85 |
</entry> |
</entry> |
86 |
+ |
+ |
87 |
+ <entry> |
+ <entry> |
88 |
+ <base>UNSECURE</base> |
+ <base>INSECURE</base> |
89 |
+ <trans>Unsecure parameter</trans> |
+ <trans>Insecure parameter</trans> |
90 |
+ </entry> |
+ </entry> |
91 |
+ <entry> |
+ <entry> |
92 |
+ <base>SUGGESTED</base> |
+ <base>SUGGESTED</base> |
394 |
+ } |
+ } |
395 |
+ if ($q->param("cipher") eq 'BF-CBC') { |
+ if ($q->param("cipher") eq 'BF-CBC') { |
396 |
+ my $tmpk = $ovpn_db->get($conf); |
+ my $tmpk = $ovpn_db->get($conf); |
397 |
+ $tmpk->delete_prop('cipher'); |
+ $tmpk->delete_prop('Cipher'); |
398 |
+ } |
+ } |
399 |
+ else { |
+ else { |
400 |
+ $ovpn_db->set_prop($conf, 'cipher', $q->param("cipher")); |
+ $ovpn_db->set_prop($conf, 'Cipher', $q->param("cipher")); |
401 |
+ } |
+ } |
402 |
|
|
403 |
# Now, update the main configuration entry |
# Now, update the main configuration entry |
475 |
elsif ($status eq 'disabled'){ |
elsif ($status eq 'disabled'){ |
476 |
$status = $fm->localise('DISABLED'); |
$status = $fm->localise('DISABLED'); |
477 |
} |
} |
478 |
+ my $cipher = $config->prop('cipher') || 'BF-CBC'; |
+ my $cipher = $config->prop('Cipher') || 'BF-CBC'; |
479 |
+ $cipher = "<span style='color:red'>". $fm->localise('UNSECURE'). " $cipher</span> " unless ($cipher =~ /(128|192|256|512|SEED)/ ); |
+ $cipher = "<span style='color:red'>". $fm->localise('INSECURE'). " $cipher</span> " unless ($cipher =~ /(128|192|256|512|SEED)/ ); |
480 |
+ my $hmac = $config->prop('HMAC') || 'SHA1'; |
+ my $hmac = $config->prop('HMAC') || 'SHA1'; |
481 |
+ $hmac= "<span style='color:red'>". $fm->localise('UNSECURE'). " $hmac</span> " unless ($hmac eq "whirlpool" || $hmac =~ /(512|256|384|224)$/); |
+ $hmac= "<span style='color:red'>". $fm->localise('INSECURE'). " $hmac</span> " unless ($hmac eq "whirlpool" || $hmac =~ /(512|256|384|224)$/); |
482 |
+ my $authe = $config->prop('Authentication') || ''; |
+ my $authe = $config->prop('Authentication') || ''; |
483 |
+ my $linkup = "<span style='color:red'>". $fm->localise('DOWN')."</span>" ; |
+ my $linkup = "<span style='color:red'>". $fm->localise('DOWN')."</span>" ; |
484 |
+ use Net::Ping; |
+ use Net::Ping; |
576 |
+ my ($self) = @_; |
+ my ($self) = @_; |
577 |
+ my $name = $self->cgi->param('conf_name') or return "AES-128-CBC"; |
+ my $name = $self->cgi->param('conf_name') or return "AES-128-CBC"; |
578 |
+ my $cvpn= $ovpn_db->get($name); |
+ my $cvpn= $ovpn_db->get($name); |
579 |
+ return "BF-CBC" unless defined $cvpn->prop('cipher'); |
+ return "BF-CBC" unless defined $cvpn->prop('Cipher'); |
580 |
+ return $cvpn->prop('cipher') ; |
+ return $cvpn->prop('Cipher') ; |
581 |
+} |
+} |
582 |
+ |
+ |
583 |
+=head2 get_ciphers_options |
+=head2 get_ciphers_options |
584 |
+list obtained using |
+list obtained using |
585 |
+openvpn --show-ciphers | egrep '^[A-Z]{2}' | sed 's/ by//; s/ default//; s/block,/block/; s/)// ' | awk {'print " '\''" $1 "'\'' => '\''" $1 $2 " " $4 " " $5 " " $7")'\''," '} |
+openvpn --show-ciphers | egrep '^[A-Z]{2}' | sed 's/ by//; s/ default//; s/block,/block/; s/)// ' | awk {'print " '\''" $1 "'\'' => '\''" $1 $2 " " $4 " " $5 " " $7")'\''," '} |
586 |
+then reduced to remove most of unsecure ciphers |
+then reduced to remove most of insecure ciphers |
587 |
+Using a CBC or GCM mode is recommended. |
+Using a CBC or GCM mode is recommended. |
588 |
+In static key mode only CBC mode is allowed. |
+In static key mode only CBC mode is allowed. |
589 |
+ |
+ |