mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-12-26 01:59:53 +03:00
Merge PR #1200: Implement support for WireGuard
This commit is contained in:
commit
3d69a71d9b
@ -1,8 +1,6 @@
|
||||
version: '{build}'
|
||||
|
||||
image:
|
||||
- Ubuntu1604
|
||||
- Ubuntu1804
|
||||
image: Ubuntu1804
|
||||
|
||||
configuration: Release
|
||||
|
||||
@ -19,38 +17,20 @@ skip_commits:
|
||||
init:
|
||||
- ps: Update-AppveyorBuild -Version "build-$env:APPVEYOR_BUILD_NUMBER-$($env:APPVEYOR_REPO_COMMIT.substring(0,7))"
|
||||
|
||||
install: git submodule update --init --recursive
|
||||
|
||||
for:
|
||||
-
|
||||
matrix:
|
||||
only:
|
||||
- image: Ubuntu1604
|
||||
before_build:
|
||||
- ./configure
|
||||
build_script:
|
||||
- make package -C build -j $(nproc || sysctl -n hw.ncpu || echo 4)
|
||||
test_script:
|
||||
- .ci/appveyor-deb-install-test.sh
|
||||
- sudo apt-get update && sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip # openvpn build deps
|
||||
- sudo .ci/start-se-openvpn.sh
|
||||
- sudo .ci/run-openvpn-tests.sh
|
||||
|
||||
-
|
||||
matrix:
|
||||
only:
|
||||
- image: Ubuntu1804
|
||||
before_build:
|
||||
- sh: "if [ ${APPVEYOR_REPO_TAG} == \"true\" ]; then .ci/appveyor-create-release-tarball.sh\nfi"
|
||||
- ./configure
|
||||
build_script:
|
||||
- make package -C build -j $(nproc || sysctl -n hw.ncpu || echo 4)
|
||||
- .ci/memory-leak-test.sh
|
||||
test_script:
|
||||
- .ci/appveyor-deb-install-test.sh
|
||||
- sudo apt-get update && sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip # openvpn build deps
|
||||
- sudo .ci/start-se-openvpn.sh
|
||||
- sudo .ci/run-openvpn-tests.sh
|
||||
install:
|
||||
- sudo apt-get -y install libsodium-dev
|
||||
before_build:
|
||||
- sh: "if [ ${APPVEYOR_REPO_TAG} == \"true\" ]; then .ci/appveyor-create-release-tarball.sh\nfi"
|
||||
- git submodule update --init --recursive
|
||||
- ./configure
|
||||
build_script:
|
||||
- make package -C build -j $(nproc || sysctl -n hw.ncpu || echo 4)
|
||||
- .ci/memory-leak-test.sh
|
||||
test_script:
|
||||
- .ci/appveyor-deb-install-test.sh
|
||||
- sudo apt-get update && sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip # openvpn build deps
|
||||
- sudo .ci/start-se-openvpn.sh
|
||||
- sudo .ci/run-openvpn-tests.sh
|
||||
|
||||
deploy:
|
||||
description: 'automatic release'
|
||||
|
@ -2,9 +2,9 @@ jobs:
|
||||
- job: ubuntu_x86_64
|
||||
displayName: 'Ubuntu (x86_64)'
|
||||
pool:
|
||||
vmImage: ubuntu-16.04
|
||||
vmImage: ubuntu-18.04
|
||||
steps:
|
||||
- script: sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libssl-dev make zlib1g-dev
|
||||
- script: sudo apt update && sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev
|
||||
displayName: 'Prepare environment'
|
||||
- script: "$(Build.SourcesDirectory)/.ci/azure-pipelines/linux_build.sh"
|
||||
env:
|
||||
|
@ -3,7 +3,7 @@ jobs:
|
||||
pool:
|
||||
vmImage: macOS-latest
|
||||
steps:
|
||||
- script: brew install cmake ninja ncurses readline openssl zlib
|
||||
- script: brew install pkg-config cmake ninja ncurses readline libsodium openssl zlib
|
||||
displayName: 'Prepare environment'
|
||||
- script: '$(Build.SourcesDirectory)/.ci/azure-pipelines/macos_build.sh'
|
||||
env:
|
||||
|
@ -15,7 +15,7 @@ steps:
|
||||
path: 'C:/vcpkg/installed'
|
||||
displayName: 'Environment storage'
|
||||
- script: |
|
||||
vcpkg install openssl zlib --triplet ${{parameters.vcpkgTriplet}}
|
||||
vcpkg install libsodium openssl zlib --triplet ${{parameters.vcpkgTriplet}}
|
||||
workingDirectory: C:/vcpkg
|
||||
displayName: 'Prepare environment'
|
||||
- script: '$(Build.SourcesDirectory)/.ci/azure-pipelines/windows_build.bat'
|
||||
|
@ -13,7 +13,7 @@ FreeBSD_task:
|
||||
freebsd_instance:
|
||||
image_family: freebsd-12-1
|
||||
prepare_script:
|
||||
- pkg install -y cmake git $SSL
|
||||
- pkg install -y pkgconf cmake git libsodium $SSL
|
||||
- git submodule update --init --recursive
|
||||
configure_script:
|
||||
- ./configure
|
||||
|
@ -9,7 +9,7 @@
|
||||
- .cirrus.yml
|
||||
before_script:
|
||||
- REPOSITORY="$PWD" && cd ..
|
||||
- apt-get update && apt-get install -y dpkg-dev wget g++ gcc libncurses5-dev libreadline-dev libssl-dev make zlib1g-dev git file
|
||||
- apt-get update && apt-get install -y dpkg-dev wget g++ gcc libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev git file
|
||||
- wget https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}.tar.gz && tar -xzf cmake-${CMAKE_VERSION}.tar.gz
|
||||
- cd cmake-${CMAKE_VERSION} && ./bootstrap && make install
|
||||
- cd "$REPOSITORY" && git submodule update --init --recursive
|
||||
|
3
.gitmodules
vendored
3
.gitmodules
vendored
@ -4,3 +4,6 @@
|
||||
[submodule "3rdparty/tinydir"]
|
||||
path = 3rdparty/tinydir
|
||||
url = https://github.com/cxong/tinydir.git
|
||||
[submodule "3rdparty/BLAKE2"]
|
||||
path = 3rdparty/BLAKE2
|
||||
url = https://github.com/BLAKE2/BLAKE2.git
|
||||
|
@ -1,5 +1,5 @@
|
||||
sudo: required
|
||||
dist: xenial
|
||||
dist: bionic
|
||||
|
||||
language: c
|
||||
|
||||
@ -20,7 +20,8 @@ matrix:
|
||||
os: linux
|
||||
compiler: gcc
|
||||
- env: OPENSSL_VERSION="1.1.1c" LABEL="linux-ppc64le" CMAKE_VERSION="3.9.6"
|
||||
os: linux-ppc64le
|
||||
arch: ppc64le
|
||||
os: linux
|
||||
compiler: gcc
|
||||
install:
|
||||
- wget https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}.tar.gz && tar -xzf cmake-${CMAKE_VERSION}.tar.gz
|
||||
@ -35,6 +36,7 @@ matrix:
|
||||
os: linux
|
||||
compiler: gcc
|
||||
before_install:
|
||||
- sudo apt-get -y install libsodium-dev
|
||||
- bash .ci/build-libressl.sh > build-deps.log 2>&1 || (cat build-deps.log && exit 1)
|
||||
- env: LABEL="check stb files"
|
||||
os: linux
|
||||
@ -49,7 +51,7 @@ matrix:
|
||||
- os: osx
|
||||
compiler: clang
|
||||
before_install:
|
||||
- true
|
||||
- brew install libsodium
|
||||
script:
|
||||
- ./configure
|
||||
- make -C build
|
||||
@ -62,6 +64,7 @@ cache:
|
||||
- ${HOME}/opt
|
||||
|
||||
before_install:
|
||||
- sudo apt-get -y install libsodium-dev
|
||||
- bash .ci/build-openssl.sh > build-deps.log 2>&1 || (cat build-deps.log && exit 1)
|
||||
|
||||
script:
|
||||
|
1
3rdparty/BLAKE2
vendored
Submodule
1
3rdparty/BLAKE2
vendored
Submodule
@ -0,0 +1 @@
|
||||
Subproject commit b52178a376ca85a8ffe50492263c2a5bc0fa4f46
|
@ -1,4 +1,4 @@
|
||||
cmake_minimum_required(VERSION 3.7)
|
||||
cmake_minimum_required(VERSION 3.10)
|
||||
|
||||
set(BUILD_NUMBER CACHE STRING "The number of the current build.")
|
||||
|
||||
|
@ -1509,6 +1509,9 @@ PACK *AdminDispatch(RPC *rpc, char *name, PACK *p)
|
||||
DECLARE_RPC_EX("GetServerCipherList", RPC_STR, StGetServerCipherList, InRpcStr, OutRpcStr, FreeRpcStr)
|
||||
DECLARE_RPC_EX("GetServerCipher", RPC_STR, StGetServerCipher, InRpcStr, OutRpcStr, FreeRpcStr)
|
||||
DECLARE_RPC_EX("SetServerCipher", RPC_STR, StSetServerCipher, InRpcStr, OutRpcStr, FreeRpcStr)
|
||||
DECLARE_RPC_EX("AddWgk", RPC_WGK, StAddWgk, InRpcWgk, OutRpcWgk, FreeRpcWgk)
|
||||
DECLARE_RPC_EX("DeleteWgk", RPC_WGK, StDeleteWgk, InRpcWgk, OutRpcWgk, FreeRpcWgk)
|
||||
DECLARE_RPC_EX("EnumWgk", RPC_WGK, StEnumWgk, InRpcWgk, OutRpcWgk, FreeRpcWgk)
|
||||
DECLARE_RPC("CreateHub", RPC_CREATE_HUB, StCreateHub, InRpcCreateHub, OutRpcCreateHub)
|
||||
DECLARE_RPC("SetHub", RPC_CREATE_HUB, StSetHub, InRpcCreateHub, OutRpcCreateHub)
|
||||
DECLARE_RPC("GetHub", RPC_CREATE_HUB, StGetHub, InRpcCreateHub, OutRpcCreateHub)
|
||||
@ -1693,6 +1696,9 @@ DECLARE_SC_EX("GetServerCert", RPC_KEY_PAIR, ScGetServerCert, InRpcKeyPair, OutR
|
||||
DECLARE_SC_EX("GetServerCipherList", RPC_STR, ScGetServerCipherList, InRpcStr, OutRpcStr, FreeRpcStr)
|
||||
DECLARE_SC_EX("GetServerCipher", RPC_STR, ScGetServerCipher, InRpcStr, OutRpcStr, FreeRpcStr)
|
||||
DECLARE_SC_EX("SetServerCipher", RPC_STR, ScSetServerCipher, InRpcStr, OutRpcStr, FreeRpcStr)
|
||||
DECLARE_SC_EX("AddWgk", RPC_WGK, ScAddWgk, InRpcWgk, OutRpcWgk, FreeRpcWgk)
|
||||
DECLARE_SC_EX("DeleteWgk", RPC_WGK, ScDeleteWgk, InRpcWgk, OutRpcWgk, FreeRpcWgk)
|
||||
DECLARE_SC_EX("EnumWgk", RPC_WGK, ScEnumWgk, InRpcWgk, OutRpcWgk, FreeRpcWgk)
|
||||
DECLARE_SC("CreateHub", RPC_CREATE_HUB, ScCreateHub, InRpcCreateHub, OutRpcCreateHub)
|
||||
DECLARE_SC("SetHub", RPC_CREATE_HUB, ScSetHub, InRpcCreateHub, OutRpcCreateHub)
|
||||
DECLARE_SC("GetHub", RPC_CREATE_HUB, ScGetHub, InRpcCreateHub, OutRpcCreateHub)
|
||||
@ -9061,9 +9067,12 @@ UINT StGetHub(ADMIN *a, RPC_CREATE_HUB *t)
|
||||
{
|
||||
StrCpy(t->HubName, sizeof(t->HubName), h->Name);
|
||||
t->Online = h->Offline ? false : true;
|
||||
t->HubType = h->Type;
|
||||
|
||||
t->HubOption.DefaultGateway = h->Option->DefaultGateway;
|
||||
t->HubOption.DefaultSubnet = h->Option->DefaultSubnet;
|
||||
t->HubOption.MaxSession = h->Option->MaxSession;
|
||||
t->HubOption.NoEnum = h->Option->NoEnum;
|
||||
t->HubType = h->Type;
|
||||
}
|
||||
Unlock(h->lock);
|
||||
|
||||
@ -9090,7 +9099,6 @@ UINT StSetHub(ADMIN *a, RPC_CREATE_HUB *t)
|
||||
return ERR_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
|
||||
CHECK_RIGHT;
|
||||
NO_SUPPORT_FOR_BRIDGE;
|
||||
|
||||
@ -9175,8 +9183,12 @@ UINT StSetHub(ADMIN *a, RPC_CREATE_HUB *t)
|
||||
else
|
||||
{
|
||||
h->Type = t->HubType;
|
||||
|
||||
h->Option->DefaultGateway = t->HubOption.DefaultGateway;
|
||||
h->Option->DefaultSubnet = t->HubOption.DefaultSubnet;
|
||||
h->Option->MaxSession = t->HubOption.MaxSession;
|
||||
h->Option->NoEnum = t->HubOption.NoEnum;
|
||||
|
||||
if (IsZero(t->HashedPassword, sizeof(t->HashedPassword)) == false &&
|
||||
IsZero(t->SecurePassword, sizeof(t->SecurePassword)) == false)
|
||||
{
|
||||
@ -9234,8 +9246,6 @@ UINT StCreateHub(ADMIN *a, RPC_CREATE_HUB *t)
|
||||
return ERR_NOT_FARM_CONTROLLER;
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (IsEmptyStr(t->HubName) || IsSafeStr(t->HubName) == false)
|
||||
{
|
||||
return ERR_INVALID_PARAMETER;
|
||||
@ -9279,6 +9289,8 @@ UINT StCreateHub(ADMIN *a, RPC_CREATE_HUB *t)
|
||||
|
||||
// Create a hub object
|
||||
Zero(&o, sizeof(o));
|
||||
o.DefaultGateway = t->HubOption.DefaultGateway;
|
||||
o.DefaultSubnet = t->HubOption.DefaultSubnet;
|
||||
o.MaxSession = t->HubOption.MaxSession;
|
||||
o.NoEnum = t->HubOption.NoEnum;
|
||||
|
||||
@ -9497,6 +9509,144 @@ UINT StSetServerCert(ADMIN *a, RPC_KEY_PAIR *t)
|
||||
return ERR_NO_ERROR;
|
||||
}
|
||||
|
||||
// Add a WireGuard key to the allowed key list
|
||||
UINT StAddWgk(ADMIN *a, RPC_WGK *t)
|
||||
{
|
||||
UINT ret = ERR_NO_ERROR;
|
||||
SERVER *s = a->Server;
|
||||
CEDAR *c = s->Cedar;
|
||||
LIST *to_add;
|
||||
|
||||
SERVER_ADMIN_ONLY;
|
||||
|
||||
to_add = NewListFast(NULL);
|
||||
|
||||
LockList(c->WgkList);
|
||||
{
|
||||
UINT i;
|
||||
for (i = 0; i < t->Num; ++i)
|
||||
{
|
||||
WGK *rpc_wgk = &t->Wgks[i];
|
||||
WGK *wgk;
|
||||
|
||||
if (IsEmptyStr(rpc_wgk->Key))
|
||||
{
|
||||
ret = ERR_INVALID_PARAMETER;
|
||||
break;
|
||||
}
|
||||
|
||||
if (Search(c->WgkList, rpc_wgk) != NULL)
|
||||
{
|
||||
ret = ERR_OBJECT_EXISTS;
|
||||
break;
|
||||
}
|
||||
|
||||
wgk = Malloc(sizeof(WGK));
|
||||
StrCpy(wgk->Key, sizeof(wgk->Key), rpc_wgk->Key);
|
||||
StrCpy(wgk->Hub, sizeof(wgk->Hub), rpc_wgk->Hub);
|
||||
StrCpy(wgk->User, sizeof(wgk->User), rpc_wgk->User);
|
||||
|
||||
Add(to_add, wgk);
|
||||
}
|
||||
|
||||
for (i = 0; i < LIST_NUM(to_add); ++i)
|
||||
{
|
||||
WGK *wgk = LIST_DATA(to_add, i);
|
||||
ret == ERR_NO_ERROR ? Add(c->WgkList, wgk) : Free(wgk);
|
||||
}
|
||||
}
|
||||
UnlockList(c->WgkList);
|
||||
|
||||
if (ret == ERR_NO_ERROR)
|
||||
{
|
||||
ALog(a, NULL, "LA_ADD_WGK", LIST_NUM(to_add));
|
||||
IncrementServerConfigRevision(a->Server);
|
||||
}
|
||||
|
||||
ReleaseList(to_add);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Delete a WireGuard key from the allowed key list
|
||||
UINT StDeleteWgk(ADMIN *a, RPC_WGK *t)
|
||||
{
|
||||
UINT ret = ERR_NO_ERROR;
|
||||
SERVER *s = a->Server;
|
||||
CEDAR *c = s->Cedar;
|
||||
LIST *to_delete;
|
||||
|
||||
SERVER_ADMIN_ONLY;
|
||||
|
||||
to_delete = NewListFast(NULL);
|
||||
|
||||
LockList(c->WgkList);
|
||||
{
|
||||
UINT i;
|
||||
for (i = 0; i < t->Num; ++i)
|
||||
{
|
||||
WGK *wgk = Search(c->WgkList, &t->Wgks[i]);
|
||||
if (wgk == NULL)
|
||||
{
|
||||
ret = ERR_OBJECT_NOT_FOUND;
|
||||
break;
|
||||
}
|
||||
|
||||
Add(to_delete, wgk);
|
||||
}
|
||||
|
||||
if (ret == ERR_NO_ERROR)
|
||||
{
|
||||
for (i = 0; i < LIST_NUM(to_delete); ++i)
|
||||
{
|
||||
WGK *wgk = LIST_DATA(to_delete, i);
|
||||
Delete(c->WgkList, wgk);
|
||||
Free(wgk);
|
||||
}
|
||||
}
|
||||
}
|
||||
UnlockList(c->WgkList);
|
||||
|
||||
if (ret == ERR_NO_ERROR)
|
||||
{
|
||||
ALog(a, NULL, "LA_DELETE_WGK", LIST_NUM(to_delete));
|
||||
IncrementServerConfigRevision(a->Server);
|
||||
}
|
||||
|
||||
ReleaseList(to_delete);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
// List the allowed WireGuard keys
|
||||
UINT StEnumWgk(ADMIN *a, RPC_WGK *t)
|
||||
{
|
||||
SERVER *s = a->Server;
|
||||
CEDAR *c = s->Cedar;
|
||||
|
||||
SERVER_ADMIN_ONLY;
|
||||
|
||||
LockList(c->WgkList);
|
||||
{
|
||||
UINT i;
|
||||
t->Num = LIST_NUM(c->WgkList);
|
||||
t->Wgks = Malloc(sizeof(WGK) * t->Num);
|
||||
|
||||
for (i = 0; i < t->Num; ++i)
|
||||
{
|
||||
WGK *wgk = LIST_DATA(c->WgkList, i);
|
||||
WGK *rpc_wgk = &t->Wgks[i];
|
||||
|
||||
StrCpy(rpc_wgk->Key, sizeof(rpc_wgk->Key), wgk->Key);
|
||||
StrCpy(rpc_wgk->Hub, sizeof(rpc_wgk->Hub), wgk->Hub);
|
||||
StrCpy(rpc_wgk->User, sizeof(rpc_wgk->User), wgk->User);
|
||||
}
|
||||
}
|
||||
UnlockList(c->WgkList);
|
||||
|
||||
return ERR_NO_ERROR;
|
||||
}
|
||||
|
||||
// Get status of connection to cluster controller
|
||||
UINT StGetFarmConnectionStatus(ADMIN *a, RPC_FARM_CONNECTION_STATUS *t)
|
||||
{
|
||||
@ -10021,6 +10171,8 @@ UINT StGetProtoOptions(ADMIN *a, RPC_PROTO_OPTIONS *t)
|
||||
UINT ret = ERR_NO_ERROR;
|
||||
LIST *options;
|
||||
|
||||
SERVER_ADMIN_ONLY;
|
||||
|
||||
if (proto == NULL)
|
||||
{
|
||||
return ERR_NOT_SUPPORTED;
|
||||
@ -12885,6 +13037,8 @@ void InRpcHubOption(RPC_HUB_OPTION *t, PACK *p)
|
||||
}
|
||||
|
||||
Zero(t, sizeof(RPC_HUB_OPTION));
|
||||
t->DefaultGateway = PackGetInt(p, "DefaultGateway");
|
||||
t->DefaultSubnet = PackGetInt(p, "DefaultSubnet");
|
||||
t->MaxSession = PackGetInt(p, "MaxSession");
|
||||
t->NoEnum = PackGetBool(p, "NoEnum");
|
||||
}
|
||||
@ -12896,6 +13050,8 @@ void OutRpcHubOption(PACK *p, RPC_HUB_OPTION *t)
|
||||
return;
|
||||
}
|
||||
|
||||
PackAddInt(p, "DefaultGateway", t->DefaultGateway);
|
||||
PackAddInt(p, "DefaultSubnet", t->DefaultSubnet);
|
||||
PackAddInt(p, "MaxSession", t->MaxSession);
|
||||
PackAddBool(p, "NoEnum", t->NoEnum);
|
||||
}
|
||||
@ -14455,6 +14611,64 @@ void FreeRpcKeyPair(RPC_KEY_PAIR *t)
|
||||
FreeK(t->Key);
|
||||
}
|
||||
|
||||
// RPC_WGK
|
||||
void InRpcWgk(RPC_WGK *t, PACK *p)
|
||||
{
|
||||
UINT i;
|
||||
// Validate arguments
|
||||
if (t == NULL || p == NULL)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
Zero(t, sizeof(RPC_WGK));
|
||||
|
||||
t->Num = PackGetIndexCount(p, "Key");
|
||||
if (t->Num == 0)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
t->Wgks = ZeroMalloc(sizeof(WGK) * t->Num);
|
||||
|
||||
for (i = 0; i < t->Num; ++i)
|
||||
{
|
||||
WGK *wgk = &t->Wgks[i];
|
||||
|
||||
PackGetStrEx(p, "Key", wgk->Key, sizeof(wgk->Key), i);
|
||||
PackGetStrEx(p, "Hub", wgk->Hub, sizeof(wgk->Hub), i);
|
||||
PackGetStrEx(p, "User", wgk->User, sizeof(wgk->User), i);
|
||||
}
|
||||
}
|
||||
void OutRpcWgk(PACK *p, RPC_WGK *t)
|
||||
{
|
||||
UINT i;
|
||||
// Validate arguments
|
||||
if (t == NULL || p == NULL)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
for (i = 0; i < t->Num; ++i)
|
||||
{
|
||||
WGK *wgk = &t->Wgks[i];
|
||||
|
||||
PackAddStrEx(p, "Key", wgk->Key, i, t->Num);
|
||||
PackAddStrEx(p, "Hub", wgk->Hub, i, t->Num);
|
||||
PackAddStrEx(p, "User", wgk->User, i, t->Num);
|
||||
}
|
||||
}
|
||||
void FreeRpcWgk(RPC_WGK *t)
|
||||
{
|
||||
// Validate arguments
|
||||
if (t == NULL)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
Free(t->Wgks);
|
||||
}
|
||||
|
||||
// NODE_INFO
|
||||
void InRpcNodeInfo(NODE_INFO *t, PACK *p)
|
||||
{
|
||||
|
@ -226,9 +226,18 @@ struct RPC_KEY_PAIR
|
||||
UINT Flag1; // Flag1
|
||||
};
|
||||
|
||||
// WireGuard keys
|
||||
struct RPC_WGK
|
||||
{
|
||||
UINT Num; // Number of keys
|
||||
WGK *Wgks; // Keys
|
||||
};
|
||||
|
||||
// HUB option
|
||||
struct RPC_HUB_OPTION
|
||||
{
|
||||
UINT DefaultGateway; // Default gateway address
|
||||
UINT DefaultSubnet; // Default subnet mask
|
||||
UINT MaxSession; // Maximum number of sessions
|
||||
bool NoEnum; // Not listed
|
||||
};
|
||||
@ -987,6 +996,9 @@ UINT StGetServerCert(ADMIN *a, RPC_KEY_PAIR *t);
|
||||
UINT StGetServerCipherList(ADMIN *a, RPC_STR *t);
|
||||
UINT StGetServerCipher(ADMIN *a, RPC_STR *t);
|
||||
UINT StSetServerCipher(ADMIN *a, RPC_STR *t);
|
||||
UINT StAddWgk(ADMIN *a, RPC_WGK *t);
|
||||
UINT StDeleteWgk(ADMIN *a, RPC_WGK *t);
|
||||
UINT StEnumWgk(ADMIN *a, RPC_WGK *t);
|
||||
UINT StCreateHub(ADMIN *a, RPC_CREATE_HUB *t);
|
||||
UINT StSetHub(ADMIN *a, RPC_CREATE_HUB *t);
|
||||
UINT StGetHub(ADMIN *a, RPC_CREATE_HUB *t);
|
||||
@ -1135,6 +1147,9 @@ UINT ScGetServerCert(RPC *r, RPC_KEY_PAIR *t);
|
||||
UINT ScGetServerCipherList(RPC *r, RPC_STR *t);
|
||||
UINT ScGetServerCipher(RPC *r, RPC_STR *t);
|
||||
UINT ScSetServerCipher(RPC *r, RPC_STR *t);
|
||||
UINT ScAddWgk(RPC *r, RPC_WGK *t);
|
||||
UINT ScDeleteWgk(RPC *r, RPC_WGK *t);
|
||||
UINT ScEnumWgk(RPC *r, RPC_WGK *t);
|
||||
UINT ScCreateHub(RPC *r, RPC_CREATE_HUB *t);
|
||||
UINT ScSetHub(RPC *r, RPC_CREATE_HUB *t);
|
||||
UINT ScGetHub(RPC *r, RPC_CREATE_HUB *t);
|
||||
@ -1392,6 +1407,9 @@ void OutRpcMemInfo(PACK *p, MEMINFO *t);
|
||||
void InRpcKeyPair(RPC_KEY_PAIR *t, PACK *p);
|
||||
void OutRpcKeyPair(PACK *p, RPC_KEY_PAIR *t);
|
||||
void FreeRpcKeyPair(RPC_KEY_PAIR *t);
|
||||
void InRpcWgk(RPC_WGK *t, PACK *p);
|
||||
void OutRpcWgk(PACK *p, RPC_WGK *t);
|
||||
void FreeRpcWgk(RPC_WGK *t);
|
||||
void InRpcAddAccess(RPC_ADD_ACCESS *t, PACK *p);
|
||||
void OutRpcAddAccess(PACK *p, RPC_ADD_ACCESS *t);
|
||||
void InRpcDeleteAccess(RPC_DELETE_ACCESS *t, PACK *p);
|
||||
|
@ -19,6 +19,28 @@ set_target_properties(cedar
|
||||
RUNTIME_OUTPUT_DIRECTORY "${BUILD_DIRECTORY}"
|
||||
)
|
||||
|
||||
cmake_host_system_information(RESULT HAS_SSE2 QUERY HAS_SSE2)
|
||||
|
||||
set(BLAKE2_SRC_PATH $<IF:$<BOOL:HAS_SSE2>,${TOP_DIRECTORY}/3rdparty/BLAKE2/sse,${TOP_DIRECTORY}/3rdparty/BLAKE2/ref>)
|
||||
|
||||
target_include_directories(cedar PUBLIC ${BLAKE2_SRC_PATH})
|
||||
target_sources(cedar PRIVATE "${BLAKE2_SRC_PATH}/blake2s.c")
|
||||
|
||||
if(VCPKG_TARGET_TRIPLET)
|
||||
find_package(unofficial-sodium CONFIG REQUIRED)
|
||||
target_link_libraries(cedar PUBLIC unofficial-sodium::sodium)
|
||||
else()
|
||||
find_package(PkgConfig REQUIRED)
|
||||
pkg_search_module(SODIUM libsodium REQUIRED)
|
||||
target_include_directories(cedar PUBLIC ${SODIUM_INCLUDE_DIRS})
|
||||
if(NOT ("$ENV{TRAVIS_CPU_ARCH}" STREQUAL ppc64le))
|
||||
target_link_libraries(cedar PUBLIC $<IF:$<BOOL:SODIUM_LINK_LIBRARIES>,${SODIUM_LINK_LIBRARIES},${SODIUM_LIBRARIES}>)
|
||||
else()
|
||||
# TODO: investigate why on ppc64le the use of SODIUM_LINK_LIBRARIES causes undefined references to libsodium functions.
|
||||
target_link_libraries(cedar PUBLIC ${SODIUM_LIBRARIES})
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if(WIN32)
|
||||
set_target_properties(cedar
|
||||
PROPERTIES
|
||||
@ -31,10 +53,10 @@ if(WIN32)
|
||||
endif()
|
||||
|
||||
if(UNIX)
|
||||
find_library(LIB_READLINE readline)
|
||||
find_package(Curses REQUIRED)
|
||||
find_library(LIB_READLINE readline)
|
||||
|
||||
target_link_libraries(cedar PRIVATE ${LIB_READLINE} ${CURSES_LIBRARIES})
|
||||
target_link_libraries(cedar PRIVATE ${CURSES_LIBRARIES} ${LIB_READLINE})
|
||||
|
||||
if(${CMAKE_SYSTEM_NAME} STREQUAL "Darwin")
|
||||
target_link_libraries(cedar PRIVATE mayaqua pcap)
|
||||
|
@ -1094,12 +1094,13 @@ void CleanupCedar(CEDAR *c)
|
||||
WuFreeWebUI(c->WebUI);
|
||||
FreeCedarLayer3(c);
|
||||
|
||||
/*
|
||||
for (i = 0;i < LIST_NUM(c->HubList);i++)
|
||||
for (i = 0; i < LIST_NUM(c->WgkList); ++i)
|
||||
{
|
||||
HUB *h = LIST_DATA(c->HubList, i);
|
||||
WGK *wgk = LIST_DATA(c->WgkList, i);
|
||||
Free(wgk);
|
||||
}
|
||||
*/
|
||||
ReleaseList(c->WgkList);
|
||||
|
||||
for (i = 0;i < LIST_NUM(c->CaList);i++)
|
||||
{
|
||||
X *x = LIST_DATA(c->CaList, i);
|
||||
@ -1491,6 +1492,7 @@ CEDAR *NewCedar(X *server_x, K *server_k)
|
||||
c->Traffic = NewTraffic();
|
||||
c->TrafficLock = NewLock();
|
||||
c->CaList = NewList(CompareCert);
|
||||
c->WgkList = NewList(CompareWgk);
|
||||
|
||||
c->TrafficDiffList = NewList(NULL);
|
||||
|
||||
@ -1600,6 +1602,12 @@ void InitCedar()
|
||||
return;
|
||||
}
|
||||
|
||||
if (sodium_init() == -1)
|
||||
{
|
||||
Debug("InitCedar(): sodium_init() failed!\n");
|
||||
return;
|
||||
}
|
||||
|
||||
// Initialize protocol module
|
||||
InitProtocol();
|
||||
}
|
||||
|
@ -363,6 +363,7 @@
|
||||
#define AUTHTYPE_ROOTCERT 3 // Root certificate which is issued by trusted Certificate Authority
|
||||
#define AUTHTYPE_RADIUS 4 // Radius authentication
|
||||
#define AUTHTYPE_NT 5 // Windows NT authentication
|
||||
#define AUTHTYPE_WIREGUARD_KEY 97 // WireGuard public key authentication
|
||||
#define AUTHTYPE_OPENVPN_CERT 98 // TLS client certificate authentication
|
||||
#define AUTHTYPE_TICKET 99 // Ticket authentication
|
||||
|
||||
@ -919,6 +920,7 @@ typedef struct CEDAR
|
||||
UINT Type; // Type
|
||||
LIST *ListenerList; // Listener list
|
||||
LIST *HubList; // HUB list
|
||||
LIST *WgkList; // WireGuard key list
|
||||
LIST *ConnectionList; // Negotiating connection list
|
||||
LIST *CaList; // List of CA
|
||||
volatile bool Halt; // Halt flag
|
||||
@ -1028,8 +1030,6 @@ typedef struct CEDAR
|
||||
#include <Cedar/Command.h>
|
||||
// RPC over HTTP
|
||||
#include <Cedar/Wpc.h>
|
||||
// Layer-2/Layer-3 converter
|
||||
#include <Cedar/IPC.h>
|
||||
// Third party protocols
|
||||
#include <Cedar/Proto.h>
|
||||
#include <Cedar/Proto_IPsec.h>
|
||||
@ -1041,6 +1041,9 @@ typedef struct CEDAR
|
||||
#include <Cedar/Proto_PPP.h>
|
||||
#include <Cedar/Proto_SSTP.h>
|
||||
#include <Cedar/Proto_Win7.h>
|
||||
#include <Cedar/Proto_WireGuard.h>
|
||||
// Layer-2/Layer-3 converter
|
||||
#include <Cedar/IPC.h>
|
||||
// UDP Acceleration
|
||||
#include <Cedar/UdpAccel.h>
|
||||
// DDNS Client
|
||||
|
@ -277,6 +277,7 @@ typedef struct HUB_SNAPSHOT HUB_SNAPSHOT;
|
||||
typedef struct SERVER_SNAPSHOT SERVER_SNAPSHOT;
|
||||
typedef struct SERVER_HUB_CREATE_HISTORY SERVER_HUB_CREATE_HISTORY;
|
||||
typedef struct OPENVPN_SSTP_CONFIG OPENVPN_SSTP_CONFIG;
|
||||
typedef struct WGK WGK;
|
||||
|
||||
// ==============================================================
|
||||
// Server Admin Tool
|
||||
@ -299,6 +300,7 @@ typedef struct RPC_ENUM_FARM_ITEM RPC_ENUM_FARM_ITEM;
|
||||
typedef struct RPC_ENUM_FARM RPC_ENUM_FARM;
|
||||
typedef struct RPC_FARM_CONNECTION_STATUS RPC_FARM_CONNECTION_STATUS;
|
||||
typedef struct RPC_KEY_PAIR RPC_KEY_PAIR;
|
||||
typedef struct RPC_WGK RPC_WGK;
|
||||
typedef struct RPC_HUB_OPTION RPC_HUB_OPTION;
|
||||
typedef struct RPC_RADIUS RPC_RADIUS;
|
||||
typedef struct RPC_HUB RPC_HUB;
|
||||
|
@ -7483,6 +7483,9 @@ void PsMain(PS *ps)
|
||||
{"RouterTableDel", PsRouterTableDel},
|
||||
{"LogFileList", PsLogFileList},
|
||||
{"LogFileGet", PsLogFileGet},
|
||||
{"WgkAdd", PsWgkAdd},
|
||||
{"WgkDelete", PsWgkDelete},
|
||||
{"WgkEnum", PsWgkEnum},
|
||||
{"HubCreate", PsHubCreate},
|
||||
{"HubCreateDynamic", PsHubCreateDynamic},
|
||||
{"HubCreateStatic", PsHubCreateStatic},
|
||||
@ -7493,6 +7496,7 @@ void PsMain(PS *ps)
|
||||
{"Hub", PsHub},
|
||||
{"Online", PsOnline},
|
||||
{"Offline", PsOffline},
|
||||
{"SetStaticNetwork", PsSetStaticNetwork},
|
||||
{"SetMaxSession", PsSetMaxSession},
|
||||
{"SetHubPassword", PsSetHubPassword},
|
||||
{"SetEnumAllow", PsSetEnumAllow},
|
||||
@ -10561,6 +10565,137 @@ UINT PsLogFileGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Add a WireGuard key (TODO: ability add multiple keys in a single call)
|
||||
UINT PsWgkAdd(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
{
|
||||
PS *ps = (PS *)param;
|
||||
RPC_WGK t;
|
||||
UINT ret;
|
||||
LIST *o;
|
||||
PARAM args[] =
|
||||
{
|
||||
{"[key]", CmdPrompt, _UU("CMD_WgkAdd_Prompt_[key]"), CmdEvalNotEmpty, NULL},
|
||||
{"HUB", CmdPrompt, _UU("CMD_WgkAdd_Prompt_HUB"), NULL, NULL},
|
||||
{"USER", CmdPrompt, _UU("CMD_WgkAdd_Prompt_USER"), NULL, NULL}
|
||||
};
|
||||
|
||||
o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0]));
|
||||
if (o == NULL)
|
||||
{
|
||||
return ERR_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
Zero(&t, sizeof(t));
|
||||
t.Num = 1;
|
||||
t.Wgks = ZeroMalloc(sizeof(WGK));
|
||||
|
||||
StrCpy(t.Wgks[0].Key, sizeof(t.Wgks[0].Key), GetParamStr(o, "[key]"));
|
||||
StrCpy(t.Wgks[0].Hub, sizeof(t.Wgks[0].Hub), GetParamStr(o, "HUB"));
|
||||
StrCpy(t.Wgks[0].User, sizeof(t.Wgks[0].User), GetParamStr(o, "USER"));
|
||||
|
||||
FreeParamValueList(o);
|
||||
|
||||
ret = ScAddWgk(ps->Rpc, &t);
|
||||
if (ret != ERR_NO_ERROR)
|
||||
{
|
||||
CmdPrintError(c, ret);
|
||||
}
|
||||
|
||||
FreeRpcWgk(&t);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Delete a WireGuard key (TODO: ability to delete multiple keys in a single call)
|
||||
UINT PsWgkDelete(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
{
|
||||
PS *ps = (PS *)param;
|
||||
RPC_WGK t;
|
||||
UINT ret;
|
||||
LIST *o;
|
||||
PARAM args[] =
|
||||
{
|
||||
{"[key]", CmdPrompt, _UU("CMD_WgkDelete_Prompt_[key]"), CmdEvalNotEmpty, NULL},
|
||||
};
|
||||
|
||||
o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0]));
|
||||
if (o == NULL)
|
||||
{
|
||||
return ERR_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
Zero(&t, sizeof(t));
|
||||
t.Num = 1;
|
||||
t.Wgks = ZeroMalloc(sizeof(WGK));
|
||||
|
||||
StrCpy(t.Wgks[0].Key, sizeof(t.Wgks[0].Key), GetParamStr(o, "[key]"));
|
||||
|
||||
FreeParamValueList(o);
|
||||
|
||||
ret = ScDeleteWgk(ps->Rpc, &t);
|
||||
if (ret != ERR_NO_ERROR)
|
||||
{
|
||||
CmdPrintError(c, ret);
|
||||
}
|
||||
|
||||
FreeRpcWgk(&t);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
// List the WireGuard keys
|
||||
UINT PsWgkEnum(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
{
|
||||
UINT ret = ERR_NO_ERROR;
|
||||
PS *ps = (PS *)param;
|
||||
RPC_WGK t;
|
||||
LIST *o;
|
||||
|
||||
o = ParseCommandList(c, cmd_name, str, NULL, 0);
|
||||
if (o == NULL)
|
||||
{
|
||||
return ERR_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
Zero(&t, sizeof(t));
|
||||
|
||||
ret = ScEnumWgk(ps->Rpc, &t);
|
||||
if (ret == ERR_NO_ERROR)
|
||||
{
|
||||
UINT i;
|
||||
CT *ct = CtNew();
|
||||
CtInsertColumn(ct, _UU("CMD_WgkEnum_Column_Key"), false);
|
||||
CtInsertColumn(ct, _UU("CMD_WgkEnum_Column_Hub"), false);
|
||||
CtInsertColumn(ct, _UU("CMD_WgkEnum_Column_User"), false);
|
||||
|
||||
for (i = 0; i < t.Num; ++i)
|
||||
{
|
||||
const WGK *wgk = &t.Wgks[i];
|
||||
wchar_t *key, *hub, *user;
|
||||
|
||||
key = CopyStrToUni(wgk->Key);
|
||||
hub = CopyStrToUni(wgk->Hub);
|
||||
user = CopyStrToUni(wgk->User);
|
||||
|
||||
CtInsert(ct, key, hub, user);
|
||||
|
||||
Free(key);
|
||||
Free(hub);
|
||||
Free(user);
|
||||
}
|
||||
|
||||
CtFree(ct, c);
|
||||
}
|
||||
else
|
||||
{
|
||||
CmdPrintError(c, ret);
|
||||
}
|
||||
|
||||
FreeRpcWgk(&t);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Create a New Virtual HUB
|
||||
UINT PsHubCreate(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
{
|
||||
@ -11143,6 +11278,53 @@ UINT PsOffline(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Set the static IPv4 network parameters for the Virtual HUB
|
||||
UINT PsSetStaticNetwork(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
{
|
||||
LIST *o;
|
||||
PS *ps = (PS *)param;
|
||||
UINT ret = 0;
|
||||
RPC_CREATE_HUB t;
|
||||
PARAM args[] =
|
||||
{
|
||||
{"GATEWAY", CmdPrompt, _UU("CMD_SetStaticNetwork_Prompt_GATEWAY"), CmdEvalIp, NULL},
|
||||
{"SUBNET", CmdPrompt, _UU("CMD_SetStaticNetwork_Prompt_SUBNET"), CmdEvalIp, NULL}
|
||||
};
|
||||
|
||||
if (ps->HubName == NULL)
|
||||
{
|
||||
c->Write(c, _UU("CMD_Hub_Not_Selected"));
|
||||
return ERR_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0]));
|
||||
if (o == NULL)
|
||||
{
|
||||
return ERR_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
Zero(&t, sizeof(t));
|
||||
StrCpy(t.HubName, sizeof(t.HubName), ps->HubName);
|
||||
ret = ScGetHub(ps->Rpc, &t);
|
||||
if (ret != ERR_NO_ERROR)
|
||||
{
|
||||
goto FINAL;
|
||||
}
|
||||
|
||||
t.HubOption.DefaultGateway = StrToIP32(GetParamStr(o, "GATEWAY"));
|
||||
t.HubOption.DefaultSubnet = StrToIP32(GetParamStr(o, "SUBNET"));
|
||||
|
||||
ret = ScSetHub(ps->Rpc, &t);
|
||||
FINAL:
|
||||
if (ret != ERR_NO_ERROR)
|
||||
{
|
||||
CmdPrintError(c, ret);
|
||||
}
|
||||
|
||||
FreeParamValueList(o);
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Set the maximum number of concurrent connecting sessions of the Virtual HUB
|
||||
UINT PsSetMaxSession(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
{
|
||||
@ -11420,6 +11602,12 @@ UINT PsOptionsGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
|
||||
CtInsert(ct, _UU("CMD_OptionsGet_TYPE"), GetHubTypeStr(t.HubType));
|
||||
|
||||
IPToUniStr32(tmp, sizeof(tmp), t.HubOption.DefaultGateway);
|
||||
CtInsert(ct, _UU("CMD_OptionsGet_GATEWAY"), tmp);
|
||||
|
||||
IPToUniStr32(tmp, sizeof(tmp), t.HubOption.DefaultSubnet);
|
||||
CtInsert(ct, _UU("CMD_OptionsGet_SUBNET"), tmp);
|
||||
|
||||
CtFree(ct, c);
|
||||
}
|
||||
|
||||
|
@ -446,6 +446,9 @@ UINT PsRouterTableAdd(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PsRouterTableDel(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PsLogFileList(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PsLogFileGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PsWgkAdd(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PsWgkDelete(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PsWgkEnum(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PsHubCreate(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PsHubCreateDynamic(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PsHubCreateStatic(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
@ -456,6 +459,7 @@ UINT PsHubList(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PsHub(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PsOnline(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PsOffline(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PsSetStaticNetwork(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PsSetMaxSession(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PsSetHubPassword(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PsSetEnumAllow(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
|
@ -116,6 +116,8 @@ struct HUB_PA
|
||||
struct HUB_OPTION
|
||||
{
|
||||
// Standard options
|
||||
UINT DefaultGateway; // Used in IPC when DHCP cannot be used (e.g. WireGuard sessions)
|
||||
UINT DefaultSubnet; // Used in IPC when DHCP cannot be used (e.g. WireGuard sessions)
|
||||
UINT MaxSession; // Maximum number of simultaneous connections
|
||||
bool NoEnum; // Excluded from the enumeration
|
||||
// Advanced options
|
||||
|
@ -226,8 +226,8 @@ IPC *NewIPCByParam(CEDAR *cedar, IPC_PARAM *param, UINT *error_code)
|
||||
}
|
||||
|
||||
ipc = NewIPC(cedar, param->ClientName, param->Postfix, param->HubName,
|
||||
param->UserName, param->Password, error_code, ¶m->ClientIp,
|
||||
param->ClientPort, ¶m->ServerIp, param->ServerPort,
|
||||
param->UserName, param->Password, param->WgKey, error_code,
|
||||
¶m->ClientIp, param->ClientPort, ¶m->ServerIp, param->ServerPort,
|
||||
param->ClientHostname, param->CryptName,
|
||||
param->BridgeMode, param->Mss, NULL, param->ClientCertificate, param->Layer);
|
||||
|
||||
@ -235,13 +235,14 @@ IPC *NewIPCByParam(CEDAR *cedar, IPC_PARAM *param, UINT *error_code)
|
||||
}
|
||||
|
||||
// Start a new IPC connection
|
||||
IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char *username, char *password,
|
||||
IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char *username, char *password, char *wg_key,
|
||||
UINT *error_code, IP *client_ip, UINT client_port, IP *server_ip, UINT server_port,
|
||||
char *client_hostname, char *crypt_name,
|
||||
bool bridge_mode, UINT mss, EAP_CLIENT *eap_client, X *client_certificate,
|
||||
UINT layer)
|
||||
{
|
||||
IPC *ipc;
|
||||
HUB *hub;
|
||||
UINT dummy_int = 0;
|
||||
SOCK *a;
|
||||
SOCK *s;
|
||||
@ -297,9 +298,6 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char
|
||||
ipc->FlushList = NewTubeFlushList();
|
||||
|
||||
StrCpy(ipc->ClientHostname, sizeof(ipc->ClientHostname), client_hostname);
|
||||
StrCpy(ipc->HubName, sizeof(ipc->HubName), hubname);
|
||||
StrCpy(ipc->UserName, sizeof(ipc->UserName), username);
|
||||
StrCpy(ipc->Password, sizeof(ipc->Password), password);
|
||||
|
||||
// Connect the in-process socket
|
||||
s = ConnectInProc(a, client_ip, client_port, server_ip, server_port);
|
||||
@ -339,7 +337,11 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char
|
||||
FreePack(p);
|
||||
|
||||
// Upload the authentication data
|
||||
if (client_certificate != NULL)
|
||||
if (IsEmptyStr(wg_key) == false)
|
||||
{
|
||||
p = PackLoginWithWireGuardKey(wg_key);
|
||||
}
|
||||
else if (client_certificate != NULL)
|
||||
{
|
||||
p = PackLoginWithOpenVPNCertificate(hubname, username, client_certificate);
|
||||
}
|
||||
@ -466,6 +468,13 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char
|
||||
PackGetStr(p, "IpcHubName", ipc->HubName, sizeof(ipc->HubName));
|
||||
Debug("IPC Hub Name: %s\n", ipc->HubName);
|
||||
|
||||
hub = GetHub(cedar, ipc->HubName);
|
||||
if (hub != NULL)
|
||||
{
|
||||
UINTToIP(&ipc->DefaultGateway, hub->Option->DefaultGateway);
|
||||
UINTToIP(&ipc->SubnetMask, hub->Option->DefaultSubnet);
|
||||
}
|
||||
|
||||
MacToStr(macstr, sizeof(macstr), ipc->MacAddress);
|
||||
|
||||
Debug("IPC: Session = %s, Connection = %s, Mac = %s\n", ipc->SessionName, ipc->ConnectionName, macstr);
|
||||
|
@ -75,6 +75,7 @@ struct IPC_PARAM
|
||||
char HubName[MAX_HUBNAME_LEN + 1];
|
||||
char UserName[MAX_USERNAME_LEN + 1];
|
||||
char Password[MAX_PASSWORD_LEN + 1];
|
||||
char WgKey[WG_KEY_BASE64_SIZE];
|
||||
IP ClientIp;
|
||||
UINT ClientPort;
|
||||
IP ServerIp;
|
||||
@ -119,8 +120,6 @@ struct IPC
|
||||
{
|
||||
CEDAR *Cedar;
|
||||
char HubName[MAX_HUBNAME_LEN + 1];
|
||||
char UserName[MAX_USERNAME_LEN + 1];
|
||||
char Password[MAX_PASSWORD_LEN + 1];
|
||||
char ClientHostname[MAX_SIZE];
|
||||
UCHAR random[SHA1_SIZE];
|
||||
char SessionName[MAX_SESSION_NAME_LEN + 1];
|
||||
@ -173,7 +172,7 @@ struct IPC_IPV6_ROUTER_ADVERTISEMENT
|
||||
UCHAR RouterLinkLayerAddress[6];
|
||||
};
|
||||
|
||||
IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char *username, char *password,
|
||||
IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char *username, char *password, char *wg_key,
|
||||
UINT *error_code, IP *client_ip, UINT client_port, IP *server_ip, UINT server_port,
|
||||
char *client_hostname, char *crypt_name,
|
||||
bool bridge_mode, UINT mss, EAP_CLIENT *eap_client, X *client_certificate,
|
||||
|
@ -213,6 +213,8 @@ PROTO *ProtoNew(CEDAR *cedar)
|
||||
|
||||
AddRef(cedar->ref);
|
||||
|
||||
// WireGuard
|
||||
Add(proto->Containers, ProtoContainerNew(WgsGetProtoImpl()));
|
||||
// OpenVPN
|
||||
Add(proto->Containers, ProtoContainerNew(OvsGetProtoImpl()));
|
||||
// SSTP
|
||||
@ -291,7 +293,7 @@ PROTO_CONTAINER *ProtoContainerNew(const PROTO_IMPL *impl)
|
||||
option->Bool = impl_option->Bool;
|
||||
break;
|
||||
case PROTO_OPTION_STRING:
|
||||
option->String = CopyStr(impl_option->String);
|
||||
option->String = impl_option->String != NULL ? CopyStr(impl_option->String) : impl->OptionStringValue(option->Name);
|
||||
break;
|
||||
default:
|
||||
Debug("ProtoContainerNew(): unhandled option type %u!\n", impl_option->Type);
|
||||
|
@ -46,9 +46,10 @@ typedef struct PROTO_IMPL
|
||||
{
|
||||
const char *(*Name)();
|
||||
const PROTO_OPTION *(*Options)();
|
||||
char *(*OptionStringValue)(const char *name);
|
||||
bool (*Init)(void **param, const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *im, SOCK_EVENT *se, const char *cipher, const char *hostname);
|
||||
void (*Free)(void *param);
|
||||
bool (*IsPacketForMe)(const PROTO_MODE mode, const UCHAR *data, const UINT size);
|
||||
bool (*IsPacketForMe)(const PROTO_MODE mode, const void *data, const UINT size);
|
||||
bool (*ProcessData)(void *param, TCP_RAW_DATA *in, FIFO *out);
|
||||
bool (*ProcessDatagrams)(void *param, LIST *in, LIST *out);
|
||||
} PROTO_IMPL;
|
||||
|
@ -59,7 +59,7 @@ void EtherIPIpcConnectThread(THREAD *t, void *p)
|
||||
EtherIPLog(s, "LE_START_IPC", id.HubName, id.UserName, mss);
|
||||
ipc = NewIPC(s->Cedar, client_name,
|
||||
(s->L2TPv3 ? ETHERIP_L2TPV3_POSTFIX : ETHERIP_POSTFIX),
|
||||
id.HubName, id.UserName, id.Password,
|
||||
id.HubName, id.UserName, id.Password, NULL,
|
||||
&error_code,
|
||||
&s->ClientIP, s->ClientPort,
|
||||
&s->ServerIP, s->ServerPort,
|
||||
|
@ -20,6 +20,7 @@ const PROTO_IMPL *OvsGetProtoImpl()
|
||||
{
|
||||
OvsName,
|
||||
OvsOptions,
|
||||
NULL,
|
||||
OvsInit,
|
||||
OvsFree,
|
||||
OvsIsPacketForMe,
|
||||
@ -69,16 +70,17 @@ void OvsFree(void *param)
|
||||
}
|
||||
|
||||
// Check whether it's an OpenVPN packet
|
||||
bool OvsIsPacketForMe(const PROTO_MODE mode, const UCHAR *data, const UINT size)
|
||||
bool OvsIsPacketForMe(const PROTO_MODE mode, const void *data, const UINT size)
|
||||
{
|
||||
if (data == NULL || size < 2)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
if (mode == PROTO_MODE_TCP)
|
||||
{
|
||||
if (data == NULL || size < 2)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
if (data[0] == 0x00 && data[1] == 0x0E)
|
||||
const UCHAR *raw = data;
|
||||
if (raw[0] == 0x00 && raw[1] == 0x0E)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
@ -215,11 +215,9 @@ const char *OvsName();
|
||||
const PROTO_OPTION *OvsOptions();
|
||||
bool OvsInit(void **param, const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *im, SOCK_EVENT *se, const char *cipher, const char *hostname);
|
||||
void OvsFree(void *param);
|
||||
bool OvsIsPacketForMe(const PROTO_MODE mode, const UCHAR *data, const UINT size);
|
||||
bool OvsIsPacketForMe(const PROTO_MODE mode, const void *data, const UINT size);
|
||||
bool OvsProcessData(void *param, TCP_RAW_DATA *in, FIFO *out);
|
||||
bool OvsProcessDatagrams(void *param, LIST *in, LIST *out);
|
||||
bool OvsIsOk(void *param);
|
||||
UINT OvsEstablishedSessions(void *param);
|
||||
|
||||
OPENVPN_SERVER *NewOpenVpnServer(const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOCK_EVENT *sock_event);
|
||||
void FreeOpenVpnServer(OPENVPN_SERVER *s);
|
||||
|
@ -1519,7 +1519,7 @@ bool PPPProcessPAPRequestPacket(PPP_SESSION *p, PPP_PACKET *pp)
|
||||
// Attempt to connect with IPC
|
||||
UINT error_code;
|
||||
|
||||
ipc = NewIPC(p->Cedar, p->ClientSoftwareName, p->Postfix, hub, id, password,
|
||||
ipc = NewIPC(p->Cedar, p->ClientSoftwareName, p->Postfix, hub, id, password, NULL,
|
||||
&error_code, &p->ClientIP, p->ClientPort, &p->ServerIP, p->ServerPort,
|
||||
p->ClientHostname, p->CryptName, false, p->AdjustMss, NULL, NULL,
|
||||
IPC_LAYER_3);
|
||||
@ -2844,7 +2844,7 @@ bool PPPParseMSCHAP2ResponsePacket(PPP_SESSION *p, PPP_PACKET *pp)
|
||||
else if (p->Ipc == NULL)
|
||||
{
|
||||
Debug("MSCHAPv2 creating IPC\n");
|
||||
ipc = NewIPC(p->Cedar, p->ClientSoftwareName, p->Postfix, hub, id, password,
|
||||
ipc = NewIPC(p->Cedar, p->ClientSoftwareName, p->Postfix, hub, id, password, NULL,
|
||||
&error_code, &p->ClientIP, p->ClientPort, &p->ServerIP, p->ServerPort,
|
||||
p->ClientHostname, p->CryptName, false, p->AdjustMss, p->EapClient, NULL,
|
||||
+ IPC_LAYER_3);
|
||||
@ -3252,7 +3252,7 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION *p, PPP_EAP *eap_packet, UINT eapTlsSi
|
||||
|
||||
PPPParseUsername(p->Cedar, p->Eap_Identity, &d);
|
||||
|
||||
ipc = NewIPC(p->Cedar, p->ClientSoftwareName, p->Postfix, d.HubName, d.UserName, "",
|
||||
ipc = NewIPC(p->Cedar, p->ClientSoftwareName, p->Postfix, d.HubName, d.UserName, "", NULL,
|
||||
&error_code, &p->ClientIP, p->ClientPort, &p->ServerIP, p->ServerPort,
|
||||
p->ClientHostname, p->CryptName, false, p->AdjustMss, NULL, p->Eap_TlsCtx.ClientCert.X,
|
||||
IPC_LAYER_3);
|
||||
|
@ -13,6 +13,7 @@ const PROTO_IMPL *SstpGetProtoImpl()
|
||||
{
|
||||
SstpName,
|
||||
SstpOptions,
|
||||
NULL,
|
||||
SstpInit,
|
||||
SstpFree,
|
||||
NULL,
|
||||
|
1088
src/Cedar/Proto_WireGuard.c
Normal file
1088
src/Cedar/Proto_WireGuard.c
Normal file
File diff suppressed because it is too large
Load Diff
209
src/Cedar/Proto_WireGuard.h
Normal file
209
src/Cedar/Proto_WireGuard.h
Normal file
@ -0,0 +1,209 @@
|
||||
#ifndef PROTO_WIREGUARD_H
|
||||
#define PROTO_WIREGUARD_H
|
||||
|
||||
#include <sodium.h>
|
||||
|
||||
#define WG_IPC_POSTFIX "WIREGUARD"
|
||||
|
||||
#define WG_CIPHER "ChaCha20-Poly1305"
|
||||
|
||||
#define WG_CONSTRUCTION "Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s"
|
||||
#define WG_IDENTIFIER "WireGuard v1 zx2c4 Jason@zx2c4.com"
|
||||
#define WG_LABEL_COOKIE "cookie--"
|
||||
#define WG_LABEL_MAC1 "mac1----"
|
||||
|
||||
#define WG_MAX_INITIATIONS_PER_SECOND 50
|
||||
|
||||
#define WG_KEEPALIVE_TIMEOUT 10000 // 10 seconds
|
||||
#define WG_INITIATION_GIVEUP 30000 // 30 seconds
|
||||
|
||||
#define WG_REJECT_AFTER_TIME 180000 // 180 seconds
|
||||
#define WG_REJECT_AFTER_MESSAGES (UINT64_MAX - 16 - 1)
|
||||
|
||||
#define WG_KEY_SIZE crypto_aead_chacha20poly1305_ietf_KEYBYTES
|
||||
#define WG_IV_SIZE crypto_aead_chacha20poly1305_ietf_NPUBBYTES
|
||||
#define WG_TAG_SIZE crypto_aead_chacha20poly1305_ietf_ABYTES
|
||||
|
||||
#define WG_COOKIE_IV_SIZE crypto_aead_xchacha20poly1305_ietf_NPUBBYTES
|
||||
#define WG_COOKIE_TAG_SIZE crypto_aead_xchacha20poly1305_ietf_ABYTES
|
||||
|
||||
#define WG_HASH_SIZE 32
|
||||
#define WG_BLOCK_SIZE 16
|
||||
#define WG_COOKIE_SIZE 16
|
||||
#define WG_TIMESTAMP_SIZE (sizeof(UINT64) + sizeof(UINT))
|
||||
|
||||
#define WG_KEY_BASE64_SIZE (sodium_base64_ENCODED_LEN(WG_KEY_SIZE, sodium_base64_VARIANT_ORIGINAL))
|
||||
|
||||
#define WG_AEAD_SIZE(plain_size) (plain_size + WG_TAG_SIZE)
|
||||
#define WG_PLAIN_SIZE(aead_size) (aead_size - WG_TAG_SIZE)
|
||||
|
||||
// RFC 6479
|
||||
#define WG_REPLAY_WINDOW_SIZE 1024
|
||||
#define WG_REPLAY_BITMAP_SIZE (WG_REPLAY_WINDOW_SIZE / (sizeof(int) * 8))
|
||||
#define WG_REPLAY_BITMAP_INDEX_MASK (WG_REPLAY_BITMAP_SIZE - 1)
|
||||
#define WG_REPLAY_REDUNDANT_BIT_SHIFTS 5
|
||||
#define WG_REPLAY_REDUNDANT_BITS (1 << WG_REPLAY_REDUNDANT_BIT_SHIFTS)
|
||||
#define WG_REPLAY_BITMAP_LOC_MASK (WG_REPLAY_REDUNDANT_BITS - 1)
|
||||
|
||||
typedef enum WG_MSG_TYPE
|
||||
{
|
||||
WG_MSG_INVALID = 0,
|
||||
WG_MSG_HANDSHAKE_INIT,
|
||||
WG_MSG_HANDSHAKE_REPLY,
|
||||
WG_MSG_HANDSHAKE_COOKIE,
|
||||
WG_MSG_TRANSPORT_DATA
|
||||
} WG_MSG_TYPE;
|
||||
|
||||
typedef enum WG_KEYPAIR_STATE
|
||||
{
|
||||
WG_KEYPAIR_INVALID = 0,
|
||||
WG_KEYPAIR_INITIATED,
|
||||
WG_KEYPAIR_CONFIRMED
|
||||
} WG_KEYPAIR_STATE;
|
||||
|
||||
typedef struct WG_HEADER
|
||||
{
|
||||
BYTE Type;
|
||||
BYTE Reserved[3];
|
||||
} WG_HEADER;
|
||||
|
||||
typedef struct WG_COMMON
|
||||
{
|
||||
WG_HEADER Header;
|
||||
UINT Index;
|
||||
} WG_COMMON;
|
||||
|
||||
typedef struct WG_MACS
|
||||
{
|
||||
BYTE Mac1[WG_COOKIE_SIZE];
|
||||
BYTE Mac2[WG_COOKIE_SIZE];
|
||||
} WG_MACS;
|
||||
|
||||
typedef struct WG_HANDSHAKE_INIT
|
||||
{
|
||||
WG_HEADER Header;
|
||||
UINT SenderIndex;
|
||||
BYTE UnencryptedEphemeral[WG_KEY_SIZE];
|
||||
BYTE EncryptedStatic[WG_AEAD_SIZE(WG_KEY_SIZE)];
|
||||
BYTE EncryptedTimestamp[WG_AEAD_SIZE(WG_TIMESTAMP_SIZE)];
|
||||
WG_MACS Macs;
|
||||
} WG_HANDSHAKE_INIT;
|
||||
|
||||
typedef struct WG_HANDSHAKE_REPLY
|
||||
{
|
||||
WG_HEADER Header;
|
||||
UINT SenderIndex;
|
||||
UINT ReceiverIndex;
|
||||
BYTE UnencryptedEphemeral[WG_KEY_SIZE];
|
||||
BYTE EncryptedNothing[WG_AEAD_SIZE(0)];
|
||||
WG_MACS Macs;
|
||||
} WG_HANDSHAKE_REPLY;
|
||||
|
||||
typedef struct WG_COOKIE_REPLY
|
||||
{
|
||||
WG_HEADER Header;
|
||||
UINT ReceiverIndex;
|
||||
BYTE Nonce[WG_COOKIE_IV_SIZE];
|
||||
BYTE EncryptedCookie[WG_COOKIE_SIZE + WG_COOKIE_TAG_SIZE];
|
||||
} WG_COOKIE_REPLY;
|
||||
|
||||
typedef struct WG_TRANSPORT_DATA
|
||||
{
|
||||
WG_HEADER Header;
|
||||
UINT ReceiverIndex;
|
||||
UINT64 Counter;
|
||||
BYTE EncapsulatedPacket[];
|
||||
} WG_TRANSPORT_DATA;
|
||||
|
||||
typedef struct WG_KEYPAIR
|
||||
{
|
||||
WG_KEYPAIR_STATE State;
|
||||
UINT64 CreationTime;
|
||||
UINT IndexLocal;
|
||||
UINT IndexRemote;
|
||||
UINT64 CounterLocal;
|
||||
UINT64 CounterRemote;
|
||||
BYTE KeyLocal[WG_KEY_SIZE];
|
||||
BYTE KeyRemote[WG_KEY_SIZE];
|
||||
UINT64 ReplayWindow[WG_REPLAY_WINDOW_SIZE];
|
||||
} WG_KEYPAIR;
|
||||
|
||||
typedef struct WG_KEYPAIRS
|
||||
{
|
||||
WG_KEYPAIR *Current;
|
||||
WG_KEYPAIR *Next;
|
||||
WG_KEYPAIR *Previous;
|
||||
} WG_KEYPAIRS;
|
||||
|
||||
typedef struct WG_SESSION
|
||||
{
|
||||
WG_KEYPAIRS Keypairs;
|
||||
IPC *IPC;
|
||||
IP IPLocal;
|
||||
IP IPRemote;
|
||||
USHORT PortLocal;
|
||||
USHORT PortRemote;
|
||||
UINT64 LastInitiationReceived;
|
||||
UINT64 LastDataReceived;
|
||||
UINT64 LastDataSent;
|
||||
BYTE StaticRemote[WG_KEY_SIZE];
|
||||
BYTE LastTimestamp[WG_TIMESTAMP_SIZE];
|
||||
BYTE Hash[WG_HASH_SIZE];
|
||||
BYTE ChainingKey[WG_HASH_SIZE];
|
||||
BYTE PrecomputedStaticStatic[WG_KEY_SIZE];
|
||||
} WG_SESSION;
|
||||
|
||||
typedef struct WG_SERVER
|
||||
{
|
||||
UINT64 Now;
|
||||
UINT64 CreationTime;
|
||||
WG_SESSION Session;
|
||||
CEDAR *Cedar;
|
||||
SOCK_EVENT *SockEvent;
|
||||
INTERRUPT_MANAGER *InterruptManager;
|
||||
BYTE PresharedKey[WG_KEY_SIZE];
|
||||
BYTE StaticPublic[WG_KEY_SIZE];
|
||||
BYTE StaticPrivate[WG_KEY_SIZE];
|
||||
BYTE HandshakeInitHash[WG_HASH_SIZE];
|
||||
BYTE HandshakeInitChainingKey[WG_HASH_SIZE];
|
||||
} WG_SERVER;
|
||||
|
||||
const PROTO_IMPL *WgsGetProtoImpl();
|
||||
const char *WgsName();
|
||||
const PROTO_OPTION *WgsOptions();
|
||||
char *WgsOptionStringValue(const char *name);
|
||||
bool WgsInit(void **param, const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *im, SOCK_EVENT *se, const char *cipher, const char *hostname);
|
||||
void WgsFree(void *param);
|
||||
bool WgsIsPacketForMe(const PROTO_MODE mode, const void *data, const UINT size);
|
||||
bool WgsProcessDatagrams(void *param, LIST *in, LIST *out);
|
||||
|
||||
void WgsLog(const WG_SERVER *server, const char *name, ...);
|
||||
|
||||
WG_MSG_TYPE WgsDetectMessageType(const void *data, const UINT size);
|
||||
|
||||
UINT WgsMSS(const WG_SESSION *session);
|
||||
|
||||
IPC *WgsIPCNew(WG_SERVER *server);
|
||||
|
||||
WG_KEYPAIR *WgsProcessHandshakeInit(WG_SERVER *server, const WG_HANDSHAKE_INIT *init, BYTE *ephemeral_remote);
|
||||
WG_HANDSHAKE_REPLY *WgsCreateHandshakeReply(WG_SERVER *server, WG_KEYPAIR *keypair, const BYTE *ephemeral_remote);
|
||||
|
||||
bool WgsProcessTransportData(WG_SERVER *server, WG_TRANSPORT_DATA *data, const UINT size);
|
||||
WG_TRANSPORT_DATA *WgsCreateTransportData(WG_SERVER *server, const void *data, const UINT size, UINT *final_size);
|
||||
|
||||
bool WgsIsInReplayWindow(const WG_KEYPAIR *keypair, const UINT64 counter);
|
||||
void WgsUpdateReplayWindow(WG_KEYPAIR *keypair, const UINT64 counter);
|
||||
|
||||
UINT WgsEncryptData(void *key, const UINT64 counter, void *dst, const void *src, const UINT src_size);
|
||||
UINT WgsDecryptData(void *key, const UINT64 counter, void *dst, const void *src, const UINT src_size);
|
||||
|
||||
bool WgsEncryptWithHash(void *dst, const void *src, const UINT src_size, BYTE *hash, const BYTE *key);
|
||||
bool WgsDecryptWithHash(void *dst, const void *src, const UINT src_size, BYTE *hash, const BYTE *key);
|
||||
|
||||
void WgsEphemeral(BYTE *ephemeral_dst, const BYTE *ephemeral_src, BYTE *chaining_key, BYTE *hash);
|
||||
void WgsHKDF(BYTE *dst_1, BYTE *dst_2, BYTE *dst_3, const BYTE *data, const UINT data_size, const BYTE *chaining_key);
|
||||
|
||||
void WgsMixHash(void *dst, const void *src, const UINT size);
|
||||
bool WgsMixDh(BYTE *chaining_key, BYTE *key, const BYTE *priv, const BYTE *pub);
|
||||
|
||||
#endif
|
@ -1330,12 +1330,45 @@ bool ServerAccept(CONNECTION *c)
|
||||
goto CLEANUP;
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Login
|
||||
if (GetHubnameAndUsernameFromPack(p, username, sizeof(username), hubname, sizeof(hubname)) == false)
|
||||
// Get authentication method and initiate login process
|
||||
authtype = GetAuthTypeFromPack(p);
|
||||
if (authtype == AUTHTYPE_WIREGUARD_KEY)
|
||||
{
|
||||
WGK *wgk, tmp;
|
||||
bool ok = false;
|
||||
|
||||
if (PackGetStr(p, "key", tmp.Key, sizeof(tmp.Key)) == false)
|
||||
{
|
||||
FreePack(p);
|
||||
c->Err = ERR_PROTOCOL_ERROR;
|
||||
error_detail = "GetWireGuardKeyFromPack";
|
||||
goto CLEANUP;
|
||||
}
|
||||
|
||||
LockList(c->Cedar->WgkList);
|
||||
{
|
||||
wgk = Search(c->Cedar->WgkList, &tmp);
|
||||
if (wgk != NULL)
|
||||
{
|
||||
ok = true;
|
||||
StrCpy(hubname, sizeof(hubname), wgk->Hub);
|
||||
StrCpy(username, sizeof(username), wgk->User);
|
||||
StrCpy(node.HubName, sizeof(node.HubName), hubname);
|
||||
}
|
||||
}
|
||||
UnlockList(c->Cedar->WgkList);
|
||||
|
||||
if (ok == false)
|
||||
{
|
||||
FreePack(p);
|
||||
c->Err = ERR_AUTH_FAILED;
|
||||
SLog(c->Cedar, "LS_WG_KEY_NOT_FOUND", c->Name, hubname);
|
||||
error_detail = "ERR_AUTH_FAILED";
|
||||
goto CLEANUP;
|
||||
}
|
||||
}
|
||||
else if (GetHubnameAndUsernameFromPack(p, username, sizeof(username), hubname, sizeof(hubname)) == false)
|
||||
{
|
||||
// Protocol error
|
||||
FreePack(p);
|
||||
c->Err = ERR_PROTOCOL_ERROR;
|
||||
error_detail = "GetHubnameAndUsernameFromPack";
|
||||
@ -1345,9 +1378,7 @@ bool ServerAccept(CONNECTION *c)
|
||||
if (farm_member)
|
||||
{
|
||||
bool ok = false;
|
||||
UINT authtype;
|
||||
|
||||
authtype = GetAuthTypeFromPack(p);
|
||||
if (StrCmpi(username, ADMINISTRATOR_USERNAME) == 0 &&
|
||||
authtype == AUTHTYPE_PASSWORD)
|
||||
{
|
||||
@ -1600,9 +1631,6 @@ bool ServerAccept(CONNECTION *c)
|
||||
PackGetData(p, "unique_id", unique);
|
||||
}
|
||||
|
||||
// Get the authentication method
|
||||
authtype = GetAuthTypeFromPack(p);
|
||||
|
||||
if (1)
|
||||
{
|
||||
// Log
|
||||
@ -1622,12 +1650,15 @@ bool ServerAccept(CONNECTION *c)
|
||||
case CLIENT_AUTHTYPE_CERT:
|
||||
authtype_str = _UU("LH_AUTH_CERT");
|
||||
break;
|
||||
case AUTHTYPE_TICKET:
|
||||
authtype_str = _UU("LH_AUTH_TICKET");
|
||||
case AUTHTYPE_WIREGUARD_KEY:
|
||||
authtype_str = _UU("LH_AUTH_WIREGUARD_KEY");
|
||||
break;
|
||||
case AUTHTYPE_OPENVPN_CERT:
|
||||
authtype_str = _UU("LH_AUTH_OPENVPN_CERT");
|
||||
break;
|
||||
case AUTHTYPE_TICKET:
|
||||
authtype_str = _UU("LH_AUTH_TICKET");
|
||||
break;
|
||||
}
|
||||
IPToStr(ip1, sizeof(ip1), &c->FirstSock->RemoteIP);
|
||||
IPToStr(ip2, sizeof(ip2), &c->FirstSock->LocalIP);
|
||||
@ -1640,7 +1671,6 @@ bool ServerAccept(CONNECTION *c)
|
||||
|
||||
// Attempt an anonymous authentication first
|
||||
auth_ret = SamAuthUserByAnonymous(hub, username);
|
||||
|
||||
if (auth_ret)
|
||||
{
|
||||
if (c->IsInProc)
|
||||
@ -1734,8 +1764,6 @@ bool ServerAccept(CONNECTION *c)
|
||||
|
||||
if (auth_ret)
|
||||
{
|
||||
// User authentication success by anonymous authentication
|
||||
HLog(hub, "LH_AUTH_OK", c->Name, username);
|
||||
is_empty_password = true;
|
||||
}
|
||||
}
|
||||
@ -1961,6 +1989,24 @@ bool ServerAccept(CONNECTION *c)
|
||||
}
|
||||
break;
|
||||
|
||||
case AUTHTYPE_WIREGUARD_KEY:
|
||||
// We already retrieved the hubname and username associated with the key.
|
||||
// Now we only have to verify that the user effectively exists.
|
||||
if (c->IsInProc)
|
||||
{
|
||||
auth_ret = SamIsUser(hub, username);
|
||||
}
|
||||
else
|
||||
{
|
||||
// WireGuard public key authentication cannot be used directly by external clients.
|
||||
Unlock(hub->lock);
|
||||
ReleaseHub(hub);
|
||||
FreePack(p);
|
||||
c->Err = ERR_AUTHTYPE_NOT_SUPPORTED;
|
||||
goto CLEANUP;
|
||||
}
|
||||
break;
|
||||
|
||||
case AUTHTYPE_OPENVPN_CERT:
|
||||
// For OpenVPN; mostly same as CLIENT_AUTHTYPE_CERT, but without
|
||||
// signature verification, because it was already performed during TLS handshake.
|
||||
@ -2014,25 +2060,14 @@ bool ServerAccept(CONNECTION *c)
|
||||
error_detail = "ERR_AUTHTYPE_NOT_SUPPORTED";
|
||||
goto CLEANUP;
|
||||
}
|
||||
|
||||
if (auth_ret == false)
|
||||
{
|
||||
// Get client IP to feed tools such as Fail2Ban
|
||||
char ip[64];
|
||||
IPToStr(ip, sizeof(ip), &c->FirstSock->RemoteIP);
|
||||
// Authentication failure
|
||||
HLog(hub, "LH_AUTH_NG", c->Name, username, ip);
|
||||
}
|
||||
else
|
||||
{
|
||||
// Authentication success
|
||||
HLog(hub, "LH_AUTH_OK", c->Name, username);
|
||||
}
|
||||
}
|
||||
|
||||
if (auth_ret == false)
|
||||
{
|
||||
// Authentication failure
|
||||
char ip[64];
|
||||
IPToStr(ip, sizeof(ip), &c->FirstSock->RemoteIP);
|
||||
HLog(hub, "LH_AUTH_NG", c->Name, username, ip);
|
||||
|
||||
Unlock(hub->lock);
|
||||
ReleaseHub(hub);
|
||||
FreePack(p);
|
||||
@ -2046,13 +2081,12 @@ bool ServerAccept(CONNECTION *c)
|
||||
}
|
||||
else
|
||||
{
|
||||
if(is_empty_password)
|
||||
if (is_empty_password)
|
||||
{
|
||||
SOCK *s = c->FirstSock;
|
||||
const SOCK *s = c->FirstSock;
|
||||
if (s != NULL && s->RemoteIP.addr[0] != 127)
|
||||
{
|
||||
if(StrCmpi(username, ADMINISTRATOR_USERNAME) == 0 ||
|
||||
GetHubAdminOption(hub, "deny_empty_password") != 0)
|
||||
if (StrCmpi(username, ADMINISTRATOR_USERNAME) == 0 || GetHubAdminOption(hub, "deny_empty_password") != 0)
|
||||
{
|
||||
// When the password is empty, remote connection is not acceptable
|
||||
HLog(hub, "LH_LOCAL_ONLY", c->Name, username);
|
||||
@ -2066,6 +2100,8 @@ bool ServerAccept(CONNECTION *c)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
HLog(hub, "LH_AUTH_OK", c->Name, username);
|
||||
}
|
||||
|
||||
policy = NULL;
|
||||
@ -6592,6 +6628,24 @@ PACK *PackLoginWithPlainPassword(char *hubname, char *username, void *plain_pass
|
||||
return p;
|
||||
}
|
||||
|
||||
// Generate a packet of WireGuard key login
|
||||
PACK *PackLoginWithWireGuardKey(char *key)
|
||||
{
|
||||
PACK *p;
|
||||
// Validate arguments
|
||||
if (key == NULL)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
p = NewPack();
|
||||
PackAddStr(p, "method", "login");
|
||||
PackAddInt(p, "authtype", AUTHTYPE_WIREGUARD_KEY);
|
||||
PackAddStr(p, "key", key);
|
||||
|
||||
return p;
|
||||
}
|
||||
|
||||
// Generate a packet of OpenVPN certificate login
|
||||
PACK *PackLoginWithOpenVPNCertificate(char *hubname, char *username, X *x)
|
||||
{
|
||||
|
@ -134,6 +134,7 @@ PACK *PackLoginWithAnonymous(char *hubname, char *username);
|
||||
PACK *PackLoginWithPassword(char *hubname, char *username, void *secure_password);
|
||||
PACK *PackLoginWithPlainPassword(char *hubname, char *username, void *plain_password);
|
||||
PACK *PackLoginWithCert(char *hubname, char *username, X *x, void *sign, UINT sign_size);
|
||||
PACK *PackLoginWithWireGuardKey(char *key);
|
||||
PACK *PackLoginWithOpenVPNCertificate(char *hubname, char *username, X *x);
|
||||
bool GetMethodFromPack(PACK *p, char *method, UINT size);
|
||||
bool GetHubnameAndUsernameFromPack(PACK *p, char *username, UINT username_size,
|
||||
|
@ -402,6 +402,11 @@ void SiCheckDeadLockMain(SERVER *s, UINT timeout)
|
||||
CheckDeadLock(cedar->CaList->lock, timeout, "cedar->CaList->lock");
|
||||
}
|
||||
|
||||
if (cedar->WgkList != NULL)
|
||||
{
|
||||
CheckDeadLock(cedar->WgkList->lock, timeout, "cedar->WgkList->lock");
|
||||
}
|
||||
|
||||
if (cedar->TrafficLock != NULL)
|
||||
{
|
||||
CheckDeadLock(cedar->TrafficLock, timeout, "cedar->TrafficLock");
|
||||
@ -2279,6 +2284,8 @@ void SiSetDefaultHubOption(HUB_OPTION *o)
|
||||
return;
|
||||
}
|
||||
|
||||
o->DefaultGateway = SetIP32(192, 168, 30, 1);
|
||||
o->DefaultSubnet = SetIP32(255, 255, 255, 0);
|
||||
o->MaxSession = 0;
|
||||
o->VlanTypeId = MAC_PROTO_TAGVLAN;
|
||||
o->NoIPv6DefaultRouterInRAWhenIPv6 = true;
|
||||
@ -2675,16 +2682,13 @@ bool SiIsAzureSupported(SERVER *s)
|
||||
// Read the server settings from the CFG
|
||||
bool SiLoadConfigurationCfg(SERVER *s, FOLDER *root)
|
||||
{
|
||||
FOLDER *f1, *f2, *f3, *f4, *f5, *f6, *f7, *f8, *f;
|
||||
FOLDER *f1, *f2, *f3, *f4, *f5, *f6, *f7, *f8, *f9;
|
||||
// Validate arguments
|
||||
if (s == NULL || root == NULL)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
f = NULL;
|
||||
|
||||
|
||||
f1 = CfgGetFolder(root, "ServerConfiguration");
|
||||
f2 = CfgGetFolder(root, "VirtualHUB");
|
||||
f3 = CfgGetFolder(root, "ListenerList");
|
||||
@ -2693,6 +2697,7 @@ bool SiLoadConfigurationCfg(SERVER *s, FOLDER *root)
|
||||
f6 = CfgGetFolder(root, "LicenseManager");
|
||||
f7 = CfgGetFolder(root, "IPsec");
|
||||
f8 = CfgGetFolder(root, "DDnsClient");
|
||||
f9 = CfgGetFolder(root, "WireGuardKeyList");
|
||||
|
||||
if (f1 == NULL)
|
||||
{
|
||||
@ -2734,6 +2739,30 @@ bool SiLoadConfigurationCfg(SERVER *s, FOLDER *root)
|
||||
|
||||
if (s->ServerType != SERVER_TYPE_FARM_MEMBER)
|
||||
{
|
||||
TOKEN_LIST *t = CfgEnumFolderToTokenList(f9);
|
||||
if (t != NULL)
|
||||
{
|
||||
LockList(s->Cedar->WgkList);
|
||||
{
|
||||
UINT i;
|
||||
for (i = 0; i < t->NumTokens; ++i)
|
||||
{
|
||||
const char *name = t->Token[i];
|
||||
FOLDER *f = CfgGetFolder(f9, name);
|
||||
if (f != NULL)
|
||||
{
|
||||
WGK *wgk = Malloc(sizeof(WGK));
|
||||
StrCpy(wgk->Key, sizeof(wgk->Key), name);
|
||||
CfgGetStr(f, "Hub", wgk->Hub, sizeof(wgk->Hub));
|
||||
CfgGetStr(f, "User", wgk->User, sizeof(wgk->User));
|
||||
Add(s->Cedar->WgkList, wgk);
|
||||
}
|
||||
}
|
||||
}
|
||||
UnlockList(s->Cedar->WgkList);
|
||||
FreeToken(t);
|
||||
}
|
||||
|
||||
SiLoadHubs(s, f2);
|
||||
}
|
||||
|
||||
@ -3100,9 +3129,28 @@ FOLDER *SiWriteConfigurationToCfg(SERVER *s)
|
||||
|
||||
SiWriteServerCfg(CfgCreateFolder(root, "ServerConfiguration"), s);
|
||||
|
||||
|
||||
if (s->UpdatedServerType != SERVER_TYPE_FARM_MEMBER)
|
||||
{
|
||||
FOLDER *f = CfgCreateFolder(root, "WireGuardKeyList");
|
||||
if (f != NULL)
|
||||
{
|
||||
LockList(s->Cedar->WgkList);
|
||||
{
|
||||
UINT i;
|
||||
for (i = 0; i < LIST_NUM(s->Cedar->WgkList); ++i)
|
||||
{
|
||||
WGK *wgk = LIST_DATA(s->Cedar->WgkList, i);
|
||||
FOLDER *ff = CfgCreateFolder(f, wgk->Key);
|
||||
if (ff != NULL)
|
||||
{
|
||||
CfgAddStr(ff, "Hub", wgk->Hub);
|
||||
CfgAddStr(ff, "User", wgk->User);
|
||||
}
|
||||
}
|
||||
}
|
||||
UnlockList(s->Cedar->WgkList);
|
||||
}
|
||||
|
||||
SiWriteHubs(CfgCreateFolder(root, "VirtualHUB"), s);
|
||||
}
|
||||
|
||||
@ -3757,6 +3805,8 @@ void SiLoadHubOptionCfg(FOLDER *f, HUB_OPTION *o)
|
||||
return;
|
||||
}
|
||||
|
||||
o->DefaultGateway = CfgGetIp32(f, "DefaultGateway");
|
||||
o->DefaultSubnet = CfgGetIp32(f, "DefaultSubnet");
|
||||
o->MaxSession = CfgGetInt(f, "MaxSession");
|
||||
o->NoArpPolling = CfgGetBool(f, "NoArpPolling");
|
||||
o->NoIPv6AddrPolling = CfgGetBool(f, "NoIPv6AddrPolling");
|
||||
@ -3904,6 +3954,8 @@ void SiWriteHubOptionCfg(FOLDER *f, HUB_OPTION *o)
|
||||
return;
|
||||
}
|
||||
|
||||
CfgAddIp32(f, "DefaultGateway", o->DefaultGateway);
|
||||
CfgAddIp32(f, "DefaultSubnet", o->DefaultSubnet);
|
||||
CfgAddInt(f, "MaxSession", o->MaxSession);
|
||||
CfgAddBool(f, "NoArpPolling", o->NoArpPolling);
|
||||
CfgAddBool(f, "NoIPv6AddrPolling", o->NoIPv6AddrPolling);
|
||||
@ -10295,6 +10347,27 @@ int CompareHubList(void *p1, void *p2)
|
||||
return StrCmpi(h1->Name, h2->Name);
|
||||
}
|
||||
|
||||
// Search in WireGuard key list
|
||||
int CompareWgk(void *p1, void *p2)
|
||||
{
|
||||
WGK *wgk_1, *wgk_2;
|
||||
|
||||
if (p1 == NULL || p2 == NULL)
|
||||
{
|
||||
return (p1 == NULL && p2 == NULL ? 0 : (p1 == NULL ? -1 : 1));
|
||||
}
|
||||
|
||||
wgk_1 = *(WGK **)p1;
|
||||
wgk_2 = *(WGK **)p2;
|
||||
|
||||
if (wgk_1 == NULL || wgk_2 == NULL)
|
||||
{
|
||||
return (wgk_1 == NULL && wgk_2 == NULL ? 0 : (wgk_1 == NULL ? -1 : 1));
|
||||
}
|
||||
|
||||
return StrCmp(wgk_1->Key, wgk_2->Key);
|
||||
}
|
||||
|
||||
// Connection thread to the controller
|
||||
void SiConnectToControllerThread(THREAD *thread, void *param)
|
||||
{
|
||||
|
@ -150,6 +150,14 @@ struct OPENVPN_SSTP_CONFIG
|
||||
bool EnableSSTP; // SSTP is enabled
|
||||
};
|
||||
|
||||
// WireGuard key structure
|
||||
struct WGK
|
||||
{
|
||||
char Key[WG_KEY_BASE64_SIZE];
|
||||
char Hub[MAX_HUBNAME_LEN + 1];
|
||||
char User[MAX_USERNAME_LEN + 1];
|
||||
};
|
||||
|
||||
// Server object
|
||||
struct SERVER
|
||||
{
|
||||
@ -631,6 +639,8 @@ void SiUpdateCurrentRegion(CEDAR *c, char *region, bool force_update);
|
||||
void SiGetCurrentRegion(CEDAR *c, char *region, UINT region_size);
|
||||
bool SiIsEnterpriseFunctionsRestrictedOnOpenSource(CEDAR *c);
|
||||
|
||||
int CompareWgk(void *p1, void *p2);
|
||||
|
||||
#endif // SERVER_H
|
||||
|
||||
|
||||
|
@ -1786,6 +1786,7 @@ LS_SSL_START 连接 "%S" 的 SSL 通信已启动。加密算法名为 "%S"。
|
||||
LS_CONNECTION_ERROR 连接 "%S"因原因 "%s" (代码 %u)已终止。
|
||||
LS_FARMMEMBER_NOT_ADMIN 连接 "%S": 服务端是群集成员,但客户端在非管理员 (%S) 用户情况下,尝试直接与虚拟 HUB "%S" 连接。客户端用户名为 "%S"。访问被拒绝。
|
||||
LS_HUB_NOT_FOUND 连接 "%S": 客户端正在尝试连接的虚拟 HUB "%S" 在服务端上不存在。
|
||||
LS_WG_KEY_NOT_FOUND Connection "%S": The WireGuard key is not associated with a user on the server.
|
||||
LS_IP_DENIED 连接 "%S": 基于虚拟 HUB 上定义的源 IP 访问限制列表,客户端的源 IP 地址 "%S" 被拒绝。
|
||||
LS_LICENSE_ERROR 连接 "%S": 因为发生许可证相关错误,客户端无法连接到服务端。
|
||||
LS_BETA_EXPIRES SoftEther VPN Server 测试版已过期。测试版使用期限已到。请从 http://selinks.org/ 下载新的测试版或完整版。
|
||||
@ -1817,6 +1818,16 @@ LP_SESSION_CREATED Session created.
|
||||
LP_SESSION_DELETED Session deleted.
|
||||
|
||||
|
||||
# (WireGuard log)
|
||||
LW_PREFIX_SESSION [WireGuard] %r:%u -> %r:%u:
|
||||
LW_KEYPAIR_EXPIRED Current keypair (%x -> %x) is expired!
|
||||
LW_KEYPAIR_UNKNOWN The packet was encrypted with an unknown keypair!
|
||||
LW_DECRYPT_FAIL Decryption failure!
|
||||
LW_REPLAY_ATTACK Replay attack detected!
|
||||
LW_FLOOD_ATTACK Flood attack detected!
|
||||
LW_HUB_DISCONNECT The administrator of the Virtual Hub has disconnected this session.
|
||||
|
||||
|
||||
# (OpenVPN Logs)
|
||||
LO_PREFIX_RAW OpenVPN 模块:
|
||||
LO_PREFIX_SESSION OpenVPN 会话%u (%r:%u -> %r:%u):
|
||||
@ -1919,7 +1930,8 @@ LH_AUTH_PASSWORD 密码验证
|
||||
LH_AUTH_PLAIN_PASSWORD 外部服务器身份验证
|
||||
LH_AUTH_CERT 证书验证
|
||||
LH_AUTH_TICKET 票证验证
|
||||
LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication
|
||||
LH_AUTH_WIREGUARD_KEY WireGuard public key authentication
|
||||
LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication
|
||||
LH_AUTH_RADIUS_NOT_SUPPORT 连接 "%S": 用户 "%S" 身份验证方法 RADIUS 或 Active Directory (NT 域),但 VPN Server 是 "%S",因为 RADIUS 或 Active Directory (NT 域)不能使用。连接被拒绝。
|
||||
LH_AUTH_RADIUS_NOT_SUPPORT_ON_OPEN_SOURCE "%S" 的连接方法: 用户 "%S" 的身份验证方法被指定为 RADIUS 身份验证或 Active Directory 身份验证 (NT 域验证)。然而,这样一个外部用户身份验证功能尚未在 SoftEther VPN 的开源版本上实施。该连接将被拒绝。
|
||||
LH_AUTH_CERT_NOT_SUPPORT_ON_OPEN_SOURCE "%S" 的连接方法: 用户 "%S" 的身份验证方法被指定为证书认证。然而,证书验证功能尚未在 SoftEther VPN 的开源版本上实施。该连接将被拒绝。
|
||||
@ -2016,6 +2028,8 @@ LA_SET_FARM_SETTING 群集设置变更完成。
|
||||
LA_SET_SERVER_CERT 服务端证书设定完成。
|
||||
LA_REGENERATE_SERVER_CERT 服务器证书再次生成。新 CN:"%S"
|
||||
LA_SET_SERVER_CIPHER 服务端的新加密算法名设定完成。新加密算法为 "%S"。
|
||||
LA_ADD_WGK Added %u WireGuard key(s).
|
||||
LA_DELETE_WGK Deleted %u WireGuard key(s).
|
||||
LA_CREATE_HUB 已创建新虚拟 HUB "%S"。
|
||||
LA_SET_HUB 已变更虚拟 HUB 设置。
|
||||
LA_DELETE_HUB 已删除虚拟 HUB "%S"。
|
||||
@ -5023,6 +5037,35 @@ CMD_LogFileGet_SAVE_FAILED 无法写入指定的文件。
|
||||
CMD_LogFileGet_FILESIZE 日志文件的大小: %u
|
||||
|
||||
|
||||
# WgkAdd 命令
|
||||
CMD_WgkAdd Add a WireGuard key
|
||||
CMD_WgkAdd_Help This command can be used to add a WireGuard key to the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkAdd_Args WgkAdd [key] [/HUB:hub] [/USER:user]
|
||||
CMD_WgkAdd_[key] WireGuard key. Make sure it is the public one!
|
||||
CMD_WgkAdd_HUB Hub the key will be associated to.
|
||||
CMD_WgkAdd_USER User the key will be associated to, in the specified hub.
|
||||
CMD_WgkAdd_Prompt_[key] Key:
|
||||
CMD_WgkAdd_Prompt_HUB Hub:
|
||||
CMD_WgkAdd_Prompt_USER User:
|
||||
|
||||
|
||||
# WgkDelete 命令
|
||||
CMD_WgkDelete Delete a WireGuard key
|
||||
CMD_WgkDelete_Help This command can be used to delete a WireGuard key from the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkDelete_Args WgkDelete [key]
|
||||
CMD_WgkDelete_[key] WireGuard key.
|
||||
CMD_WgkDelete_Prompt_[key] Key:
|
||||
|
||||
|
||||
# WgkEnum 命令
|
||||
CMD_WgkEnum List the WireGuard keys
|
||||
CMD_WgkEnum_Help This command retrieves the WireGuard keys that are allowed to connect to the server, along with the associated Virtual Hub and user. \nYou can add a key with the WgkAdd command. \nYou can delete a key with the WgkDelete command. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkEnum_Args WgkEnum
|
||||
CMD_WgkEnum_Column_Key Key
|
||||
CMD_WgkEnum_Column_Hub Hub
|
||||
CMD_WgkEnum_Column_User User
|
||||
|
||||
|
||||
# HubCreate 命令
|
||||
CMD_HubCreate 创建新的虚拟 HUB
|
||||
CMD_HubCreate_Help 在 VPN Server 上创建一个新的虚拟 HUB。\n创建的虚拟 HUB 将立即开始工作。\n当 VPN Server,在一个群集中运行,此命令仅对群集控制器有效。新的虚拟 HUB,将作为一个动态的虚拟 HUB。应用 HubSetStatic 命令也可将虚拟 HUB 改为静态的。要想获取已经存储在 VPN Server 上的 HUB,可以运行 HubList 命令获得列表。\n要运行此命令,需要 VPN Server 管理员权限。\n此外,此命令在 VPN Bridge 和群集管理服务器中不起作用。\n在群集上创建虚拟群集控制器 HUB 时,请运行 HubCreateStatic 或者 HubCreateDynamic 命令。(对群集控制器操作时,HubCreate 和 HubCreateDynamic就有相同的功能)。
|
||||
@ -5100,6 +5143,16 @@ CMD_Offline_Help 如果您正在管理的虚拟 HUB 在线,设置成脱机
|
||||
CMD_Offline_Args Offline
|
||||
|
||||
|
||||
# SetStaticNetwork 命令
|
||||
CMD_SetStaticNetwork Set Virtual Hub static IPv4 network parameters
|
||||
CMD_SetStaticNetwork_Help Set the static IPv4 network parameters for the Virtual Hub. They are used when DHCP is not available (e.g. WireGuard sessions). \nYou can get the current settings by using the OptionsGet command.
|
||||
CMD_SetStaticNetwork_Args SetStaticNetwork [/GATEWAY:gateway] [/SUBNET:subnet]
|
||||
CMD_SetStaticNetwork_GATEWAY Specify the IP address of the gateway that will be used for internet communication.
|
||||
CMD_SetStaticNetwork_SUBNET Specify the subnet mask, required to determine the size of the local VPN network.
|
||||
CMD_SetStaticNetwork_Prompt_GATEWAY Gateway:
|
||||
CMD_SetStaticNetwork_Prompt_SUBNET Subnet mask:
|
||||
|
||||
|
||||
# SetMaxSession 命令
|
||||
CMD_SetMaxSession 设定虚拟 HUB 的最大同时在线用户数量
|
||||
CMD_SetMaxSession_Help 设定现在正在管理的虚拟 HUB 的最大同时在线客户数量。当超过这个数量时,如果从 VPN Client 和 VPN Bridge 连接的时候,超过了最大并发会话数,更多的客户将无法连接。最大同时在线客户数的限制不包括本地的网桥,虚拟的 NAT,级联连接等生成连接不包括在内。\n设置同时在线最大数目,可以通过运行 OptionsGet 命令获得。\n此命令,在 VPN Bridge 中不会运行。\n此命令在集群虚拟 HUB 中不能运行。
|
||||
@ -5136,7 +5189,8 @@ CMD_OptionsGet_ENUM 对于匿名用户的虚拟 HUB 的显示
|
||||
CMD_OptionsGet_MAXSESSIONS 最大同时在线客户数
|
||||
CMD_OptionsGet_STATUS 状态
|
||||
CMD_OptionsGet_TYPE 虚拟 HUB 的类型
|
||||
|
||||
CMD_OptionsGet_GATEWAY Default gateway
|
||||
CMD_OptionsGet_SUBNET Default subnet
|
||||
|
||||
|
||||
# RadiusServerSet 命令
|
||||
|
@ -1769,6 +1769,7 @@ LS_SSL_START SSL communication for connection "%S" has been started. The encry
|
||||
LS_CONNECTION_ERROR Connection "%S" terminated by the cause "%s" (code %u).
|
||||
LS_FARMMEMBER_NOT_ADMIN Connection "%S": Although the server is a cluster member, the client attempted that to directly connect to the Virtual Hub "%S" while not being administrator user "%S". The user name provided by the client is "%S". Access is refused.
|
||||
LS_HUB_NOT_FOUND Connection "%S": Virtual Hub "%S" that the client is trying to connect to does not exist on the server.
|
||||
LS_WG_KEY_NOT_FOUND Connection "%S": The WireGuard key is not associated with a user on the server.
|
||||
LS_IP_DENIED Connection "%S": The source IP address "%S" of the client has refused based on the Source IP Address Limit List defined for the Virtual Hub.
|
||||
LS_LICENSE_ERROR Connection "%S": Because a license-related error has been occurred, the client is unable to connect to the server.
|
||||
LS_BETA_EXPIRES This beta version of SoftEther VPN Server is expired. The beta version period of use has expired. Download a new beta version or full version from http://selinks.org/.
|
||||
@ -1800,6 +1801,16 @@ LP_SESSION_CREATED Session created.
|
||||
LP_SESSION_DELETED Session deleted.
|
||||
|
||||
|
||||
# (WireGuard log)
|
||||
LW_PREFIX_SESSION [WireGuard] %r:%u -> %r:%u:
|
||||
LW_KEYPAIR_EXPIRED Current keypair (%x -> %x) is expired!
|
||||
LW_KEYPAIR_UNKNOWN The packet was encrypted with an unknown keypair!
|
||||
LW_DECRYPT_FAIL Decryption failure!
|
||||
LW_REPLAY_ATTACK Replay attack detected!
|
||||
LW_FLOOD_ATTACK Flood attack detected!
|
||||
LW_HUB_DISCONNECT The administrator of the Virtual Hub has disconnected this session.
|
||||
|
||||
|
||||
# (OpenVPN Logs)
|
||||
LO_PREFIX_RAW OpenVPN Module:
|
||||
LO_PREFIX_SESSION OpenVPN Session %u (%r:%u -> %r:%u):
|
||||
@ -1902,7 +1913,8 @@ LH_AUTH_PASSWORD Password authentication
|
||||
LH_AUTH_PLAIN_PASSWORD External server authentication
|
||||
LH_AUTH_CERT Certificate authentication
|
||||
LH_AUTH_TICKET Ticket authentication
|
||||
LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication
|
||||
LH_AUTH_WIREGUARD_KEY WireGuard public key authentication
|
||||
LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication
|
||||
LH_AUTH_RADIUS_NOT_SUPPORT Connection "%S": The authentication method of the user "%S" has been specified as RADIUS Authentication or Active Directory Authentication (NT Domain Authentication). However, the edition of the VPN Server is "%S". This edition does not support RADIUS Authentication nor Active Directory Authentication (NT Domain Authentication). The connection will be denied.
|
||||
LH_AUTH_RADIUS_NOT_SUPPORT_ON_OPEN_SOURCE Connection "%S": The authentication method of the user "%S" has been specified as RADIUS Authentication or Active Directory Authentication (NT Domain Authentication). However, such an external user-authentication function hasn't been implemented on the Open-Source version of SoftEther VPN yet. The connection will be denied.
|
||||
LH_AUTH_CERT_NOT_SUPPORT_ON_OPEN_SOURCE Connection "%S": The authentication method of the user "%S" has been specified as Certificate Authentication. However, the Certificate Authentication function hasn't been implemented on the Open-Source version of SoftEther VPN yet. The connection will be denied.
|
||||
@ -1999,6 +2011,8 @@ LA_SET_FARM_SETTING The clustering setting has been changed.
|
||||
LA_SET_SERVER_CERT The server certificates have been set.
|
||||
LA_REGENERATE_SERVER_CERT The server certificate has been re-generated. The new CN: "%S"
|
||||
LA_SET_SERVER_CIPHER A new encryption algorithm name for the server has been set. The new encryption algorithm name is "%S".
|
||||
LA_ADD_WGK Added %u WireGuard key(s).
|
||||
LA_DELETE_WGK Deleted %u WireGuard key(s).
|
||||
LA_CREATE_HUB A new Virtual Hub "%S" has been created.
|
||||
LA_SET_HUB The Virtual Hub setting has been changed.
|
||||
LA_DELETE_HUB The Virtual Hub "%S" has been deleted.
|
||||
@ -5005,6 +5019,35 @@ CMD_LogFileGet_SAVE_FAILED Unable to write to the specified file.
|
||||
CMD_LogFileGet_FILESIZE File size of log file: %u
|
||||
|
||||
|
||||
# WgkAdd command
|
||||
CMD_WgkAdd Add a WireGuard key
|
||||
CMD_WgkAdd_Help This command can be used to add a WireGuard key to the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkAdd_Args WgkAdd [key] [/HUB:hub] [/USER:user]
|
||||
CMD_WgkAdd_[key] WireGuard key. Make sure it is the public one!
|
||||
CMD_WgkAdd_HUB Hub the key will be associated to.
|
||||
CMD_WgkAdd_USER User the key will be associated to, in the specified hub.
|
||||
CMD_WgkAdd_Prompt_[key] Key:
|
||||
CMD_WgkAdd_Prompt_HUB Hub:
|
||||
CMD_WgkAdd_Prompt_USER User:
|
||||
|
||||
|
||||
# WgkDelete command
|
||||
CMD_WgkDelete Delete a WireGuard key
|
||||
CMD_WgkDelete_Help This command can be used to delete a WireGuard key from the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkDelete_Args WgkDelete [key]
|
||||
CMD_WgkDelete_[key] WireGuard key.
|
||||
CMD_WgkDelete_Prompt_[key] Key:
|
||||
|
||||
|
||||
# WgkEnum command
|
||||
CMD_WgkEnum List the WireGuard keys
|
||||
CMD_WgkEnum_Help This command retrieves the WireGuard keys that are allowed to connect to the server, along with the associated Virtual Hub and user. \nYou can add a key with the WgkAdd command. \nYou can delete a key with the WgkDelete command. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkEnum_Args WgkEnum
|
||||
CMD_WgkEnum_Column_Key Key
|
||||
CMD_WgkEnum_Column_Hub Hub
|
||||
CMD_WgkEnum_Column_User User
|
||||
|
||||
|
||||
# HubCreate command
|
||||
CMD_HubCreate Create New Virtual Hub
|
||||
CMD_HubCreate_Help Use this to create a new Virtual Hub on the VPN Server. \nThe created Virtual Hub will begin operation immediately. \nWhen the VPN Server is operating on a cluster, this command is only valid for the cluster controller. Also, the new Virtual Hub will operate as a dynamic Virtual Hub. You can change it to a static Virtual Hub by using the HubSetStatic command. To get a list of Virtual Hubs that are already on the VPN Server, use the HubList command. \nTo execute this command, you must have VPN Server administrator privileges. \nAlso, this command does not operate on VPN Servers that are operating as a VPN Bridge or cluster member. \nWhen issuing the command to a cluster controller on a cluster to create a Virtual Hub, use either the HubCreateStatic command or the HubCreateDynamic command (issuing the HubCreate command to a cluster controller has the same operational effect as issuing the HubCreateDynamic command).
|
||||
@ -5082,6 +5125,16 @@ CMD_Offline_Help Use this when the Virtual Hub currently being managed is onlin
|
||||
CMD_Offline_Args Offline
|
||||
|
||||
|
||||
# SetStaticNetwork command
|
||||
CMD_SetStaticNetwork Set Virtual Hub static IPv4 network parameters
|
||||
CMD_SetStaticNetwork_Help Set the static IPv4 network parameters for the Virtual Hub. They are used when DHCP is not available (e.g. WireGuard sessions). \nYou can get the current settings by using the OptionsGet command.
|
||||
CMD_SetStaticNetwork_Args SetStaticNetwork [/GATEWAY:gateway] [/SUBNET:subnet]
|
||||
CMD_SetStaticNetwork_GATEWAY Specify the IP address of the gateway that will be used for internet communication.
|
||||
CMD_SetStaticNetwork_SUBNET Specify the subnet mask, required to determine the size of the local VPN network.
|
||||
CMD_SetStaticNetwork_Prompt_GATEWAY Gateway:
|
||||
CMD_SetStaticNetwork_Prompt_SUBNET Subnet mask:
|
||||
|
||||
|
||||
# SetMaxSession command
|
||||
CMD_SetMaxSession Set the Max Number of Concurrently Connected Sessions for Virtual Hub
|
||||
CMD_SetMaxSession_Help Use this to set the maximum number of sessions that can be concurrently connected to the Virtual Hub that is currently being managed. When there are more sessions than the maximum number of concurrently connected sessions that are being connected from the VPN Client or VPN Bridge, when the maximum number of sessions is reached, clients will no longer be able to connect. This limit on the maximum number of concurrently connected sessions does not include sessions generated in the Virtual Hub by Local Bridges, Virtual NAT, and Cascade Connections. \nYou can get the current setting for the max number of concurrently connected sessions by using the OptionsGet command. \nThis command cannot be run on VPN Bridge. \nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
|
||||
@ -5118,7 +5171,8 @@ CMD_OptionsGet_ENUM Enumeration of Virtual Hub for Anonymous User
|
||||
CMD_OptionsGet_MAXSESSIONS Max Number of Sessions
|
||||
CMD_OptionsGet_STATUS Status
|
||||
CMD_OptionsGet_TYPE Virtual Hub Type
|
||||
|
||||
CMD_OptionsGet_GATEWAY Default gateway
|
||||
CMD_OptionsGet_SUBNET Default subnet
|
||||
|
||||
|
||||
# RadiusServerSet command
|
||||
|
@ -1773,6 +1773,7 @@ LS_SSL_START コネクション "%S" に対する SSL 通信が開始されま
|
||||
LS_CONNECTION_ERROR コネクション "%S" は理由 "%s" (コード %u) で終了しました。
|
||||
LS_FARMMEMBER_NOT_ADMIN コネクション "%S": サーバーはクラスタメンバですが、クライアントは仮想 HUB "%S" に管理者ユーザー "%S" 以外で直接接続しようと試みました。クライアントが提示したユーザー名は "%S" です。アクセスは許可されません。
|
||||
LS_HUB_NOT_FOUND コネクション "%S": クライアントが接続しようとした仮想 HUB "%S" はサーバー上に存在しません。
|
||||
LS_WG_KEY_NOT_FOUND Connection "%S": The WireGuard key is not associated with a user on the server.
|
||||
LS_IP_DENIED コネクション "%S": クライアントの接続元 IP アドレス "%S" は、仮想 HUB に定義されている 接続元 IP 制限リストによって拒否されました。
|
||||
LS_LICENSE_ERROR コネクション "%S": ライセンス上のエラーが発生したため、クライアントはサーバーに接続できませんでした。
|
||||
LS_BETA_EXPIRES ライセンスエラーが発生しました。ベータ版の使用期限が終了しています。新しいベータ版または完成版を http://selinks.org/ からダウンロードしてください。
|
||||
@ -1797,11 +1798,23 @@ LS_API_AUTH_OK HTTPS API クライアント "%r:%u" (%S): 管理モード: "%S
|
||||
LS_API_AUTH_ERROR HTTPS API クライアント "%r:%u" (%S): 組み込み HTTPS Web サーバーを用いてログインに失敗しました。使用されたユーザー名: "%S", メソッド: "%S", パス: "%S"
|
||||
LS_API_RPC_CALL HTTPS API クライアント "%r:%u" (%S): JSON-API を呼び出しました。メソッド名: "%S", 結果エラーコード: %u (0 = 成功), 結果エラーメッセージ: "%s"
|
||||
|
||||
|
||||
# (Proto ログ)
|
||||
LP_PREFIX_SESSION [%s] %r:%u -> %r:%u (%s):
|
||||
LP_SESSION_CREATED Session created.
|
||||
LP_SESSION_DELETED Session deleted.
|
||||
|
||||
|
||||
# (WireGuard ログ)
|
||||
LW_PREFIX_SESSION [WireGuard] %r:%u -> %r:%u:
|
||||
LW_KEYPAIR_EXPIRED Current keypair (%x -> %x) is expired!
|
||||
LW_KEYPAIR_UNKNOWN The packet was encrypted with an unknown keypair!
|
||||
LW_DECRYPT_FAIL Decryption failure!
|
||||
LW_REPLAY_ATTACK Replay attack detected!
|
||||
LW_FLOOD_ATTACK Flood attack detected!
|
||||
LW_HUB_DISCONNECT The administrator of the Virtual Hub has disconnected this session.
|
||||
|
||||
|
||||
# (OpenVPN ログ)
|
||||
LO_PREFIX_RAW OpenVPN モジュール:
|
||||
LO_PREFIX_SESSION OpenVPN セッション %u (%r:%u -> %r:%u):
|
||||
@ -1904,6 +1917,7 @@ LH_AUTH_PASSWORD パスワード認証
|
||||
LH_AUTH_PLAIN_PASSWORD 外部サーバー認証
|
||||
LH_AUTH_CERT 証明書認証
|
||||
LH_AUTH_TICKET チケット認証
|
||||
LH_AUTH_WIREGUARD_KEY WireGuard public key authentication
|
||||
LH_AUTH_OPENVPN_CERT OpenVPN 証明書認証
|
||||
LH_AUTH_RADIUS_NOT_SUPPORT コネクション "%S": ユーザー "%S" の認証方法として RADIUS 認証または Active Directory 認証 (NT ドメイン認証) が指定されましたが、現在の VPN Server のエディションは "%S" であるため、RADIUS 認証または Active Directory 認証 (NT ドメイン認証) を使用することができません。接続は拒否されます。
|
||||
LH_AUTH_RADIUS_NOT_SUPPORT_ON_OPEN_SOURCE コネクション "%S": ユーザー "%S" の認証方法として RADIUS 認証または Active Directory 認証 (NT ドメイン認証) が指定されましたが、RADIUS 認証または Active Directory 認証 (NT ドメイン認証) を使用することができません。この機能はオープンソース版 SoftEther VPN にはまだ実装されていません。接続は拒否されます。
|
||||
@ -2001,6 +2015,8 @@ LA_SET_FARM_SETTING クラスタリング設定を変更しました。
|
||||
LA_SET_SERVER_CERT サーバー証明書を設定しました。
|
||||
LA_REGENERATE_SERVER_CERT サーバー証明書を再生成しました。新しい CN: "%S"
|
||||
LA_SET_SERVER_CIPHER サーバーの新しい暗号化アルゴリズム名を設定しました。新しい暗号化アルゴリズム名は "%S" です。
|
||||
LA_ADD_WGK Added %u WireGuard key(s).
|
||||
LA_DELETE_WGK Deleted %u WireGuard key(s).
|
||||
LA_CREATE_HUB 新しい仮想 HUB "%S" を作成しました。
|
||||
LA_SET_HUB 仮想 HUB の設定を変更しました。
|
||||
LA_DELETE_HUB 仮想 HUB "%S" を削除しました。
|
||||
@ -5007,6 +5023,35 @@ CMD_LogFileGet_SAVE_FAILED 指定されたファイルに書き込めません
|
||||
CMD_LogFileGet_FILESIZE ログファイルのファイルサイズ: %u
|
||||
|
||||
|
||||
# WgkAdd コマンド
|
||||
CMD_WgkAdd Add a WireGuard key
|
||||
CMD_WgkAdd_Help This command can be used to add a WireGuard key to the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkAdd_Args WgkAdd [key] [/HUB:hub] [/USER:user]
|
||||
CMD_WgkAdd_[key] WireGuard key. Make sure it is the public one!
|
||||
CMD_WgkAdd_HUB Hub the key will be associated to.
|
||||
CMD_WgkAdd_USER User the key will be associated to, in the specified hub.
|
||||
CMD_WgkAdd_Prompt_[key] Key:
|
||||
CMD_WgkAdd_Prompt_HUB Hub:
|
||||
CMD_WgkAdd_Prompt_USER User:
|
||||
|
||||
|
||||
# WgkDelete コマンド
|
||||
CMD_WgkDelete Delete a WireGuard key
|
||||
CMD_WgkDelete_Help This command can be used to delete a WireGuard key from the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkDelete_Args WgkDelete [key]
|
||||
CMD_WgkDelete_[key] WireGuard key.
|
||||
CMD_WgkDelete_Prompt_[key] Key:
|
||||
|
||||
|
||||
# WgkEnum コマンド
|
||||
CMD_WgkEnum List the WireGuard keys
|
||||
CMD_WgkEnum_Help This command retrieves the WireGuard keys that are allowed to connect to the server, along with the associated Virtual Hub and user. \nYou can add a key with the WgkAdd command. \nYou can delete a key with the WgkDelete command. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkEnum_Args WgkEnum
|
||||
CMD_WgkEnum_Column_Key Key
|
||||
CMD_WgkEnum_Column_Hub Hub
|
||||
CMD_WgkEnum_Column_User User
|
||||
|
||||
|
||||
# HubCreate コマンド
|
||||
CMD_HubCreate 新しい仮想 HUB の作成
|
||||
CMD_HubCreate_Help VPN Server 上に新しい仮想 HUB を作成します。\n作成した仮想 HUB は、直ちに動作を開始します。\nVPN Server がクラスタ内で動作している場合は、このコマンドはクラスタコントローラに対してのみ有効です。また、新しい仮想 HUB は、ダイナミック仮想 HUB として動作します。HubSetStatic コマンドで、スタティック仮想 HUB に変更することもできます。すでに VPN Server 上に存在する仮想 HUB の一覧を取得するには、HubList コマンドを使用します。\nこのコマンドを実行するには、VPN Server の管理者権限が必要です。\nまた、このコマンドは VPN Bridge およびクラスタメンバサーバーとして動作している VPN Server では動作しません。\nなお、クラスタ上でクラスタコントローラに対して仮想 HUB の作成コマンドを発行する場合は、HubCreateStatic コマンドまたは HubCreateDynamic コマンドを使用してください (クラスタコントローラに対して HubCreate コマンドを使用すると HubCreateDynamic コマンドと同等に動作します)。
|
||||
@ -5084,6 +5129,16 @@ CMD_Offline_Help 現在管理している仮想 HUB がオンラインになっ
|
||||
CMD_Offline_Args Offline
|
||||
|
||||
|
||||
# SetStaticNetwork command
|
||||
CMD_SetStaticNetwork Set Virtual Hub static IPv4 network parameters
|
||||
CMD_SetStaticNetwork_Help Set the static IPv4 network parameters for the Virtual Hub. They are used when DHCP is not available (e.g. WireGuard sessions). \nYou can get the current settings by using the OptionsGet command.
|
||||
CMD_SetStaticNetwork_Args SetStaticNetwork [/GATEWAY:gateway] [/SUBNET:subnet]
|
||||
CMD_SetStaticNetwork_GATEWAY Specify the IP address of the gateway that will be used for internet communication.
|
||||
CMD_SetStaticNetwork_SUBNET Specify the subnet mask, required to determine the size of the local VPN network.
|
||||
CMD_SetStaticNetwork_Prompt_GATEWAY Gateway:
|
||||
CMD_SetStaticNetwork_Prompt_SUBNET Subnet mask:
|
||||
|
||||
|
||||
# SetMaxSession コマンド
|
||||
CMD_SetMaxSession 仮想 HUB の最大同時接続セッション数を設定する
|
||||
CMD_SetMaxSession_Help 現在管理している仮想 HUB の、最大同時接続セッション数を設定します。最大同時接続セッション数を越えたセッションが、VPN Client や VPN Bridge から接続された場合、最大同時接続セッション数を上回った時点で、それ以上クライアントは接続できなくなります。この最大同時接続セッション数の制限には、ローカルブリッジ、仮想 NAT、カスケード接続などによって仮想 HUB 内に生成されるセッションは含まれません。\n現在の最大同時接続セッション数の設定は、OptionsGet コマンドによって取得することができます。\nこのコマンドは、VPN Bridge では実行できません。\nこのコマンドは、クラスタとして動作している VPN Server の仮想 HUB では実行できません。
|
||||
@ -5120,7 +5175,8 @@ CMD_OptionsGet_ENUM 匿名ユーザーに対する仮想 HUB の列挙
|
||||
CMD_OptionsGet_MAXSESSIONS 最大同時接続セッション数
|
||||
CMD_OptionsGet_STATUS 状態
|
||||
CMD_OptionsGet_TYPE 仮想 HUB の種類
|
||||
|
||||
CMD_OptionsGet_GATEWAY Default gateway
|
||||
CMD_OptionsGet_SUBNET Default subnet
|
||||
|
||||
|
||||
# RadiusServerSet コマンド
|
||||
|
@ -1754,6 +1754,7 @@ LS_SSL_START 연결 "%S"에 대한 SSL 통신이 시작되었습니다. 암호
|
||||
LS_CONNECTION_ERROR 연결 "%S"는 이유로 "%s"(코드 %u)로 종료되었습니다.
|
||||
LS_FARMMEMBER_NOT_ADMIN 연결 "%S": 서버는 클러스터 멤버이지만, 클라이언트는 가상 HUB "%S"관리자 사용자 "%S"이외로 직접 연결하려고 시도했습니다. 클라이언트가 제공 한 사용자 이름은 "%S"입니다. 액세스는 허용되지 않습니다.
|
||||
LS_HUB_NOT_FOUND 연결 "%S": 클라이언트가 연결을 시도하는 가상 HUB "%S"는 서버에 존재하지 않습니다.
|
||||
LS_WG_KEY_NOT_FOUND Connection "%S": The WireGuard key is not associated with a user on the server.
|
||||
LS_IP_DENIED 연결 "%S": 클라이언트의 접근 IP 주소 "%S"는 가상 HUB에 정의 된 접근 IP 제한 목록에 의해 거부되었습니다.
|
||||
LS_LICENSE_ERROR 연결 "%S": 라이센스에 오류가 발생했기 때문에 클라이언트는 서버에 연결할 수 없습니다.
|
||||
LS_BETA_EXPIRES 라이센스 오류가 발생했습니다. 베타 사용 기간이 종료하고 있습니다. 새로운 베타 버전 또는 완성판을 http://selinks.org/에서 다운로드하십시오.
|
||||
@ -1785,6 +1786,16 @@ LP_SESSION_CREATED Session created.
|
||||
LP_SESSION_DELETED Session deleted.
|
||||
|
||||
|
||||
# (WireGuard 로그)
|
||||
LW_PREFIX_SESSION [WireGuard] %r:%u -> %r:%u:
|
||||
LW_KEYPAIR_EXPIRED Current keypair (%x -> %x) is expired!
|
||||
LW_KEYPAIR_UNKNOWN The packet was encrypted with an unknown keypair!
|
||||
LW_DECRYPT_FAIL Decryption failure!
|
||||
LW_REPLAY_ATTACK Replay attack detected!
|
||||
LW_FLOOD_ATTACK Flood attack detected!
|
||||
LW_HUB_DISCONNECT The administrator of the Virtual Hub has disconnected this session.
|
||||
|
||||
|
||||
# (OpenVPN 로그)
|
||||
LO_PREFIX_RAW OpenVPN 모듈:
|
||||
LO_PREFIX_SESSION OpenVPN 세션 %u (%r:%u -> %r:%u):
|
||||
@ -1884,6 +1895,8 @@ LH_AUTH_PASSWORD 암호 인증
|
||||
LH_AUTH_PLAIN_PASSWORD 외부 서버 인증
|
||||
LH_AUTH_CERT 인증서 인증
|
||||
LH_AUTH_TICKET 티켓 인증
|
||||
LH_AUTH_WIREGUARD_KEY WireGuard public key authentication
|
||||
LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication
|
||||
LH_AUTH_RADIUS_NOT_SUPPORT 연결 "%S"사용자 "%S"의 인증 방법으로 RADIUS 인증 또는 Active Directory 인증 (NT 도메인 인증)이 지정 되었으나, 현재 VPN Server 버전은 "%S"이기 때문에 RADIUS 인증 또는 Active Directory 인증 (NT 도메인 인증)을 사용할 수 없습니다. 연결이 거부됩니다.
|
||||
LH_AUTH_RADIUS_NOT_SUPPORT_ON_OPEN_SOURCE 연결 "%S"사용자 "%S"의 인증 방법으로 RADIUS 인증 또는 Active Directory 인증 (NT 도메인 인증)이 지정되었습니다 만, RADIUS 인증 또는 Active Directory 인증 (NT 도메인 인증)을 사용할 수 수 없습니다. 이 기능은 오픈 소스 버전 SoftEther VPN은 아직 구현되어 있지 않습니다. 연결이 거부됩니다.
|
||||
LH_AUTH_CERT_NOT_SUPPORT_ON_OPEN_SOURCE 연결 "%S"사용자 "%S"의 인증 방법으로 인증서 인증을 지정했지만 인증서 인증을 사용 할 수 없습니다. 이 기능은 오픈 소스 버전 SoftEther VPN은 아직 구현되어 있지 않습니다. 연결이 거부됩니다.
|
||||
@ -1980,6 +1993,8 @@ LA_SET_FARM_SETTING 클러스터링 설정을 변경했습니다.
|
||||
LA_SET_SERVER_CERT 서버 인증서를 설정했습니다.
|
||||
LA_REGENERATE_SERVER_CERT 서버 인증서를 다시 생성했습니다. 새로운 CN:"%S"
|
||||
LA_SET_SERVER_CIPHER 서버의 새로운 암호화 알고리즘 명을 설정했습니다. 새로운 암호화 알고리즘 명은 "%S"입니다.
|
||||
LA_ADD_WGK Added %u WireGuard key(s).
|
||||
LA_DELETE_WGK Deleted %u WireGuard key(s).
|
||||
LA_CREATE_HUB 새로운 가상 HUB "%S"를 만들었습니다.
|
||||
LA_SET_HUB 가상 HUB의 설정을 변경했습니다.
|
||||
LA_DELETE_HUB 가상 HUB "%S"를 삭제했습니다.
|
||||
@ -4985,6 +5000,35 @@ CMD_LogFileGet_SAVE_FAILED 지정된 파일에 쓸 수 없습니다.
|
||||
CMD_LogFileGet_FILESIZE 로그 파일의 파일 크기:%u
|
||||
|
||||
|
||||
# WgkAdd 명령
|
||||
CMD_WgkAdd Add a WireGuard key
|
||||
CMD_WgkAdd_Help This command can be used to add a WireGuard key to the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkAdd_Args WgkAdd [key] [/HUB:hub] [/USER:user]
|
||||
CMD_WgkAdd_[key] WireGuard key. Make sure it is the public one!
|
||||
CMD_WgkAdd_HUB Hub the key will be associated to.
|
||||
CMD_WgkAdd_USER User the key will be associated to, in the specified hub.
|
||||
CMD_WgkAdd_Prompt_[key] Key:
|
||||
CMD_WgkAdd_Prompt_HUB Hub:
|
||||
CMD_WgkAdd_Prompt_USER User:
|
||||
|
||||
|
||||
# WgkDelete 명령
|
||||
CMD_WgkDelete Delete a WireGuard key
|
||||
CMD_WgkDelete_Help This command can be used to delete a WireGuard key from the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkDelete_Args WgkDelete [key]
|
||||
CMD_WgkDelete_[key] WireGuard key.
|
||||
CMD_WgkDelete_Prompt_[key] Key:
|
||||
|
||||
|
||||
# WgkEnum 명령
|
||||
CMD_WgkEnum List the WireGuard keys
|
||||
CMD_WgkEnum_Help This command retrieves the WireGuard keys that are allowed to connect to the server, along with the associated Virtual Hub and user. \nYou can add a key with the WgkAdd command. \nYou can delete a key with the WgkDelete command. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkEnum_Args WgkEnum
|
||||
CMD_WgkEnum_Column_Key Key
|
||||
CMD_WgkEnum_Column_Hub Hub
|
||||
CMD_WgkEnum_Column_User User
|
||||
|
||||
|
||||
# HubCreate 명령
|
||||
CMD_HubCreate 새로운 가상 HUB 만들기
|
||||
CMD_HubCreate_Help VPN Server에 새로운 가상 HUB를 만듭니다. \n 만든 가상 HUB는 즉시 작동을 시작합니다. \nVPN Server가 클러스터에서 실행중인 경우이 명령은 클러스터 컨트롤러에만 적용됩니다. 또한 새로운 가상 HUB는 동적 가상 HUB 역할을합니다. HubSetStatic 명령에서 정적 가상 HUB 변경 될 수 있습니다. 이미 VPN Server에 존재하는 가상 HUB 목록을 검색하려면 HubList 명령을 사용합니다. \n이 명령을 실행하려면 VPN Server 관리자 권한이 있어야합니다. \n 또한이 명령은 VPN Bridge 및 클러스터 구성원 서버로 작동하는 VPN Server에서 작동하지 않습니다. \n 또한 클러스터에서 클러스터 컨트롤러에 가상 HUB 작성 명령을 실행하려면 HubCreateStatic 명령 또는 HubCreateDynamic 명령을 사용하십시오 (클러스터 컨트롤러에 HubCreate 명령을 사용하면 HubCreateDynamic 명령과 동등하게 동작 합니다).
|
||||
@ -5062,6 +5106,16 @@ CMD_Offline_Help 현재 관리하고있는 가상 HUB가 온라인 상태 인
|
||||
CMD_Offline_Args Offline
|
||||
|
||||
|
||||
# SetStaticNetwork 명령
|
||||
CMD_SetStaticNetwork Set Virtual Hub static IPv4 network parameters
|
||||
CMD_SetStaticNetwork_Help Set the static IPv4 network parameters for the Virtual Hub. They are used when DHCP is not available (e.g. WireGuard sessions). \nYou can get the current settings by using the OptionsGet command.
|
||||
CMD_SetStaticNetwork_Args SetStaticNetwork [/GATEWAY:gateway] [/SUBNET:subnet]
|
||||
CMD_SetStaticNetwork_GATEWAY Specify the IP address of the gateway that will be used for internet communication.
|
||||
CMD_SetStaticNetwork_SUBNET Specify the subnet mask, required to determine the size of the local VPN network.
|
||||
CMD_SetStaticNetwork_Prompt_GATEWAY Gateway:
|
||||
CMD_SetStaticNetwork_Prompt_SUBNET Subnet mask:
|
||||
|
||||
|
||||
# SetMaxSession 명령
|
||||
CMD_SetMaxSession 가상 HUB 최대 동시 연결 세션 수를 설정하려면
|
||||
CMD_SetMaxSession_Help 현재 관리하고있는 가상 HUB의 최대 동시 세션 수를 설정합니다. 최대 동시 세션 수를 초과 한 세션이 VPN Client 및 VPN Bridge에서 연결된 경우 최대 동시 세션 수를 초과 한 시점에서 더 이상 클라이언트는 연결할 수 없습니다. 이 최대 동시 세션 수의 제한 로컬 브리지 가상 NAT 계단식 등에 의해 가상 HUB에 생성 된 세션은 포함되지 않습니다. \n 현재 최대 동시 세션 수 설정은 OptionsGet 명령에서 얻을 수 있습니다. \n이 명령은 VPN Bridge에서는 실행되지 않습니다. \n이 명령은 클러스터로 작동하는 VPN Server의 가상 HUB에서는 실행되지 않습니다.
|
||||
@ -5098,7 +5152,8 @@ CMD_OptionsGet_ENUM 익명 사용자에 대한 가상 HUB의 열거
|
||||
CMD_OptionsGet_MAXSESSIONS 최대 동시 세션 수
|
||||
CMD_OptionsGet_STATUS 상태
|
||||
CMD_OptionsGet_TYPE 가상 HUB의 종류
|
||||
|
||||
CMD_OptionsGet_GATEWAY Default gateway
|
||||
CMD_OptionsGet_SUBNET Default subnet
|
||||
|
||||
|
||||
# RadiusServerSet 명령
|
||||
@ -7297,7 +7352,6 @@ SM_SNAT_IS_RAW Raw IP mode NAT is Active
|
||||
LO_CLIENT_CERT Client certificate received (subject: CN="%s"), will use certificate authentication.
|
||||
LO_CLIENT_UNVERIFIED_CERT Client certificate was provided but did not pass verification (error="%S"), will use password authentication.
|
||||
LO_CLIENT_NO_CERT Client certificate is not provided, will use password authentication.
|
||||
LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication
|
||||
CMD_AccessAddEx_REDIRECTURL The specified URL will be mandatory replied to the client as a response for TCP connecting request packets which matches the conditions of this access list entry via this Virtual Hub. To use this setting, you can enforce the web browser of the VPN Client computer to show the specified web site when that web browser tries to access the specific IP address.
|
||||
CMD_AccessAddEx6_REDIRECTURL The specified URL will be mandatory replied to the client as a response for TCP connecting request packets which matches the conditions of this access list entry via this Virtual Hub. To use this setting, you can enforce the web browser of the VPN Client computer to show the specified web site when that web browser tries to access the specific IP address.
|
||||
CMD_TrafficServer_NOHUP When "yes" is specified, the server process never stops without regard to any input from the console. It is convenient when you want to run the TrafficServer endlessly.
|
||||
|
@ -1769,6 +1769,7 @@ LS_SSL_START SSL communication for connection "%S" has been started. The encrypt
|
||||
LS_CONNECTION_ERROR Connection "%S" terminated by the cause "%s" (code %u).
|
||||
LS_FARMMEMBER_NOT_ADMIN Connection "%S": Although the server is a cluster member, the client attempted that to directly connect to the Virtual Hub "%S" while not being administrator user "%S". The user name provided by the client is "%S". Access is refused.
|
||||
LS_HUB_NOT_FOUND Connection "%S": Virtual Hub "%S" that the client is trying to connect to does not exist on the server.
|
||||
LS_WG_KEY_NOT_FOUND Connection "%S": The WireGuard key is not associated with a user on the server.
|
||||
LS_IP_DENIED Connection "%S": The source IP address "%S" of the client has refused based on the Source IP Address Limit List defined for the Virtual Hub.
|
||||
LS_LICENSE_ERROR Connection "%S": Because a license-related error has been occurred, the client is unable to connect to the server.
|
||||
LS_BETA_EXPIRES This beta version of SoftEther VPN Server is expired. The beta version period of use has expired. Download a new beta version or full version from http://selinks.org/.
|
||||
@ -1800,6 +1801,16 @@ LP_SESSION_CREATED Session created.
|
||||
LP_SESSION_DELETED Session deleted.
|
||||
|
||||
|
||||
# (WireGuard log)
|
||||
LW_PREFIX_SESSION [WireGuard] %r:%u -> %r:%u:
|
||||
LW_KEYPAIR_EXPIRED Current keypair (%x -> %x) is expired!
|
||||
LW_KEYPAIR_UNKNOWN The packet was encrypted with an unknown keypair!
|
||||
LW_DECRYPT_FAIL Decryption failure!
|
||||
LW_REPLAY_ATTACK Replay attack detected!
|
||||
LW_FLOOD_ATTACK Flood attack detected!
|
||||
LW_HUB_DISCONNECT The administrator of the Virtual Hub has disconnected this session.
|
||||
|
||||
|
||||
# (OpenVPN Logs)
|
||||
LO_PREFIX_RAW OpenVPN Module:
|
||||
LO_PREFIX_SESSION OpenVPN Session %u (%r:%u -> %r:%u):
|
||||
@ -1902,7 +1913,8 @@ LH_AUTH_PASSWORD Senha
|
||||
LH_AUTH_PLAIN_PASSWORD External server authentication
|
||||
LH_AUTH_CERT Certificate authentication
|
||||
LH_AUTH_TICKET Ticket authentication
|
||||
LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication
|
||||
LH_AUTH_WIREGUARD_KEY WireGuard public key authentication
|
||||
LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication
|
||||
LH_AUTH_RADIUS_NOT_SUPPORT Connection "%S": The authentication method of the user "%S" has been specified as RADIUS Authentication or Active Directory Authentication (NT Domain Authentication). However, the edition of the VPN Server is "%S". This edition does not support RADIUS Authentication nor Active Directory Authentication (NT Domain Authentication). The connection will be denied.
|
||||
LH_AUTH_RADIUS_NOT_SUPPORT_ON_OPEN_SOURCE Connection "%S": The authentication method of the user "%S" has been specified as RADIUS Authentication or Active Directory Authentication (NT Domain Authentication). However, such an external user-authentication function hasn't been implemented on the Open-Source version of SoftEther VPN yet. The connection will be denied.
|
||||
LH_AUTH_CERT_NOT_SUPPORT_ON_OPEN_SOURCE Connection "%S": The authentication method of the user "%S" has been specified as Certificate Authentication. However, the Certificate Authentication function hasn't been implemented on the Open-Source version of SoftEther VPN yet. The connection will be denied.
|
||||
@ -1999,6 +2011,8 @@ LA_SET_FARM_SETTING The clustering setting has been changed.
|
||||
LA_SET_SERVER_CERT The server certificates have been set.
|
||||
LA_REGENERATE_SERVER_CERT The server certificate has been re-generated. The new CN: "%S"
|
||||
LA_SET_SERVER_CIPHER A new encryption algorithm name for the server has been set. The new encryption algorithm name is "%S".
|
||||
LA_ADD_WGK Added %u WireGuard key(s).
|
||||
LA_DELETE_WGK Deleted %u WireGuard key(s).
|
||||
LA_CREATE_HUB A new Virtual Hub "%S" has been created.
|
||||
LA_SET_HUB The Virtual Hub setting has been changed.
|
||||
LA_DELETE_HUB The Virtual Hub "%S" has been deleted.
|
||||
@ -4732,6 +4746,35 @@ CMD_LogFileGet_SAVE_FAILED Unable to write to the specified file.
|
||||
CMD_LogFileGet_FILESIZE File size of log file: %u
|
||||
|
||||
|
||||
# WgkAdd command
|
||||
CMD_WgkAdd Add a WireGuard key
|
||||
CMD_WgkAdd_Help This command can be used to add a WireGuard key to the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkAdd_Args WgkAdd [key] [/HUB:hub] [/USER:user]
|
||||
CMD_WgkAdd_[key] WireGuard key. Make sure it is the public one!
|
||||
CMD_WgkAdd_HUB Hub the key will be associated to.
|
||||
CMD_WgkAdd_USER User the key will be associated to, in the specified hub.
|
||||
CMD_WgkAdd_Prompt_[key] Key:
|
||||
CMD_WgkAdd_Prompt_HUB Hub:
|
||||
CMD_WgkAdd_Prompt_USER User:
|
||||
|
||||
|
||||
# WgkDelete command
|
||||
CMD_WgkDelete Delete a WireGuard key
|
||||
CMD_WgkDelete_Help This command can be used to delete a WireGuard key from the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkDelete_Args WgkDelete [key]
|
||||
CMD_WgkDelete_[key] WireGuard key.
|
||||
CMD_WgkDelete_Prompt_[key] Key:
|
||||
|
||||
|
||||
# WgkEnum command
|
||||
CMD_WgkEnum List the WireGuard keys
|
||||
CMD_WgkEnum_Help This command retrieves the WireGuard keys that are allowed to connect to the server, along with the associated Virtual Hub and user. \nYou can add a key with the WgkAdd command. \nYou can delete a key with the WgkDelete command. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkEnum_Args WgkEnum
|
||||
CMD_WgkEnum_Column_Key Key
|
||||
CMD_WgkEnum_Column_Hub Hub
|
||||
CMD_WgkEnum_Column_User User
|
||||
|
||||
|
||||
# HubCreate command
|
||||
CMD_HubCreate Create New Virtual Hub
|
||||
CMD_HubCreate_Help Use this to create a new Virtual Hub on the VPN Server. \nThe created Virtual Hub will begin operation immediately. \nWhen the VPN Server is operating on a cluster, this command is only valid for the cluster controller. Also, the new Virtual Hub will operate as a dynamic Virtual Hub. You can change it to a static Virtual Hub by using the HubSetStatic command. To get a list of Virtual Hubs that are already on the VPN Server, use the HubList command. \nTo execute this command, you must have VPN Server administrator privileges. \nAlso, this command does not operate on VPN Servers that are operating as a VPN Bridge or cluster member. \nWhen issuing the command to a cluster controller on a cluster to create a Virtual Hub, use either the HubCreateStatic command or the HubCreateDynamic command (issuing the HubCreate command to a cluster controller has the same operational effect as issuing the HubCreateDynamic command).
|
||||
@ -4809,6 +4852,16 @@ CMD_Offline_Help Use this when the Virtual Hub currently being managed is online
|
||||
CMD_Offline_Args Offline
|
||||
|
||||
|
||||
# SetStaticNetwork command
|
||||
CMD_SetStaticNetwork Set Virtual Hub static IPv4 network parameters
|
||||
CMD_SetStaticNetwork_Help Set the static IPv4 network parameters for the Virtual Hub. They are used when DHCP is not available (e.g. WireGuard sessions). \nYou can get the current settings by using the OptionsGet command.
|
||||
CMD_SetStaticNetwork_Args SetStaticNetwork [/GATEWAY:gateway] [/SUBNET:subnet]
|
||||
CMD_SetStaticNetwork_GATEWAY Specify the IP address of the gateway that will be used for internet communication.
|
||||
CMD_SetStaticNetwork_SUBNET Specify the subnet mask, required to determine the size of the local VPN network.
|
||||
CMD_SetStaticNetwork_Prompt_GATEWAY Gateway:
|
||||
CMD_SetStaticNetwork_Prompt_SUBNET Subnet mask:
|
||||
|
||||
|
||||
# SetMaxSession command
|
||||
CMD_SetMaxSession Set the Max Number of Concurrently Connected Sessions for Virtual Hub
|
||||
CMD_SetMaxSession_Help Use this to set the maximum number of sessions that can be concurrently connected to the Virtual Hub that is currently being managed. When there are more sessions than the maximum number of concurrently connected sessions that are being connected from the VPN Client or VPN Bridge, when the maximum number of sessions is reached, clients will no longer be able to connect. This limit on the maximum number of concurrently connected sessions does not include sessions generated in the Virtual Hub by Local Bridges, Virtual NAT, and Cascade Connections. \nYou can get the current setting for the max number of concurrently connected sessions by using the OptionsGet command. \nThis command cannot be run on VPN Bridge. \nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
|
||||
@ -4845,6 +4898,8 @@ CMD_OptionsGet_ENUM Enumeration of Virtual Hub for Anonymous User
|
||||
CMD_OptionsGet_MAXSESSIONS Max Number of Sessions
|
||||
CMD_OptionsGet_STATUS Status
|
||||
CMD_OptionsGet_TYPE Virtual Hub Type
|
||||
CMD_OptionsGet_GATEWAY Default gateway
|
||||
CMD_OptionsGet_SUBNET Default subnet
|
||||
|
||||
|
||||
# RadiusServerSet command
|
||||
|
@ -1769,6 +1769,7 @@ LS_SSL_START SSL communication for connection "%S" has been started. The encry
|
||||
LS_CONNECTION_ERROR Connection "%S" terminated by the cause "%s" (code %u).
|
||||
LS_FARMMEMBER_NOT_ADMIN Connection "%S": Although the server is a cluster member, the client attempted that to directly connect to the Virtual Hub "%S" while not being administrator user "%S". The user name provided by the client is "%S". Access is refused.
|
||||
LS_HUB_NOT_FOUND Connection "%S": Virtual Hub "%S" that the client is trying to connect to does not exist on the server.
|
||||
LS_WG_KEY_NOT_FOUND Connection "%S": The WireGuard key is not associated with a user on the server.
|
||||
LS_IP_DENIED Connection "%S": The source IP address "%S" of the client has refused based on the Source IP Address Limit List defined for the Virtual Hub.
|
||||
LS_LICENSE_ERROR Connection "%S": Because a license-related error has been occurred, the client is unable to connect to the server.
|
||||
LS_BETA_EXPIRES This beta version of SoftEther VPN Server is expired. The beta version period of use has expired. Download a new beta version or full version from http://selinks.org/.
|
||||
@ -1800,6 +1801,16 @@ LP_SESSION_CREATED Session created.
|
||||
LP_SESSION_DELETED Session deleted.
|
||||
|
||||
|
||||
# (WireGuard log)
|
||||
LW_PREFIX_SESSION [WireGuard] %r:%u -> %r:%u:
|
||||
LW_KEYPAIR_EXPIRED Current keypair (%x -> %x) is expired!
|
||||
LW_KEYPAIR_UNKNOWN The packet was encrypted with an unknown keypair!
|
||||
LW_DECRYPT_FAIL Decryption failure!
|
||||
LW_REPLAY_ATTACK Replay attack detected!
|
||||
LW_FLOOD_ATTACK Flood attack detected!
|
||||
LW_HUB_DISCONNECT The administrator of the Virtual Hub has disconnected this session.
|
||||
|
||||
|
||||
# (OpenVPN Logs)
|
||||
LO_PREFIX_RAW OpenVPN Module:
|
||||
LO_PREFIX_SESSION OpenVPN Session %u (%r:%u -> %r:%u):
|
||||
@ -1902,7 +1913,8 @@ LH_AUTH_PASSWORD Password authentication
|
||||
LH_AUTH_PLAIN_PASSWORD External server authentication
|
||||
LH_AUTH_CERT Certificate authentication
|
||||
LH_AUTH_TICKET Ticket authentication
|
||||
LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication
|
||||
LH_AUTH_WIREGUARD_KEY WireGuard public key authentication
|
||||
LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication
|
||||
LH_AUTH_RADIUS_NOT_SUPPORT Connection "%S": The authentication method of the user "%S" has been specified as RADIUS Authentication or Active Directory Authentication (NT Domain Authentication). However, the edition of the VPN Server is "%S". This edition does not support RADIUS Authentication nor Active Directory Authentication (NT Domain Authentication). The connection will be denied.
|
||||
LH_AUTH_RADIUS_NOT_SUPPORT_ON_OPEN_SOURCE Connection "%S": The authentication method of the user "%S" has been specified as RADIUS Authentication or Active Directory Authentication (NT Domain Authentication). However, such an external user-authentication function hasn't been implemented on the Open-Source version of SoftEther VPN yet. The connection will be denied.
|
||||
LH_AUTH_CERT_NOT_SUPPORT_ON_OPEN_SOURCE Connection "%S": The authentication method of the user "%S" has been specified as Certificate Authentication. However, the Certificate Authentication function hasn't been implemented on the Open-Source version of SoftEther VPN yet. The connection will be denied.
|
||||
@ -1999,6 +2011,8 @@ LA_SET_FARM_SETTING The clustering setting has been changed.
|
||||
LA_SET_SERVER_CERT The server certificates have been set.
|
||||
LA_REGENERATE_SERVER_CERT The server certificate has been re-generated. The new CN: "%S"
|
||||
LA_SET_SERVER_CIPHER A new encryption algorithm name for the server has been set. The new encryption algorithm name is "%S".
|
||||
LA_ADD_WGK Added %u WireGuard key(s).
|
||||
LA_DELETE_WGK Deleted %u WireGuard key(s).
|
||||
LA_CREATE_HUB A new Virtual Hub "%S" has been created.
|
||||
LA_SET_HUB The Virtual Hub setting has been changed.
|
||||
LA_DELETE_HUB The Virtual Hub "%S" has been deleted.
|
||||
@ -5006,6 +5020,35 @@ CMD_LogFileGet_SAVE_FAILED Unable to write to the specified file.
|
||||
CMD_LogFileGet_FILESIZE File size of log file: %u
|
||||
|
||||
|
||||
# WgkAdd command
|
||||
CMD_WgkAdd Add a WireGuard key
|
||||
CMD_WgkAdd_Help This command can be used to add a WireGuard key to the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkAdd_Args WgkAdd [key] [/HUB:hub] [/USER:user]
|
||||
CMD_WgkAdd_[key] WireGuard key. Make sure it is the public one!
|
||||
CMD_WgkAdd_HUB Hub the key will be associated to.
|
||||
CMD_WgkAdd_USER User the key will be associated to, in the specified hub.
|
||||
CMD_WgkAdd_Prompt_[key] Key:
|
||||
CMD_WgkAdd_Prompt_HUB Hub:
|
||||
CMD_WgkAdd_Prompt_USER User:
|
||||
|
||||
|
||||
# WgkDelete command
|
||||
CMD_WgkDelete Delete a WireGuard key
|
||||
CMD_WgkDelete_Help This command can be used to delete a WireGuard key from the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkDelete_Args WgkDelete [key]
|
||||
CMD_WgkDelete_[key] WireGuard key.
|
||||
CMD_WgkDelete_Prompt_[key] Key:
|
||||
|
||||
|
||||
# WgkEnum command
|
||||
CMD_WgkEnum List the WireGuard keys
|
||||
CMD_WgkEnum_Help This command retrieves the WireGuard keys that are allowed to connect to the server, along with the associated Virtual Hub and user. \nYou can add a key with the WgkAdd command. \nYou can delete a key with the WgkDelete command. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkEnum_Args WgkEnum
|
||||
CMD_WgkEnum_Column_Key Key
|
||||
CMD_WgkEnum_Column_Hub Hub
|
||||
CMD_WgkEnum_Column_User User
|
||||
|
||||
|
||||
# HubCreate command
|
||||
CMD_HubCreate Create New Virtual Hub
|
||||
CMD_HubCreate_Help Use this to create a new Virtual Hub on the VPN Server. \nThe created Virtual Hub will begin operation immediately. \nWhen the VPN Server is operating on a cluster, this command is only valid for the cluster controller. Also, the new Virtual Hub will operate as a dynamic Virtual Hub. You can change it to a static Virtual Hub by using the HubSetStatic command. To get a list of Virtual Hubs that are already on the VPN Server, use the HubList command. \nTo execute this command, you must have VPN Server administrator privileges. \nAlso, this command does not operate on VPN Servers that are operating as a VPN Bridge or cluster member. \nWhen issuing the command to a cluster controller on a cluster to create a Virtual Hub, use either the HubCreateStatic command or the HubCreateDynamic command (issuing the HubCreate command to a cluster controller has the same operational effect as issuing the HubCreateDynamic command).
|
||||
@ -5083,6 +5126,16 @@ CMD_Offline_Help Use this when the Virtual Hub currently being managed is onlin
|
||||
CMD_Offline_Args Offline
|
||||
|
||||
|
||||
# SetStaticNetwork command
|
||||
CMD_SetStaticNetwork Set Virtual Hub static IPv4 network parameters
|
||||
CMD_SetStaticNetwork_Help Set the static IPv4 network parameters for the Virtual Hub. They are used when DHCP is not available (e.g. WireGuard sessions). \nYou can get the current settings by using the OptionsGet command.
|
||||
CMD_SetStaticNetwork_Args SetStaticNetwork [/GATEWAY:gateway] [/SUBNET:subnet]
|
||||
CMD_SetStaticNetwork_GATEWAY Specify the IP address of the gateway that will be used for internet communication.
|
||||
CMD_SetStaticNetwork_SUBNET Specify the subnet mask, required to determine the size of the local VPN network.
|
||||
CMD_SetStaticNetwork_Prompt_GATEWAY Gateway:
|
||||
CMD_SetStaticNetwork_Prompt_SUBNET Subnet mask:
|
||||
|
||||
|
||||
# SetMaxSession command
|
||||
CMD_SetMaxSession Set the Max Number of Concurrently Connected Sessions for Virtual Hub
|
||||
CMD_SetMaxSession_Help Use this to set the maximum number of sessions that can be concurrently connected to the Virtual Hub that is currently being managed. When there are more sessions than the maximum number of concurrently connected sessions that are being connected from the VPN Client or VPN Bridge, when the maximum number of sessions is reached, clients will no longer be able to connect. This limit on the maximum number of concurrently connected sessions does not include sessions generated in the Virtual Hub by Local Bridges, Virtual NAT, and Cascade Connections. \nYou can get the current setting for the max number of concurrently connected sessions by using the OptionsGet command. \nThis command cannot be run on VPN Bridge. \nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
|
||||
@ -5119,7 +5172,8 @@ CMD_OptionsGet_ENUM Enumeration of Virtual Hub for Anonymous User
|
||||
CMD_OptionsGet_MAXSESSIONS Max Number of Sessions
|
||||
CMD_OptionsGet_STATUS Status
|
||||
CMD_OptionsGet_TYPE Virtual Hub Type
|
||||
|
||||
CMD_OptionsGet_GATEWAY Default gateway
|
||||
CMD_OptionsGet_SUBNET Default subnet
|
||||
|
||||
|
||||
# RadiusServerSet command
|
||||
|
@ -1789,6 +1789,7 @@ LS_SSL_START 連接 "%S" 的 SSL 通信已啟動。加密演算法名為 "%S"
|
||||
LS_CONNECTION_ERROR 連接 "%S"因原因 "%s" (代碼 %u)已終止。
|
||||
LS_FARMMEMBER_NOT_ADMIN 連接 "%S": 服務端是群集成員,但用戶端在非管理員 (%S) 使用者情況下,嘗試直接與虛擬 HUB "%S" 連接。用戶端用戶名為 "%S"。訪問被拒絕。
|
||||
LS_HUB_NOT_FOUND 連接 "%S": 客戶端正在嘗試連接的虛擬 HUB "%S" 在服務端上不存在。
|
||||
LS_WG_KEY_NOT_FOUND Connection "%S": The WireGuard key is not associated with a user on the server.
|
||||
LS_IP_DENIED 連接 "%S": 基於虛擬 HUB 上定義的源 IP 訪問限制列表,用戶端的源 IP 位址 "%S" 被拒絕。
|
||||
LS_LICENSE_ERROR 連接 "%S": 因為發生許可證相關錯誤,用戶端無法連接到服務端。
|
||||
LS_BETA_EXPIRES SoftEther VPN Server 測試版已過期。測試版使用期限已到。請從 http://selinks.org/ 下載新的測試版或完整版。
|
||||
@ -1820,6 +1821,16 @@ LP_SESSION_CREATED Session created.
|
||||
LP_SESSION_DELETED Session deleted.
|
||||
|
||||
|
||||
# (WireGuard 日誌)
|
||||
LW_PREFIX_SESSION [WireGuard] %r:%u -> %r:%u:
|
||||
LW_KEYPAIR_EXPIRED Current keypair (%x -> %x) is expired!
|
||||
LW_KEYPAIR_UNKNOWN The packet was encrypted with an unknown keypair!
|
||||
LW_DECRYPT_FAIL Decryption failure!
|
||||
LW_REPLAY_ATTACK Replay attack detected!
|
||||
LW_FLOOD_ATTACK Flood attack detected!
|
||||
LW_HUB_DISCONNECT The administrator of the Virtual Hub has disconnected this session.
|
||||
|
||||
|
||||
# (OpenVPN 日誌)
|
||||
LO_PREFIX_RAW OpenVPN 模組:
|
||||
LO_PREFIX_SESSION OpenVPN 會話%u (%r:%u -> %r:%u):
|
||||
@ -1922,7 +1933,8 @@ LH_AUTH_PASSWORD 密碼驗證
|
||||
LH_AUTH_PLAIN_PASSWORD 外部伺服器身份驗證
|
||||
LH_AUTH_CERT 證書驗證
|
||||
LH_AUTH_TICKET 票證驗證
|
||||
LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication
|
||||
LH_AUTH_WIREGUARD_KEY WireGuard public key authentication
|
||||
LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication
|
||||
LH_AUTH_RADIUS_NOT_SUPPORT 連接 "%S": 用戶 "%S" 身份驗證方法 RADIUS 或 Active Directory (NT 域),但 VPN Server 是 "%S",因為 RADIUS 或 Active Directory (NT 域)不能使用。連接被拒絕。
|
||||
LH_AUTH_RADIUS_NOT_SUPPORT_ON_OPEN_SOURCE "%S" 的連接方法: 用戶 "%S" 的身份驗證方法被指定為 RADIUS 身份驗證或 Active Directory 身份驗證 (NT 域驗證)。然而,這樣一個外部用戶身份驗證功能尚未在 SoftEther VPN 的開源版本上實施。該連接將被拒絕。
|
||||
LH_AUTH_CERT_NOT_SUPPORT_ON_OPEN_SOURCE "%S" 的連接方法: 用戶 "%S" 的身份驗證方法被指定為證書認證。然而,證書驗證功能尚未在 SoftEther VPN 的開源版本上實施。該連接將被拒絕。
|
||||
@ -2019,6 +2031,8 @@ LA_SET_FARM_SETTING 群集設置變更完成。
|
||||
LA_SET_SERVER_CERT 服務端證書設定完成。
|
||||
LA_REGENERATE_SERVER_CERT 伺服器憑證再次生成。新 CN:"%S"
|
||||
LA_SET_SERVER_CIPHER 服務端的新加密演算法名設定完成。新加密演算法為 "%S"。
|
||||
LA_ADD_WGK Added %u WireGuard key(s).
|
||||
LA_DELETE_WGK Deleted %u WireGuard key(s).
|
||||
LA_CREATE_HUB 已創建新虛擬 HUB "%S"。
|
||||
LA_SET_HUB 已變更虛擬 HUB 設置。
|
||||
LA_DELETE_HUB 已刪除虛擬 HUB "%S"。
|
||||
@ -5024,6 +5038,35 @@ CMD_LogFileGet_SAVE_FAILED 無法寫入指定的檔。
|
||||
CMD_LogFileGet_FILESIZE 日誌檔的大小: %u
|
||||
|
||||
|
||||
# WgkAdd 命令
|
||||
CMD_WgkAdd Add a WireGuard key
|
||||
CMD_WgkAdd_Help This command can be used to add a WireGuard key to the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkAdd_Args WgkAdd [key] [/HUB:hub] [/USER:user]
|
||||
CMD_WgkAdd_[key] WireGuard key. Make sure it is the public one!
|
||||
CMD_WgkAdd_HUB Hub the key will be associated to.
|
||||
CMD_WgkAdd_USER User the key will be associated to, in the specified hub.
|
||||
CMD_WgkAdd_Prompt_[key] Key:
|
||||
CMD_WgkAdd_Prompt_HUB Hub:
|
||||
CMD_WgkAdd_Prompt_USER User:
|
||||
|
||||
|
||||
# WgkDelete 命令
|
||||
CMD_WgkDelete Delete a WireGuard key
|
||||
CMD_WgkDelete_Help This command can be used to delete a WireGuard key from the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkDelete_Args WgkDelete [key]
|
||||
CMD_WgkDelete_[key] WireGuard key.
|
||||
CMD_WgkDelete_Prompt_[key] Key:
|
||||
|
||||
|
||||
# WgkEnum 命令
|
||||
CMD_WgkEnum List the WireGuard keys
|
||||
CMD_WgkEnum_Help This command retrieves the WireGuard keys that are allowed to connect to the server, along with the associated Virtual Hub and user. \nYou can add a key with the WgkAdd command. \nYou can delete a key with the WgkDelete command. \nTo execute this command, you must have VPN Server administrator privileges.
|
||||
CMD_WgkEnum_Args WgkEnum
|
||||
CMD_WgkEnum_Column_Key Key
|
||||
CMD_WgkEnum_Column_Hub Hub
|
||||
CMD_WgkEnum_Column_User User
|
||||
|
||||
|
||||
# HubCreate 命令
|
||||
CMD_HubCreate 創建新的虛擬 HUB
|
||||
CMD_HubCreate_Help 在 VPN Server 上創建一個新的虛擬 HUB。\n創建的虛擬 HUB 將立即開始工作。\n當 VPN Server,在一個群集中運行,此命令僅對群集控制器有效。新的虛擬 HUB,將作為一個動態的虛擬 HUB。應用 HubSetStatic 命令也可將虛擬 HUB 改為靜態的。要想獲取已經儲存在 VPN Server 上的 HUB,可以運行 HubList 命令獲得列表。\n要運行此命令,需要 VPN Server 管理員許可權。\n此外,此命令在 VPN Bridge 和群集管理伺服器中不起作用。\n在群集上創建虛擬叢集控制器 HUB 時,請運行 HubCreateStatic 或者 HubCreateDynamic 命令。(對群集控制器操作時,HubCreate 和 HubCreateDynamic就有相同的功能)。
|
||||
@ -5101,6 +5144,16 @@ CMD_Offline_Help 如果您正在管理的虛擬 HUB 線上,設置成離線
|
||||
CMD_Offline_Args Offline
|
||||
|
||||
|
||||
# SetStaticNetwork 命令
|
||||
CMD_SetStaticNetwork Set Virtual Hub static IPv4 network parameters
|
||||
CMD_SetStaticNetwork_Help Set the static IPv4 network parameters for the Virtual Hub. They are used when DHCP is not available (e.g. WireGuard sessions). \nYou can get the current settings by using the OptionsGet command.
|
||||
CMD_SetStaticNetwork_Args SetStaticNetwork [/GATEWAY:gateway] [/SUBNET:subnet]
|
||||
CMD_SetStaticNetwork_GATEWAY Specify the IP address of the gateway that will be used for internet communication.
|
||||
CMD_SetStaticNetwork_SUBNET Specify the subnet mask, required to determine the size of the local VPN network.
|
||||
CMD_SetStaticNetwork_Prompt_GATEWAY Gateway:
|
||||
CMD_SetStaticNetwork_Prompt_SUBNET Subnet mask:
|
||||
|
||||
|
||||
# SetMaxSession 命令
|
||||
CMD_SetMaxSession 設定虛擬 HUB 的最大同時線上用戶數量
|
||||
CMD_SetMaxSession_Help 設定現在正在管理的虛擬 HUB 的最大同時線上客戶數量。當超過這個數量時,如果從 VPN Client 和 VPN Bridge 連接的時候,超過了最大併發會話數,更多的客戶將無法連接。最大同時線上客戶數的限制不包括本地的橋接器,虛擬的 NAT,級聯連接等生成連接不包括在內。\n設置同時線上最大數目,可以通過運行 OptionsGet 命令獲得。\n此命令,在 VPN Bridge 中不會運行。\n此命令在集群虛擬 HUB 中不能運行。
|
||||
@ -5137,7 +5190,8 @@ CMD_OptionsGet_ENUM 對於匿名使用者的虛擬 HUB 的顯示
|
||||
CMD_OptionsGet_MAXSESSIONS 最大同時線上客戶數
|
||||
CMD_OptionsGet_STATUS 狀態
|
||||
CMD_OptionsGet_TYPE 虛擬 HUB 的類型
|
||||
|
||||
CMD_OptionsGet_GATEWAY Default gateway
|
||||
CMD_OptionsGet_SUBNET Default subnet
|
||||
|
||||
|
||||
# RadiusServerSet 命令
|
||||
|
Loading…
Reference in New Issue
Block a user