021-08-23 patch
+
+* Wed Mar 31 2021 Jean-Philippe Pialasse <tests@pialasse.com> 2.1-13.sme
+- default AES-128-CBC and SHA256 fix [SME: 11335]
+- better frist screen with information on link and hnac and cipher
+- better client default configuration with embded shared key and CAcert
+- migrate cipher to Cipher like routed and s2s usage
+- HMAC and Cipher are accessible to change using the manager.
+- Re-build and link to latest devtools typos in translations [SME: 6647]
+
+* Tue Mar 23 2021 Jean-Philippe Pialasse <tests@pialasse.com> 2.1-12.sme
+- Re-build and link to latest devtools permisison issue on private keys [SME: 11335]
+- rework unit file
+  avoid failure, add ncp cipher, add loging status
+- add default cipher  AES-256-CBC - if issue with older clients < 2.4
+  it is advised to set it to 'auto' or BF-CBC 
+
+* Thu Feb 04 2021 Brian Read <brianr@bjsystems.co.uk> 2.1-11.sme
+- Initial import to SME10 [SME: 11335]
+- Add-in-systemd-startup
+
+* Sat Dec 07 2019 SME Translation Server <translations@contribs.org> 2.1-10.sme
+- apply locale 2019-12-07 patch
+
+* Thu Nov 15 2018 John Crisp <jcrisp@safeandsoundit.co.uk> 2.1-9.sme
+- Add option to enable/doisable PushRoute  [SME: 10547]
+
+* Sat Dec 02 2017 SME Translation Server <translations@contribs.org> 2.1-8.sme
+- apply locale 2017-12-02 patch
+
+* Wed Feb 01 2017 Jean-Philipe Pialasse <tests@pialasse.com> 2.1-7.sme
+- apply locale 2017-02-02.patch
+
+* Sat May 7 2016 Daniel Berteaud <daniel@firewall-services.com> 2.1-6.sme
+- Typo in en-us locale for the panel [SME: 9301]
+
+* Wed Feb 10 2016 Daniel Berteaud <daniel@firewall-services.com> 2.1-5.sme
+- Remove obsolete libpam.so symlink so AutoReqProv do not add a dep on i686
+  pam
+
+* Mon Feb 8 2016 Daniel Berteaud <daniel@firewall-services.com> 2.1-4.sme
+- Create /etc/openvpn/bridge/dev/urandom [SME: 9238]
+
+* Thu Aug 6 2015 Daniel Berteaud <daniel@firewall-services.com> 2.1-3.sme
+- Add routes for s2s virtual IP
+
+* Tue Feb 17 2015 Daniel Berteaud <daniel@firewall-services.com> 2.1-2.sme
+- Apply locale 2015-02-17 patch
+
+* Mon Nov 11 2013 Daniel B. <daniel@firewall-services.com> 2.1-1.sme
+- Rebuild for SME9
+
+* Sun Jul 14 2013 JP Pialasse <tests@pialasse.com> 2.0-50.sme
+- apply locale 2013-07-14 patch
+
+* Thu Jun 6 2013 Daniel B. <daniel@firewall-services.com> 2.0-49.sme
+- Fix plugin directory for x86_64 [SME: 7658]
+
+* Fri Mar 22 2013 Daniel B. <daniel@firewall-services.com> 2.0-48.sme
+- Fix spelling in en-us panel [SME: 7507]
+
+* Mon Oct 08 2012 Daniel B. <daniel@firewall-services.com> 2.0-47.sme
+- Create a tmp dir (needed for openvpn 2.2.2)
+
+* Tue Mar 20 2012 SME Translation Server <translations@contribs.org> 2.0-46.el6
+- apply locale 2012-03-20 patch
+
+* Wed Apr 27 2011 SME Translation Server <translations@contribs.org> 2.0-45.sme
+- apply locale 2011-04-27 patch
+
+* Sun Mar 06 2011 SME Translation Server <translations@contribs.org> 2.0-44.sme
+- apply locale 2011-03-06 patch
+
+* Thu Feb 17 2011 Daniel B. <daniel@firewall-services.com> 2.0-43.sme
+- Fix a typo in the panel [SME: 6509]
+
+* Tue Jan 25 2011 Daniel B. <daniel@firewall-services.com> 2.0-42.sme
+- Stop disabling service on rpm removal (spec change only)
+
+* Tue Jan 25 2011 Daniel B. <daniel@firewall-services.com> 2.0-41.sme
+- Add comp-lzo option back into client conf file
+
+* Tue Oct 26 2010 Daniel B. <daniel@firewall-services.com> 2.0-40.sme
+- Add PassTOS DB key to enable/disable passtos
+- Enhance routes push (work with s2s contrib)
+
+* Tue Oct 19 2010  Daniel B. <daniel@firewall-services.com> 2.0-39.sme
+- templates cleanup
+- DB prop to disable local networks routes push to client
+
+* Mon Jul 19 2010 Daniel B. <daniel@firewall-services.com> 2.0-38.sme
+- apply locale 2010-07-19 patc
+
+* Wed Jun 02 2010 Daniel B. <daniel@firewall-services.com> 2.0-37.sme
+- apply locale 2010-06-02 patch
+- use multilog timestamp
+
+* Wed May 12 2010 Daniel B. <daniel@firewall-services.com> 2.0-36.sme
+- Comment the passtos option as it's not supported on Windows
+
+* Fri Apr 30 2010 Daniel B. <daniel@firewall-services.com> 2.0-35.sme
+- add the passtos option
+- push the comp-lzo option to the client
+- apply locale 2010-04-29 patch
+
+* Tue Mar 02 2010 SME Translation Server <translations@contribs.org> 2.0-34.sme
+- apply locale 2010-03-02 patch
+
+* Wed Nov 18 2009 Daniel B. <daniel@firewall-services.com> 2.0-33.sme
+- code cleanup
+
+* Tue Nov 17 2009 Daniel B. <daniel@firewall-services.com> 2.0-32.sme
+- apply locale 2009-11-17 patch
+- Fix CRL update on event (openvpn-bridge-update)
+
+* Tue Oct 27 2009 SME Translation Server <translations@contribs.org> 2.0-31.sme
+- apply locale 2009-10-27 patch
+
+* Wed Oct 21 2009 Daniel B. <daniel@firewall-services.com> 2.0-30.sme
+- apply locale 2009-10-21 patch
+
+* Tue Sep 29 2009 Daniel B. <daniel@firewall-services.com> 2.0-29.sme
+- Put tls-client directive in client config file even when additional TLS
+  auth is disabled (required for the main TLS auth) [SME: 5495]
+- apply locale 2009-09-28 patch
+
+* Mon Aug 24 2009 SME Translation Server <translations@contribs.org> 2.0-28.sme
+- apply locale 2009-08-24 patch
+
+* Wed Jul 22 2009 Daniel B. <daniel@firewall-services.com> 2.0-27.sme
+- apply locale 2009-07-22 patch
+
+* Thu Jun 25 2009 Daniel B. <daniel@firewall-services.com> 2.0-26.sme
+- expand config and restart the service when local networks are added
+  or removed so the new routes are pushed
+
+* Tue May 26 2009 Daniel B. <daniel@firewall-services.com> 2.0-25.sme
+- apply locale 2009-05-26 patch
+
+* Sun May 24 2009 Daniel B. <daniel@firewall-services.com> 2.0-24.sme
+- apply locale 2009-05-24 patch
+
+* Thu Apr 30 2009 Daniel B. <daniel@firewall-services.com> 2.0-23.sme
+- apply local 2009-04-30 patch
+
+* Mon Apr 27 2009 SME Translation Server <translations@contribs.org> 2.0-22.sme
+- apply locale 2009-04-27 patch
+
+* Tue Apr 14 2009 Daniel B. <daniel@firewall-services.com> [2.0-21]
+- Fixe permissions on public directory (pub and ccd) which must be readable
+  by everyone (especially user nobody)
+
+* Sun Apr 12 2009 Daniel B. <daniel@firewall-services.com> [2.0-20]
+- remove obsolete init scripts reset-openvpn and openvpn-bridge
+
+* Wed Mar 18 2009 Daniel B. <daniel@firewall-services.com> [2.0-19]
+- Do not add cipher directive in client configuration file if set to 'auto'
+
+* Wed Mar 11 2009 Daniel B. <daniel@firewall-services.com> [2.0-18]
+- Compatibility with openvpn 2.1 (detect plugin dir location) [SME: 5060]
+
+* Mon Mar 09 2009 Daniel B. <daniel@firewall-services.com> [2.0-17]
+- Add smeserver-bridge-interface as dependency
+- Update spec description
+
+* Tue Mar 03 2009 SME Translation Server [2.0-16]
+- apply locale 2009-03-03 patch
+
+* Tue Mar 03 2009 Jonathan Martens <smeserver-contribs@snetram.nl> [2.0-15]
+- Fix some more errors in the en-us locale
+- Remove tabs from SPEC file as some editors act weird with them, e.g. nano
+
+* Tue Mar 03 2009 Jonathan Martens <smeserver-contribs@snetram.nl> [2.0-14]
+- Fix some grammar errors in the en-us locale
+
+* Tue Mar 03 2009 Jonathan Martens <smeserver-contribs@snetram.nl> [2.0-13]
+- Fix a typo in the en-us locale
+
+* Tue Mar 03 2009 Shad L. Lords <slords@mail.com> [2.0-12]
+- Fix xml language tag to be correct
+
+* Tue Mar 03 2009 Shad L. Lords <slords@mail.com> [2.0-11]
+- Remove duplicate translations that break pootle
+
+* Tue Mar 03 2009 Shad L. Lords <slords@mail.com> [2.0-10]
+- Rename locale/en to locale/en-us to pootle works
+
+* Tue Mar 03 2009 Daniel B. <daniel@firewall-services.com> [2.0-9]
+- Apply locale patch fr 1
+- Add e-smith-devtools as a build dependency
+
+* Thu Jan 29 2009 Daniel B. <daniel@firewall-services.com> [2.0-8]
+- Fix an error with the creation of the db
+
+* Wed Jan 28 2009 Daniel B. <daniel@firewall-services.com> [2.0-7]
+- Cleanly create openvpn-bridge db
+
+* Fri Jan 16 2009 Daniel B. <daniel@firewall-services.com> [2.0-6]
+- Just warn if openvpn db is missing
+- Fix certificates check
+- Warn if bridge service isn't enabled
+- Configure the CRL update URL
+
+* Mon Jan 12 2009 Daniel B. <daniel@firewall-services.com> [2.0-5]
+- localization patch
+
+* Mon Dec 22 2008 Daniel B. <daniel@firewall-services.com> [2.0-4]
+- Add validate_common_name routine
+
+* Fri Dec 19 2008 Daniel B. <daniel@firewall-services.com> [2.0-3]
+- Added option configRequired (accept only certificate listed in the rules section)
+- Clean config templates
+
+* Tue Dec 16 2008 Daniel B. <daniel@firewall-services.com> [2.0-2]
+- Add missing pull directive in client config
+
+* Fri Dec 12 2008 Daniel B. <daniel@firewall-services.com> [2.0-1]
+- Remove useless migrate fragment (now handled by the bridge package)
+
+* Thu Dec 04 2008 Daniel B. <daniel@firewall-services.com> [2.0-0]
+- The bridge stuff is now in a separated rpm
+- Restarting the service doesn't cut the InternalInterface
+  as the bridge isn't restarted
+- Correct (truely this time) the bug with dhcpd looping
+- Panel re-writen in FormMagick (much more simple now)
+- Removed the certificate manager, now handled by phpki
+- Real-time clients info using Net::OpenVPN::Manage
+- Routes to local networks are pushed to clients
+
+* Tue Feb 06 2007 Daniel Berteaud <daniel@firewall-services.com>
+- [1.1-1]
+- Bugs fixes (repported by Stephan Braunstein)
+- corrections in the en language
+
+* Tue Feb 06 2007 Daniel Berteaud <daniel@firewall-services.com>
+- [1.1-0]
+- panel enhancement
+- little correction in the local file
+
+* Mon Dec 11 2006 Daniel Berteaud <daniel@firewall-services.com>
+- [1.0-3]
+- correction of permissions on startup and shutdown scripts
+- little correction in the local file
+
+* Fri Dec 08 2006 Daniel Berteaud <daniel@firewall-services.com>
+- [1.0-2]
+- Added missing directory keys/bridge
+
+* Wed Dec 06 2006 Daniel Berteaud <daniel@firewall-services.com>
+- [1.0-1]
+- Removed useless parameters from the panel (tap, br and localInf)
+- Added a stop script (k20openvpn-bridge)
+- panel renamed to openvpn-bridge for futur compatibility
+
+%prep
+
+%setup -q -n %{name}-%{version}
+
+rm -rf root/usr/sbin/systemd/
+rm -rf root/var/service/
+
+%build
+perl createlinks
+
+%{__mkdir_p} root/etc/openvpn/bridge/ccd
+%{__mkdir_p} root/etc/openvpn/bridge/priv
+%{__mkdir_p} root/etc/openvpn/bridge/pub
+%{__mkdir_p} root/etc/openvpn/bridge/etc
+%{__mkdir_p} root/etc/openvpn/bridge/tmp
+%{__mkdir_p} root/etc/openvpn/bridge/dev
+%{__mkdir_p} root/var/log/openvpn-bridge
+
+%install
+/bin/rm -rf $RPM_BUILD_ROOT
+(cd root   ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
+/bin/rm -f %{name}-%{version}-filelist
+/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
+  --dir /var/log/openvpn-bridge 'attr(0750,root,root)' \
+  --dir /etc/openvpn/bridge/pub 'attr(0755,root,root)' \
+  --dir /etc/openvpn/bridge/priv 'attr(0750,root,root)' \
+  --dir /etc/openvpn/bridge/ccd 'attr(0755,root,root)' \
+  --dir /etc/openvpn/bridge/etc 'attr(0755,root,root)' \
+  --dir /etc/openvpn/bridge/tmp 'attr(0770,root,nobody)' \
+  --file /usr/bin/ovpn-bridge-update-crl  'attr(0750,root,root)' \
+  > %{name}-%{version}-filelist
+
+%files -f %{name}-%{version}-filelist
+%defattr(-,root,root)
+
+%clean 
+rm -rf $RPM_BUILD_ROOT
+
+%post
+if [ \! -c /etc/openvpn/bridge/dev/urandom ]; then
+    mknod -m 0444 /etc/openvpn/bridge/dev/urandom c 1 9
+fi
+
+%preun
				`@ -0,0 +1 @@`
				`http://localhost:940/phpki/index.php?stage=dl_crl_pem`