From 9dcb47db3166299913bda3310e684dbebd32baaa Mon Sep 17 00:00:00 2001 From: Trevor Batley Date: Sat, 7 Sep 2024 19:57:25 +1000 Subject: [PATCH] initial commit of file from CVS for smeserver-openvpn-bridge on Sat Sep 7 19:57:25 AEST 2024 --- .gitignore | 4 + Makefile | 21 + README.md | 16 +- contriborbase | 1 + createlinks | 57 + .../defaults/openvpn-bridge/Cipher | 1 + .../defaults/openvpn-bridge/ConfigRequired | 1 + .../defaults/openvpn-bridge/CrlUrl | 1 + .../defaults/openvpn-bridge/HMAC | 1 + .../defaults/openvpn-bridge/UDPPort | 1 + .../defaults/openvpn-bridge/access | 1 + .../defaults/openvpn-bridge/clientToClient | 1 + .../defaults/openvpn-bridge/maxClients | 1 + .../defaults/openvpn-bridge/redirectGW | 1 + .../defaults/openvpn-bridge/status | 1 + .../defaults/openvpn-bridge/tapIf | 1 + .../defaults/openvpn-bridge/type | 1 + .../defaults/openvpn-bridge/userAuth | 1 + .../migrate/50openvpn-bridge-management-pass | 12 + .../migrate/50openvpn-bridge-range | 36 + .../db/configuration/migrate/50openvpn-cipher | 16 + .../events/actions/openvpn-bridge-jail | 6 + .../events/actions/openvpn-bridge-reload-ccd | 39 + .../events/actions/openvpn-bridge-update-crl | 29 + .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 468 +++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/e-smith/web/functions/openvpnbridge | 452 ++++++++ .../etc/openvpn/bridge/management-pass.txt | 4 + .../templates/etc/crontab/openvpn-bridge-crl | 7 + .../etc/openvpn/bridge/ccd/.gitignore | 0 .../openvpn/bridge/management-pass.txt/10pass | 7 + .../bridge/management-pass.txt/template-begin | 0 .../bridge/management-pass.txt/template-end | 0 .../etc/openvpn/bridge/openvpn.conf/10dev | 23 + .../etc/openvpn/bridge/openvpn.conf/20daemon | 8 + .../etc/openvpn/bridge/openvpn.conf/30cert | 18 + .../openvpn/bridge/openvpn.conf/35encryption | 33 + .../openvpn/bridge/openvpn.conf/40userAuth | 27 + .../openvpn/bridge/openvpn.conf/50server_mode | 9 + .../etc/openvpn/bridge/openvpn.conf/60options | 48 + .../etc/openvpn/bridge/openvpn.conf/65routes | 33 + .../openvpn/bridge/openvpn.conf/70management | 7 + .../etc/openvpn/bridge/openvpn.conf/80clients | 27 + .../etc/openvpn/bridge/openvpn.conf/90log | 9 + root/etc/e-smith/web/functions/openvpnbridge | 373 +++++++ root/etc/logrotate.d/openvpn-bridge | 8 + root/etc/openvpn/ccd-bridge/.config | 0 .../lib/systemd/system/openvpn-bridge.service | 27 + .../esmith/FormMagick/Panel/openvpnbridge.pm | 990 ++++++++++++++++++ smeserver-openvpn-bridge.spec | 362 +++++++ 73 files changed, 14036 insertions(+), 2 deletions(-) create mode 100644 .gitignore create mode 100644 Makefile create mode 100644 contriborbase create mode 100644 createlinks create mode 100644 root/etc/e-smith/db/configuration/defaults/openvpn-bridge/Cipher create mode 100644 root/etc/e-smith/db/configuration/defaults/openvpn-bridge/ConfigRequired create mode 100644 root/etc/e-smith/db/configuration/defaults/openvpn-bridge/CrlUrl create mode 100644 root/etc/e-smith/db/configuration/defaults/openvpn-bridge/HMAC create mode 100644 root/etc/e-smith/db/configuration/defaults/openvpn-bridge/UDPPort create mode 100644 root/etc/e-smith/db/configuration/defaults/openvpn-bridge/access create mode 100644 root/etc/e-smith/db/configuration/defaults/openvpn-bridge/clientToClient create mode 100644 root/etc/e-smith/db/configuration/defaults/openvpn-bridge/maxClients create mode 100644 root/etc/e-smith/db/configuration/defaults/openvpn-bridge/redirectGW create mode 100644 root/etc/e-smith/db/configuration/defaults/openvpn-bridge/status create mode 100644 root/etc/e-smith/db/configuration/defaults/openvpn-bridge/tapIf create mode 100644 root/etc/e-smith/db/configuration/defaults/openvpn-bridge/type create mode 100644 root/etc/e-smith/db/configuration/defaults/openvpn-bridge/userAuth create mode 100644 root/etc/e-smith/db/configuration/migrate/50openvpn-bridge-management-pass create mode 100644 root/etc/e-smith/db/configuration/migrate/50openvpn-bridge-range create mode 100644 root/etc/e-smith/db/configuration/migrate/50openvpn-cipher create mode 100644 root/etc/e-smith/events/actions/openvpn-bridge-jail create mode 100644 root/etc/e-smith/events/actions/openvpn-bridge-reload-ccd create mode 100644 root/etc/e-smith/events/actions/openvpn-bridge-update-crl create mode 100644 root/etc/e-smith/locale/bg/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/da/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/de/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/el/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/es/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/et/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/fr/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/he/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/hu/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/id/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/it/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/ja/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/nb/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/nl/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/pl/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/pt-br/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/pt/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/ro/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/ru/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/sl/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/sv/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/th/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/tr/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/zh-cn/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/locale/zh-tw/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/e-smith/templates.metadata/etc/openvpn/bridge/management-pass.txt create mode 100644 root/etc/e-smith/templates/etc/crontab/openvpn-bridge-crl create mode 100644 root/etc/e-smith/templates/etc/openvpn/bridge/ccd/.gitignore create mode 100644 root/etc/e-smith/templates/etc/openvpn/bridge/management-pass.txt/10pass create mode 100644 root/etc/e-smith/templates/etc/openvpn/bridge/management-pass.txt/template-begin create mode 100644 root/etc/e-smith/templates/etc/openvpn/bridge/management-pass.txt/template-end create mode 100644 root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/10dev create mode 100644 root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/20daemon create mode 100644 root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/30cert create mode 100644 root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/35encryption create mode 100644 root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/40userAuth create mode 100644 root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/50server_mode create mode 100644 root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/60options create mode 100644 root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/65routes create mode 100644 root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/70management create mode 100644 root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/80clients create mode 100644 root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/90log create mode 100755 root/etc/e-smith/web/functions/openvpnbridge create mode 100644 root/etc/logrotate.d/openvpn-bridge create mode 100644 root/etc/openvpn/ccd-bridge/.config create mode 100644 root/usr/lib/systemd/system/openvpn-bridge.service create mode 100644 root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpnbridge.pm create mode 100644 smeserver-openvpn-bridge.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e594810 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +*.rpm +*.log +*spec-20* +*.tar.xz diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..4a04275 --- /dev/null +++ b/Makefile @@ -0,0 +1,21 @@ +# Makefile for source rpm: smeserver-openvpn-bridge +# $Id: Makefile,v 1.1 2021/02/04 16:20:56 brianr Exp $ +NAME := smeserver-openvpn-bridge +SPECFILE = $(firstword $(wildcard *.spec)) + +define find-makefile-common +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +endef + +MAKEFILE_COMMON := $(shell $(find-makefile-common)) + +ifeq ($(MAKEFILE_COMMON),) +# attept a checkout +define checkout-makefile-common +test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 +endef + +MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) +endif + +include $(MAKEFILE_COMMON) diff --git a/README.md b/README.md index 8490480..0732111 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,15 @@ -# smeserver-openvpn-bridge +# smeserver-openvpn-bridge -SMEServer Koozali developed git repo for smeserver-openvpn-bridge smecontribs \ No newline at end of file +SMEServer Koozali developed git repo for smeserver-openvpn-bridge smecontribs + +## Wiki +
https://wiki.koozali.org/ + +## Bugzilla +Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-openvpn-bridge&product=SME%20Contribs&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED) + +## Description + +
*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.* +*Once it has been checked, then this comment will be deleted* +
diff --git a/contriborbase b/contriborbase new file mode 100644 index 0000000..9b7fd51 --- /dev/null +++ b/contriborbase @@ -0,0 +1 @@ +contribs10 diff --git a/createlinks b/createlinks new file mode 100644 index 0000000..170d1d8 --- /dev/null +++ b/createlinks @@ -0,0 +1,57 @@ +#!/usr/bin/perl -w + +use esmith::Build::CreateLinks qw(:all); + +safe_symlink("restart", "root/etc/e-smith/events/openvpn-bridge-update/services2adjust/openvpn-bridge"); +safe_symlink("restart", "root/etc/e-smith/events/network-create/services2adjust/openvpn-bridge"); +safe_symlink("restart", "root/etc/e-smith/events/network-delete/services2adjust/openvpn-bridge"); + + +panel_link("openvpnbridge", 'manager'); + +templates2events("/etc/openvpn/bridge/openvpn.conf", "openvpn-bridge-update"); + +templates2events("/etc/openvpn/bridge/management-pass.txt", qw(openvpn-bridge-update bootstrap-console-save)); +templates2events("/etc/openvpn/bridge/openvpn.conf", qw(openvpn-bridge-update bootstrap-console-save network-create network-delete)); +templates2events("/etc/crontab", qw(openvpn-bridge-update)); + +event_link("openvpn-bridge-reload-ccd", "openvpn-bridge-update", "20"); +event_link("openvpn-bridge-update-crl", "openvpn-bridge-update", "30"); +event_link("openvpn-bridge-reload-ccd", "openvpn-bridge-reload-ccd", "20"); +event_link("openvpn-bridge-update-crl", "openvpn-bridge-reload-ccd", "30"); + +event_link("openvpn-bridge-jail", "openvpn-bridge-update" , "03"); +event_link("openvpn-bridge-jail", "bootstrap-console-save" , "03"); + +# our event specific for updating with yum without reboot +$event = "smeserver-openvpn-bridge-update"; +#add here the path to your templates needed to expand +#see the /etc/systemd/system-preset/49-koozali.preset should be present for systemd integration on all you yum update event + +foreach my $file (qw( + /etc/systemd/system-preset/49-koozali.preset + /etc/crontab + /etc/openvpn/bridge/management-pass.txt + /etc/openvpn/bridge/openvpn.conf + +)) +{ + templates2events( $file, $event ); +} + +#action needed in case we have a systemd unit +event_link("systemd-default", $event, "88"); +event_link("systemd-reload", $event, "89"); +event_link("openvpn-bridge-jail", $event, "03"); +#action specific to this package +event_link("openvpn-bridge-update", $event, "60"); +#services we need to restart +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/openvpn-bridge"); + + +use esmith::Build::Backup qw(:all); +backup_includes("smeserver-openvpn-bridge", qw( +/etc/openvpn/bridge/priv +/etc/openvpn/bridge/pub +/var/log/openvpn-bridge +)); diff --git a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/Cipher b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/Cipher new file mode 100644 index 0000000..f2defb7 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/Cipher @@ -0,0 +1 @@ +AES-128-CBC diff --git a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/ConfigRequired b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/ConfigRequired new file mode 100644 index 0000000..7a68b11 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/ConfigRequired @@ -0,0 +1 @@ +disabled diff --git a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/CrlUrl b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/CrlUrl new file mode 100644 index 0000000..2118181 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/CrlUrl @@ -0,0 +1 @@ +http://localhost:940/phpki/index.php?stage=dl_crl_pem diff --git a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/HMAC b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/HMAC new file mode 100644 index 0000000..cad7bd6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/HMAC @@ -0,0 +1 @@ +SHA256 diff --git a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/UDPPort b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/UDPPort new file mode 100644 index 0000000..9f6bb62 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/UDPPort @@ -0,0 +1 @@ +1194 diff --git a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/access b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/access new file mode 100644 index 0000000..a48cf0d --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/access @@ -0,0 +1 @@ +public diff --git a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/clientToClient b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/clientToClient new file mode 100644 index 0000000..7a68b11 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/clientToClient @@ -0,0 +1 @@ +disabled diff --git a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/maxClients b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/maxClients new file mode 100644 index 0000000..209e3ef --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/maxClients @@ -0,0 +1 @@ +20 diff --git a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/redirectGW b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/redirectGW new file mode 100644 index 0000000..40985ee --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/redirectGW @@ -0,0 +1 @@ +PerClient diff --git a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/status b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/status new file mode 100644 index 0000000..7a68b11 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/status @@ -0,0 +1 @@ +disabled diff --git a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/tapIf b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/tapIf new file mode 100644 index 0000000..d727766 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/tapIf @@ -0,0 +1 @@ +tap0 diff --git a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/type b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/type new file mode 100644 index 0000000..24e1098 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/type @@ -0,0 +1 @@ +service diff --git a/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/userAuth b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/userAuth new file mode 100644 index 0000000..684ef5a --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/userAuth @@ -0,0 +1 @@ +CrtWithPass diff --git a/root/etc/e-smith/db/configuration/migrate/50openvpn-bridge-management-pass b/root/etc/e-smith/db/configuration/migrate/50openvpn-bridge-management-pass new file mode 100644 index 0000000..6959887 --- /dev/null +++ b/root/etc/e-smith/db/configuration/migrate/50openvpn-bridge-management-pass @@ -0,0 +1,12 @@ +{ + my $openvpn = $DB->get('openvpn-bridge') || $DB->new_record('openvpn-bridge', {type => 'service'}); + my $management = $openvpn->prop('management') || ''; + # If the management interface is already defined, return nothing + return "" if ($management ne ''); + + # Else, we generate a random password + + $pass=`/usr/bin/openssl rand -base64 20 | tr -c -d '[:alnum:]'`; + $openvpn->set_prop('management',"localhost:11194:$pass"); +} + diff --git a/root/etc/e-smith/db/configuration/migrate/50openvpn-bridge-range b/root/etc/e-smith/db/configuration/migrate/50openvpn-bridge-range new file mode 100644 index 0000000..006d1b8 --- /dev/null +++ b/root/etc/e-smith/db/configuration/migrate/50openvpn-bridge-range @@ -0,0 +1,36 @@ +{ + my $openvpn = $DB->get('openvpn-bridge') || $DB->new_record('openvpn-bridge', {type => 'service'}); + my $start = $openvpn->prop('startPool') || ''; + my $end = $openvpn->prop('endPool') || ''; + + # If start and end are define, we return an empty string + return "" if ($start ne '' and $end ne ''); + + # Else, we compute valid address + + $start = '0.0.0.10'; + $end = '0.0.0.30'; + + $start = esmith::util::IPquadToAddr($start); + $end = esmith::util::IPquadToAddr($end); + my $netmask = esmith::util::IPquadToAddr($LocalNetmask); + my $localnet = esmith::util::IPquadToAddr($LocalIP) & $netmask; + + # AND-out the host bits from the start and end ips. + # And, OR our local network with our start and end host values. + $start = $localnet | ($start & ~$netmask); + $end = $localnet | ($end & ~$netmask); + + # Make sure that $start is less than $end (might not be if netmask has changed) + if ($start > $end) + { + my $temp = $start; + $start = $end; + $end = $temp; + } + + $openvpn->merge_props(startPool => esmith::util::IPaddrToQuad($start), + endPool => esmith::util::IPaddrToQuad($end)); + + +} diff --git a/root/etc/e-smith/db/configuration/migrate/50openvpn-cipher b/root/etc/e-smith/db/configuration/migrate/50openvpn-cipher new file mode 100644 index 0000000..c26d5eb --- /dev/null +++ b/root/etc/e-smith/db/configuration/migrate/50openvpn-cipher @@ -0,0 +1,16 @@ +{ + #migrate cipher to Cipher that is used in all other openvpn contribs + my $opv = $DB->get('openvpn-bridge') || $DB->new_record('openvpn-bridge', {type => 'service'}); + + my %old2new = ( + 'cipher' => "Cipher", + ); + + for my $keyt ( keys %old2new ) + { + next unless ( $opv->prop($keyt) ); + my $value = $DB->get_prop_and_delete('openvpn-bridge', $keyt); + next if ( $opv->prop($old2new{$keyt}) ); + $DB->set_prop('openvpn-bridge', $old2new{$keyt}, $value); + } +} diff --git a/root/etc/e-smith/events/actions/openvpn-bridge-jail b/root/etc/e-smith/events/actions/openvpn-bridge-jail new file mode 100644 index 0000000..6a47148 --- /dev/null +++ b/root/etc/e-smith/events/actions/openvpn-bridge-jail @@ -0,0 +1,6 @@ +#!/bin/bash + +#copy any files needed for the jail + +#be sure we have the needed timezone +/bin/cp -L /etc/localtime /etc/openvpn/bridge/etc diff --git a/root/etc/e-smith/events/actions/openvpn-bridge-reload-ccd b/root/etc/e-smith/events/actions/openvpn-bridge-reload-ccd new file mode 100644 index 0000000..b9f34ef --- /dev/null +++ b/root/etc/e-smith/events/actions/openvpn-bridge-reload-ccd @@ -0,0 +1,39 @@ +#!/usr/bin/perl -w + + +use esmith::ConfigDB; +my $config_db = esmith::ConfigDB->open_ro(); +my $db_rules = esmith::ConfigDB->open_ro('openvpn-bridge'); +my @rules = $db_rules->get_all_by_prop(type => 'rule'); +my $netmask = $config_db->get('LocalNetmask')->value; +my $userAuth = ${'openvpn-bridge'}{userAuth}; + +my $ccd = "/etc/openvpn/bridge/ccd"; +unlink <$ccd/*>; + +foreach (@rules){ + my $rule = $_->key; + my $rec_rule = $db_rules->get("$rule"); + my $ip = $rec_rule->prop('ip') || ''; + my $redirectGW = $rec_rule->prop('redirectGW') || 'disabled'; + my $access = $rec_rule->prop('access') || 'allowed'; + unless (open (CCD, ">$ccd/$rule")){ + die "Error opening $ccd/$rule"; + } + + if ($ip ne ''){ + print CCD "--ifconfig-push $ip $netmask\n"; + } + else{ + print CCD "# No fixed IP defined\n"; + } + if ($access eq 'denied'){ + print CCD "--disable\n"; + } + if ($redirectGW eq 'enabled'){ + print CCD "push \"redirect-gateway def1\"\n"; + } + close CCD; +} + + diff --git a/root/etc/e-smith/events/actions/openvpn-bridge-update-crl b/root/etc/e-smith/events/actions/openvpn-bridge-update-crl new file mode 100644 index 0000000..0b3d789 --- /dev/null +++ b/root/etc/e-smith/events/actions/openvpn-bridge-update-crl @@ -0,0 +1,29 @@ +#!/bin/bash + +URL=$(/sbin/e-smith/db configuration getprop openvpn-bridge CrlUrl) +DOMAIN=$(/sbin/e-smith/db configuration get DomainName) + +/usr/bin/wget $URL -O /tmp/cacrl.pem > /dev/null 2>&1 + +/usr/bin/openssl crl -inform PEM -in /tmp/cacrl.pem -text > /dev/null 2>&1 + +if [ "$?" -eq "0" ]; then + /bin/mv -f /tmp/cacrl.pem /etc/openvpn/bridge/pub/cacrl.pem > /dev/null 2>&1 +else + cat > /tmp/crlmail <> /tmp/crlmail + mail -s 'CRL update failed' admin@$DOMAIN < /tmp/crlmail +fi + +rm -f /tmp/cacrl.pem +rm -f /tmp/crlmail + diff --git a/root/etc/e-smith/locale/bg/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/bg/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..33e69a0 --- /dev/null +++ b/root/etc/e-smith/locale/bg/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Конфигурация на процеса на Bridged OpenVPN + + + + DESC_FIRST_PAGE + Режимът Bridged позволява VPN клиентите да имат IP адрес от локалната мрежа, и така те да имат достъп до всички ресурси в нея.

]]> + + + + LABEL_STATUS + Състояние на услугата + + + + LABEL_AUTH_TYPE + Режим на автентикация + + + + LABEL_IP_POOL + Обхват от IP адреси + + + + DESC_RULE_BUTTON + Управление на конфигурацията на правилата + + + + DESC_SHOW_CLIENTS_BUTTON + Показване на включените клиенти + + + + DESC_CONFIG_BUTTON + Конфигурация на услугата + + + + DESC_CRT_CONFIG_BUTTON + Конфигурация на сертификатите + + + + LABEL_CRT_STATUS + Състояние на сертификатите + + + + CRT_CONFIG_ERROR + Има проблем с конфигурацията на сертификатите, трябва да ги проверите.]]> + + + + CRT_CONFIG_OK + Сертификатите са готови]]> + + + + CRT_ONLY + Само сертификат + + + + CRT_WITH_PASS + Сертификат с име и парола + + + + DESC_RULES_PAGE + - Да му дадете фиксиран IP адрес
- Да конфигурирате пренасочване на шлюза
- Временно да забраните достъпа
]]> + + + + DESC_RULES + Действащи правила]]> + +NO_RULE + + NO_RULE + Няма правило]]> + + + + DESC_ADD_RULE_BUTTON + Добави правило + + + + COMMON_NAME + Common Name + + + + IP_ADDRESS + IP адрес + + + + COMMENT + Коментар + + + + GATEWAY_REDIRECTION + Пренасочване на шлюза + + + + ACCESS + Достъп + + + + MODIFY + Промени + + + + REMOVE + Премахване + + + + DYNAMIC + Динамичен + + + + ENABLED + Включен + + + + DISABLED + Изключен + + + + ALLOWED + Позволен + + + + DENIED + Забранен + + + + DESC_ADD_OR_MODIFY_PAGE + Създаване или промяна]]> + + + + DESC_COMMON_NAME + Въведете common name. Ако клиент се свърже със сертификати, в които common name съвпадат, ще бъде приложена съответната конфигурация. + + + + DESC_COMMENT + Въведете коментар (по желание) + + + + DESC_RESERVED_IP + Ако въведете IP адрес, той винаги ще бъде асоцииран на клиента, свързващ се с този сертификат. Този IP адрес трябва да е от локалната мрежа (но, може да е извън обхвата VPN). Уверете се че този IP адрес не е използван от друг хост в мрежата. + + + + LABEL_RESERVED_IP + Резервиран IP адрес + + + + DESC_GW_REDIRECTION + Внимание: включването тази опция може да намали скоростта на интернет (както за клиента, така и за локалните мрежи)]]> + + + + LABEL_GW_REDIRECTION + Пренасочване на шлюза + + + + DESC_ACCESS + Можете временно да блокирате клиент. Това не осигурява голяма сигурност. Ако искате за постоянно да забраните клиент, трябва да оттеглите (revoke) неговия сертификат. + + + + DESC_REMOVE_PAGE + Ще премахнете следното правило:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Опресни + + + + ERROR_CONNECT_TO_MANAGER + Възникна грешка при свързване със сървъра. Проверете дали услугата работи.]]> + + + + NO_CLIENTS_CONNECTED + Няма клиенти, които са свързани в момента.]]> + + + + DESC_CONFIG_PAGE + Тази страница в позволява да настройвате услугата + + + + DESC_STATUS + Искате ли да включите услугата? + + + + DESC_AUTH_TYPE + Изберете метод на автентикация. "Само сертификат" може да бъде полезно ако искате да свързвате хостове без човешка намеса, но той не предоставя същото ниво на сигурност, което дава "Сертификат с име и парола" + + + + DESC_START_POOL + Трябва да изберете обхват от IP адреси за VPN клиентите. Този обхват трябва да е от локалната мрежа. Моля, проверете че никой от тези адреси не се използва от друг хост. Въведете началния IP адрес + + + + LABEL_START_POOL + Начален IP адрес + + + + DESC_END_POOL + Въведете последния IP адрес + + + + LABEL_END_POOL + Последен IP адрес + + + + DESC_CRT_CONFIG_PAGE + - Сертификат на издателя (CA). Този сертификат се използва за проверка на сертификатите на клиентите
- Сертификат на сървъра. Той ще бъде представен на клиентите, така че те да са сигурни че се свързват към Вашия сървър
- Таен ключ, асоцииран със сертификата на сървъра
- Файл с параметрите на Diffie-Helman. Той ще позволи динамична обмяна на ключове
- Споделен таен ключ. Този ключ ще позволи допълнителна автентикация за TLS
]]> + + + + DESC_CA_PEM + Въведете основния сертификат във формат PEM + + + + DESC_CRT_PEM + Въведете сертификата на сървъра във формат PEM + + + + DESC_KEY_PEM + Въведете тайния ключ, асоцииран със сертификата на сървъра във формат PEM + + + + DESC_DH_PEM + Въведете параметрите на Diffie-Helman + + + + DESC_TA_PEM + Въведете статичния споделен ключ. Този ключ ще се използва за допълнителна автентикация. Той е по желание, но може да повиши сигурността + + + + SUCCESS + Новите параметри бяха запазени + + + + NOT_A_VALID_IP + Трябва да въведете валиден IP адрес + + + + NOT_IN_LOCAL_NET + Трябва да въведете IP адрес от локалната мрежа + + + + SHOW_SAMPLE_CONFIG + Покажи работещ файл с конфигурация на клиента + + + + DESC_DISPLAY_CLIENT_CONF + Трябва също да свалите и файла със сертификата във формат # PKCS12 (който съдържа сертификата на издателя, сертификата на потребителя и тайния ключ на потребителя).
]]> + + + + REAL_IP + Реален IP адрес + + + + VIRTUAL_IP + VPN IP адрес + + + + SENT + Изпратени байтове + + + + RECEIVED + Получени байтове + + + + CONNECTED_SINCE + Свързан от + + + + DISCONNECT + Разкачи + + + + BAD_VALUE + Некоректна стойност + + + + + CANCELED + Отменено + + + + DESC_CLIENT_DISCONECT_PAGE + Ще разкачите този потребител. Искате ли да продължите? + + + + CLIENT_DISCONNECTED + Клиентът беше разкачен + + + + INVALID_CHARS + "{$string}" съдържа забранени символи + + + + BRIDGE_NOT_ENABLED + Услугата bridge трябва да бъде включена.
Следните команди ще я включат:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" не е валиден URL + + + + DESC_CRL_URL + Въведете URL за актуализация на CRL. (ако phpki работи на същия сървър, можете да оставите стандартната стойност) + + + + LABEL_CRL_URL + URL за актуализация на CRL + + + + LABEL_CA_PEM + Сертификат на удостоверителя (CA) + + + + LABEL_CRT_PEM + Сертификат на сървъра + + + + LABEL_KEY_PEM + Частен ключ на сървъра + + + + LABEL_DH_PEM + DH параметри + + + + LABEL_TA_PEM + Статичен ключ + + + DESC_HMAC + HMAC е част от кодирането на канала за данни на openvpn (където пътуват данните) след кодирането със шифъра. Стандартен е несигурния SHA1, предлагаме Ви да ползват поне SHA256. Тази настройка трябва да е еднаква на сървъра и клиента + + + LABEL_HMAC + HMAC алгоритъм + + + DESC_CIPHER + Шифърът, използван за канала с данни за openvpn. Стандартно се използва несигурния алгоритъм BlowFish. Предлагаме Ви да ползвате AES-128-CBC или по-висок. Тази настройка трябва да е еднаква за сървъра и клиента. + + + LABEL_CIPHER + Алгоритъм на шифъра за кодиране + + + LINK + Състояние на връзката + + + UP + Горе + + + SYSTEMD_RETURNED + Systemd отговаря че услугата е + + + CHANGEME_INSECURE + Моля, променете несигурния параметър + + + SUGGESTED + Предложена стойност + + + DEFAULT + Стандартно + + + ERROR + Грешка + + + diff --git a/root/etc/e-smith/locale/da/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/da/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..37e3c89 --- /dev/null +++ b/root/etc/e-smith/locale/da/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Konfiguration af OpenVPN daemon + + + + DESC_FIRST_PAGE + Bridged mode tillader VPN klienter at have en IP adresse på det lokale netværk, og dermed adgang til alle ressourcer på det lokale netværk.

]]> + + + + LABEL_STATUS + Service status + + + + LABEL_AUTH_TYPE + Autentificeringsmetode + + + + LABEL_IP_POOL + IP-adresseområde + + + + DESC_RULE_BUTTON + Administrer konfigurationsregler + + + + DESC_SHOW_CLIENTS_BUTTON + Vis tilsluttede klienter + + + + DESC_CONFIG_BUTTON + Opsætning af service + + + + DESC_CRT_CONFIG_BUTTON + Opsætning af certifikater + + + + LABEL_CRT_STATUS + Status på certifikater + + + + CRT_CONFIG_ERROR + Der er et problem med opsætningen af dine certifikater, du bør kontrollere opsætning.]]> + + + + CRT_CONFIG_OK + Certifikater er klar til brug]]> + + + + CRT_ONLY + Kun certifikat + + + + CRT_WITH_PASS + Certifikat og login/adgangskode + + + + DESC_RULES_PAGE + - Give ham en fast IP addresse
- Konfigure gatewayens viderestilling
- Midlertidigt nægte adgang
]]> + + + + DESC_RULES + Aktuel regel]]> + +NO_RULE + + NO_RULE + Der er ingen regel]]> + + + + DESC_ADD_RULE_BUTTON + Tilføj en regel + + + + COMMON_NAME + Common name + + + + IP_ADDRESS + IP-adresse + + + + COMMENT + Kommentar + + + + GATEWAY_REDIRECTION + Gateway omadressering + + + + ACCESS + Adgang + + + + MODIFY + Ændre + + + + REMOVE + Fjern + + + + DYNAMIC + Dynamisk + + + + ENABLED + Aktiveret + + + + DISABLED + Deaktiveret + + + + ALLOWED + Tilladt + + + + DENIED + Blokeret + + + + DESC_ADD_OR_MODIFY_PAGE + Oprette eller ændre]]> + + + + DESC_COMMON_NAME + Angiv et 'common name'. Hvis en klient tilslutter med et certifikat som har dette 'common name', vil den tilsvarende opsætnig blive anvendt. + + + + DESC_COMMENT + Tilføj en kommentar (valgfri) + + + + DESC_RESERVED_IP + Angiver du en IP adresse, vil den blive anvendt til den klient som tilslutter sig med dette certifikat. Denne IP adresse skal være i dit lokale net (men må gerne være udenfor VPN-området). Du skal sikre at IP-adressen ikke anvendes af en anden vært på dit net. + + + + LABEL_RESERVED_IP + Reserveret IP-adresse + + + + DESC_GW_REDIRECTION + Advarsel: aktivering af denne mulighed kan sløve internetadgangen (for for såvel klienter som dine lokale net)]]> + + + + LABEL_GW_REDIRECTION + Gateway omadressering + + + + DESC_ACCESS + Du kan blokkere en klient midlertidigt. Dette tilbyder ikke nogen stærk sikkerhed. Ønsker du at nægte en klient permanet, bør du tilbagekalde det tilsvarende certifikatet. + + + + DESC_REMOVE_PAGE + Du er ved at fjerne følgende regel:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Genopfrisk + + + + ERROR_CONNECT_TO_MANAGER + Fejl under forsøg på at forbinde til manager. Kontroller at tjenesten kører.]]> + + + + NO_CLIENTS_CONNECTED + Der er aktuelt ikke tilsluttet nogen klienter.]]> + + + + DESC_CONFIG_PAGE + På denne side kan du opsætte tjenesten + + + + DESC_STATUS + Ønsker du at aktivere tjenesten? + + + + DESC_AUTH_TYPE + Vælg formen for autentificering. "Kun certifikat" er anvendelig hvis du ønsker at forbinde værter uden menneskelig indblanden, men der ydes ikke samme sikkerhed som ved "Certifikat og brugernavn/adgangskode" + + + + DESC_START_POOL + Du skal vælge et IP-adresseområde til VPN-klienter. Området skal ligge indenfor det lokale net. Sørg for at ingen IP-adresser i dette område bliver brugt af andre værter. Angiv den første IP-adresse + + + + LABEL_START_POOL + Første IP-adresse + + + + DESC_END_POOL + Angiv sidste IP-adresse + + + + LABEL_END_POOL + Sidste IP-adresse + + + + DESC_CRT_CONFIG_PAGE + - Et certificeringscenter (CA). Dette certifikat bruges til at kontrollere brugercertifikater
- Et server certifikat. Det vil blive præsenteret for brugeren så de er sikre på, at de forbinder til din server
- Den hemmelige nøgle tilknyttet servercertifikatet
- En Diffie-Helman parameter fil. Den vil tillade dynamisk nøgleudveksling
- En fælles hemmelig nøgle. Denne nøgle giver mulighed for ekstra TLS autencitet
]]> + + + + DESC_CA_PEM + Indtast master certifikat i PEM format + + + + DESC_CRT_PEM + Indtast server certifikat i PEM format + + + + DESC_KEY_PEM + Indtast server certifikatets hemmelige nøgle i PEM format + + + + DESC_DH_PEM + Indtast Diffie-Helman parametre + + + + DESC_TA_PEM + Indtast den statiske fælles nøgle. Denne nøgle vil blive brugt som supplerende autentificering. Nøglen er valgfri, men kan bruges til at højne sikkerheden + + + + SUCCESS + De nye indstillinger er gemt + + + + NOT_A_VALID_IP + Indtast et gyldigt IP nummer + + + + NOT_IN_LOCAL_NET + Indtast et IP nummer fra det lokale netværk + + + + SHOW_SAMPLE_CONFIG + Vis en fungerende klientkonfigurationsfil + + + + DESC_DISPLAY_CLIENT_CONF + Du må også downloade certifikatet i # PKCS12 format (som indeholder CA certifikatet, brugercertifikatet og brugerens hemmelige nøgle).
]]> + + + + REAL_IP + Reel IP adresse + + + + VIRTUAL_IP + VPN IP adresse + + + + SENT + Bytes sendt + + + + RECEIVED + Bytes modtaget + + + + CONNECTED_SINCE + Tilsluttet siden + + + + DISCONNECT + Afbryd + + + + BAD_VALUE + Fejl i værdi + + + + + CANCELED + Fortryd + + + + DESC_CLIENT_DISCONECT_PAGE + Du er ved at afbryde forbindelsen for denne bruger. Er du sikker? + + + + CLIENT_DISCONNECTED + Klientens forbindelse er afbrudt + + + + INVALID_CHARS + "{$string}" indeholder ugyldige karakterer + + + + BRIDGE_NOT_ENABLED + Bridge service skal være startet.
Følgende kommando vil starte bridge service:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" er ikke en gyldig URL + + + + DESC_CRL_URL + Indtast URL til at opdatere CRL. (hvis phpki ligger på den samme server, kan du bruge default værdien) + + + + LABEL_CRL_URL + URL til at opdatere CRL + + + + LABEL_CA_PEM + CA certifikat + + + + LABEL_CRT_PEM + Server certifikat + + + + LABEL_KEY_PEM + Servers hemmelige nøgle + + + + LABEL_DH_PEM + DH parametre + + + + LABEL_TA_PEM + Statisk nøgle + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + algoritme + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + Status på Mailman + + + UP + Up + + + SYSTEMD_RETURNED + Systemtjenester + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + Nuværende værdi + + + DEFAULT + standard + + + ERROR + Fejl + + + diff --git a/root/etc/e-smith/locale/de/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/de/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..d3b65aa --- /dev/null +++ b/root/etc/e-smith/locale/de/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Konfiguration von Bridged-OpenVPN-Dämon + + + + DESC_FIRST_PAGE + Der Bridge-Modus erlaubt VPN-Clients, eine IP-Adresse aus dem lokalen Netzwerk zu erhalten und damit Zugriff auf alle Ressourcen Ihres lokalen Netzwerks zu erlangen

]]> + + + + LABEL_STATUS + Status des Dienstes + + + + LABEL_AUTH_TYPE + Authentifizierungsmodus + + + + LABEL_IP_POOL + IP-Adressbereich + + + + DESC_RULE_BUTTON + Verwaltung der Konfigurationsregeln + + + + DESC_SHOW_CLIENTS_BUTTON + Verbundene Clients anzeigen + + + + DESC_CONFIG_BUTTON + Konfiguration des Dienstes + + + + DESC_CRT_CONFIG_BUTTON + Zertifikat-Konfiguration + + + + LABEL_CRT_STATUS + Zertifikate-Status + + + + CRT_CONFIG_ERROR + Es gibt ein Problem mit der Konfiguration Ihrer Zertifikate, Sie sollten diese überprüfen.]]> + + + + CRT_CONFIG_OK + Zertifikate sind bereit]]> + + + + CRT_ONLY + Nur Zertifikat + + + + CRT_WITH_PASS + Zertifikat und Login/Passwort + + + + DESC_RULES_PAGE + - Diesem eine feste IP-Adresse zuweisen
- Gateway Redirection konfigurieren
- Temporär den Zugriff verweigern
]]> + + + + DESC_RULES + Aktuelle Regeln]]> + +NO_RULE + + NO_RULE + Es gibt keine Regel]]> + + + + DESC_ADD_RULE_BUTTON + Regel hinzufügen + + + + COMMON_NAME + Common Name + + + + IP_ADDRESS + IP-Adresse + + + + COMMENT + Kommentar + + + + GATEWAY_REDIRECTION + Gateway Redirection + + + + ACCESS + Zugriff + + + + MODIFY + Ändern + + + + REMOVE + Entfernen + + + + DYNAMIC + Dynamisch + + + + ENABLED + Aktiviert + + + + DISABLED + Deaktiviert + + + + ALLOWED + Erlaubt + + + + DENIED + Verboten + + + + DESC_ADD_OR_MODIFY_PAGE + Erstellen oder ändern]]> + + + + DESC_COMMON_NAME + Geben Sie einen Common Name ein. Wenn sich ein Client mit einem Zertifikat verbindet, das den gleichen Common Name besitzt wird die zugehörige Konfiguration angewendet. + + + + DESC_COMMENT + Geben Sie einen Kommentar ein (optional) + + + + DESC_RESERVED_IP + Wenn Sie eine IP-Adresse angeben wird diese immer dem Client zugewiesen, der sich mittels dieses Zertifikats verbindet. Diese IP-Adresse muss aus Ihrem lokalen Netzwerk stammen (aber darf sich ausserhalb des VPN-Bereichs befinden). Stellen Sie sicher, dass diese IP nicht von einem anderen Rechner in Ihrem Netzwerk verwendet wird. + + + + LABEL_RESERVED_IP + Reservierte IP-Adresse + + + + DESC_GW_REDIRECTION + Warnung: Das Aktivieren dieser Option kann Ihren Internetzugang verlangsamen (sowohl für die Clients als auch für lokale Netzwerke) ]]> + + + + LABEL_GW_REDIRECTION + Gateway Redirection + + + + DESC_ACCESS + Sie können einen Client temporär blockieren. Dies stellt keine starke Sicherheitsmaßnahme dar. Wenn Sie einen Client dauerhaft blockieren wollen sollten Sie dessen Zertifikat zurückziehen (revoke). + + + + DESC_REMOVE_PAGE + Sie sind dabei, die folgende Regel zu entfernen: ]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Aktualisieren + + + + ERROR_CONNECT_TO_MANAGER + + + + + NO_CLIENTS_CONNECTED + Zur Zeit ist kein Client verbunden.]]> + + + + DESC_CONFIG_PAGE + Auf dieser Seite können Sie den Dienst konfigurieren + + + + DESC_STATUS + Wollen Sie den Dienst aktivieren? + + + + DESC_AUTH_TYPE + Wählen Sie einen Authentifizierungsmodus. "Nur Zertifikat" kann nützlich sein, wenn Sie Rechner ohne menschliches Zutun verbinden müssen, bietet aber nicht das gleiche Maß an Sicherheit wie "Zertifikat und Login/Passwort" + + + + DESC_START_POOL + Sie müssen einen IP-Adressbereich für die VPN-Clients auswählen. Der Bereich muss sich innerhalb des lokalen Netzwerks befinden. Bitte stellen Sie sicher, dass keine IP-Adresse innerhalb dieses Bereichs bereits von einem anderen Rechner verwendet wird. Geben Sie die erste IP-Adresse des Bereichs an + + + + LABEL_START_POOL + Erste IP-Adresse + + + + DESC_END_POOL + Geben Sie die letzte IP-Adresse an + + + + LABEL_END_POOL + Letzte IP-Adresse + + + + DESC_CRT_CONFIG_PAGE + - Ein authoritatives Zertifikat (CA). Dieses Zertifikat wird dazu verwendet, die Client-Zertifikate zu überprüfen
- Ein Server-Zertifikat. Dieses wird an den Client gesendet, damit dieser sicher sein kann ,dass er sich mit Ihrem Server verbindet
- Eine Diffie-Hellman-Parameter-Datei. Diese ermöglicht einen dynamischen Schlüsselaustausch
- Einen geteilten geheimen Schlüssel. Dieser Schlüssel erlaubt eine zusätzliche Authentifizierung mittels TLS Authentifizierung
]]> + + + + DESC_CA_PEM + Geben Sie das Master-Zertifikat im PEM-Format ein + + + + DESC_CRT_PEM + Geben Sie das Server-Zertifikat im PEM-Format ein + + + + DESC_KEY_PEM + Geben Sie den zum Server-Zertifikat gehörigen geheimen Schlüssel im PEM-Format ein + + + + DESC_DH_PEM + Geben Sie die Diffie-Hellman-Parameter ein + + + + DESC_TA_PEM + Geben Sie den statischen geteilten Schlüssel ein. Dieser Schlüssel wird für eine zusätzliche Authentifizierung verwendet. Dieser Schlüssel ist optional, bietet aber einen Zugewinn an Sicherheit + + + + SUCCESS + Die neuen Einstellungen wurden gespeichert + + + + NOT_A_VALID_IP + Sie müssen eine gültige IP angeben + + + + NOT_IN_LOCAL_NET + Sie müssen eine IP-Adresse aus Ihrem lokalen Netzwerk angeben + + + + SHOW_SAMPLE_CONFIG + Zeige eine funktionierende Client-Konfigurationsdatei an + + + + DESC_DISPLAY_CLIENT_CONF + Sie müssen ebenfalls die Zertifikatsdatei im # PKCS12-Format herunterladen (diese enthält das CA-Zertifikat, das Benutzerzertifikat und den geheimen Schlüssel des Benutzers).
]]> + + + + REAL_IP + Reale IP-Adresse + + + + VIRTUAL_IP + VPN-IP-Adresse + + + + SENT + Gesendete Bytes + + + + RECEIVED + Empfangene Bytes + + + + CONNECTED_SINCE + Verbunden seit + + + + DISCONNECT + Trennen + + + + BAD_VALUE + Ungültiger Wert + + + + + CANCELED + Abgebrochen + + + + DESC_CLIENT_DISCONECT_PAGE + Sie sind dabei, diesen Benutzer zu trennen. Sind Sie sicher dass Sie fortfahren möchten? + + + + CLIENT_DISCONNECTED + Der Client wurde getrennt + + + + INVALID_CHARS + "{$string}" enthält nicht erlaubte Zeichen + + + + BRIDGE_NOT_ENABLED + Der Bridge-Dienst muss aktiviert sein.
Mit folgenden Befehlen können Sie ihn aktivieren:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" ist keine gültige URL + + + + DESC_CRL_URL + Geben Sie die URL für die Aktualisierung der CRL ein (wenn phpki auf dem selben Server läuft können Sie die Standardeinstellung belassen) + + + + LABEL_CRL_URL + URL für die Aktualisierung der CRL + + + + LABEL_CA_PEM + CA-Zertifikat + + + + LABEL_CRT_PEM + Server-Zertifikat + + + + LABEL_KEY_PEM + Privater Schlüssel des Servers + + + + LABEL_DH_PEM + DH-Parameter + + + + LABEL_TA_PEM + Statischer Schlüssel + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + Algorithmus + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + Anmeldestatus + + + UP + Up + + + SYSTEMD_RETURNED + System Dienste + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + Aktueller Wert + + + DEFAULT + Fehler + + + ERROR + Fehler + + + diff --git a/root/etc/e-smith/locale/el/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/el/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..bc5aa49 --- /dev/null +++ b/root/etc/e-smith/locale/el/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Bridged OpenVPN daemon configuration + + + + DESC_FIRST_PAGE + Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.

]]> + + + + LABEL_STATUS + Service Status + + + + LABEL_AUTH_TYPE + Authentication mode + + + + LABEL_IP_POOL + IP Address range + + + + DESC_RULE_BUTTON + Configuration rules management + + + + DESC_SHOW_CLIENTS_BUTTON + Display connected clients + + + + DESC_CONFIG_BUTTON + Service configuration + + + + DESC_CRT_CONFIG_BUTTON + Certificates configuration + + + + LABEL_CRT_STATUS + Certificates status + + + + CRT_CONFIG_ERROR + There's a problem with the configuration of your certificates, you should check it.]]> + + + + CRT_CONFIG_OK + Certificates are ready]]> + + + + CRT_ONLY + Certificate only + + + + CRT_WITH_PASS + Certificate and login/password + + + + DESC_RULES_PAGE + - Give him a fixed IP address
- Configure the gateway redirection
- Temporarily denied the access
]]> + + + + DESC_RULES + Actual rules]]> + +NO_RULE + + NO_RULE + There's no rule]]> + + + + DESC_ADD_RULE_BUTTON + Add a rule + + + + COMMON_NAME + Common Name + + + + IP_ADDRESS + Διεύθυνση IP + + + + COMMENT + Σχόλιο + + + + GATEWAY_REDIRECTION + Gateway Redirection + + + + ACCESS + Πρόσβαση + + + + MODIFY + Τροποποίηση + + + + REMOVE + Διαγραφή + + + + DYNAMIC + Dynamic + + + + ENABLED + Ενεργοποιήθηκε + + + + DISABLED + Απενεργοποιημένος/η/ο + + + + ALLOWED + Allowed + + + + DENIED + Denied + + + + DESC_ADD_OR_MODIFY_PAGE + Create or modify]]> + + + + DESC_COMMON_NAME + Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied. + + + + DESC_COMMENT + Enter a comment (Optional) + + + + DESC_RESERVED_IP + If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network. + + + + LABEL_RESERVED_IP + Reserved IP Address + + + + DESC_GW_REDIRECTION + Warning: enabling this option can slow down your internet access (for both your client and your local networks)]]> + + + + LABEL_GW_REDIRECTION + Gateway redirection + + + + DESC_ACCESS + You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate. + + + + DESC_REMOVE_PAGE + You are about to remove the following rule:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Refresh + + + + ERROR_CONNECT_TO_MANAGER + An error occured while connecting to the manager. Check the service is running.]]> + + + + NO_CLIENTS_CONNECTED + There's no client connected at this time.]]> + + + + DESC_CONFIG_PAGE + This page lets you configure the service + + + + DESC_STATUS + Do you want to enable the service? + + + + DESC_AUTH_TYPE + Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides + + + + DESC_START_POOL + You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address + + + + LABEL_START_POOL + First IP Address + + + + DESC_END_POOL + Enter the last IP Address + + + + LABEL_END_POOL + Last IP Address + + + + DESC_CRT_CONFIG_PAGE + - An authoritative certificate (CA). This certificate is used to check the clients certificates
- A server certificate. It will be presented to the client so they are sure they are connecting to your server
- The secret key associated with the server certificate
- A Diffie-Helman parameter file. It will allow dynamic key exchange
- A shared secret key. This key will allow an additional TLS authentication
]]> + + + + DESC_CA_PEM + Enter the master certificate in pem format + + + + DESC_CRT_PEM + Enter the server certificate in pem format + + + + DESC_KEY_PEM + Enter the secret key associated with the server certificate, in pem format + + + + DESC_DH_PEM + Enter Diffie-Helman parameters + + + + DESC_TA_PEM + Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security + + + + SUCCESS + The new settings have been saved + + + + NOT_A_VALID_IP + You have to enter a valid IP number + + + + NOT_IN_LOCAL_NET + You have to enter an IP address in your local network + + + + SHOW_SAMPLE_CONFIG + Display a functional client configuration file + + + + DESC_DISPLAY_CLIENT_CONF + You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).
]]> + + + + REAL_IP + Real IP address + + + + VIRTUAL_IP + VPN IP address + + + + SENT + Bytes sent + + + + RECEIVED + Bytes received + + + + CONNECTED_SINCE + Connected since + + + + DISCONNECT + Disconnect + + + + BAD_VALUE + Incorrect value + + + + + CANCELED + Cancelled + + + + DESC_CLIENT_DISCONECT_PAGE + Είστε σίγουροι ότι επιθυμείτε να συνεχίσετε; ]]> + + + + CLIENT_DISCONNECTED + The client has been disconnected + + + + INVALID_CHARS + "{$string}" contains forbiden characters + + + + BRIDGE_NOT_ENABLED + The bridge service must be enabled.
The following commands will enable it:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" isn't a valid URL + + + + DESC_CRL_URL + Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value) + + + + LABEL_CRL_URL + URL to update the CRL + + + + LABEL_CA_PEM + CA certificate + + + + LABEL_CRT_PEM + Server certificate + + + + LABEL_KEY_PEM + Server private key + + + + LABEL_DH_PEM + DH parameters + + + + LABEL_TA_PEM + Static key + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + Κατάσταση σύνδεσης + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + Τρέχουσα τιμή + + + DEFAULT + Προεπιλογή + + + ERROR + Σφάλμα + + + diff --git a/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..a99eeb2 --- /dev/null +++ b/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,468 @@ + + + FORM_TITLE + Bridged OpenVPN daemon configuration + + + + DESC_FIRST_PAGE + +Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.

]]> + + + + LABEL_STATUS + Service Status + + + + LABEL_AUTH_TYPE + Authentication mode + + + + LABEL_IP_POOL + IP Address range + + + + DESC_RULE_BUTTON + Configuration rules management + + + + DESC_SHOW_CLIENTS_BUTTON + Display connected clients + + + + DESC_CONFIG_BUTTON + Service configuration + + + + DESC_CRT_CONFIG_BUTTON + Certificates configuration + + + + LABEL_CRT_STATUS + Certificates status + + + + CRT_CONFIG_ERROR + There's a problem with the configuration of your certificates, you should check it.]]> + + + + CRT_CONFIG_OK + Certificates are ready]]> + + + + CRT_ONLY + Certificate only + + + + CRT_WITH_PASS + Certificate and login/password + + + + DESC_RULES_PAGE + +- Give him a fixed IP address
+- Configure the gateway redirection
+- Temporarily denied the access
+]]> + + + + + DESC_RULES + Actual rules]]> + +NO_RULE + + NO_RULE + There's no rule]]> + + + + DESC_ADD_RULE_BUTTON + Add a rule + + + + COMMON_NAME + Common Name + + + + IP_ADDRESS + IP Address + + + + COMMENT + Comment + + + + GATEWAY_REDIRECTION + Gateway Redirection + + + + ACCESS + Access + + + + MODIFY + Modify + + + + REMOVE + Remove + + + + DYNAMIC + Dynamic + + + + ENABLED + Enabled + + + + DISABLED + Disabled + + + + ALLOWED + Allowed + + + + DENIED + Denied + + + + DESC_ADD_OR_MODIFY_PAGE + Create or modify]]> + + + + DESC_COMMON_NAME + Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied. + + + + DESC_COMMENT + Enter a comment (Optional) + + + + DESC_RESERVED_IP + If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network. + + + + LABEL_RESERVED_IP + Reserved IP Address + + + + DESC_GW_REDIRECTION + Warning: enabling this option can slow down your internet access (for both your client and your local networks)]]> + + + + + LABEL_GW_REDIRECTION + Gateway redirection + + + + DESC_ACCESS + You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate. + + + + + DESC_REMOVE_PAGE + You are about to remove the following rule:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Refresh + + + + ERROR_CONNECT_TO_MANAGER + An error occured while connecting to the manager. Check the service is running.]]> + + + + NO_CLIENTS_CONNECTED + There's no client connected at this time.]]> + + + + DESC_CONFIG_PAGE + This page lets you configure the service + + + + DESC_STATUS + Do you want to enable the service? + + + + DESC_AUTH_TYPE + Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides + + + + DESC_START_POOL + You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check +that none IP address in this range is used by another host. Enter the first IP Address + + + + LABEL_START_POOL + First IP Address + + + + DESC_END_POOL + Enter the last IP Address + + + + LABEL_END_POOL + Last IP Address + + + + DESC_CRT_CONFIG_PAGE + +- An authoritative certificate (CA). This certificate is used to check the clients certificates
+- A server certificate. It will be presented to the client so they are sure they are connecting to your server
+- The secret key associated with the server certificate
+- A Diffie-Helman parameter file. It will allow dynamic key exchange
+- A shared secret key. This key will allow an additional TLS authentication
]]> + + + + + DESC_CA_PEM + Enter the master certificate in pem format + + + + DESC_CRT_PEM + Enter the server certificate in pem format + + + + DESC_KEY_PEM + Enter the secret key associated with the server certificate, in pem format + + + + DESC_DH_PEM + Enter Diffie-Helman parameters + + + + DESC_TA_PEM + Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security + + + + SUCCESS + The new settings have been saved + + + + NOT_A_VALID_IP + You have to enter a valid IP number + + + + NOT_IN_LOCAL_NET + You have to enter an IP address in your local network + + + + SHOW_SAMPLE_CONFIG + Display a functional client configuration file + + + + DESC_DISPLAY_CLIENT_CONF + You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).
]]> + + + + REAL_IP + Real IP address + + + + VIRTUAL_IP + VPN IP address + + + + SENT + Bytes sent + + + + RECEIVED + Bytes received + + + + CONNECTED_SINCE + Connected since + + + + DISCONNECT + Disconnect + + + + BAD_VALUE + Incorrect value + + + + + CANCELED + Cancelled + + + + DESC_CLIENT_DISCONECT_PAGE + You are going to diconnect this user. Are you sure you want to continue? + + + + CLIENT_DISCONNECTED + The client has been disconnected + + + + INVALID_CHARS + "{$string}" contains forbiden characters + + + + BRIDGE_NOT_ENABLED + The bridge service must be enabled.
The following commands will enable it:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" isn't a valid URL + + + + DESC_CRL_URL + Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value) + + + + LABEL_CRL_URL + URL to update the CRL + + + + LABEL_CA_PEM + CA certificate + + + + LABEL_CRT_PEM + Server certificate + + + + LABEL_KEY_PEM + Server private key + + + + LABEL_DH_PEM + DH parameters + + + + LABEL_TA_PEM + Static key + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + Link status + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + Sugested value + + + DEFAULT + Default + + + ERROR + Error + + + diff --git a/root/etc/e-smith/locale/es/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/es/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..b96a17d --- /dev/null +++ b/root/etc/e-smith/locale/es/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Bridged OpenVPN daemon configuration + + + + DESC_FIRST_PAGE + Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.

]]> + + + + LABEL_STATUS + Estado del Servicio + + + + LABEL_AUTH_TYPE + Authentication mode + + + + LABEL_IP_POOL + IP Address range + + + + DESC_RULE_BUTTON + Configuration rules management + + + + DESC_SHOW_CLIENTS_BUTTON + Display connected clients + + + + DESC_CONFIG_BUTTON + Service configuration + + + + DESC_CRT_CONFIG_BUTTON + Certificates configuration + + + + LABEL_CRT_STATUS + Certificates status + + + + CRT_CONFIG_ERROR + There's a problem with the configuration of your certificates, you should check it.]]> + + + + CRT_CONFIG_OK + Certificates are ready]]> + + + + CRT_ONLY + Certificate only + + + + CRT_WITH_PASS + Certificate and login/password + + + + DESC_RULES_PAGE + - Give him a fixed IP address
- Configure the gateway redirection
- Temporarily denied the access
]]> + + + + DESC_RULES + Actual rules]]> + +NO_RULE + + NO_RULE + There's no rule]]> + + + + DESC_ADD_RULE_BUTTON + Add a rule + + + + COMMON_NAME + Nombre Común + + + + IP_ADDRESS + Dirección IP + + + + COMMENT + Comentario + + + + GATEWAY_REDIRECTION + Pasarela de Redirección + + + + ACCESS + Acceso + + + + MODIFY + Modificar + + + + REMOVE + Eliminar + + + + DYNAMIC + Dinámico + + + + ENABLED + Habilitado + + + + DISABLED + Deshabilitado + + + + ALLOWED + Permitido + + + + DENIED + Denegado + + + + DESC_ADD_OR_MODIFY_PAGE + Create or modify]]> + + + + DESC_COMMON_NAME + Introduzca un nombre común. Si un cliente conecta con un certificado que tiene éste nombre común, entonces se aplicará la configuración correspondiente. + + + + DESC_COMMENT + Introducir un comentario (Opcional) + + + + DESC_RESERVED_IP + If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network. + + + + LABEL_RESERVED_IP + Reserved IP Address + + + + DESC_GW_REDIRECTION + Warning: enabling this option can slow down your internet access (for both your client and your local networks)]]> + + + + LABEL_GW_REDIRECTION + Gateway redirection + + + + DESC_ACCESS + You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate. + + + + DESC_REMOVE_PAGE + You are about to remove the following rule:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Recargar + + + + ERROR_CONNECT_TO_MANAGER + An error occured while connecting to the manager. Check the service is running.]]> + + + + NO_CLIENTS_CONNECTED + There's no client connected at this time.]]> + + + + DESC_CONFIG_PAGE + This page lets you configure the service + + + + DESC_STATUS + ¿ Desea reenviar estos correos ? + + + + DESC_AUTH_TYPE + Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides + + + + DESC_START_POOL + You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address + + + + LABEL_START_POOL + First IP Address + + + + DESC_END_POOL + Introduzca la última dirección IP + + + + LABEL_END_POOL + Last IP Address + + + + DESC_CRT_CONFIG_PAGE + - An authoritative certificate (CA). This certificate is used to check the clients certificates
- A server certificate. It will be presented to the client so they are sure they are connecting to your server
- The secret key associated with the server certificate
- A Diffie-Helman parameter file. It will allow dynamic key exchange
- A shared secret key. This key will allow an additional TLS authentication
]]> + + + + DESC_CA_PEM + Enter the master certificate in pem format + + + + DESC_CRT_PEM + Enter the server certificate in pem format + + + + DESC_KEY_PEM + Enter the secret key associated with the server certificate, in pem format + + + + DESC_DH_PEM + Enter Diffie-Helman parameters + + + + DESC_TA_PEM + Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security + + + + SUCCESS + The new settings have been saved + + + + NOT_A_VALID_IP + You have to enter a valid IP number + + + + NOT_IN_LOCAL_NET + You have to enter an IP address in your local network + + + + SHOW_SAMPLE_CONFIG + Mostrar un archivo de configuración funcional de cliente + + + + DESC_DISPLAY_CLIENT_CONF + You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).
]]> + + + + REAL_IP + Real IP address + + + + VIRTUAL_IP + VPN IP address + + + + SENT + Bytes sent + + + + RECEIVED + Bytes received + + + + CONNECTED_SINCE + Connected since + + + + DISCONNECT + Desconectar + + + + BAD_VALUE + Incorrect value + + + + + CANCELED + Cancelled + + + + DESC_CLIENT_DISCONECT_PAGE + ¿Está seguro de que desea continuar? ]]> + + + + CLIENT_DISCONNECTED + The client has been disconnected + + + + INVALID_CHARS + "{$string}" contains forbiden characters + + + + BRIDGE_NOT_ENABLED + The bridge service must be enabled.
The following commands will enable it:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" isn't a valid URL + + + + DESC_CRL_URL + Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value) + + + + LABEL_CRL_URL + URL to update the CRL + + + + LABEL_CA_PEM + CA certificate + + + + LABEL_CRT_PEM + Server certificate + + + + LABEL_KEY_PEM + Server private key + + + + LABEL_DH_PEM + DH parameters + + + + LABEL_TA_PEM + Static key + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + algoritmo + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + estado de la sesión + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + Valor actual + + + DEFAULT + Predeterminado + + + ERROR + Error + + + diff --git a/root/etc/e-smith/locale/et/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/et/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..0ee6d47 --- /dev/null +++ b/root/etc/e-smith/locale/et/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Bridged OpenVPN daemon configuration + + + + DESC_FIRST_PAGE + Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.

]]> + + + + LABEL_STATUS + Service Status + + + + LABEL_AUTH_TYPE + Authentication mode + + + + LABEL_IP_POOL + IP Address range + + + + DESC_RULE_BUTTON + Configuration rules management + + + + DESC_SHOW_CLIENTS_BUTTON + Display connected clients + + + + DESC_CONFIG_BUTTON + Service configuration + + + + DESC_CRT_CONFIG_BUTTON + Certificates configuration + + + + LABEL_CRT_STATUS + Certificates status + + + + CRT_CONFIG_ERROR + There's a problem with the configuration of your certificates, you should check it.]]> + + + + CRT_CONFIG_OK + Certificates are ready]]> + + + + CRT_ONLY + Certificate only + + + + CRT_WITH_PASS + Certificate and login/password + + + + DESC_RULES_PAGE + - Give him a fixed IP address
- Configure the gateway redirection
- Temporarily denied the access
]]> + + + + DESC_RULES + Actual rules]]> + +NO_RULE + + NO_RULE + There's no rule]]> + + + + DESC_ADD_RULE_BUTTON + Add a rule + + + + COMMON_NAME + Common Name + + + + IP_ADDRESS + IP aadress + + + + COMMENT + Kommentaar + + + + GATEWAY_REDIRECTION + Gateway Redirection + + + + ACCESS + Juurdepääs + + + + MODIFY + Muuda + + + + REMOVE + Eemalda + + + + DYNAMIC + Dynamic + + + + ENABLED + Lubatud + + + + DISABLED + Keelatud + + + + ALLOWED + Allowed + + + + DENIED + Denied + + + + DESC_ADD_OR_MODIFY_PAGE + Create or modify]]> + + + + DESC_COMMON_NAME + Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied. + + + + DESC_COMMENT + Enter a comment (Optional) + + + + DESC_RESERVED_IP + If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network. + + + + LABEL_RESERVED_IP + Reserved IP Address + + + + DESC_GW_REDIRECTION + Warning: enabling this option can slow down your internet access (for both your client and your local networks)]]> + + + + LABEL_GW_REDIRECTION + Gateway redirection + + + + DESC_ACCESS + You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate. + + + + DESC_REMOVE_PAGE + You are about to remove the following rule:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Värskenda + + + + ERROR_CONNECT_TO_MANAGER + An error occured while connecting to the manager. Check the service is running.]]> + + + + NO_CLIENTS_CONNECTED + There's no client connected at this time.]]> + + + + DESC_CONFIG_PAGE + This page lets you configure the service + + + + DESC_STATUS + Do you want to enable the service? + + + + DESC_AUTH_TYPE + Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides + + + + DESC_START_POOL + You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address + + + + LABEL_START_POOL + First IP Address + + + + DESC_END_POOL + Enter the last IP Address + + + + LABEL_END_POOL + Last IP Address + + + + DESC_CRT_CONFIG_PAGE + - An authoritative certificate (CA). This certificate is used to check the clients certificates
- A server certificate. It will be presented to the client so they are sure they are connecting to your server
- The secret key associated with the server certificate
- A Diffie-Helman parameter file. It will allow dynamic key exchange
- A shared secret key. This key will allow an additional TLS authentication
]]> + + + + DESC_CA_PEM + Enter the master certificate in pem format + + + + DESC_CRT_PEM + Enter the server certificate in pem format + + + + DESC_KEY_PEM + Enter the secret key associated with the server certificate, in pem format + + + + DESC_DH_PEM + Enter Diffie-Helman parameters + + + + DESC_TA_PEM + Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security + + + + SUCCESS + The new settings have been saved + + + + NOT_A_VALID_IP + You have to enter a valid IP number + + + + NOT_IN_LOCAL_NET + You have to enter an IP address in your local network + + + + SHOW_SAMPLE_CONFIG + Display a functional client configuration file + + + + DESC_DISPLAY_CLIENT_CONF + You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).
]]> + + + + REAL_IP + Real IP address + + + + VIRTUAL_IP + VPN IP address + + + + SENT + Bytes sent + + + + RECEIVED + Bytes received + + + + CONNECTED_SINCE + Connected since + + + + DISCONNECT + Disconnect + + + + BAD_VALUE + Incorrect value + + + + + CANCELED + Cancelled + + + + DESC_CLIENT_DISCONECT_PAGE + Oled kindel, et tahad jätkata? ]]> + + + + CLIENT_DISCONNECTED + The client has been disconnected + + + + INVALID_CHARS + "{$string}" contains forbiden characters + + + + BRIDGE_NOT_ENABLED + The bridge service must be enabled.
The following commands will enable it:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" isn't a valid URL + + + + DESC_CRL_URL + Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value) + + + + LABEL_CRL_URL + URL to update the CRL + + + + LABEL_CA_PEM + CA certificate + + + + LABEL_CRT_PEM + Server certificate + + + + LABEL_KEY_PEM + Server private key + + + + LABEL_DH_PEM + DH parameters + + + + LABEL_TA_PEM + Static key + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + logimise staatus + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + Hetke väärtus + + + DEFAULT + Vaikimisi + + + ERROR + Viga + + + diff --git a/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..4c9bf02 --- /dev/null +++ b/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Configuration du démon OpenVPN en mode Bridge + + + + DESC_FIRST_PAGE + Le mode permet à vos clients d'obtenir une adresse IP sur le réseau interne, et ainsi d'accéder à toutes les ressources normalement réservées aux utilisateurs internes.

]]> + + + + LABEL_STATUS + État du service + + + + LABEL_AUTH_TYPE + Mode d'authentification + + + + LABEL_IP_POOL + Plage d'adresses IP + + + + DESC_RULE_BUTTON + Gestion des règles de configuration + + + + DESC_SHOW_CLIENTS_BUTTON + Afficher les clients connectés + + + + DESC_CONFIG_BUTTON + Configuration du service + + + + DESC_CRT_CONFIG_BUTTON + Configuration des certificats + + + + LABEL_CRT_STATUS + État des certificats + + + + CRT_CONFIG_ERROR + La configuration des certificats ne semble pas correct, veuillez la vérifier.]]> + + + + CRT_CONFIG_OK + Les certificats sont en place]]> + + + + CRT_ONLY + Certificat uniquement + + + + CRT_WITH_PASS + Certificat et nom d'utilisateur/mot de passe + + + + DESC_RULES_PAGE + - Attribuer une adresse IP fixe
- Configurer la redirection de passerelle
- Bloquer temporairement l'accès
]]> + + + + DESC_RULES + Règles actuelles]]> + +NO_RULE + + NO_RULE + Il n'y a aucune règle définie]]> + + + + DESC_ADD_RULE_BUTTON + Ajouter une règle + + + + COMMON_NAME + Nom Commun + + + + IP_ADDRESS + Adresse IP + + + + COMMENT + Commentaire + + + + GATEWAY_REDIRECTION + Redirection de passerelle + + + + ACCESS + Accès + + + + MODIFY + Modifier + + + + REMOVE + Supprimer + + + + DYNAMIC + Dynamique + + + + ENABLED + Activé + + + + DISABLED + Désactivé + + + + ALLOWED + Autorisé + + + + DENIED + Refusé + + + + DESC_ADD_OR_MODIFY_PAGE + Créer ou modifier]]> + + + + DESC_COMMON_NAME + Entrez un nom commun. Si un client présente un certificat portant ce nom commun, la configuration correspondante sera appliquée. + + + + DESC_COMMENT + Entrez un commentaire (optionnel) + + + + DESC_RESERVED_IP + Si vous entrez une adresse IP, elle sera toujours affectée au client présentant ce certificat. L'adresse doit faire partie du réseau local (mais peut être en dehors de l'intervalle VPN). Assurez-vous que cette adresse n'est pas utilisée par une autre machine de votre réseau. + + + + LABEL_RESERVED_IP + Adresse IP réservée + + + + DESC_GW_REDIRECTION + Attention : l'activation de cette option peut ralentir votre accès internet (à la fois pour votre client, et pour vos réseaux locaux)]]> + + + + LABEL_GW_REDIRECTION + Redirection de passerelle + + + + DESC_ACCESS + Vous pouvez bloquer un client de façon temporaire. Ce blocage n'offre pas une sécurité forte. Si vous voulez bloquer un client de façon permanente, il est conseillé de révoquer son certificat. + + + + DESC_REMOVE_PAGE + Vous êtes sur le point de supprimer la règle suivante :]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Rafraîchir + + + + ERROR_CONNECT_TO_MANAGER + Une erreur est survenue lors de la connexion à l'interface de contrôle. Vérifiez que le service est activé.]]> + + + + NO_CLIENTS_CONNECTED + Il n'y a aucun client connecté actuellement.]]> + + + + DESC_CONFIG_PAGE + Cette page vous permet de configurer le service + + + + DESC_STATUS + Voulez-vous activer le service ? + + + + DESC_AUTH_TYPE + Choisissez le mode d'authentification des clients. Le mode "certificat uniquement" peut être utile si vous avez besoin de connecter certaines machines sans intervention humaine, mais il n'offre pas la même sécurité que le mode "certificat et nom d'utilisateur/mot de passe" + + + + DESC_START_POOL + Vous devez choisir une plage d'adresses IP pour les clients VPN. Cette plage doit faire partie du réseau local. Vérifier qu'aucune adresse parmi cette plage n'est utilisée par une autre machine. Entrez ici l'adresse du début de la plage + + + + LABEL_START_POOL + Adresse IP de début + + + + DESC_END_POOL + Entrez l'adresse IP de fin de plage + + + + LABEL_END_POOL + Adresse IP de fin + + + + DESC_CRT_CONFIG_PAGE + - Un certificat d'une autorité de certification (CA). C'est lui qui permettra de vérifier que les clients sont de confiance
- Un certificat serveur. C'est lui qui sera présenté aux clients
- Une clef secrète associée au certificat du serveur
- Un fichier de paramètre Diffie-Helman. Il permettra l'échange de clef de session
- Une clef partagée. Cette clef permet d'utiliser une authentification TLS supplémentaire
]]> + + + + DESC_CA_PEM + Copiez ici le certificat de l'autorité de certification (cacert.pem) au format pem + + + + DESC_CRT_PEM + Copiez ici le certificat du serveur au format pem + + + + DESC_KEY_PEM + Copiez ici la clef secrète associée au certificat ci-dessus, au format pem + + + + DESC_DH_PEM + Copiez ici les paramètres Diffie-Helman + + + + DESC_TA_PEM + Copiez ici la clef statique partagée. Cette clef sera utilisée pour une authentification supplémentaire. Cette clef est optionnelle mais elle peut renforcer la sécurité + + + + SUCCESS + Les nouveaux paramètres ont été appliqués avec succès + + + + NOT_A_VALID_IP + Veuillez entrer une adresse IP valide + + + + NOT_IN_LOCAL_NET + Vous devez entrez une adresse IP de votre réseau local + + + + SHOW_SAMPLE_CONFIG + Afficher un fichier de configuration client fonctionnel + + + + DESC_DISPLAY_CLIENT_CONF + Vous devez également télécharger sur le poste du client le fichier de certification au format #PKCS12 (qui comprend le certificat de l'AC, le certificat utilisateur et la clef privée de l'utilisateur).
]]> + + + + REAL_IP + Adresse IP réelle + + + + VIRTUAL_IP + Adresse IP VPN + + + + SENT + Bits envoyés + + + + RECEIVED + Bits reçus + + + + CONNECTED_SINCE + Connecté depuis + + + + DISCONNECT + Déconnecter + + + + BAD_VALUE + Valeur incorrecte + + + + + CANCELED + Annulé + + + + DESC_CLIENT_DISCONECT_PAGE + Vous êtes sur le point de déconnecter cet utilisateur. Êtes-vous sûre de vouloir le faire ? + + + + CLIENT_DISCONNECTED + Le client a été déconnecté + + + + INVALID_CHARS + "{$string}" comporte des caractères non autorisés + + + + BRIDGE_NOT_ENABLED + Le service bridge doit être activé.
Les commandes suivantes permettrons de l'activer :
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" n'est pas une URL valide + + + + DESC_CRL_URL + Entrez ici l'URL de mise à jour de la CRL. (Si phpki est installé sur la même machine, vous pouvez laisser la valeur par défaut) + + + + LABEL_CRL_URL + URL de mise à jour de la CRL + + + + LABEL_CA_PEM + Certificat de l'AC (autorité de certification) + + + + LABEL_CRT_PEM + Certificat du serveur + + + + LABEL_KEY_PEM + Clef privée du serveur + + + + LABEL_DH_PEM + Paramètres DH + + + + LABEL_TA_PEM + Clef statique + + + DESC_HMAC + HMAC fait partie du cryptage du canal de données pour openvpn (où vos données voyagent) après cryptage avec le chiffrement. La valeur par défaut est le SHA1 non sécurisé, nous vous suggérons d'utiliser au moins SHA256. Ce paramètre doit correspondre à la fois sur le serveur et le client + + + LABEL_HMAC + Algorithme HMAC + + + DESC_CIPHER + Le chiffrement (cipher) utilisé pour votre canal de données pour openvpn. La valeur par défaut est d'utiliser l'algorithme BlowFish non sécurisé. Nous vous suggérons l'AES-128-CBC ou supérieur. Ce paramètre doit correspondre à la fois sur le serveur et sur le client. + + + LABEL_CIPHER + Algorithme de cryptage par chiffrement + + + LINK + Statut de connexion + + + UP + En ligne + + + SYSTEMD_RETURNED + Systemd montre le service comme + + + CHANGEME_INSECURE + Veuillez modifier ce paramètre non sécurisé + + + SUGGESTED + Valeur suggérée + + + DEFAULT + Par défaut + + + ERROR + Erreur + + + diff --git a/root/etc/e-smith/locale/he/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/he/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..73b2757 --- /dev/null +++ b/root/etc/e-smith/locale/he/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Bridged OpenVPN daemon configuration + + + + DESC_FIRST_PAGE + Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.

]]> + + + + LABEL_STATUS + Service Status + + + + LABEL_AUTH_TYPE + Authentication mode + + + + LABEL_IP_POOL + IP Address range + + + + DESC_RULE_BUTTON + Configuration rules management + + + + DESC_SHOW_CLIENTS_BUTTON + Display connected clients + + + + DESC_CONFIG_BUTTON + Service configuration + + + + DESC_CRT_CONFIG_BUTTON + Certificates configuration + + + + LABEL_CRT_STATUS + Certificates status + + + + CRT_CONFIG_ERROR + There's a problem with the configuration of your certificates, you should check it.]]> + + + + CRT_CONFIG_OK + Certificates are ready]]> + + + + CRT_ONLY + Certificate only + + + + CRT_WITH_PASS + Certificate and login/password + + + + DESC_RULES_PAGE + - Give him a fixed IP address
- Configure the gateway redirection
- Temporarily denied the access
]]> + + + + DESC_RULES + Actual rules]]> + +NO_RULE + + NO_RULE + There's no rule]]> + + + + DESC_ADD_RULE_BUTTON + Add a rule + + + + COMMON_NAME + Common Name + + + + IP_ADDRESS + כתובת IP + + + + COMMENT + Comment + + + + GATEWAY_REDIRECTION + Gateway Redirection + + + + ACCESS + Access + + + + MODIFY + שנה + + + + REMOVE + הסרה + + + + DYNAMIC + Dynamic + + + + ENABLED + Enabled + + + + DISABLED + Disabled + + + + ALLOWED + Allowed + + + + DENIED + Denied + + + + DESC_ADD_OR_MODIFY_PAGE + Create or modify]]> + + + + DESC_COMMON_NAME + Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied. + + + + DESC_COMMENT + Enter a comment (Optional) + + + + DESC_RESERVED_IP + If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network. + + + + LABEL_RESERVED_IP + Reserved IP Address + + + + DESC_GW_REDIRECTION + Warning: enabling this option can slow down your internet access (for both your client and your local networks)]]> + + + + LABEL_GW_REDIRECTION + Gateway redirection + + + + DESC_ACCESS + You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate. + + + + DESC_REMOVE_PAGE + You are about to remove the following rule:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + רענון + + + + ERROR_CONNECT_TO_MANAGER + An error occured while connecting to the manager. Check the service is running.]]> + + + + NO_CLIENTS_CONNECTED + There's no client connected at this time.]]> + + + + DESC_CONFIG_PAGE + This page lets you configure the service + + + + DESC_STATUS + Do you want to enable the service? + + + + DESC_AUTH_TYPE + Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides + + + + DESC_START_POOL + You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address + + + + LABEL_START_POOL + First IP Address + + + + DESC_END_POOL + Enter the last IP Address + + + + LABEL_END_POOL + Last IP Address + + + + DESC_CRT_CONFIG_PAGE + - An authoritative certificate (CA). This certificate is used to check the clients certificates
- A server certificate. It will be presented to the client so they are sure they are connecting to your server
- The secret key associated with the server certificate
- A Diffie-Helman parameter file. It will allow dynamic key exchange
- A shared secret key. This key will allow an additional TLS authentication
]]> + + + + DESC_CA_PEM + Enter the master certificate in pem format + + + + DESC_CRT_PEM + Enter the server certificate in pem format + + + + DESC_KEY_PEM + Enter the secret key associated with the server certificate, in pem format + + + + DESC_DH_PEM + Enter Diffie-Helman parameters + + + + DESC_TA_PEM + Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security + + + + SUCCESS + The new settings have been saved + + + + NOT_A_VALID_IP + You have to enter a valid IP number + + + + NOT_IN_LOCAL_NET + You have to enter an IP address in your local network + + + + SHOW_SAMPLE_CONFIG + Display a functional client configuration file + + + + DESC_DISPLAY_CLIENT_CONF + You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).
]]> + + + + REAL_IP + Real IP address + + + + VIRTUAL_IP + VPN IP address + + + + SENT + Bytes sent + + + + RECEIVED + Bytes received + + + + CONNECTED_SINCE + Connected since + + + + DISCONNECT + Disconnect + + + + BAD_VALUE + Incorrect value + + + + + CANCELED + Cancelled + + + + DESC_CLIENT_DISCONECT_PAGE + You are going to diconnect this user. Are you sure you want to continue? + + + + CLIENT_DISCONNECTED + The client has been disconnected + + + + INVALID_CHARS + "{$string}" contains forbiden characters + + + + BRIDGE_NOT_ENABLED + The bridge service must be enabled.
The following commands will enable it:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" isn't a valid URL + + + + DESC_CRL_URL + Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value) + + + + LABEL_CRL_URL + URL to update the CRL + + + + LABEL_CA_PEM + CA certificate + + + + LABEL_CRT_PEM + Server certificate + + + + LABEL_KEY_PEM + Server private key + + + + LABEL_DH_PEM + DH parameters + + + + LABEL_TA_PEM + Static key + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + מצב חיבור + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + ערך נוכחי + + + DEFAULT + ברירת מחדל + + + ERROR + שגיאה + + + diff --git a/root/etc/e-smith/locale/hu/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/hu/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..2c928ab --- /dev/null +++ b/root/etc/e-smith/locale/hu/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Bridged OpenVPN daemon configuration + + + + DESC_FIRST_PAGE + Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.

]]> + + + + LABEL_STATUS + Service Status + + + + LABEL_AUTH_TYPE + Authentication mode + + + + LABEL_IP_POOL + IP Address range + + + + DESC_RULE_BUTTON + Configuration rules management + + + + DESC_SHOW_CLIENTS_BUTTON + Display connected clients + + + + DESC_CONFIG_BUTTON + Service configuration + + + + DESC_CRT_CONFIG_BUTTON + Certificates configuration + + + + LABEL_CRT_STATUS + Certificates status + + + + CRT_CONFIG_ERROR + There's a problem with the configuration of your certificates, you should check it.]]> + + + + CRT_CONFIG_OK + Certificates are ready]]> + + + + CRT_ONLY + Certificate only + + + + CRT_WITH_PASS + Certificate and login/password + + + + DESC_RULES_PAGE + - Give him a fixed IP address
- Configure the gateway redirection
- Temporarily denied the access
]]> + + + + DESC_RULES + Actual rules]]> + +NO_RULE + + NO_RULE + There's no rule]]> + + + + DESC_ADD_RULE_BUTTON + Add a rule + + + + COMMON_NAME + Common Name + + + + IP_ADDRESS + IP cím + + + + COMMENT + Megjegyzés + + + + GATEWAY_REDIRECTION + Gateway Redirection + + + + ACCESS + Hozzáférés + + + + MODIFY + Módosítás + + + + REMOVE + Eltávolít + + + + DYNAMIC + Dinamikus + + + + ENABLED + Engedélyezve + + + + DISABLED + Letiltva + + + + ALLOWED + Allowed + + + + DENIED + Denied + + + + DESC_ADD_OR_MODIFY_PAGE + Create or modify]]> + + + + DESC_COMMON_NAME + Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied. + + + + DESC_COMMENT + Enter a comment (Optional) + + + + DESC_RESERVED_IP + If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network. + + + + LABEL_RESERVED_IP + Reserved IP Address + + + + DESC_GW_REDIRECTION + Warning: enabling this option can slow down your internet access (for both your client and your local networks)]]> + + + + LABEL_GW_REDIRECTION + Gateway redirection + + + + DESC_ACCESS + You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate. + + + + DESC_REMOVE_PAGE + You are about to remove the following rule:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Frissítés + + + + ERROR_CONNECT_TO_MANAGER + An error occured while connecting to the manager. Check the service is running.]]> + + + + NO_CLIENTS_CONNECTED + There's no client connected at this time.]]> + + + + DESC_CONFIG_PAGE + This page lets you configure the service + + + + DESC_STATUS + Do you want to enable the service? + + + + DESC_AUTH_TYPE + Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides + + + + DESC_START_POOL + You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address + + + + LABEL_START_POOL + First IP Address + + + + DESC_END_POOL + Enter the last IP Address + + + + LABEL_END_POOL + Last IP Address + + + + DESC_CRT_CONFIG_PAGE + - An authoritative certificate (CA). This certificate is used to check the clients certificates
- A server certificate. It will be presented to the client so they are sure they are connecting to your server
- The secret key associated with the server certificate
- A Diffie-Helman parameter file. It will allow dynamic key exchange
- A shared secret key. This key will allow an additional TLS authentication
]]> + + + + DESC_CA_PEM + Enter the master certificate in pem format + + + + DESC_CRT_PEM + Enter the server certificate in pem format + + + + DESC_KEY_PEM + Enter the secret key associated with the server certificate, in pem format + + + + DESC_DH_PEM + Enter Diffie-Helman parameters + + + + DESC_TA_PEM + Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security + + + + SUCCESS + The new settings have been saved + + + + NOT_A_VALID_IP + You have to enter a valid IP number + + + + NOT_IN_LOCAL_NET + You have to enter an IP address in your local network + + + + SHOW_SAMPLE_CONFIG + Display a functional client configuration file + + + + DESC_DISPLAY_CLIENT_CONF + You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).
]]> + + + + REAL_IP + Real IP address + + + + VIRTUAL_IP + VPN IP address + + + + SENT + Bytes sent + + + + RECEIVED + Bytes received + + + + CONNECTED_SINCE + Connected since + + + + DISCONNECT + Bontás + + + + BAD_VALUE + Incorrect value + + + + + CANCELED + Cancelled + + + + DESC_CLIENT_DISCONECT_PAGE + Biztos hogy folytatja? ]]> + + + + CLIENT_DISCONNECTED + The client has been disconnected + + + + INVALID_CHARS + "{$string}" contains forbiden characters + + + + BRIDGE_NOT_ENABLED + The bridge service must be enabled.
The following commands will enable it:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" isn't a valid URL + + + + DESC_CRL_URL + Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value) + + + + LABEL_CRL_URL + URL to update the CRL + + + + LABEL_CA_PEM + CA certificate + + + + LABEL_CRT_PEM + Server certificate + + + + LABEL_KEY_PEM + Server private key + + + + LABEL_DH_PEM + DH parameters + + + + LABEL_TA_PEM + Static key + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + bejelentkezési állapot + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + Érvényes érték + + + DEFAULT + Alapértelmezett + + + ERROR + Hiba + + + diff --git a/root/etc/e-smith/locale/id/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/id/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..6ce33f0 --- /dev/null +++ b/root/etc/e-smith/locale/id/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Bridged OpenVPN daemon configuration + + + + DESC_FIRST_PAGE + Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.

]]> + + + + LABEL_STATUS + Service Status + + + + LABEL_AUTH_TYPE + Authentication mode + + + + LABEL_IP_POOL + IP Address range + + + + DESC_RULE_BUTTON + Configuration rules management + + + + DESC_SHOW_CLIENTS_BUTTON + Display connected clients + + + + DESC_CONFIG_BUTTON + Service configuration + + + + DESC_CRT_CONFIG_BUTTON + Certificates configuration + + + + LABEL_CRT_STATUS + Certificates status + + + + CRT_CONFIG_ERROR + There's a problem with the configuration of your certificates, you should check it.]]> + + + + CRT_CONFIG_OK + Certificates are ready]]> + + + + CRT_ONLY + Certificate only + + + + CRT_WITH_PASS + Certificate and login/password + + + + DESC_RULES_PAGE + - Give him a fixed IP address
- Configure the gateway redirection
- Temporarily denied the access
]]> + + + + DESC_RULES + Actual rules]]> + +NO_RULE + + NO_RULE + There's no rule]]> + + + + DESC_ADD_RULE_BUTTON + Add a rule + + + + COMMON_NAME + Common Name + + + + IP_ADDRESS + Alamat IP + + + + COMMENT + Komentar + + + + GATEWAY_REDIRECTION + Gateway Redirection + + + + ACCESS + Akses + + + + MODIFY + Ubah + + + + REMOVE + Hapus + + + + DYNAMIC + Dynamic + + + + ENABLED + Enabled + + + + DISABLED + Disabled + + + + ALLOWED + Allowed + + + + DENIED + Denied + + + + DESC_ADD_OR_MODIFY_PAGE + Create or modify]]> + + + + DESC_COMMON_NAME + Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied. + + + + DESC_COMMENT + Enter a comment (Optional) + + + + DESC_RESERVED_IP + If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network. + + + + LABEL_RESERVED_IP + Reserved IP Address + + + + DESC_GW_REDIRECTION + Warning: enabling this option can slow down your internet access (for both your client and your local networks)]]> + + + + LABEL_GW_REDIRECTION + Gateway redirection + + + + DESC_ACCESS + You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate. + + + + DESC_REMOVE_PAGE + You are about to remove the following rule:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Refresh + + + + ERROR_CONNECT_TO_MANAGER + An error occured while connecting to the manager. Check the service is running.]]> + + + + NO_CLIENTS_CONNECTED + There's no client connected at this time.]]> + + + + DESC_CONFIG_PAGE + This page lets you configure the service + + + + DESC_STATUS + Do you want to enable the service? + + + + DESC_AUTH_TYPE + Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides + + + + DESC_START_POOL + You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address + + + + LABEL_START_POOL + First IP Address + + + + DESC_END_POOL + Enter the last IP Address + + + + LABEL_END_POOL + Last IP Address + + + + DESC_CRT_CONFIG_PAGE + - An authoritative certificate (CA). This certificate is used to check the clients certificates
- A server certificate. It will be presented to the client so they are sure they are connecting to your server
- The secret key associated with the server certificate
- A Diffie-Helman parameter file. It will allow dynamic key exchange
- A shared secret key. This key will allow an additional TLS authentication
]]> + + + + DESC_CA_PEM + Enter the master certificate in pem format + + + + DESC_CRT_PEM + Enter the server certificate in pem format + + + + DESC_KEY_PEM + Enter the secret key associated with the server certificate, in pem format + + + + DESC_DH_PEM + Enter Diffie-Helman parameters + + + + DESC_TA_PEM + Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security + + + + SUCCESS + The new settings have been saved + + + + NOT_A_VALID_IP + You have to enter a valid IP number + + + + NOT_IN_LOCAL_NET + You have to enter an IP address in your local network + + + + SHOW_SAMPLE_CONFIG + Display a functional client configuration file + + + + DESC_DISPLAY_CLIENT_CONF + You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).
]]> + + + + REAL_IP + Real IP address + + + + VIRTUAL_IP + VPN IP address + + + + SENT + Bytes sent + + + + RECEIVED + Bytes received + + + + CONNECTED_SINCE + Connected since + + + + DISCONNECT + Disconnect + + + + BAD_VALUE + Incorrect value + + + + + CANCELED + Cancelled + + + + DESC_CLIENT_DISCONECT_PAGE + Anda yakin ingin melanjutkan? ]]> + + + + CLIENT_DISCONNECTED + The client has been disconnected + + + + INVALID_CHARS + "{$string}" contains forbiden characters + + + + BRIDGE_NOT_ENABLED + The bridge service must be enabled.
The following commands will enable it:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" isn't a valid URL + + + + DESC_CRL_URL + Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value) + + + + LABEL_CRL_URL + URL to update the CRL + + + + LABEL_CA_PEM + CA certificate + + + + LABEL_CRT_PEM + Server certificate + + + + LABEL_KEY_PEM + Server private key + + + + LABEL_DH_PEM + DH parameters + + + + LABEL_TA_PEM + Static key + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + Link status + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + Nilai sekarang + + + DEFAULT + Default + + + ERROR + Kesalahan + + + diff --git a/root/etc/e-smith/locale/it/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/it/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..0644e20 --- /dev/null +++ b/root/etc/e-smith/locale/it/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Configurazione del daemon per bridged OpenVPN + + + + DESC_FIRST_PAGE + La modalità Bridged consente ai client VPN di ottenere un indirizzo IP sulla rete locale, garantendo così l'accesso a tutte le risorse della rete locale.

]]> + + + + LABEL_STATUS + Stato servizio + + + + LABEL_AUTH_TYPE + Modalità di autenticazione + + + + LABEL_IP_POOL + Intervallo indirizzi IP + + + + DESC_RULE_BUTTON + Gestione delle regole di configurazione + + + + DESC_SHOW_CLIENTS_BUTTON + Mostra i client connessi + + + + DESC_CONFIG_BUTTON + Configurazione servizio + + + + DESC_CRT_CONFIG_BUTTON + Configurazione certificati + + + + LABEL_CRT_STATUS + Stato dei certificati + + + + CRT_CONFIG_ERROR + Si è verificato un problema dei tuoi certificati; controllali.]]> + + + + CRT_CONFIG_OK + I certificati sono pronti]]> + + + + CRT_ONLY + Solo certificato + + + + CRT_WITH_PASS + Certificato e login/password + + + + DESC_RULES_PAGE + - Assegnare un indirizzo IP fisso
- Configurare il reindirizzamento del gateway
- Negare temporaneamente l'accesso
]]> + + + + DESC_RULES + Regole effettive]]> + +NO_RULE + + NO_RULE + Non ci sono regole]]> + + + + DESC_ADD_RULE_BUTTON + Aggiungi una regola + + + + COMMON_NAME + "Common name" + + + + IP_ADDRESS + Indirizzo IP + + + + COMMENT + Commento + + + + GATEWAY_REDIRECTION + Reindirizzamento del Gateway + + + + ACCESS + Accesso + + + + MODIFY + Modifica + + + + REMOVE + Rimuovi + + + + DYNAMIC + Dinamico + + + + ENABLED + Abilitato + + + + DISABLED + Disabilitato + + + + ALLOWED + Permesso + + + + DENIED + Negato + + + + DESC_ADD_OR_MODIFY_PAGE + Crea o modifica]]> + + + + DESC_COMMON_NAME + Inserire un "Common name". Se un client si connette con un certificato contente quel "Common name", verrà utilizzata la configurazione corrispondente. + + + + DESC_COMMENT + Commento (opzionale) + + + + DESC_RESERVED_IP + Se si inserisce un indirizzo IP, esso sarà sempre associato al client che si connette con questo certificato. L'indirizzo IP deve essere nella tua rete locale (ma può essere fuori dal range della VPN), e non deve essere già in uso nella rete. + + + + LABEL_RESERVED_IP + Indirizzo IP riservato + + + + DESC_GW_REDIRECTION + Attenzione: l'abilitazione di questa opzione può rallentare la velocità di connessione ad internet (sia per i client che per le reti locali)]]> + + + + LABEL_GW_REDIRECTION + Reindirizzamento del Gateway + + + + DESC_ACCESS + Si può bloccare temporaneamente un client. Questo non offre una grossa sicurezza. Se si vuole bloccare definitivamente un client è necessario revocare il suo certificato. + + + + DESC_REMOVE_PAGE + Si sta per eliminare la seguente regola:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Aggiorna + + + + ERROR_CONNECT_TO_MANAGER + Si è verificato un errore nell'apertura della pagina di configurazione. Verificare che il servizio sia attivo.]]> + + + + NO_CLIENTS_CONNECTED + Al momento non ci sono client connessi.]]> + + + + DESC_CONFIG_PAGE + Questa pagina permette di configurare il servizio + + + + DESC_STATUS + Si desidera attivare il servizio? + + + + DESC_AUTH_TYPE + Scegliere la modalità di autenticazione. "Certificate only" può essere utile nel caso di connessione tra host senza necessità di interneto umano, ma non fornice lo stesso livello di sicurezza fornito da "Certificate and login/password" + + + + DESC_START_POOL + Scelta dell'intervallo di indirizzi IP per i client VPN. L'intervallo deve essere nella rete locale. Per cortesia, assicurarsi che nessun IP sia utilizzato in rete locale. Inserire il primo indirizzo IP + + + + LABEL_START_POOL + Primo indirizzo IP + + + + DESC_END_POOL + Inserire l'ultimo indirizzo IP + + + + LABEL_END_POOL + Ultimo indirizzo IP + + + + DESC_CRT_CONFIG_PAGE + - Un certificato di autenticazione (CA). Il certificati viene utilizzato per verificare i certificati dei client
- Un certificato server. Il certificato viene esibito ai client per assicurare che la connessione viene stabilita con il server corretto.
- La chiave segreta associata con il certificato del server
- Un file di parametri Diffie-Helman. Consentirà un cambio dinamico della chiave
- Una chiave segreta condivisa. Questa chiave consente un'autenticazione TLS aggiuntiva
]]> + + + + DESC_CA_PEM + Inserire il certificato principale in formato pem + + + + DESC_CRT_PEM + Inserire il certificato del server in formasto pem + + + + DESC_KEY_PEM + Inserire la chiave segreta associata con il certificato del server, in formato pem + + + + DESC_DH_PEM + Introdurre i parametri Diffie-Helman + + + + DESC_TA_PEM + Introdurre la chiave statica condivisa. La chiave verrà utilizzata per un'autenticazione aggiuntiva. La chiave è facoltativa ma può migliorare la sicurezza. + + + + SUCCESS + La nuova configurazione è stata salvata. + + + + NOT_A_VALID_IP + Devi inserire un indirizzo IP valido. + + + + NOT_IN_LOCAL_NET + Devi inserire un indirizzo IP valido nella tua rete locale. + + + + SHOW_SAMPLE_CONFIG + Mostra un file di configurazione client funzionante. + + + + DESC_DISPLAY_CLIENT_CONF + Deve anche essere scaricato il file di certificazione in formato # PKCS12 (che contiene il certificato CA, il certificato utente e la chiave segreta).
]]> + + + + REAL_IP + Indirizzo IP reale + + + + VIRTUAL_IP + Indirizzo IP vpn + + + + SENT + Byte inviati + + + + RECEIVED + Byte ricevuti + + + + CONNECTED_SINCE + Connesso da + + + + DISCONNECT + Disconnettersi + + + + BAD_VALUE + Valore non corretto + + + + + CANCELED + Cancellata + + + + DESC_CLIENT_DISCONECT_PAGE + Stai per disconnettere questo utente. Sei sicuro di voler continuare ? + + + + CLIENT_DISCONNECTED + Il client è stato disconnesso + + + + INVALID_CHARS + "{$string}" contiene dei caratteri non consentiti + + + + BRIDGE_NOT_ENABLED + Il servizio "bridge" deve essere abilitato.
Il comandi per abilitarlo sono i seguenti:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" non è un URL valido + + + + DESC_CRL_URL + Inserire l'URL per aggiornare il CRL. (se phpki è attivato sul medesimo server, può essere mantenuto il valore di default) + + + + LABEL_CRL_URL + URL per aggiornare il CRL + + + + LABEL_CA_PEM + Certificato CA + + + + LABEL_CRT_PEM + Certificato server + + + + LABEL_KEY_PEM + Chiave privata server + + + + LABEL_DH_PEM + Parametri DH + + + + LABEL_TA_PEM + Chiave statica + + + DESC_HMAC + HMAC fa parte della crittografia del canale dati per openvpn (dove viaggiano i dati) dopo la crittografia con il cipher. L'impostazione predefinita è SHA1 insicuro, ti consigliamo di utilizzare almeno SHA256. Questa impostazione dovrebbe corrispondere sia sul server che sul client + + + LABEL_HMAC + Algoritmo HMAC + + + DESC_CIPHER + Il cipher utilizzato per il tuo canale dati per openvpn. L'impostazione predefinita è utilizzare l'algoritmo BlowFish insicuro. Ti consigliamo AES-128-CBC o superiore. Questa impostazione dovrebbe corrispondere sia sul server che sul client. + + + LABEL_CIPHER + Algoritmo di crittografia Cipher + + + LINK + Staus del link + + + UP + Up + + + SYSTEMD_RETURNED + Systemd restituisce il servizio come + + + CHANGEME_INSECURE + Per favore cambia questo parametro insicuro + + + SUGGESTED + Valore suggerito + + + DEFAULT + Default + + + ERROR + Errore + + + diff --git a/root/etc/e-smith/locale/ja/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/ja/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..e169633 --- /dev/null +++ b/root/etc/e-smith/locale/ja/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Bridged OpenVPN daemon configuration + + + + DESC_FIRST_PAGE + Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.

]]> + + + + LABEL_STATUS + Service Status + + + + LABEL_AUTH_TYPE + Authentication mode + + + + LABEL_IP_POOL + IP Address range + + + + DESC_RULE_BUTTON + Configuration rules management + + + + DESC_SHOW_CLIENTS_BUTTON + Display connected clients + + + + DESC_CONFIG_BUTTON + Service configuration + + + + DESC_CRT_CONFIG_BUTTON + Certificates configuration + + + + LABEL_CRT_STATUS + Certificates status + + + + CRT_CONFIG_ERROR + There's a problem with the configuration of your certificates, you should check it.]]> + + + + CRT_CONFIG_OK + Certificates are ready]]> + + + + CRT_ONLY + Certificate only + + + + CRT_WITH_PASS + Certificate and login/password + + + + DESC_RULES_PAGE + - Give him a fixed IP address
- Configure the gateway redirection
- Temporarily denied the access
]]> + + + + DESC_RULES + Actual rules]]> + +NO_RULE + + NO_RULE + There's no rule]]> + + + + DESC_ADD_RULE_BUTTON + Add a rule + + + + COMMON_NAME + Common Name + + + + IP_ADDRESS + IPアドレス + + + + COMMENT + Comment + + + + GATEWAY_REDIRECTION + Gateway Redirection + + + + ACCESS + Access + + + + MODIFY + 更新 + + + + REMOVE + 削除 + + + + DYNAMIC + 動的 + + + + ENABLED + Enabled + + + + DISABLED + Disabled + + + + ALLOWED + Allowed + + + + DENIED + Denied + + + + DESC_ADD_OR_MODIFY_PAGE + Create or modify]]> + + + + DESC_COMMON_NAME + Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied. + + + + DESC_COMMENT + Enter a comment (Optional) + + + + DESC_RESERVED_IP + If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network. + + + + LABEL_RESERVED_IP + Reserved IP Address + + + + DESC_GW_REDIRECTION + Warning: enabling this option can slow down your internet access (for both your client and your local networks)]]> + + + + LABEL_GW_REDIRECTION + Gateway redirection + + + + DESC_ACCESS + You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate. + + + + DESC_REMOVE_PAGE + You are about to remove the following rule:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + リフレッシュ + + + + ERROR_CONNECT_TO_MANAGER + An error occured while connecting to the manager. Check the service is running.]]> + + + + NO_CLIENTS_CONNECTED + There's no client connected at this time.]]> + + + + DESC_CONFIG_PAGE + This page lets you configure the service + + + + DESC_STATUS + Do you want to enable the service? + + + + DESC_AUTH_TYPE + Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides + + + + DESC_START_POOL + You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address + + + + LABEL_START_POOL + First IP Address + + + + DESC_END_POOL + Enter the last IP Address + + + + LABEL_END_POOL + Last IP Address + + + + DESC_CRT_CONFIG_PAGE + - An authoritative certificate (CA). This certificate is used to check the clients certificates
- A server certificate. It will be presented to the client so they are sure they are connecting to your server
- The secret key associated with the server certificate
- A Diffie-Helman parameter file. It will allow dynamic key exchange
- A shared secret key. This key will allow an additional TLS authentication
]]> + + + + DESC_CA_PEM + Enter the master certificate in pem format + + + + DESC_CRT_PEM + Enter the server certificate in pem format + + + + DESC_KEY_PEM + Enter the secret key associated with the server certificate, in pem format + + + + DESC_DH_PEM + Enter Diffie-Helman parameters + + + + DESC_TA_PEM + Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security + + + + SUCCESS + The new settings have been saved + + + + NOT_A_VALID_IP + You have to enter a valid IP number + + + + NOT_IN_LOCAL_NET + You have to enter an IP address in your local network + + + + SHOW_SAMPLE_CONFIG + Display a functional client configuration file + + + + DESC_DISPLAY_CLIENT_CONF + You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).
]]> + + + + REAL_IP + Real IP address + + + + VIRTUAL_IP + VPN IP address + + + + SENT + Bytes sent + + + + RECEIVED + Bytes received + + + + CONNECTED_SINCE + Connected since + + + + DISCONNECT + 未接続 + + + + BAD_VALUE + Incorrect value + + + + + CANCELED + Cancelled + + + + DESC_CLIENT_DISCONECT_PAGE + You are going to diconnect this user. Are you sure you want to continue? + + + + CLIENT_DISCONNECTED + The client has been disconnected + + + + INVALID_CHARS + "{$string}" contains forbiden characters + + + + BRIDGE_NOT_ENABLED + The bridge service must be enabled.
The following commands will enable it:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" isn't a valid URL + + + + DESC_CRL_URL + Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value) + + + + LABEL_CRL_URL + URL to update the CRL + + + + LABEL_CA_PEM + CA certificate + + + + LABEL_CRT_PEM + Server certificate + + + + LABEL_KEY_PEM + Server private key + + + + LABEL_DH_PEM + DH parameters + + + + LABEL_TA_PEM + Static key + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + Link status + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + 現在の値 + + + DEFAULT + デフォルト + + + ERROR + エラー + + + diff --git a/root/etc/e-smith/locale/nb/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/nb/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..383071a --- /dev/null +++ b/root/etc/e-smith/locale/nb/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Bridged OpenVPN daemon configuration + + + + DESC_FIRST_PAGE + Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.

]]> + + + + LABEL_STATUS + Service Status + + + + LABEL_AUTH_TYPE + Authentication mode + + + + LABEL_IP_POOL + IP Address range + + + + DESC_RULE_BUTTON + Configuration rules management + + + + DESC_SHOW_CLIENTS_BUTTON + Display connected clients + + + + DESC_CONFIG_BUTTON + Service configuration + + + + DESC_CRT_CONFIG_BUTTON + Certificates configuration + + + + LABEL_CRT_STATUS + Certificates status + + + + CRT_CONFIG_ERROR + There's a problem with the configuration of your certificates, you should check it.]]> + + + + CRT_CONFIG_OK + Certificates are ready]]> + + + + CRT_ONLY + Certificate only + + + + CRT_WITH_PASS + Certificate and login/password + + + + DESC_RULES_PAGE + - Give him a fixed IP address
- Configure the gateway redirection
- Temporarily denied the access
]]> + + + + DESC_RULES + Actual rules]]> + +NO_RULE + + NO_RULE + There's no rule]]> + + + + DESC_ADD_RULE_BUTTON + Add a rule + + + + COMMON_NAME + Common Name + + + + IP_ADDRESS + IP adresse + + + + COMMENT + Kommentar + + + + GATEWAY_REDIRECTION + Gateway Redirection + + + + ACCESS + Tilgang + + + + MODIFY + Endre + + + + REMOVE + Fjern + + + + DYNAMIC + Dynamisk + + + + ENABLED + aktivert + + + + DISABLED + Deaktivert + + + + ALLOWED + Allowed + + + + DENIED + Denied + + + + DESC_ADD_OR_MODIFY_PAGE + Create or modify]]> + + + + DESC_COMMON_NAME + Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied. + + + + DESC_COMMENT + Enter a comment (Optional) + + + + DESC_RESERVED_IP + If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network. + + + + LABEL_RESERVED_IP + Reserved IP Address + + + + DESC_GW_REDIRECTION + Warning: enabling this option can slow down your internet access (for both your client and your local networks)]]> + + + + LABEL_GW_REDIRECTION + Gateway redirection + + + + DESC_ACCESS + You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate. + + + + DESC_REMOVE_PAGE + You are about to remove the following rule:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Oppdater + + + + ERROR_CONNECT_TO_MANAGER + An error occured while connecting to the manager. Check the service is running.]]> + + + + NO_CLIENTS_CONNECTED + There's no client connected at this time.]]> + + + + DESC_CONFIG_PAGE + This page lets you configure the service + + + + DESC_STATUS + Do you want to enable the service? + + + + DESC_AUTH_TYPE + Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides + + + + DESC_START_POOL + You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address + + + + LABEL_START_POOL + First IP Address + + + + DESC_END_POOL + Enter the last IP Address + + + + LABEL_END_POOL + Last IP Address + + + + DESC_CRT_CONFIG_PAGE + - An authoritative certificate (CA). This certificate is used to check the clients certificates
- A server certificate. It will be presented to the client so they are sure they are connecting to your server
- The secret key associated with the server certificate
- A Diffie-Helman parameter file. It will allow dynamic key exchange
- A shared secret key. This key will allow an additional TLS authentication
]]> + + + + DESC_CA_PEM + Enter the master certificate in pem format + + + + DESC_CRT_PEM + Enter the server certificate in pem format + + + + DESC_KEY_PEM + Enter the secret key associated with the server certificate, in pem format + + + + DESC_DH_PEM + Enter Diffie-Helman parameters + + + + DESC_TA_PEM + Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security + + + + SUCCESS + The new settings have been saved + + + + NOT_A_VALID_IP + You have to enter a valid IP number + + + + NOT_IN_LOCAL_NET + You have to enter an IP address in your local network + + + + SHOW_SAMPLE_CONFIG + Display a functional client configuration file + + + + DESC_DISPLAY_CLIENT_CONF + You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).
]]> + + + + REAL_IP + Real IP address + + + + VIRTUAL_IP + VPN IP address + + + + SENT + Bytes sent + + + + RECEIVED + Bytes received + + + + CONNECTED_SINCE + Connected since + + + + DISCONNECT + Koble fra + + + + BAD_VALUE + Incorrect value + + + + + CANCELED + Cancelled + + + + DESC_CLIENT_DISCONECT_PAGE + Er du sikker på at du vil fortsette? ]]> + + + + CLIENT_DISCONNECTED + The client has been disconnected + + + + INVALID_CHARS + "{$string}" contains forbiden characters + + + + BRIDGE_NOT_ENABLED + The bridge service must be enabled.
The following commands will enable it:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" isn't a valid URL + + + + DESC_CRL_URL + Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value) + + + + LABEL_CRL_URL + URL to update the CRL + + + + LABEL_CA_PEM + CA certificate + + + + LABEL_CRT_PEM + Server certificate + + + + LABEL_KEY_PEM + Server private key + + + + LABEL_DH_PEM + DH parameters + + + + LABEL_TA_PEM + Static key + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + Link status + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + Gjeldende verdi + + + DEFAULT + Standard + + + ERROR + Feil + + + diff --git a/root/etc/e-smith/locale/nl/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/nl/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..c982425 --- /dev/null +++ b/root/etc/e-smith/locale/nl/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + OpenVPN brug dienst configuratie + + + + DESC_FIRST_PAGE +
]]> + + + + LABEL_STATUS + Status van de dienst + + + + LABEL_AUTH_TYPE + Authenticatie methode + + + + LABEL_IP_POOL + IP adres bereik + + + + DESC_RULE_BUTTON + Configuratie regels beheren + + + + DESC_SHOW_CLIENTS_BUTTON + Geef verbonden systemen weer + + + + DESC_CONFIG_BUTTON + Configuratie van de dienst + + + + DESC_CRT_CONFIG_BUTTON + Certificaat configuratie + + + + LABEL_CRT_STATUS + Certificaat status + + + + CRT_CONFIG_ERROR + Er is een probleem met de configuratie van Uw certificaten, controleer dit.]]> + + + + CRT_CONFIG_OK + Certificaten zijn klaar]]> + + + + CRT_ONLY + Alleen certificaat + + + + CRT_WITH_PASS + Certificaat met login en wachtwoord + + + + DESC_RULES_PAGE + - Gateway verwijzing configureren
- Tijdelijk toegang weigeren
]]> + + + + DESC_RULES + Actuele regels]]> + +NO_RULE + + NO_RULE + Er zijn geen regels]]> + + + + DESC_ADD_RULE_BUTTON + Voeg een regel toe + + + + COMMON_NAME + Algemene naam + + + + IP_ADDRESS + IP adres + + + + COMMENT + Commentaar + + + + GATEWAY_REDIRECTION + Gateway verwijzing + + + + ACCESS + Toegang + + + + MODIFY + Wijzigen + + + + REMOVE + Verwijderen + + + + DYNAMIC + Dynamisch + + + + ENABLED + Actief + + + + DISABLED + Inactief + + + + ALLOWED + Toegestaan + + + + DENIED + Geweigerd + + + + DESC_ADD_OR_MODIFY_PAGE + Aanmaken of wijzigen]]> + + + + DESC_COMMON_NAME + Voer een algemene naam in. Als een werkstation verbinding maakt met een certificaat dat deze algemene naam bevat, zal de corresponderende configuratie toegepast worden. + + + + DESC_COMMENT + Voer een opmerking in (optioneel) + + + + DESC_RESERVED_IP + Als U een IP adres invoert zal dit altijd toegepast worden voor een werkstation met dit certificaat. Het IP adres moet in het lokale netwerk zijn (maar kan buiten het VPN bereik zijn). Let op dat dit IP adres niet door een ander werkstation in uw netwerk gebruikt word. + + + + LABEL_RESERVED_IP + Gereserveerd IP adres + + + + DESC_GW_REDIRECTION + Waarschuwing: het aanzetten van deze optie kan Internet toegang vertragen (zowel voor het werkstation en de lokale netwerken)]]> + + + + LABEL_GW_REDIRECTION + Gateway verwijzing + + + + DESC_ACCESS + U kan een werkstation tijdelijk blokkeren. Dit is niet een hele sterke beveiliging. Als U een werkstation permanent wilt blokkeren, moet U het certificaat van dat werkstation innemen. + + + + DESC_REMOVE_PAGE + U staat op het punt de volgende regel te verwijderen:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Verversen + + + + ERROR_CONNECT_TO_MANAGER + Er is een fout opgetreden bij het verbinden met de beheersservice. Controleer of der service is gestart.]]> + + + + NO_CLIENTS_CONNECTED + Er is momenteel niemand verbonden.]]> + + + + DESC_CONFIG_PAGE + Deze pagina stelt u in de gelegenheid de dienst te configureren + + + + DESC_STATUS + Wilt u de service inschakelen? + + + + DESC_AUTH_TYPE + Kies de autorisatie methode. "Alleen certificaat" kan handig zijn als U werkstations moet verbinden zonder menselijke interventie, maar het voorziet niet in dezelfde niveau van beveiliging als "Certificaat met login en wachtwoord". + + + + DESC_START_POOL + Kies een IP adres serie voor VPN werkstations. Deze serie moet in het lokale netwerk passen. Controleer dat er geen andere werkstations zijn die IP adressen gebruiken in deze serie. Voer het eerste IP adres in + + + + LABEL_START_POOL + Eerste IP adres + + + + DESC_END_POOL + Voer het laatste IP adres in + + + + LABEL_END_POOL + Laatste IP adres + + + + DESC_CRT_CONFIG_PAGE + - Een Server Certificaat. Dit zal aan de werkstations gepresenteerd worden zodat zij zeker zijn dat ze met Uw server verbinding maken.
- Een geheime sleutel geassocieerd met het Server Certificaat.
- Een Diffie-Helman configuratie bestand. Dit staat dynamische sleutel uitwisseling toe.
- Een gedeelde geheime sleutel. Deze sleutel laat additionele TLS autorisatie toe.
]]> + + + + DESC_CA_PEM + Voer het meester certificaat in pem formaat in + + + + DESC_CRT_PEM + Voer het server certificaat in pem formaat in + + + + DESC_KEY_PEM + Voer de geheime sleutel geassocieerd met het server certificaat in pem formaat in + + + + DESC_DH_PEM + Voer de Diffie-Helman configuratie informatie in + + + + DESC_TA_PEM + Voer de statische gedeelde sleutel in. Deze sleutel zal voor additionele authenticatie gebruikt worden. Deze sleutel is optioneel maar kan de beveiliging verstevigen + + + + SUCCESS + De nieuwe instellingen zijn opgeslagen + + + + NOT_A_VALID_IP + U moet een geldig IP nummer invoeren + + + + NOT_IN_LOCAL_NET + U moet een IP adres invoeren dat in het bereik van uw locale netwerk valt + + + + SHOW_SAMPLE_CONFIG + Laat een functioneel werkstation configuratie bestand zien + + + + DESC_DISPLAY_CLIENT_CONF + ]]> + + + + REAL_IP + Echt IP adres + + + + VIRTUAL_IP + VPN IP adres + + + + SENT + Bytes verstuurd + + + + RECEIVED + Bytes ontvangen + + + + CONNECTED_SINCE + Verbonden sinds + + + + DISCONNECT + Verbreek + + + + BAD_VALUE + Ongeldige waarde + + + + + CANCELED + Geannuleerd + + + + DESC_CLIENT_DISCONECT_PAGE + U staat op het punt de verbinding van deze gebruiker te verbreken. Weet u zeker dat u wilt doorgaan? + + + + CLIENT_DISCONNECTED + De verbinding met het systeem is verbroken + + + + INVALID_CHARS + "{$string}" bevat ongeldige tekens + + + + BRIDGE_NOT_ENABLED + De brug dienst moet aanstaan.
De volgende commando's zullen het aanzetten:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" is geen geldig adres + + + + DESC_CRL_URL + Voer de URL voor het aanpassen van de CRL in. (als phpki aanwezig is op dezelfde server kunt U de standaard instelling laten). + + + + LABEL_CRL_URL + URL voor het aanpassen van de CRL + + + + LABEL_CA_PEM + CA certificaat + + + + LABEL_CRT_PEM + Server certificaat + + + + LABEL_KEY_PEM + Server privé sleutel + + + + LABEL_DH_PEM + DH configuratie gegevens + + + + LABEL_TA_PEM + Statische sleutel + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + Login Status + + + UP + Up + + + SYSTEMD_RETURNED + Systeem diensten + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + Huidige waarde + + + DEFAULT + Standaard + + + ERROR + Fout + + + diff --git a/root/etc/e-smith/locale/pl/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/pl/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..28b66f5 --- /dev/null +++ b/root/etc/e-smith/locale/pl/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Bridged OpenVPN daemon configuration + + + + DESC_FIRST_PAGE + Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.

]]> + + + + LABEL_STATUS + Service Status + + + + LABEL_AUTH_TYPE + Authentication mode + + + + LABEL_IP_POOL + IP Address range + + + + DESC_RULE_BUTTON + Configuration rules management + + + + DESC_SHOW_CLIENTS_BUTTON + Display connected clients + + + + DESC_CONFIG_BUTTON + Service configuration + + + + DESC_CRT_CONFIG_BUTTON + Certificates configuration + + + + LABEL_CRT_STATUS + Certificates status + + + + CRT_CONFIG_ERROR + There's a problem with the configuration of your certificates, you should check it.]]> + + + + CRT_CONFIG_OK + Certificates are ready]]> + + + + CRT_ONLY + Certificate only + + + + CRT_WITH_PASS + Certificate and login/password + + + + DESC_RULES_PAGE + - Give him a fixed IP address
- Configure the gateway redirection
- Temporarily denied the access
]]> + + + + DESC_RULES + Actual rules]]> + +NO_RULE + + NO_RULE + There's no rule]]> + + + + DESC_ADD_RULE_BUTTON + Add a rule + + + + COMMON_NAME + Common Name + + + + IP_ADDRESS + Adres IP + + + + COMMENT + Comment + + + + GATEWAY_REDIRECTION + Gateway Redirection + + + + ACCESS + Dostęp + + + + MODIFY + Zmodyfikuj + + + + REMOVE + Usuń + + + + DYNAMIC + Dynamiczny + + + + ENABLED + Enabled + + + + DISABLED + Disabled + + + + ALLOWED + Allowed + + + + DENIED + Denied + + + + DESC_ADD_OR_MODIFY_PAGE + Create or modify]]> + + + + DESC_COMMON_NAME + Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied. + + + + DESC_COMMENT + Enter a comment (Optional) + + + + DESC_RESERVED_IP + If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network. + + + + LABEL_RESERVED_IP + Reserved IP Address + + + + DESC_GW_REDIRECTION + Warning: enabling this option can slow down your internet access (for both your client and your local networks)]]> + + + + LABEL_GW_REDIRECTION + Gateway redirection + + + + DESC_ACCESS + You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate. + + + + DESC_REMOVE_PAGE + You are about to remove the following rule:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Odśwież + + + + ERROR_CONNECT_TO_MANAGER + An error occured while connecting to the manager. Check the service is running.]]> + + + + NO_CLIENTS_CONNECTED + There's no client connected at this time.]]> + + + + DESC_CONFIG_PAGE + This page lets you configure the service + + + + DESC_STATUS + Czy chcesz uruchomić ten test? + + + + DESC_AUTH_TYPE + Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides + + + + DESC_START_POOL + You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address + + + + LABEL_START_POOL + First IP Address + + + + DESC_END_POOL + Enter the last IP Address + + + + LABEL_END_POOL + Last IP Address + + + + DESC_CRT_CONFIG_PAGE + - An authoritative certificate (CA). This certificate is used to check the clients certificates
- A server certificate. It will be presented to the client so they are sure they are connecting to your server
- The secret key associated with the server certificate
- A Diffie-Helman parameter file. It will allow dynamic key exchange
- A shared secret key. This key will allow an additional TLS authentication
]]> + + + + DESC_CA_PEM + Enter the master certificate in pem format + + + + DESC_CRT_PEM + Enter the server certificate in pem format + + + + DESC_KEY_PEM + Enter the secret key associated with the server certificate, in pem format + + + + DESC_DH_PEM + Enter Diffie-Helman parameters + + + + DESC_TA_PEM + Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security + + + + SUCCESS + The new settings have been saved + + + + NOT_A_VALID_IP + You have to enter a valid IP number + + + + NOT_IN_LOCAL_NET + You have to enter an IP address in your local network + + + + SHOW_SAMPLE_CONFIG + Display a functional client configuration file + + + + DESC_DISPLAY_CLIENT_CONF + You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).
]]> + + + + REAL_IP + Real IP address + + + + VIRTUAL_IP + VPN IP address + + + + SENT + Bytes sent + + + + RECEIVED + Bytes received + + + + CONNECTED_SINCE + Connected since + + + + DISCONNECT + Rozłącz + + + + BAD_VALUE + Incorrect value + + + + + CANCELED + Cancelled + + + + DESC_CLIENT_DISCONECT_PAGE + You are going to diconnect this user. Are you sure you want to continue? + + + + CLIENT_DISCONNECTED + The client has been disconnected + + + + INVALID_CHARS + "{$string}" contains forbiden characters + + + + BRIDGE_NOT_ENABLED + The bridge service must be enabled.
The following commands will enable it:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" isn't a valid URL + + + + DESC_CRL_URL + Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value) + + + + LABEL_CRL_URL + URL to update the CRL + + + + LABEL_CA_PEM + CA certificate + + + + LABEL_CRT_PEM + Server certificate + + + + LABEL_KEY_PEM + Server private key + + + + LABEL_DH_PEM + DH parameters + + + + LABEL_TA_PEM + Static key + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + status logowania + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + Wartość Obecna + + + DEFAULT + Domyślnie + + + ERROR + Błąd + + + diff --git a/root/etc/e-smith/locale/pt-br/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/pt-br/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..c55c648 --- /dev/null +++ b/root/etc/e-smith/locale/pt-br/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Configuração do daemon OpenVPN Bridged + + + + DESC_FIRST_PAGE +
]]> + + + + LABEL_STATUS + Status do Serviço + + + + LABEL_AUTH_TYPE + Modo de autenticação + + + + LABEL_IP_POOL + região de endereços IP + + + + DESC_RULE_BUTTON + Gerenciamento de regras de configuração + + + + DESC_SHOW_CLIENTS_BUTTON + Mostrar clientes conectados + + + + DESC_CONFIG_BUTTON + Configuração do serviço + + + + DESC_CRT_CONFIG_BUTTON + Configuração dos certificados + + + + LABEL_CRT_STATUS + Status dos certificados + + + + CRT_CONFIG_ERROR + Há um problem com a configuração dos seus certificados, você precisa verificar novamente.]]> + + + + CRT_CONFIG_OK + Os certificates estão prontos]]> + + + + CRT_ONLY + Apenas certificado + + + + CRT_WITH_PASS + Certificado e login/senha + + + + DESC_RULES_PAGE + - Configurar um redirecionamento do gateway
- Temporariamente bloquear o acesso
]]> + + + + DESC_RULES + Perfis Atuais]]> + +NO_RULE + + NO_RULE + Não há perfis]]> + + + + DESC_ADD_RULE_BUTTON + Adicionar um perfil + + + + COMMON_NAME + Nome Comum + + + + IP_ADDRESS + Endereço IP + + + + COMMENT + Comentário + + + + GATEWAY_REDIRECTION + Gateway de redirecionamento + + + + ACCESS + Acesso + + + + MODIFY + Modificar + + + + REMOVE + Remover + + + + DYNAMIC + Dinâmico + + + + ENABLED + Habilitado + + + + DISABLED + Desabilitado + + + + ALLOWED + Permitido + + + + DENIED + Negado + + + + DESC_ADD_OR_MODIFY_PAGE + Criar ou modificar]]> + + + + DESC_COMMON_NAME + Entre um nome comum. Se um cliente conecta com um certificado que tem esse nome comum, a configuração correspondente será aplicada. + + + + DESC_COMMENT + Entre um comentário (opcional) + + + + DESC_RESERVED_IP + Se você digitar um endereço IP, ele será sempre designado para o cliente conectando com este certificado. Este endereço IP deve ser da sua rede local (mas fora da região da VPN). Assegure-se de que este IP não esteja em uso por outro dispositivo em sua rede. + + + + LABEL_RESERVED_IP + Endereço IP reservado + + + + DESC_GW_REDIRECTION + Aviso: habilitando esta opção pode diminuir a velocidade de navegação na internet (tanto para seu cliente quanto para sua rede local)]]> + + + + LABEL_GW_REDIRECTION + Gateway de redirecionamento + + + + DESC_ACCESS + Você pode bloquear um cliente temporariamente. Isso não oferece uma segurança fore. Se você quer bloquear permanentemente um cliente, você deveria revogar o certificado dele. + + + + DESC_REMOVE_PAGE + Você está prestes a remover a seguinte regra:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Atualizar + + + + ERROR_CONNECT_TO_MANAGER + Ocorreu um erro enquanto conectando ao Gerenciador. Verifique se o serviço está rodando.]]> + + + + NO_CLIENTS_CONNECTED + Não há clientes conectados agora.]]> + + + + DESC_CONFIG_PAGE + Esta página permite que você configure o serviço + + + + DESC_STATUS + Você deseja habilitar o serviço ? + + + + DESC_AUTH_TYPE + Escolha o modo de autenticação. "Apenas certificado" pode ser útil se você necessita conectar hosts sem intervenção humana, mas não provê o mesmo nível de segurança que "Certificado E login/senha" + + + + DESC_START_POOL + Você precisa escolher uma região de endereços IP para os clientes VPN. Esta região deve estar dentro da rede local. Por favor, verifique que nenhum IP nesta região esteja sendo usado por outro host. Digite o primeiro endereço IP + + + + LABEL_START_POOL + Primeiro endereço IP + + + + DESC_END_POOL + Digite o último endereço IP + + + + LABEL_END_POOL + Último endereço IP + + + + DESC_CRT_CONFIG_PAGE + - Uma autoridade certificadora (CA). Este certificado é usado para verificar os certificados dos clientes
- Um certificado de servidor. Ele será mostrado para o cliente para que este saiba que está se conectando ao seu servidor
- A chave secreta associada com o certificado do servidor
- Um arquivo de parâmetro Diffie-Helman. Ele permite a troca dinâmica de chave
- Uma chave secreta compartilhada. Esta chave permitirá uma autenticação TLS adicional
]]> + + + + DESC_CA_PEM + Entre o certificado master no formato pem + + + + DESC_CRT_PEM + Entre o certificado do servidor no formato pem + + + + DESC_KEY_PEM + Entre a chave secreta associada com o certificado do servidor, no formato PEM + + + + DESC_DH_PEM + Entrar com os parametros Diffie-Helman + + + + DESC_TA_PEM + Entrar com a chave estática compartilhada. Esta chave será usada para uma autenticação adicional. Esta chave é opcional mas pode aumentar a segurança. + + + + SUCCESS + As novas configurações foram salvas + + + + NOT_A_VALID_IP + Você precisa digitar um endereço IP válido + + + + NOT_IN_LOCAL_NET + Você deve digitar um endereço IP de sua rede local + + + + SHOW_SAMPLE_CONFIG + Mostrar um arquivo de configuração do cliente que funcione + + + + DESC_DISPLAY_CLIENT_CONF + ]]> + + + + REAL_IP + Endereço IP real + + + + VIRTUAL_IP + Endereço IP VPN + + + + SENT + Bytes enviados + + + + RECEIVED + Bytes recebidos + + + + CONNECTED_SINCE + Conectado desde + + + + DISCONNECT + Desconectado + + + + BAD_VALUE + Valor incorreto + + + + + CANCELED + Cancelado + + + + DESC_CLIENT_DISCONECT_PAGE + Você ira desconectar este usuário. Você tem certeza que deseja continuar? + + + + CLIENT_DISCONNECTED + O cliente foi desconectado + + + + INVALID_CHARS + "{$string}" contém caracteres proibidos + + + + BRIDGE_NOT_ENABLED + O serviço de bridge precisa estar ativado.
Os seguintes comandos irão habilitá-lo:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" não é uma URL válida + + + + DESC_CRL_URL + Digite a URL para atualizar o CRL. (Se phpki estiver rodando no mesmo servidor, você pode deixar o valor padrão) + + + + LABEL_CRL_URL + URL para atualizar o CRL + + + + LABEL_CA_PEM + Certificado CA + + + + LABEL_CRT_PEM + Certificado do Servidor + + + + LABEL_KEY_PEM + Chave privada do Servidor + + + + LABEL_DH_PEM + Parametros DH + + + + LABEL_TA_PEM + Chave estática + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + status do login + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + Valor atual + + + DEFAULT + Padrão + + + ERROR + Erro + + + diff --git a/root/etc/e-smith/locale/pt/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/pt/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..ffd790a --- /dev/null +++ b/root/etc/e-smith/locale/pt/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Bridged OpenVPN daemon configuration + + + + DESC_FIRST_PAGE + Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.

]]> + + + + LABEL_STATUS + Service Status + + + + LABEL_AUTH_TYPE + Authentication mode + + + + LABEL_IP_POOL + IP Address range + + + + DESC_RULE_BUTTON + Configuration rules management + + + + DESC_SHOW_CLIENTS_BUTTON + Display connected clients + + + + DESC_CONFIG_BUTTON + Service configuration + + + + DESC_CRT_CONFIG_BUTTON + Certificates configuration + + + + LABEL_CRT_STATUS + Certificates status + + + + CRT_CONFIG_ERROR + There's a problem with the configuration of your certificates, you should check it.]]> + + + + CRT_CONFIG_OK + Certificates are ready]]> + + + + CRT_ONLY + Certificate only + + + + CRT_WITH_PASS + Certificate and login/password + + + + DESC_RULES_PAGE + - Give him a fixed IP address
- Configure the gateway redirection
- Temporarily denied the access
]]> + + + + DESC_RULES + Actual rules]]> + +NO_RULE + + NO_RULE + There's no rule]]> + + + + DESC_ADD_RULE_BUTTON + Add a rule + + + + COMMON_NAME + Common Name + + + + IP_ADDRESS + Endereço IP + + + + COMMENT + Comentário + + + + GATEWAY_REDIRECTION + Gateway Redirection + + + + ACCESS + Acesso + + + + MODIFY + Modificar + + + + REMOVE + Remover + + + + DYNAMIC + Dinâmico + + + + ENABLED + Habilitado + + + + DISABLED + Desabilitado + + + + ALLOWED + Allowed + + + + DENIED + Denied + + + + DESC_ADD_OR_MODIFY_PAGE + Create or modify]]> + + + + DESC_COMMON_NAME + Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied. + + + + DESC_COMMENT + Enter a comment (Optional) + + + + DESC_RESERVED_IP + If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network. + + + + LABEL_RESERVED_IP + Reserved IP Address + + + + DESC_GW_REDIRECTION + Warning: enabling this option can slow down your internet access (for both your client and your local networks)]]> + + + + LABEL_GW_REDIRECTION + Gateway redirection + + + + DESC_ACCESS + You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate. + + + + DESC_REMOVE_PAGE + You are about to remove the following rule:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Atualizar + + + + ERROR_CONNECT_TO_MANAGER + An error occured while connecting to the manager. Check the service is running.]]> + + + + NO_CLIENTS_CONNECTED + There's no client connected at this time.]]> + + + + DESC_CONFIG_PAGE + This page lets you configure the service + + + + DESC_STATUS + Você deseja encaminhar estes e-mails ? + + + + DESC_AUTH_TYPE + Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides + + + + DESC_START_POOL + You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address + + + + LABEL_START_POOL + First IP Address + + + + DESC_END_POOL + Enter the last IP Address + + + + LABEL_END_POOL + Last IP Address + + + + DESC_CRT_CONFIG_PAGE + - An authoritative certificate (CA). This certificate is used to check the clients certificates
- A server certificate. It will be presented to the client so they are sure they are connecting to your server
- The secret key associated with the server certificate
- A Diffie-Helman parameter file. It will allow dynamic key exchange
- A shared secret key. This key will allow an additional TLS authentication
]]> + + + + DESC_CA_PEM + Enter the master certificate in pem format + + + + DESC_CRT_PEM + Enter the server certificate in pem format + + + + DESC_KEY_PEM + Enter the secret key associated with the server certificate, in pem format + + + + DESC_DH_PEM + Enter Diffie-Helman parameters + + + + DESC_TA_PEM + Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security + + + + SUCCESS + The new settings have been saved + + + + NOT_A_VALID_IP + You have to enter a valid IP number + + + + NOT_IN_LOCAL_NET + You have to enter an IP address in your local network + + + + SHOW_SAMPLE_CONFIG + Display a functional client configuration file + + + + DESC_DISPLAY_CLIENT_CONF + You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).
]]> + + + + REAL_IP + Real IP address + + + + VIRTUAL_IP + VPN IP address + + + + SENT + Bytes sent + + + + RECEIVED + Bytes received + + + + CONNECTED_SINCE + Connected since + + + + DISCONNECT + Desligar + + + + BAD_VALUE + Incorrect value + + + + + CANCELED + Cancelled + + + + DESC_CLIENT_DISCONECT_PAGE + Você tem certeza que deseja continuar? ]]> + + + + CLIENT_DISCONNECTED + The client has been disconnected + + + + INVALID_CHARS + "{$string}" contains forbiden characters + + + + BRIDGE_NOT_ENABLED + The bridge service must be enabled.
The following commands will enable it:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" isn't a valid URL + + + + DESC_CRL_URL + Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value) + + + + LABEL_CRL_URL + URL to update the CRL + + + + LABEL_CA_PEM + CA certificate + + + + LABEL_CRT_PEM + Server certificate + + + + LABEL_KEY_PEM + Server private key + + + + LABEL_DH_PEM + DH parameters + + + + LABEL_TA_PEM + Static key + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + status do login + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + Valor actual + + + DEFAULT + Padrão + + + ERROR + Erro + + + diff --git a/root/etc/e-smith/locale/ro/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/ro/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..c3ae4ae --- /dev/null +++ b/root/etc/e-smith/locale/ro/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Bridged OpenVPN daemon configuration + + + + DESC_FIRST_PAGE + Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.

]]> + + + + LABEL_STATUS + Service Status + + + + LABEL_AUTH_TYPE + Authentication mode + + + + LABEL_IP_POOL + IP Address range + + + + DESC_RULE_BUTTON + Configuration rules management + + + + DESC_SHOW_CLIENTS_BUTTON + Display connected clients + + + + DESC_CONFIG_BUTTON + Service configuration + + + + DESC_CRT_CONFIG_BUTTON + Certificates configuration + + + + LABEL_CRT_STATUS + Certificates status + + + + CRT_CONFIG_ERROR + There's a problem with the configuration of your certificates, you should check it.]]> + + + + CRT_CONFIG_OK + Certificates are ready]]> + + + + CRT_ONLY + Certificate only + + + + CRT_WITH_PASS + Certificate and login/password + + + + DESC_RULES_PAGE + - Give him a fixed IP address
- Configure the gateway redirection
- Temporarily denied the access
]]> + + + + DESC_RULES + Actual rules]]> + +NO_RULE + + NO_RULE + There's no rule]]> + + + + DESC_ADD_RULE_BUTTON + Add a rule + + + + COMMON_NAME + Common Name + + + + IP_ADDRESS + IP Address + + + + COMMENT + Comment + + + + GATEWAY_REDIRECTION + Gateway Redirection + + + + ACCESS + Access + + + + MODIFY + Modifică + + + + REMOVE + Remove + + + + DYNAMIC + Dynamic + + + + ENABLED + Activat + + + + DISABLED + Disabled + + + + ALLOWED + Allowed + + + + DENIED + Denied + + + + DESC_ADD_OR_MODIFY_PAGE + Create or modify]]> + + + + DESC_COMMON_NAME + Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied. + + + + DESC_COMMENT + Enter a comment (Optional) + + + + DESC_RESERVED_IP + If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network. + + + + LABEL_RESERVED_IP + Reserved IP Address + + + + DESC_GW_REDIRECTION + Warning: enabling this option can slow down your internet access (for both your client and your local networks)]]> + + + + LABEL_GW_REDIRECTION + Gateway redirection + + + + DESC_ACCESS + You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate. + + + + DESC_REMOVE_PAGE + You are about to remove the following rule:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Reactualizează + + + + ERROR_CONNECT_TO_MANAGER + An error occured while connecting to the manager. Check the service is running.]]> + + + + NO_CLIENTS_CONNECTED + There's no client connected at this time.]]> + + + + DESC_CONFIG_PAGE + This page lets you configure the service + + + + DESC_STATUS + Vreți sa retransmiteți aceste mailuri? + + + + DESC_AUTH_TYPE + Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides + + + + DESC_START_POOL + You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address + + + + LABEL_START_POOL + First IP Address + + + + DESC_END_POOL + Enter the last IP Address + + + + LABEL_END_POOL + Last IP Address + + + + DESC_CRT_CONFIG_PAGE + - An authoritative certificate (CA). This certificate is used to check the clients certificates
- A server certificate. It will be presented to the client so they are sure they are connecting to your server
- The secret key associated with the server certificate
- A Diffie-Helman parameter file. It will allow dynamic key exchange
- A shared secret key. This key will allow an additional TLS authentication
]]> + + + + DESC_CA_PEM + Enter the master certificate in pem format + + + + DESC_CRT_PEM + Enter the server certificate in pem format + + + + DESC_KEY_PEM + Enter the secret key associated with the server certificate, in pem format + + + + DESC_DH_PEM + Enter Diffie-Helman parameters + + + + DESC_TA_PEM + Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security + + + + SUCCESS + The new settings have been saved + + + + NOT_A_VALID_IP + You have to enter a valid IP number + + + + NOT_IN_LOCAL_NET + You have to enter an IP address in your local network + + + + SHOW_SAMPLE_CONFIG + Display a functional client configuration file + + + + DESC_DISPLAY_CLIENT_CONF + You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).
]]> + + + + REAL_IP + Real IP address + + + + VIRTUAL_IP + VPN IP address + + + + SENT + Bytes sent + + + + RECEIVED + Bytes received + + + + CONNECTED_SINCE + Connected since + + + + DISCONNECT + Disconnect + + + + BAD_VALUE + Incorrect value + + + + + CANCELED + Cancelled + + + + DESC_CLIENT_DISCONECT_PAGE + You are going to diconnect this user. Are you sure you want to continue? + + + + CLIENT_DISCONNECTED + The client has been disconnected + + + + INVALID_CHARS + "{$string}" contains forbiden characters + + + + BRIDGE_NOT_ENABLED + The bridge service must be enabled.
The following commands will enable it:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" isn't a valid URL + + + + DESC_CRL_URL + Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value) + + + + LABEL_CRL_URL + URL to update the CRL + + + + LABEL_CA_PEM + CA certificate + + + + LABEL_CRT_PEM + Server certificate + + + + LABEL_KEY_PEM + Server private key + + + + LABEL_DH_PEM + DH parameters + + + + LABEL_TA_PEM + Static key + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + Link status + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + Valoare curentă + + + DEFAULT + Implicit + + + ERROR + Eroare + + + diff --git a/root/etc/e-smith/locale/ru/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/ru/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..990ac56 --- /dev/null +++ b/root/etc/e-smith/locale/ru/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Bridged OpenVPN daemon configuration + + + + DESC_FIRST_PAGE + Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.

]]> + + + + LABEL_STATUS + Состояние службы + + + + LABEL_AUTH_TYPE + Режим аутентификации + + + + LABEL_IP_POOL + Диапазон IP-адресов + + + + DESC_RULE_BUTTON + Управление конфигурацией правил + + + + DESC_SHOW_CLIENTS_BUTTON + Показать подключенных клиентов + + + + DESC_CONFIG_BUTTON + Конфигурация службы + + + + DESC_CRT_CONFIG_BUTTON + Конфигурация сертификатов + + + + LABEL_CRT_STATUS + Состояние сертификатов + + + + CRT_CONFIG_ERROR + There's a problem with the configuration of your certificates, you should check it.]]> + + + + CRT_CONFIG_OK + Certificates are ready]]> + + + + CRT_ONLY + Только сертификат + + + + CRT_WITH_PASS + Сертификат и логин/пароль + + + + DESC_RULES_PAGE + - Give him a fixed IP address
- Configure the gateway redirection
- Temporarily denied the access
]]> + + + + DESC_RULES + Actual rules]]> + +NO_RULE + + NO_RULE + There's no rule]]> + + + + DESC_ADD_RULE_BUTTON + Добавить правило + + + + COMMON_NAME + Общее имя + + + + IP_ADDRESS + IP адрес + + + + COMMENT + Комментарий + + + + GATEWAY_REDIRECTION + Gateway Redirection + + + + ACCESS + Доступ + + + + MODIFY + Изменить + + + + REMOVE + Удалить + + + + DYNAMIC + Динамический + + + + ENABLED + Включен + + + + DISABLED + Отключен + + + + ALLOWED + Разрешён + + + + DENIED + Запрешён + + + + DESC_ADD_OR_MODIFY_PAGE + Create or modify]]> + + + + DESC_COMMON_NAME + Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied. + + + + DESC_COMMENT + Введите комментарий (необязательно) + + + + DESC_RESERVED_IP + If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network. + + + + LABEL_RESERVED_IP + Зарезервированные IP-адреса + + + + DESC_GW_REDIRECTION + Warning: enabling this option can slow down your internet access (for both your client and your local networks)]]> + + + + LABEL_GW_REDIRECTION + Gateway redirection + + + + DESC_ACCESS + You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate. + + + + DESC_REMOVE_PAGE + You are about to remove the following rule:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Обновить + + + + ERROR_CONNECT_TO_MANAGER + An error occured while connecting to the manager. Check the service is running.]]> + + + + NO_CLIENTS_CONNECTED + There's no client connected at this time.]]> + + + + DESC_CONFIG_PAGE + На этой странице вы можете сконфигурировать службу + + + + DESC_STATUS + Вы хотите включить службу ? + + + + DESC_AUTH_TYPE + Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides + + + + DESC_START_POOL + You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address + + + + LABEL_START_POOL + Первый IP-адрес + + + + DESC_END_POOL + Введите последний IP-адрес + + + + LABEL_END_POOL + Последний IP-адрес + + + + DESC_CRT_CONFIG_PAGE + - An authoritative certificate (CA). This certificate is used to check the clients certificates
- A server certificate. It will be presented to the client so they are sure they are connecting to your server
- The secret key associated with the server certificate
- A Diffie-Helman parameter file. It will allow dynamic key exchange
- A shared secret key. This key will allow an additional TLS authentication
]]> + + + + DESC_CA_PEM + Введите основной сертификат в формате pem + + + + DESC_CRT_PEM + Введите сертификат сервера в формате pem + + + + DESC_KEY_PEM + Введите секретный ключ, связанный с сертификатом сервера в формате pem + + + + DESC_DH_PEM + Enter Diffie-Helman parameters + + + + DESC_TA_PEM + Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security + + + + SUCCESS + Новые параметры были сохранены + + + + NOT_A_VALID_IP + Вы должны ввести действительный номер IP + + + + NOT_IN_LOCAL_NET + Вы должны ввести IP-адрес в вашей локальной сети + + + + SHOW_SAMPLE_CONFIG + Display a functional client configuration file + + + + DESC_DISPLAY_CLIENT_CONF + You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).
]]> + + + + REAL_IP + Реальный IP-адрес + + + + VIRTUAL_IP + IP-адрес VPN + + + + SENT + Байт отправлено + + + + RECEIVED + Байт получено + + + + CONNECTED_SINCE + Connected since + + + + DISCONNECT + Отключить + + + + BAD_VALUE + Неверное значение + + + + + CANCELED + Отменено + + + + DESC_CLIENT_DISCONECT_PAGE + Вы действительно хотите продолжить? ]]> + + + + CLIENT_DISCONNECTED + Клиент был отключен + + + + INVALID_CHARS + "{$string}" contains forbiden characters + + + + BRIDGE_NOT_ENABLED + The bridge service must be enabled.
The following commands will enable it:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" не допустимый URL + + + + DESC_CRL_URL + Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value) + + + + LABEL_CRL_URL + URL to update the CRL + + + + LABEL_CA_PEM + CA сертификат + + + + LABEL_CRT_PEM + Сертификат сервера + + + + LABEL_KEY_PEM + Закрытый ключ сервера + + + + LABEL_DH_PEM + Параметры DH + + + + LABEL_TA_PEM + Статический ключ + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + статус логина + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + Текущее значение + + + DEFAULT + По умолчанию + + + ERROR + Ошибка + + + diff --git a/root/etc/e-smith/locale/sl/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/sl/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..56e6c20 --- /dev/null +++ b/root/etc/e-smith/locale/sl/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Bridged OpenVPN daemon configuration + + + + DESC_FIRST_PAGE + Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.

]]> + + + + LABEL_STATUS + Service Status + + + + LABEL_AUTH_TYPE + Authentication mode + + + + LABEL_IP_POOL + IP Address range + + + + DESC_RULE_BUTTON + Configuration rules management + + + + DESC_SHOW_CLIENTS_BUTTON + Display connected clients + + + + DESC_CONFIG_BUTTON + Service configuration + + + + DESC_CRT_CONFIG_BUTTON + Certificates configuration + + + + LABEL_CRT_STATUS + Certificates status + + + + CRT_CONFIG_ERROR + There's a problem with the configuration of your certificates, you should check it.]]> + + + + CRT_CONFIG_OK + Certificates are ready]]> + + + + CRT_ONLY + Certificate only + + + + CRT_WITH_PASS + Certificate and login/password + + + + DESC_RULES_PAGE + - Give him a fixed IP address
- Configure the gateway redirection
- Temporarily denied the access
]]> + + + + DESC_RULES + Actual rules]]> + +NO_RULE + + NO_RULE + There's no rule]]> + + + + DESC_ADD_RULE_BUTTON + Add a rule + + + + COMMON_NAME + Common Name + + + + IP_ADDRESS + IP naslov + + + + COMMENT + Comment + + + + GATEWAY_REDIRECTION + Gateway Redirection + + + + ACCESS + Access + + + + MODIFY + Uredi + + + + REMOVE + Odstrani + + + + DYNAMIC + Dynamic + + + + ENABLED + Omogoceno + + + + DISABLED + Onemogoceno + + + + ALLOWED + Allowed + + + + DENIED + Denied + + + + DESC_ADD_OR_MODIFY_PAGE + Create or modify]]> + + + + DESC_COMMON_NAME + Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied. + + + + DESC_COMMENT + Enter a comment (Optional) + + + + DESC_RESERVED_IP + If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network. + + + + LABEL_RESERVED_IP + Reserved IP Address + + + + DESC_GW_REDIRECTION + Warning: enabling this option can slow down your internet access (for both your client and your local networks)]]> + + + + LABEL_GW_REDIRECTION + Gateway redirection + + + + DESC_ACCESS + You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate. + + + + DESC_REMOVE_PAGE + You are about to remove the following rule:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Refresh + + + + ERROR_CONNECT_TO_MANAGER + An error occured while connecting to the manager. Check the service is running.]]> + + + + NO_CLIENTS_CONNECTED + There's no client connected at this time.]]> + + + + DESC_CONFIG_PAGE + This page lets you configure the service + + + + DESC_STATUS + Do you want to enable the service? + + + + DESC_AUTH_TYPE + Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides + + + + DESC_START_POOL + You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address + + + + LABEL_START_POOL + First IP Address + + + + DESC_END_POOL + Enter the last IP Address + + + + LABEL_END_POOL + Last IP Address + + + + DESC_CRT_CONFIG_PAGE + - An authoritative certificate (CA). This certificate is used to check the clients certificates
- A server certificate. It will be presented to the client so they are sure they are connecting to your server
- The secret key associated with the server certificate
- A Diffie-Helman parameter file. It will allow dynamic key exchange
- A shared secret key. This key will allow an additional TLS authentication
]]> + + + + DESC_CA_PEM + Enter the master certificate in pem format + + + + DESC_CRT_PEM + Enter the server certificate in pem format + + + + DESC_KEY_PEM + Enter the secret key associated with the server certificate, in pem format + + + + DESC_DH_PEM + Enter Diffie-Helman parameters + + + + DESC_TA_PEM + Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security + + + + SUCCESS + The new settings have been saved + + + + NOT_A_VALID_IP + You have to enter a valid IP number + + + + NOT_IN_LOCAL_NET + You have to enter an IP address in your local network + + + + SHOW_SAMPLE_CONFIG + Display a functional client configuration file + + + + DESC_DISPLAY_CLIENT_CONF + You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).
]]> + + + + REAL_IP + Real IP address + + + + VIRTUAL_IP + VPN IP address + + + + SENT + Bytes sent + + + + RECEIVED + Bytes received + + + + CONNECTED_SINCE + Connected since + + + + DISCONNECT + Disconnect + + + + BAD_VALUE + Incorrect value + + + + + CANCELED + Cancelled + + + + DESC_CLIENT_DISCONECT_PAGE + Ali si preprican, da to zelis? ]]> + + + + CLIENT_DISCONNECTED + The client has been disconnected + + + + INVALID_CHARS + "{$string}" contains forbiden characters + + + + BRIDGE_NOT_ENABLED + The bridge service must be enabled.
The following commands will enable it:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" isn't a valid URL + + + + DESC_CRL_URL + Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value) + + + + LABEL_CRL_URL + URL to update the CRL + + + + LABEL_CA_PEM + CA certificate + + + + LABEL_CRT_PEM + Server certificate + + + + LABEL_KEY_PEM + Server private key + + + + LABEL_DH_PEM + DH parameters + + + + LABEL_TA_PEM + Static key + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + Status + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + Trenutna vrednost + + + DEFAULT + Privzeto + + + ERROR + Napaka + + + diff --git a/root/etc/e-smith/locale/sv/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/sv/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..75a19d1 --- /dev/null +++ b/root/etc/e-smith/locale/sv/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Konfiguration för Bridged OpenVPN daemon + + + + DESC_FIRST_PAGE + Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.

]]> + + + + LABEL_STATUS + Servicestatus + + + + LABEL_AUTH_TYPE + Autentisieringsmod + + + + LABEL_IP_POOL + Område för IP-adresserna + + + + DESC_RULE_BUTTON + Hantering av konfigureringsregler + + + + DESC_SHOW_CLIENTS_BUTTON + Visa anslutna klienter + + + + DESC_CONFIG_BUTTON + Tjänstekonfiguration + + + + DESC_CRT_CONFIG_BUTTON + Konfigurering av certifikat + + + + LABEL_CRT_STATUS + Status för certifikat + + + + CRT_CONFIG_ERROR + There's a problem with the configuration of your certificates, you should check it.]]> + + + + CRT_CONFIG_OK + Certificates are ready]]> + + + + CRT_ONLY + Endast certifikat + + + + CRT_WITH_PASS + Certifikat och inloggning/lösenord + + + + DESC_RULES_PAGE + - Give him a fixed IP address
- Configure the gateway redirection
- Temporarily denied the access
]]> + + + + DESC_RULES + Actual rules]]> + +NO_RULE + + NO_RULE + There's no rule]]> + + + + DESC_ADD_RULE_BUTTON + Lägg till en regel + + + + COMMON_NAME + Gemensamt namn + + + + IP_ADDRESS + IP-adress + + + + COMMENT + Kommentar + + + + GATEWAY_REDIRECTION + Gateway vidarebefordran + + + + ACCESS + Åtkomst + + + + MODIFY + Ändra + + + + REMOVE + Radera + + + + DYNAMIC + Dynamisk + + + + ENABLED + Tillåten + + + + DISABLED + Ej tillåten + + + + ALLOWED + Tillåten + + + + DENIED + Ej tillåten + + + + DESC_ADD_OR_MODIFY_PAGE + Create or modify]]> + + + + DESC_COMMON_NAME + Ange ett gemensamt namn. Om en klient ansluter med ett certifikat som har detta namn kommer den korresponderade konfigurationen att användas. + + + + DESC_COMMENT + Ange en kommentar (option) + + + + DESC_RESERVED_IP + Om du anger en IP-adress, kommer Ip-adressen alltid bli knuten till klienten som ansluter med detta certifikat. Denna IP-adress måste finnas på ditt lokala nätverk (men kan finnas utom VPN-omfånget). Var säker på att detta IP inte används av någon annan på ditt nätverk. + + + + LABEL_RESERVED_IP + Reserverad IP-adress + + + + DESC_GW_REDIRECTION + Warning: enabling this option can slow down your internet access (for both your client and your local networks)]]> + + + + LABEL_GW_REDIRECTION + Gateway-vidarebefordran + + + + DESC_ACCESS + Du kan tillfälligt blockera en klient. Detta ger inte ett starkt skydd. Om du önskar blockera en klient permanent skall du ta bort klientens certifikat. + + + + DESC_REMOVE_PAGE + You are about to remove the following rule:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Uppdatera + + + + ERROR_CONNECT_TO_MANAGER + An error occured while connecting to the manager. Check the service is running.]]> + + + + NO_CLIENTS_CONNECTED + There's no client connected at this time.]]> + + + + DESC_CONFIG_PAGE + Denna sida låter dig konfigurera tjänsten + + + + DESC_STATUS + Vill du aktivera denna tjänst ? + + + + DESC_AUTH_TYPE + Välj autentisieringsmetod. "Endast certifikat" kan vara användbart om du behöver ansluta värdar utan manuell inblandning, men detta ger inte samma säkerhetsnivå som "Certifikat och lösenord" ger + + + + DESC_START_POOL + Du har valt ett IP-adressområde för VPN-klienter. Detta område måste vara inom det lokala nätverkets område. Kontrollera så att ingen annan använder en IP-adress inom detta område. Ange den första IP-adressen + + + + LABEL_START_POOL + Första IP-adressen + + + + DESC_END_POOL + Ange den sista IP-adressen + + + + LABEL_END_POOL + Sista IP-adressen + + + + DESC_CRT_CONFIG_PAGE + - An authoritative certificate (CA). This certificate is used to check the clients certificates
- A server certificate. It will be presented to the client so they are sure they are connecting to your server
- The secret key associated with the server certificate
- A Diffie-Helman parameter file. It will allow dynamic key exchange
- A shared secret key. This key will allow an additional TLS authentication
]]> + + + + DESC_CA_PEM + Ange mastercertifikatet i pem-format + + + + DESC_CRT_PEM + Ange servercertifikatet i pem-format + + + + DESC_KEY_PEM + Ange den hemliga nyckel som är associerad med servercertifikatet i pem-format + + + + DESC_DH_PEM + Ange Diffie-Helman parametrarna + + + + DESC_TA_PEM + Ange den statiska delade nyckeln. Denna nyckel kommer att användas som extra autentisiering. Denna nyckel är valbar men den kan förstärka säkerheten + + + + SUCCESS + De nya inställningarna har sparats + + + + NOT_A_VALID_IP + Du måste ange ett giltigt IP-nummer + + + + NOT_IN_LOCAL_NET + Du måste ange en IP-adress i ditt lokala nätverk + + + + SHOW_SAMPLE_CONFIG + Visa en fungerande konfigurationsfil för en klient + + + + DESC_DISPLAY_CLIENT_CONF + You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).
]]> + + + + REAL_IP + Verklig IP-adress + + + + VIRTUAL_IP + VPN IP-adress + + + + SENT + Skickade bytes + + + + RECEIVED + Mottagna bytes + + + + CONNECTED_SINCE + Ansluten sedan + + + + DISCONNECT + Koppla ifrån + + + + BAD_VALUE + Ogiltigt värde + + + + + CANCELED + Avbruten + + + + DESC_CLIENT_DISCONECT_PAGE + Du håller på att koppla ifrån denna användare. Är du säker på att du vill fortsätta ? + + + + CLIENT_DISCONNECTED + Klienten har blivit frånkopplad + + + + INVALID_CHARS + "{$string}" innehåller otillåtna tecken + + + + BRIDGE_NOT_ENABLED + The bridge service must be enabled.
The following commands will enable it:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" är inte en tillåten URL + + + + DESC_CRL_URL + Ange URL för att uppdatera CRL (om phpki körs på samma server så kan du använda det förvalda värdet) + + + + LABEL_CRL_URL + URL för att uppdatera CRL + + + + LABEL_CA_PEM + CA certifikat + + + + LABEL_CRT_PEM + Servercertifikat + + + + LABEL_KEY_PEM + Serverns privata nyckel + + + + LABEL_DH_PEM + DH-parametrar + + + + LABEL_TA_PEM + Statisk nyckel + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + inloggningsstatus + + + UP + Up + + + SYSTEMD_RETURNED + Systemtjänster + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + Aktuellt värde + + + DEFAULT + Förvalt + + + ERROR + Fel + + + diff --git a/root/etc/e-smith/locale/th/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/th/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..c42c438 --- /dev/null +++ b/root/etc/e-smith/locale/th/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Bridged OpenVPN daemon configuration + + + + DESC_FIRST_PAGE + Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.

]]> + + + + LABEL_STATUS + Service Status + + + + LABEL_AUTH_TYPE + Authentication mode + + + + LABEL_IP_POOL + IP Address range + + + + DESC_RULE_BUTTON + Configuration rules management + + + + DESC_SHOW_CLIENTS_BUTTON + Display connected clients + + + + DESC_CONFIG_BUTTON + Service configuration + + + + DESC_CRT_CONFIG_BUTTON + Certificates configuration + + + + LABEL_CRT_STATUS + Certificates status + + + + CRT_CONFIG_ERROR + There's a problem with the configuration of your certificates, you should check it.]]> + + + + CRT_CONFIG_OK + Certificates are ready]]> + + + + CRT_ONLY + Certificate only + + + + CRT_WITH_PASS + Certificate and login/password + + + + DESC_RULES_PAGE + - Give him a fixed IP address
- Configure the gateway redirection
- Temporarily denied the access
]]> + + + + DESC_RULES + Actual rules]]> + +NO_RULE + + NO_RULE + There's no rule]]> + + + + DESC_ADD_RULE_BUTTON + Add a rule + + + + COMMON_NAME + Common Name + + + + IP_ADDRESS + หมายเลข IP + + + + COMMENT + บันทึกเพิ่มเติม + + + + GATEWAY_REDIRECTION + Gateway Redirection + + + + ACCESS + สิทธิการเข้าถึง + + + + MODIFY + แก้ไข + + + + REMOVE + ลบ + + + + DYNAMIC + Dynamic + + + + ENABLED + เปิดใช้งาน + + + + DISABLED + ปิดไม่ใช้งาน + + + + ALLOWED + Allowed + + + + DENIED + Denied + + + + DESC_ADD_OR_MODIFY_PAGE + Create or modify]]> + + + + DESC_COMMON_NAME + Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied. + + + + DESC_COMMENT + Enter a comment (Optional) + + + + DESC_RESERVED_IP + If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network. + + + + LABEL_RESERVED_IP + Reserved IP Address + + + + DESC_GW_REDIRECTION + Warning: enabling this option can slow down your internet access (for both your client and your local networks)]]> + + + + LABEL_GW_REDIRECTION + Gateway redirection + + + + DESC_ACCESS + You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate. + + + + DESC_REMOVE_PAGE + You are about to remove the following rule:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + เขียนจอใหม่, ฟื้นฟู, เรียกใหม่ + + + + ERROR_CONNECT_TO_MANAGER + An error occured while connecting to the manager. Check the service is running.]]> + + + + NO_CLIENTS_CONNECTED + There's no client connected at this time.]]> + + + + DESC_CONFIG_PAGE + This page lets you configure the service + + + + DESC_STATUS + Do you want to enable the service? + + + + DESC_AUTH_TYPE + Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides + + + + DESC_START_POOL + You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address + + + + LABEL_START_POOL + First IP Address + + + + DESC_END_POOL + Enter the last IP Address + + + + LABEL_END_POOL + Last IP Address + + + + DESC_CRT_CONFIG_PAGE + - An authoritative certificate (CA). This certificate is used to check the clients certificates
- A server certificate. It will be presented to the client so they are sure they are connecting to your server
- The secret key associated with the server certificate
- A Diffie-Helman parameter file. It will allow dynamic key exchange
- A shared secret key. This key will allow an additional TLS authentication
]]> + + + + DESC_CA_PEM + Enter the master certificate in pem format + + + + DESC_CRT_PEM + Enter the server certificate in pem format + + + + DESC_KEY_PEM + Enter the secret key associated with the server certificate, in pem format + + + + DESC_DH_PEM + Enter Diffie-Helman parameters + + + + DESC_TA_PEM + Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security + + + + SUCCESS + The new settings have been saved + + + + NOT_A_VALID_IP + You have to enter a valid IP number + + + + NOT_IN_LOCAL_NET + You have to enter an IP address in your local network + + + + SHOW_SAMPLE_CONFIG + Display a functional client configuration file + + + + DESC_DISPLAY_CLIENT_CONF + You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).
]]> + + + + REAL_IP + Real IP address + + + + VIRTUAL_IP + VPN IP address + + + + SENT + Bytes sent + + + + RECEIVED + Bytes received + + + + CONNECTED_SINCE + Connected since + + + + DISCONNECT + Disconnect + + + + BAD_VALUE + Incorrect value + + + + + CANCELED + Cancelled + + + + DESC_CLIENT_DISCONECT_PAGE + คุณแน่ใจที่จะทำการลบนี้หรือไม่ ? ]]> + + + + CLIENT_DISCONNECTED + The client has been disconnected + + + + INVALID_CHARS + "{$string}" contains forbiden characters + + + + BRIDGE_NOT_ENABLED + The bridge service must be enabled.
The following commands will enable it:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" isn't a valid URL + + + + DESC_CRL_URL + Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value) + + + + LABEL_CRL_URL + URL to update the CRL + + + + LABEL_CA_PEM + CA certificate + + + + LABEL_CRT_PEM + Server certificate + + + + LABEL_KEY_PEM + Server private key + + + + LABEL_DH_PEM + DH parameters + + + + LABEL_TA_PEM + Static key + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + Link status + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + ค่าปัจจุบัน + + + DEFAULT + ค่าปริยาย + + + ERROR + ข้อผิดพลาด + + + diff --git a/root/etc/e-smith/locale/tr/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/tr/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..8fc13a6 --- /dev/null +++ b/root/etc/e-smith/locale/tr/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Bridged OpenVPN daemon configuration + + + + DESC_FIRST_PAGE + Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.

]]> + + + + LABEL_STATUS + Service Status + + + + LABEL_AUTH_TYPE + Authentication mode + + + + LABEL_IP_POOL + IP Address range + + + + DESC_RULE_BUTTON + Configuration rules management + + + + DESC_SHOW_CLIENTS_BUTTON + Display connected clients + + + + DESC_CONFIG_BUTTON + Service configuration + + + + DESC_CRT_CONFIG_BUTTON + Certificates configuration + + + + LABEL_CRT_STATUS + Certificates status + + + + CRT_CONFIG_ERROR + There's a problem with the configuration of your certificates, you should check it.]]> + + + + CRT_CONFIG_OK + Certificates are ready]]> + + + + CRT_ONLY + Certificate only + + + + CRT_WITH_PASS + Certificate and login/password + + + + DESC_RULES_PAGE + - Give him a fixed IP address
- Configure the gateway redirection
- Temporarily denied the access
]]> + + + + DESC_RULES + Actual rules]]> + +NO_RULE + + NO_RULE + There's no rule]]> + + + + DESC_ADD_RULE_BUTTON + Add a rule + + + + COMMON_NAME + Common Name + + + + IP_ADDRESS + IP Adresi + + + + COMMENT + Açıklama + + + + GATEWAY_REDIRECTION + Gateway Redirection + + + + ACCESS + Giriş + + + + MODIFY + Değiştir + + + + REMOVE + Kaldır + + + + DYNAMIC + Dynamic + + + + ENABLED + Etkin + + + + DISABLED + Etkin değil + + + + ALLOWED + Allowed + + + + DENIED + Denied + + + + DESC_ADD_OR_MODIFY_PAGE + Create or modify]]> + + + + DESC_COMMON_NAME + Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied. + + + + DESC_COMMENT + Enter a comment (Optional) + + + + DESC_RESERVED_IP + If you enter an IP address, it will allways be affected to the client connecting with this certificate. This IP address must be in your local network (but can be out of the VPN range). Be sure this IP isn't used by another host on your network. + + + + LABEL_RESERVED_IP + Reserved IP Address + + + + DESC_GW_REDIRECTION + Warning: enabling this option can slow down your internet access (for both your client and your local networks)]]> + + + + LABEL_GW_REDIRECTION + Gateway redirection + + + + DESC_ACCESS + You can temporarily block a client. This does not offer a strong security. If you want to permanently deny a client, you should revoke it's certificate. + + + + DESC_REMOVE_PAGE + You are about to remove the following rule:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + Yenile + + + + ERROR_CONNECT_TO_MANAGER + An error occured while connecting to the manager. Check the service is running.]]> + + + + NO_CLIENTS_CONNECTED + There's no client connected at this time.]]> + + + + DESC_CONFIG_PAGE + This page lets you configure the service + + + + DESC_STATUS + Do you want to enable the service? + + + + DESC_AUTH_TYPE + Choose the authentication mode. "Certificate only" can be usefull if you need to connect hosts without humain intervention, but it does't provide the same level of security that "Certificate and login/password" provides + + + + DESC_START_POOL + You have to choose a IP address range for VPN clients. This range must be in the local network. Please, check that none IP address in this range is used by another host. Enter the first IP Address + + + + LABEL_START_POOL + First IP Address + + + + DESC_END_POOL + Enter the last IP Address + + + + LABEL_END_POOL + Last IP Address + + + + DESC_CRT_CONFIG_PAGE + - An authoritative certificate (CA). This certificate is used to check the clients certificates
- A server certificate. It will be presented to the client so they are sure they are connecting to your server
- The secret key associated with the server certificate
- A Diffie-Helman parameter file. It will allow dynamic key exchange
- A shared secret key. This key will allow an additional TLS authentication
]]> + + + + DESC_CA_PEM + Enter the master certificate in pem format + + + + DESC_CRT_PEM + Enter the server certificate in pem format + + + + DESC_KEY_PEM + Enter the secret key associated with the server certificate, in pem format + + + + DESC_DH_PEM + Enter Diffie-Helman parameters + + + + DESC_TA_PEM + Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security + + + + SUCCESS + The new settings have been saved + + + + NOT_A_VALID_IP + You have to enter a valid IP number + + + + NOT_IN_LOCAL_NET + You have to enter an IP address in your local network + + + + SHOW_SAMPLE_CONFIG + Display a functional client configuration file + + + + DESC_DISPLAY_CLIENT_CONF + You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).
]]> + + + + REAL_IP + Real IP address + + + + VIRTUAL_IP + VPN IP address + + + + SENT + Bytes sent + + + + RECEIVED + Bytes received + + + + CONNECTED_SINCE + Connected since + + + + DISCONNECT + Disconnect + + + + BAD_VALUE + Incorrect value + + + + + CANCELED + Cancelled + + + + DESC_CLIENT_DISCONECT_PAGE + Devam etmek istediğinizden eminmisiniz? ]]> + + + + CLIENT_DISCONNECTED + The client has been disconnected + + + + INVALID_CHARS + "{$string}" contains forbiden characters + + + + BRIDGE_NOT_ENABLED + The bridge service must be enabled.
The following commands will enable it:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" isn't a valid URL + + + + DESC_CRL_URL + Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value) + + + + LABEL_CRL_URL + URL to update the CRL + + + + LABEL_CA_PEM + CA certificate + + + + LABEL_CRT_PEM + Server certificate + + + + LABEL_KEY_PEM + Server private key + + + + LABEL_DH_PEM + DH parameters + + + + LABEL_TA_PEM + Static key + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + algoritma + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + oturum durumu + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + Güncel değer + + + DEFAULT + Varsayılan + + + ERROR + Hata + + + diff --git a/root/etc/e-smith/locale/zh-cn/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/zh-cn/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..e12afe2 --- /dev/null +++ b/root/etc/e-smith/locale/zh-cn/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + Bridged OpenVPN daemon configuration + + + + DESC_FIRST_PAGE + Bridged mode allows VPN clients to have an IP address in the local network, thus, they have access to every ressources of your local network.

]]> + + + + LABEL_STATUS + 服务状态 + + + + LABEL_AUTH_TYPE + 认证模式 + + + + LABEL_IP_POOL + IP 地址范围 + + + + DESC_RULE_BUTTON + 规则配置管理 + + + + DESC_SHOW_CLIENTS_BUTTON + 显示已连接的客户端 + + + + DESC_CONFIG_BUTTON + 服务配置 + + + + DESC_CRT_CONFIG_BUTTON + 证书配置 + + + + LABEL_CRT_STATUS + 证书状态 + + + + CRT_CONFIG_ERROR + There's a problem with the configuration of your certificates, you should check it.]]> + + + + CRT_CONFIG_OK + Certificates are ready]]> + + + + CRT_ONLY + Certificate only + + + + CRT_WITH_PASS + Certificate and login/password + + + + DESC_RULES_PAGE + - Give him a fixed IP address
- Configure the gateway redirection
- Temporarily denied the access
]]> + + + + DESC_RULES + Actual rules]]> + +NO_RULE + + NO_RULE + There's no rule]]> + + + + DESC_ADD_RULE_BUTTON + 添加规则 + + + + COMMON_NAME + 通用名称 + + + + IP_ADDRESS + IP地址 + + + + COMMENT + 备注 + + + + GATEWAY_REDIRECTION + 网关重定向 + + + + ACCESS + 访问 + + + + MODIFY + 修改 + + + + REMOVE + 移除 + + + + DYNAMIC + 动态的 + + + + ENABLED + 启用 + + + + DISABLED + 禁用 + + + + ALLOWED + 允许的 + + + + DENIED + 拒绝的 + + + + DESC_ADD_OR_MODIFY_PAGE + Create or modify]]> + + + + DESC_COMMON_NAME + Enter a common name. If a client connects with a certificates which has this common name, the coresponding configuration will be applied. + + + + DESC_COMMENT + 请输入注释(可选项) + + + + DESC_RESERVED_IP + 如果输入IP地址, 它就会与客户端证书相关联。该IP地址必须在本地网络(但可以在VPN分配范围之外)。请确保这个IP没有被本地其他机器占用。 + + + + LABEL_RESERVED_IP + 预设IP地址 + + + + DESC_GW_REDIRECTION + Warning: enabling this option can slow down your internet access (for both your client and your local networks)]]> + + + + LABEL_GW_REDIRECTION + 网关重定向 + + + + DESC_ACCESS + 您可以临时阻止某个客户端访问。这只具有临时的安全性。如果您想要永久禁止某个客户端,您只需删除它的证书即可。 + + + + DESC_REMOVE_PAGE + You are about to remove the following rule:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + 刷新 + + + + ERROR_CONNECT_TO_MANAGER + An error occured while connecting to the manager. Check the service is running.]]> + + + + NO_CLIENTS_CONNECTED + There's no client connected at this time.]]> + + + + DESC_CONFIG_PAGE + 这个页面允许您配置服务 + + + + DESC_STATUS + 是否启用该服务? + + + + DESC_AUTH_TYPE + 请选择认证模式。“只需要证书”选项无须人机交互,但它的安全性不如“证书和账户及密码”。 + + + + DESC_START_POOL + 您必须选择VPN客户端的IP地址范围。IP地址范围必须在本地网络之内。请检查这个范围内的IP没有被其它机器占用。请输入起始IP地址 + + + + LABEL_START_POOL + 第一个IP地址 + + + + DESC_END_POOL + 请输入最后一个IP地址 + + + + LABEL_END_POOL + 最后一个IP地址 + + + + DESC_CRT_CONFIG_PAGE + - An authoritative certificate (CA). This certificate is used to check the clients certificates
- A server certificate. It will be presented to the client so they are sure they are connecting to your server
- The secret key associated with the server certificate
- A Diffie-Helman parameter file. It will allow dynamic key exchange
- A shared secret key. This key will allow an additional TLS authentication
]]> + + + + DESC_CA_PEM + Enter the master certificate in pem format + + + + DESC_CRT_PEM + Enter the server certificate in pem format + + + + DESC_KEY_PEM + Enter the secret key associated with the server certificate, in pem format + + + + DESC_DH_PEM + Enter Diffie-Helman parameters + + + + DESC_TA_PEM + Enter the static shared key. This key will be used for an additional authentication. This key is optional, but it can harden the security + + + + SUCCESS + 新的设置已被保存 + + + + NOT_A_VALID_IP + 您输入了无效的IP地址 + + + + NOT_IN_LOCAL_NET + 必须输入本地网络的IP地址 + + + + SHOW_SAMPLE_CONFIG + Display a functional client configuration file + + + + DESC_DISPLAY_CLIENT_CONF + You also have to download the certification file in # PKCS12 format (which contains the CA certificate, the user certificate and the user secret key).
]]> + + + + REAL_IP + 真实IP地址 + + + + VIRTUAL_IP + VPN IP 地址 + + + + SENT + 发送字节 + + + + RECEIVED + 收到字节 + + + + CONNECTED_SINCE + 连接始于 + + + + DISCONNECT + 断开 + + + + BAD_VALUE + 不正确的值 + + + + + CANCELED + 删除的 + + + + DESC_CLIENT_DISCONECT_PAGE + 即将断开这个用户。是否继续? + + + + CLIENT_DISCONNECTED + 客户端已被断开 + + + + INVALID_CHARS + "{$string}" 包含被禁止的字符 + + + + BRIDGE_NOT_ENABLED + The bridge service must be enabled.
The following commands will enable it:
db configuration setprop bridge status enabled
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}" 不是有效的URL + + + + DESC_CRL_URL + Enter the URL to update the CRL. (if phpki runs on the same server, you can let the default value) + + + + LABEL_CRL_URL + URL to update the CRL + + + + LABEL_CA_PEM + CA 证书 + + + + LABEL_CRT_PEM + 服务器证书 + + + + LABEL_KEY_PEM + 服务器私钥 + + + + LABEL_DH_PEM + DH parameters + + + + LABEL_TA_PEM + Static key + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + mailman状态 + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + 当前值 + + + DEFAULT + 默认 + + + ERROR + 错误 + + + diff --git a/root/etc/e-smith/locale/zh-tw/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/locale/zh-tw/etc/e-smith/web/functions/openvpnbridge new file mode 100644 index 0000000..ccf8e34 --- /dev/null +++ b/root/etc/e-smith/locale/zh-tw/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,452 @@ + + + FORM_TITLE + 橋接OpenVPN背景服務設定 + + + + DESC_FIRST_PAGE + 橋接模式允許VPN終端機擁有區網中的IP位址,因此,他們有權存取您區網中的任一資源。

]]> + + + + LABEL_STATUS + 服務狀態 + + + + LABEL_AUTH_TYPE + 認證模式 + + + + LABEL_IP_POOL + IP位址範圍 + + + + DESC_RULE_BUTTON + 設定規則管理 + + + + DESC_SHOW_CLIENTS_BUTTON + 顯示連接終端機 + + + + DESC_CONFIG_BUTTON + 服務設定 + + + + DESC_CRT_CONFIG_BUTTON + 憑證設定 + + + + LABEL_CRT_STATUS + 憑證狀態 + + + + CRT_CONFIG_ERROR + 您的憑證設定有問題,您應當檢查它。]]> + + + + CRT_CONFIG_OK + 憑證已就緒]]> + + + + CRT_ONLY + 憑證專用 + + + + CRT_WITH_PASS + 憑證與登入/密碼 + + + + DESC_RULES_PAGE + - 給他固定IP位址
- 設定閘道轉向
- 暫時拒絕存取
]]> + + + + DESC_RULES + 實際規則]]> + +NO_RULE + + NO_RULE + 尚無規則]]> + + + + DESC_ADD_RULE_BUTTON + 增加規則 + + + + COMMON_NAME + 通用名稱 + + + + IP_ADDRESS + IP 地址 + + + + COMMENT + 備註 + + + + GATEWAY_REDIRECTION + 閘道再導向 + + + + ACCESS + 存取 + + + + MODIFY + 修改 + + + + REMOVE + 移除 + + + + DYNAMIC + 動態的 + + + + ENABLED + 啟用 + + + + DISABLED + 禁用 + + + + ALLOWED + 允許的 + + + + DENIED + 拒絕的 + + + + DESC_ADD_OR_MODIFY_PAGE + 建立或修正]]> + + + + DESC_COMMON_NAME + 輸入通用名稱。倘若終端的連接伴隨指定的通用名稱,將套用符應的設定值。 + + + + DESC_COMMENT + 請輸入註釋(選項) + + + + DESC_RESERVED_IP + 倘若輸入IP位址,它將被終端連接的憑證所影響。該IP位址必須在區網(但可在VPN分配範圍之外)。請確保此IP沒有被網路其他主機佔用。 + + + + LABEL_RESERVED_IP + 保留的IP位址 + + + + DESC_GW_REDIRECTION + 注意:啟用此選項會降低網際網路存取速度(包含終端主機和區網)]]> + + + + LABEL_GW_REDIRECTION + 閘道再導向 + + + + DESC_ACCESS + 您可以暫時鎖定某終端機。這無法提供足夠的安全性。倘若您欲永久拒絕某終端機,您應取消該終端機的憑證。 + + + + DESC_REMOVE_PAGE + 即將移除後續規則:]]> + + + + DESC_CONNECTED_CLIENTS_PAGE + + + + + REFRESH + 重新整理 + + + + ERROR_CONNECT_TO_MANAGER + 連接到控制台出錯。請檢查服務是否執行。]]> + + + + NO_CLIENTS_CONNECTED + 此時無終端機連接。]]> + + + + DESC_CONFIG_PAGE + 此頁面允許您設定服務 + + + + DESC_STATUS + 是否啟用該服務? + + + + DESC_AUTH_TYPE + 請選擇認證模式。倘若您需要無人為干預的方式連結主機,"只有憑證"將是有用的,但其無法提供如同"憑證與登入/密碼"同等級的安全性。 + + + + DESC_START_POOL + 您必須為VPN終端機選擇IP位址範圍。此範圍必須在區網內。請檢查此範圍內的IP位址沒有被其它機器使用。請輸入起始IP位址 + + + + LABEL_START_POOL + 第一IP位址 + + + + DESC_END_POOL + 請輸入最後的IP位址 + + + + LABEL_END_POOL + 最後的IP位址 + + + + DESC_CRT_CONFIG_PAGE + - 授權憑證(CA)。該憑證被用來檢測終端機的憑證
- 伺服器憑證。他將被顯示到終端機使得他們可以確認他們正連接到伺服器
- 安全金鑰與伺服器連結
- Diffie-Helman金鑰交換參數檔。它將允許動態金鑰交換
- 共享安全金鑰。此金鑰將允許增加TLS授權
]]> + + + + DESC_CA_PEM + 以pem格式輸入主要授權 + + + + DESC_CRT_PEM + 以pem格式輸入伺服器授權 + + + + DESC_KEY_PEM + 以pem格式連結伺服器授權輸入安全金鑰 + + + + DESC_DH_PEM + 輸入Diffie-Helman金鑰交換參數 + + + + DESC_TA_PEM + 輸入靜態共享金鑰。此金鑰將被用來額外授權。該金鑰為選擇性,但可強化安全性。 + + + + SUCCESS + 新設定已保存 + + + + NOT_A_VALID_IP + 您必須輸入有效的IP位址 + + + + NOT_IN_LOCAL_NET + 您必須在區網中輸入有效的IP位址 + + + + SHOW_SAMPLE_CONFIG + 顯示功能性終端機設定檔 + + + + DESC_DISPLAY_CLIENT_CONF + 您亦須以# PKCS12格式下載認證檔(包含CA認證、使用者認證與使用者安全金鑰ret key)。
]]> + + + + REAL_IP + 真實IP位址 + + + + VIRTUAL_IP + VPN IP位址 + + + + SENT + 傳送位元 + + + + RECEIVED + 接收位元 + + + + CONNECTED_SINCE + 連接源於 + + + + DISCONNECT + 中斷連線 + + + + BAD_VALUE + 錯誤值 + + + + + CANCELED + 已刪除的 + + + + DESC_CLIENT_DISCONECT_PAGE + 您即將中斷此使用者。您確定要繼續? + + + + CLIENT_DISCONNECTED + 此終端機已中斷 + + + + INVALID_CHARS + "{$string}"包含禁止字元 + + + + BRIDGE_NOT_ENABLED + 橋接服務需啟動。
下列命令將啟用它:
資料庫設定橋接狀態啟動
/etc/init.d/bridge start

]]> + + + + NOT_A_VALID_URL + "{$string}"不是有效URL + + + + DESC_CRL_URL + 輸入網址更新憑證撤銷清單。(若phpki同時在伺服器上執行,您可使用預設值) + + + + LABEL_CRL_URL + URL更新CRL + + + + LABEL_CA_PEM + CA憑證 + + + + LABEL_CRT_PEM + 伺服器憑證 + + + + LABEL_KEY_PEM + 伺服器私鑰 + + + + LABEL_DH_PEM + DH參數 + + + + LABEL_TA_PEM + 靜態金鑰 + + + DESC_HMAC + HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client + + + LABEL_HMAC + HMAC algorithm + + + DESC_CIPHER + The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client. + + + LABEL_CIPHER + Cipher encryption algorithm + + + LINK + Mailman狀態 + + + UP + Up + + + SYSTEMD_RETURNED + Systemd returned service as + + + CHANGEME_INSECURE + Please change this insecure parameter + + + SUGGESTED + 現值 + + + DEFAULT + 預設 + + + ERROR + 錯誤 + + + diff --git a/root/etc/e-smith/templates.metadata/etc/openvpn/bridge/management-pass.txt b/root/etc/e-smith/templates.metadata/etc/openvpn/bridge/management-pass.txt new file mode 100644 index 0000000..0226928 --- /dev/null +++ b/root/etc/e-smith/templates.metadata/etc/openvpn/bridge/management-pass.txt @@ -0,0 +1,4 @@ +PERMS=0600 +UID="root" +GID="root" + diff --git a/root/etc/e-smith/templates/etc/crontab/openvpn-bridge-crl b/root/etc/e-smith/templates/etc/crontab/openvpn-bridge-crl new file mode 100644 index 0000000..60d0ce1 --- /dev/null +++ b/root/etc/e-smith/templates/etc/crontab/openvpn-bridge-crl @@ -0,0 +1,7 @@ +{ +my $url = ${'openvpn-bridge'}{'CrlUrl'} || ''; +if ($url =~ /^http(s)?:\/\/.*$/){ + $OUT .= "# Update OpenVPN bridge's CRL\n"; + $OUT .= "5 * * * * root /etc/e-smith/events/actions/openvpn-bridge-update-crl 2>&1 /dev/null\n"; +} +} diff --git a/root/etc/e-smith/templates/etc/openvpn/bridge/ccd/.gitignore b/root/etc/e-smith/templates/etc/openvpn/bridge/ccd/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/templates/etc/openvpn/bridge/management-pass.txt/10pass b/root/etc/e-smith/templates/etc/openvpn/bridge/management-pass.txt/10pass new file mode 100644 index 0000000..bfe4b29 --- /dev/null +++ b/root/etc/e-smith/templates/etc/openvpn/bridge/management-pass.txt/10pass @@ -0,0 +1,7 @@ +{ + my $management = ${'openvpn-bridge'}{'management'} || 'localhost:11194:password'; + my @param = split(/:/,$management); + my $pass = $param[2]; + $OUT = "$pass"; + +} diff --git a/root/etc/e-smith/templates/etc/openvpn/bridge/management-pass.txt/template-begin b/root/etc/e-smith/templates/etc/openvpn/bridge/management-pass.txt/template-begin new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/templates/etc/openvpn/bridge/management-pass.txt/template-end b/root/etc/e-smith/templates/etc/openvpn/bridge/management-pass.txt/template-end new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/10dev b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/10dev new file mode 100644 index 0000000..6475ea4 --- /dev/null +++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/10dev @@ -0,0 +1,23 @@ +# Virtual Interface Configuration +{ + my $OUT=''; + my $protocol = ${'openvpn-bridge'}{protocol} || 'udp'; + my $port=''; + if ($protocol eq 'udp'){ + $port = ${'openvpn-bridge'}{UDPPort} || '1194'; + } + if ($protocol eq 'tcp'){ + $port = ${'openvpn-bridge'}{TCPPort} || '1194'; + $protocol = 'tcp-server'; + } + my $tapIf = ${'openvpn-bridge'}{tapIf} || 'tap0'; + +$OUT .=<<"HERE"; + +port $port +proto $protocol +dev $tapIf + +HERE + +} diff --git a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/20daemon b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/20daemon new file mode 100644 index 0000000..9b15b89 --- /dev/null +++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/20daemon @@ -0,0 +1,8 @@ +# Drop down privileges +user nobody +group nobody +chroot /etc/openvpn/bridge + +persist-key +persist-tun + diff --git a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/30cert b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/30cert new file mode 100644 index 0000000..4dab628 --- /dev/null +++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/30cert @@ -0,0 +1,18 @@ +# Certificates config +dh pub/dh.pem +ca pub/cacert.pem +cert pub/cert.pem +key priv/key.pem +tls-server + +{ + +$OUT .= "tls-auth priv/takey.pem 0\n" if + (-e "/etc/openvpn/bridge/priv/takey.pem" && + !-z "/etc/openvpn/bridge/priv/takey.pem"); + +} + +# CRL file for certificates verification +crl-verify pub/cacrl.pem + diff --git a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/35encryption b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/35encryption new file mode 100644 index 0000000..e9f3518 --- /dev/null +++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/35encryption @@ -0,0 +1,33 @@ +{ + #HMAC default is SHA1 if empty, we really want higher on new setup, but keep empty for default on existing one... + # need to be changed on both side + my $HMAC = ( ${'openvpn-bridge'}{'HMAC'} ) ? ${'openvpn-bridge'}{'HMAC'} : undef; + # cipher default to BF if empty, we really want higher on new setup, but keep empty for default on existing one... + # # here openvpn uses encrypt-then-mc so no issue using CBC rather than GCM, and GCM not implemented before openvpn 2.4 for data channel + my $cipher = ( ${'openvpn-bridge'}{'Cipher'} && ${'openvpn-bridge'}{'Cipher'} ne 'auto')? ${'openvpn-bridge'}{'Cipher'} : undef; + + ## we do not want any tls 1.1 or lower, this does not break anything to force, unless the client is very old and limited to 1.1 or lower + my $tlsVmin = ( ${'openvpn-bridge'}{'tlsVmin'} && ( ${'openvpn-bridge'}{'tlsVmin'} =~ /^1\.[0-9]{1}$/ ) ) ? ${'openvpn-bridge'}{'tlsVmin'} : "1.2"; + # TLS 1.3 encryption settings + my $tlsCipherSuites13 = ( ${'openvpn-bridge'}{'tlsCipherSuites13'} ) ? ${'openvpn-bridge'}{'tlsCipherSuites13'} : "TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"; + # # TLS 1.2 encryption settings + my $tlsCipher12 = ( ${'openvpn-bridge'}{'tlsCipher12'} ) ? ${'openvpn-bridge'}{'tlsCipher12'} : "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256"; + + + + $OUT .= "#securing control channel\n"; + $OUT .= "tls-version-min $tlsVmin\n"; + $OUT .= "tls-cipher $tlsCipher12\n" if defined $tlsCipher12; + $OUT .= "tls-ciphersuites $tlsCipherSuites13\n" if defined $tlsCipherSuites13; + #$OUT .= "# we might be able to disable dh param with this one, NSA-'s recommended curve\n"; + #$OUT .= "ecdh-curve secp384r1\n"; + + # data channel + $OUT .= "#securing data channel\n"; + $OUT .= (defined $cipher) ? "cipher $cipher\n" : "# no cipher defined default to Blowfish, this is INSECURE, please consider AES-128-CBC or higher on both client and server\n"; + #auth SHA512 + $OUT .= (defined $HMAC )? "auth $HMAC\n" : "# no HMAC defined, default to SHA1, please consider SHA256 or higher on both client and server\n"; + + + +} diff --git a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/40userAuth b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/40userAuth new file mode 100644 index 0000000..e8921df --- /dev/null +++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/40userAuth @@ -0,0 +1,27 @@ +# Plugin for user-auth +{ + my $userAuth = ${'openvpn-bridge'}{userAuth} || 'CrtWithPass'; + if ($userAuth eq 'CrtWithPass'){ + # This the the old default location of the plugin + my $plugin = "/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so"; + # This is the new (since openvpn 2.3.1-2) of the plugin, for x86 + if ( -e "/usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so" ){ + $plugin = "/usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so"; + } + # Same for x86_64 + elsif ( -e "/usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so" ){ + $plugin = "/usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so"; + } + # This is the location for openvpn before 2.3.1-2 + elsif ( -e "/usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so" ){ + $plugin = "/usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so"; + } + # Same for x86_64 + elsif ( -e "/usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so" ){ + $plugin = "/usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so"; + } + $OUT .= "plugin " . $plugin . " login\n"; + } + $OUT .= ''; +} + diff --git a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/50server_mode b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/50server_mode new file mode 100644 index 0000000..c710724 --- /dev/null +++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/50server_mode @@ -0,0 +1,9 @@ +# Server mode +{ + my $OUT = ''; + my $ip = $LocalIP; + my $netmask = $LocalNetmask; + my $min = ${'openvpn-bridge'}{startPool} || ''; + my $max = ${'openvpn-bridge'}{endPool} || ''; + $OUT = "server-bridge $ip $netmask $min $max\n"; +} diff --git a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/60options b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/60options new file mode 100644 index 0000000..15deaca --- /dev/null +++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/60options @@ -0,0 +1,48 @@ +# Options +{ + +my $mtuTest = ${'openvpn-bridge'}{mtuTest} || 'enabled'; +my $tunMtu = ${'openvpn-bridge'}{tunMtu}; +my $fragment = ${'openvpn-bridge'}{fragment}; +my $redirectGW = ${'openvpn-bridge'}{redirectGW} || 'PerClient'; +my $proto = ${'openvpn-bridge'}{protocol} || 'udp'; +my $duplicate = ${'openvpn-bridge'}{duplicateCN} || 'disabled'; +my $passtos = ${'openvpn-bridge'}{PassTOS} || 'enabled'; + +if ($proto eq 'tcp'){ + $mtuTest = 'disabled'; + $fragment = ''; +} + +$OUT .=<<"HERE"; +keepalive 10 120 +push "dhcp-option DOMAIN $DomainName" +push "dhcp-option DNS $LocalIP" +push "dhcp-option WINS $LocalIP" + +HERE + +if ($mtuTest eq 'enabled'){ + $OUT .= "mtu-test\n"; +} +elsif (($mtuTest eq 'disabled')){ + if ($tunMtu ne ''){ + $OUT .= "tun-mtu $tunMtu\n"; + } + if (($proto eq 'udp') && ($fragment ne '')){ + $OUT .= "fragment $fragment\nmssfix\n"; + } +} + +if ($duplicate eq 'enabled'){ + $OUT .= "duplicate-cn\n"; +} + +if ($passtos eq 'enabled'){ + $OUT .= "passtos\n"; +} + +} + +nice 5 + diff --git a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/65routes b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/65routes new file mode 100644 index 0000000..44a4caf --- /dev/null +++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/65routes @@ -0,0 +1,33 @@ +# Routes + +{ + +my $pushRoutes = ${'openvpn-bridge'}{PushLocalNetworks} || 'enabled'; +my $redirectGW = ${'openvpn-bridge'}{redirectGW} || 'PerClient'; + +use esmith::NetworksDB; +my $ndb = esmith::NetworksDB->open_ro() || + die('Can not open Networks DB'); + +my @networks = $ndb->networks(); + +if ($redirectGW eq 'always'){ + $OUT .= "push \"redirect-gateway def1\"\n"; +} +elsif ($pushRoutes eq 'enabled'){ + foreach my $network (@networks) { + my $route = ''; + my $addr = $network->key; + my $mask = $network->prop('Mask'); + my $gw = $network->prop('Router') || ''; + my $vpn = $network->prop('VPN') || ''; + my $doPush = $network->prop('PushRoute') || 'enabled'; + if ( ($gw ne '' || $vpn ne '') && $doPush eq 'enabled' ){ + $route .= "push \"route $addr $mask"; + $route .= " $gw" if ($vpn eq ''); + $OUT .= "$route\"\n"; + } + } +} + +} diff --git a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/70management b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/70management new file mode 100644 index 0000000..e17e9ac --- /dev/null +++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/70management @@ -0,0 +1,7 @@ +# Management interface +{ + my $management = ${'openvpn-bridge'}{'management'} || 'localhost:11194:password'; + my ($host,$port,$pass) = split(/:/,$management); + $OUT ="management $host $port management-pass.txt\n"; + +} diff --git a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/80clients b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/80clients new file mode 100644 index 0000000..286af22 --- /dev/null +++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/80clients @@ -0,0 +1,27 @@ +# Clients options +{ + my $OUT = ''; + my $maxClient = ${'openvpn-bridge'}{maxClients} || '20'; + my $clientToClient = ${'openvpn-bridge'}{clientToClient} || 'disabled'; + my $compLzo = ${'openvpn-bridge'}{compLzo} || 'enabled'; + my $configRequired = ${'openvpn-bridge'}{ConfigRequired} || 'disabled'; + + if ($clientToClient eq 'enabled'){ + $OUT .= "client-to-client\n"; + } + + $OUT .= "client-config-dir ccd\n"; + + if ($configRequired eq 'enabled'){ + $OUT .= 'ccd-exclusive\n'; + } + + $OUT .= "max-clients $maxClient\n"; + + if ( $compLzo eq 'enabled'){ + $OUT .= "comp-lzo adaptive\n"; + $OUT .= "push \"comp-lzo adaptive\"\n"; + } + $OUT .= ''; +} + diff --git a/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/90log b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/90log new file mode 100644 index 0000000..0424b96 --- /dev/null +++ b/root/etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/90log @@ -0,0 +1,9 @@ +# Log +status-version 2 +status bridge-status.txt +{ + my $OUT = ''; + my $verb = ${'openvpn-bridge'}{verbose} || '3'; + $OUT .= "verb $verb\n"; +} +log-append /var/log/openvpn-bridge/openvpn-bridge.log diff --git a/root/etc/e-smith/web/functions/openvpnbridge b/root/etc/e-smith/web/functions/openvpnbridge new file mode 100755 index 0000000..23b7b9a --- /dev/null +++ b/root/etc/e-smith/web/functions/openvpnbridge @@ -0,0 +1,373 @@ +#! /usr/bin/perl -wT +# vim: ft=xml: + +#---------------------------------------------------------------------- +# heading : Configuration +# description : OpenVPN-Bridge +# navigation : 6000 6750 +# +#---------------------------------------------------------------------- +# copyright (C) 2008 Berteaud Daniel +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +#---------------------------------------------------------------------- +use strict; +use esmith::FormMagick; +use esmith::ConfigDB; +use esmith::FormMagick::Panel::openvpnbridge; + +my $fm = esmith::FormMagick::Panel::openvpnbridge->new(); +my $q = $fm->{cgi}; +$fm->display(); + + +__DATA__ + +
+ + + + DESC_FIRST_PAGE + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + DESC_CONFIG_PAGE + + + + + DESC_STATUS + + + + + DESC_AUTH_TYPE + + + + + DESC_START_POOL + + + + + DESC_END_POOL + + + + DESC_HMAC + + + + + DESC_CIPHER + + + + + + + + + // Règles + // Page d'accueil, liste des certificats + + + + DESC_RULES_PAGE + + + + + + DESC_RULES + + + + + + + // Ajout ou modif d'une règle + + + + DESC_ADD_OR_MODIFY_PAGE + + + + + + + DESC_COMMENT + + + + + DESC_RESERVED_IP + + + + + DESC_GW_REDIRECTION + + + + + DESC_ACCESS + + + + + + // Révocation d'un certificat client + + + + DESC_REMOVE_PAGE + + + + + + // Display de la config + + + + + DESC_DISPLAY_CLIENT_CONF + + + + + // Configuration initiale + // CA + + + + DESC_CRT_CONFIG_PAGE + + + + + DESC_CRL_URL + + + + + DESC_CA_PEM + + + + + DESC_CRT_PEM + + + + + DESC_KEY_PEM + + + + + DESC_DH_PEM + + + + + DESC_TA_PEM + + + + + + // Clients connectés + + DESC_CONNECTED_CLIENTS_PAGE + + + + + + // Déconnecter un client + + + + DESC_CLIENT_DISCONECT_PAGE + + + + +
+ diff --git a/root/etc/logrotate.d/openvpn-bridge b/root/etc/logrotate.d/openvpn-bridge new file mode 100644 index 0000000..a2d0b6b --- /dev/null +++ b/root/etc/logrotate.d/openvpn-bridge @@ -0,0 +1,8 @@ +/var/log/openvpn-bridge/*.log{ + monthly + rotate 6 + compress + copytruncate + missingok +} + diff --git a/root/etc/openvpn/ccd-bridge/.config b/root/etc/openvpn/ccd-bridge/.config new file mode 100644 index 0000000..e69de29 diff --git a/root/usr/lib/systemd/system/openvpn-bridge.service b/root/usr/lib/systemd/system/openvpn-bridge.service new file mode 100644 index 0000000..d0fa467 --- /dev/null +++ b/root/usr/lib/systemd/system/openvpn-bridge.service @@ -0,0 +1,27 @@ +[Unit] +Description=OpenVPN Server to Server +After=network.service +After=bridge.service +Requires=bridge.service + +[Service] +Type=notify +PrivateTmp=true +WorkingDirectory=/etc/openvpn/bridge + +ExecStart=/usr/sbin/openvpn --status /var/log/openvpn-bridge/status.log --status-version 2 --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config /etc/openvpn/bridge/openvpn.conf --cd /etc/openvpn/bridge + +PrivateTmp=true +CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE +LimitNPROC=10 +DeviceAllow=/dev/null rw +DeviceAllow=/dev/net/tun rw +ProtectSystem=true +ProtectHome=true +KillMode=process +RestartSec=5s +Restart=on-failure + +[Install] +WantedBy=sme-server.target + diff --git a/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpnbridge.pm b/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpnbridge.pm new file mode 100644 index 0000000..23292b8 --- /dev/null +++ b/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpnbridge.pm @@ -0,0 +1,990 @@ +#!/usr/bin/perl -w + +package esmith::FormMagick::Panel::openvpnbridge; + +use strict; +use warnings; +use esmith::ConfigDB; +use esmith::FormMagick; +use esmith::cgi; +use esmith::util; +use Net::OpenVPN::Manage; +use Net::IP; + +our @ISA = qw(esmith::FormMagick Exporter); + +our @EXPORT = qw( + get_prop + get_status + print_link_status + get_auth_type + get_ip_pool + print_crt_not_ready + print_client_config + print_downloads_links + download_file + print_custom_button + print_section_bar + write_pem + read_pem + disconnect_client + get_cipher_status + get_hmac_status + get_current_hmac + get_current_cipher + get_digests_options + get_ciphers_options +); + +our $config_db = esmith::ConfigDB->open || die "Couldn't open ConfigDB\n"; +our $rules_db = esmith::ConfigDB->open('openvpn-bridge') || esmith::ConfigDB->create('openvpn-bridge'); +our $base_url = "?page=0&page_stack=&Next=Next&wherenext="; + +our $pubdir = '/etc/openvpn/bridge/pub'; +our $privdir = '/etc/openvpn/bridge/priv'; + +*wherenext = \&CGI::FormMagick::wherenext; +sub new { + shift; + my $fm = esmith::FormMagick->new(); + $fm->{calling_package} = (caller)[0]; + bless $fm; + return $fm; +} + +# Retourne le paramètre demandé +sub get_prop{ + my ($fm, $prop, $default) = @_; + return $config_db->get_prop("openvpn-bridge", $prop) || $default; +} + +# Retourne l'état du service +sub get_status{ + my ($fm) = @_; + my $status = get_prop('','status','disabled'); + if ($status eq 'enabled'){ + return $fm->localise('ENABLED'); + } + else{ + return $fm->localise('DISABLED'); + } +} + +# Retourne le mode d'authentification +sub get_auth_type{ + my ($fm) = @_; + my $auth_type = get_prop('','userAuth'); + if ($auth_type eq 'CrtOnly'){ + return $fm->localise('CRT_ONLY'); + } + elsif ($auth_type eq 'CrtWithPass'){ + return $fm->localise('CRT_WITH_PASS'); + } + else{ + return $fm->localise('BAD_VALUE'); + } +} + +# Retourne la plage d'adresses +sub get_ip_pool{ + my ($fm) = @_; + my $start = get_prop('','startPool') || "x.x.x.x"; + my $end = get_prop('','endPool') || "x.x.x.x"; + return "$start - $end"; +} + +# Inscrit les valeurs de la configuration dans la db +sub apply_settings{ + my $fm = shift; + my $q = $fm->{'cgi'}; + + $config_db->set_prop('openvpn-bridge', 'status', $q->param("status")); + $config_db->set_prop('openvpn-bridge', 'userAuth', $q->param("auth_type")); + $config_db->set_prop('openvpn-bridge', 'startPool', $q->param("start_pool")); + $config_db->set_prop('openvpn-bridge', 'endPool', $q->param("end_pool")); + if ($q->param("hmac") eq 'SHA1') { + my $tmpk = $config_db->get('openvpn-bridge'); + $tmpk->delete_prop('HMAC'); + } + else { + $config_db->set_prop('openvpn-bridge', 'HMAC', $q->param("hmac")); + } + if ($q->param("cipher") eq 'BF-CBC') { + my $tmpk = $config_db->get('openvpn-bridge'); + $tmpk->delete_prop('Cipher'); + } + else { + $config_db->set_prop('openvpn-bridge', 'Cipher', $q->param("cipher")); + } + + unless ( system ("/sbin/e-smith/signal-event", "openvpn-bridge-update") == 0 ){ + return $fm->error('ERROR_OCCURED', 'FIRST');; + } + + return $fm->success('SUCCESS','FIRST'); +} + +#status global du lien +sub print_link_status{ + my $fm = shift; + my $q = $fm->{cgi}; + my $common_name = $fm->localise('COMMON_NAME'); + my $real_ip = $fm->localise('REAL_IP'); + my $virtual_ip = $fm->localise('VIRTUAL_IP'); + my $sent = $fm->localise('SENT'); + my $received = $fm->localise('RECEIVED'); + my $connected_since = $fm->localise('CONNECTED_SINCE'); + my $disconnect = $fm->localise('DISCONNECT'); + + # test status db + return get_status($fm) if get_status($fm) eq $fm->localise('DISABLED'); + # test systemd + my $act = `/usr/bin/systemctl is-active openvpn-bridge.service`; + chomp $act; + return "" . $fm->localise('SYSTEMD_RETURNED') . " $act " unless $act eq "active"; + + # On récupère les paramètre et on les parse + my $param = get_prop('',"management"); + my @param = split(/:/,$param); + my $host = $param[0]; + my $port = $param[1]; + my $pass = $param[2]; + + # On cré l'objet vpn + my $vpn = Net::OpenVPN::Manage->new({ + host => $host, + port => $port, + password => $pass, + timeout => 3 + }); + + # On se connecte ou on retourne le message d'erreur + unless($vpn->connect()){ + print "" . $fm->localise('ERROR_CONNECT_TO_MANAGER'). ""; + return ""; + } + my $r = $vpn->status_ref(); + return "" . $fm->localise('UP') ."" if $r->{TITLE}; + return "" . $fm->localise('ERROR') .""; +} + + +# Affiche les connexions en cours +sub print_clients_table{ + my $fm = shift; + my $q = $fm->{cgi}; + my $common_name = $fm->localise('COMMON_NAME'); + my $real_ip = $fm->localise('REAL_IP'); + my $virtual_ip = $fm->localise('VIRTUAL_IP'); + my $sent = $fm->localise('SENT'); + my $received = $fm->localise('RECEIVED'); + my $connected_since = $fm->localise('CONNECTED_SINCE'); + my $disconnect = $fm->localise('DISCONNECT'); + + # On récupère les paramètre et on les parse + my $param = get_prop('',"management"); + my @param = split(/:/,$param); + my $host = $param[0]; + my $port = $param[1]; + my $pass = $param[2]; + + # On cré l'objet vpn + my $vpn = Net::OpenVPN::Manage->new({ + host => $host, + port => $port, + password => $pass, + timeout => 3 + }); + + # On se connecte ou on retourne le message d'erreur + unless($vpn->connect()){ + print $q->Tr($q->td($fm->localise('ERROR_CONNECT_TO_MANAGER'))); + return ""; + } + my $r = $vpn->status_ref(); + + my %virtIP; + my %realIP; + my %remotePort; + my %sentBytes; + my %receivedBytes; + my %connectedSince; + my @commonNames; + my $count = 0; + + foreach( @{$r->{CLIENT_LIST}} ){ + my $CN = $$_[0]; + unshift (@commonNames,$CN); + $virtIP{$_} = $$_[1]; + my @ipPort = split (/:/,$$_[1]); + $realIP{$CN} = $ipPort[0]; + $remotePort{$CN} = $ipPort[1]; + $virtIP{$CN} = $$_[2]; + $receivedBytes{$CN} = $$_[3]/1048576; + $receivedBytes{$CN} = sprintf("%.2f", $receivedBytes{$CN}); + $sentBytes{$CN} = $$_[4]/1048576; + $sentBytes{$CN} = sprintf("%.2f", $sentBytes{$CN}); + $connectedSince{$CN} = $$_[5]; + } + + # Si @commonName est vide, il n'y a aucun client connecté + unless ( scalar @commonNames ){ + print $q->Tr($q->td($fm->localise('NO_CLIENTS_CONNECTED'))); + return ""; + } + + print $q->start_table({-CLASS => "sme-border"}),"\n"; + print $q->Tr ( + esmith::cgi::genSmallCell($q, $common_name,"header"), + esmith::cgi::genSmallCell($q, $real_ip,"header"), + esmith::cgi::genSmallCell($q, $virtual_ip,"header"), + esmith::cgi::genSmallCell($q, $sent,"header"), + esmith::cgi::genSmallCell($q, $received,"header"), + esmith::cgi::genSmallCell($q, $connected_since,"header"), + esmith::cgi::genSmallCell($q, $disconnect,"header", 3)),"\n"; + + foreach my $cn (@commonNames){ + print $q->Tr (esmith::cgi::genSmallCell($q,"$cn"), + esmith::cgi::genSmallCell($q,"$realIP{$cn} ($remotePort{$cn})"), + esmith::cgi::genSmallCell ($q, "$virtIP{$cn}"), + esmith::cgi::genSmallCell ($q, "$sentBytes{$cn}".' MB'), + esmith::cgi::genSmallCell ($q, "$receivedBytes{$cn}".' MB'), + esmith::cgi::genSmallCell ($q, "$connectedSince{$cn}"), + esmith::cgi::genSmallCell ($q, $q->a ({href => $q->url (-absolute => 1). + $base_url."CLIENT_DISCONNECT_PAGE&common_name=". + $cn}, $disconnect))); + + } + print $q->end_table,"\n"; + return ""; +} + +# Retourne la liste des règles +sub print_rules{ + my $fm = shift; + my $q = $fm->{cgi}; + + my @rules = $rules_db->get_all_by_prop(type => 'rule'); + + unless (@rules){ + print $q->Tr($q->td($fm->localise('NO_RULE'))); + return ""; + } + + print $q->start_table({-CLASS => "sme-border"}),"\n"; + print $q->Tr ( + esmith::cgi::genSmallCell( + $q, $fm->localise('COMMON_NAME'),"header"), + esmith::cgi::genSmallCell( + $q, $fm->localise('IP_ADDRESS'),"header"), + esmith::cgi::genSmallCell( + $q, $fm->localise('COMMENT'),"header"), + esmith::cgi::genSmallCell( + $q, $fm->localise('GATEWAY_REDIRECTION'),"header"), + esmith::cgi::genSmallCell( + $q, $fm->localise('ACCESS'),"header"), + esmith::cgi::genSmallCell( + $q, $fm->localise('MODIFY'),"header"), + esmith::cgi::genSmallCell( + $q, $fm->localise('REMOVE'),"header") + ),"\n"; + + + foreach (@rules){ + + my $rule = $_->key; + my $rec_rule = $rules_db->get("$rule"); + + my $ip = $rec_rule->prop("ip") || $fm->localise('DYNAMIC'); + my $gw = $rec_rule->prop("redirectGW") || 'disabled'; + my $access = $rec_rule->prop("access") || 'allowed'; + $gw = ( $gw eq 'enabled') + ? $fm->localise('ENABLED') + : $fm->localise('DISABLED'); + $access = ( $access eq 'allowed') + ? $fm->localise('ALLOWED') + : $fm->localise('DENIED'); + print $q->Tr (esmith::cgi::genSmallCell($q,"$rule"), + esmith::cgi::genSmallCell($q,"$ip"), + esmith::cgi::genSmallCell($q,$rec_rule->prop("comment")), + esmith::cgi::genSmallCell($q,$gw), + esmith::cgi::genSmallCell($q,$access), + esmith::cgi::genSmallCell ($q, + $q->a ({href => $q->url (-absolute => 1). + $base_url."CREATE_OR_MODIFY_RULE_PAGE&action=modify&common_name=".$rule}, $fm->localise('MODIFY'))), + esmith::cgi::genSmallCell ($q, + $q->a ({href => $q->url (-absolute => 1). + $base_url."REMOVE_RULE_PAGE&common_name=".$rule}, $fm->localise('REMOVE')))); + } + print $q->end_table,"\n"; + return ""; +} + +# Ajouter ou modifier une règle +sub create_or_modify_rule{ + my ($fm) = @_; + my $q = $fm->{cgi}; + my $rule = $q->param('common_name'); + my $comment = $q->param('comment'); + my $ip = $q->param('reserved_ip'); + my $gw_redirection = $q->param('gw_redirection'); + my $access = $q->param('access'); + my $action = $q->param('action'); + + if ($action eq 'create'){ + if ($rules_db->get($rule)){ + $fm->error('CN_CONFLICT','RULES_PAGE'); + return undef; + } + my $msg = $fm->validate_common_name($rule); + unless ($msg eq "OK"){ + return $fm->error($msg,'RULES_PAGE'); + } + else{ + $rules_db->new_record( + $rule,{ + comment => $comment, + ip => $ip, + redirectGW => $gw_redirection, + access => $access, + type => 'rule', + } + ); + } + + $fm->success('SUCCESS','RULES_PAGE'); + } + elsif ($action eq 'modify'){ + my $rec_rule = $rules_db->get($rule); + $rec_rule->set_prop('comment',$comment); + $rec_rule->set_prop('ip',$ip); + $rec_rule->set_prop('redirectGW',$gw_redirection); + $rec_rule->set_prop('access',$access); + } + unless ( system ("/sbin/e-smith/signal-event", "openvpn-bridge-reload-ccd") == 0 ){ + $fm->error('ERROR_OCCURED','RULES_PAGE'); + return undef; + } + $fm->success('SUCCESS','RULES_PAGE'); +} + +# Afficher le champ Nom Commun +sub print_common_name_field { + my $fm = shift; + my $q = $fm->{cgi}; + my $rule = $fm->{cgi}->param('common_name') || ''; + my $action = $fm->{cgi}->param('action') || ''; + print qq() . $fm->localise('DESC_COMMON_NAME').qq(); + print qq() . + $fm->localise('COMMON_NAME') . qq(\n); + if ($action eq 'modify' and $rule) { + print qq( + $rule + + + + ); + + my $rec_rule = $rules_db->get($rule); + if ($rec_rule){ + $q->param(-name=>'comment',-value=> + $rec_rule->prop('comment')); + $q->param(-name=>'reserved_ip',-value=> + $rec_rule->prop('ip')); + $q->param(-name=>'gw_redirection',-value=> + $rec_rule->prop('redirectGW')); + $q->param(-name=>'access',-value=> + $rec_rule->prop('access')); + } + } + else { + print qq( + + + + ); + } + + print qq(\n); + return undef; +} + + +sub print_rule_to_remove{ + my ($fm) = @_; + my $q = $fm->{cgi}; + my $rule = $q->param('common_name'); + my $rec_rule = $rules_db->get($rule); + my $comment = $rec_rule->prop('comment'); + + print $q->Tr( + $q->td( + { -class => 'sme-noborders-label' }, + $fm->localise('COMMON_NAME') + ), + $q->td( { -class => 'sme-noborders-content' }, $rule ) + ), + "\n"; + print $q->Tr( + $q->td( + { -class => 'sme-noborders-label' }, + $fm->localise('COMMENT') + ), + $q->td( { -class => 'sme-noborders-content' }, $comment ) + ), + "\n"; + + print $q->table( + { -width => '100%' }, + $q->Tr( + $q->th( + { -class => 'sme-layout' }, + $q->submit( + -name => 'cancel', + -value => $fm->localise('CANCEL') + ), + ' ', + $q->submit( + -name => 'remove', + -value => $fm->localise('REMOVE') + ) + ) + ) + ), + "\n"; + + # Clear these values to prevent collisions when the page reloads. + $q->delete("cancel"); + $q->delete("remove"); + + return undef; +} + +sub print_client_to_disconnect{ + my ($fm) = @_; + my $q = $fm->{cgi}; + my $cn = $q->param('common_name'); + + print $q->Tr( + $q->td( + { -class => 'sme-noborders-label' }, + $fm->localise('COMMON_NAME') + ), + $q->td( { -class => 'sme-noborders-content' }, $cn ) + ), + "\n"; + + print $q->table( + { -width => '100%' }, + $q->Tr( + $q->th( + { -class => 'sme-layout' }, + $q->submit( + -name => 'cancel', + -value => $fm->localise('CANCEL') + ), + ' ', + $q->submit( + -name => 'disconnect', + -value => $fm->localise('DISCONNECT') + ) + ) + ) + ), + "\n"; + + # Clear these values to prevent collisions when the page reloads. + $q->delete("cancel"); + $q->delete("disconnect"); + + return undef; +} + +sub disconnect_client{ + my ($fm) = @_; + my $q = $fm->{cgi}; + my $cn = $q->param('common_name'); + # On récupère les paramètre et on les parse + my $param = get_prop('',"management"); + my @param = split(/:/,$param); + my $host = $param[0]; + my $port = $param[1]; + my $pass = $param[2]; + my $vpn = Net::OpenVPN::Manage->new({ + host => $host, + port => $port, + password => $pass, + timeout => 3 + }); + unless($q->param('cancel')){ + unless($vpn->connect()){ + $fm->error('ERROR_CONNECT_TO_MANAGER','SHOW_CLIENTS_PAGE'); + return undef; + } + unless($vpn->kill($cn)){ + $fm->error('ERROR_CONNECT_TO_MANAGER','SHOW_CLIENTS_PAGE'); + return undef; + } + $fm->success('CLIENT_DISCONNECTED','SHOW_CLIENTS_PAGE'); + return undef; + } + $fm->error('CANCELED','SHOW_CLIENTS_PAGE'); + return undef; +} + +sub print_crt_not_ready_warning{ + my ($fm) = @_; + + # First, check the service "bridge" is running + my $bridge = $config_db->get_prop('bridge', 'status') || 'disabled'; + + unless ($bridge eq 'enabled'){ + return $fm->localise('BRIDGE_NOT_ENABLED'); + } + + # If any of the required files is missing or empty + # Warn the user + if ( + (( -z "$pubdir/cacert.pem" ) || ( ! -e "$pubdir/cacert.pem" )) || + (( -z "$pubdir/cert.pem") || ( ! -e "$pubdir/cert.pem" )) || + (( -z "$privdir/key.pem") || ( ! -e "$privdir/key.pem" )) || + (( -z "$pubdir/cacrl.pem") || ( ! -e "$pubdir/cacrl.pem" )) || + (( -z "$pubdir/dh.pem") || ( ! -e "$pubdir/dh.pem" )) + ){ + + return $fm->localise('CRT_CONFIG_ERROR'); + } + return $fm->localise('CRT_CONFIG_OK'); +} + +sub print_client_config{ + my ($fm) = @_; + my $q = $fm->{cgi}; + my $proto = get_prop('','proto','udp'); + $proto = 'tcp-client' if ($proto eq 'tcp'); + my $port = ($proto eq 'udp' ? (get_prop('','UDPPort','1194')):(get_prop('','TCPPort','1194'))); + my $mtutest = get_prop('','mtuTest','enabled'); + my $fragment = get_prop('','fragment',''); + my $tunmtu = get_prop('','tunMtu',''); + my $cipher = get_prop('','Cipher',''); + my $hmac = get_prop('','HMAC',''); + if ($proto eq 'tcp'){ + $mtutest = 'disabled'; + $fragment = ''; + } + my $fic = ''; + + $fic .= "rport $port\n"; + $fic .= "proto $proto\n"; + $fic .= "dev tap\n"; + $fic .= "nobind\n"; + $fic .= "# Uncomment the following line if your system\n# support passtos (not supported on Windows)\n"; + $fic .= "# passtos\n"; + $fic .= "remote ".$config_db->get('SystemName')->value.".".$config_db->get('DomainName')->value."\n\n"; + $fic .= "tls-client\n"; + $fic .= "tls-auth takey.pem 1\n" + if (( -e "$privdir/takey.pem")&&( !-z "$privdir/takey.pem")); + $fic .= "ns-cert-type server\n\n"; + $fic .= "cipher $cipher\n" if (($cipher ne '') && ($cipher ne 'auto')); + $fic .= "auth $hmac\n" if (($hmac ne '') && ($hmac ne 'auto')); + $fic .= "\n"; + $fic .= (get_prop('','userAuth','CrtWithPass') eq 'CrtWithPass' ? "auth-user-pass\n\n" : "\n"); + $fic .= "\n"; + if ($mtutest eq 'enabled'){ + $fic .= "mtu-test\n"; + } + elsif (($mtutest eq 'disabled')){ + if ($tunmtu ne ''){ + $fic .= "tun-mtu $tunmtu\n"; + } + if (($proto eq 'udp') && ($fragment ne '')){ + $fic .= "fragment $fragment\nmssfix\n"; + } + } + $fic .= "comp-lzo\n"; + $fic .= "pull\n"; + $fic .= "\n"; + $fic .= "# Uncomment and replace user.p12 \n# with the certificate bundle in PKCS12 format\n"; + $fic .= "#pkcs12 user.p12\n\n"; + $fic .= "# You can replace the pkcs12\n# directive with the old ones\n"; + $fic .= "#ca cacert.pem\n#cert user.pem\n#key user-key.pem\n\n"; + $fic .= "# Alternatively you can paste your cert and private key here:\n"; + #infile file support + $fic .= "# client certificate - uncomment and paste between delimiters \n"; + $fic .= "#\n"; + $fic .= "#\n"; + $fic .= "# client private key - uncomment and paste between delimiters\n"; + $fic .= "#\n"; + $fic .= "#\n"; + $fic .= "\n"; + $fic .= "# CA certificate\n"; + $fic .= "\n"; + $fic .= read_pem($fm,'cacert.pem')."\n"; + $fic .= "\n"; + if (( -e "$privdir/takey.pem")&&( !-z "$privdir/takey.pem")) { + $fic .= "\n# Shared TLS key\n"; + $fic .= "\n"; + $fic .= read_pem($fm,'takey.pem')."\n"; + $fic .= "\n"; + } + + + print(esmith::cgi::genTextRow($q, + $q->textarea ( + -name => "config_file", + -override => 1, + -default => $fic, + -rows => 30, + -columns => 100) + ) + ); + return ""; +} + + +sub remove_rule{ + my ($fm) = @_; + my $q = $fm->{cgi}; + my $rule = $q->param('common_name'); + unless($q->param("cancel")){ + unless ($rules_db->get($rule)->delete()){ + $fm->error('ERROR_OCCURED','RULES_PAGE'); + return undef; + } + unless (system ("/sbin/e-smith/signal-event", "openvpn-bridge-reload-ccd") == 0 ){ + $fm->error('ERROR_OCCURED','RULES_PAGE'); + return undef; + } + $fm->success('SUCCESS','RULES_PAGE'); + return undef; + } + $fm->error('CANCELED','RULES_PAGE'); + return undef; +} + +sub print_custom_button{ + my ($fm,$desc,$url) = @_; + my $q = $fm->{cgi}; + $url="openvpnbridge?page=0&page_stack=&Next=Next&wherenext=".$url; + + print " \n \n"; + print $q->p($q->a({href => $url, -class => "button-like"}, + $fm->localise($desc))); + print qq(\n); + return undef; +} + +sub print_section_bar{ + my ($fm) = @_; + print " \n \n"; + print "
\n"; + return undef; +} + +sub read_pem{ + my ($fm,$pem) = @_; + my $q = $fm->{cgi}; + my $dir = ''; + my $ret; + if (($pem eq 'cacert.pem') || ($pem eq 'cert.pem') || ($pem eq 'dh.pem')){ + $dir = $pubdir; + } + elsif (($pem eq 'key.pem') || ($pem eq 'takey.pem')){ + $dir = $privdir; + } + + if (! open (PEM, "<$dir/$pem")){ + $fm->error('ERROR_OPEN_PEM','FIRST'); + # Tell the user something bad has happened + return; + } + while (){ + $ret .= $_; + } + close PEM; + + return $ret; +} + +sub write_pem{ + my ($fm) = @_; + my $q = $fm->{cgi}; + + my $ca = $q->param('ca_pem'); + my $crt = $q->param('crt_pem'); + my $key = $q->param('key_pem'); + my $dh = $q->param('dhpar_pem'); + my $ta = $q->param('ta_pem'); + + $config_db->set_prop('openvpn-bridge', 'CrlUrl', $q->param('crl_url')); + + if (! open (CA, ">$pubdir/cacert.pem")){ + $fm->error('ERROR_OPEN_CA','FIRST'); + # Tell the user something bad has happened + return; + } + print CA $ca; + close CA; + + if (! open (CRT, ">$pubdir/cert.pem")){ + $fm->error('ERROR_OPEN_CRT','FIRST'); + # Tell the user something bad has happened + return; + } + print CRT $crt; + close CRT; + + if (! open (KEY, ">$privdir/key.pem")){ + $fm->error('ERROR_OPEN_KEY','FIRST'); + # Tell the user something bad has happened + return; + } + print KEY $key; + close KEY; + chmod(0600, "$privdir/key.pem" ); + esmith::util::chownFile("root", "root","$privdir/key.pem" ); + if (! open (DH, ">$pubdir/dh.pem")){ + $fm->error('ERROR_OPEN_DH','FIRST'); + # Tell the user something bad has happened + return; + } + print DH $dh; + close DH; + + if (! open (TA, ">$privdir/takey.pem")){ + $fm->error('ERROR_OPEN_TA','FIRST'); + # Tell the user something bad has happened + return; + } + print TA $ta; + close TA; + chmod(0600, "$privdir/takey.pem" ); + esmith::util::chownFile("root", "root","$privdir/takey.pem" ); + + # Restrict permissions on sensitive data + esmith::util::chownFile("root", "root","$privdir"); + esmith::util::chownFile("root", "root","$pubdir"); + chmod 0700, "$privdir"; + chmod 0755, "$pubdir"; + + unless(system("/sbin/e-smith/signal-event openvpn-bridge-update") == 0){ + $fm->error('ERROR_OCCURED','RULES_PAGE'); + return undef; + } + $fm->success('SUCCESS','FIRST'); + return undef; +} + + +# Validations + +sub is_ip{ + my ($fm,$ip) = @_; + return CGI::FormMagick::Validator::ip_number($fm, $ip); +} + +sub ip_is_in_local_net { + my ($fm,$ip) = @_; + + unless(is_ip($fm, $ip) eq 'OK'){ + return $fm->localise('NOT_A_VALID_IP',{ip => $ip}); + } + + my $local_ip = $config_db->get('LocalIP')->value(); + my $local_netmask = $config_db->get('LocalNetmask')->value; + my ($local_network, $local_broadcast) = + esmith::util::computeNetworkAndBroadcast( $local_ip, $local_netmask ); + + my ($ip_network,$ip_broadcast) = + esmith::util::computeNetworkAndBroadcast($ip, $local_netmask); + + if ($ip_network ne $local_network){ + return $fm->localise('NOT_IN_LOCAL_NET',{ip => $ip}); + } + return "OK"; +} + +sub ip_is_in_local_net_or_blank { + my ($fm,$ip) = @_; + + if ($ip eq ''){ + return 'OK'; + } + return ip_is_in_local_net ($fm,$ip); +} + +sub end_is_after_start{ + my ($fm,$end) = @_; + my $start = $fm->{cgi}->param('start_pool'); + my $start_ip = new Net::IP($start); + my $end_ip = new Net::IP($end); + unless ($end_ip->bincomp('gt',$start_ip)){ + return $fm->localise('START_AFTER_END'); + } + return 'OK'; +} + +sub not_in_dhcp_range +{ + my $fm = shift; + my $address = shift; + my $status = $config_db->get('dhcpd')->prop('status') || "disabled"; + return "OK" unless $status eq "enabled"; + my $start = $config_db->get('dhcpd')->prop('start'); + my $end = $config_db->get('dhcpd')->prop('end'); + if (esmith::util::IPquadToAddr($start) + <= esmith::util::IPquadToAddr($address) + && + esmith::util::IPquadToAddr($address) + <= esmith::util::IPquadToAddr($end)){ + return $fm->localise("ADDR_IN_DHCP_RANGE",{ip => $address}); + } + else{ + return "OK"; + } +} + +sub validate_common_name +{ + my ($fm, $common_name) = @_; + + unless ($common_name =~ /^([a-zA-Z0-9][\_\.\-a-zA-Z0-9]*)$/){ + return $fm->localise('INVALID_CHARS',{string => $common_name}); + } + return "OK"; +} + +sub is_url +{ + my ($fm, $url) = @_; + + unless ($url =~ /^(http:\/\/)|(https:\/\/)/){ + return $fm->localise('NOT_A_VALID_URL',{string => $url}); + } + return "OK"; +} + +###### those could almost be copy paste for bridge and s2s +## +=head2 get_hmac_status + +=cut +sub get_hmac_status{ + my ($fm) = @_; + my $hmac = get_current_hmac(); + $hmac= "". $fm->localise('CHANGEME_INSECURE'). ": $hmac " unless ($hmac eq "whirlpool" || $hmac =~ /(512|256|384|224)$/); + return $hmac; +} + +=head2 get_cipher_status +list obtained using +openvpn --show-digests | egrep 'digest size' | awk {'print "'\''" $1 "'\'' => '\''" $1 "'\''," '} +=cut +sub get_cipher_status{ + my ($fm) = @_; + my $cipher = get_current_cipher(); + $cipher = "". $fm->localise('CHANGEME_INSECURE'). ": $cipher " unless ($cipher =~ /(128|192|256|512|SEED)/ ); + return $cipher; +} + +=head2 get_current_hmac + +=cut +sub get_current_hmac{ + my ($self) = @_; + my $cvpn= $config_db->get('openvpn-bridge') or return "SHA256" ; + return "SHA1" unless defined $cvpn->prop('HMAC'); + return $cvpn->prop('HMAC') ; +} + +=head2 get_current_cipher +list obtained using +openvpn --show-digests | egrep 'digest size' | awk {'print "'\''" $1 "'\'' => '\''" $1 "'\''," '} +=cut +sub get_current_cipher{ + my ($self) = @_; + my $cvpn= $config_db->get('openvpn-bridge') or return "AES-128-CBC"; + return "BF-CBC" unless defined $cvpn->prop('Cipher'); + return $cvpn->prop('Cipher') ; +} + + +=head2 get_digests_options + +=cut +sub get_digests_options{ + my ($self) = @_; + my $translate = $self->localise('DEFAULT'); + my $suggested = $self->localise('SUGGESTED'); + my %options= ( + 'whirlpool' => 'whirlpool (512)', + 'SHA512' => 'SHA512', + 'SHA384' => 'SHA384', + 'SHA256' => 'SHA256' . ": $suggested", + 'SHA224' => 'SHA224', + 'SHA1' => 'SHA1 (160)' . ": $translate", + 'SHA' => 'SHA (160)', + 'ecdsa-with-SHA1' => 'ecdsa-with-SHA1 (160)', + 'RIPEMD160' => 'RIPEMD160', + 'MD5' => 'MD5 (128)', + 'MD4' => 'MD4 (128)', + ); + return \%options; +} + + +=head2 get_ciphers_options +list obtained using +openvpn --show-ciphers | egrep '^[A-Z]{2}' | sed 's/ by//; s/ default//; s/block,/block/; s/)// ' | awk {'print " '\''" $1 "'\'' => '\''" $1 $2 " " $4 " " $5 " " $7")'\''," '} +then reduced to remove most of insecure ciphers +Using a CBC or GCM mode is recommended. +In static key mode only CBC mode is allowed. + +=cut +sub get_ciphers_options{ + my ($self) = @_; + my $translate = $self->localise('DEFAULT'); + my $suggested = $self->localise('SUGGESTED'); + my %options= ( + 'AES-128-CBC' => 'AES-128-CBC (128 key, 128 block)'.": $suggested", + 'AES-128-CFB' => 'AES-128-CFB (128 key, 128 block)', + 'AES-128-CFB1' => 'AES-128-CFB1 (128 key, 128 block)', + 'AES-128-CFB8' => 'AES-128-CFB8 (128 key, 128 block)', + 'AES-128-GCM' => 'AES-128-GCM (128 key, 128 block)', + 'AES-128-OFB' => 'AES-128-OFB (128 key, 128 block)', + 'AES-192-CBC' => 'AES-192-CBC (192 key, 128 block)', + 'AES-192-CFB' => 'AES-192-CFB (192 key, 128 block)', + 'AES-192-CFB1' => 'AES-192-CFB1 (192 key, 128 block)', + 'AES-192-CFB8' => 'AES-192-CFB8 (192 key, 128 block)', + 'AES-192-GCM' => 'AES-192-GCM (192 key, 128 block)', + 'AES-192-OFB' => 'AES-192-OFB (192 key, 128 block)', + 'AES-256-CBC' => 'AES-256-CBC (256 key, 128 block)', + 'AES-256-CFB' => 'AES-256-CFB (256 key, 128 block)', + 'AES-256-CFB1' => 'AES-256-CFB1 (256 key, 128 block)', + 'AES-256-CFB8' => 'AES-256-CFB8 (256 key, 128 block)', + 'AES-256-GCM' => 'AES-256-GCM (256 key, 128 block)', + 'AES-256-OFB' => 'AES-256-OFB (256 key, 128 block)', + 'CAMELLIA-128-CBC' => 'CAMELLIA-128-CBC (128 key, 128 block)', + 'CAMELLIA-128-CFB' => 'CAMELLIA-128-CFB (128 key, 128 block)', + 'CAMELLIA-128-CFB1' => 'CAMELLIA-128-CFB1 (128 key, 128 block)', + 'CAMELLIA-128-CFB8' => 'CAMELLIA-128-CFB8 (128 key, 128 block)', + 'CAMELLIA-128-OFB' => 'CAMELLIA-128-OFB (128 key, 128 block)', + 'CAMELLIA-192-CBC' => 'CAMELLIA-192-CBC (192 key, 128 block)', + 'CAMELLIA-192-CFB' => 'CAMELLIA-192-CFB (192 key, 128 block)', + 'CAMELLIA-192-CFB1' => 'CAMELLIA-192-CFB1 (192 key, 128 block)', + 'CAMELLIA-192-CFB8' => 'CAMELLIA-192-CFB8 (192 key, 128 block)', + 'CAMELLIA-192-OFB' => 'CAMELLIA-192-OFB (192 key, 128 block)', + 'CAMELLIA-256-CBC' => 'CAMELLIA-256-CBC (256 key, 128 block)', + 'CAMELLIA-256-CFB' => 'CAMELLIA-256-CFB (256 key, 128 block)', + 'CAMELLIA-256-CFB1' => 'CAMELLIA-256-CFB1 (256 key, 128 block)', + 'CAMELLIA-256-CFB8' => 'CAMELLIA-256-CFB8 (256 key, 128 block)', + 'CAMELLIA-256-OFB' => 'CAMELLIA-256-OFB (256 key, 128 block)', + 'SEED-CBC' => 'SEED-CBC (128 key, 128 block)', + 'SEED-CFB' => 'SEED-CFB (128 key, 128 block)', + 'SEED-OFB' => 'SEED-OFB (128 key, 128 block)', + 'BF-CBC' => 'BF-CBC(128 key, 64 block)'. ": $translate ", + ); + return \%options; +} + +1; diff --git a/smeserver-openvpn-bridge.spec b/smeserver-openvpn-bridge.spec new file mode 100644 index 0000000..b2dd009 --- /dev/null +++ b/smeserver-openvpn-bridge.spec @@ -0,0 +1,362 @@ +# $Id: smeserver-openvpn-bridge.spec,v 1.17 2024/09/06 01:23:30 terryfage Exp $ +# Authority: vip-ire +# Name: Daniel Berteaud + +Summary: OpenVPN, a strong VPN solution build over SSL, pre-configured for bridge mode +%define name smeserver-openvpn-bridge +Name: %{name} +%define version 2.1 +%define release 24 +Version: %{version} +Release: %{release}%{?dist} +License: GPL +Group: Networking/Remote access +Source: %{name}-%{version}.tar.xz + + +BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot +BuildArchitectures: noarch + +BuildRequires: e-smith-devtools + +Provides: perl(esmith::FormMagick::Panel::openvpnbridge) +Requires: e-smith-base +Requires: openvpn +Requires: smeserver-bridge-interface +Requires: perl(Net::OpenVPN::Manage) +Obsoletes: smeserver-openvpn-bridge-fws +Obsoletes: smeserver-openvpn-bridge.fws + +%description +This package contains all the needed scripts and templates +to have a full working openvpn server running in bridge mode. + +%changelog +* Sat Sep 07 2024 cvs2git.sh aka Brian Read 2.1-24.sme +- Roll up patches and move to git repo [SME: 12338] + +* Sat Sep 07 2024 BogusDateBot +- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, + by assuming the date is correct and changing the weekday. + +* Fri Sep 06 2024 Terry Fage 2.1-23.sme +- apply locale 2024-09-06.patch + +* Wed Nov 23 2022 Jean-Philippe Pialasse 2.1-22.sme +- log to dedicated file [SME: 12242] +- use locale timezone for logging [SME: 6155] + +* Fri Nov 11 2022 Jean-Philippe Pialasse 2.1-19.sme +- apply locale 2022-11-1 patch + +* Sat Jul 30 2022 Jean-Philippe Pialasse 2.1-18.sme +- add Provides perl(esmith::FormMagick::Panel::openvpnbridge) + +* Sat Jul 30 2022 Brian Read 2.1-17.sme +- Re-build and link to latest devtools [SME: 11997] + +* Sat Jul 23 2022 Jean-Philippe Pialasse 2.1-16.sme +- add to core backup [SME: 12018] + +* Wed Sep 08 2021 Terry Fage 2.1-15.sme +- apply locale 2021-09-08 patch + +* Mon Aug 23 2021 Terry Fage 2.1-14.sme +- apply locale 2021-08-23 patch + +* Wed Mar 31 2021 Jean-Philippe Pialasse 2.1-13.sme +- default AES-128-CBC and SHA256 fix [SME: 11335] +- better frist screen with information on link and hnac and cipher +- better client default configuration with embded shared key and CAcert +- migrate cipher to Cipher like routed and s2s usage +- HMAC and Cipher are accessible to change using the manager. +- Re-build and link to latest devtools typos in translations [SME: 6647] + +* Tue Mar 23 2021 Jean-Philippe Pialasse 2.1-12.sme +- Re-build and link to latest devtools permisison issue on private keys [SME: 11335] +- rework unit file + avoid failure, add ncp cipher, add loging status +- add default cipher AES-256-CBC - if issue with older clients < 2.4 + it is advised to set it to 'auto' or BF-CBC + +* Thu Feb 04 2021 Brian Read 2.1-11.sme +- Initial import to SME10 [SME: 11335] +- Add-in-systemd-startup + +* Sat Dec 07 2019 SME Translation Server 2.1-10.sme +- apply locale 2019-12-07 patch + +* Thu Nov 15 2018 John Crisp 2.1-9.sme +- Add option to enable/doisable PushRoute [SME: 10547] + +* Sat Dec 02 2017 SME Translation Server 2.1-8.sme +- apply locale 2017-12-02 patch + +* Wed Feb 01 2017 Jean-Philipe Pialasse 2.1-7.sme +- apply locale 2017-02-02.patch + +* Sat May 7 2016 Daniel Berteaud 2.1-6.sme +- Typo in en-us locale for the panel [SME: 9301] + +* Wed Feb 10 2016 Daniel Berteaud 2.1-5.sme +- Remove obsolete libpam.so symlink so AutoReqProv do not add a dep on i686 + pam + +* Mon Feb 8 2016 Daniel Berteaud 2.1-4.sme +- Create /etc/openvpn/bridge/dev/urandom [SME: 9238] + +* Thu Aug 6 2015 Daniel Berteaud 2.1-3.sme +- Add routes for s2s virtual IP + +* Tue Feb 17 2015 Daniel Berteaud 2.1-2.sme +- Apply locale 2015-02-17 patch + +* Mon Nov 11 2013 Daniel B. 2.1-1.sme +- Rebuild for SME9 + +* Sun Jul 14 2013 JP Pialasse 2.0-50.sme +- apply locale 2013-07-14 patch + +* Thu Jun 6 2013 Daniel B. 2.0-49.sme +- Fix plugin directory for x86_64 [SME: 7658] + +* Fri Mar 22 2013 Daniel B. 2.0-48.sme +- Fix spelling in en-us panel [SME: 7507] + +* Mon Oct 08 2012 Daniel B. 2.0-47.sme +- Create a tmp dir (needed for openvpn 2.2.2) + +* Tue Mar 20 2012 SME Translation Server 2.0-46.el6 +- apply locale 2012-03-20 patch + +* Wed Apr 27 2011 SME Translation Server 2.0-45.sme +- apply locale 2011-04-27 patch + +* Sun Mar 06 2011 SME Translation Server 2.0-44.sme +- apply locale 2011-03-06 patch + +* Thu Feb 17 2011 Daniel B. 2.0-43.sme +- Fix a typo in the panel [SME: 6509] + +* Tue Jan 25 2011 Daniel B. 2.0-42.sme +- Stop disabling service on rpm removal (spec change only) + +* Tue Jan 25 2011 Daniel B. 2.0-41.sme +- Add comp-lzo option back into client conf file + +* Tue Oct 26 2010 Daniel B. 2.0-40.sme +- Add PassTOS DB key to enable/disable passtos +- Enhance routes push (work with s2s contrib) + +* Tue Oct 19 2010 Daniel B. 2.0-39.sme +- templates cleanup +- DB prop to disable local networks routes push to client + +* Mon Jul 19 2010 Daniel B. 2.0-38.sme +- apply locale 2010-07-19 patc + +* Wed Jun 02 2010 Daniel B. 2.0-37.sme +- apply locale 2010-06-02 patch +- use multilog timestamp + +* Wed May 12 2010 Daniel B. 2.0-36.sme +- Comment the passtos option as it's not supported on Windows + +* Fri Apr 30 2010 Daniel B. 2.0-35.sme +- add the passtos option +- push the comp-lzo option to the client +- apply locale 2010-04-29 patch + +* Tue Mar 02 2010 SME Translation Server 2.0-34.sme +- apply locale 2010-03-02 patch + +* Wed Nov 18 2009 Daniel B. 2.0-33.sme +- code cleanup + +* Tue Nov 17 2009 Daniel B. 2.0-32.sme +- apply locale 2009-11-17 patch +- Fix CRL update on event (openvpn-bridge-update) + +* Tue Oct 27 2009 SME Translation Server 2.0-31.sme +- apply locale 2009-10-27 patch + +* Wed Oct 21 2009 Daniel B. 2.0-30.sme +- apply locale 2009-10-21 patch + +* Tue Sep 29 2009 Daniel B. 2.0-29.sme +- Put tls-client directive in client config file even when additional TLS + auth is disabled (required for the main TLS auth) [SME: 5495] +- apply locale 2009-09-28 patch + +* Mon Aug 24 2009 SME Translation Server 2.0-28.sme +- apply locale 2009-08-24 patch + +* Wed Jul 22 2009 Daniel B. 2.0-27.sme +- apply locale 2009-07-22 patch + +* Thu Jun 25 2009 Daniel B. 2.0-26.sme +- expand config and restart the service when local networks are added + or removed so the new routes are pushed + +* Tue May 26 2009 Daniel B. 2.0-25.sme +- apply locale 2009-05-26 patch + +* Sun May 24 2009 Daniel B. 2.0-24.sme +- apply locale 2009-05-24 patch + +* Thu Apr 30 2009 Daniel B. 2.0-23.sme +- apply local 2009-04-30 patch + +* Mon Apr 27 2009 SME Translation Server 2.0-22.sme +- apply locale 2009-04-27 patch + +* Tue Apr 14 2009 Daniel B. [2.0-21] +- Fixe permissions on public directory (pub and ccd) which must be readable + by everyone (especially user nobody) + +* Sun Apr 12 2009 Daniel B. [2.0-20] +- remove obsolete init scripts reset-openvpn and openvpn-bridge + +* Wed Mar 18 2009 Daniel B. [2.0-19] +- Do not add cipher directive in client configuration file if set to 'auto' + +* Wed Mar 11 2009 Daniel B. [2.0-18] +- Compatibility with openvpn 2.1 (detect plugin dir location) [SME: 5060] + +* Mon Mar 09 2009 Daniel B. [2.0-17] +- Add smeserver-bridge-interface as dependency +- Update spec description + +* Tue Mar 03 2009 SME Translation Server [2.0-16] +- apply locale 2009-03-03 patch + +* Tue Mar 03 2009 Jonathan Martens [2.0-15] +- Fix some more errors in the en-us locale +- Remove tabs from SPEC file as some editors act weird with them, e.g. nano + +* Tue Mar 03 2009 Jonathan Martens [2.0-14] +- Fix some grammar errors in the en-us locale + +* Tue Mar 03 2009 Jonathan Martens [2.0-13] +- Fix a typo in the en-us locale + +* Tue Mar 03 2009 Shad L. Lords [2.0-12] +- Fix xml language tag to be correct + +* Tue Mar 03 2009 Shad L. Lords [2.0-11] +- Remove duplicate translations that break pootle + +* Tue Mar 03 2009 Shad L. Lords [2.0-10] +- Rename locale/en to locale/en-us to pootle works + +* Tue Mar 03 2009 Daniel B. [2.0-9] +- Apply locale patch fr 1 +- Add e-smith-devtools as a build dependency + +* Thu Jan 29 2009 Daniel B. [2.0-8] +- Fix an error with the creation of the db + +* Wed Jan 28 2009 Daniel B. [2.0-7] +- Cleanly create openvpn-bridge db + +* Fri Jan 16 2009 Daniel B. [2.0-6] +- Just warn if openvpn db is missing +- Fix certificates check +- Warn if bridge service isn't enabled +- Configure the CRL update URL + +* Mon Jan 12 2009 Daniel B. [2.0-5] +- localization patch + +* Mon Dec 22 2008 Daniel B. [2.0-4] +- Add validate_common_name routine + +* Fri Dec 19 2008 Daniel B. [2.0-3] +- Added option configRequired (accept only certificate listed in the rules section) +- Clean config templates + +* Tue Dec 16 2008 Daniel B. [2.0-2] +- Add missing pull directive in client config + +* Fri Dec 12 2008 Daniel B. [2.0-1] +- Remove useless migrate fragment (now handled by the bridge package) + +* Thu Dec 04 2008 Daniel B. [2.0-0] +- The bridge stuff is now in a separated rpm +- Restarting the service doesn't cut the InternalInterface + as the bridge isn't restarted +- Correct (truely this time) the bug with dhcpd looping +- Panel re-writen in FormMagick (much more simple now) +- Removed the certificate manager, now handled by phpki +- Real-time clients info using Net::OpenVPN::Manage +- Routes to local networks are pushed to clients + +* Tue Feb 06 2007 Daniel Berteaud +- [1.1-1] +- Bugs fixes (repported by Stephan Braunstein) +- corrections in the en language + +* Tue Feb 06 2007 Daniel Berteaud +- [1.1-0] +- panel enhancement +- little correction in the local file + +* Mon Dec 11 2006 Daniel Berteaud +- [1.0-3] +- correction of permissions on startup and shutdown scripts +- little correction in the local file + +* Fri Dec 08 2006 Daniel Berteaud +- [1.0-2] +- Added missing directory keys/bridge + +* Wed Dec 06 2006 Daniel Berteaud +- [1.0-1] +- Removed useless parameters from the panel (tap, br and localInf) +- Added a stop script (k20openvpn-bridge) +- panel renamed to openvpn-bridge for futur compatibility + +%prep + +%setup -q -n %{name}-%{version} + +rm -rf root/usr/sbin/systemd/ +rm -rf root/var/service/ + +%build +perl createlinks + +%{__mkdir_p} root/etc/openvpn/bridge/ccd +%{__mkdir_p} root/etc/openvpn/bridge/priv +%{__mkdir_p} root/etc/openvpn/bridge/pub +%{__mkdir_p} root/etc/openvpn/bridge/etc +%{__mkdir_p} root/etc/openvpn/bridge/tmp +%{__mkdir_p} root/etc/openvpn/bridge/dev +%{__mkdir_p} root/var/log/openvpn-bridge + +%install +/bin/rm -rf $RPM_BUILD_ROOT +(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT) +/bin/rm -f %{name}-%{version}-filelist +/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ + --dir /var/log/openvpn-bridge 'attr(0750,root,root)' \ + --dir /etc/openvpn/bridge/pub 'attr(0755,root,root)' \ + --dir /etc/openvpn/bridge/priv 'attr(0750,root,root)' \ + --dir /etc/openvpn/bridge/ccd 'attr(0755,root,root)' \ + --dir /etc/openvpn/bridge/etc 'attr(0755,root,root)' \ + --dir /etc/openvpn/bridge/tmp 'attr(0770,root,nobody)' \ + --file /usr/bin/ovpn-bridge-update-crl 'attr(0750,root,root)' \ + > %{name}-%{version}-filelist + +%files -f %{name}-%{version}-filelist +%defattr(-,root,root) + +%clean +rm -rf $RPM_BUILD_ROOT + +%post +if [ \! -c /etc/openvpn/bridge/dev/urandom ]; then + mknod -m 0444 /etc/openvpn/bridge/dev/urandom c 1 9 +fi + +%preun