85 |
</entry> |
</entry> |
86 |
+ |
+ |
87 |
+ <entry> |
+ <entry> |
88 |
+ <base>UNSECURE</base> |
+ <base>INSECURE</base> |
89 |
+ <trans>Unsecure parameter</trans> |
+ <trans>Insecure parameter</trans> |
90 |
+ </entry> |
+ </entry> |
91 |
+ <entry> |
+ <entry> |
92 |
+ <base>SUGGESTED</base> |
+ <base>SUGGESTED</base> |
371 |
exit 1 |
exit 1 |
372 |
diff -Nur --no-dereference smeserver-openvpn-s2s-0.2.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpns2s.pm smeserver-openvpn-s2s-0.2/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpns2s.pm |
diff -Nur --no-dereference smeserver-openvpn-s2s-0.2.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpns2s.pm smeserver-openvpn-s2s-0.2/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpns2s.pm |
373 |
--- smeserver-openvpn-s2s-0.2.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpns2s.pm 2021-03-30 00:12:27.724000000 -0400 |
--- smeserver-openvpn-s2s-0.2.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpns2s.pm 2021-03-30 00:12:27.724000000 -0400 |
374 |
+++ smeserver-openvpn-s2s-0.2/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpns2s.pm 2021-03-30 01:07:35.564000000 -0400 |
+++ smeserver-openvpn-s2s-0.2/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpns2s.pm 2021-03-30 01:19:05.081000000 -0400 |
375 |
@@ -26,6 +26,7 @@ |
@@ -26,6 +26,7 @@ |
376 |
remove_conf |
remove_conf |
377 |
print_conf_to_remove |
print_conf_to_remove |
476 |
$status = $fm->localise('DISABLED'); |
$status = $fm->localise('DISABLED'); |
477 |
} |
} |
478 |
+ my $cipher = $config->prop('cipher') || 'BF-CBC'; |
+ my $cipher = $config->prop('cipher') || 'BF-CBC'; |
479 |
+ $cipher = "<span style='color:red'>". $fm->localise('UNSECURE'). " $cipher</span> " unless ($cipher =~ /(128|192|256|512|SEED)/ ); |
+ $cipher = "<span style='color:red'>". $fm->localise('INSECURE'). " $cipher</span> " unless ($cipher =~ /(128|192|256|512|SEED)/ ); |
480 |
+ my $hmac = $config->prop('hmac') || 'SHA1'; |
+ my $hmac = $config->prop('HMAC') || 'SHA1'; |
481 |
+ $hmac= "<span style='color:red'>". $fm->localise('UNSECURE'). " $hmac</span> " unless ($hmac eq "whirlpool" || $hmac =~ /(512|256|384|224)$/); |
+ $hmac= "<span style='color:red'>". $fm->localise('INSECURE'). " $hmac</span> " unless ($hmac eq "whirlpool" || $hmac =~ /(512|256|384|224)$/); |
482 |
+ my $authe = $config->prop('Authentication') || ''; |
+ my $authe = $config->prop('Authentication') || ''; |
483 |
+ my $linkup = "<span style='color:red'>". $fm->localise('DOWN')."</span>" ; |
+ my $linkup = "<span style='color:red'>". $fm->localise('DOWN')."</span>" ; |
484 |
+ use Net::Ping; |
+ use Net::Ping; |
583 |
+=head2 get_ciphers_options |
+=head2 get_ciphers_options |
584 |
+list obtained using |
+list obtained using |
585 |
+openvpn --show-ciphers | egrep '^[A-Z]{2}' | sed 's/ by//; s/ default//; s/block,/block/; s/)// ' | awk {'print " '\''" $1 "'\'' => '\''" $1 $2 " " $4 " " $5 " " $7")'\''," '} |
+openvpn --show-ciphers | egrep '^[A-Z]{2}' | sed 's/ by//; s/ default//; s/block,/block/; s/)// ' | awk {'print " '\''" $1 "'\'' => '\''" $1 $2 " " $4 " " $5 " " $7")'\''," '} |
586 |
+then reduced to remove most of unsecure ciphers |
+then reduced to remove most of insecure ciphers |
587 |
+Using a CBC or GCM mode is recommended. |
+Using a CBC or GCM mode is recommended. |
588 |
+In static key mode only CBC mode is allowed. |
+In static key mode only CBC mode is allowed. |
589 |
+ |
+ |