smecontribs/smeserver-openvpn-s2s
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit of file from CVS for smeserver-openvpn-s2s on Sat Sep 7 19:57:57 AEST 2024

Browse Source
This commit is contained in:
Trevor Batley
2024-09-07 19:57:57 +10:00
parent 8855fbff54
commit 59fbb967a2
61 changed files with 10315 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

314
root/etc/e-smith/locale/sl/etc/e-smith/web/functions/openvpns2s Normal file
View File

@@ -0,0 +1,314 @@
<lexicon lang="sl">
<entry>
<base>FORM_TITLE</base>
<trans>Site to Site OpenVPN Configuration</trans>
</entry>
<entry>
<base>DESC_MAIN_PAGE</base>
<trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
</entry>
<entry>
<base>LABEL_CLIENTS</base>
<trans>List of clients daemon</trans>
</entry>
<entry>
<base>ADD_CLIENT</base>
<trans>Add a new client</trans>
</entry>
<entry>
<base>LABEL_SERVERS</base>
<trans>List of servers daemon</trans>
</entry>
<entry>
<base>ADD_SERVER</base>
<trans>Add a new server</trans>
</entry>
<entry>
<base>DESC_ADD_CLIENT_PAGE</base>
<trans>This page lets you configure a new daemon acting as a client</trans>
</entry>
<entry>
<base>DESC_COMMENT</base>
<trans>Enter a description for this daemon</trans>
</entry>
<entry>
<base>LABEL_COMMENT</base>
<trans>Opis</trans>
</entry>
<entry>
<base>DESC_STATUS</base>
<trans>Enable or disable this daemon</trans>
</entry>
<entry>
<base>LABEL_STATUS</base>
<trans>Status</trans>
</entry>
<entry>
<base>DESC_AUTH</base>
<trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
</entry>
<entry>
<base>LABEL_AUTH</base>
<trans>Authentication mechanism</trans>
</entry>
<entry>
<base>SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>TLS</base>
<trans>TLS</trans>
</entry>
<entry>
<base>DESC_CONFIGURE_CERT</base>
<trans>This page lets you configure the authentication of this daemon</trans>
</entry>
<entry>
<base>DESC_CRL_URL</base>
<trans>You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use the CRL verification , just let this field emtpy.</trans>
</entry>
<entry>
<base>LABEL_CRL_URL</base>
<trans>CRL update URL</trans>
</entry>
<entry>
<base>DESC_CA_PEM</base>
<trans>Enter the authoritative certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CA_PEM</base>
<trans>Authoritative certificate</trans>
</entry>
<entry>
<base>DESC_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>LABEL_CRT_PEM</base>
<trans>Enter the certificate in pem format</trans>
</entry>
<entry>
<base>DESC_REMOTE_HOST</base>
<trans>Enter the hostname or IP address of the remote host</trans>
</entry>
<entry>
<base>DESC_KEY_PEM</base>
<trans>Enter the private key in pem format</trans>
</entry>
<entry>
<base>LABEL_KEY_PEM</base>
<trans>Private key</trans>
</entry>
<entry>
<base>DESC_DH_PEM</base>
<trans>Enter Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_DH_PEM</base>
<trans>Diffie-Hellman parameters</trans>
</entry>
<entry>
<base>LABEL_REMOTE_HOST</base>
<trans>Remote host</trans>
</entry>
<entry>
<base>DESC_REMOTE_PORT</base>
<trans>Enter the port the remote server uses</trans>
</entry>
<entry>
<base>LABEL_REMOTE_PORT</base>
<trans>Remote port</trans>
</entry>
<entry>
<base>DESC_LOCAL_IP</base>
<trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
</entry>
<entry>
<base>LABEL_LOCAL_IP</base>
<trans>Local virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_IP</base>
<trans>Enter here the IP used by the tunnel on the remote host.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_IP</base>
<trans>Remote virtual IP</trans>
</entry>
<entry>
<base>DESC_REMOTE_NET</base>
<trans>Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0. You can enter multiple networks separated with a comma. Up to 20 networks are supported. Communication with these networks will be tunnelled through the VPN.</trans>
</entry>
<entry>
<base>LABEL_REMOTE_NET</base>
<trans>Remote networks</trans>
</entry>
<entry>
<base>DESC_SHARED_KEY</base>
<trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
</entry>
<entry>
<base>DESC_SHARED_KEY_TLS</base>
<trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
</entry>
<entry>
<base>LABEL_SHARED_KEY</base>
<trans>Shared key</trans>
</entry>
<entry>
<base>DESC_ADD_SERVER_PAGE</base>
<trans>This page lets you configure a new daemon acting as a server</trans>
</entry>
<entry>
<base>DESC_LOCAL_PORT</base>
<trans>Enter the local port this daemon will bind to. You need to choose a free port (not already used by another server, or any other service)</trans>
</entry>
<entry>
<base>LABEL_LOCAL_PORT</base>
<trans>Local port</trans>
</entry>
<entry>
<base>DESC_REMOVE_CONF</base>
<trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
</entry>
<entry>
<base>CONF_CONFLICT</base>
<trans>Another daemon already use this name</trans>
</entry>
<entry>
<base>ERROR_OPENING_KEY_FILE</base>
<trans>An error occured opening the secret key file</trans>
</entry>
<entry>
<base>CONF_NAME</base>
<trans>Daemon ID</trans>
</entry>
<entry>
<base>NO_CONF</base>
<trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
</entry>
<entry>
<base>MODIFY</base>
<trans>modify</trans>
</entry>
<entry>
<base>STATUS</base>
<trans>status</trans>
</entry>
<entry>
<base>REMOVE</base>
<trans>remove</trans>
</entry>
<entry>
<base>DESC_CONF_NAME</base>
<trans>Enter a unique identifier for this configuration. This field should contain only lower-case letters, numbers, periods, hyphens and underscores, and should start with a lower-case letter.</trans>
</entry>
<entry>
<base>INVALID_SHARED_KEY</base>
<trans>Invalid data, please check all the fileds again</trans>
</entry>
<entry>
<base>INVALID_NET</base>
<trans>This is not a valid list of networks</trans>
</entry>
<entry>
<base>NET_IS_LOCAL</base>
<trans>One of this network is already in your local networks</trans>
</entry>
<entry>
<base>INVALID_CHARS</base>
<trans>{$string} contains invalid characters</trans>
</entry>
<entry>
<base>NOT_A_VALID_PORT</base>
<trans>This is not a valid port number</trans>
</entry>
<entry>
<base>PORT_ALREAY_USED</base>
<trans>This port number is already used by another service</trans>
</entry>
<entry>
<base>NOT_A_VALID_IP_NUMBER</base>
<trans>This is not a valid IP address in the form x.x.x.x</trans>
</entry>
<entry>
<base>IP_ALREADY_IN_USED</base>
<trans>This IP address is already used</trans>
</entry>
<entry>
<base>RESERVED_NET</base>
<trans>You can't use an IP in this network because it's reserved</trans>
</entry>
<entry>
<base>IP_IN_LOCAL_NET</base>
<trans>This IP address is part of one of your local networks</trans>
</entry>
<entry>
<base>INSECURE</base>
<trans>Insecure parameter</trans>
</entry>
<entry>
<base>SUGGESTED</base>
<trans>Trenutna vrednost</trans>
</entry>
<entry>
<base>DEFAULT</base>
<trans>Privzeto</trans>
</entry>
<entry>
<base>DOWN</base>
<trans>Prenesi LOG datoteko</trans>
</entry>
<entry>
<base>UP</base>
<trans>Up</trans>
</entry>
<entry>
<base>SUCCESS_RELOAD</base>
<trans>VPN connection reloaded with success</trans>
</entry>
<entry>
<base>DESC_RELOAD</base>
<trans>Do you really want to reload this vpn connection?</trans>
</entry>
<entry>
<base>RELOAD</base>
<trans>Naloži</trans>
</entry>
<entry>
<base>DESC_HMAC</base>
<trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
</entry>
<entry>
<base>LABEL_HMAC</base>
<trans>HMAC algorithm</trans>
</entry>
<entry>
<base>DESC_CIPHER</base>
<trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
</entry>
<entry>
<base>LABEL_CIPHER</base>
<trans>Cipher encryption algorithm</trans>
</entry>
<entry>
<base>DESC_SNAT</base>
<trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
</entry>
<entry>
<base>LABEL_SNAT</base>
<trans>SNAT Outbound</trans>
</entry>
<entry>
<base>CIPHER</base>
<trans>Cipher</trans>
</entry>
<entry>
<base>LINK</base>
<trans>Status</trans>
</entry>
</lexicon>