smecontribs/smeserver-openvpn-s2s
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit of file from CVS for smeserver-openvpn-s2s on Sat Sep 7 19:57:57 AEST 2024

Browse Source
This commit is contained in:
Trevor Batley 2024-09-07 19:57:57 +10:00
parent 8855fbff54
commit 59fbb967a2
61 changed files with 10315 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
*.rpm
*.log
*spec-20*
*.tar.xz

21
Makefile Normal file
View File

@ -0,0 +1,21 @@
# Makefile for source rpm: smeserver-openvpn-s2s
# $Id: Makefile,v 1.1 2021/02/04 16:21:23 brianr Exp $
NAME := smeserver-openvpn-s2s
SPECFILE = $(firstword $(wildcard *.spec))
define find-makefile-common
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
endef
MAKEFILE_COMMON := $(shell $(find-makefile-common))
ifeq ($(MAKEFILE_COMMON),)
# attept a checkout
define checkout-makefile-common
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
endef
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
endif
include $(MAKEFILE_COMMON)

16
README.md
View File

@ -1,3 +1,15 @@
# smeserver-openvpn-s2s
# <img src="https://www.koozali.org/images/koozali/Logo/Png/Koozali_logo_2016.png" width="25%" vertical="auto" style="vertical-align:bottom"> smeserver-openvpn-s2s
SMEServer Koozali developed git repo for smeserver-openvpn-s2s smecontribs
SMEServer Koozali developed git repo for smeserver-openvpn-s2s smecontribs
## Wiki
<br />https://wiki.koozali.org/
## Bugzilla
Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-openvpn-s2s&product=SME%20Contribs&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
## Description
<br />*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.*
*Once it has been checked, then this comment will be deleted*
<br />

1
contriborbase Normal file
View File

@ -0,0 +1 @@
contribs10

53
createlinks Normal file
View File

@ -0,0 +1,53 @@
#!/usr/bin/perl -w
use esmith::Build::CreateLinks qw(:all);
safe_symlink("restart", "root/etc/e-smith/events/openvpn-s2s-update/services2adjust/openvpn-s2s");
safe_symlink("adjust", "root/etc/e-smith/events/openvpn-s2s-update/services2adjust/masq");
event_link("openvpn-s2s-onelink", "openvpn-s2s-update-one", "50");
event_link("openvpn-s2s-delete-networks", "openvpn-s2s-update", "10");
event_link("openvpn-s2s-genconf", "openvpn-s2s-update", "20");
event_link("openvpn-s2s-update-crl", "openvpn-s2s-update", "30");
event_link("openvpn-s2s-genconf", "bootstrap-console-save", "80");
event_link("openvpn-s2s-jail", "bootstrap-console-save", "03");
event_link("openvpn-s2s-jail", "openvpn-s2s-update", "03");
templates2events("/etc/rc.d/init.d/masq", qw/openvpn-s2s-update/);
templates2events("/etc/crontab", qw/openvpn-s2s-update/);
panel_link("openvpns2s", 'manager');
# our event specific for updating with yum without reboot
$event = "smeserver-openvpn-s2s-update";
#add here the path to your templates needed to expand
#see the /etc/systemd/system-preset/49-koozali.preset should be present for systemd integration on all you yum update event
foreach my $file (qw(
/etc/systemd/system-preset/49-koozali.preset
/etc/rc.d/init.d/masq
/etc/crontab
))
{
templates2events( $file, $event );
}
#action needed in case we have a systemd unit
event_link("systemd-default", $event, "10");
event_link("systemd-reload", $event, "50");
#action specific to this package
event_link("openvpn-s2s-jail", $event, "03");
event_link("openvpn-s2s-update", $event, "60");
#services we need to restart
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/openvpn-s2s");
use esmith::Build::Backup qw(:all);
backup_includes("smeserver-openvpn-s2s", qw(
/etc/openvpn/s2s/priv
/etc/openvpn/s2s/pub
/var/log/openvpn-s2s
));

1
root/etc/e-smith/db/configuration/defaults/openvpn-s2s/access Normal file
View File

@ -0,0 +1 @@
public

1
root/etc/e-smith/db/configuration/defaults/openvpn-s2s/status Normal file
View File

@ -0,0 +1 @@
enabled

1
root/etc/e-smith/db/configuration/defaults/openvpn-s2s/type Normal file
View File

@ -0,0 +1 @@
service

0
root/etc/e-smith/db/configuration/migrate/.gitignore vendored Normal file
View File

0
root/etc/e-smith/db/openvpn-s2s/migrate/.gitignore vendored Normal file
View File

55
root/etc/e-smith/events/actions/openvpn-s2s-delete-networks Normal file
View File

@ -0,0 +1,55 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2010 Firewall Services
# Daniel Berteaud <daniel@firewall-services.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#----------------------------------------------------------------------
use strict;
use esmith::ConfigDB;
use esmith::NetworksDB;
use esmith::event;
my $db = esmith::NetworksDB->open || die "Couldn't open netwoks db\n";
my $ovpndb = esmith::ConfigDB->open_ro('openvpn-s2s') || die "Couldn't open openvpn-s2s db\n";
my @nets = $db->networks;
my @vpnnets = ();
my $vpnnet;
# buils a list of network used by a VPN daemon
foreach my $vpn ($ovpndb->get_all_by_prop(type=>'server'),
$ovpndb->get_all_by_prop(type=>'client')){
foreach (split(/[;,]/,($vpn->prop('RemoteNetworks') || ''))){
my ($vpnnet,undef) = split(/\//, $_);
push @vpnnets, $vpnnet;
}
push @vpnnets, $vpn->prop('RemoteIP');
}
foreach my $net (@nets){
my $key = $net->key;
my $vpn = $db->get_prop($key,"VPN") || '';
if ($vpn ne ''){
unless (grep{ $_ eq $key} @vpnnets){
$db->set_prop($key, type=>'network-deleted');
event_signal("network-delete","$key");
$db->get($key)->delete;
}
}
}

49
root/etc/e-smith/events/actions/openvpn-s2s-genconf Normal file
View File

@ -0,0 +1,49 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2010 Firewall Services
# Daniel Berteaud <daniel@firewall-services.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#----------------------------------------------------------------------
use strict;
use esmith::templates;
use esmith::ConfigDB;
my $db = esmith::ConfigDB->open_ro("openvpn-s2s");
my @clients = $db->get_all_by_prop(type=>'client');
my @servers = $db->get_all_by_prop(type=>'server');
# Remove all the configuration files
unlink </etc/openvpn/s2s/*.conf>;
# And status files
unlink </etc/openvpn/s2s/*-status.txt>;
foreach my $conf (@servers,@clients){
my $key = $conf->key;
my $status = $conf->prop('status') || 'disabled';
if ($status eq 'enabled'){
processTemplate(
{
TEMPLATE_PATH => "/etc/openvpn/s2s/openvpn-s2s.conf",
MORE_DATA => {DB_KEY=>$key},
OUTPUT_FILENAME => "/etc/openvpn/s2s/$key.conf",
});
}
}

7
root/etc/e-smith/events/actions/openvpn-s2s-jail Normal file
View File

@ -0,0 +1,7 @@
#!/bin/bash
#copy any files needed for the jail
#be sure we have the needed timezone
/bin/cp -L /etc/localtime /etc/openvpn/s2s/etc

60
root/etc/e-smith/events/actions/openvpn-s2s-onelink Normal file
View File

@ -0,0 +1,60 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2010 Firewall Services
# Daniel Berteaud <daniel@firewall-services.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#----------------------------------------------------------------------
use strict;
use esmith::templates;
use esmith::ConfigDB;
my $event = $ARGV [0];
my $vpn = $ARGV [1];
my $lock="/var/lock/subsys/openvpn-s2s";
my $piddir="/var/run/openvpn-s2s";
die "missing vpn name" unless defined $vpn;
my $db = esmith::ConfigDB->open_ro("openvpn-s2s");
my $conf = $db->get($vpn) or die "unknown site to site vpn";
my $key = $conf->key;
my $status = $conf->prop('status') || 'disabled';
if ($status eq 'enabled'){
processTemplate(
{
TEMPLATE_PATH => "/etc/openvpn/s2s/openvpn-s2s.conf",
MORE_DATA => {DB_KEY=>$key},
OUTPUT_FILENAME => "/etc/openvpn/s2s/$key.conf",
});
if ( -f $lock ) {
my $pidf = "$piddir/$key.pid";
if ( -f $pidf ) {
my $pid=`cat $pidf`;
kill 'USR1', $pid || exit 1 ;
exit 0;
}
}
else {
print "openvpn: service not started";
exit 1
}
}

34
root/etc/e-smith/events/actions/openvpn-s2s-update-crl Normal file
View File

@ -0,0 +1,34 @@
#!/bin/bash
DOMAIN=$(/sbin/e-smith/db configuration get DomainName)
for VPN in $(/sbin/e-smith/db openvpn-s2s keys); do
URL=$(/sbin/e-smith/db openvpn-s2s getprop $VPN CrlUrl)
AUTH=$(/sbin/e-smith/db openvpn-s2s getprop $VPN Authentication)
if [ ! -z "$URL" -a "$AUTH" == 'TLS' ]; then
/usr/bin/wget --timeout=5 $URL -O /tmp/cacrl.pem > /dev/null 2>&1
/usr/bin/openssl crl -inform PEM -in /tmp/cacrl.pem -text > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
/bin/mv -f /tmp/cacrl.pem /etc/openvpn/s2s/pub/"$VPN"_cacrl.pem > /dev/null 2>&1
else
cat > /tmp/crlmail <<END
An error occured while updating the CRL for the VPN ID $VPN
because openssl didn't recognize the file as a valid CRL.
Below is the copy of the latest CRL downloaded from
$URL
END
cat /tmp/cacrl.pem >> /tmp/crlmail
mail -s 'CRL update failed' admin@$DOMAIN < /tmp/crlmail
fi
rm -f /tmp/cacrl.pem
rm -f /tmp/crlmail
fi
done

314
root/etc/e-smith/locale/bg/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="bg">
<entry>
<base>FORM_TITLE</base>
<trans>Конфигурация на Site to Site OpenVPN</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[Тази страница Ви позволява да управлявате site to site OpenVPN тунелите.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>Списък на клиентски демон</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Добави нов клиент</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>Списък с демоните на сървъра</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Добави нов сървър</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>Тази страница Ви позволява да конфигурирате нов демон, действащ като клиент</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Въведете описание на този демон</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Описание</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Включване и изключване на демона</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Състояние</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Изберете механизма за автентикация.<br> Споделен ключ е лесно да се конфигурира, защото не е нужно да създавате и управлявате PKI. Трябва само да създадете таен ключ и да го конфигурирате от двете страни.<br> TLS автентикацията е малко по-трудна за конфигуриране, защото ще трябва да управлявате PKI, но предоставя по-добро ниво на сигурност (подобно на Perfect Forward Secrecy).<br> Ако не Ви трябва допълнителното ниво на сигурност, осигурявано от TLS, изберете Shared Key тук.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Механизъм за автентикация</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Споделен ключ</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>Тази страница Ви позволява да конфигурирате автентикацията за този демон</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>Можете да въведете URL, където може да бъде намерен CRL. Вашият SME Server ще актуализира CRL всеки час и ще проверява дали сертификатите на отдалечените точки не са вече невалидни. Ако не искате да използвате CRL проверки оставете това поле празно.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>URL адрес за актуализация на CRL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Въведете сертификат на издателя във формат pem</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Сертификат на издателя</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Въведете сертификата във формат pem</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Въведете сертификата във формат pem</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Въведете име или IP адрес на отдалечения хост</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Въведете частния ключ във формат pem</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Частен ключ</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Въведете параметрите на Diffie-Hellman</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>параметри на Diffie-Hellman</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Отдалечен хост</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Въведете порта, използван от отдалечения сървър</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Отдалечен порт</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Въведете тук IP адреса, използван от тунела на този хост. Трябва да изберете IP адрес извън всички локални мрежи. Локалния и отдалечения IP адреси трябва да са обърнати между клиента и сървъра. напр.<br> От страна на сървъра, сте конфигурирали локален IP адрес: 10.2.0.1 и отдалечен IP адрес: 10.2.0.2<br> При клиента, трябва да конфигурирате локален IP адрес: 10.2.0.2 и отдалечен IP адрес: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Локален виртуален IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Въведете тук IP, използван от тунела на отдалечения хост.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Отдалечен виртуален IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Въведете тук мрежите достигани през отдалечения хост. Например, 192.168.25.0/255.255.255.0. Можете да въведете повече мрежи, разделени със запетая. Поддържат се до 20 мрежи. Комуникацията с тези мрежи ще бъде тунелирана през VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Отдалечени мрежи</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Въведете тайния ключ. Можете да създадете ключове като използвате тази команда: openvpn --genkey --secret /dev/stdout<br> Този ключ трябва да бъде пазен в тайна, и да бъде слаган само на клиента и сървъра. Трябва да използвате различни тайни ключове за всяка двойка клиент/сървър.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[Можете да въведете тук опционален таен ключ.<br> Той ще предостави допълнително ниво на сигурност на сървъра.<br> Можете да създадете ключове чрез тази команда: openvpn --genkey --secret /dev/stdout<br> Този ключ трябва да бъде пазен в тайна, и да бъде слаган само на клиента и сървъра.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Споделен ключ</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>Тази страница позволява да конфигурирате нов демон, действащ като сървър</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Въведете локалния порт на който демона ще работи. Трябва да изберете свободен порт (който не се ползва от друг сървър или някоя друга услуга)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Локален порт</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[Ще премахнете конфигурацията на този демон. Всички мрежи маршрутизирани през него няма да са достъпни вече.<br> Сигурни ли сте че искате да продължите?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Друг демон вече използва това име</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>Възникна грешка при отваряне на файла с тайния ключ</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>ID на демона</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>Няма конфигуриране демони все още.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>промени</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>статус</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>премахни</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Въведете уникален идентификатор на тази конфигурация. Това поле трябва да съдържа само малки букви, цифри, точки, тирета и долни черти, и трябва да започва с малка буква.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Невалидни данни, моля проверете всички полета отново</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>Това не е валиден списък от мрежи</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>Една от тези мрежи вече е в списъка с локални мрежи</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} съдържа невалидни символи</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>Това не е валиден номер на порт</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>Този номер на порт вече се използва от друга услуга</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>Това не е валиден IP адрес във формат x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>Този IP адрес вече се използва</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>Не можете да използвате IP в тази мрежа, защото е резервиран</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>Този IP адрес е част от една от локалните Ви мрежи</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Несигурен параметър</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Предложена стойност</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>По подразбиране</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Надолу</trans>
</entry>
<entry>
<base>UP</base>
<trans>Нагоре</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN връзките са презаредени успешно</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Наистина ли искате да презаредите тази VPN връзка?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>презареждане</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC е част от кодирането на канала за данни на openvpn (където пътуват данните) след кодирането със шифъра. Стандартен е несигурния SHA1, предлагаме Ви да ползват поне SHA256. Тази настройка трябва да е еднаква на сървъра и клиента</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC aлгоритъм</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>Шифърът, използван за канала с данни за openvpn. Стандартно се използва несигурния алгоритъм BlowFish. Предлагаме Ви да ползвате AES-128-CBC или по-висок. Тази настройка трябва да е еднаква за сървъра и клиента.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Алгоритъм на шифъра за кодиране</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>Изходящ SNAT може да бъде включен или изключен (по подразбиране е включен). Когато е включен връзките инициирани от самия сървър ще бъдат SNAT-вани, така че ще се изглежда че идват от вътрешно IP. Ако е изключено връзките от самия сървър ще имат виртуалния IP адрес за източник.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>Изходящ SNAT</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Шифър</trans>
</entry>
<entry>
<base>LINK</base>
<trans>Състояние на връзката</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/da/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="da">
<entry>
<base>FORM_TITLE</base>
<trans>Konfiguration af OpenVPN fra sted til sted</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[På denne side kan du administrere Open VPN sted til sted tunneller.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>Liste over klient deamons</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Tilføj en ny klient</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>Liste over serverens deamons</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Tilføj en ny server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>På denne side kan du konfigurere en ny deamon som klient</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Indtast en beskrivelse af denne deamon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Beskrivelse</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Aktiver eller deaktiver denne deamon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Status</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Vælg verifikationsmetode.<br>Shared Key er let at konfigurere, fordi du ikke behøver at oprette og administrere en PKI. Du skal blot oprette en hemmelig nøgle, og konfigurere den begge steder.<br> TLS-godkendelse er en smule sværere at konfigurere, fordi du bliver nødt til at administrere en PKI, men den giver en bedre sikkerhed (som Perfect Forward Secrecy). <br>Hvis du er ligeglad med den ekstra sikkerhed, som TLS giver, bør du vælge Shared Key.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Verifikationsmetode</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Delt nøgle</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>På denne side kan du konfigurere verifikationsmetoden for denne deamon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>Du kan indtaste en URL, hvor CRL kan findes. Din SME Server vil opdatere CRL hver time og kontrollere om certifikatet på det eksterne punkt er tilbagekaldt. Hvis du ikke ønsker at benytte CRL verifikation, så lad feltet være tomt.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL opdater URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Indtast det alternative certifikat i pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Autoriseret certifikat</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Indtast certifikatet i pem format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Indtast certifikatet i pem format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Skriv værtsnavn eller IP-adresse for fjernværten</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Indtast den private nøgle i PEM format</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Privat nøgle</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Indtast Diffie-Hellman parametre</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Helmann parametre</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Fjern vært</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Indtast den port som den fjerne vært bruger</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Fjern port</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Her indtastes det IP nummer som tunellen bruger på denne vært. Du bør vælge et IP nummer udenfor det lokale netværk. Det lokale og det fjerne IP nummer bør være omvendt mellem klient og vært. Eksempel.: <br> På serversiden konfigurerer du lokal IP således: 10.2.0.1 og fjern IP: 10.2.0.2<br>På klientsiden, konfigurer du lokal IP: 10.2.0.2 og fjern IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Lokalt virtuelt IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Indtast IP nummer for fjern værten, som tunellen bruger.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Fjern virtuel IP nummer</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Indtast her netværk som kan tilgås via fjern vært. F.eks.: 192.168.25.0/255.255.255.0. Du kan indtaste flere netværk adskilt med et komma. Op til 20 net understøttes. Kommunikation til disse netværk vil ske gennem VPN tunneller.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Fjern netværk</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Indtast den hemmelige nøgle. Du kan oprette nøgler med denne kommando:openvpn --genkey --secret /dev/stdout<br> Denne nøgle skal holdes hemmelig, og kun opbevares hos klienten og serveren. Du bør bruge forskellige hemmelige nøgler til hver klient/server par.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[Her kan du indtaste en valgfri hemmelig nøgle.<br> Det vil give et ekstra sikkerhedslag til din server.<br> Du kan oprette nøgler med denne kommando: openvpn --genkey --secret /dev/stdout<br> Denne nøgle skal holdes hemmelig, og kun gemmens hos klient og server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Delt nøgle</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>På denne side kan du konfigurere en ny deamon til at fungere som en server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Indtast den lokale port som denne deamon skal benytte. Du skal vælge en ledig port (som ikke allerede benyttes af en anden server, eller en anden service)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Lokal port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[Du er ved at fjerne konfigurationen af denne deamon. Alle netværk som er routed herigennem vil ikke være tilgængelige mere.<br> Er du sikker på, du ønsker at fortsætte?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Navnet er allerede brugt til en anden deamon</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>Der opstod en fejl ved åbning af den hemmelige nøglefil</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Deamon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>Der er endnu ikke konfigureret en deamon.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modificer</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>fjern</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Indtast en entydig identifikation for denne konfiguration. brug kun små bogstaver, tal, kommaer, bindestreger og understregning, og start med en lille bogstav.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Invalide data, kontroller alle felter igen</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>Det er ikke en gyldig netværksliste</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>Et af netværkene er allerede i dit lokale netværk</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} indeholder ugyldige tegn</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>Det er ikke et gyldigt port nummer</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>Denne port er allerede i brug af en anden service</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>Det er ikke en gyldig IP adresse i formen x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>Denne IP adresse er allerede blevet brugt</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>Du kan ikke bruge et IP nummer i dette netværk fordi det er reserveret</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>IP adressen er en del af dine lokale netværk</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>parameter</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Nuværende værdi</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>standard</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Hent</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Ønsker du at sende denne besked til</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>indlæs</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>algoritme</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>Status på Mailman</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/de/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="de">
<entry>
<base>FORM_TITLE</base>
<trans>Site-to-Site OpenVPN-Konfiguration</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[ Auf dieser Seite können Sie Site-to-Site OpenVPN-Tunnel verwalten.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>Liste der Client Daemons</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Neuen Client hinzufügen</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>Liste der Server Daemons</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>entfernen</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>Auf dieser Seite können Sie einen neuen Dämon konfigurieren der als Client dient</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Geben Sie eine Beschreibung für diesen Dämon an</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Beschreibung</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Diesen Dämon aktivieren oder deaktivieren</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Status</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[ Wählen Sie einen Authentifizierungsmechanismus aus.<br> Shared Key ist einfach zu konfigurieren, da Sie hierfür keine PKI erstellen und verwalten müssen. Sie müssen lediglich einen geheimen Schlüssel erzeugen und diesen auf beiden Seiten der Verbindung hinterlegen.<br> TLS-Authentifizierung ist ein wenig schwieriger zu konfigurieren, da Sie dazu eine PKI einrichten müssen. Sie bietet aber eine höhere Sicherheitsstufe (vergleichbar Perfect Forward Secrecy).<br> Wenn Sie auf die zusätzliche Sicherheit durch TLS keinen Wert legen sollten Sie hier "Shared Key" auswählen. ]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authentifizierungsmechanismus</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Öffentlicher Schlüssel</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>Auf dieser Seite können Sie die Authentifizierung dieses Dämons konfigurieren</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>Sie können eine URL angeben unter der die CRL erreichbar ist. Ihr SME-Server wird die CRL einmal pro Stunde aktualisieren und überprüfen, ob das Zertifikat des entfernten Endpoints nicht zurückgezogen wurde (revoke). Wenn Sie keine CRL-Verifikation verwenden wollen lassen Sie dieses Feld einfach leer.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>URL für CRL-Update</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Geben Sie das authoritative Zertifikat im PEM-Format ein</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritatives Zertifikat</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Geben Sie das Zertifikat im PEM-Format ein</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Geben Sie das Zertifikat im PEM-Format ein</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Geben Sie den Hostnamen oder die IP-Adresse des entfernten Rechners an</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Geben Sie den privaten Schlüssel im PEM-Format an</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Privater Schlüssel</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Geben Sie die Diffie-Hellman-Parameter an</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman-Parameter</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Entfernter Rechner</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Geben Sie den Port an, den der entfernte Server verwendet</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Entfernter Port</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[ Geben Sie hier die IP an, die der Tunnel auf diesem Rechner verwendet. Sie sollten eine IP ausserhalb aller Ihrer lokalen Netzwerke verwenden. Lokale und entfernte IP sollten zwischen Client und Server wechselseitig umgekehrt verwendet werden, z.B.:<br> Serverseitig konfigurieren Sie die lokalel IP: 10.2.0.1 und die entfernte IP: 10.2.0.2<br> Clientseitig müssen Sie dann die lokale IP: 10.2.0.2 und die entfernte IP: 10.2.0.1 konfigurieren.<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Lokale virtuelle IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Geben Sie hier die IP an, die der Tunnel auf dem entfernten Rechner verwendet.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Entfernte virtuelle IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Geben Sie hier die Netzwerke an, die durch den entfernten Rechner erreichbar sind, z.B. 192.168.25.0/255.255.255.0. Sie können mehrere Netzwerke angeben, die durch jeweils ein Komma voneinander getrennt sind. Bis zu 20 Netzwerke werden unterstützt. Die Kommunikation mit diesen Netzwerken wird durch die VPN-Verbindung getunnelt.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Entfernte Netzwerke</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[ Geben Sie den geheimen Schlüssel an. Sie können Schlüssel mit folgendem Befehl erzeugen: openvpn --genkey --secret /dev/stdout<br> Dieser Schlüssel sollte geheim gehalten werden und nur auf dem Client und dem Server gespeichert sein. Sie sollten unterschiedliche Schlüssel für jedes Client-Server-Paar verwenden. ]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[ Sie können hier einen optionalen geheimen Schlüssel angeben.<br> Dieser bietet einen zusätzlichen Sicherheits-Layer für Ihren Server.<br> Sie können Schlüssel mittels folgendem Befehl erzeugen: openvpn --genkey --secret /dev/stdout<br> Dieser Schlüssel sollte geheim gehalten werden und nur auf dem Client und dem Server gespeichert sein. ]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Öffentlicher Schlüssel</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>Auf dieser Seite können Sie einen neuen Dämon konfigurieren, der als Server dient</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Geben Sie den lokalen Port an, auf dem dieser Dämon erreichbar ist. Sie müssen einen freien Port angeben, der nicht bereits von einem anderen Server oder Dienst verwendet wird.</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Lokaler Port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[ Sie sind dabei die Konfiguration dieses Dämons zu entfernen. Alle Netze die über diesen Dämon geroutet werden sind anschließend nicht mehr erreichbar.<br> Sind Sie sicher, dass Sie fortfahren wollen?<br> ]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Ein anderer Dämon verwendet bereits diesen Namen</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>Beim Öffnen der geheimen Schlüsseldatei ist ein Fehler aufgetreten</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>ID des Dämons</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[ <br>Es ist noch kein Dämon konfiguriert. ]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>ändern</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>Status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>entfernen</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Geben Sie einen eindeutigen Bezeichner für diese Konfiguration an. Dieses Feld sollte ausschließlich Kleinbuchstaben, Zahlen, Punkte, Bindestriche und Unterstriche enthalten und mit einem Kleinbuchstaben beginnen.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Ungültige Daten, bitte überprüfen Sie nochmals alle Felder</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>Dies ist keine gültige Liste von Netzwerken</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>Eines dieser Netzwerke ist bereits eines Ihrer lokalen Netzwerke</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} enthält ungültige Zeichen</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>Dies ist keine gültige Port-Nummer</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>Diese Port-Nummer wird bereits von einem anderen Dienst verwendet</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>Dies ist keine gültige IP-Adresse in der Form x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>Diese IP-Adresse wird bereits verwendet</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>Sie können keine IP-Adresse in diesem Netzwerksegment verwenden weil dieses reserviert ist.</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>Diese IP-Adresse gehört zu einem Ihrer lokalen Netzwerke</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Parameter</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Aktueller Wert</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Fehler</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Herunterladen</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Möchten Sie diese Nachricht senden an</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>laden</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>Algorithmus</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Peripheriegerät</trans>
</entry>
<entry>
<base>LINK</base>
<trans>Anmeldestatus</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/el/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="el">
<entry>
<base>FORM_TITLE</base>
<trans>Site to Site OpenVPN Configuration</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>List of clients daemon</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Add a new client</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>List of servers daemon</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Add a new server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>This page lets you configure a new daemon acting as a client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Enter a description for this daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Περιγραφή</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Enable or disable this daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Status</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authentication mechanism</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>This page lets you configure the authentication of this daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use the CRL verification , just let this field emtpy.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL update URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Enter the authoritative certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritative certificate</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Enter the hostname or IP address of the remote host</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Enter the private key in pem format</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Private key</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Enter Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Remote host</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Enter the port the remote server uses</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Remote port</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Local virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Enter here the IP used by the tunnel on the remote host.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Remote virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0. You can enter multiple networks separated with a comma. Up to 20 networks are supported. Communication with these networks will be tunnelled through the VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Remote networks</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>This page lets you configure a new daemon acting as a server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Enter the local port this daemon will bind to. You need to choose a free port (not already used by another server, or any other service)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Local port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Another daemon already use this name</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>An error occured opening the secret key file</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Daemon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modify</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>remove</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Enter a unique identifier for this configuration. This field should contain only lower-case letters, numbers, periods, hyphens and underscores, and should start with a lower-case letter.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Invalid data, please check all the fileds again</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>This is not a valid list of networks</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>One of this network is already in your local networks</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contains invalid characters</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>This is not a valid port number</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>This port number is already used by another service</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>This is not a valid IP address in the form x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>This IP address is already used</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>You can't use an IP in this network because it's reserved</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>This IP address is part of one of your local networks</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Insecure parameter</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Τρέχουσα τιμή</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Προεπιλογή</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Λήψη</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>Ανέβασμα</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>Κατάσταση σύνδεσης</trans>
</entry>
</lexicon>

355
root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,355 @@
<lexicon lang="en-us">
<entry>
<base>FORM_TITLE</base>
<trans>Site to Site OpenVPN Configuration</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>List of clients daemon</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Add a new client</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>List of servers daemon</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Add a new server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>This page lets you configure a new daemon acting as a client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Enter a description for this daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Description</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Enable or disable this daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Status</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans>
<![CDATA[Choose the authentication mechanism.<br>
Shared Key is simple to configure because you don't need to create and manage a PKI.
You just need to create a secret key, and configure it on both side.<br>
TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but
provide a better level of security (like the Perfect Forward Secrecy).<br>
If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]>
</trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authentication mechanism</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>This page lets you configure the authentication of this daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>
You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour
and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use
the CRL verification , just let this field emtpy.
</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL update URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Enter the authoritative certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritative certificate</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Enter the hostname or IP address of the remote host</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Enter the private key in pem format</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Private key</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Enter Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Remote host</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Enter the port the remote server uses</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Remote port</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans>
<![CDATA[Enter here the IP used by the tunnel on this host.
You should choose an IP outside of any local network.
Local and remote IP should be reversed between client and server. eg:<br>
On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br>
On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]>
</trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Local virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Enter here the IP used by the tunnel on the remote host.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Remote virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>
Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0.
You can enter multiple networks separated with a comma. Up to 20 networks are supported.
Communication with these networks will be tunnelled through the VPN.
</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Remote networks</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans>
<![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br>
This key should be kept secret, and only be stored on the client and the server.
You should use different secret keys for each client/server pair.]]>
</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans>
<![CDATA[You can enter here a optional secret key.<br>
It will provide an extra security layer to your server.<br>
You can create keys using this command: openvpn --genkey --secret /dev/stdout<br>
This key should be kept secret, and only be stored on the client and the server.]]>
</trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>This page lets you configure a new daemon acting as a server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>
Enter the local port this daemon will bind to. You need to choose a free port
(not already used by another server, or any other service)
</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Local port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans>
<![CDATA[You are about to remove the configuration of this daemon.
All the networks routed through it won't be accessible anymore.<br>
Are you sure you want to continue ?<br>]]>
</trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Another daemon already use this name</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>An error occured opening the secret key file</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Daemon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modify</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>remove</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>
Enter a unique identifier for this configuration. This field should contain only lower-case
letters, numbers, periods, hyphens and underscores, and
should start with a lower-case letter.
</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Invalid data, please check all the fileds again</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>This is not a valid list of networks</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>One of this network is already in your local networks</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contains invalid characters</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>This is not a valid port number</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>This port number is already used by another service</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>This is not a valid IP address in the form x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>This IP address is already used</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>You can't use an IP in this network because it's reserved</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>This IP address is part of one of your local networks</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Insecure parameter</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Suggested value</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Default</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Down</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>reload</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>Link status</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/es/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="es">
<entry>
<base>FORM_TITLE</base>
<trans>Site to Site OpenVPN Configuration</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>List of clients daemon</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Add a new client</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>List of servers daemon</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Add a new server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>This page lets you configure a new daemon acting as a client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Enter a description for this daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Descripción</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Enable or disable this daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Estado</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authentication mechanism</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>This page lets you configure the authentication of this daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use the CRL verification , just let this field emtpy.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL update URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Enter the authoritative certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritative certificate</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Enter the hostname or IP address of the remote host</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Enter the private key in pem format</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Clave privada</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Enter Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Remote host</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Enter the port the remote server uses</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Remote port</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Local virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Enter here the IP used by the tunnel on the remote host.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Remote virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0. You can enter multiple networks separated with a comma. Up to 20 networks are supported. Communication with these networks will be tunnelled through the VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Remote networks</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>This page lets you configure a new daemon acting as a server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Enter the local port this daemon will bind to. You need to choose a free port (not already used by another server, or any other service)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Local port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Another daemon already use this name</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>An error occured opening the secret key file</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Daemon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modificar</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>eliminar</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Enter a unique identifier for this configuration. This field should contain only lower-case letters, numbers, periods, hyphens and underscores, and should start with a lower-case letter.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Invalid data, please check all the fileds again</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>This is not a valid list of networks</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>One of this network is already in your local networks</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contains invalid characters</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>This is not a valid port number</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>This port number is already used by another service</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>This is not a valid IP address in the form x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>This IP address is already used</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>You can't use an IP in this network because it's reserved</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>This IP address is part of one of your local networks</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>parámetro</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Valor actual</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Predeterminado</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Descargar</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>cargar</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>algoritmo</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>periférico</trans>
</entry>
<entry>
<base>LINK</base>
<trans>estado de la sesión</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/et/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="et">
<entry>
<base>FORM_TITLE</base>
<trans>Site to Site OpenVPN Configuration</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>List of clients daemon</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Add a new client</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>List of servers daemon</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Add a new server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>This page lets you configure a new daemon acting as a client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Enter a description for this daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Kirjeldus</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Enable or disable this daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Olek</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authentication mechanism</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>This page lets you configure the authentication of this daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use the CRL verification , just let this field emtpy.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL update URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Enter the authoritative certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritative certificate</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Enter the hostname or IP address of the remote host</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Enter the private key in pem format</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Private key</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Enter Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Remote host</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Enter the port the remote server uses</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Remote port</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Local virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Enter here the IP used by the tunnel on the remote host.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Remote virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0. You can enter multiple networks separated with a comma. Up to 20 networks are supported. Communication with these networks will be tunnelled through the VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Remote networks</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>This page lets you configure a new daemon acting as a server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Enter the local port this daemon will bind to. You need to choose a free port (not already used by another server, or any other service)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Local port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Another daemon already use this name</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>An error occured opening the secret key file</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Daemon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modify</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>remove</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Enter a unique identifier for this configuration. This field should contain only lower-case letters, numbers, periods, hyphens and underscores, and should start with a lower-case letter.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Invalid data, please check all the fileds again</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>This is not a valid list of networks</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>One of this network is already in your local networks</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contains invalid characters</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>This is not a valid port number</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>This port number is already used by another service</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>This is not a valid IP address in the form x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>This IP address is already used</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>You can't use an IP in this network because it's reserved</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>This IP address is part of one of your local networks</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Insecure parameter</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Hetke väärtus</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Vaikimisi</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Allalaadimine</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>reload</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>logimise staatus</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/fr/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="fr">
<entry>
<base>FORM_TITLE</base>
<trans>Configuration d'OpenVPN en site à site</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[Cette page vous permet de gérer les tunnels OpenVPN site à site.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>Liste des démons en mode client</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Ajouter un nouveau client</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>Liste des démons en mode serveur</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Ajouter un nouveau serveur</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>Cette page vous permet de configurer un démon en mode client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Entrez une description pour ce démon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Description</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Activez ou désactivez ce démon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>État</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choisissez le mécanisme d'authentification.<br> La méthode par clef partagée est simple à mettre en place car vous n'avez pas besoin de créer et gérer une PKI. Il vous suffit de créer une clef secrète, et de la configurer sur le serveur et le client.<br> L'authentification TLS est un peu plus compliquée à mettre en place, car vous aurez besoin de gérer une PKI, mais fournit un meilleur niveau de sécurité (comme le principe du Perfect Forward Secrecy).<br> Si vous ne vous souciez pas de la sécurité additionnelle fournit par l'authentification TLS, vous devriez choisir ici la méthode par clef partagée.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Mécanisme d'authentification</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Clef partagée</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>Cette page vous permet de configurer la méthode d'authentification de ce démon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>Vous pouvez entrer une URL où la CRL peut être téléchargée. Votre serveur mettra à jour cette CRL toutes les heures et vérifiera si le certificat de l'hôte distant n'est pas révoqué. Si vous ne voulez pas utiliser de vérification par CRL, vous pouvez laisser ce champs vide.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>URL de mise à jour de la CRL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Copiez le certificat autoritaire au format pem</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Certificat autoritaire</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Entrez le certificat au format pem</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Entrez le certificat au format pem</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Nom d'hôte ou adresse IP de l'hôte distant</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Copiez ici la clef privée au format pem</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Clef privée</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Copiez ici les paramètres Diffie-Hellman</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Paramètres Diffie-Hellman</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Hôte distant</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Entrez le port utilisé par le serveur distant</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Port distant</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Entrez ici l'IP utilisée par le tunnel sur cet hôte. Vous devez choisir une IP en dehors de vos réseaux locaux. Les adresses IP locale et distante doivent être inversées entre le client et le serveur. Exemple :<br>sur le serveur, vous choisissez 10.2.0.1 pour l'IP locale et 10.2.0.2 pour l'IP distante<br>Sur le client, vous devrez utiliser 10.2.0.2 comme IP locale et 10.2.0.1 comme IP distante<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>IP locale virtuelle</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Entrez ici l'IP utilisée par le tunnel sur l'hôte distant</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>IP distante virtuelle</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Entrez ici les réseaux accessibles à travers l'hôte distant. Exemple: 192.168.25.0/255.255.255.0. Vous pouvez entrer plusieurs réseaux séparés par une virgule. Un maximum de 20 réseaux est supporté. Les échanges avec ces réseaux seront encapsulés dans le VPN</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Réseaux distants</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Entrez la clef secrète. Vous pouvez en créer avec la commande : openvpn --genkey --secret /dev/stdout<br> Cette clef doit être maintenue secrète, et ne devrait être stockée que sur le client et le serveur. Vous devriez utiliser des clefs secrètes différentes pour chaque paire de client/serveur.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[Vous pouvez copier ici une clef secrète optionnelle.<br> Elle fournira une couche supplémentaire de sécurité à votre serveur.<br> Vous pouvez en créer avec la commande : openvpn --genkey --secret /dev/stdout<br> Cette clef doit être maintenue secrète, et ne devrait être stockée que sur le client et le serveur.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Clef partagée</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>Cette page vous permet de configurer un démon en mode serveur</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Entrez un numéro de port sur lequel ce démon sera à l'écoute. Vous devez choisir un port libre (non utilisé par un autre serveur, ou un autre service)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Port local</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[Vous êtes sur le point de supprimer la configuration de ce démon. Tous les réseaux distants utilisant ce démon ne seront plus accessibles.<br> Êtes-vous sûre de vouloir continuer ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Un autre démon utilise ce nom</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>Une erreur est survenue lors de l'ouverture de la clef secrète</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>ID du démon</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>Aucun démon n'est configuré pour l'instant.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modifier</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>statut</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>supprimer</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Entrez un identifiant unique pour cette configuration. Ce champs ne doit être composé que de lettres minuscules, de chiffres, de traits d'union, de points et de tirets-bas (_) et doit commencer par une lettre minuscule.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Donnée invalide, veuillez vérifier tout les champs</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>Ceci n'est pas une liste de réseaux valide</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>Un de ces réseaux est déjà dans la liste de vos réseaux locaux</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contient des caractères invalides</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>Ceci n'est pas un numéro de port valide</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>Ce numéro de port est déjà utilisé par un autre service</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>Ceci n'est pas une adresse IP valide de forme x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>Cette adresse IP est déjà utilisée</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>Vous ne pouvez pas choisir une adresse IP de ce réseau, car son usage est réservé</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>Cette adresse IP est membre d'un de vos réseaux locaux</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Paramètres non sécurisés</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Valeur suggérée</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Par défaut</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Hors ligne</trans>
</entry>
<entry>
<base>UP</base>
<trans>En ligne</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>Connexion VPN rechargée avec succès. </trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Voulez vous vraiment recharger cette connexion VPN? </trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>recharger</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC fait partie du cryptage du canal de données pour openvpn (où vos données voyagent) après cryptage avec le chiffrement. La valeur par défaut est le SHA1 non sécurisé, nous vous suggérons d'utiliser au moins SHA256. Ce paramètre doit correspondre à la fois sur le serveur et le client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>Algorithme HMAC</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>Le chiffrement(cipher) utilisé pour votre canal de données pour openvpn. La valeur par défaut est d'utiliser l'algorithme BlowFish non sécurisé. Nous vous suggérons l'AES-128-CBC ou supérieur. Ce paramètre doit correspondre à la fois sur le serveur et sur le client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher de l'algorithme de cryptage</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT sortant peut être activé ou désactivé (la valeur par défaut est activée). Lorsque activé, les connexions initiées par le serveur lui-même seront SNATées afin qu'elles semblent provenir de l'IP interne. Si elle est désactivée, les connexions du serveur lui-même auront l'IP virtuelle comme source. </trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT sortant</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>Statuts de la connexion</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/he/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="he">
<entry>
<base>FORM_TITLE</base>
<trans>Site to Site OpenVPN Configuration</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>List of clients daemon</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Add a new client</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>List of servers daemon</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Add a new server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>This page lets you configure a new daemon acting as a client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Enter a description for this daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>תיאור</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Enable or disable this daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>מצב</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authentication mechanism</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>This page lets you configure the authentication of this daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use the CRL verification , just let this field emtpy.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL update URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Enter the authoritative certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritative certificate</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Enter the hostname or IP address of the remote host</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Enter the private key in pem format</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Private key</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Enter Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Remote host</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Enter the port the remote server uses</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Remote port</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Local virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Enter here the IP used by the tunnel on the remote host.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Remote virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0. You can enter multiple networks separated with a comma. Up to 20 networks are supported. Communication with these networks will be tunnelled through the VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Remote networks</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>This page lets you configure a new daemon acting as a server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Enter the local port this daemon will bind to. You need to choose a free port (not already used by another server, or any other service)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Local port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Another daemon already use this name</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>An error occured opening the secret key file</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Daemon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modify</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>remove</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Enter a unique identifier for this configuration. This field should contain only lower-case letters, numbers, periods, hyphens and underscores, and should start with a lower-case letter.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Invalid data, please check all the fileds again</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>This is not a valid list of networks</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>One of this network is already in your local networks</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contains invalid characters</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>This is not a valid port number</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>This port number is already used by another service</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>This is not a valid IP address in the form x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>This IP address is already used</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>You can't use an IP in this network because it's reserved</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>This IP address is part of one of your local networks</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Insecure parameter</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>ערך נוכחי</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>ברירת מחדל</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Down</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>reload</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>מצב חיבור</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/hu/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="hu">
<entry>
<base>FORM_TITLE</base>
<trans>Site to Site OpenVPN Configuration</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>List of clients daemon</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Add a new client</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>List of servers daemon</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Add a new server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>This page lets you configure a new daemon acting as a client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Enter a description for this daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Leírás</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Enable or disable this daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Állapot</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authentication mechanism</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>This page lets you configure the authentication of this daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use the CRL verification , just let this field emtpy.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL update URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Enter the authoritative certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritative certificate</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Enter the hostname or IP address of the remote host</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Enter the private key in pem format</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Személyes kulcs</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Enter Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Remote host</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Enter the port the remote server uses</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Remote port</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Local virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Enter here the IP used by the tunnel on the remote host.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Remote virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0. You can enter multiple networks separated with a comma. Up to 20 networks are supported. Communication with these networks will be tunnelled through the VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Remote networks</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>This page lets you configure a new daemon acting as a server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Enter the local port this daemon will bind to. You need to choose a free port (not already used by another server, or any other service)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Local port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Another daemon already use this name</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>An error occured opening the secret key file</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Daemon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modify</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>remove</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Enter a unique identifier for this configuration. This field should contain only lower-case letters, numbers, periods, hyphens and underscores, and should start with a lower-case letter.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Invalid data, please check all the fileds again</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>This is not a valid list of networks</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>One of this network is already in your local networks</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contains invalid characters</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>This is not a valid port number</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>This port number is already used by another service</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>This is not a valid IP address in the form x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>This IP address is already used</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>You can't use an IP in this network because it's reserved</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>This IP address is part of one of your local networks</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Insecure parameter</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Érvényes érték</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Alapértelmezett</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Letöltés</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>betöltés</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>bejelentkezési állapot</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/id/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="id">
<entry>
<base>FORM_TITLE</base>
<trans>Site to Site OpenVPN Configuration</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>List of clients daemon</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Add a new client</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>List of servers daemon</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Add a new server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>This page lets you configure a new daemon acting as a client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Enter a description for this daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Gambaran</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Enable or disable this daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Status</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authentication mechanism</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>This page lets you configure the authentication of this daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use the CRL verification , just let this field emtpy.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL update URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Enter the authoritative certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritative certificate</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Enter the hostname or IP address of the remote host</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Enter the private key in pem format</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Private key</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Enter Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Remote host</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Enter the port the remote server uses</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Remote port</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Local virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Enter here the IP used by the tunnel on the remote host.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Remote virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0. You can enter multiple networks separated with a comma. Up to 20 networks are supported. Communication with these networks will be tunnelled through the VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Remote networks</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>This page lets you configure a new daemon acting as a server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Enter the local port this daemon will bind to. You need to choose a free port (not already used by another server, or any other service)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Local port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Another daemon already use this name</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>An error occured opening the secret key file</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Daemon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modify</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>remove</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Enter a unique identifier for this configuration. This field should contain only lower-case letters, numbers, periods, hyphens and underscores, and should start with a lower-case letter.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Invalid data, please check all the fileds again</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>This is not a valid list of networks</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>One of this network is already in your local networks</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contains invalid characters</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>This is not a valid port number</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>This port number is already used by another service</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>This is not a valid IP address in the form x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>This IP address is already used</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>You can't use an IP in this network because it's reserved</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>This IP address is part of one of your local networks</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Insecure parameter</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Nilai sekarang</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Default</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Download</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>Unggah</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>Link status</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/it/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="it">
<entry>
<base>FORM_TITLE</base>
<trans>Configurazione OpenVPN Site-to-Site</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[Questa pagina permette di gestire i tunnel OpenVPN site-to-site.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>Elenco dei demoni client</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Aggiungi un nuovo client</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>Lista dei demoni server</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Aggiungi un nuovo server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>Questa pagina consente di configurare un nuovo demone che funge da client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Inserire una descrizione per questo demone</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Descrizione</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Abilita o disabilita questo demone</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Stato</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Scegli il meccanismo di autenticazione.<br> Chiave Condivisa è semplice da configurare, perché non è necessario creare e gestire una PKI. Si deve solo creare una chiave segreta e configurarla su entrambi i lati.<br> L'autenticazione TLS è un pò più difficile da configurare in quanto è necessario gestire una PKI, ma fornisce un livello di sicurezza migliore (come il Perfect Forward Secrecy).<br> Se non è necessaria la sicurezza aggiuntiva fornita dall'uso di TLS, si dovrebbe scegliere Chiave Condivisa qui.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Meccanismo di autenticazione</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Chiave condivisa</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>Questa pagina consente di configurare l'autenticazione di questo demone</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>È possibile inserire un URL dove la lista dei certificati revocati (CRL) può essere trovata. SME Server aggiornerà il CRL ogni ora e verificherà che il certificato dell'endpoint remoto non sia revocato. Se non si vuole usare la verifica CRL, lasciare che questo campo vuoto.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>URL per l'update del CRL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Inserire il certificato di autorizzazione in formato PEM</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Certificato di autorizzazione</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Inserire il certificato di autorizzazione</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Inserire il certificato di autorizzazione</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Inserire hostname o indirizzo IP dello host remoto</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Inserire la chiave privata in formato PEM</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Chiave privata</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Inserire parametri del protocollo Diffie-Hellman</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Parametri del protocollo Diffie-Hellman</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Host remoto</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Inserire la porta in uso nel server remoto</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Porta remota</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Inserire qui l'IP utilizzato dal tunnel su questo host. Si dovrebbe scegliere un IP esterno alla rete locale. IP locale e remoto dovrebbero essere invertiti tra client e server. Ad esempio:<br> Dal lato server si configura IP locale: 10.2.0.1 e IP remoto: 10.2.0.2<br> Dal lato client si configura IP locale 10.2.0.2 e IP remoto 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>IP locale virtuale</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Inserire qui l'IP utilizzato dal tunnel sull'host remoto.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>IP remoto virtuale</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Inserisci qui le reti raggiungibili tramite l'host remoto. Es.: 192.168.25.0/255.255.255.0. È possibile inserire più reti separate con una virgola. Fino a 20 reti sono supportate. La comunicazione con queste reti avverrà attraverso la VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Reti remote</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Inserire la chiave segreta. È possibile creare le chiavi tramite il comando: openvpn --genkey --secret /dev/stdout<br> Questa chiave deve essere tenuta segreta e deve essere memorizzata solo su client e server. È necessario utilizzare diverse chiavi segrete per ogni coppia client/server.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[Si può inserire qui una chiave segreta opzionale.<br> Essa fornirà un ulteriore livello di sicurezza per il server.<br> È possibile creare le chiavi tramite il comando: openvpn --genkey --secret /dev/stdout<br> Questa chiave deve essere tenuta segreta, e deve essere memorizzata solo su client e server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Chiave condivisa</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>Questa pagina consente di configurare un nuovo demone che funge da server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Inserire la porta locale per questo demone. È necessario scegliere una porta libera (non utilizzata da un altro server, o qualsiasi altro servizio)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Porta locale</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[Si sta per eliminare la configurazione di questo demone. Tutte le reti instradate attraverso di esso non saranno più accessibili.<br> Sei sicuro di voler continuare?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Un altro demone utilizzano già questo nome</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>Errore durante l'apertura del file della chiave segreta</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>ID demone</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>Non ci sono ancora demoni configurati.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modifica</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>stato</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>rimuovi</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Immettere un identificatore univoco per questa configurazione. Il campo deve contenere solo lettere minuscole, numeri, punti, trattini e underscore, e dovrebbe iniziare con una lettera minuscola.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Dato non validi, controllare nuovamente tutti i campi</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>Questa non è una lista di reti valida</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>Una di queste reti è già nella tua rete</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contiene caratteri non validi</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>Questo non è un numero di porta valido</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>Questo porta è già in uso da un altro servizio</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>Questo non è un IP valido in formato x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>Questo IP è già in uso</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>Non è possibile utilizzare un indirizzo IP in questa rete perché è riservato</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>Questo IP è parte di una delle reti locali</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Parametro insicuro</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Valore suggerito</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Default</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Down</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>Connessione VPN ricaricata con successo</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Vuoi davvero ricaricare questa connessione VPN?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>ricaricare</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC fa parte della crittografia del canale dati per openvpn (dove viaggiano i dati) dopo la crittografia con il cipher. L'impostazione predefinita è SHA1 insicuro, ti consigliamo di utilizzare almeno SHA256. Questa impostazione dovrebbe corrispondere sia sul server che sul client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>Algoritmo HMAC</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>Il cipher utilizzato per il tuo canale dati per openvpn. L'impostazione predefinita è utilizzare l'algoritmo BlowFish insicuro. Ti consigliamo AES-128-CBC o superiore. Questa impostazione dovrebbe corrispondere sia sul server che sul client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Algoritmo di crittografia cipher</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound può essere abilitato o disabilitato (l'impostazione predefinita è abilitata). Quando abilitato, le connessioni avviate dal server stesso verranno SNATtate in modo che sembrino provenire dall'IP interno. Se disabilitato, le connessioni dal server stesso avranno l'IP virtuale come origine.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>Stato del link</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/ja/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="ja">
<entry>
<base>FORM_TITLE</base>
<trans>Site to Site OpenVPN Configuration</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>List of clients daemon</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Add a new client</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>List of servers daemon</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Add a new server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>This page lets you configure a new daemon acting as a client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Enter a description for this daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>説明</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Enable or disable this daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>状態</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authentication mechanism</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>This page lets you configure the authentication of this daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use the CRL verification , just let this field emtpy.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL update URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Enter the authoritative certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritative certificate</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Enter the hostname or IP address of the remote host</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Enter the private key in pem format</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>秘密鍵</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Enter Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Remote host</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Enter the port the remote server uses</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Remote port</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Local virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Enter here the IP used by the tunnel on the remote host.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Remote virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0. You can enter multiple networks separated with a comma. Up to 20 networks are supported. Communication with these networks will be tunnelled through the VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Remote networks</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>This page lets you configure a new daemon acting as a server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Enter the local port this daemon will bind to. You need to choose a free port (not already used by another server, or any other service)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Local port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Another daemon already use this name</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>An error occured opening the secret key file</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Daemon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modify</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>remove</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Enter a unique identifier for this configuration. This field should contain only lower-case letters, numbers, periods, hyphens and underscores, and should start with a lower-case letter.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Invalid data, please check all the fileds again</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>This is not a valid list of networks</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>One of this network is already in your local networks</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contains invalid characters</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>This is not a valid port number</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>This port number is already used by another service</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>This is not a valid IP address in the form x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>This IP address is already used</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>You can't use an IP in this network because it's reserved</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>This IP address is part of one of your local networks</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Insecure parameter</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>現在の値</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>デフォルト</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>ダウンロード</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>リンク</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>Link status</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/nb/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="nb">
<entry>
<base>FORM_TITLE</base>
<trans>Site to Site OpenVPN Configuration</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>List of clients daemon</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Add a new client</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>List of servers daemon</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Add a new server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>This page lets you configure a new daemon acting as a client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Enter a description for this daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Beskrivelse</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Enable or disable this daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Status</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authentication mechanism</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>This page lets you configure the authentication of this daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use the CRL verification , just let this field emtpy.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL update URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Enter the authoritative certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritative certificate</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Enter the hostname or IP address of the remote host</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Enter the private key in pem format</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Privat nøkkel</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Enter Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Remote host</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Enter the port the remote server uses</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Remote port</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Local virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Enter here the IP used by the tunnel on the remote host.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Remote virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0. You can enter multiple networks separated with a comma. Up to 20 networks are supported. Communication with these networks will be tunnelled through the VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Remote networks</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>This page lets you configure a new daemon acting as a server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Enter the local port this daemon will bind to. You need to choose a free port (not already used by another server, or any other service)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Local port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Another daemon already use this name</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>An error occured opening the secret key file</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Daemon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modify</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>remove</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Enter a unique identifier for this configuration. This field should contain only lower-case letters, numbers, periods, hyphens and underscores, and should start with a lower-case letter.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Invalid data, please check all the fileds again</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>This is not a valid list of networks</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>One of this network is already in your local networks</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contains invalid characters</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>This is not a valid port number</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>This port number is already used by another service</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>This is not a valid IP address in the form x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>This IP address is already used</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>You can't use an IP in this network because it's reserved</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>This IP address is part of one of your local networks</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Insecure parameter</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Gjeldende verdi</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Standard</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Last ned</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>last</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>Link status</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/nl/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="nl">
<entry>
<base>FORM_TITLE</base>
<trans>Site to Site OpenVPN Configuratie</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>Systeem lijst daemon</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Voeg een nieuwe cliënt toe</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>Lijst van server daemons </trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Voeg een nieuwe server toe</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>Deze pagina is voor het configureren van een nieuwe cliënt daemon</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Voer een beschrijving in voor deze daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Beschrijving</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Daemon aan of uit zetten</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Status</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authenticatie mechanisme</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Gedeelde sleutel</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>Deze pagina configureert the authenticatie van deze daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>U kunt de URL invoeren waar de CRL gevonden kan worden. Uw SME Server past de CRL elk uur aan en controleert of het certificaat van het vere systeem is ingetrokken. Laat dit veld leeg als U geen CRL verificatie wilt gebruiken. </trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL update URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Voer het autorisatie certificaat in pem formaat in</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Autorisatie certificaat</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Voer het certificaat in pem formaat in</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Voer het certificaat in pem formaat in</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Voer de hostnaam of IP adres in van het systeem op afstand</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Voer de privé sleutel in pem formaat in</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Privésleutel</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Voer Diffie-Hellman parameters in</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Verre host</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Voer het poort nummer in voor de verre host</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Verre poort</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Lokaal virtueel IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Voer hier het IP in zoals gebruikt bij de tunnel op de verre host.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Verre virtueel IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Voer hier de netwerken in die bereikbaar zijn via the verre host.. B.v. 192.168.25.0/255.255.255.0. U kunt meerdere netwerken invoeren gescheiden met komma's. Tot op 20 netwerken worden ondersteund. Communicatie met deze netwerken zal via the VPN tunnel gaan.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Verre netwerken</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Gedeelde sleutel</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>Deze pagina configureert een nieuwe server daemon</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Voer de lokale poort in die deze daemon zal gebruiken. U dient een vrije poort te kiezen (die niet in gebruik is door een andere server of dienst)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Lokale poort</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Een andere daemon gebruikt reeds deze naam</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>Er was een fout bij het openen van het geheime sleutel bestand</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Daemon Nr</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modificeer</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>verwijder</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Voer een unieke identificatie in voor deze configuratie. Dit veld mag alleen kleine letters, cijfers, punten, koppel tekens en lage streepjes bevatten. Het dient met een letter te beginnen.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Ongeldige data, controller alstublieft alle velden nog eens.</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>Dit is niet een geldige lijst van netwerken</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>Een van deze netwerken is reeds in Uw lokale netwerk.</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} bevat ongeldige tekens</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>Dit is geen geldig poort nummer</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>Dit poort nummer is reeds in gebruik bij een andere dienst</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>Dit is geen geldig IP adres in de vorm x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>Dit IP adres is reeds in gebruik</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>Dit IP is gereserveerd en kan niet in dit netwerk gebruikt worden</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>Dit IP is onderdeel van een van Uw lokale netwerken</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>DH configuratie gegevens</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Huidige waarde</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Standaard</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Ophalen</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Wilt u dit bericht versturen naar</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>laden</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>Login Status</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/pl/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="pl">
<entry>
<base>FORM_TITLE</base>
<trans>Site to Site OpenVPN Configuration</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>List of clients daemon</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Add a new client</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>List of servers daemon</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Add a new server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>This page lets you configure a new daemon acting as a client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Enter a description for this daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Opis</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Enable or disable this daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Stan</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authentication mechanism</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>This page lets you configure the authentication of this daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use the CRL verification , just let this field emtpy.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL update URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Enter the authoritative certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritative certificate</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Enter the hostname or IP address of the remote host</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Enter the private key in pem format</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Klucz osobisty</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Enter Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Remote host</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Enter the port the remote server uses</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Remote port</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Local virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Enter here the IP used by the tunnel on the remote host.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Remote virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0. You can enter multiple networks separated with a comma. Up to 20 networks are supported. Communication with these networks will be tunnelled through the VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Remote networks</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>This page lets you configure a new daemon acting as a server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Enter the local port this daemon will bind to. You need to choose a free port (not already used by another server, or any other service)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Local port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Another daemon already use this name</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>An error occured opening the secret key file</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Daemon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modify</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>remove</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Enter a unique identifier for this configuration. This field should contain only lower-case letters, numbers, periods, hyphens and underscores, and should start with a lower-case letter.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Invalid data, please check all the fileds again</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>This is not a valid list of networks</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>One of this network is already in your local networks</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contains invalid characters</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>This is not a valid port number</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>This port number is already used by another service</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>This is not a valid IP address in the form x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>This IP address is already used</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>You can't use an IP in this network because it's reserved</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>This IP address is part of one of your local networks</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Insecure parameter</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Wartość Obecna</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Domyślnie</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Pobierz</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>Wdrożenie</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>status logowania</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/pt-br/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="pt-br">
<entry>
<base>FORM_TITLE</base>
<trans>Configuração OpenVPN de Site a Site</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>Lista de daemons de clientes</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Adicionar um novo cliente</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>Lista de daemons servidores</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Adicionar um novo servidor</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>Está página permite que você configure um novo daemon atuando como cliente</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Digite a descrição para este daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Descrição</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Habilita ou desabilita este daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Status</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Mecanismo de autenticação</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Chave compartilhada</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>Esta página permite que você configure o mecanismo de autenticação do daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>Você pode entrar uma URL onde o CRL esteja disponível. Seu servidor SME atualizará o CRL a cada hora e verificará se o certificado da ponta remota não está revogado. Se você não quer usar a verificação CRL, apenas deixe este campo em branco.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>URL para atualização do CRL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Digite o certificado autorizador no formato PEM</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Certificado Autorizador</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Digite o certificado no formato PEM</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Digite o certificado no formato PEM</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Digite o nome de host ou endereço IP do host remoto</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Digite a chave privada no formato PEM</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Chave privada</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Digite os parâmetros Diffie-Hellman</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Parâmetros Diffie-Hellman</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Host remoto</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Digite a porta que o servidor remoto usa</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Porta remota</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>IP local virtual </trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Digite aqui o IP usado pelo tunel para o host remoto</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>IP virtual remoto</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Digite aqui as redes alcançáveis através do host remoto. Exemplo: 192.168.10.0/255.255.255.0. Você pode digitar múltiplas redes separando-as com uma vírgula. Até 20 redes são suportadas. A comunicação com estas redes será tunelada através da VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Redes remotas</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Chave compartilhada</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>Esta página permite que você configure um novo daemon atuando como servidor</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Digite a porta local em que este daemon se conectará. Você precisa escolher uma porta livre (não usada por nenhum outro servidor ou outro serviço)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Porta local</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Outro daemon já usa este nome</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>Ocorreu um erro abrindo o arquivo de chave secreta</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>ID do daemon</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modificar</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>remover</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Digite um identificado único para esta configuração. Este campo deve conter apenas letras minúsculas, números, pontos, hifens e sublinhado e deve iniciar com uma letra minúscula.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Dados inválidos, por favor verifique todos campos novamente</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>Esta não é uma lista de redes válidas</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>Uma destas redes já está em sua lista de redes locais</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contém caracteres inválidos</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>Este não é um número de porta válido</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>Este número de porta já está em uso por outro serviço</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>Este não é um endereço IP válido no formato x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>Este endereço IP já está usado</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>Você não pode usar um IP nesta rede porque ele é reservado</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>Este endereço IP é parte de uma de suas redes locais</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Parametros DH</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Valor atual</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Padrão</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Baixar</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Você quer enviar essa mensagem para </trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>carregar</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>status do login</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/pt/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="pt">
<entry>
<base>FORM_TITLE</base>
<trans>Site to Site OpenVPN Configuration</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>List of clients daemon</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Add a new client</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>List of servers daemon</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Add a new server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>This page lets you configure a new daemon acting as a client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Enter a description for this daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Descrição</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Enable or disable this daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Status</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authentication mechanism</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>This page lets you configure the authentication of this daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use the CRL verification , just let this field emtpy.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL update URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Enter the authoritative certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritative certificate</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Enter the hostname or IP address of the remote host</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Enter the private key in pem format</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Chave privada</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Enter Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Remote host</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Enter the port the remote server uses</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Remote port</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Local virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Enter here the IP used by the tunnel on the remote host.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Remote virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0. You can enter multiple networks separated with a comma. Up to 20 networks are supported. Communication with these networks will be tunnelled through the VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Remote networks</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>This page lets you configure a new daemon acting as a server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Enter the local port this daemon will bind to. You need to choose a free port (not already used by another server, or any other service)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Local port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Another daemon already use this name</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>An error occured opening the secret key file</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Daemon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modify</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>remove</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Enter a unique identifier for this configuration. This field should contain only lower-case letters, numbers, periods, hyphens and underscores, and should start with a lower-case letter.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Invalid data, please check all the fileds again</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>This is not a valid list of networks</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>One of this network is already in your local networks</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contains invalid characters</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>This is not a valid port number</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>This port number is already used by another service</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>This is not a valid IP address in the form x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>This IP address is already used</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>You can't use an IP in this network because it's reserved</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>This IP address is part of one of your local networks</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Insecure parameter</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Valor actual</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Padrão</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Baixar</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>ler</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>status do login</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/ro/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="ro">
<entry>
<base>FORM_TITLE</base>
<trans>Site to Site OpenVPN Configuration</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>List of clients daemon</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Add a new client</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>List of servers daemon</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Add a new server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>This page lets you configure a new daemon acting as a client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Enter a description for this daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Descriere</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Enable or disable this daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Stare</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authentication mechanism</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>This page lets you configure the authentication of this daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use the CRL verification , just let this field emtpy.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL update URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Enter the authoritative certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritative certificate</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Enter the hostname or IP address of the remote host</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Enter the private key in pem format</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Private key</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Enter Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Remote host</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Enter the port the remote server uses</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Remote port</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Local virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Enter here the IP used by the tunnel on the remote host.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Remote virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0. You can enter multiple networks separated with a comma. Up to 20 networks are supported. Communication with these networks will be tunnelled through the VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Remote networks</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>This page lets you configure a new daemon acting as a server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Enter the local port this daemon will bind to. You need to choose a free port (not already used by another server, or any other service)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Local port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Another daemon already use this name</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>An error occured opening the secret key file</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Daemon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modify</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>remove</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Enter a unique identifier for this configuration. This field should contain only lower-case letters, numbers, periods, hyphens and underscores, and should start with a lower-case letter.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Invalid data, please check all the fileds again</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>This is not a valid list of networks</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>One of this network is already in your local networks</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contains invalid characters</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>This is not a valid port number</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>This port number is already used by another service</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>This is not a valid IP address in the form x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>This IP address is already used</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>You can't use an IP in this network because it's reserved</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>This IP address is part of one of your local networks</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Insecure parameter</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Valoare curentă</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Implicit</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Descarcă</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>Încărcaţi</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>Link status</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/ru/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="ru">
<entry>
<base>FORM_TITLE</base>
<trans>Site to Site OpenVPN Configuration</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>List of clients daemon</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Добавить нового клиента</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>List of servers daemon</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Добавить новый сервер</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>This page lets you configure a new daemon acting as a client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Enter a description for this daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Описание</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Enable or disable this daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Состояние</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Механизм аутентификации</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Общий ключ</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>This page lets you configure the authentication of this daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use the CRL verification , just let this field emtpy.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL обновления URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Enter the authoritative certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritative certificate</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Введите сертификат в формате pem</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Введите сертификат в формате pem</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Введите имя или IP-адрес удаленного хоста</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Введите закрытый ключ в формате pem</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Закрытый ключ</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Enter Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Удаленный хост</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Введите порт использемый удаленным сервером</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Удаленный порт</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Локальный виртуальный IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Введите здесь IP используемый туннелем на удаленном хосте.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Удалённый виртуальный IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0. You can enter multiple networks separated with a comma. Up to 20 networks are supported. Communication with these networks will be tunnelled through the VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Удаленные сети</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Общий ключ</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>This page lets you configure a new daemon acting as a server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Enter the local port this daemon will bind to. You need to choose a free port (not already used by another server, or any other service)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Локальный порт</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Another daemon already use this name</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>Произошла ошибка открытия файла секретного ключа</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Daemon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>изменить</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>состояние</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>удалить</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Enter a unique identifier for this configuration. This field should contain only lower-case letters, numbers, periods, hyphens and underscores, and should start with a lower-case letter.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Неверные данные, пожалуйста, проверьте все поля снова</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>Это не допустимый список сетей</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>Одина из этой сети уже есть в ваших локальных сетях</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} содержит недопустимые символы</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>Это не правильный номер порта</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>Этот порт уже используется другой службой</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>Это не допустимый IP-адрес в виде x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>Этот IP-адрес уже используется</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>Не можете использовать IP из этой сети, потому что она зарезервирована</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>Этот IP-адрес является частью одной из ваших локальных сетей</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Параметры DH</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Текущее значение</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>По умолчанию</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Скачать</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>Загрузить</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>статус логина</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/sl/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="sl">
<entry>
<base>FORM_TITLE</base>
<trans>Site to Site OpenVPN Configuration</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>List of clients daemon</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Add a new client</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>List of servers daemon</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Add a new server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>This page lets you configure a new daemon acting as a client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Enter a description for this daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Opis</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Enable or disable this daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Status</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authentication mechanism</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>This page lets you configure the authentication of this daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use the CRL verification , just let this field emtpy.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL update URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Enter the authoritative certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritative certificate</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Enter the hostname or IP address of the remote host</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Enter the private key in pem format</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Private key</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Enter Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Remote host</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Enter the port the remote server uses</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Remote port</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Local virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Enter here the IP used by the tunnel on the remote host.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Remote virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0. You can enter multiple networks separated with a comma. Up to 20 networks are supported. Communication with these networks will be tunnelled through the VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Remote networks</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>This page lets you configure a new daemon acting as a server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Enter the local port this daemon will bind to. You need to choose a free port (not already used by another server, or any other service)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Local port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Another daemon already use this name</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>An error occured opening the secret key file</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Daemon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modify</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>remove</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Enter a unique identifier for this configuration. This field should contain only lower-case letters, numbers, periods, hyphens and underscores, and should start with a lower-case letter.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Invalid data, please check all the fileds again</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>This is not a valid list of networks</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>One of this network is already in your local networks</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contains invalid characters</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>This is not a valid port number</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>This port number is already used by another service</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>This is not a valid IP address in the form x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>This IP address is already used</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>You can't use an IP in this network because it's reserved</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>This IP address is part of one of your local networks</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Insecure parameter</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Trenutna vrednost</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Privzeto</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Prenesi LOG datoteko</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>Naloži</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>Status</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/sv/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="sv">
<entry>
<base>FORM_TITLE</base>
<trans>Konfiguration för Plats till Plats OpenVPN</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>Lista över klienternas demoner</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Lägg till en ny klient</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>Lista över serverns demoner</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Lägg til en ny server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>Denna sida låter dig konfigurera en ny demon som agerar som en klient</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Ange en beskrivning för denna demon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Beskrivning</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Aktivera eller avaktivera denna demon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Status</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Autentiseringsmekanism</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Delad nyckel</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>Denna sida låter dig konfigurera autentisieringen av denna demon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>Du kan ange en URL där CRL kan hittas. Din SME kommer att uppdatera CRL varje timme och kontrollera så att certifikatet på fjärrslutpunkten inte är återkallat. OM du inte önskar använda CRL verifieringen lämna detta fält tomt.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL uppdatering URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Ange det auktoriserande certifikatet i pem-format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Auktoriserande certifikatet</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Ange certifikatet i pem-format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Ange certifikatet i pem-format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Ange värdnamn eller IP-adress till fjärrvärden</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Ange den privata nyckeln i pem-format</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Privat nyckel</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Ange Diffie-Hellman parametrarna</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parametrarna</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Fjärrvärd</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Ange porten som fjärrvärden använder</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Fjärrport</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Lokal virtuell IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Ange här den IP-adress på tunneln som fjärrvärden använder.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Fjärr vituell IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Ange här de nätverk som kan nås genom fjärrvärden, exvis 192.168.25.0/255.255.255.0. Du kan ange multipla nätverk separerade med komma. Upp till 20 nätverk stöds. Kommunikation med dessa nätverk kommer att tunnlas genom VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Fjärrnätverk</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Delad nyckel</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>Denna sida låter dig konfigurera en demon som agerar som en server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Ange den lokala port som demonen skall kopplas till. Du behöver välja en ledig port (som inte används av en annan server eller tjänst)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Lokal port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>En annan demon använder redan detta namn</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>Ett fel inträffade vid öppnandet av den hemliga nyckelfilen</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Demon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>ändra</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>ta bort</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Ange en unik identifierare för denna konfiguration. Detta fält kan endast innehålla gemener, siffror, punkter, bindestreck eller understreck och skall börja med en gemen.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Otullåten data, kontrollera alla fälten igen</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>Detta är inte en tillåten lista över nätverk</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>En av dessa nätverk finns redan bland dina lokala nätverk</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} innehåller otillåtna tecken</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>Detta är inte ett tillåtet portnummer</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>Denna port används redan av en annan tjänst</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>Detta är inte en tillåten IP-adress i formatet x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>Denna IP-adress används redan</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>Du kan inte använda en IP i detta nätverk eftersom den är reserverad</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>Denna IP-adress är en del av ett av dina nätverk</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>DH-parametrar</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Aktuellt värde</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Förvalt</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Ladda ner</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>läsa in</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>inloggningsstatus</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/th/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="th">
<entry>
<base>FORM_TITLE</base>
<trans>Site to Site OpenVPN Configuration</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>List of clients daemon</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Add a new client</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>List of servers daemon</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Add a new server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>This page lets you configure a new daemon acting as a client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Enter a description for this daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>รายละเอียด</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Enable or disable this daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>สถานะ</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authentication mechanism</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>This page lets you configure the authentication of this daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use the CRL verification , just let this field emtpy.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL update URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Enter the authoritative certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritative certificate</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Enter the hostname or IP address of the remote host</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Enter the private key in pem format</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>กุญแจส่วนตัว</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Enter Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Remote host</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Enter the port the remote server uses</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Remote port</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Local virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Enter here the IP used by the tunnel on the remote host.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Remote virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0. You can enter multiple networks separated with a comma. Up to 20 networks are supported. Communication with these networks will be tunnelled through the VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Remote networks</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>This page lets you configure a new daemon acting as a server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Enter the local port this daemon will bind to. You need to choose a free port (not already used by another server, or any other service)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Local port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Another daemon already use this name</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>An error occured opening the secret key file</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Daemon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modify</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>remove</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Enter a unique identifier for this configuration. This field should contain only lower-case letters, numbers, periods, hyphens and underscores, and should start with a lower-case letter.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Invalid data, please check all the fileds again</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>This is not a valid list of networks</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>One of this network is already in your local networks</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contains invalid characters</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>This is not a valid port number</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>This port number is already used by another service</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>This is not a valid IP address in the form x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>This IP address is already used</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>You can't use an IP in this network because it's reserved</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>This IP address is part of one of your local networks</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Insecure parameter</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>ค่าปัจจุบัน</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>ค่าปริยาย</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>ดาวน์โหลด</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>เอาออก</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>Link status</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/tr/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="tr">
<entry>
<base>FORM_TITLE</base>
<trans>Site to Site OpenVPN Configuration</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>List of clients daemon</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Add a new client</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>List of servers daemon</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Add a new server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>This page lets you configure a new daemon acting as a client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Enter a description for this daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Açıklama</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Enable or disable this daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Durum</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authentication mechanism</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>This page lets you configure the authentication of this daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use the CRL verification , just let this field emtpy.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL update URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Enter the authoritative certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritative certificate</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Enter the hostname or IP address of the remote host</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Enter the private key in pem format</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Private key</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Enter Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Remote host</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Enter the port the remote server uses</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Remote port</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Local virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Enter here the IP used by the tunnel on the remote host.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Remote virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0. You can enter multiple networks separated with a comma. Up to 20 networks are supported. Communication with these networks will be tunnelled through the VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Remote networks</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>This page lets you configure a new daemon acting as a server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Enter the local port this daemon will bind to. You need to choose a free port (not already used by another server, or any other service)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Local port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Another daemon already use this name</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>An error occured opening the secret key file</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Daemon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>değişiklik yap</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>çıkar/kaldır/sil</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Enter a unique identifier for this configuration. This field should contain only lower-case letters, numbers, periods, hyphens and underscores, and should start with a lower-case letter.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Invalid data, please check all the fileds again</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>This is not a valid list of networks</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>One of this network is already in your local networks</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contains invalid characters</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>This is not a valid port number</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>This port number is already used by another service</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>This is not a valid IP address in the form x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>This IP address is already used</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>You can't use an IP in this network because it's reserved</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>This IP address is part of one of your local networks</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>parametre</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Güncel değer</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Varsayılan</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>İndirme</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>yükle</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>algoritma</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>çevre birimi</trans>
</entry>
<entry>
<base>LINK</base>
<trans>oturum durumu</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/zh-cn/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="zh-cn">
<entry>
<base>FORM_TITLE</base>
<trans>站到站的OpenVPN配置</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>客户端列表</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>添加新的客户端</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>服务器后台列表</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Add a new server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>This page lets you configure a new daemon acting as a client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Enter a description for this daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>描述</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Enable or disable this daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>状态</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authentication mechanism</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>共享密钥</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>This page lets you configure the authentication of this daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use the CRL verification , just let this field emtpy.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL update URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Enter the authoritative certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritative certificate</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Enter the hostname or IP address of the remote host</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>使用PEM格式输入私钥</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>私钥</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Enter Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>远程主机</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>输入远程服务器使用的端口</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>远程端口</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>本地虚拟IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Enter here the IP used by the tunnel on the remote host.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>远程虚拟IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0. You can enter multiple networks separated with a comma. Up to 20 networks are supported. Communication with these networks will be tunnelled through the VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>远程网络</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>共享密钥</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>This page lets you configure a new daemon acting as a server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>请选择一个本地端口。您必须选择一个空闲的端口。(即未被其它服务占用的端口。)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>本地端口</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>另一个后台已经使用了这个名字</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>打开密钥文件时出错</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>后台ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>修改</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>状态</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>移除</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Enter a unique identifier for this configuration. This field should contain only lower-case letters, numbers, periods, hyphens and underscores, and should start with a lower-case letter.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Invalid data, please check all the fileds again</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>无效的网络列表</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>其中一个网络已经在本地网络</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} 包含无效的字符</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>无效的端口号</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>这个端口已经被另外一个服务使用。</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>This is not a valid IP address in the form x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>这个IP地址已被使用。</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>You can't use an IP in this network because it's reserved</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>这个IP地址是您的本地网络地址。</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Insecure parameter</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>当前值</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>默认</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>下载</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>载入</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>mailman状态</trans>
</entry>
</lexicon>

314
root/etc/e-smith/locale/zh-tw/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,314 @@
<lexicon lang="zh-tw">
<entry>
<base>FORM_TITLE</base>
<trans>網站對網站的OpenVPN設定</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[此頁面讓您管理站台到站台的OpenVPN通道。<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>終端背景程式表列</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>增加新的終端機</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>伺服器背景程式表列</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>增加新的伺服器</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>此頁面讓您設定新的背景程式如同終端機般運作。</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>為此背景程式輸入描述</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>描述</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>啟用或禁用此背景程式</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>狀態</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[選擇認證機制。<br>共享金鑰簡單易設因為您無需建立與管理PKI。您只需建立秘密金鑰並於兩端設定。<br>TLS認證在設定上較困難您將需管理PKI但是提供較佳層級的安全性如Perfect Forward Secrecy。<br>倘若您不在意TLS所提供的額外安全性您應該於此選擇共享金鑰。]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>認證機制</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>共享金鑰</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>此頁面讓您設定此背景程式的認證</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>您可輸入憑證撤銷清單CRL可被找到的網址。您的SME伺服器將每小時更新憑證撤銷清單CRL並且檢查尚未撤銷的遠端憑證。</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>憑證撤銷清單更新網址</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>輸入PEM格式的認證憑證</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>授權憑證</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>輸入PEM格式的憑證</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>輸入PEM格式的憑證</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>輸入遠端主機的主機名稱或IP位址</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>以pem格式輸入私人金鑰</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>私鑰</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>輸入Diffie-Hellman參數</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman參數</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>遠端主機</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>輸入遠端伺服器使用的埠號</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>遠端埠號</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[輸入此部主機中通道所占用的IP。您應選擇區網中以外的IP。本地與遠端IP應當在終端機與伺服器中保留。例如<br>在伺服器端您設定本地IP10.2.0.1 與遠端IP10.2.0.2<br> 在終端機端您必須設定本地IP10.2.0.2 與IP10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>本地虛擬IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>輸入遠端主機通道所佔用的IP。</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>遠端虛擬IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>請於此處輸入遠端主機可接觸的網段。例如192.168.25.0/255.255.255.0。您可使用逗點作為分隔輸入多重網段。最多可支援20個網段。這些網段之間的溝通將透過VPN通道。</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>遠端網路</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[請輸入安全金鑰。您可使用以下命令建立金鑰openvpn --genkey --secret /dev/stdout<br>此金鑰應當被安全保存,而且僅能保存於終端機與伺服器。您應當為每對終端機/伺服器使用不同的安全金鑰]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[您可於此輸入選擇性安全金鑰。<br>它將為您的伺服器提供特別的安全層級。<br> 您可使用以下命令建立金鑰openvpn --genkey --secret /dev/stdout<br>此金鑰應當被安全保存,而且僅能保存於終端機與伺服器。]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>共享金鑰</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>此頁面讓您設定新的背景程式如同伺服器般運作。</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>請輸入背景程式將對應的埠號。您應當選擇一個空的埠號(未被其他伺服器或服務所使用)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>本地埠號</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[您正準備移除此背景程式的設定檔。所有通過它的網路路由將無法存取。<br>您確定要繼續?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>另一背景程式已經使用此名稱</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>打開安全金鑰檔時出錯</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>背景程式ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>尚未設定背景程式。]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>修正</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>狀態</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>移除</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>輸入此設定的唯一標識。此區塊僅能包含小寫字母、數字、句號、連字號和底線,而且應該由小寫字母開始。</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>無效資料,請再次檢查所有區塊</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>此非有效的網路表列</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>其中之一網路已在區網中</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string}包含無效字元</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>此非有效埠號</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>此埠號已被其它服務使用</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>此非有效x.x.x.x的IP位址格式。</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>此IP位址已被使用。</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>您無法在此網段中使用此IP因為它已經被保留了。</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>此IP位址是您區網之一。</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>DH參數</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>現值</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>預設</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>下載</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>您有想要將此訊息傳送到</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>載入</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>Mailman狀態</trans>
</entry>
</lexicon>

17
root/etc/e-smith/templates/etc/crontab/openvpn-s2s-crl Normal file
View File

@ -0,0 +1,17 @@
{
if ((${'openvpn-s2s'}{'status'} || 'disabled') eq 'enabled'){
$OUT .=<<"HERE";
# Update OpenVPN Site To Site CRLs
10 * * * * root /etc/e-smith/events/actions/openvpn-s2s-update-crl 2>&1 /dev/null
HERE
}
else{
$OUT .=<<"HERE";
# OpenVPN Site to Site service is disabled
# CRL updates are not running
HERE
}
}

8
root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/00setup Normal file
View File

@ -0,0 +1,8 @@
{
$db = esmith::ConfigDB->open_ro('openvpn-s2s') || die "Couldn't open Ovpns2sDB\n";
$key = $DB_KEY;
$type = $db->get_prop($key,'type') || 'server';
$log = $db->get_prop($key,'LogLevel') || '3';
$OUT .= '';
}

22
root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/10bind Normal file
View File

@ -0,0 +1,22 @@
{
my $remote = $db->get_prop($key,'RemoteHost') || '';
my $port = $db->get_prop($key,'Port') || '1195';
my $protocol = $db->get_prop($key,'Protocol') || 'udp';
$protocol = 'tcp-'."$type" if ($protocol eq 'tcp');
$OUT .= "port $port\n";
$OUT .= "proto $protocol\n";
$OUT .= "dev tun".$key."\n";
# In server mode, if remote is emtpy, we should add the float directive
if ($type eq 'server'){
$OUT .= ($remote eq '') ? "float\n":"remote $remote\n";
}
else{
$OUT .= "nobind\n";
$OUT .= "remote $remote\n";
}
}

9
root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/20daemon Normal file
View File

@ -0,0 +1,9 @@
# Drop down privileges
user openvpn
group openvpn
chroot /etc/openvpn/s2s
persist-key
persist-tun

81
root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key Normal file
View File

@ -0,0 +1,81 @@
# Authentication
{
my $auth = $db->get_prop($key,'Authentication') || 'TLS';
my $checkcrt = $db->get_prop($key,'CheckCertificateUsage') || 'disabled';
my $tlsremote = $db->get_prop($key,'RemoteCommonName') || '';
#HMAC default is SHA1 if empty, we really want higher on new setup, but keep empty for default on existing one...
# need to be changed on both side
my $HMAC = ( $db->get_prop($key,'HMAC') ) ? $db->get_prop($key,'HMAC') : undef;
# cipher default to BF if empty, we really want higher on new setup, but keep empty for default on existing one...
# # here openvpn uses encrypt-then-mc so no issue using CBC rather than GCM, and GCM not implemented before openvpn 2.4 for data channel
my $cipher = ( $db->get_prop($key,'Cipher') && $db->get_prop($key,'Cipher') ne 'auto')? $db->get_prop($key,'Cipher') : undef;
## we do not want any tls 1.1 or lower, this does not break anything to force, unless the client is very old and limited to 1.1 or lower
my $tlsVmin = ( $db->get_prop($key,'tlsVmin') && ( $db->get_prop($key,'tlsVmin') =~ /^1\.[0-9]{1}$/ ) ) ? $db->get_prop($key,'tlsVmin') : "1.2";
# TLS 1.3 encryption settings
my $tlsCipherSuites13 = ( $db->get_prop($key,'tlsCipherSuites13') ) ? $db->get_prop($key,'tlsCipherSuites13') : "TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
# # TLS 1.2 encryption settings
my $tlsCipher12 = ( $db->get_prop($key,'tlsCipher12') ) ? $db->get_prop($key,'tlsCipher12') : "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256";
if ($auth eq 'SharedKey'){
$OUT .= "secret priv/$key"."_sharedkey.pem\n";
}
elsif ($auth eq 'TLS'){
if ($type eq 'server'){
$OUT .= "tls-server\n";
$OUT .= "tls-version-min $tlsVmin\n";
$OUT .= "tls-cipher $tlsCipher12\n" if defined $tlsCipher12;
$OUT .= "tls-ciphersuites $tlsCipherSuites13\n" if defined $tlsCipherSuites13;
$OUT .= "ca pub/$key" . "_cacert.pem\n";
$OUT .= "cert pub/$key" . "_cert.pem\n";
$OUT .= "key priv/$key" . "_key.pem\n";
$OUT .= "dh pub/$key" . "_dh.pem\n";
$OUT .= "# we might be able to disable dh param with this one, NSA-'s recommended curve\n";
$OUT .= "ecdh-curve secp384r1\n";
$OUT .= "tls-auth priv/$key" . "_sharedkey.pem 0\n"
if ( -e "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' ) &&
( ! -z "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' );
$OUT .= "crl-verify pub/$key" . "_cacrl.pem\n"
if ( -e "/etc/openvpn/s2s/pub/$key".'_cacrl.pem' ) &&
( ! -z "/etc/openvpn/s2s/pub/$key".'_cacrl.pem' );
$OUT .= "ns-cert-type client\n" if ($checkcrt eq 'enabled');
$OUT .= "verify-x509-name $tlsremote name\n" if ($tlsremote ne '');
}
else{
$OUT .= "tls-client\n";
$OUT .= "tls-version-min $tlsVmin\n";
$OUT .= "tls-cipher $tlsCipher12\n" if defined $tlsCipher12;
$OUT .= "tls-ciphersuites $tlsCipherSuites13\n" if defined $tlsCipherSuites13;
$OUT .= "ca pub/$key" . "_cacert.pem\n";
$OUT .= "cert pub/$key" . "_cert.pem\n";
$OUT .= "key priv/$key" . "_key.pem\n";
$OUT .= "# we might be able to disable dh param with this one, NSA-'s recommended curve\n";
$OUT .= "ecdh-curve secp384r1\n";
$OUT .= "tls-auth priv/$key" . "_sharedkey.pem 1\n"
if ( -e "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' ) &&
( ! -z "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' );
$OUT .= "crl-verify pub/$key" . "_cacrl.pem\n"
if ( -e "/etc/openvpn/s2s/pub/$key".'_cacrl.pem' ) &&
( ! -z "/etc/openvpn/s2s/pub/$key".'_cacrl.pem' );
$OUT .= "ns-cert-type server\n" if ($checkcrt eq 'enabled');
$OUT .= "verify-x509-name $tlsremote name\n" if ($tlsremote ne '');
}
}
# available for both sharedkey and tls
# data channel
$OUT .= "#securing data channel\n";
$OUT .= (defined $cipher) ? "cipher $cipher\n" : "# no cipher defined default to Blowfish, this is INSECURE, please consider AES-128-CBC or higher on both client and server\n";
#auth SHA512
$OUT .= (defined $HMAC )? "auth $HMAC\n" : "# no HMAC defined, default to SHA1, please consider SHA256 or higher on both client and server\n";
#
}

16
root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/40routes Normal file
View File

@ -0,0 +1,16 @@
route-noexec
up bin/up
# Remote Networks
{
foreach my $net (split(/[;,]/,($db->get_prop($key,'RemoteNetworks') || ''))){
$net =~ m!(.*)/(.*)!;
my ($netaddr,$mask) = ($1,$2);
$OUT .= "route $netaddr $mask\n";
}
}
setenv vpnid {"$key";}

8
root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/50vpnIP Normal file
View File

@ -0,0 +1,8 @@
{
my $localip = $db->get_prop($key,'LocalIP');
my $remoteip = $db->get_prop($key,'RemoteIP');
$OUT .= "ifconfig $localip $remoteip\n";
}

19
root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/60options Normal file
View File

@ -0,0 +1,19 @@
# Options
{
my $comp = $db->get_prop($key,'Compression') || 'enabled';
$OUT .= "comp-lzo adaptive\n" if ($comp eq 'enabled');
if ($type eq 'server'){
$OUT .= "ping-timer-rem\n";
}
}
keepalive 5 20
mtu-test
passtos

10
root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/70custom Normal file
View File

@ -0,0 +1,10 @@
# Custom options
{
my $custom = "/etc/openvpn/s2s/$key" . '.conf.custom';
if ( -e "$custom" ){
Text::Template::_load_text("$custom");
}
}

6
root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/90log Normal file
View File

@ -0,0 +1,6 @@
# Log
status-version 2
status status-{"$key";}.txt
verb {"$log";}
log-append /var/log/openvpn-s2s/{"$key";}.log

8
root/etc/e-smith/templates/etc/rc.d/init.d/masq/40snatVPN Normal file
View File

@ -0,0 +1,8 @@
# Will handle SNAT for Site to Site VPN
/sbin/iptables --table nat --new-chain SnatVPN
/sbin/iptables --table nat --new-chain SnatVPN_1
/sbin/iptables --table nat --append SnatVPN -j SnatVPN_1
/sbin/iptables --table nat --append POSTROUTING \
--out-interface tun+ -j SnatVPN

27
root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSnatVPN Normal file
View File

@ -0,0 +1,27 @@
{
my $ovpndb = esmith::ConfigDB->open_ro('openvpn-s2s');
# Find the current SnatVPN_$$ chain, and create a new one.
$OUT .=<<'EOF';
OLD_SnatVPN=$(get_safe_id SnatVPN nat find)
NEW_SnatVPN=$(get_safe_id SnatVPN nat new)
/sbin/iptables --table nat --new-chain $NEW_SnatVPN
EOF
foreach my $vpn ($ovpndb->get_all_by_prop(type=>('client')),
$ovpndb->get_all_by_prop(type=>('server'))){
$OUT .= " /sbin/iptables --table nat --append \$NEW_SnatVPN --out-interface tun" . $vpn->key .
" -s " . $vpn->prop('LocalIP') . " -j SNAT --to-source $InternalInterface{'IPAddress'}\n"
if (($vpn->prop('SnatOutbound') || 'yes') =~ m/(yes|enabled)/i);
}
# Having created a new SnatVPN chain, activate it and destroy the old.
$OUT .=<<'EOF';
/sbin/iptables --table nat --replace SnatVPN 1 \
--jump $NEW_SnatVPN
/sbin/iptables --table nat --flush $OLD_SnatVPN
/sbin/iptables --table nat --delete-chain $OLD_SnatVPN
EOF
}

10
root/etc/e-smith/templates/etc/rc.d/init.d/masq/90local_chk49vpn_networks Normal file
View File

@ -0,0 +1,10 @@
{
my $ovpndb = esmith::ConfigDB->open_ro('openvpn-s2s');
foreach my $vpn ($ovpndb->get_all_by_prop(type=>('client')),
$ovpndb->get_all_by_prop(type=>('server'))){
$OUT .= "/sbin/iptables -A \$NEW_local_chk --in-interface tun" . $vpn->key .
" -j denylog\n" if (($vpn->prop('AllowInbound') || 'yes') eq 'no');
}
}

231
root/etc/e-smith/web/functions/openvpns2s Normal file
View File

@ -0,0 +1,231 @@
#! /usr/bin/perl -wT
# vim: ft=xml:
#----------------------------------------------------------------------
# heading : Configuration
# description : OpenVPN Site to Site
# navigation : 6000 6750
#----------------------------------------------------------------------
#----------------------------------------------------------------------
# copyright (C) 2010 Firewall Services
# Dejan Florian, Berteaud Daniel <daniel@firewall-services.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#----------------------------------------------------------------------
use strict;
use warnings;
use esmith::FormMagick;
use esmith::FormMagick::Panel::openvpns2s;
my $f = esmith::FormMagick::Panel::openvpns2s->new();
$f->display();
__DATA__
<form title="FORM_TITLE"
header="/etc/e-smith/web/common/head.tmpl"
footer="/etc/e-smith/web/common/foot.tmpl">
#----------------------------------------------------------------
# MAIN PAGE
#----------------------------------------------------------------
<page name="FIRST_PAGE" pre-event="print_status_message()">
<field type="literal" id="main_desc" value="">
<description>DESC_MAIN_PAGE</description>
</field>
<subroutine src="print_section_bar()"/>
<field type="literal" id="client_label" value="">
<description>LABEL_CLIENTS</description>
</field>
<subroutine src="print_custom_button('ADD_CLIENT', 'CREATE_OR_MODIFY_CLIENT_CONF_PAGE')"/>
<subroutine src="print_conf_table('client')"/>
<subroutine src="print_section_bar()"/>
<field type="literal" id="server_label" value="">
<description>LABEL_SERVERS</description>
</field>
<subroutine src="print_custom_button('ADD_SERVER', 'CREATE_OR_MODIFY_SERVER_CONF_PAGE')"/>
<subroutine src="print_conf_table('server')"/>
</page>
#----------------------------------------------------------------
# CLIENT CONFIGURATION PAGE
#----------------------------------------------------------------
<page name="CREATE_OR_MODIFY_CLIENT_CONF_PAGE" pre-event="turn_off_buttons()" post-event="write_db_conf('client')">
<field type="literal" id="add_client_desc" value="">
<description>DESC_ADD_CLIENT_PAGE</description>
</field>
<subroutine src="print_section_bar()"/>
<subroutine src="print_conf_name_field()"/>
<field type="text" id="comment" validation="validate_description()">
<description>DESC_COMMENT</description>
<label>LABEL_COMMENT</label>
</field>
<field type="select" id="status" value="" options="'disabled' => 'DISABLED', 'enabled' => 'ENABLED'">
<description>DESC_STATUS</description>
<label>LABEL_STATUS</label>
</field>
<field type="select" id="auth" options="'TLS' => 'TLS', 'SharedKey' => 'SHARED_KEY'">
<description>DESC_AUTH</description>
<label>LABEL_AUTH</label>
</field>
<field type="select" id="hmac" options="get_digests_options()" value="get_current_hmac()">
<description>DESC_HMAC</description>
<label>LABEL_HMAC</label>
</field>
<field type="select" id="cipher" options="get_ciphers_options()" value="get_current_cipher()">
<description>DESC_CIPHER</description>
<label>LABEL_CIPHER</label>
</field>
<field type="text" id="remote_host" validation="is_hostname_or_ip()">
<description>DESC_REMOTE_HOST</description>
<label>LABEL_REMOTE_HOST</label>
</field>
<field type="text" id="port" validation="is_valid_port()">
<description>DESC_REMOTE_PORT</description>
<label>LABEL_REMOTE_PORT</label>
</field>
<field type="text" id="local_ip" validation="is_valid_vpn_ip()">
<description>DESC_LOCAL_IP</description>
<label>LABEL_LOCAL_IP</label>
</field>
<field type="text" id="remote_ip" validation="is_valid_vpn_ip()">
<description>DESC_REMOTE_IP</description>
<label>LABEL_REMOTE_IP</label>
</field>
<field type="select" id="SnatOutbound" value="" options="'disabled' => 'DISABLED', 'enabled' => 'ENABLED'">
<description>DESC_SNAT</description>
<label>LABEL_SNAT</label>
</field>
<field type="text" size="53" id="remote_net" validation="is_valid_net_or_empty()">
<description>DESC_REMOTE_NET</description>
<label>LABEL_REMOTE_NET</label>
</field>
<subroutine src="print_button('NEXT')"/>
</page>
#----------------------------------------------------------------
# SERVER CONFIGURATION PAGE
#----------------------------------------------------------------
<page name="CREATE_OR_MODIFY_SERVER_CONF_PAGE" pre-event="turn_off_buttons()" post-event="write_db_conf('server')">
<field type="literal" id="add_server" value="">
<description>DESC_ADD_SERVER_PAGE</description>
</field>
<subroutine src="print_section_bar()"/>
<subroutine src="print_conf_name_field()"/>
<field type="text" id="comment" validation="validate_description()">
<description>DESC_COMMENT</description>
<label>LABEL_COMMENT</label>
</field>
<field type="select" id="status" options="'disabled' => 'DISABLED', 'enabled' => 'ENABLED'">
<description>DESC_STATUS</description>
<label>LABEL_STATUS</label>
</field>
<field type="select" id="auth" options="'TLS' => 'TLS', 'SharedKey' => 'SHARED_KEY'">
<description>DESC_AUTH</description>
<label>LABEL_AUTH</label>
</field>
<field type="select" id="hmac" options="get_digests_options()" value="get_current_hmac()">
<description>DESC_HMAC</description>
<label>LABEL_HMAC</label>
</field>
<field type="select" id="cipher" options="get_ciphers_options()" value="get_current_cipher()">
<description>DESC_CIPHER</description>
<label>LABEL_CIPHER</label>
</field>
<field type="text" id="port" validation="is_valid_and_available_port()">
<description>DESC_LOCAL_PORT</description>
<label>LABEL_LOCAL_PORT</label>
</field>
<field type="text" id="local_ip" validation="is_valid_vpn_ip()">
<description>DESC_LOCAL_IP</description>
<label>LABEL_LOCAL_IP</label>
</field>
<field type="text" id="remote_ip" validation="is_valid_vpn_ip()">
<description>DESC_REMOTE_IP</description>
<label>LABEL_REMOTE_IP</label>
</field>
<field type="text" size="53" id="remote_net" validation="is_valid_net_or_empty()">
<description>DESC_REMOTE_NET</description>
<label>LABEL_REMOTE_NET</label>
</field>
<subroutine src="print_button('NEXT')"/>
</page>
<page name="CONFIG_CERT_PAGE" pre-event="print_status_message()" post-event="write_pem()">
<field type="literal" id="cert_conf" value="">
<description>DESC_CONFIGURE_CERT</description>
</field>
<subroutine src="print_cert_fields()"/>
<subroutine src="print_button('SAVE')"/>
</page>
<page name="REMOVE_CONF_PAGE" pre-event="turn_off_buttons()" post-event="remove_conf()">
<field type="literal" id="des_remove_conf">
<description>DESC_REMOVE_CONF</description>
</field>
<subroutine src="print_conf_to_remove()"/>
</page>
<page name="RELOAD_PAGE" pre-event="turn_off_buttons()" post-event="reload()">
<field type="literal" id="conf_name">
<description>DESC_RELOAD</description>
</field>
<subroutine src="print_button('NEXT')"/>
</page>
</form>

8
root/etc/logrotate.d/openvpn-s2s Normal file
View File

@ -0,0 +1,8 @@
/var/log/openvpn-s2s/*.log{
monthly
rotate 6
compress
copytruncate
missingok
}

46
root/etc/openvpn/s2s/bin/up Normal file
View File

@ -0,0 +1,46 @@
#!/bin/bash
#----------------------------------------------------------------------
# copyright (C) 2010 Firewall Services
# Daniel Berteaud <daniel@firewall-services.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#----------------------------------------------------------------------
# Support up to 20 remote networks (should be enough)
for N in $(seq 1 20); do
net="route_network_$N"
mask="route_netmask_$N"
if [ ! -z "${!net}" ]; then
db=$(/sbin/e-smith/db networks getprop ${!net} VPN)
if [ ! -z $db ]; then
# if the network already exists in the DB, just push the route
/sbin/route add -net ${!net} netmask ${!mask} gw $ifconfig_remote
else
/sbin/e-smith/db networks set ${!net} network Mask ${!mask} Router $ifconfig_remote VPN $vpnid Removable no
/sbin/e-smith/signal-event network-create ${!net}
fi
fi
done
# Check route for the VPN itself
db=$(/sbin/e-smith/db networks getprop $ifconfig_remote VPN)
if [ -z $db ]; then
/sbin/e-smith/db networks set $ifconfig_remote network Mask 255.255.255.255 VPN $vpnid Removable no
/sbin/e-smith/signal-event network-create $ifconfig_remote
fi

16
root/usr/lib/systemd/system/openvpn-s2s.service Normal file
View File

@ -0,0 +1,16 @@
[Unit]
Description=OpenVPN Server to Server
After=network.service
[Service]
Type=oneshot
RemainAfterExit=yes
GuessMainPID=no
ExecStart=/usr/sbin/systemd/openvpn-s2s start
ExecStop=/usr/sbin/systemd/openvpn-s2s stop
ExecReload=/usr/sbin/systemd/openvpn-s2s reopen
[Install]
WantedBy=sme-server.target

269
root/usr/sbin/systemd/openvpn-s2s Normal file
View File

@ -0,0 +1,269 @@
#!/bin/sh
#
# openvpn This shell script takes care of starting and stopping
# openvpn on RedHat or other chkconfig-based system.
#
# chkconfig: - 24 76
#
# processname: openvpn
# description: OpenVPN is a robust and highly flexible tunneling \
# application that uses all of the encryption, \
# authentication, and certification features of the OpenSSL \
# library to securely tunnel IP networks over a single UDP \
# port.
#
### BEGIN INIT INFO
# Provides: openvpn
# Required-Start: $network
# Required-Stop: $network
# Short-Description: start and stop openvpn
# Description: OpenVPN is a robust and highly flexible tunneling \
# application that uses all of the encryption, \
# authentication, and certification features of the OpenSSL \
# library to securely tunnel IP networks over a single UDP \
# port.
### END INIT INFO
# Contributed to the OpenVPN project by
# Douglas Keller <doug@voidstar.dyndns.org>
# 2002.05.15
# To install:
# copy this file to /etc/rc.d/init.d/openvpn
# shell> chkconfig --add openvpn
# shell> mkdir /etc/openvpn
# make .conf or .sh files in /etc/openvpn (see below)
# To uninstall:
# run: chkconfig --del openvpn
# Author's Notes:
#
# I have created an /etc/init.d init script and enhanced openvpn.spec to
# automatically register the init script. Once the RPM is installed you
# can start and stop OpenVPN with "service openvpn start" and "service
# openvpn stop".
#
# The init script does the following:
#
# - Starts an openvpn process for each .conf file it finds in
# /etc/openvpn.
#
# - If /etc/openvpn/xxx.sh exists for a xxx.conf file then it executes
# it before starting openvpn (useful for doing openvpn --mktun...).
#
# - In addition to start/stop you can do:
#
# service openvpn reload - SIGHUP
# service openvpn reopen - SIGUSR1
# service openvpn status - SIGUSR2
#
# Modifications:
#
# 2003.05.02
# * Changed == to = for sh compliance (Bishop Clark).
# * If condrestart|reload|reopen|status, check that we were
# actually started (James Yonan).
# * Added lock, piddir, and work variables (James Yonan).
# * If start is attempted twice, without an intervening stop, or
# if start is attempted when previous start was not properly
# shut down, then kill any previously started processes, before
# commencing new start operation (James Yonan).
# * Do a better job of flagging errors on start, and properly
# returning success or failure status to caller (James Yonan).
#
# 2005.04.04
# * Added openvpn-startup and openvpn-shutdown script calls
# (James Yonan).
#
# Location of openvpn binary
openvpn=""
openvpn_locations="/usr/sbin/openvpn /usr/local/sbin/openvpn"
for location in $openvpn_locations
do
if [ -f "$location" ]
then
openvpn=$location
fi
done
#ncp
ncp=" --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC "
# Lockfile
lock="/var/lock/subsys/openvpn-s2s"
# PID directory
piddir="/var/run/openvpn-s2s"
# Our working directory
work=/etc/openvpn/s2s
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
if [ ${NETWORKING} = "no" ]
then
echo "Networking is down"
exit 0
fi
# Check that binary exists
if ! [ -f $openvpn ]
then
echo "openvpn binary not found"
exit 0
fi
# See how we were called.
case "$1" in
start)
echo -n $"Starting openvpn-s2s: "
/sbin/modprobe tun >/dev/null 2>&1
# From a security perspective, I think it makes
# sense to remove this, and have users who need
# it explictly enable in their --up scripts or
# firewall setups.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Run startup script, if defined
if [ -f $work/openvpn-startup ]; then
$work/openvpn-startup
fi
if [ ! -d $piddir ]; then
mkdir $piddir
fi
if [ -f $lock ]; then
# we were not shut down correctly
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
if [ -s $pidf ]; then
kill `cat $pidf` >/dev/null 2>&1
fi
rm -f $pidf
done
rm -f $lock
sleep 2
fi
rm -f $piddir/*.pid
cd $work
# Start every .conf in $work and run .sh if exists
errors=0
successes=0
for c in `/bin/ls *.conf 2>/dev/null`; do
bn=${c%%.conf}
if [ -f "$bn.sh" ]; then
. ./$bn.sh
fi
rm -f $piddir/$bn.pid
# Handle backward compatibility, see Red Hat Bugzilla ID #458594
script_security=''
if [ -z "$( grep '^[[:space:]]*script-security[[:space:]]' $c )" ]; then
script_security="--script-security 2"
fi
$openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work $script_security
if [ $? = 0 ]; then
successes=1
else
errors=1
fi
done
if [ $errors = 1 ]; then
failure; echo
else
success; echo
fi
if [ $successes = 1 ]; then
touch $lock
fi
;;
stop)
echo -n $"Shutting down openvpn: "
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
if [ -s $pidf ]; then
kill `cat $pidf` >/dev/null 2>&1
fi
rm -f $pidf
done
# Run shutdown script, if defined
if [ -f $work/openvpn-shutdown ]; then
$work/openvpn-shutdown
fi
success; echo
rm -f $lock
;;
restart)
$0 stop
sleep 2
$0 start
;;
reload)
if [ -f $lock ]; then
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
if [ -s $pidf ]; then
kill -HUP `cat $pidf` >/dev/null 2>&1
fi
done
exit 0
else
echo "openvpn: service not started"
exit 1
fi
;;
reopen)
if [ -f $lock ]; then
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
if [ -s $pidf ]; then
kill -USR1 `cat $pidf` >/dev/null 2>&1
fi
done
exit 0
else
echo "openvpn: service not started"
exit 1
fi
;;
condrestart)
if [ -f $lock ]; then
$0 stop
# avoid race
sleep 2
$0 start
fi
;;
status)
if [ -f $lock ]; then
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
if [ -s $pidf ]; then
kill -USR2 `cat $pidf` >/dev/null 2>&1
fi
done
echo "Status written to /var/log/messages"
else
echo "openvpn: service not started"
exit 1
fi
;;
*)
echo "Usage: $0 {start|stop|restart|condrestart|reload|reopen|status}"
exit 1
;;
esac
exit 0

783
root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpns2s.pm Normal file
View File

@ -0,0 +1,783 @@
#!/usr/bin/perl
package esmith::FormMagick::Panel::openvpns2s;
# Imports
use strict;
use warnings;
use esmith::ConfigDB;
use esmith::NetworksDB;
use esmith::FormMagick;
use esmith::cgi;
use esmith::util;
use Net::IP;
use CGI::Carp qw ( fatalsToBrowser );
use File::Basename;
our @ISA = qw(esmith::FormMagick Exporter);
# TODO: update sub list
our @EXPORT = qw(
print_custom_button
print_section_bar
write_db_conf
update_ports
print_conf_table
print_conf_name_field
remove_conf
print_conf_to_remove
read_file
reload
);
our $pubdir = '/etc/openvpn/s2s/pub';
our $privdir = '/etc/openvpn/s2s/priv';
our $ovpn_db = esmith::ConfigDB->open('openvpn-s2s') || esmith::ConfigDB->create('openvpn-s2s');
our $conf_db = esmith::ConfigDB->open || die "Error opening configuration DB\n";
our $net_db = esmith::NetworksDB->open_ro || die "Error opening netwoks DB\n";
our $base_url = "?page=0&page_stack=&Next=Next&wherenext=";
*wherenext = \&CGI::FormMagick::wherenext;
sub new {
shift;
my $fm = esmith::FormMagick->new();
$fm->{calling_package} = (caller)[0];
bless $fm;
return $fm;
}
sub print_custom_button{
my ($fm,$desc,$url) = @_;
my $q = $fm->{cgi};
$url="openvpns2s?page=0&page_stack=&Next=Next&wherenext=".$url;
print " <tr>\n <td colspan='2'>\n";
print $q->p($q->a({href => $url, -class => "button-like"},$fm->localise($desc)));
print qq(</tr>\n);
return undef;
}
sub print_section_bar{
my ($fm) = @_;
print " <tr>\n <td colspan='2'>\n";
print "<hr class=\"sectionbar\"/>\n";
return undef;
}
sub write_db_conf{
my ($fm,$type) = @_;
my $q = $fm->{cgi};
my $conf = $q->param('conf_name');
if ($q->param('action') ne 'modify'){
if ($ovpn_db->get($conf)){
return $fm->error('CONF_CONFLICT','FIRST_PAGE');
}
my $msg = $fm->validate_conf_name($conf);
unless ($msg eq "OK"){
return $fm->error($msg,'FIRST_PAGE');
}
}
# Write DB values
$ovpn_db->new_record($conf, {type => $type});
if ($type eq 'client'){
$ovpn_db->set_prop($conf, 'RemoteHost', $q->param("remote_host"));
}
$ovpn_db->set_prop($conf, 'status', $q->param("status"));
$ovpn_db->set_prop($conf, 'Authentication', $q->param("auth"));
$ovpn_db->set_prop($conf, 'LocalIP', $q->param("local_ip"));
$ovpn_db->set_prop($conf, 'RemoteIP', $q->param("remote_ip"));
$ovpn_db->set_prop($conf, 'Port', $q->param("port"));
$ovpn_db->set_prop($conf, 'status', $q->param("status"));
$ovpn_db->set_prop($conf, 'Comment', $q->param("comment"));
$ovpn_db->set_prop($conf, 'RemoteNetworks', $q->param("remote_net"));
$ovpn_db->set_prop($conf, 'SnatOutbound', $q->param("SnatOutbound"));
if ($q->param("hmac") eq 'SHA1') {
my $tmpk = $ovpn_db->get($conf);
$tmpk->delete_prop('HMAC');
}
else {
$ovpn_db->set_prop($conf, 'HMAC' , $q->param("hmac"));
}
if ($q->param("cipher") eq 'BF-CBC') {
my $tmpk = $ovpn_db->get($conf);
$tmpk->delete_prop('Cipher');
}
else {
$ovpn_db->set_prop($conf, 'Cipher', $q->param("cipher"));
}
# Now, update the main configuration entry
update_ports();
$fm->success('SUCCESS','CONFIG_CERT_PAGE');
return undef;
}
sub write_pem{
my ($fm) = @_;
my $q = $fm->{cgi};
my $conf = $q->param('conf_name');
my $type = $ovpn_db->get_prop($conf, 'type') || 'server';
my $auth = $ovpn_db->get_prop($conf, 'Authentication') || 'TLS';
# Run validation routines
my $msg = $fm->is_url_or_empty( $q->param("crl_url"));
unless ($msg eq "OK"){
return $fm->error($msg,'CONFIG_CERT_PAGE');
}
my @pems = ();
if ($auth eq 'TLS'){
push @pems, qw/cacert_pem cert_pem key_pem/;
push @pems, 'dh_pem' if $type eq 'server';
}
else{
push @pems, 'shared_key' if $auth eq 'SharedKey';
}
foreach my $pem (@pems){
$msg = $fm->is_valid_key( $q->param("$pem") );
unless ($msg eq "OK"){
return $fm->error($msg,'CONFIG_CERT_PAGE');
}
}
# Untaint $conf
$conf =~ m/(.*)/;
$conf = $1;
if (! open (CA, ">$pubdir/$conf". "_cacert.pem")){
$fm->error('ERROR_OPEN_CA','FIRST_PAGE');
return;
}
print CA $q->param('cacert_pem');
close CA;
if (! open (CRT, ">$pubdir/$conf" . "_cert.pem")){
$fm->error('ERROR_OPEN_CRT','FIRST_PAGE');
return;
}
print CRT $q->param('cert_pem');
close CRT;
if (! open (KEY, ">$privdir/$conf" . "_key.pem")){
$fm->error('ERROR_OPEN_KEY','FIRST_PAGE');
return;
}
print KEY $q->param('key_pem');
close KEY;
chmod(0600, "$privdir/${conf}_key.pem" );
esmith::util::chownFile("root", "root","$privdir/${conf}_key.pem" );
if (! open (DH, ">$pubdir/$conf" . "_dh.pem")){
$fm->error('ERROR_OPEN_DH','FIRST_PAGE');
return;
}
print DH $q->param('dh_pem');
close DH;
if (! open (TA, ">$privdir/$conf" . "_sharedkey.pem")){
$fm->error('ERROR_OPEN_TA','FIRST_PAGE');
return;
}
print TA $q->param('shared_key');
close TA;
chmod(0600, "$privdir/${conf}_sharedkey.pem" );
esmith::util::chownFile("root", "root","$privdir/${conf}_sharedkey.pem" );
esmith::util::chownFile("root", "root", "$privdir");
esmith::util::chownFile("root", "root", "$pubdir");
chmod 0600, "$privdir";
chmod 0644, "$pubdir";
$ovpn_db->set_prop($conf, 'CrlUrl', $q->param("crl_url"));
unless ( system ("/sbin/e-smith/signal-event", "openvpn-s2s-update") == 0 ){
return $fm->error("ERROR_OCCURED", 'FIRST_PAGE');
}
$fm->success('SUCCESS','FIRST_PAGE');
return undef;
}
# Update ports used in the configuration DB
sub update_ports{
my @tcp_ports = ();
my @udp_ports = ();
foreach my $vpn ($ovpn_db->get_all_by_prop(type=>'server')){
my $port = $vpn->prop('Port') || next;
my $proto = ($vpn->prop('Protocol') || 'udp');
my $status = ($vpn->prop('status') || 'disabled');
if ( $proto eq 'udp' && $status eq 'enabled' ){
push @udp_ports, $port;
}
elsif ( $proto eq 'tcp' && $status eq 'enabled' ){
push @tcp_ports, $port;
}
}
$conf_db->set_prop('openvpn-s2s', 'UDPPorts', join(',',@udp_ports));
$conf_db->set_prop('openvpn-s2s', 'TCPPorts', join(',',@tcp_ports));
}
sub print_cert_fields{
my $fm = shift;
my $q = $fm->{cgi};
my $conf = $q->param('conf_name');
my $rec = $ovpn_db->get("$conf");
my $type = $rec->prop('type') || 'server';
my $auth = $rec->prop('Authentication') || 'TLS';
my $crlurl = $rec->prop('CrlUrl') || '';
# Untaint $conf
$conf =~ m/(.*)/;
$conf = $1;
if ($auth eq 'TLS'){
print esmith::cgi::genTextRow($q,$fm->localise('DESC_CRL_URL'));
print $q->Tr (
$q->td ({-class => "sme-noborders-label"},
$fm->localise('LABEL_CRL_URL')),"\n",
$q->td ({-class => "sme-noborders-content"},
$q->textfield (
-name => 'crl_url',
-override => 1,
-default => $crlurl,
-size => 62))),"\n";
print esmith::cgi::genTextRow($q,$fm->localise('DESC_CA_PEM'));
print $q->Tr (
$q->td ({-class => "sme-noborders-label"},
$fm->localise('LABEL_CA_PEM')),"\n",
$q->td ({-class => "sme-noborders-content"},
$q->textarea (
-name => 'cacert_pem',
-override => 1,
-default => read_file("$pubdir/$conf"."_cacert.pem"),
-rows => 15,
-columns => 70))),"\n";
print esmith::cgi::genTextRow($q,$fm->localise('DESC_CRT_PEM'));
print $q->Tr (
$q->td ({-class => "sme-noborders-label"},
$fm->localise('LABEL_CRT_PEM')),"\n",
$q->td ({-class => "sme-noborders-content"},
$q->textarea (
-name => 'cert_pem',
-override => 1,
-default => read_file("$pubdir/$conf"."_cert.pem"),
-rows => 15,
-columns => 70))),"\n";
print esmith::cgi::genTextRow($q,$fm->localise('DESC_KEY_PEM'));
print $q->Tr (
$q->td ({-class => "sme-noborders-label"},
$fm->localise('LABEL_KEY_PEM')),"\n",
$q->td ({-class => "sme-noborders-content"},
$q->textarea (
-name => 'key_pem',
-override => 1,
-default => read_file("$privdir/$conf"."_key.pem"),
-rows => 15,
-columns => 70))),"\n";
if ($type eq 'server'){
print esmith::cgi::genTextRow($q,$fm->localise('DESC_DH_PEM'));
print $q->Tr (
$q->td ({-class => "sme-noborders-label"},
$fm->localise('LABEL_DH_PEM')),"\n",
$q->td ({-class => "sme-noborders-content"},
$q->textarea (
-name => 'dh_pem',
-override => 1,
-default => read_file("$pubdir/$conf"."_dh.pem"),
-rows => 8,
-columns => 70))),"\n";
}
print esmith::cgi::genTextRow($q,$fm->localise('DESC_SHARED_KEY_TLS'));
}
else{
print esmith::cgi::genTextRow($q,$fm->localise('DESC_SHARED_KEY'));
}
print $q->Tr (
$q->td ({-class => "sme-noborders-label"},
$fm->localise('LABEL_SHARED_KEY')),"\n",
$q->td ({-class => "sme-noborders-content"},
$q->textarea (
-name => 'shared_key',
-override => 1,
-default => read_file("$privdir/$conf"."_sharedkey.pem"),
-rows => 5,
-columns => 70))),"\n";
return undef;
}
# Print clients or servers table
sub reload{
my ($fm) = @_;
my $q = $fm->{cgi};
my $conf = $q->param('conf_name');
#$conf = $conf=~ m/^([a-zA-Z\-\_0-9]+)$/;
unless (system ("/sbin/e-smith/signal-event", "openvpn-s2s-update-one", $conf) == 0 ){
$fm->error('ERROR_OCCURED1','FIRST_PAGE');
return undef;
}
$fm->success( $fm->localise('SUCCESS_RELOAD') . " $conf" ,'FIRST_PAGE');
return undef;
}
# Print clients or servers table
sub print_conf_table{
my $fm = shift;
my $type = shift;
my $q = $fm->{cgi};
my $conf_name = $fm->localise('CONF_NAME');
my $modify = $fm->localise('MODIFY');
my @conf = $ovpn_db->get_all_by_prop(type=>$type);
unless ( scalar @conf ){
print $q->Tr($q->td($fm->localise('NO_CONF')));
return "";
}
print $q->start_table({-CLASS => "sme-border"}),"\n";
print $q->Tr (
esmith::cgi::genSmallCell($q, $fm->localise('CONF_NAME'),"header"),
esmith::cgi::genSmallCell($q, $fm->localise('STATUS'),"header"),
esmith::cgi::genSmallCell($q, $fm->localise('CIPHER'),"header"),
esmith::cgi::genSmallCell($q, 'HMAC',"header"),
esmith::cgi::genSmallCell($q, $fm->localise('LABEL_AUTH'),"header"),
esmith::cgi::genSmallCell($q, $fm->localise('LINK'),"header"),
esmith::cgi::genSmallCell($q, $fm->localise('ACTION'),"header", 3),
),
"\n";
foreach my $config (@conf){
my $key = $config->key;
my $status = $config->prop('status') || 'enabled';
my $linkup = "<span style='color:red'>". $fm->localise('DOWN')."</span>" ;
use Net::Ping;
my $p = Net::Ping->new('icmp');
$linkup = "<span style='color:green'>". $fm->localise('UP') . "</span>" if (($status eq "enabled" ) && ( $p->ping($config->prop('RemoteIP'),1) ) );
$linkup = " " if ($status eq "disabled" );
if ($status eq 'enabled'){
$status = $fm->localise('ENABLED');
}
elsif ($status eq 'disabled'){
$status = $fm->localise('DISABLED');
}
my $cipher = $config->prop('Cipher') || 'BF-CBC';
$cipher = "<span style='color:red'>". $fm->localise('INSECURE'). " $cipher</span> " unless ($cipher =~ /(128|192|256|512|SEED)/ );
my $hmac = $config->prop('HMAC') || 'SHA1';
$hmac= "<span style='color:red'>". $fm->localise('INSECURE'). " $hmac</span> " unless ($hmac eq "whirlpool" || $hmac =~ /(512|256|384|224)$/);
my $authe = $config->prop('Authentication') || '';
print $q->Tr (esmith::cgi::genSmallCell($q,"$key"),
esmith::cgi::genSmallCell($q,"$status"),
esmith::cgi::genSmallCell($q,"$cipher"),
esmith::cgi::genSmallCell($q,"$hmac"),
esmith::cgi::genSmallCell($q,"$authe"),
esmith::cgi::genSmallCell($q,"$linkup"),
esmith::cgi::genSmallCell ($q, $q->a ({href => $q->url (-absolute => 1).
$base_url."RELOAD_PAGE&action=reload&conf_name=".
$key}, $fm->localise('RELOAD'))),
esmith::cgi::genSmallCell ($q, $q->a ({href => $q->url (-absolute => 1).
$base_url."CREATE_OR_MODIFY_".uc($type)."_CONF_PAGE&action=modify&conf_name=".
$key}, $fm->localise('MODIFY'))),
esmith::cgi::genSmallCell ($q, $q->a ({href => $q->url (-absolute => 1).
$base_url."REMOVE_CONF_PAGE&conf_name=".
$key}, $fm->localise('REMOVE'))));
}
print $q->end_table,"\n";
return "";
}
# Print conf_name field
sub print_conf_name_field{
my $fm = shift;
my $q = $fm->{cgi};
my $name = $q->param('conf_name') || '';
my $action = $q->param('action') || '';
print qq(<tr><td colspan="2">) . $fm->localise('DESC_CONF_NAME').qq(</td></tr>);
print qq(<tr><td class="sme-noborders-label">) .
$fm->localise('CONF_NAME') . qq(</td>\n);
if ($action eq 'modify' and $name) {
print qq(
<td class="sme-noborders-content">$name
<input type="hidden" name="name" value="$name">
<input type="hidden" name="action" value="modify">
</td>
);
# If action is modify, we need to read the DB
# And set CGI parameters
my $rec = $ovpn_db->get($name);
if ($rec){
if ($rec->prop('type') eq 'client'){
$q->param(-name=>'remote_host',-value=>
$rec->prop('RemoteHost'));
}
$q->param(-name=>'auth',-value=>
$rec->prop('Authentication'));
$q->param(-name=>'local_ip',-value=>
$rec->prop('LocalIP'));
$q->param(-name=>'remote_ip',-value=>
$rec->prop('RemoteIP'));
$q->param(-name=>'port',-value=>
$rec->prop('Port'));
$q->param(-name=>'comment',-value=>
$rec->prop('Comment'));
$q->param(-name=>'status',-value=>
$rec->prop('status'));
$q->param(-name=>'remote_net',-value=>
$rec->prop('RemoteNetworks'));
$q->param(-name=>'hmac',-value=>
get_current_hmac($fm));
$q->param(-name=>'cipher',-value=>
get_current_cipher($fm));
$q->param(-name=>'SnatOutbound',-value=>
$rec->prop('SnatOutbound'));
}
}
else {
print qq(
<td><input type="text" name="conf_name" value="$name">
<input type="hidden" name="action" value="create">
</td>
);
$q->param(-name=>'status',-value=>
'enabled')
}
print qq(</tr>\n);
return undef;
}
sub remove_conf{
my ($fm) = @_;
my $q = $fm->{cgi};
my $conf = $q->param('conf_name');
unless($q->param("cancel")){
unless ($ovpn_db->get($conf)->delete()){
$fm->error('ERROR_OCCURED','FIRST_PAGE');
return undef;
}
unless (system ("/sbin/e-smith/signal-event", "openvpn-s2s-update") == 0 ){
$fm->error('ERROR_OCCURED','FIRST_PAGE');
return undef;
}
update_ports();
$fm->success('SUCCESS','FIRST_PAGE');
return undef;
}
$fm->error('CANCELED','FIRST_PAGE');
return undef;
}
sub print_conf_to_remove{
my ($fm) = @_;
my $q = $fm->{cgi};
my $conf = $q->param('conf_name');
my $rec = $ovpn_db->get($conf);
my $comment = $rec->prop('Comment') || '';
print $q->Tr(
$q->td(
{ -class => 'sme-noborders-label' },
$fm->localise('CONF_NAME')
),
$q->td( { -class => 'sme-noborders-content' }, $conf )
),
"\n";
print $q->Tr(
$q->td(
{ -class => 'sme-noborders-label' },
$fm->localise('COMMENT')
),
$q->td( { -class => 'sme-noborders-content' }, $comment )
),
"\n";
print $q->table(
{ -width => '100%' },
$q->Tr(
$q->th(
{ -class => 'sme-layout' },
$q->submit(
-name => 'cancel',
-value => $fm->localise('CANCEL')
),
' ',
$q->submit(
-name => 'remove',
-value => $fm->localise('REMOVE')
)
)
)
),
"\n";
# Clear these values to prevent collisions when the page reloads.
$q->delete("cancel");
$q->delete("remove");
return undef;
}
sub read_file{
my $file = shift;
my $ret = '';
if (open (PEM, "<$file")){
$ret .= $_ while (<PEM>);
close PEM;
}
return $ret;
}
# Validation routines
sub is_valid_key{
my ($fm, $string) = @_;
my $ret = 'OK';
# Just check if the string is empty
$ret = $fm->localise('INVALID_SHARED_KEY') if ($string eq '');
return $ret;
}
sub is_url_or_empty{
my ($fm, $url) = @_;
my $ret = 'OK';
if (defined $url && ($url !~ /^(http:\/\/)|(https:\/\/)/) && ($url ne '')){
$ret = $fm->localise('NOT_A_VALID_URL',{string => $url});
}
return $ret;
}
sub is_valid_net_or_empty{
my ($fm, $nets) = @_;
my $ret = 'OK';
my $conf = $fm->{cgi}->param('conf_name') || '';
foreach my $net (split (/[;,]/, $nets)){
$ret = $fm->localise('INVALID_NET') unless $net =~ m/([\d\.]+)\/([\d\.]+)/;
my $netaddr = $1;
my $mask = $2;
$ret = $fm->localise('NET_IS_LOCAL') if
($net_db->get("$netaddr") &&
($net_db->get("$netaddr")->prop('VPN') || '') ne $conf);
$ret = $fm->localise('INVALID_NET') unless
(CGI::FormMagick::Validator::ip_number($fm,$netaddr) eq 'OK' &&
CGI::FormMagick::Validator::ip_number($fm,$mask) eq 'OK');
}
return $ret;
}
sub is_hostname_or_ip{
my ($fm,$host) = @_;
return "OK" if ( CGI::FormMagick::Validator::ip_number( $fm, $host ) eq "OK" );
return "OK" if ( $host =~ m/^([a-zA-Z0-9][\_\.\-a-zA-Z0-9]*)$/);
return $fm->localise('NOT_A_VALID_HOSTNAME_OR_IP');
}
sub validate_conf_name{
my ($fm, $conf_name) = @_;
unless ($conf_name =~ /^([a-zA-Z0-9][\_\.\-a-zA-Z0-9]{0,9})$/){
return $fm->localise('INVALID_CHARS',{string => $conf_name});
}
return "OK";
}
sub is_valid_port{
my ($fm, $port) = @_;
my $ret = $fm->localise('NOT_A_VALID_PORT',{string => $port});
if (($port =~ /^\d+$/) &&
($port > 0) &&
($port < 65536)){
$ret = "OK";
}
return $ret;
}
sub is_valid_vpn_ip{
my ($fm,$ip) = @_;
my $ret = 'OK';
my $conf = $fm->{cgi}->param('conf_name') || '';
# Check it's a valid IP number
return $fm->localise('NOT_A_VALID_IP_NUMBER') unless
( CGI::FormMagick::Validator::ip_number( $fm, $ip ) eq "OK" );
# Check it's not already used by another daemon
foreach my $vpn ($ovpn_db->get_all_by_prop(type=>'client'),
$ovpn_db->get_all_by_prop(type=>'server')){
next if ($vpn->key eq $conf);
$ret = $fm->localise('IP_ALREADY_IN_USED')
if ((($vpn->prop('LocalIP') || '') eq $ip) ||
(($vpn->prop('RemoteIP') || '') eq $ip));
}
# 127 is a reserved network
return $fm->localise('RESERVED_NET') if ($ip =~ m/^127\./);
# Check if it's not part of a local network
foreach my $net ($net_db->networks){
# Skip VPN networks
next if (($net->prop('VPN') || '') ne '');
my $mask = $net->prop('Mask');
$net = $net->key . '/' . $mask;
$ret = $fm->localise('IP_IN_LOCAL_NET') if (eval{Net::IPv4Addr::ipv4_in_network($net,$ip)});
}
return $ret;
}
sub is_valid_and_available_port{
my ($fm, $port) = @_;
my $ret = is_valid_port($fm,$port);
my $conf = $fm->{cgi}->param('conf_name');
my $oldport = $ovpn_db->get_prop($conf,'Port') || '';
# If the port is valid
# Check if it's not used by another service
if ($ret eq 'OK'){
my @used = ();
foreach my $srv ($conf_db->get_all_by_prop(type=>'service')){
push @used, $srv->prop('UDPPort') if $srv->prop('UDPPort');
push @used, $srv->prop('TCPPort') if $srv->prop('TCPPort');
push @used, split( /[;,]/, $srv->prop('UDPPorts')) if $srv->prop('UDPPorts');
push @used, split( /[;,]/, $srv->prop('TCPPorts')) if $srv->prop('TCPPorts');
}
# Remove the old port number from the list
# So it won't be marked as already used
# if we just modify an existing VPN server
foreach my $i (0..$#used){
splice(@used,$i,1) if ($used[$i] eq $oldport);
}
$ret = $fm->localise('PORT_ALREAY_USED',{string => $port})
if (grep { $_ eq $port } @used);
}
return $ret;
}
###### those are copy paste for bridge and s2s
#
=head2 get_current_hmac
=cut
sub get_current_hmac{
my ($self) = @_;
my $name = $self->cgi->param('conf_name') or return "SHA256";
my $cvpn= $ovpn_db->get($name);
return "SHA1" unless defined $cvpn->prop('HMAC');
return $cvpn->prop('HMAC') ;
}
=head2 get_digests_options
=cut
sub get_digests_options{
my ($self) = @_;
my $translate = $self->localise('DEFAULT');
my $suggested = $self->localise('SUGGESTED');
my %options= (
'whirlpool' => 'whirlpool (512)',
'SHA512' => 'SHA512',
'SHA384' => 'SHA384',
'SHA256' => 'SHA256' . ": $suggested",
'SHA224' => 'SHA224',
'SHA1' => 'SHA1 (160)' . ": $translate",
'SHA' => 'SHA (160)',
'ecdsa-with-SHA1' => 'ecdsa-with-SHA1 (160)',
'RIPEMD160' => 'RIPEMD160',
'MD5' => 'MD5 (128)',
'MD4' => 'MD4 (128)',
);
return \%options;
}
=head2 get_current_cipher
list obtained using
openvpn --show-digests | egrep 'digest size' | awk {'print "'\''" $1 "'\'' => '\''" $1 "'\''," '}
=cut
sub get_current_cipher{
my ($self) = @_;
my $name = $self->cgi->param('conf_name') or return "AES-128-CBC";
my $cvpn= $ovpn_db->get($name);
return "BF-CBC" unless defined $cvpn->prop('Cipher');
return $cvpn->prop('Cipher') ;
}
=head2 get_ciphers_options
list obtained using
openvpn --show-ciphers | egrep '^[A-Z]{2}' | sed 's/ by//; s/ default//; s/block,/block/; s/)// ' | awk {'print " '\''" $1 "'\'' => '\''" $1 $2 " " $4 " " $5 " " $7")'\''," '}
then reduced to remove most of insecure ciphers
Using a CBC or GCM mode is recommended.
In static key mode only CBC mode is allowed.
=cut
sub get_ciphers_options{
my ($self) = @_;
my $translate = $self->localise('DEFAULT');
my $suggested = $self->localise('SUGGESTED');
my %options= (
'AES-128-CBC' => 'AES-128-CBC (128 key, 128 block)'.": $suggested",
'AES-128-CFB' => 'AES-128-CFB (128 key, 128 block)',
'AES-128-CFB1' => 'AES-128-CFB1 (128 key, 128 block)',
'AES-128-CFB8' => 'AES-128-CFB8 (128 key, 128 block)',
'AES-128-GCM' => 'AES-128-GCM (128 key, 128 block)',
'AES-128-OFB' => 'AES-128-OFB (128 key, 128 block)',
'AES-192-CBC' => 'AES-192-CBC (192 key, 128 block)',
'AES-192-CFB' => 'AES-192-CFB (192 key, 128 block)',
'AES-192-CFB1' => 'AES-192-CFB1 (192 key, 128 block)',
'AES-192-CFB8' => 'AES-192-CFB8 (192 key, 128 block)',
'AES-192-GCM' => 'AES-192-GCM (192 key, 128 block)',
'AES-192-OFB' => 'AES-192-OFB (192 key, 128 block)',
'AES-256-CBC' => 'AES-256-CBC (256 key, 128 block)',
'AES-256-CFB' => 'AES-256-CFB (256 key, 128 block)',
'AES-256-CFB1' => 'AES-256-CFB1 (256 key, 128 block)',
'AES-256-CFB8' => 'AES-256-CFB8 (256 key, 128 block)',
'AES-256-GCM' => 'AES-256-GCM (256 key, 128 block)',
'AES-256-OFB' => 'AES-256-OFB (256 key, 128 block)',
'CAMELLIA-128-CBC' => 'CAMELLIA-128-CBC (128 key, 128 block)',
'CAMELLIA-128-CFB' => 'CAMELLIA-128-CFB (128 key, 128 block)',
'CAMELLIA-128-CFB1' => 'CAMELLIA-128-CFB1 (128 key, 128 block)',
'CAMELLIA-128-CFB8' => 'CAMELLIA-128-CFB8 (128 key, 128 block)',
'CAMELLIA-128-OFB' => 'CAMELLIA-128-OFB (128 key, 128 block)',
'CAMELLIA-192-CBC' => 'CAMELLIA-192-CBC (192 key, 128 block)',
'CAMELLIA-192-CFB' => 'CAMELLIA-192-CFB (192 key, 128 block)',
'CAMELLIA-192-CFB1' => 'CAMELLIA-192-CFB1 (192 key, 128 block)',
'CAMELLIA-192-CFB8' => 'CAMELLIA-192-CFB8 (192 key, 128 block)',
'CAMELLIA-192-OFB' => 'CAMELLIA-192-OFB (192 key, 128 block)',
'CAMELLIA-256-CBC' => 'CAMELLIA-256-CBC (256 key, 128 block)',
'CAMELLIA-256-CFB' => 'CAMELLIA-256-CFB (256 key, 128 block)',
'CAMELLIA-256-CFB1' => 'CAMELLIA-256-CFB1 (256 key, 128 block)',
'CAMELLIA-256-CFB8' => 'CAMELLIA-256-CFB8 (256 key, 128 block)',
'CAMELLIA-256-OFB' => 'CAMELLIA-256-OFB (256 key, 128 block)',
'SEED-CBC' => 'SEED-CBC (128 key, 128 block)',
'SEED-CFB' => 'SEED-CFB (128 key, 128 block)',
'SEED-OFB' => 'SEED-OFB (128 key, 128 block)',
'BF-CBC' => 'BF-CBC(128 key, 64 block)'. ": $translate ",
);
return \%options;
}
1;

215
smeserver-openvpn-s2s.spec Normal file
View File

@ -0,0 +1,215 @@
# $Id: smeserver-openvpn-s2s.spec,v 1.13 2024/09/06 01:30:08 terryfage Exp $
# Authority: vip-ire
# Name: Daniel Berteaud
Summary: OpenVPN, a strong VPN solution built over SSL, for site to site tunnels
%define name smeserver-openvpn-s2s
Name: %{name}
%define version 0.2
%define release 21
Version: %{version}
Release: %{release}%{?dist}
License: GPL
Group: Networking/Remote access
Source: %{name}-%{version}.tar.xz
BuildArchitectures: noarch
BuildRequires: e-smith-devtools
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
Requires: e-smith-base
Requires: openvpn >= 2.1
%description
This package contains all the needed scripts and templates
to run openvpn in client or server mode for site to site tunnels
%changelog
* Sat Sep 07 2024 cvs2git.sh aka Brian Read <brianr@koozali.org> 0.2-21.sme
- Roll up patches and move to git repo [SME: 12338]
* Sat Sep 07 2024 BogusDateBot
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
by assuming the date is correct and changing the weekday.
* Fri Sep 06 2024 Terry Fage <terry@fage.id.au> 0.2-20.sme
- apply locale 2024-09-06.patch
* Tue Nov 29 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.2-19.sme
- log in locale time [SME: 12244]
* Fri Nov 18 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.2-18.sme
- improve panel display [SME: 12224]
* Sat Jul 30 2022 Brian Read <brianr@bjsystems.co.uk> 0.2-17.sme
- Re-build and link to latest devtools [SME: 11997]
* Sat Jul 23 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.2-16.sme
- add to core backup [SME: 12019]
* Wed Sep 08 2021 Terry Fage <terry.fage@gmail.com> 0.2-14.sme
- apply locale 2021-09-08 patch
* Mon Aug 23 2021 Terry Fage <terry.fage@gmail.com> 0.2-14.sme
- apply locale 2021-08-23 patch
* Thu Apr 01 2021 Jean-Philippe Pialasse <tests@pialasse.com> 0.2-13.sme
- Re-build and link to latest devtools permission on log dir [SME: 11516]
* Wed Mar 31 2021 Jean-Philippe Pialasse <tests@pialasse.com> 0.2-12.sme
- Re-build and link to latest devtools typos [SME: 11498]
* Tue Mar 30 2021 Jean-Philippe Pialasse <tests@pialasse.com> 0.2-11.sme
- enforce better cipher with settings [SME: 11498]
- enforce better HMAC with setting [SME: 11498]
- enforce TLS 1.2 or better with setting [SME: 11498]
- enforce strong TLS ciphers with setting [SME: 11498]
- better list of vpn connections [SME: 11337]
- allow soft reload of individual connection [SME: 11337]
- Re-build and link to latest devtools incorect permission on private keys [SME: 11337]
* Thu Feb 04 2021 Brian Read <brianr@bjsystems.co.uk> 0.2-9.sme
- Initial import to SME10 [SME: 11337]
- Alter-for-systemd-startup
* Sat Dec 02 2017 SME Translation Server <translations@contribs.org> 0.2-8.sme
- apply locale 2017-12-02 patch
* Wed Oct 25 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2-7.sme
- Fix daemon ID validation [SME: 10446]
* Mon Feb 8 2016 Daniel Berteaud <daniel@firewall-services.com> 0.2-6.sme
- Create /etc/openvpn/s2s/dev/urandom [SME: 9238]
* Wed Jul 1 2015 stephane de Labrusse <stephdl@de-labrusse.fr> 0.2-5.sme
- Apply smeserver-openvpn-s2s-0.2-locale-2015-07-01.patch [SME: 8967]
* Tue Feb 17 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2-4.sme
- Apply locale 2015-02-17 patch
* Thu Dec 18 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2-3.sme
- Create required (but unused) /etc/openvpn/s2s/tmp dir
* Thu Nov 14 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2-2.sme
- Use verify-x509-name instead of tls-remote
* Mon Nov 11 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2-1.sme
- Rebuild for SME9
* Sun Jul 14 2013 JP Pialasse <tests@pialasse.com> 0.1-22.sme
- apply locale 2013-07-14 patch
* Thu Oct 13 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-21.sme
- Apply locale 2011-10-13 patch
* Thu Jun 2 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-20.sme
- Fix remote host description
* Wed Jun 1 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-19.sme
- SNAT outbound connexions to use the local IP as source
* Tue Apr 19 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-18.sme
- Reduce inactivity timeout
* Sun Mar 06 2011 SME Translation Server <translations@contribs.org> 0.1-17.sme
- apply locale 2011-03-06 patch
* Tue Jan 25 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-16.sme
- Stop disabling service on rpm removal (spec change only)
* Tue Dec 7 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-15.sme
- Remove useless smb.conf template
* Tue Dec 7 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-14.sme
- Fix type variable (thks M. Doerner)
* Mon Nov 8 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-13.sme
- Apply locale 2010-11-08 patch
* Thu Nov 4 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-12.sme
- Apply locale 2010-11-04 patch
* Tue Nov 02 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-11.sme
- Remove the nice directive
* Mon Oct 18 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-10.sme
- Expand smb.conf and restart samba services
* Mon Oct 18 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-9.sme
- Fix typo in up script
* Mon Oct 18 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-8.sme
- Various enhancement in templates
- Set wget timeout
- Fix crontab templates
* Sun Oct 17 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-7.sme
- Implement CRL updates and verification
- Fix masq template
* Sun Oct 17 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-6.sme
- Set VPN networks non removable
* Sun Oct 17 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-5.sme
- Rename logrotate configuration file
- Add missingok to logrotate conf
- Support per configuration customization
- Add TLS auth support
* Mon Oct 4 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-4.sme
- Fix adding routes in up script
- Log drop trafic
- Fix multiple net validation
* Mon Oct 4 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-3.sme
- allow one-way VPN with AllowInbound prop
* Mon Oct 4 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-3.sme
- Various fixes
* Mon Oct 4 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-1.sme
- initiale release (based on work from Florian Dejan)
%prep
%setup -q -n %{name}-%{version}
%build
perl createlinks
%{__mkdir_p} root/etc/openvpn/s2s/priv
%{__mkdir_p} root/etc/openvpn/s2s/pub
%{__mkdir_p} root/etc/openvpn/s2s/tmp
%{__mkdir_p} root/etc/openvpn/s2s/dev
%{__mkdir_p} root/etc/openvpn/s2s/etc
%{__mkdir_p} root/var/run/openvpn-s2s
%{__mkdir_p} root/var/log/openvpn-s2s
%install
/bin/rm -rf $RPM_BUILD_ROOT
(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
/bin/chmod +x $RPM_BUILD_ROOT/usr/sbin/systemd/openvpn-s2s
/bin/rm -f %{name}-%{version}-filelist
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
--dir /etc/openvpn/s2s/pub 'attr(0755,root,root)' \
--dir /etc/openvpn/s2s/priv 'attr(0750,root,root)' \
--dir /etc/openvpn/s2s/tmp 'attr(0750,root,root)' \
--dir /etc/openvpn/s2s/etc 'attr(0750,root,root)' \
--dir /var/log/openvpn-s2s 'attr(0770,root,root)' \
--file /etc/openvpn/s2s/bin/up 'attr(4750,root,openvpn)' \
> %{name}-%{version}-filelist
%files -f %{name}-%{version}-filelist
%defattr(-,root,root)
%clean
rm -rf $RPM_BUILD_ROOT
%post
if [ \! -c /etc/openvpn/s2s/dev/urandom ]; then
mknod -m 0444 /etc/openvpn/s2s/dev/urandom c 1 9
fi
#chown root:root /var/log/openvpn-s2s
%preun