Révision 3c4fc30b
Ajouté par Chris Buechler il y a plus de 9 ans
| etc/inc/filter.inc | ||
|---|---|---|
| 2684 | 2684 |
$ipfrules .= "anchor \"relayd/*\"\n"; |
| 2685 | 2685 |
/* OpenVPN user rules from radius */ |
| 2686 | 2686 |
$ipfrules .= "anchor \"openvpn/*\"\n"; |
| 2687 |
/* IPSec user rules from radius */
|
|
| 2687 |
/* IPsec user rules from radius */
|
|
| 2688 | 2688 |
$ipfrules .= "anchor \"ipsec/*\"\n"; |
| 2689 | 2689 |
# BEGIN OF firewall rules |
| 2690 | 2690 |
/* default block logging? */ |
| ... | ... | |
| 3563 | 3563 |
return $lines; |
| 3564 | 3564 |
} |
| 3565 | 3565 |
|
| 3566 |
/* Generate IPSEC Filter Items */
|
|
| 3566 |
/* Generate IPsec Filter Items */
|
|
| 3567 | 3567 |
function filter_generate_ipsec_rules($log = array()) {
|
| 3568 | 3568 |
global $config, $g, $FilterIflist, $tracker; |
| 3569 | 3569 |
|
| etc/inc/ipsec.auth-user.php | ||
|---|---|---|
| 132 | 132 |
$user = getUserEntry($username); |
| 133 | 133 |
if (!is_array($user) || !userHasPrivilege($user, "user-ipsec-xauth-dialin")) {
|
| 134 | 134 |
$authenticated = false; |
| 135 |
syslog(LOG_WARNING, "user '{$username}' cannot authenticate through IPSec since the required privileges are missing.\n");
|
|
| 135 |
syslog(LOG_WARNING, "user '{$username}' cannot authenticate through IPsec since the required privileges are missing.\n");
|
|
| 136 | 136 |
continue; |
| 137 | 137 |
} |
| 138 | 138 |
} |
| etc/inc/ipsec.inc | ||
|---|---|---|
| 39 | 39 |
"job" => "Job Processing", "cfg" => "Configuration backend", "knl" => "Kernel Interface", |
| 40 | 40 |
"net" => "Networking", "asn" => "ASN encoding", "enc" => "Message encoding", |
| 41 | 41 |
"imc" => "Integrity checker", "imv" => "Integrity Verifier", "pts" => "Platform Trust Service", |
| 42 |
"tls" => "TLS handler", "esp" => "IPSec traffic", "lib" => "StrongSWAN Lib");
|
|
| 42 |
"tls" => "TLS handler", "esp" => "IPsec traffic", "lib" => "StrongSWAN Lib");
|
|
| 43 | 43 |
|
| 44 | 44 |
$my_identifier_list = array( |
| 45 | 45 |
'myaddress' => array( 'desc' => gettext('My IP address'), 'mobile' => true ),
|
| ... | ... | |
| 463 | 463 |
global $config, $g, $custom_listtags; |
| 464 | 464 |
|
| 465 | 465 |
if (!file_exists("{$g['varrun_path']}/charon.xml")) {
|
| 466 |
log_error("IPSec daemon seems to have issues or not running!");
|
|
| 466 |
log_error("IPsec daemon seems to have issues or not running!");
|
|
| 467 | 467 |
return; |
| 468 | 468 |
} |
| 469 | 469 |
|
| ... | ... | |
| 607 | 607 |
$_gb = exec("/usr/local/sbin/ipsec stroke leases > {$g['tmp_path']}/strongswan_leases.xml");
|
| 608 | 608 |
|
| 609 | 609 |
if (!file_exists("{$g['tmp_path']}/strongswan_leases.xml")) {
|
| 610 |
log_error(gettext("IPSec daemon seems to have issues or not running! Could not display mobile user stats!"));
|
|
| 610 |
log_error(gettext("IPsec daemon seems to have issues or not running! Could not display mobile user stats!"));
|
|
| 611 | 611 |
return array(); |
| 612 | 612 |
} |
| 613 | 613 |
|
| usr/local/share/locale/ja/LC_MESSAGES/pfSense.po | ||
|---|---|---|
| 4497 | 4497 |
#: etc/inc/priv.defs.inc:166 etc/inc/priv.defs.inc:148 |
| 4498 | 4498 |
#: etc/inc/priv.defs.inc:166 |
| 4499 | 4499 |
msgid "WebCfg - Status: System logs: IPsec VPN page" |
| 4500 |
msgstr "WebCfg - ステータス:システムログ: IPSec VPNのページ"
|
|
| 4500 |
msgstr "WebCfg - ステータス:システムログ: IPsec VPNのページ"
|
|
| 4501 | 4501 |
|
| 4502 | 4502 |
#: etc/inc/priv.defs.inc:125 etc/inc/priv.defs.inc:143 |
| 4503 | 4503 |
#: etc/inc/priv.defs.inc:161 etc/inc/priv.defs.inc:149 |
| ... | ... | |
| 6378 | 6378 |
#: etc/inc/priv.defs.inc:1153 etc/inc/priv.defs.inc:1161 |
| 6379 | 6379 |
#: etc/inc/priv.defs.inc:1161 |
| 6380 | 6380 |
msgid "Allow access to the 'VPN: IPsec' page." |
| 6381 |
msgstr "ページ:'のIPSec VPN 」へのアクセスを許可します。"
|
|
| 6381 |
msgstr "ページ:'のIPsec VPN 」へのアクセスを許可します。"
|
|
| 6382 | 6382 |
|
| 6383 | 6383 |
#: etc/inc/priv.defs.inc:1134 etc/inc/priv.defs.inc:1152 |
| 6384 | 6384 |
#: etc/inc/priv.defs.inc:1158 etc/inc/priv.defs.inc:1166 |
| ... | ... | |
| 12076 | 12076 |
#: etc/inc/service-utils.inc:336 usr/local/www/diag_logs_ipsec.php:91 |
| 12077 | 12077 |
#: etc/inc/service-utils.inc:336 |
| 12078 | 12078 |
msgid "IPsec VPN" |
| 12079 |
msgstr "IPSec VPNの"
|
|
| 12079 |
msgstr "IPsec VPNの"
|
|
| 12080 | 12080 |
|
| 12081 | 12081 |
#: usr/local/www/diag_logs_ipsec.php:123 usr/local/www/diag_logs_ipsec.php:122 |
| 12082 | 12082 |
#: usr/local/www/diag_logs_ipsec.php:123 |
| ... | ... | |
| 36875 | 36875 |
"cryptographic acceleration card, as this will take precedence and the Hifn " |
| 36876 | 36876 |
"card will not be used. Acceleration should be automatic for IPsec when using " |
| 36877 | 36877 |
"Rijndael (AES). OpenVPN should be set for AES-128-CBC." |
| 36878 |
msgstr "チップを持つシステムでは「AMDのGeode LXセキュリティブロックは、いくつかの暗号機能を加速していきます」 。あなたはHifnのある場合は、「暗号化アクセラレータカードを、これが優先されますし、 Hifnのように、 「カードが使用されない場合は、このオプションを有効にしないでください。 「ラインダール( AES)を使用した場合、加速がIPSecの自動にする必要があります。 OpenVPNのは、AES - 128 -CBCのために設定する必要があります。"
|
|
| 36878 |
msgstr "チップを持つシステムでは「AMDのGeode LXセキュリティブロックは、いくつかの暗号機能を加速していきます」 。あなたはHifnのある場合は、「暗号化アクセラレータカードを、これが優先されますし、 Hifnのように、 「カードが使用されない場合は、このオプションを有効にしないでください。 「ラインダール( AES)を使用した場合、加速がIPsecの自動にする必要があります。 OpenVPNのは、AES - 128 -CBCのために設定する必要があります。"
|
|
| 36879 | 36879 |
|
| 36880 | 36880 |
#: usr/local/www/system_advanced_misc.php:332 |
| 36881 | 36881 |
#: usr/local/www/system_advanced_misc.php:375 |
| ... | ... | |
| 36988 | 36988 |
msgid "" |
| 36989 | 36989 |
"Enable MSS clamping on TCP flows over VPN. This helps overcome problems with " |
| 36990 | 36990 |
"PMTUD on IPsec VPN links. If left blank, the default value is 1400 bytes. " |
| 36991 |
msgstr "IPSec VPNのリンク上でPMTUD 「VPN上を流れるTCP上でクランプするMSSを有効にします。これはの問題を克服するのに役立ちます」 。空白の場合、デフォルト値は1400バイトです。"
|
|
| 36991 |
msgstr "IPsec VPNのリンク上でPMTUD 「VPN上を流れるTCP上でクランプするMSSを有効にします。これはの問題を克服するのに役立ちます」 。空白の場合、デフォルト値は1400バイトです。"
|
|
| 36992 | 36992 |
|
| 36993 | 36993 |
#: usr/local/www/system_advanced_misc.php:383 |
| 36994 | 36994 |
#: usr/local/www/system_advanced_misc.php:426 |
| ... | ... | |
| 40055 | 40055 |
msgid "" |
| 40056 | 40056 |
"Accounts created here are also used for other parts of the system such as " |
| 40057 | 40057 |
"OpenVPN, IPsec, and Captive Portal." |
| 40058 |
msgstr "OpenVPNは、 IPSec、およびキャプティブポータル「ここで作成したアカウントはまた、などのシステムの他の部分に使用されます」 。"
|
|
| 40058 |
msgstr "OpenVPNは、 IPsec、およびキャプティブポータル「ここで作成したアカウントはまた、などのシステムの他の部分に使用されます」 。"
|
|
| 40059 | 40059 |
|
| 40060 | 40060 |
#: usr/local/www/system_usermanager_passwordmg.php:43 |
| 40061 | 40061 |
#: usr/local/www/system_usermanager_passwordmg.php:43 |
| usr/local/share/locale/pt_BR.ISO8859-1/LC_MESSAGES/pfSense.po | ||
|---|---|---|
| 13656 | 13656 |
|
| 13657 | 13657 |
#: usr/local/www/firewall_nat_1to1.php:181 |
| 13658 | 13658 |
msgid "If you add a 1:1 NAT entry for any of the interface IPs on this system, it will make this system inaccessible on that IP address. i.e. if you use your WAN IP address, any services on this system (IPsec, OpenVPN server, etc.) using the WAN IP address will no longer function." |
| 13659 |
msgstr "Se voc? adicionar uma entrada NAT 1:1 para qualquer uma das interfaces IP no sistema, isto ir? tornar o sistema inacess?vel naquele endere?o IP. Ex.: se voc? usar seu endere?o IP WAN, qualquer servi?o neste sistema (IPSec, servidor OpenVPN, etc) utilizando o endere?o IP WAN deixar? de funcionar."
|
|
| 13659 |
msgstr "Se voc? adicionar uma entrada NAT 1:1 para qualquer uma das interfaces IP no sistema, isto ir? tornar o sistema inacess?vel naquele endere?o IP. Ex.: se voc? usar seu endere?o IP WAN, qualquer servi?o neste sistema (IPsec, servidor OpenVPN, etc) utilizando o endere?o IP WAN deixar? de funcionar."
|
|
| 13660 | 13660 |
|
| 13661 | 13661 |
#: usr/local/www/firewall_nat_1to1_edit.php:109 |
| 13662 | 13662 |
#: usr/local/www/firewall_nat_out_edit.php:125 |
| usr/local/share/locale/tr/LC_MESSAGES/pfSense.po | ||
|---|---|---|
| 10599 | 10599 |
#: usr/local/www/diag_logs_ipsec.php:123 |
| 10600 | 10600 |
#, php-format |
| 10601 | 10601 |
msgid "Last %s IPsec log entries" |
| 10602 |
msgstr "IPSec son %s günlük girdisi"
|
|
| 10602 |
msgstr "IPsec son %s günlük girdisi"
|
|
| 10603 | 10603 |
|
| 10604 | 10604 |
#: usr/local/www/diag_logs_ipsec.php:135 usr/local/www/diag_logs_ppp.php:99 |
| 10605 | 10605 |
#: usr/local/www/diag_logs_ipsec.php:134 usr/local/www/diag_logs_ppp.php:98 |
| ... | ... | |
| 22302 | 22302 |
#: usr/local/www/vpn_ipsec.php:139 usr/local/www/vpn_ipsec_mobile.php:330 |
| 22303 | 22303 |
#: usr/local/www/vpn_ipsec_keys.php:85 |
| 22304 | 22304 |
msgid "The IPsec tunnel configuration has been changed" |
| 22305 |
msgstr "IPSec tünel yapılandırması değiştirildi"
|
|
| 22305 |
msgstr "IPsec tünel yapılandırması değiştirildi"
|
|
| 22306 | 22306 |
|
| 22307 | 22307 |
#: usr/local/www/vpn_ipsec.php:141 usr/local/www/vpn_ipsec_keys.php:93 |
| 22308 | 22308 |
#: usr/local/www/vpn_ipsec_mobile.php:318 |
| ... | ... | |
| 42914 | 42914 |
|
| 42915 | 42915 |
#: usr/local/www/vpn_ipsec_phase2.php:192 |
| 42916 | 42916 |
msgid "Mobile IPsec only supports Tunnel mode." |
| 42917 |
msgstr "Mobil IPSec yalnızca tünel modu destekler."
|
|
| 42917 |
msgstr "Mobil IPsec yalnızca tünel modu destekler."
|
|
| 42918 | 42918 |
|
| 42919 | 42919 |
#: usr/local/www/vpn_ipsec_phase2.php:287 |
| 42920 | 42920 |
msgid "Phase 1 is using IPv4. You cannot use Tunnel IPv6 on Phase 2." |
| usr/local/www/ifstats.php | ||
|---|---|---|
| 47 | 47 |
|
| 48 | 48 |
$realif = get_real_interface($if); |
| 49 | 49 |
if(!$realif) |
| 50 |
$realif = $if; // Need for IPSec case interface.
|
|
| 50 |
$realif = $if; // Need for IPsec case interface.
|
|
| 51 | 51 |
|
| 52 | 52 |
$ifinfo = pfSense_get_interface_stats($realif); |
| 53 | 53 |
|
| usr/local/www/vpn_ipsec_settings.php | ||
|---|---|---|
| 161 | 161 |
<div class="tabcont"> |
| 162 | 162 |
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> |
| 163 | 163 |
<tr> |
| 164 |
<td colspan="2" valign="top" class="listtopic"><?=gettext("IPSec Advanced Settings"); ?></td>
|
|
| 164 |
<td colspan="2" valign="top" class="listtopic"><?=gettext("IPsec Advanced Settings"); ?></td>
|
|
| 165 | 165 |
</tr> |
| 166 | 166 |
<tr> |
| 167 | 167 |
<td width="22%" valign="top" class="vncell"><?=gettext("LAN security associations"); ?></td>
|
| ... | ... | |
| 169 | 169 |
<input name="noinstalllanspd" type="checkbox" id="noinstalllanspd" value="yes" <?php if ($pconfig['noinstalllanspd']) echo "checked=\"checked\""; ?> /> |
| 170 | 170 |
<strong><?=gettext("Do not install LAN SPD"); ?></strong>
|
| 171 | 171 |
<br /> |
| 172 |
<?=gettext("By default, if IPSec is enabled negating SPD are inserted to provide protection. " .
|
|
| 172 |
<?=gettext("By default, if IPsec is enabled negating SPD are inserted to provide protection. " .
|
|
| 173 | 173 |
"This behaviour can be changed by enabling this setting which will prevent installing these SPDs."); ?> |
| 174 | 174 |
</td> |
| 175 | 175 |
</tr> |
| ... | ... | |
| 187 | 187 |
<tr> |
| 188 | 188 |
<td width="22%" valign="top" class="vncell"><?=gettext("IPsec Debug"); ?></td>
|
| 189 | 189 |
<td width="78%" class="vtable"> |
| 190 |
<strong><?=gettext("Start IPSec in debug mode based on sections selected"); ?></strong>
|
|
| 190 |
<strong><?=gettext("Start IPsec in debug mode based on sections selected"); ?></strong>
|
|
| 191 | 191 |
<br /> |
| 192 | 192 |
<table summary="ipsec debug"> |
| 193 | 193 |
<?php foreach ($ipsec_loglevels as $lkey => $ldescr): ?> |
| ... | ... | |
| 208 | 208 |
<?php endforeach; ?> |
| 209 | 209 |
<tr style="display:none;"><td></td></tr> |
| 210 | 210 |
</table> |
| 211 |
<br /><?=gettext("Launches IPSec in debug mode so that more verbose logs " .
|
|
| 211 |
<br /><?=gettext("Launches IPsec in debug mode so that more verbose logs " .
|
|
| 212 | 212 |
"will be generated to aid in troubleshooting."); ?> |
| 213 | 213 |
</td> |
| 214 | 214 |
</tr> |
Formats disponibles : Unified diff
get back to our standard RFC-defined capitalization of IPsec