1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-22 17:39:53 +03:00

Merge PR #1177: Implement options API in Proto

This commit is contained in:
Davide Beatrici 2020-07-28 01:35:50 +02:00 committed by GitHub
commit 5cdd2a4e4a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
26 changed files with 1234 additions and 954 deletions

View File

@ -9,7 +9,7 @@ cd $BUILD_BINARIESDIRECTORY
./vpnserver start
./vpncmd 127.0.0.1:443 /SERVER /HUB:DEFAULT /CMD:SecureNatEnable
./vpncmd 127.0.0.1:443 /SERVER /CMD:"OpenVpnEnable yes"
./vpncmd 127.0.0.1:443 /SERVER /CMD:"ProtoOptionsSet OpenVPN /NAME:Enabled /VALUE:True"
./vpncmd 127.0.0.1:443 /SERVER /CMD:"PortsUDPSet 1194"
./vpncmd 127.0.0.1:443 /SERVER /HUB:DEFAULT /CMD:"UserCreate test /GROUP:none /REALNAME:none /NOTE:none"
./vpncmd 127.0.0.1:443 /SERVER /HUB:DEFAULT /CMD:"UserPasswordSet test /PASSWORD:test"

View File

@ -1496,6 +1496,8 @@ PACK *AdminDispatch(RPC *rpc, char *name, PACK *p)
DECLARE_RPC("EnableListener", RPC_LISTENER, StEnableListener, InRpcListener, OutRpcListener)
DECLARE_RPC_EX("SetPortsUDP", RPC_PORTS, StSetPortsUDP, InRpcPorts, OutRpcPorts, FreeRpcPorts)
DECLARE_RPC_EX("GetPortsUDP", RPC_PORTS, StGetPortsUDP, InRpcPorts, OutRpcPorts, FreeRpcPorts)
DECLARE_RPC_EX("SetProtoOptions", RPC_PROTO_OPTIONS, StSetProtoOptions, InRpcProtoOptions, OutRpcProtoOptions, FreeRpcProtoOptions)
DECLARE_RPC_EX("GetProtoOptions", RPC_PROTO_OPTIONS, StGetProtoOptions, InRpcProtoOptions, OutRpcProtoOptions, FreeRpcProtoOptions)
DECLARE_RPC("SetServerPassword", RPC_SET_PASSWORD, StSetServerPassword, InRpcSetPassword, OutRpcSetPassword)
DECLARE_RPC_EX("SetFarmSetting", RPC_FARM, StSetFarmSetting, InRpcFarm, OutRpcFarm, FreeRpcFarm)
DECLARE_RPC_EX("GetFarmSetting", RPC_FARM, StGetFarmSetting, InRpcFarm, OutRpcFarm, FreeRpcFarm)
@ -1678,6 +1680,8 @@ DECLARE_SC("DeleteListener", RPC_LISTENER, ScDeleteListener, InRpcListener, OutR
DECLARE_SC("EnableListener", RPC_LISTENER, ScEnableListener, InRpcListener, OutRpcListener)
DECLARE_SC_EX("SetPortsUDP", RPC_PORTS, ScSetPortsUDP, InRpcPorts, OutRpcPorts, FreeRpcPorts)
DECLARE_SC_EX("GetPortsUDP", RPC_PORTS, ScGetPortsUDP, InRpcPorts, OutRpcPorts, FreeRpcPorts)
DECLARE_SC_EX("SetProtoOptions", RPC_PROTO_OPTIONS, ScSetProtoOptions, InRpcProtoOptions, OutRpcProtoOptions, FreeRpcProtoOptions)
DECLARE_SC_EX("GetProtoOptions", RPC_PROTO_OPTIONS, ScGetProtoOptions, InRpcProtoOptions, OutRpcProtoOptions, FreeRpcProtoOptions)
DECLARE_SC("SetServerPassword", RPC_SET_PASSWORD, ScSetServerPassword, InRpcSetPassword, OutRpcSetPassword)
DECLARE_SC_EX("SetFarmSetting", RPC_FARM, ScSetFarmSetting, InRpcFarm, OutRpcFarm, FreeRpcFarm)
DECLARE_SC_EX("GetFarmSetting", RPC_FARM, ScGetFarmSetting, InRpcFarm, OutRpcFarm, FreeRpcFarm)
@ -1985,42 +1989,96 @@ UINT StSetSpecialListener(ADMIN *a, RPC_SPECIAL_LISTENER *t)
// Set configurations for OpenVPN and SSTP
UINT StSetOpenVpnSstpConfig(ADMIN *a, OPENVPN_SSTP_CONFIG *t)
{
SERVER *s = a->Server;
CEDAR *c = s->Cedar;
PROTO *proto = a->Server->Proto;
PROTO_CONTAINER *container, tmp_c;
PROTO_OPTION *option, tmp_o;
UINT ret = ERR_NO_ERROR;
bool changed = false;
SERVER_ADMIN_ONLY;
NO_SUPPORT_FOR_BRIDGE;
if (s->ServerType != SERVER_TYPE_STANDALONE)
if (proto == NULL)
{
return ERR_NOT_SUPPORTED;
}
SiSetOpenVPNAndSSTPConfig(s, t);
tmp_o.Name = PROTO_OPTION_TOGGLE_NAME;
tmp_c.Name = "OpenVPN";
ALog(a, NULL, "LA_SET_OVPN_SSTP_CONFIG");
container = Search(proto->Containers, &tmp_c);
if (container != NULL)
{
option = Search(container->Options, &tmp_o);
if (option != NULL)
{
if (option->Type == PROTO_OPTION_BOOL)
{
option->Bool = t->EnableOpenVPN;
changed = true;
}
else
{
ret = ERR_INVALID_PARAMETER;
}
}
else
{
ret = ERR_OBJECT_NOT_FOUND;
}
}
else
{
ret = ERR_OBJECT_NOT_FOUND;
}
IncrementServerConfigRevision(s);
tmp_c.Name = "SSTP";
return ERR_NO_ERROR;
container = Search(proto->Containers, &tmp_c);
if (container != NULL)
{
option = Search(container->Options, &tmp_o);
if (option != NULL)
{
if (option->Type == PROTO_OPTION_BOOL)
{
option->Bool = t->EnableSSTP;
changed = true;
}
else
{
ret = ERR_INVALID_PARAMETER;
}
}
else
{
ret = ERR_OBJECT_NOT_FOUND;
}
}
else
{
ret = ERR_OBJECT_NOT_FOUND;
}
if (changed)
{
ALog(a, NULL, "LA_SET_OVPN_SSTP_CONFIG");
IncrementServerConfigRevision(a->Server);
}
return ret;
}
// Get configurations for OpenVPN and SSTP
UINT StGetOpenVpnSstpConfig(ADMIN *a, OPENVPN_SSTP_CONFIG *t)
{
SERVER *s = a->Server;
CEDAR *c = s->Cedar;
UINT ret = ERR_NO_ERROR;
SERVER_ADMIN_ONLY;
NO_SUPPORT_FOR_BRIDGE;
if (s->ServerType != SERVER_TYPE_STANDALONE)
PROTO *proto = a->Server->Proto;
if (proto == NULL)
{
return ERR_NOT_SUPPORTED;
}
Zero(t, sizeof(OPENVPN_SSTP_CONFIG));
SiGetOpenVPNAndSSTPConfig(s, t);
t->EnableOpenVPN = ProtoEnabled(proto, "OpenVPN");
t->EnableSSTP = ProtoEnabled(proto, "SSTP");
return ERR_NO_ERROR;
}
@ -2109,7 +2167,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
BUF *readme_buf;
BUF *readme_pdf_buf;
BUF *sample_buf;
OPENVPN_SSTP_CONFIG config;
LIST *port_list;
char my_hostname[MAX_SIZE];
@ -2120,9 +2177,7 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
return ERR_NOT_SUPPORTED;
}
SiGetOpenVPNAndSSTPConfig(s, &config);
if (config.EnableOpenVPN == false)
if (ProtoEnabled(s->Proto, "OpenVPN") == false)
{
return ERR_OPENVPN_IS_NOT_ENABLED;
}
@ -9959,6 +10014,140 @@ UINT StGetPortsUDP(ADMIN *a, RPC_PORTS *t)
return ERR_NO_ERROR;
}
UINT StGetProtoOptions(ADMIN *a, RPC_PROTO_OPTIONS *t)
{
PROTO *proto = a->Server->Proto;
PROTO_CONTAINER *container, tmp;
UINT ret = ERR_NO_ERROR;
LIST *options;
if (proto == NULL)
{
return ERR_NOT_SUPPORTED;
}
tmp.Name = t->Protocol;
container = Search(proto->Containers, &tmp);
if (container == NULL)
{
return ERR_INVALID_PARAMETER;
}
options = container->Options;
LockList(options);
{
UINT i;
t->Num = LIST_NUM(options);
t->Options = Malloc(sizeof(PROTO_OPTION) * t->Num);
for (i = 0; i < t->Num; ++i)
{
const PROTO_OPTION *option = LIST_DATA(options, i);
PROTO_OPTION *rpc_option = &t->Options[i];
switch (option->Type)
{
case PROTO_OPTION_BOOL:
rpc_option->Bool = option->Bool;
break;
case PROTO_OPTION_STRING:
rpc_option->String = CopyStr(option->String);
break;
default:
Debug("StGetProtoOptions(): unhandled option type %u!\n", option->Type);
ret = ERR_INTERNAL_ERROR;
}
if (ret == ERR_NO_ERROR)
{
rpc_option->Name = CopyStr(option->Name);
rpc_option->Type = option->Type;
}
else
{
break;
}
}
}
UnlockList(options);
return ret;
}
UINT StSetProtoOptions(ADMIN *a, RPC_PROTO_OPTIONS *t)
{
PROTO *proto = a->Server->Proto;
PROTO_CONTAINER *container, tmp;
UINT ret = ERR_NO_ERROR;
bool changed = false;
LIST *options;
SERVER_ADMIN_ONLY;
if (proto == NULL)
{
return ERR_NOT_SUPPORTED;
}
tmp.Name = t->Protocol;
container = Search(proto->Containers, &tmp);
if (container == NULL)
{
return ERR_INVALID_PARAMETER;
}
options = container->Options;
LockList(options);
{
UINT i;
for (i = 0; i < t->Num; ++i)
{
PROTO_OPTION *rpc_option = &t->Options[i];
PROTO_OPTION *option = Search(options, rpc_option);
if (option == NULL || rpc_option->Type != option->Type)
{
ret = ERR_INVALID_PARAMETER;
break;
}
switch (option->Type)
{
case PROTO_OPTION_BOOL:
option->Bool = rpc_option->Bool;
break;
case PROTO_OPTION_STRING:
Free(option->String);
option->String = CopyStr(rpc_option->String);
break;
default:
Debug("StSetProtoOptions(): unhandled option type %u!\n", option->Type);
ret = ERR_INTERNAL_ERROR;
}
if (ret == ERR_NO_ERROR)
{
changed = true;
}
else
{
break;
}
}
}
UnlockList(options);
if (changed)
{
ALog(a, NULL, "LA_SET_PROTO_OPTIONS", t->Protocol);
IncrementServerConfigRevision(a->Server);
}
return ret;
}
// Get server status
UINT StGetServerStatus(ADMIN *a, RPC_SERVER_STATUS *t)
{
@ -10143,8 +10332,6 @@ void InOpenVpnSstpConfig(OPENVPN_SSTP_CONFIG *t, PACK *p)
t->EnableOpenVPN = PackGetBool(p, "EnableOpenVPN");
t->EnableSSTP = PackGetBool(p, "EnableSSTP");
t->OpenVPNObfuscation= PackGetBool(p, "OpenVPNObfuscation");
PackGetStr(p, "OpenVPNObfuscationMask", t->OpenVPNObfuscationMask, sizeof(t->OpenVPNObfuscationMask));
}
void OutOpenVpnSstpConfig(PACK *p, OPENVPN_SSTP_CONFIG *t)
{
@ -10156,8 +10343,6 @@ void OutOpenVpnSstpConfig(PACK *p, OPENVPN_SSTP_CONFIG *t)
PackAddBool(p, "EnableOpenVPN", t->EnableOpenVPN);
PackAddBool(p, "EnableSSTP", t->EnableSSTP);
PackAddBool(p, "OpenVPNObfuscation", t->OpenVPNObfuscation);
PackAddStr(p, "OpenVPNObfuscationMask", t->OpenVPNObfuscationMask);
}
// DDNS_CLIENT_STATUS
@ -12266,6 +12451,130 @@ void FreeRpcStr(RPC_STR *t)
Free(t->String);
}
// RPC_PROTO_OPTIONS
void InRpcProtoOptions(RPC_PROTO_OPTIONS *t, PACK *p)
{
UINT i, size;
// Validate arguments
if (t == NULL || p == NULL)
{
return;
}
Zero(t, sizeof(RPC_PROTO_OPTIONS));
size = PackGetStrSize(p, "Protocol");
if (size > 0)
{
t->Protocol = Malloc(size);
if (PackGetStr(p, "Protocol", t->Protocol, size) == false)
{
Zero(t->Protocol, size);
}
}
t->Num = PackGetIndexCount(p, "Name");
if (t->Num == 0)
{
return;
}
t->Options = ZeroMalloc(sizeof(PROTO_OPTION) * t->Num);
for (i = 0; i < t->Num; ++i)
{
PROTO_OPTION *option = &t->Options[i];
size = PackGetStrSizeEx(p, "Name", i);
if (size > 0)
{
option->Name = Malloc(size);
if (PackGetStrEx(p, "Name", option->Name, size, i) == false)
{
Zero(option->Name, size);
}
}
option->Type = PackGetIntEx(p, "Type", i);
switch (option->Type)
{
case PROTO_OPTION_STRING:
size = PackGetDataSizeEx(p, "Value", i);
if (size > 0)
{
option->String = Malloc(size);
if (PackGetDataEx2(p, "Value", option->String, size, i) == false)
{
Zero(option->String, size);
}
}
break;
case PROTO_OPTION_BOOL:
PackGetDataEx2(p, "Value", &option->Bool, sizeof(option->Bool), i);
break;
default:
Debug("InRpcProtoOptions(): unhandled type %u!\n", option->Type);
}
}
}
void OutRpcProtoOptions(PACK *p, RPC_PROTO_OPTIONS *t)
{
UINT i;
// Validate arguments
if (t == NULL || p == NULL)
{
return;
}
PackAddStr(p, "Protocol", t->Protocol);
for (i = 0; i < t->Num; ++i)
{
PROTO_OPTION *option = &t->Options[i];
PackAddStrEx(p, "Name", option->Name, i, t->Num);
PackAddIntEx(p, "Type", option->Type, i, t->Num);
switch (option->Type)
{
case PROTO_OPTION_STRING:
PackAddDataEx(p, "Value", option->String, StrLen(option->String) + 1, i, t->Num);
break;
case PROTO_OPTION_BOOL:
PackAddDataEx(p, "Value", &option->Bool, sizeof(option->Bool), i, t->Num);
break;
default:
Debug("OutRpcProtoOptions(): unhandled type %u!\n", option->Type);
}
}
}
void FreeRpcProtoOptions(RPC_PROTO_OPTIONS *t)
{
UINT i;
// Validate arguments
if (t == NULL)
{
return;
}
Free(t->Protocol);
for (i = 0; i < t->Num; ++i)
{
PROTO_OPTION *option = &t->Options[i];
Free(option->Name);
if (option->Type == PROTO_OPTION_STRING)
{
Free(option->String);
}
}
Free(t->Options);
}
// RPC_SET_PASSWORD
void InRpcSetPassword(RPC_SET_PASSWORD *t, PACK *p)
{

View File

@ -124,6 +124,14 @@ struct RPC_INT
UINT IntValue; // Integer
};
// Proto options
struct RPC_PROTO_OPTIONS
{
char *Protocol; // Protocol name
UINT Num; // Number of options
PROTO_OPTION *Options; // Options
};
// Set Password
struct RPC_SET_PASSWORD
{
@ -966,6 +974,8 @@ UINT StDeleteListener(ADMIN *a, RPC_LISTENER *t);
UINT StEnableListener(ADMIN *a, RPC_LISTENER *t);
UINT StSetPortsUDP(ADMIN *a, RPC_PORTS *t);
UINT StGetPortsUDP(ADMIN *a, RPC_PORTS *t);
UINT StGetProtoOptions(ADMIN *a, RPC_PROTO_OPTIONS *t);
UINT StSetProtoOptions(ADMIN *a, RPC_PROTO_OPTIONS *t);
UINT StSetServerPassword(ADMIN *a, RPC_SET_PASSWORD *t);
UINT StSetFarmSetting(ADMIN *a, RPC_FARM *t);
UINT StGetFarmSetting(ADMIN *a, RPC_FARM *t);
@ -1112,6 +1122,8 @@ UINT ScDeleteListener(RPC *r, RPC_LISTENER *t);
UINT ScEnableListener(RPC *r, RPC_LISTENER *t);
UINT ScSetPortsUDP(RPC *r, RPC_PORTS *t);
UINT ScGetPortsUDP(RPC *r, RPC_PORTS *t);
UINT ScSetProtoOptions(RPC *r, RPC_PROTO_OPTIONS *t);
UINT ScGetProtoOptions(RPC *r, RPC_PROTO_OPTIONS *t);
UINT ScSetServerPassword(RPC *r, RPC_SET_PASSWORD *t);
UINT ScSetFarmSetting(RPC *r, RPC_FARM *t);
UINT ScGetFarmSetting(RPC *r, RPC_FARM *t);
@ -1268,6 +1280,9 @@ void FreeRpcPorts(RPC_PORTS *t);
void InRpcStr(RPC_STR *t, PACK *p);
void OutRpcStr(PACK *p, RPC_STR *t);
void FreeRpcStr(RPC_STR *t);
void InRpcProtoOptions(RPC_PROTO_OPTIONS *t, PACK *p);
void OutRpcProtoOptions(PACK *p, RPC_PROTO_OPTIONS *t);
void FreeRpcProtoOptions(RPC_PROTO_OPTIONS *t);
void InRpcSetPassword(RPC_SET_PASSWORD *t, PACK *p);
void OutRpcSetPassword(PACK *p, RPC_SET_PASSWORD *t);
void InRpcFarm(RPC_FARM *t, PACK *p);

View File

@ -1439,10 +1439,6 @@ CEDAR *NewCedar(X *server_x, K *server_k)
c->CurrentRegionLock = NewLock();
StrCpy(c->OpenVPNDefaultClientOption, sizeof(c->OpenVPNDefaultClientOption), OVPN_DEF_CLIENT_OPTION_STRING);
c->OpenVPNPushDummyIPv4AddressOnL2Mode = true; // Default true. Override by the config file.
#ifdef BETA_NUMBER
c->Beta = BETA_NUMBER;
#endif // BETA_NUMBER

View File

@ -981,10 +981,6 @@ typedef struct CEDAR
UINT FifoBudget; // Fifo budget
SSL_ACCEPT_SETTINGS SslAcceptSettings; // SSL Accept Settings
UINT DhParamBits; // Bits of Diffie-Hellman parameters
char OpenVPNDefaultClientOption[MAX_SIZE]; // OpenVPN: Default Client Option String
bool OpenVPNObfuscation; // OpenVPN: Obfuscation mode
char OpenVPNObfuscationMask[MAX_SIZE]; // OpenVPN: String (mask) for XOR obfuscation
bool OpenVPNPushDummyIPv4AddressOnL2Mode; // OpenVPN: Push a dummy IPv4 address on L2 mode
} CEDAR;
// Type of CEDAR

View File

@ -290,6 +290,7 @@ typedef struct RPC_LISTENER RPC_LISTENER;
typedef struct RPC_LISTENER_LIST RPC_LISTENER_LIST;
typedef struct RPC_PORTS RPC_PORTS;
typedef struct RPC_STR RPC_STR;
typedef struct RPC_PROTO_OPTIONS RPC_PROTO_OPTIONS;
typedef struct RPC_SET_PASSWORD RPC_SET_PASSWORD;
typedef struct RPC_FARM RPC_FARM;
typedef struct RPC_FARM_HUB RPC_FARM_HUB;

View File

@ -7352,6 +7352,8 @@ void PsMain(PS *ps)
{"ListenerDisable", PsListenerDisable},
{"PortsUDPGet", PsPortsUDPGet},
{"PortsUDPSet", PsPortsUDPSet},
{"ProtoOptionsGet", PsProtoOptionsGet},
{"ProtoOptionsSet", PsProtoOptionsSet},
{"ServerPasswordSet", PsServerPasswordSet},
{"ClusterSettingGet", PsClusterSettingGet},
{"ClusterSettingStandalone", PsClusterSettingStandalone},
@ -7537,13 +7539,7 @@ void PsMain(PS *ps)
{"EtherIpClientAdd", PsEtherIpClientAdd},
{"EtherIpClientDelete", PsEtherIpClientDelete},
{"EtherIpClientList", PsEtherIpClientList},
{"OpenVpnEnable", PsOpenVpnEnable},
{"OpenVpnGet", PsOpenVpnGet},
{"OpenVpnMakeConfig", PsOpenVpnMakeConfig},
{"OpenVpnObfuscationEnable", PsOpenVpnObfuscationEnable},
{"OpenVpnObfuscationGet", PsOpenVpnObfuscationGet},
{"SstpEnable", PsSstpEnable},
{"SstpGet", PsSstpGet},
{"ServerCertRegenerate", PsServerCertRegenerate},
{"VpnOverIcmpDnsEnable", PsVpnOverIcmpDnsEnable},
{"VpnOverIcmpDnsGet", PsVpnOverIcmpDnsGet},
@ -21466,97 +21462,6 @@ UINT PsEtherIpClientList(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
return 0;
}
// Enable / disable the OpenVPN compatible server function
UINT PsOpenVpnEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{
LIST *o;
PS *ps = (PS *)param;
UINT ret = 0;
OPENVPN_SSTP_CONFIG t;
// Parameter list that can be specified
PARAM args[] =
{
// "name", prompt_proc, prompt_param, eval_proc, eval_param
{"[yes|no]", CmdPrompt, _UU("CMD_OpenVpnEnable_Prompt_[yes|no]"), CmdEvalNotEmpty, NULL},
};
o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0]));
if (o == NULL)
{
return ERR_INVALID_PARAMETER;
}
Zero(&t, sizeof(t));
// RPC call
ret = ScGetOpenVpnSstpConfig(ps->Rpc, &t);
if (ret != ERR_NO_ERROR)
{
// An error has occured
CmdPrintError(c, ret);
FreeParamValueList(o);
return ret;
}
t.EnableOpenVPN = GetParamYes(o, "[yes|no]");
// RPC call
ret = ScSetOpenVpnSstpConfig(ps->Rpc, &t);
if (ret != ERR_NO_ERROR)
{
// An error has occured
CmdPrintError(c, ret);
FreeParamValueList(o);
return ret;
}
FreeParamValueList(o);
return 0;
}
// Get the current settings for the OpenVPN compatible server function
UINT PsOpenVpnGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{
LIST *o;
PS *ps = (PS *)param;
UINT ret = 0;
OPENVPN_SSTP_CONFIG t;
o = ParseCommandList(c, cmd_name, str, NULL, 0);
if (o == NULL)
{
return ERR_INVALID_PARAMETER;
}
Zero(&t, sizeof(t));
// RPC call
ret = ScGetOpenVpnSstpConfig(ps->Rpc, &t);
if (ret != ERR_NO_ERROR)
{
// An error has occured
CmdPrintError(c, ret);
FreeParamValueList(o);
return ret;
}
else
{
CT *ct = CtNewStandard();
CtInsert(ct, _UU("CMD_OpenVpnGet_PRINT_Enabled"), _UU(t.EnableOpenVPN ? "SEC_YES" : "SEC_NO"));
CtFree(ct, c);
}
FreeParamValueList(o);
return 0;
}
// Generate a OpenVPN sample configuration file that can connect to the OpenVPN compatible server function
UINT PsOpenVpnMakeConfig(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{
@ -21623,194 +21528,6 @@ UINT PsOpenVpnMakeConfig(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
return ret;
}
// Enable / disable the OpenVPN compatible server function's obfuscation mode
UINT PsOpenVpnObfuscationEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{
LIST *o;
PS *ps = (PS *)param;
UINT ret = 0;
OPENVPN_SSTP_CONFIG t;
// Parameter list that can be specified
PARAM args[] =
{
// "name", prompt_proc, prompt_param, eval_proc, eval_param
{"[yes|no]", CmdPrompt, _UU("CMD_OpenVpnObfuscationEnable_Prompt_[yes|no]"), CmdEvalNotEmpty, NULL},
{"MASK", CmdPrompt, _UU("CMD_OpenVpnObfuscationEnable_Prompt_MASK"), NULL, NULL},
};
o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0]));
if (o == NULL)
{
return ERR_INVALID_PARAMETER;
}
Zero(&t, sizeof(t));
// RPC call
ret = ScGetOpenVpnSstpConfig(ps->Rpc, &t);
if (ret != ERR_NO_ERROR)
{
// An error has occured
CmdPrintError(c, ret);
FreeParamValueList(o);
return ret;
}
t.OpenVPNObfuscation = GetParamYes(o, "[yes|no]");
StrCpy(t.OpenVPNObfuscationMask, sizeof(t.OpenVPNObfuscationMask), GetParamStr(o, "MASK"));
// RPC call
ret = ScSetOpenVpnSstpConfig(ps->Rpc, &t);
if (ret != ERR_NO_ERROR)
{
// An error has occured
CmdPrintError(c, ret);
FreeParamValueList(o);
return ret;
}
FreeParamValueList(o);
return 0;
}
// Get the current settings for the OpenVPN compatible server function's obfuscation mode
UINT PsOpenVpnObfuscationGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{
LIST *o;
PS *ps = (PS *)param;
UINT ret = 0;
OPENVPN_SSTP_CONFIG t;
o = ParseCommandList(c, cmd_name, str, NULL, 0);
if (o == NULL)
{
return ERR_INVALID_PARAMETER;
}
Zero(&t, sizeof(t));
// RPC call
ret = ScGetOpenVpnSstpConfig(ps->Rpc, &t);
if (ret != ERR_NO_ERROR)
{
// An error has occured
CmdPrintError(c, ret);
FreeParamValueList(o);
return ret;
}
else
{
wchar_t tmp[MAX_PATH];
CT *ct = CtNewStandard();
CtInsert(ct, _UU("CMD_OpenVpnObfuscationGet_PRINT_Enabled"), _UU(t.OpenVPNObfuscation ? "SEC_YES" : "SEC_NO"));
StrToUni(tmp, sizeof(tmp), t.OpenVPNObfuscationMask);
CtInsert(ct, _UU("CMD_OpenVpnObfuscationGet_PRINT_Mask"), tmp);
CtFree(ct, c);
}
FreeParamValueList(o);
return 0;
}
// Enable / disable the Microsoft SSTP VPN compatible server function
UINT PsSstpEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{
LIST *o;
PS *ps = (PS *)param;
UINT ret = 0;
OPENVPN_SSTP_CONFIG t;
// Parameter list that can be specified
PARAM args[] =
{
// "name", prompt_proc, prompt_param, eval_proc, eval_param
{"[yes|no]", CmdPrompt, _UU("CMD_SstpEnable_Prompt_[yes|no]"), CmdEvalNotEmpty, NULL},
};
o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0]));
if (o == NULL)
{
return ERR_INVALID_PARAMETER;
}
Zero(&t, sizeof(t));
// RPC call
ret = ScGetOpenVpnSstpConfig(ps->Rpc, &t);
if (ret != ERR_NO_ERROR)
{
// An error has occured
CmdPrintError(c, ret);
FreeParamValueList(o);
return ret;
}
t.EnableSSTP = GetParamYes(o, "[yes|no]");
// RPC call
ret = ScSetOpenVpnSstpConfig(ps->Rpc, &t);
if (ret != ERR_NO_ERROR)
{
// An error has occured
CmdPrintError(c, ret);
FreeParamValueList(o);
return ret;
}
FreeParamValueList(o);
return 0;
}
// Get the current settings for the Microsoft SSTP VPN compatible server function
UINT PsSstpGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{
LIST *o;
PS *ps = (PS *)param;
UINT ret = 0;
OPENVPN_SSTP_CONFIG t;
o = ParseCommandList(c, cmd_name, str, NULL, 0);
if (o == NULL)
{
return ERR_INVALID_PARAMETER;
}
Zero(&t, sizeof(t));
// RPC call
ret = ScGetOpenVpnSstpConfig(ps->Rpc, &t);
if (ret != ERR_NO_ERROR)
{
// An error has occured
CmdPrintError(c, ret);
FreeParamValueList(o);
return ret;
}
else
{
CT *ct = CtNewStandard();
CtInsert(ct, _UU("CMD_SstpEnable_PRINT_Enabled"), _UU(t.EnableSSTP ? "SEC_YES" : "SEC_NO"));
CtFree(ct, c);
}
FreeParamValueList(o);
return 0;
}
// Register to the VPN Server by creating a new self-signed certificate with the specified CN (Common Name)
UINT PsServerCertRegenerate(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{
@ -22840,6 +22557,163 @@ UINT PsPortsUDPGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
return ret;
}
// Configure an option for the specified protocol (TODO: ability to set multiple options in a single call)
UINT PsProtoOptionsSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{
LIST *o;
PS *ps = (PS *)param;
UINT ret;
RPC_PROTO_OPTIONS t;
PARAM args[] =
{
{"[protocol]", CmdPrompt, _UU("CMD_ProtoOptionsSet_Prompt_[protocol]"), CmdEvalNotEmpty, NULL},
{"NAME", CmdPrompt, _UU("CMD_ProtoOptionsSet_Prompt_NAME"), CmdEvalNotEmpty, NULL},
{"VALUE", CmdPrompt, _UU("CMD_ProtoOptionsSet_Prompt_VALUE"), NULL, NULL}
};
o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0]));
if (o == NULL)
{
return ERR_INVALID_PARAMETER;
}
Zero(&t, sizeof(t));
t.Protocol = CopyStr(GetParamStr(o, "[protocol]"));
ret = ScGetProtoOptions(ps->Rpc, &t);
if (ret == ERR_NO_ERROR)
{
UINT i;
bool found = false;
for (i = 0; i < t.Num; ++i)
{
PROTO_OPTION *option = &t.Options[i];
if (StrCmpi(option->Name, GetParamStr(o, "NAME")) != 0)
{
continue;
}
found = true;
switch (option->Type)
{
case PROTO_OPTION_STRING:
Free(option->String);
option->String = CopyStr(GetParamStr(o, "VALUE"));
break;
case PROTO_OPTION_BOOL:
option->Bool = GetParamYes(o, "VALUE");
break;
default:
ret = ERR_INTERNAL_ERROR;
}
if (ret == ERR_NO_ERROR)
{
ret = ScSetProtoOptions(ps->Rpc, &t);
}
break;
}
if (found == false)
{
ret = ERR_OBJECT_NOT_FOUND;
}
}
if (ret != ERR_NO_ERROR)
{
CmdPrintError(c, ret);
}
FreeRpcProtoOptions(&t);
FreeParamValueList(o);
return ret;
}
// List available options for the specified protocol
UINT PsProtoOptionsGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{
LIST *o;
PS *ps = (PS *)param;
UINT ret;
RPC_PROTO_OPTIONS t;
PARAM args[] =
{
{"[protocol]", CmdPrompt, _UU("CMD_ProtoOptionsGet_Prompt_[protocol]"), CmdEvalNotEmpty, NULL}
};
o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0]));
if (o == NULL)
{
return ERR_INVALID_PARAMETER;
}
Zero(&t, sizeof(t));
t.Protocol = CopyStr(GetParamStr(o, "[protocol]"));
FreeParamValueList(o);
ret = ScGetProtoOptions(ps->Rpc, &t);
if (ret == ERR_NO_ERROR)
{
UINT i;
CT *ct = CtNew();
CtInsertColumn(ct, _UU("CMD_ProtoOptionsGet_Column_Name"), false);
CtInsertColumn(ct, _UU("CMD_ProtoOptionsGet_Column_Type"), false);
CtInsertColumn(ct, _UU("CMD_ProtoOptionsGet_Column_Value"), false);
CtInsertColumn(ct, _UU("CMD_ProtoOptionsGet_Column_Description"), false);
for (i = 0; i < t.Num; ++i)
{
char description_str_key[MAX_SIZE];
const PROTO_OPTION *option = &t.Options[i];
wchar_t *value, *type, *name = CopyStrToUni(option->Name);
switch (option->Type)
{
case PROTO_OPTION_BOOL:
type = L"Boolean";
value = option->Bool ? L"True" : L"False";
break;
case PROTO_OPTION_STRING:
type = L"String";
value = CopyStrToUni(option->String);
break;
default:
Debug("StGetProtoOptions(): unhandled option type %u!\n", option->Type);
Free(name);
continue;
}
Format(description_str_key, sizeof(description_str_key), "CMD_ProtoOptions_Description_%s_%s", t.Protocol, option->Name);
CtInsert(ct, name, type, value, _UU(description_str_key));
if (option->Type == PROTO_OPTION_STRING)
{
Free(value);
}
Free(name);
}
CtFree(ct, c);
}
else
{
CmdPrintError(c, ret);
}
FreeRpcProtoOptions(&t);
return ret;
}
// Draw a row of console table
void CtPrintRow(CONSOLE *c, UINT num, UINT *widths, wchar_t **strings, bool *rights, char separate_char)
{

View File

@ -395,6 +395,8 @@ UINT PsListenerEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsListenerDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsPortsUDPSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsPortsUDPGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsProtoOptionsSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsProtoOptionsGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsServerPasswordSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsClusterSettingGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsClusterSettingStandalone(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
@ -581,13 +583,7 @@ UINT PsIPsecGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsEtherIpClientAdd(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsEtherIpClientDelete(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsEtherIpClientList(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsOpenVpnEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsOpenVpnGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsOpenVpnMakeConfig(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsOpenVpnObfuscationEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsOpenVpnObfuscationGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsSstpEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsSstpGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsServerCertRegenerate(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsVpnOverIcmpDnsEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsVpnOverIcmpDnsGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);

View File

@ -2,21 +2,34 @@
#include "Proto_OpenVPN.h"
int ProtoImplCompare(void *p1, void *p2)
int ProtoOptionCompare(void *p1, void *p2)
{
PROTO_IMPL *impl_1 = p1, *impl_2 = p2;
PROTO_OPTION *option_1, *option_2;
if (impl_1 == NULL || impl_2 == NULL)
if (p1 == NULL || p2 == NULL)
{
return 0;
return (p1 == NULL && p2 == NULL ? 0 : (p1 == NULL ? -1 : 1));
}
if (StrCmp(impl_1->Name(), impl_2->Name()) == 0)
option_1 = *(PROTO_OPTION **)p1;
option_2 = *(PROTO_OPTION **)p2;
return StrCmpi(option_1->Name, option_2->Name);
}
int ProtoContainerCompare(void *p1, void *p2)
{
PROTO_CONTAINER *container_1, *container_2;
if (p1 == NULL || p2 == NULL)
{
return true;
return (p1 == NULL && p2 == NULL ? 0 : (p1 == NULL ? -1 : 1));
}
return false;
container_1 = *(PROTO_CONTAINER **)p1;
container_2 = *(PROTO_CONTAINER **)p2;
return StrCmpi(container_1->Name, container_2->Name);
}
int ProtoSessionCompare(void *p1, void *p2)
@ -115,6 +128,35 @@ UINT ProtoSessionHash(void *p)
return ret;
}
bool ProtoEnabled(const PROTO *proto, const char *name)
{
PROTO_OPTION *option, tmp_o;
PROTO_CONTAINER *container, tmp_c;
if (proto == NULL || name == NULL)
{
return false;
}
tmp_c.Name = name;
container = Search(proto->Containers, &tmp_c);
if (container == NULL)
{
return false;
}
tmp_o.Name = PROTO_OPTION_TOGGLE_NAME;
option = Search(container->Options, &tmp_o);
if (option == NULL || option->Type != PROTO_OPTION_BOOL)
{
return false;
}
return option->Bool;
}
PROTO *ProtoNew(CEDAR *cedar)
{
PROTO *proto;
@ -126,15 +168,15 @@ PROTO *ProtoNew(CEDAR *cedar)
proto = Malloc(sizeof(PROTO));
proto->Cedar = cedar;
proto->Impls = NewList(ProtoImplCompare);
proto->Containers = NewList(ProtoContainerCompare);
proto->Sessions = NewHashList(ProtoSessionHash, ProtoSessionCompare, 0, true);
AddRef(cedar->ref);
// OpenVPN
ProtoImplAdd(proto, OvsGetProtoImpl());
Add(proto->Containers, ProtoContainerNew(OvsGetProtoImpl()));
// SSTP
ProtoImplAdd(proto, SstpGetProtoImpl());
Add(proto->Containers, ProtoContainerNew(SstpGetProtoImpl()));
proto->UdpListener = NewUdpListener(ProtoHandleDatagrams, proto, &cedar->Server->ListenIP);
@ -156,28 +198,103 @@ void ProtoDelete(PROTO *proto)
{
ProtoDeleteSession(LIST_DATA(proto->Sessions->AllList, i));
}
ReleaseHashList(proto->Sessions);
for (i = 0; i < LIST_NUM(proto->Containers); ++i)
{
ProtoContainerDelete(LIST_DATA(proto->Containers, i));
}
ReleaseList(proto->Containers);
FreeUdpListener(proto->UdpListener);
ReleaseHashList(proto->Sessions);
ReleaseList(proto->Impls);
ReleaseCedar(proto->Cedar);
Free(proto);
}
bool ProtoImplAdd(PROTO *proto, PROTO_IMPL *impl) {
if (proto == NULL || impl == NULL)
PROTO_CONTAINER *ProtoContainerNew(const PROTO_IMPL *impl)
{
UINT i;
PROTO_OPTION *option;
PROTO_CONTAINER *container;
const PROTO_OPTION *impl_options;
if (impl == NULL)
{
return false;
}
Add(proto->Impls, impl);
container = Malloc(sizeof(PROTO_CONTAINER));
container->Name = impl->Name();
container->Options = NewList(ProtoOptionCompare);
container->Impl = impl;
Debug("ProtoImplAdd(): added %s\n", impl->Name());
option = ZeroMalloc(sizeof(PROTO_OPTION));
option->Name = PROTO_OPTION_TOGGLE_NAME;
option->Type = PROTO_OPTION_BOOL;
option->Bool = true;
return true;
Add(container->Options, option);
impl_options = impl->Options();
for (i = 0; impl_options[i].Name != NULL; ++i)
{
const PROTO_OPTION *impl_option = &impl_options[i];
option = ZeroMalloc(sizeof(PROTO_OPTION));
option->Name = impl_option->Name;
option->Type = impl_option->Type;
switch (impl_option->Type)
{
case PROTO_OPTION_BOOL:
option->Bool = impl_option->Bool;
break;
case PROTO_OPTION_STRING:
option->String = CopyStr(impl_option->String);
break;
default:
Debug("ProtoContainerNew(): unhandled option type %u!\n", impl_option->Type);
Free(option);
continue;
}
Add(container->Options, option);
}
Debug("ProtoContainerNew(): %s\n", container->Name);
return container;
}
PROTO_IMPL *ProtoImplDetect(PROTO *proto, const PROTO_MODE mode, const UCHAR *data, const UINT size)
void ProtoContainerDelete(PROTO_CONTAINER *container)
{
UINT i;
LIST *options;
if (container == NULL)
{
return;
}
options = container->Options;
for (i = 0; i < LIST_NUM(options); ++i)
{
PROTO_OPTION *option = LIST_DATA(options, i);
if (option->Type == PROTO_OPTION_STRING)
{
Free(option->String);
}
Free(option);
}
ReleaseList(options);
Free(container);
}
const PROTO_CONTAINER *ProtoDetect(const PROTO *proto, const PROTO_MODE mode, const UCHAR *data, const UINT size)
{
UINT i;
@ -186,46 +303,53 @@ PROTO_IMPL *ProtoImplDetect(PROTO *proto, const PROTO_MODE mode, const UCHAR *da
return NULL;
}
for (i = 0; i < LIST_NUM(proto->Impls); ++i)
for (i = 0; i < LIST_NUM(proto->Containers); ++i)
{
PROTO_IMPL *impl = LIST_DATA(proto->Impls, i);
if (impl->IsPacketForMe == NULL || impl->IsPacketForMe(mode, data, size) == false)
const PROTO_CONTAINER *container = LIST_DATA(proto->Containers, i);
const PROTO_IMPL *impl = container->Impl;
if (ProtoEnabled(proto, container->Name) == false)
{
Debug("ProtoDetect(): skipping %s because it's disabled\n", container->Name);
continue;
}
if (StrCmp(impl->Name(), "OpenVPN") == 0 && proto->Cedar->Server->DisableOpenVPNServer)
if (impl->IsPacketForMe != NULL && impl->IsPacketForMe(mode, data, size))
{
Debug("ProtoImplDetect(): OpenVPN detected, but it's disabled\n");
continue;
Debug("ProtoDetect(): %s detected\n", container->Name);
return container;
}
Debug("ProtoImplDetect(): %s detected\n", impl->Name());
return impl;
}
Debug("ProtoImplDetect(): unrecognized protocol\n");
Debug("ProtoDetect(): unrecognized protocol\n");
return NULL;
}
PROTO_SESSION *ProtoNewSession(PROTO *proto, PROTO_IMPL *impl, const IP *src_ip, const USHORT src_port, const IP *dst_ip, const USHORT dst_port)
PROTO_SESSION *ProtoNewSession(PROTO *proto, const PROTO_CONTAINER *container, const IP *src_ip, const USHORT src_port, const IP *dst_ip, const USHORT dst_port)
{
LIST *options;
PROTO_SESSION *session;
const PROTO_IMPL *impl;
if (impl == NULL || src_ip == NULL || src_port == 0 || dst_ip == NULL || dst_port == 0)
if (container == NULL || src_ip == NULL || src_port == 0 || dst_ip == NULL || dst_port == 0)
{
return NULL;
}
session = ZeroMalloc(sizeof(PROTO_SESSION));
options = container->Options;
impl = container->Impl;
session = ZeroMalloc(sizeof(PROTO_SESSION));
session->SockEvent = NewSockEvent();
session->InterruptManager = NewInterruptManager();
if (impl->Init != NULL && impl->Init(&session->Param, proto->Cedar, session->InterruptManager, session->SockEvent, NULL, NULL) == false)
{
Debug("ProtoNewSession(): failed to initialize %s\n", impl->Name());
LockList(options);
if (impl->Init != NULL && impl->Init(&session->Param, container->Options, proto->Cedar, session->InterruptManager, session->SockEvent, NULL, NULL) == false)
{
Debug("ProtoNewSession(): failed to initialize %s\n", container->Name);
UnlockList(options);
ReleaseSockEvent(session->SockEvent);
FreeInterruptManager(session->InterruptManager);
Free(session);
@ -233,6 +357,8 @@ PROTO_SESSION *ProtoNewSession(PROTO *proto, PROTO_IMPL *impl, const IP *src_ip,
return NULL;
}
UnlockList(options);
session->Proto = proto;
session->Impl = impl;
@ -313,7 +439,7 @@ bool ProtoSetUdpPorts(PROTO *proto, const LIST *ports)
bool ProtoHandleConnection(PROTO *proto, SOCK *sock, const char *protocol)
{
const PROTO_IMPL *impl = NULL;
const PROTO_IMPL *impl;
void *impl_data = NULL;
UCHAR *buf;
@ -327,44 +453,60 @@ bool ProtoHandleConnection(PROTO *proto, SOCK *sock, const char *protocol)
return false;
}
if (protocol != NULL)
{
UINT i;
for (i = 0; i < LIST_NUM(proto->Impls); ++i)
const PROTO_CONTAINER *container = NULL;
LIST *options;
if (protocol != NULL)
{
const PROTO_IMPL *tmp = LIST_DATA(proto->Impls, i);
if (StrCmp(tmp->Name(), protocol) == 0)
UINT i;
for (i = 0; i < LIST_NUM(proto->Containers); ++i)
{
impl = tmp;
break;
const PROTO_CONTAINER *tmp = LIST_DATA(proto->Containers, i);
if (StrCmp(tmp->Name, protocol) == 0)
{
impl = container->Impl;
break;
}
}
}
}
else
{
UCHAR tmp[PROTO_CHECK_BUFFER_SIZE];
if (Peek(sock, tmp, sizeof(tmp)) == 0)
else
{
UCHAR tmp[PROTO_CHECK_BUFFER_SIZE];
if (Peek(sock, tmp, sizeof(tmp)) == 0)
{
return false;
}
container = ProtoDetect(proto, PROTO_MODE_TCP, tmp, sizeof(tmp));
}
if (container == NULL)
{
return false;
}
impl = ProtoImplDetect(proto, PROTO_MODE_TCP, tmp, sizeof(tmp));
}
options = container->Options;
impl = container->Impl;
if (impl == NULL)
{
return false;
}
im = NewInterruptManager();
se = NewSockEvent();
im = NewInterruptManager();
se = NewSockEvent();
LockList(options);
if (impl->Init != NULL && impl->Init(&impl_data, proto->Cedar, im, se, sock->CipherName, sock->RemoteHostname) == false)
{
Debug("ProtoHandleConnection(): failed to initialize %s\n", impl->Name());
FreeInterruptManager(im);
ReleaseSockEvent(se);
return false;
if (impl->Init != NULL && impl->Init(&impl_data, options, proto->Cedar, im, se, sock->CipherName, sock->RemoteHostname) == false)
{
Debug("ProtoHandleConnection(): failed to initialize %s\n", container->Name);
UnlockList(options);
FreeInterruptManager(im);
ReleaseSockEvent(se);
return false;
}
UnlockList(options);
}
SetTimeout(sock, TIMEOUT_INFINITE);
@ -484,13 +626,13 @@ void ProtoHandleDatagrams(UDPLISTENER *listener, LIST *datagrams)
session = SearchHash(sessions, &tmp);
if (session == NULL)
{
tmp.Impl = ProtoImplDetect(proto, PROTO_MODE_UDP, datagram->Data, datagram->Size);
if (tmp.Impl == NULL)
const PROTO_CONTAINER *container = ProtoDetect(proto, PROTO_MODE_UDP, datagram->Data, datagram->Size);
if (container == NULL)
{
continue;
}
session = ProtoNewSession(proto, tmp.Impl, &tmp.SrcIp, tmp.SrcPort, &tmp.DstIp, tmp.DstPort);
session = ProtoNewSession(proto, container, &tmp.SrcIp, tmp.SrcPort, &tmp.DstIp, tmp.DstPort);
if (session == NULL)
{
continue;
@ -539,7 +681,7 @@ void ProtoSessionThread(THREAD *thread, void *param)
bool ok;
UINT interval;
void *param = session->Param;
PROTO_IMPL *impl = session->Impl;
const PROTO_IMPL *impl = session->Impl;
LIST *received = session->DatagramsIn;
LIST *to_send = session->DatagramsOut;

View File

@ -1,6 +1,8 @@
#ifndef PROTO_H
#define PROTO_H
#define PROTO_OPTION_TOGGLE_NAME "Enabled"
// OpenVPN sends 2 bytes, thus this is the buffer size.
// If another protocol requires more bytes to be detected, the buffer size must be increased.
#define PROTO_CHECK_BUFFER_SIZE 2
@ -9,34 +11,60 @@
typedef enum PROTO_MODE
{
PROTO_MODE_UNKNOWN = 0,
PROTO_MODE_TCP = 1,
PROTO_MODE_UDP = 2
PROTO_MODE_UNKNOWN,
PROTO_MODE_TCP,
PROTO_MODE_UDP
} PROTO_MODE;
typedef enum PROTO_OPTION_VALUE
{
PROTO_OPTION_UNKNOWN,
PROTO_OPTION_STRING,
PROTO_OPTION_BOOL
} PROTO_OPTION_VALUE;
typedef struct PROTO
{
CEDAR *Cedar;
LIST *Impls;
LIST *Containers;
HASH_LIST *Sessions;
UDPLISTENER *UdpListener;
} PROTO;
typedef struct PROTO_OPTION
{
char *Name;
PROTO_OPTION_VALUE Type;
union
{
bool Bool;
char *String;
};
} PROTO_OPTION;
typedef struct PROTO_IMPL
{
bool (*Init)(void **param, CEDAR *cedar, INTERRUPT_MANAGER *im, SOCK_EVENT *se, const char *cipher, const char *hostname);
const char *(*Name)();
const PROTO_OPTION *(*Options)();
bool (*Init)(void **param, const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *im, SOCK_EVENT *se, const char *cipher, const char *hostname);
void (*Free)(void *param);
char *(*Name)();
bool (*IsPacketForMe)(const PROTO_MODE mode, const UCHAR *data, const UINT size);
bool (*ProcessData)(void *param, TCP_RAW_DATA *in, FIFO *out);
bool (*ProcessDatagrams)(void *param, LIST *in, LIST *out);
} PROTO_IMPL;
typedef struct PROTO_CONTAINER
{
const char *Name;
LIST *Options;
const PROTO_IMPL *Impl;
} PROTO_CONTAINER;
typedef struct PROTO_SESSION
{
void *Param;
PROTO *Proto;
PROTO_IMPL *Impl;
const PROTO *Proto;
const PROTO_IMPL *Impl;
IP SrcIp;
USHORT SrcPort;
IP DstIp;
@ -50,18 +78,23 @@ typedef struct PROTO_SESSION
volatile bool Halt;
} PROTO_SESSION;
int ProtoImplCompare(void *p1, void *p2);
int ProtoOptionCompare(void *p1, void *p2);
int ProtoContainerCompare(void *p1, void *p2);
int ProtoSessionCompare(void *p1, void *p2);
UINT ProtoSessionHash(void *p);
bool ProtoEnabled(const PROTO *proto, const char *name);
PROTO *ProtoNew(CEDAR *cedar);
void ProtoDelete(PROTO *proto);
bool ProtoImplAdd(PROTO *proto, PROTO_IMPL *impl);
PROTO_IMPL *ProtoImplDetect(PROTO *proto, const PROTO_MODE mode, const UCHAR *data, const UINT size);
PROTO_CONTAINER *ProtoContainerNew(const PROTO_IMPL *impl);
void ProtoContainerDelete(PROTO_CONTAINER *container);
PROTO_SESSION *ProtoNewSession(PROTO *proto, PROTO_IMPL *impl, const IP *src_ip, const USHORT src_port, const IP *dst_ip, const USHORT dst_port);
const PROTO_CONTAINER *ProtoDetect(const PROTO *proto, const PROTO_MODE mode, const UCHAR *data, const UINT size);
PROTO_SESSION *ProtoNewSession(PROTO *proto, const PROTO_CONTAINER *container, const IP *src_ip, const USHORT src_port, const IP *dst_ip, const USHORT dst_port);
void ProtoDeleteSession(PROTO_SESSION *session);
bool ProtoSetListenIP(PROTO *proto, const IP *ip);

View File

@ -14,13 +14,14 @@ static UCHAR ping_signature[] =
0x07, 0xed, 0x2d, 0x0a, 0x98, 0x1f, 0xc7, 0x48
};
PROTO_IMPL *OvsGetProtoImpl()
const PROTO_IMPL *OvsGetProtoImpl()
{
static PROTO_IMPL impl =
static const PROTO_IMPL impl =
{
OvsName,
OvsOptions,
OvsInit,
OvsFree,
OvsName,
OvsIsPacketForMe,
OvsProcessData,
OvsProcessDatagrams
@ -29,16 +30,35 @@ PROTO_IMPL *OvsGetProtoImpl()
return &impl;
}
bool OvsInit(void **param, CEDAR *cedar, INTERRUPT_MANAGER *im, SOCK_EVENT *se, const char *cipher, const char *hostname)
const char *OvsName()
{
if (param == NULL || cedar == NULL || im == NULL || se == NULL)
return "OpenVPN";
}
const PROTO_OPTION *OvsOptions()
{
static const PROTO_OPTION options[] =
{
{ .Name = "DefaultClientOption", .Type = PROTO_OPTION_STRING, .String = "dev-type tun,link-mtu 1500,tun-mtu 1500,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client" },
{ .Name = "Obfuscation", .Type = PROTO_OPTION_BOOL, .Bool = false },
{ .Name = "ObfuscationMask", .Type = PROTO_OPTION_STRING, .String = ""},
{ .Name = "PushDummyIPv4AddressOnL2Mode", .Type = PROTO_OPTION_BOOL, .Bool = true },
{ .Name = NULL, .Type = PROTO_OPTION_UNKNOWN }
};
return options;
}
bool OvsInit(void **param, const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *im, SOCK_EVENT *se, const char *cipher, const char *hostname)
{
if (param == NULL || options == NULL || cedar == NULL || im == NULL || se == NULL)
{
return false;
}
Debug("OvsInit(): cipher: %s, hostname: %s\n", cipher, hostname);
*param = NewOpenVpnServer(cedar, im, se);
*param = NewOpenVpnServer(options, cedar, im, se);
return true;
}
@ -48,12 +68,6 @@ void OvsFree(void *param)
FreeOpenVpnServer(param);
}
// Return the protocol name
char *OvsName()
{
return "OpenVPN";
}
// Check whether it's an OpenVPN packet
bool OvsIsPacketForMe(const PROTO_MODE mode, const UCHAR *data, const UINT size)
{
@ -563,7 +577,7 @@ void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p, UINT protocol)
// Detect obfuscation mode and save it for the next packets in the same session
if (se->ObfuscationMode == INFINITE)
{
se->ObfuscationMode = OvsDetectObfuscation(p->Data, p->Size, s->Cedar->OpenVPNObfuscationMask);
se->ObfuscationMode = OvsDetectObfuscation(p->Data, p->Size, s->ObfuscationMask);
if (se->ObfuscationMode != INFINITE)
{
Debug("OvsProceccRecvPacket(): detected packet obfuscation/scrambling mode: %u\n", se->ObfuscationMode);
@ -581,7 +595,7 @@ void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p, UINT protocol)
case OPENVPN_SCRAMBLE_MODE_DISABLED:
break;
case OPENVPN_SCRAMBLE_MODE_XORMASK:
OvsDataXorMask(p->Data, p->Size, s->Cedar->OpenVPNObfuscationMask, StrLen(s->Cedar->OpenVPNObfuscationMask));
OvsDataXorMask(p->Data, p->Size, s->ObfuscationMask, StrLen(s->ObfuscationMask));
break;
case OPENVPN_SCRAMBLE_MODE_XORPTRPOS:
OvsDataXorPtrPos(p->Data, p->Size);
@ -590,7 +604,7 @@ void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p, UINT protocol)
OvsDataReverse(p->Data, p->Size);
break;
case OPENVPN_SCRAMBLE_MODE_OBFUSCATE:
OvsDataXorMask(p->Data, p->Size, s->Cedar->OpenVPNObfuscationMask, StrLen(s->Cedar->OpenVPNObfuscationMask));
OvsDataXorMask(p->Data, p->Size, s->ObfuscationMask, StrLen(s->ObfuscationMask));
OvsDataXorPtrPos(p->Data, p->Size);
OvsDataReverse(p->Data, p->Size);
OvsDataXorPtrPos(p->Data, p->Size);
@ -1181,7 +1195,7 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
StrCpy(opt_str, sizeof(opt_str), data->OptionString);
if (s->Cedar != NULL && (IsEmptyStr(opt_str) || StartWith(opt_str, "V0 UNDEF") || InStr(opt_str, ",") == false))
{
StrCpy(opt_str, sizeof(opt_str), s->Cedar->OpenVPNDefaultClientOption);
StrCpy(opt_str, sizeof(opt_str), s->DefaultClientOption);
}
o = NewEntryList(opt_str, ",", " \t");
@ -2107,7 +2121,7 @@ OPENVPN_SESSION *OvsNewSession(OPENVPN_SERVER *s, IP *server_ip, UINT server_por
Copy(&se->ServerIp, server_ip, sizeof(IP));
se->ServerPort = server_port;
se->ObfuscationMode = s->Cedar->OpenVPNObfuscation ? INFINITE : OPENVPN_SCRAMBLE_MODE_DISABLED;
se->ObfuscationMode = s->Obfuscation ? INFINITE : OPENVPN_SCRAMBLE_MODE_DISABLED;
se->LastCommTick = s->Now;
@ -2472,8 +2486,7 @@ void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol)
// on Linux, the TAP device must be up after the OpenVPN client is connected.
// However there is no direct push instruction to do so to OpenVPN client.
// Therefore we push the dummy IPv4 address (RFC7600) to the OpenVPN client.
if (s->Cedar->OpenVPNPushDummyIPv4AddressOnL2Mode)
if (s->PushDummyIPv4AddressOnL2Mode)
{
StrCat(option_str, sizeof(option_str), ",ifconfig 192.0.0.8 255.255.255.240");
}
@ -2822,7 +2835,7 @@ void OvsSendPacketRawNow(OPENVPN_SERVER *s, OPENVPN_SESSION *se, void *data, UIN
case OPENVPN_SCRAMBLE_MODE_DISABLED:
break;
case OPENVPN_SCRAMBLE_MODE_XORMASK:
OvsDataXorMask(data, size, s->Cedar->OpenVPNObfuscationMask, StrLen(s->Cedar->OpenVPNObfuscationMask));
OvsDataXorMask(data, size, s->ObfuscationMask, StrLen(s->ObfuscationMask));
break;
case OPENVPN_SCRAMBLE_MODE_XORPTRPOS:
OvsDataXorPtrPos(data, size);
@ -2834,7 +2847,7 @@ void OvsSendPacketRawNow(OPENVPN_SERVER *s, OPENVPN_SESSION *se, void *data, UIN
OvsDataXorPtrPos(data, size);
OvsDataReverse(data, size);
OvsDataXorPtrPos(data, size);
OvsDataXorMask(data, size, s->Cedar->OpenVPNObfuscationMask, StrLen(s->Cedar->OpenVPNObfuscationMask));
OvsDataXorMask(data, size, s->ObfuscationMask, StrLen(s->ObfuscationMask));
}
u = NewUdpPacket(&se->ServerIp, se->ServerPort, &se->ClientIp, se->ClientPort,
@ -2923,17 +2936,39 @@ int OvsCompareSessionList(void *p1, void *p2)
}
// Create a new OpenVPN server
OPENVPN_SERVER *NewOpenVpnServer(CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOCK_EVENT *sock_event)
OPENVPN_SERVER *NewOpenVpnServer(const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOCK_EVENT *sock_event)
{
UINT i;
OPENVPN_SERVER *s;
// Validate arguments
if (cedar == NULL)
if (options == NULL || cedar == NULL || interrupt == NULL || sock_event == NULL)
{
return NULL;
}
s = ZeroMalloc(sizeof(OPENVPN_SERVER));
for (i = 0; i < LIST_NUM(options); ++i)
{
const PROTO_OPTION *option = LIST_DATA(options, i);
if (StrCmp(option->Name, "DefaultClientOption") == 0)
{
s->DefaultClientOption = CopyStr(option->String);
}
else if (StrCmp(option->Name, "Obfuscation") == 0)
{
s->Obfuscation = option->Bool;
}
else if (StrCmp(option->Name, "ObfuscationMask") == 0)
{
s->ObfuscationMask = CopyStr(option->String);
}
else if (StrCmp(option->Name, "PushDummyIPv4AddressOnL2Mode") == 0)
{
s->PushDummyIPv4AddressOnL2Mode = option->Bool;
}
}
s->Cedar = cedar;
s->Interrupt = interrupt;
s->SockEvent = sock_event;
@ -2995,5 +3030,8 @@ void FreeOpenVpnServer(OPENVPN_SERVER *s)
DhFree(s->Dh);
Free(s->DefaultClientOption);
Free(s->ObfuscationMask);
Free(s);
}

View File

@ -202,23 +202,26 @@ struct OPENVPN_SERVER
UINT NextSessionId; // Next session ID
DH_CTX *Dh; // DH key
UINT SessionEstablishedCount; // Number of session establishment
// Options
char *DefaultClientOption; // Default option string to push to client
bool Obfuscation; // Obfuscation enabled/disabled
char *ObfuscationMask; // String (mask) for XOR obfuscation
bool PushDummyIPv4AddressOnL2Mode; // Push a dummy IPv4 address in L2 mode
};
// OpenVPN Default Client Option String
#define OVPN_DEF_CLIENT_OPTION_STRING "dev-type tun,link-mtu 1500,tun-mtu 1500,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client"
//// Function prototype
PROTO_IMPL *OvsGetProtoImpl();
bool OvsInit(void **param, CEDAR *cedar, INTERRUPT_MANAGER *im, SOCK_EVENT *se, const char *cipher, const char *hostname);
const PROTO_IMPL *OvsGetProtoImpl();
const char *OvsName();
const PROTO_OPTION *OvsOptions();
bool OvsInit(void **param, const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *im, SOCK_EVENT *se, const char *cipher, const char *hostname);
void OvsFree(void *param);
char *OvsName();
bool OvsIsPacketForMe(const PROTO_MODE mode, const UCHAR *data, const UINT size);
bool OvsProcessData(void *param, TCP_RAW_DATA *in, FIFO *out);
bool OvsProcessDatagrams(void *param, LIST *in, LIST *out);
bool OvsIsOk(void *param);
UINT OvsEstablishedSessions(void *param);
OPENVPN_SERVER *NewOpenVpnServer(CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOCK_EVENT *sock_event);
OPENVPN_SERVER *NewOpenVpnServer(const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOCK_EVENT *sock_event);
void FreeOpenVpnServer(OPENVPN_SERVER *s);
void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol);
void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p, UINT protocol);

View File

@ -7,22 +7,14 @@
#include "CedarPch.h"
static bool g_no_sstp = false;
// Get the SSTP disabling flag
bool GetNoSstp()
const PROTO_IMPL *SstpGetProtoImpl()
{
return g_no_sstp;
}
PROTO_IMPL *SstpGetProtoImpl()
{
static PROTO_IMPL impl =
static const PROTO_IMPL impl =
{
SstpName,
SstpOptions,
SstpInit,
SstpFree,
SstpName,
NULL,
SstpProcessData,
NULL
@ -31,9 +23,24 @@ PROTO_IMPL *SstpGetProtoImpl()
return &impl;
}
bool SstpInit(void **param, struct CEDAR *cedar, INTERRUPT_MANAGER *im, SOCK_EVENT *se, const char *cipher, const char *hostname)
const char *SstpName()
{
if (param == NULL || cedar == NULL || im == NULL || se == NULL)
return "SSTP";
}
const PROTO_OPTION *SstpOptions()
{
static const PROTO_OPTION options[] =
{
{ .Name = NULL, .Type = PROTO_OPTION_UNKNOWN }
};
return options;
}
bool SstpInit(void **param, const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *im, SOCK_EVENT *se, const char *cipher, const char *hostname)
{
if (param == NULL || options == NULL || cedar == NULL || im == NULL || se == NULL)
{
return false;
}
@ -50,11 +57,6 @@ void SstpFree(void *param)
FreeSstpServer(param);
}
char *SstpName()
{
return "SSTP";
}
bool SstpProcessData(void *param, TCP_RAW_DATA *in, FIFO *out)
{
FIFO *recv_fifo;

View File

@ -122,10 +122,11 @@ struct SSTP_SERVER
//// Function prototype
PROTO_IMPL *SstpGetProtoImpl();
bool SstpInit(void **param, struct CEDAR *cedar, INTERRUPT_MANAGER *im, SOCK_EVENT *se, const char *cipher, const char *hostname);
const PROTO_IMPL *SstpGetProtoImpl();
const PROTO_OPTION *SstpOptions();
const char *SstpName();
bool SstpInit(void **param, const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *im, SOCK_EVENT *se, const char *cipher, const char *hostname);
void SstpFree(void *param);
char *SstpName();
bool SstpProcessData(void *param, TCP_RAW_DATA *in, FIFO *out);
SSTP_SERVER *NewSstpServer(CEDAR *cedar, INTERRUPT_MANAGER *im, SOCK_EVENT *se, const char *cipher, const char *hostname);
@ -153,6 +154,5 @@ SSTP_PACKET *SstpNewDataPacket(UCHAR *data, UINT size);
SSTP_PACKET *SstpNewControlPacket(USHORT message_type);
SSTP_PACKET *SstpNewControlPacketWithAnAttribute(USHORT message_type, SSTP_ATTRIBUTE *a);
void SstpSendPacket(SSTP_SERVER *s, SSTP_PACKET *p);
bool GetNoSstp();
#endif // PROTO_SSTP_H

View File

@ -5878,9 +5878,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
}
}
}
else if (StrCmpi(h->Method, "SSTP_DUPLEX_POST") == 0 && (server->DisableSSTPServer == false || s->IsReverseAcceptedSocket
) &&
GetServerCapsBool(server, "b_support_sstp") && GetNoSstp() == false)
else if (StrCmpi(h->Method, "SSTP_DUPLEX_POST") == 0 && (ProtoEnabled(server->Proto, "SSTP") || s->IsReverseAcceptedSocket) && GetServerCapsBool(server, "b_support_sstp"))
{
// SSTP client is connected
c->WasSstp = true;

View File

@ -22,64 +22,6 @@ static volatile UINT global_server_flags[NUM_GLOBAL_SERVER_FLAGS] = {0};
UINT vpn_global_parameters[NUM_GLOBAL_PARAMS] = {0};
// Set the OpenVPN and SSTP setting
void SiSetOpenVPNAndSSTPConfig(SERVER *s, OPENVPN_SSTP_CONFIG *c)
{
// Validate arguments
if (s == NULL || c == NULL)
{
return;
}
Lock(s->OpenVpnSstpConfigLock);
{
// Save the settings
if (s->Cedar->Bridge || s->ServerType != SERVER_TYPE_STANDALONE)
{
s->DisableSSTPServer = true;
s->DisableOpenVPNServer = true;
}
else
{
s->DisableSSTPServer = !c->EnableSSTP;
s->DisableOpenVPNServer = !c->EnableOpenVPN;
}
s->Cedar->OpenVPNObfuscation = c->OpenVPNObfuscation;
StrCpy(s->Cedar->OpenVPNObfuscationMask, sizeof(s->Cedar->OpenVPNObfuscationMask), c->OpenVPNObfuscationMask);
}
Unlock(s->OpenVpnSstpConfigLock);
}
// Get the OpenVPN and SSTP setting
void SiGetOpenVPNAndSSTPConfig(SERVER *s, OPENVPN_SSTP_CONFIG *c)
{
// Validate arguments
if (s == NULL || c == NULL)
{
return;
}
Zero(c, sizeof(OPENVPN_SSTP_CONFIG));
Lock(s->OpenVpnSstpConfigLock);
{
if (s->DisableOpenVPNServer == false)
{
c->EnableOpenVPN = true;
}
if (s->DisableSSTPServer == false)
{
c->EnableSSTP = true;
}
c->OpenVPNObfuscation = s->Cedar->OpenVPNObfuscation;
StrCpy(c->OpenVPNObfuscationMask, sizeof(c->OpenVPNObfuscationMask), s->Cedar->OpenVPNObfuscationMask);
}
Unlock(s->OpenVpnSstpConfigLock);
}
// Get whether the number of user objects that are registered in the VPN Server is too many
bool SiTooManyUserObjectsInServer(SERVER *s, bool oneMore)
{
@ -2477,28 +2419,15 @@ void SiLoadInitialConfiguration(SERVER *s)
if (s->Cedar->Bridge)
{
// SSTP, OpenVPN, and NAT traversal function can not be used in the bridge environment
// NAT traversal can not be used in the bridge environment
s->DisableNatTraversal = true;
s->DisableSSTPServer = true;
s->DisableOpenVPNServer = true;
}
else
{
OPENVPN_SSTP_CONFIG c;
Zero(&c, sizeof(c));
// Enable SSTP and OpenVPN by default
c.EnableSSTP = true;
c.EnableOpenVPN = true;
c.OpenVPNObfuscation = false;
// Disable VPN-over-ICMP and VPN-over-DNS by default
s->EnableVpnOverIcmp = false;
s->EnableVpnOverDns = false;
SiSetOpenVPNAndSSTPConfig(s, &c);
{
LIST *ports = s->PortsUDP;
@ -5674,8 +5603,7 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
c = s->Cedar;
Lock(c->lock);
{
OPENVPN_SSTP_CONFIG config;
FOLDER *syslog_f;
FOLDER *ff;
{
UINT i;
LIST *ports;
@ -5738,20 +5666,27 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
}
// syslog
syslog_f = CfgGetFolder(f, "SyslogSettings");
if (syslog_f != NULL && GetServerCapsBool(s, "b_support_syslog"))
ff = CfgGetFolder(f, "SyslogSettings");
if (ff != NULL && GetServerCapsBool(s, "b_support_syslog"))
{
SYSLOG_SETTING set;
Zero(&set, sizeof(set));
set.SaveType = CfgGetInt(syslog_f, "SaveType");
CfgGetStr(syslog_f, "HostName", set.Hostname, sizeof(set.Hostname));
set.Port = CfgGetInt(syslog_f, "Port");
set.SaveType = CfgGetInt(ff, "SaveType");
CfgGetStr(ff, "HostName", set.Hostname, sizeof(set.Hostname));
set.Port = CfgGetInt(ff, "Port");
SiSetSysLogSetting(s, &set);
}
// Proto
ff = CfgGetFolder(f, "Proto");
if (ff != NULL)
{
SiLoadProtoCfg(s->Proto, ff);
}
// Whether to disable the IPv6 listener
s->Cedar->DisableIPv6Listener = CfgGetBool(f, "DisableIPv6Listener");
@ -5793,33 +5728,6 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
#endif // OS_WIN32
}
// Disable the SSTP server function
s->DisableSSTPServer = CfgGetBool(f, "DisableSSTPServer");
// Disable the OpenVPN server function
s->DisableOpenVPNServer = CfgGetBool(f, "DisableOpenVPNServer");
// OpenVPN Default Option String
if (CfgGetStr(f, "OpenVPNDefaultClientOption", tmp, sizeof(tmp)))
{
if (IsEmptyStr(tmp) == false)
{
StrCpy(c->OpenVPNDefaultClientOption,
sizeof(c->OpenVPNDefaultClientOption), tmp);
}
}
// OpenVPN Push a dummy IPv4 address on L2 mode
if (CfgIsItem(f, "OpenVPNPushDummyIPv4AddressOnL2Mode") == false)
{
// Default enable
c->OpenVPNPushDummyIPv4AddressOnL2Mode = true;
}
else
{
c->OpenVPNPushDummyIPv4AddressOnL2Mode = CfgGetBool(f, "OpenVPNPushDummyIPv4AddressOnL2Mode");
}
// Disable the NAT-traversal feature
s->DisableNatTraversal = CfgGetBool(f, "DisableNatTraversal");
@ -5944,18 +5852,14 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
if (s->ServerType != SERVER_TYPE_STANDALONE)
{
// SSTP, OpenVPN, and NAT traversal can not be used in a cluster environment
// NAT traversal can not be used in a cluster environment
s->DisableNatTraversal = true;
s->DisableSSTPServer = true;
s->DisableOpenVPNServer = true;
}
if (s->Cedar->Bridge)
{
// SSTP, OpenVPN, and NAT traversal function can not be used in the bridge environment
// NAT traversal function can not be used in the bridge environment
s->DisableNatTraversal = true;
s->DisableSSTPServer = true;
s->DisableOpenVPNServer = true;
}
if (CfgGetStr(f, "PortsUDP", tmp, sizeof(tmp)))
@ -5984,23 +5888,6 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
FreeToken(tokens);
}
// Apply the configuration of SSTP and OpenVPN
Zero(&config, sizeof(config));
config.EnableOpenVPN = !s->DisableOpenVPNServer;
config.EnableSSTP = !s->DisableSSTPServer;
config.OpenVPNObfuscation = CfgGetBool(f, "OpenVPNObfuscation");
if (CfgGetStr(f, "OpenVPNObfuscationMask", tmp, sizeof(tmp)))
{
if (IsEmptyStr(tmp) == false)
{
StrCpy(config.OpenVPNObfuscationMask, sizeof(config.OpenVPNObfuscationMask), tmp);
}
}
SiSetOpenVPNAndSSTPConfig(s, &config);
if (s->ServerType == SERVER_TYPE_FARM_MEMBER)
{
char tmp[6 * MAX_PUBLIC_PORT_NUM + 1];
@ -6185,7 +6072,7 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
Lock(c->lock);
{
FOLDER *syslog_f;
FOLDER *ff;
Lock(s->Keep->lock);
{
KEEP *k = s->Keep;
@ -6198,16 +6085,23 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
Unlock(s->Keep->lock);
// syslog
syslog_f = CfgCreateFolder(f, "SyslogSettings");
if (syslog_f != NULL)
ff = CfgCreateFolder(f, "SyslogSettings");
if (ff != NULL)
{
SYSLOG_SETTING set;
SiGetSysLogSetting(s, &set);
CfgAddInt(syslog_f, "SaveType", set.SaveType);
CfgAddStr(syslog_f, "HostName", set.Hostname);
CfgAddInt(syslog_f, "Port", set.Port);
CfgAddInt(ff, "SaveType", set.SaveType);
CfgAddStr(ff, "HostName", set.Hostname);
CfgAddInt(ff, "Port", set.Port);
}
// Proto
ff = CfgCreateFolder(f, "Proto");
if (ff != NULL)
{
SiWriteProtoCfg(ff, s->Proto);
}
// IPv6 listener disable setting
@ -6252,35 +6146,18 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
{
// Disable the NAT-traversal feature
CfgAddBool(f, "DisableNatTraversal", s->DisableNatTraversal);
// Disable the SSTP server function
CfgAddBool(f, "DisableSSTPServer", s->DisableSSTPServer);
// Disable the OpenVPN server function
CfgAddBool(f, "DisableOpenVPNServer", s->DisableOpenVPNServer);
}
}
CfgAddBool(f, "DisableIPsecAggressiveMode", s->DisableIPsecAggressiveMode);
CfgAddStr(f, "OpenVPNDefaultClientOption", c->OpenVPNDefaultClientOption);
CfgAddBool(f, "OpenVPNPushDummyIPv4AddressOnL2Mode", c->OpenVPNPushDummyIPv4AddressOnL2Mode);
if (c->Bridge == false)
{
OPENVPN_SSTP_CONFIG config;
// VPN over ICMP
CfgAddBool(f, "EnableVpnOverIcmp", s->EnableVpnOverIcmp);
// VPN over DNS
CfgAddBool(f, "EnableVpnOverDns", s->EnableVpnOverDns);
SiGetOpenVPNAndSSTPConfig(s, &config);
CfgAddBool(f, "OpenVPNObfuscation", config.OpenVPNObfuscation);
CfgAddStr(f, "OpenVPNObfuscationMask", config.OpenVPNObfuscationMask);
}
// WebTimePage
@ -6390,6 +6267,98 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
Unlock(c->lock);
}
void SiLoadProtoCfg(PROTO *p, FOLDER *f)
{
UINT i;
if (p == NULL || f == NULL)
{
return;
}
for (i = 0; i < LIST_NUM(p->Containers); ++i)
{
UINT j;
const PROTO_CONTAINER *container = LIST_DATA(p->Containers, i);
LIST *options = container->Options;
FOLDER *ff = CfgGetFolder(f, container->Name);
if (ff == NULL)
{
continue;
}
LockList(options);
for (j = 0; j < LIST_NUM(options); ++j)
{
PROTO_OPTION *option = LIST_DATA(options, j);
switch (option->Type)
{
case PROTO_OPTION_BOOL:
option->Bool = CfgGetBool(ff, option->Name);
break;
case PROTO_OPTION_STRING:
{
UINT size;
char buf[MAX_SIZE];
if (CfgGetStr(ff, option->Name, buf, sizeof(buf)) == false)
{
continue;
}
size = StrLen(buf) + 1;
option->String = ReAlloc(option->String, size);
StrCpy(option->String, size, buf);
break;
}
default:
Debug("SiLoadProtoCfg(): unhandled option type %u!\n", option->Type);
}
}
UnlockList(options);
}
}
void SiWriteProtoCfg(FOLDER *f, PROTO *p)
{
UINT i;
if (f == NULL || p == NULL)
{
return;
}
for (i = 0; i < LIST_NUM(p->Containers); ++i)
{
UINT j;
const PROTO_CONTAINER *container = LIST_DATA(p->Containers, i);
LIST *options = container->Options;
FOLDER *ff = CfgCreateFolder(f, container->Name);
LockList(options);
for (j = 0; j < LIST_NUM(options); ++j)
{
const PROTO_OPTION *option = LIST_DATA(options, j);
switch (option->Type)
{
case PROTO_OPTION_BOOL:
CfgAddBool(ff, option->Name, option->Bool);
break;
case PROTO_OPTION_STRING:
CfgAddStr(ff, option->Name, option->String);
break;
default:
Debug("SiWriteProtoCfg(): unhandled option type %u!\n", option->Type);
}
}
UnlockList(options);
}
}
// Read the traffic information
void SiLoadTraffic(FOLDER *parent, char *name, TRAFFIC *t)
{

View File

@ -147,8 +147,6 @@ struct SYSLOG_SETTING
struct OPENVPN_SSTP_CONFIG
{
bool EnableOpenVPN; // OpenVPN is enabled
bool OpenVPNObfuscation; // OpenVPN: Obfuscation mode
char OpenVPNObfuscationMask[MAX_SIZE]; // OpenVPN: String (mask) for XOR obfuscation
bool EnableSSTP; // SSTP is enabled
};
@ -185,8 +183,6 @@ struct SERVER
bool NoLinuxArpFilter; // Not to set arp_filter in Linux
bool NoHighPriorityProcess; // Not to raise the priority of the process
bool NoDebugDump; // Not to output the debug dump
bool DisableSSTPServer; // Disable the SSTP server function
bool DisableOpenVPNServer; // Disable the OpenVPN server function
bool DisableNatTraversal; // Disable the NAT-traversal feature
bool EnableVpnOverIcmp; // VPN over ICMP is enabled
bool EnableVpnOverDns; // VPN over DNS is enabled
@ -418,6 +414,8 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f);
void SiWriteGlobalParamsCfg(FOLDER *f);
void SiLoadGlobalParamsCfg(FOLDER *f);
void SiLoadGlobalParamItem(UINT id, UINT value);
void SiLoadProtoCfg(PROTO *p, FOLDER *f);
void SiWriteProtoCfg(FOLDER *f, PROTO *p);
void SiWriteTraffic(FOLDER *parent, char *name, TRAFFIC *t);
void SiWriteTrafficInner(FOLDER *parent, char *name, TRAFFIC_ENTRY *e);
void SiLoadTrafficInner(FOLDER *parent, char *name, TRAFFIC_ENTRY *e);
@ -620,9 +618,6 @@ bool SiIsHubRegistedOnCreateHistory(SERVER *s, char *name);
bool SiTooManyUserObjectsInServer(SERVER *s, bool oneMore);
void SiGetOpenVPNAndSSTPConfig(SERVER *s, OPENVPN_SSTP_CONFIG *c);
void SiSetOpenVPNAndSSTPConfig(SERVER *s, OPENVPN_SSTP_CONFIG *c);
bool SiCanOpenVpnOverDnsPort();
bool SiCanOpenVpnOverIcmpPort();
void SiApplySpecialListenerStatus(SERVER *s);

View File

@ -1429,6 +1429,28 @@ bool PackGetStrEx(PACK *p, char *name, char *str, UINT size, UINT index)
return true;
}
// Get the string size from the PACK
bool PackGetStrSize(PACK *p, char *name)
{
return PackGetStrSizeEx(p, name, 0);
}
bool PackGetStrSizeEx(PACK *p, char *name, UINT index)
{
ELEMENT *e;
// Validate arguments
if (p == NULL || name == NULL)
{
return 0;
}
e = GetElement(p, name, VALUE_STR);
if (e == NULL)
{
return 0;
}
return GetDataValueSize(e, index);
}
// Add the buffer to the PACK (array)
ELEMENT *PackAddBufEx(PACK *p, char *name, BUF *b, UINT index, UINT total)
{

View File

@ -143,6 +143,8 @@ ELEMENT *PackAddData(PACK *p, char *name, void *data, UINT size);
ELEMENT *PackAddDataEx(PACK *p, char *name, void *data, UINT size, UINT index, UINT total);
ELEMENT *PackAddBuf(PACK *p, char *name, BUF *b);
ELEMENT *PackAddBufEx(PACK *p, char *name, BUF *b, UINT index, UINT total);
bool PackGetStrSize(PACK *p, char *name);
bool PackGetStrSizeEx(PACK *p, char *name, UINT index);
bool PackGetStr(PACK *p, char *name, char *str, UINT size);
bool PackGetStrEx(PACK *p, char *name, char *str, UINT size, UINT index);
bool PackGetUniStr(PACK *p, char *name, wchar_t *unistr, UINT size);

View File

@ -2007,6 +2007,7 @@ LA_DELETE_LISTENER 已删除 TCP 监听器 (端口号 %u)。
LA_ENABLE_LISTENER 已启用 TCP 监听器 (端口号 %u)。
LA_DISABLE_LISTENER 已禁用 TCP 监听器 (端口号 %u)。
LA_SET_PORTS_UDP UDP ports have been set: %s.
LA_SET_PROTO_OPTIONS %s options have been set.
LA_SET_SERVER_PASSWORD 服务端管理员密码设置完成。
LA_SET_FARM_SETTING 群集设置变更完成。
LA_SET_SERVER_CERT 服务端证书设定完成。
@ -4580,6 +4581,37 @@ CMD_PortsUDPGet_Args PortsUDPGet
CMD_PortsUDPGet_Ports UDP ports
# ProtoOptionsSet 命令
CMD_ProtoOptionsSet Sets an option's value for the specified protocol
CMD_ProtoOptionsSet_Help This command can be used to change an option's value for a specific protocol. \nYou can retrieve the options using the ProtoOptionsGet command. \nTo execute this command, you must have VPN Server administrator privileges.
CMD_ProtoOptionsSet_Args ProtoOptionsSet [protocol] [/NAME:option_name] [/VALUE:string/true/false]
CMD_ProtoOptionsSet_[protocol] Protocol name.
CMD_ProtoOptionsSet_NAME Option name.
CMD_ProtoOptionsSet_VALUE Option value. Make sure to write a value that is accepted by the specified protocol!
CMD_ProtoOptionsSet_Prompt_[protocol] Protocol:
CMD_ProtoOptionsSet_Prompt_NAME Option:
CMD_ProtoOptionsSet_Prompt_VALUE Value:
# ProtoOptionsGet 命令
CMD_ProtoOptionsGet Lists the options for the specified protocol
CMD_ProtoOptionsGet_Help This command can be used to retrieve the options for a specific protocol. \nDetailed info (e.g. value type) will be shown. \nYou can change an option's value with the ProtoOptionsSet command.
CMD_ProtoOptionsGet_Args ProtoOptionsGet [protocol]
CMD_ProtoOptionsGet_[protocol] Protocol name.
CMD_ProtoOptionsGet_Prompt_[protocol] Protocol:
CMD_ProtoOptionsGet_Column_Name Name
CMD_ProtoOptionsGet_Column_Type Type
CMD_ProtoOptionsGet_Column_Value Value
CMD_ProtoOptionsGet_Column_Description Description
# ProtoOptions
CMD_ProtoOptions_Description_OpenVPN_DefaultClientOption When OpenVPN is compiled without OCC code, it doesn't send the options string to the server. The original OpenVPN server still works, because the configuration is static. SoftEther VPN is heuristic and wants to support as many different configurations as possible. This option allows to define the string that is sent to clients built without OCC code, so that they can successfully connect.
CMD_ProtoOptions_Description_OpenVPN_Obfuscation This may help an OpenVPN client bypass firewalls that are aware of the protocol and block it. The same XOR mask has to be applied client-side, otherwise it will not be able to connect with certain obfuscation methods!
CMD_ProtoOptions_Description_OpenVPN_ObfuscationMask Mask used to XOR the bytes in the packet (used for certain obfuscation modes).
CMD_ProtoOptions_Description_OpenVPN_PushDummyIPv4AddressOnL2Mode There's a bug that manifests under certain circumstances on Linux. It causes the OpenVPN client to disconnect unless the TAP device is UP. This option tells the server to push a dummy IPv4 address (RFC7600) to the client, so that the TAP adapter is forced to be UP.
# ServerPasswordSet 命令
CMD_ServerPasswordSet 设置 VPN Server 管理员密码
CMD_ServerPasswordSet_Help 这将设置 VPN Server 管理员密码。您可以指定密码为一个参数。如果密码没有指定,将显示提示输入密码和密码确认。如果指定密码为一个参数,这个密码将在屏幕上显示瞬间,这构成了风险。我们建议尽可能避免指定这个参数,使用密码提示输入密码。\n为了执行这个命令您必须有 VPN Server 管理员权限。
@ -6295,20 +6327,6 @@ CMD_EtherIpClientList_Help 这个命令会获得和显示通过 EtherIP / L2TPv
CMD_EtherIpClientList_Args EtherIpClientList
# OpenVpnEnable 命令
CMD_OpenVpnEnable 启用/禁用 OpenVPN 克隆服务器功能
CMD_OpenVpnEnable_Help 本 VPN Server 有 OpenVPN Technologies, Inc. 公司生产的 OpenVPN 软件产品的克隆功能。任何 OpenVPN Client 都可以连接到本 VPN Server。\n\n指定用户名连接到虚拟 HUB 的的方式,使用本克隆服务器功能来为默认虚拟 HUB 的选择规则都与 IPsec 服务器功能相同。详情,请参见 IPsecEnable 命令的帮助。\n\n要执行此命令您必须具有 VPN Server 管理员权限。\n该命令在 VPN Bridge 上不能运行。\n以集群成员运行的 VPN Server 的虚拟 HUB 不能执行此命令。
CMD_OpenVpnEnable_Args OpenVpnEnable [yes|no]
CMD_OpenVpnEnable_[yes|no] 指定 "yes",启用 OpenVPN 克隆服务器功能。指定 "no" 禁用该功能。
CMD_OpenVpnEnable_Prompt_[yes|no] 启用 OpenVPN 克隆服务器功能 (yes / no):
# OpenVpnGet 命令
CMD_OpenVpnGet 获取 OpenVPN 克隆服务器功能的当前设置
CMD_OpenVpnGet_Help 获取并显示 OpenVPN 克隆服务器功能的当前设置。\n\n要执行此命令您必须具有 VPN Server 管理员权限。\n该命令在 VPN Bridge 上不能运行。\n以集群成员运行的 VPN Server 的虚拟 HUB 不能执行此命令。
CMD_OpenVpnGet_Args OpenVpnGet
CMD_OpenVpnGet_PRINT_Enabled OpenVPN 克隆服务器已启用
# OpenVpnMakeConfig 命令
CMD_OpenVpnMakeConfig 生成 OpenVPN Client 样本设置文件
CMD_OpenVpnMakeConfig_Help 原来OpenVPN Client 会要求用户手写很难的配置文件。本工具可以帮助您创建一个有用的配置样本。你所需要生成的 OpenVPN Client 配置文件就是运行此命令。\n\n要执行此命令您必须具有 VPN Server 管理员权限。\n该命令在 VPN Bridge 上不能运行。\n以集群成员运行的 VPN Server 的虚拟 HUB 不能执行此命令。
@ -6319,42 +6337,9 @@ CMD_OpenVpnMakeConfig_OK 样本设置文件被保存为 "%s"。您可以解
CMD_OpenVpnMakeConfig_ERROR 本样本设置文件不能保存为 "%s"。该文件名无效。\n
# OpenVpnObfuscationEnable
CMD_OpenVpnObfuscationEnable Enable / Disable the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationEnable_Help This allows an OpenVPN client to bypass a firewall which is aware of the protocol and is able to block it.\nThe same XOR mask have to be applied to the client, otherwise it will not be able to connect with certain obfuscation methods!\nBeware that you need a special OpenVPN client with the "XOR patch" applied in order to use this function, because it has never been merged in the official OpenVPN repository.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_OpenVpnObfuscationEnable_Args OpenVpnObfuscationEnable [yes|no] [/MASK:mask]
CMD_OpenVpnObfuscationEnable_[yes|no] Specify "yes" to enable the OpenVPN obfuscation function. Specify "no" to disable it.
CMD_OpenVpnObfuscationEnable_MASK Mask used to XOR the bytes in the packet (used for certain obfuscation modes).
CMD_OpenVpnObfuscationEnable_Prompt_[yes|no] Enable OpenVPN packet obfuscation (yes / no):
CMD_OpenVpnObfuscationEnable_Prompt_MASK XOR mask:
# OpenVpnObfuscationGet
CMD_OpenVpnObfuscationGet Get the current settings of the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationGet_Help Get and show the current settings of the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationGet_Args OpenVpnObfuscationGet
CMD_OpenVpnObfuscationGet_PRINT_Enabled OpenVPN obfuscation enabled
CMD_OpenVpnObfuscationGet_PRINT_Mask XOR mask
# SstpEnable 命令
CMD_SstpEnable 启用/禁用 Microsoft SSTP VPN 克隆服务器功能
CMD_SstpEnable_Help 本 VPN Server 拥有植入在微软 Windows Server 2008 / 2012 中的 MS-SSTP VPN Server 的克隆功能。Windows Vista / 7 / 8 / RT / 10 中的标准 MS-SSTP 用户端可以连接本 VPN Server。\n\n[注意]\n在 VPN Server 上的 SSL 证书 CN 值必须要和指定给客户端的主机名吻合。并且,该证书必须在 SSTP VPN Client 的信任列表中。详情请参见微软相关文件。\n您可以用用 ServerCertRegenerate 命令来取代当前 VPN Server 的证书,形成一个新的,有 CN 值字段的自我认证证书。这样的话,您需要在 SSTP VPN Client 注册这样一个新的自我认证证书作为一个可信任根证书。如果您的确想做这件复杂的事,请考虑购买一个商业权威机构的 SSL 证书,如 VeriSign 或者 GlobalSign。\n\n指定用户名连接到虚拟 HUB 的的方式,使用本克隆服务器功能来为默认虚拟 HUB 的选择规则都与 IPsec 服务器功能相同。详情,请参见 IPsecEnable 命令的帮助。\n\n要执行此命令您必须具有 VPN Server 管理员权限。\n该命令在 VPN Bridge 上不能运行。\n以集群成员运行的 VPN Server 的虚拟 HUB 不能执行此命令。
CMD_SstpEnable_Args SstpEnable [yes|no]
CMD_SstpEnable_[yes|no] 指定 "yes"启用Microsoft SSTP VPN 克隆服务器功能。指定 "no" 禁用该功能。
CMD_SstpEnable_Prompt_[yes|no] 启用 SSTP VPN 克隆服务器功能(yes/no):
CMD_SstpEnable_PRINT_Enabled SSTP VPN 克隆服务器已禁用
# SstpGet 命令
CMD_SstpGet 获得 Microsoft SSTP VPN 克隆服务器功能的当前设置
CMD_SstpGet_Help 获得并显示 Microsoft SSTP VPN 克隆服务器功能的当前设置。\n\n要执行此命令您必须具有 VPN Server 管理员权限。\n该命令在 VPN Bridge 上不能运行。\n以集群成员运行的 VPN Server 的虚拟 HUB 不能执行此命令。
CMD_SstpGet_Args SstpGet
# ServerCertRegenerate 命令
CMD_ServerCertRegenerate 生成一个新的带有指定 CN (Common Name) 的自签名证书,并且在 VPN Server 上注册。
CMD_ServerCertRegenerate_Help 您可以使用此命令,将当前 VPN Server 上的证书替换成一个新的、有 CN (Common Name) 值字段的、自签字证书。n\n此命令在您想使用 Microsoft SSTP VPN 克隆服务器功能时很方便。因为在 VPN Server 上 SSL 证书的 CN 值必须要与 SSTP VPN Client 指定的主机名吻合。\n详情参见 SstpEnable 命令的帮助。\n\n本命令会删除 VPN Server 上现有的 SSL 证书。这要求事先使用 ServerKeyGet 命令备份当前的 SSL 证书和密钥。\n\n要执行此命令您必须具有 VPN Server 管理员权限。\n该命令在 VPN Bridge 上不能运行。\n以集群成员运行的 VPN Server 的虚拟 HUB 不能执行此命令。
CMD_ServerCertRegenerate_Help 您可以使用此命令,将当前 VPN Server 上的证书替换成一个新的、有 CN (Common Name) 值字段的、自签字证书。n\n此命令在您想使用 Microsoft SSTP VPN 克隆服务器功能时很方便。因为在 VPN Server 上 SSL 证书的 CN 值必须要与 SSTP VPN Client 指定的主机名吻合。\n\n本命令会删除 VPN Server 上现有的 SSL 证书。这要求事先使用 ServerKeyGet 命令备份当前的 SSL 证书和密钥。\n\n要执行此命令您必须具有 VPN Server 管理员权限。\n该命令在 VPN Bridge 上不能运行。\n以集群成员运行的 VPN Server 的虚拟 HUB 不能执行此命令。
CMD_ServerCertRegenerate_Args ServerCertRegenerate [CN]
CMD_ServerCertRegenerate_[CN] 指定一个新证书要使用的 Common Name(CN)
CMD_ServerCertRegenerate_Prompt_CN Common Name(CN)值:

View File

@ -1989,6 +1989,7 @@ LA_DELETE_LISTENER TCP listener (port number %u) has been deleted.
LA_ENABLE_LISTENER TCP listener (port number %u) has been enabled.
LA_DISABLE_LISTENER TCP listener (port number %u) has been disabled.
LA_SET_PORTS_UDP UDP ports have been set: %s.
LA_SET_PROTO_OPTIONS %s options have been set.
LA_SET_SERVER_PASSWORD The server administrator password has been set.
LA_SET_FARM_SETTING The clustering setting has been changed.
LA_SET_SERVER_CERT The server certificates have been set.
@ -4562,6 +4563,35 @@ CMD_PortsUDPGet_Args PortsUDPGet
CMD_PortsUDPGet_Ports UDP ports
# ProtoOptionsSet command
CMD_ProtoOptionsSet Sets an option's value for the specified protocol
CMD_ProtoOptionsSet_Help This command can be used to change an option's value for a specific protocol. \nYou can retrieve the options using the ProtoOptionsGet command. \nTo execute this command, you must have VPN Server administrator privileges.
CMD_ProtoOptionsSet_Args ProtoOptionsSet [protocol] [/NAME:option_name] [/VALUE:string/true/false]
CMD_ProtoOptionsSet_[protocol] Protocol name.
CMD_ProtoOptionsSet_NAME Option name.
CMD_ProtoOptionsSet_VALUE Option value. Make sure to write a value that is accepted by the specified protocol!
CMD_ProtoOptionsSet_Prompt_[protocol] Protocol:
CMD_ProtoOptionsSet_Prompt_NAME Option:
CMD_ProtoOptionsSet_Prompt_VALUE Value:
# ProtoOptionsGet command
CMD_ProtoOptionsGet Lists the options for the specified protocol
CMD_ProtoOptionsGet_Help This command can be used to retrieve the options for a specific protocol. \nDetailed info (e.g. value type) will be shown. \nYou can change an option's value with the ProtoOptionsSet command.
CMD_ProtoOptionsGet_Args ProtoOptionsGet [protocol]
CMD_ProtoOptionsGet_[protocol] Protocol name.
CMD_ProtoOptionsGet_Prompt_[protocol] Protocol:
CMD_ProtoOptionsGet_Column_Name Name
CMD_ProtoOptionsGet_Column_Type Type
CMD_ProtoOptionsGet_Column_Value Value
CMD_ProtoOptionsGet_Column_Description Description
# ProtoOptions
CMD_ProtoOptions_Description_OpenVPN_DefaultClientOption When OpenVPN is compiled without OCC code, it doesn't send the options string to the server. The original OpenVPN server still works, because the configuration is static. SoftEther VPN is heuristic and wants to support as many different configurations as possible. This option allows to define the string that is sent to clients built without OCC code, so that they can successfully connect.
CMD_ProtoOptions_Description_OpenVPN_Obfuscation This may help an OpenVPN client bypass firewalls that are aware of the protocol and block it. The same XOR mask has to be applied client-side, otherwise it will not be able to connect with certain obfuscation methods!
CMD_ProtoOptions_Description_OpenVPN_ObfuscationMask Mask used to XOR the bytes in the packet (used for certain obfuscation modes).
CMD_ProtoOptions_Description_OpenVPN_PushDummyIPv4AddressOnL2Mode There's a bug that manifests under certain circumstances on Linux. It causes the OpenVPN client to disconnect unless the TAP device is UP. This option tells the server to push a dummy IPv4 address (RFC7600) to the client, so that the TAP adapter is forced to be UP.
# ServerPasswordSet command
CMD_ServerPasswordSet Set VPN Server Administrator Password
CMD_ServerPasswordSet_Help This sets the VPN Server administrator password. You can specify the password as a parameter. If the password is not specified, a prompt will be displayed to input the password and password confirmation. If you include the password as a parameter, this password will be displayed momentarily on the screen, which poses a risk. We recommend that whenever possible, avoid specifying this parameter and input the password using the password prompt. \nTo execute this command, you must have VPN Server administrator privileges.
@ -6279,20 +6309,6 @@ CMD_EtherIpClientList_Help This command gets and shows the list of entries to ac
CMD_EtherIpClientList_Args EtherIpClientList
# OpenVpnEnable command
CMD_OpenVpnEnable Enable / Disable OpenVPN Clone Server Function
CMD_OpenVpnEnable_Help This VPN Server has the clone functions of OpenVPN software products by OpenVPN Technologies, Inc. Any OpenVPN Clients can connect to this VPN Server.\n\nThe manner to specify a username to connect to the Virtual Hub, and the selection rule of default Hub by using this clone server functions are same to the IPsec Server functions. For details, please see the help of the IPsecEnable command.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_OpenVpnEnable_Args OpenVpnEnable [yes|no]
CMD_OpenVpnEnable_[yes|no] Specify yes to enable the OpenVPN Clone Server Function. Specify no to disable.
CMD_OpenVpnEnable_Prompt_[yes|no] Enables OpenVPN Clone Server Function (yes / no):
# OpenVpnGet command
CMD_OpenVpnGet Get the Current Settings of OpenVPN Clone Server Function
CMD_OpenVpnGet_Help Get and show the current settings of OpenVPN Clone Server Function.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_OpenVpnGet_Args OpenVpnGet
CMD_OpenVpnGet_PRINT_Enabled OpenVPN Clone Server Enabled
# OpenVpnMakeConfig command
CMD_OpenVpnMakeConfig Generate a Sample Setting File for OpenVPN Client
CMD_OpenVpnMakeConfig_Help Originally, the OpenVPN Client requires a user to write a very difficult configuration file manually. This tool helps you to make a useful configuration sample. What you need to generate the configuration file for the OpenVPN Client is to run this command.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
@ -6303,42 +6319,9 @@ CMD_OpenVpnMakeConfig_OK The sample setting file was saved as "%s". You can un
CMD_OpenVpnMakeConfig_ERROR The sample setting files were unable to be saved as "%s". The filename might be invalid.\n
# OpenVpnObfuscationEnable
CMD_OpenVpnObfuscationEnable Enable / Disable the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationEnable_Help This allows an OpenVPN client to bypass a firewall which is aware of the protocol and is able to block it.\nThe same XOR mask have to be applied to the client, otherwise it will not be able to connect with certain obfuscation methods!\nBeware that you need a special OpenVPN client with the "XOR patch" applied in order to use this function, because it has never been merged in the official OpenVPN repository.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_OpenVpnObfuscationEnable_Args OpenVpnObfuscationEnable [yes|no] [/MASK:mask]
CMD_OpenVpnObfuscationEnable_[yes|no] Specify "yes" to enable the OpenVPN obfuscation function. Specify "no" to disable it.
CMD_OpenVpnObfuscationEnable_MASK Mask used to XOR the bytes in the packet (used for certain obfuscation modes).
CMD_OpenVpnObfuscationEnable_Prompt_[yes|no] Enable OpenVPN packet obfuscation (yes / no):
CMD_OpenVpnObfuscationEnable_Prompt_MASK XOR mask:
# OpenVpnObfuscationGet
CMD_OpenVpnObfuscationGet Get the current settings of the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationGet_Help Get and show the current settings of the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationGet_Args OpenVpnObfuscationGet
CMD_OpenVpnObfuscationGet_PRINT_Enabled OpenVPN obfuscation enabled
CMD_OpenVpnObfuscationGet_PRINT_Mask XOR mask
# SstpEnable command
CMD_SstpEnable Enable / Disable Microsoft SSTP VPN Clone Server Function
CMD_SstpEnable_Help This VPN Server has the clone functions of MS-SSTP VPN Server which is on Windows Server 2008 / 2012 by Microsoft Corporation. Standard MS-SSTP Clients in Windows Vista / 7 / 8 / RT / 10 can connect to this VPN Server.\n\n[Caution]\nThe value of CN (Common Name) on the SSL certificate of VPN Server must match to the hostname specified on the client, and that certificate must be in the trusted list on the SSTP VPN client. For details refer the Microsoft's documents.\nYou can use the ServerCertRegenerate command to replace the current certificate on the VPN Server to a new self-signed certificate which has the CN (Common Name) value in the fields. In that case, you have to register such a new self-signed certificate on the SSTP VPN Client as a trusted root certificate. If you do not want to do such a bother tasks, please consider to purchase a SSL certificate provided by commercial authority such as VeriSign or GlobalSign.\n\nThe manner to specify a username to connect to the Virtual Hub, and the selection rule of default Hub by using this clone server functions are same to the IPsec Server functions. For details, please see the help of the IPsecEnable command.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_SstpEnable_Args SstpEnable [yes|no]
CMD_SstpEnable_[yes|no] Specify yes to enable the Microsoft SSTP VPN Clone Server Function. Specify no to disable.
CMD_SstpEnable_Prompt_[yes|no] Enables SSTP VPN Clone Server Function (yes / no):
CMD_SstpEnable_PRINT_Enabled SSTP VPN Clone Server Enabled
# SstpGet command
CMD_SstpGet Get the Current Settings of Microsoft SSTP VPN Clone Server Function
CMD_SstpGet_Help Get and show the current settings of Microsoft SSTP VPN Clone Server Function.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_SstpGet_Args SstpGet
# ServerCertRegenerate command
CMD_ServerCertRegenerate Generate New Self-Signed Certificate with Specified CN (Common Name) and Register on VPN Server
CMD_ServerCertRegenerate_Help You can use this command to replace the current certificate on the VPN Server to a new self-signed certificate which has the CN (Common Name) value in the fields.\n\nThis command is convenient if you are planning to use Microsoft SSTP VPN Clone Server Function. Because of the value of CN (Common Name) on the SSL certificate of VPN Server must match to the hostname specified on the SSTP VPN client.\nFor details please see the help of SstpEnable command.\n\nThis command will delete the existing SSL certificate of the VPN Server. It is recommended to backup the current SSL certificate and private key by using the ServerKeyGet command beforehand.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_ServerCertRegenerate_Help You can use this command to replace the current certificate on the VPN Server to a new self-signed certificate which has the CN (Common Name) value in the fields.\n\nThis command is convenient if you are planning to use Microsoft SSTP VPN Clone Server Function. Because of the value of CN (Common Name) on the SSL certificate of VPN Server must match to the hostname specified on the SSTP VPN client.\n\nThis command will delete the existing SSL certificate of the VPN Server. It is recommended to backup the current SSL certificate and private key by using the ServerKeyGet command beforehand.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_ServerCertRegenerate_Args ServerCertRegenerate [CN]
CMD_ServerCertRegenerate_[CN] Specify a Common Name (CN) which the new certificate will have.
CMD_ServerCertRegenerate_Prompt_CN Value of Common Name (CN):

View File

@ -1993,6 +1993,7 @@ LA_DELETE_LISTENER TCP リスナー (ポート番号 %u) を削除しました
LA_ENABLE_LISTENER TCP リスナー (ポート番号 %u) を有効化しました。
LA_DISABLE_LISTENER TCP リスナー (ポート番号 %u) を無効化しました。
LA_SET_PORTS_UDP UDP ポートの一覧が設定されました: %s.
LA_SET_PROTO_OPTIONS オプション %s が設定されました。
LA_SET_SERVER_PASSWORD サーバー管理者パスワードを設定しました。
LA_SET_FARM_SETTING クラスタリング設定を変更しました。
LA_SET_SERVER_CERT サーバー証明書を設定しました。
@ -4565,6 +4566,37 @@ CMD_PortsUDPGet_Args PortsUDPGet
CMD_PortsUDPGet_Ports UDP ポート一覧
# ProtoOptionsSet コマンド
CMD_ProtoOptionsSet 特定のプロトコル固有のオプション値を設定します。
CMD_ProtoOptionsSet_Help このコマンドを使用することにより、特定のプロトコル固有のオプション値を設定することができます。 \nProtoOptionsGet コマンドを使用することにより、オプション値を取得することもできます。 \nこのコマンドを実行するには、VPN Server の管理者権限が必要です。
CMD_ProtoOptionsSet_Args ProtoOptionsSet [protocol] [/NAME:option_name] [/VALUE:string/true/false]
CMD_ProtoOptionsSet_[protocol] プロトコル名
CMD_ProtoOptionsSet_NAME オプション名
CMD_ProtoOptionsSet_VALUE オプション値 (対象のプロトコルで対応している値を指定してください)
CMD_ProtoOptionsSet_Prompt_[protocol] プロトコル:
CMD_ProtoOptionsSet_Prompt_NAME オプション:
CMD_ProtoOptionsSet_Prompt_VALUE 値:
# ProtoOptionsGet コマンド
CMD_ProtoOptionsGet 指定されたプロトコル固有のオプション値を表示します。
CMD_ProtoOptionsGet_Help このコマンドを使用することにより、特定のプロトコル固有のオプション値を取得することができます。 \n詳細な情報 (例: 値の型) が表示されます。オプション値を設定するには、ProtoOptionsSet コマンドを使用してください。
CMD_ProtoOptionsGet_Args ProtoOptionsGet [protocol]
CMD_ProtoOptionsGet_[protocol] プロトコル名
CMD_ProtoOptionsGet_Prompt_[protocol] プロトコル:
CMD_ProtoOptionsGet_Column_Name 名前
CMD_ProtoOptionsGet_Column_Type 型
CMD_ProtoOptionsGet_Column_Value 値
CMD_ProtoOptionsGet_Column_Description 説明
# ProtoOptions
CMD_ProtoOptions_Description_OpenVPN_DefaultClientOption OpenVPN の OCC codeRT 版以外の場合は、OpenVPN はサーバーに対してオプション文字列を送信しません。OpenVPN サーバーのオリジナル版は、オプションを固定で指定する仕組みになっているため、その場合でも動作します。一方、SoftEther VPN は、様々なオプションを動的に設定することができる機能を有しております。そこで、このオプションを使用することにより、OCC code なしでビルドされた OpenVPN に対してデフォルトの静的オプション文字列を送付することができるようになります。これにより、OCC code なしでビルドされた OpenVPN からの接続が成功するようになります。
CMD_ProtoOptions_Description_OpenVPN_Obfuscation OpenVPN クライアントが検閲用ファイアウォールを回避するための難読化コードを設定します。クライアント側とサーバー側では、同一の XOR マスクを設定する必要があります。コードが異なると、接続ができません。
CMD_ProtoOptions_Description_OpenVPN_ObfuscationMask パケットで使用される XOR マスクを指定します。OpenVPN クライアントが検閲用ファイアウォールを回避するための難読化コードとして使用されます。
CMD_ProtoOptions_Description_OpenVPN_PushDummyIPv4AddressOnL2Mode Linux における特定の状況下では manifests に不具合があります。この不具合により、OpenVPN クライアントは TAP デバイスが UP 状態であるにもかかわらず、切断状態となります。このオプションを使用することにより、VPN サーバーは、ダミーの IPv4 アドレス (RFC7600 で規定) をクライアントに対してプッシュ送信することができるようになります。これにより、TAP アダプタが常に UP 状態になります。
# ServerPasswordSet コマンド
CMD_ServerPasswordSet VPN Server の管理者パスワードの設定
CMD_ServerPasswordSet_Help VPN Server の管理者パスワードを設定します。パラメータとしてパスワードを指定することができます。パラメータを指定しない場合は、パスワードと、その確認入力を行なうためのプロンプトが表示されます。パスワードをパラメータに与えた場合、そのパスワードが一時的に画面に表示されるため危険です。できる限り、パラメータを指定せずに、パスワードプロンプトを用いてパスワードを入力することを推奨します。\nこのコマンドを実行するには、VPN Server の管理者権限が必要です。
@ -6286,20 +6318,6 @@ CMD_EtherIpClientList_Help EtherIP / L2TPv3 over IPsec サーバー機能のク
CMD_EtherIpClientList_Args EtherIpClientList
# OpenVpnEnable コマンド
CMD_OpenVpnEnable OpenVPN 互換サーバー機能を有効化 / 無効化
CMD_OpenVpnEnable_Help SoftEther VPN Server には OpenVPN 社の OpenVPN ソフトウェア製品と同等の VPN サーバー機能が搭載されています。OpenVPN サーバー機能を有効にすると、OpenVPN クライアントから OpenVPN サーバーに接続できるようになります。\n\nOpenVPN 互換サーバー機能で仮想 HUB に接続する場合のユーザー名の指定方法、およびデフォルト仮想 HUB の選択規則は、IPsec サーバー機能と同様です。詳しくは IPsecEnable コマンドのヘルプを参照してください。\n\nこのコマンドを実行するには、VPN Server の管理者権限が必要です。\nこのコマンドは、VPN Bridge では実行できません。\nこのコマンドは、クラスタとして動作している VPN Server の仮想 HUB では実行できません。
CMD_OpenVpnEnable_Args OpenVpnEnable [yes|no]
CMD_OpenVpnEnable_[yes|no] OpenVPN 互換サーバー機能を有効にする場合は yes、無効にする場合は no を指定します。
CMD_OpenVpnEnable_Prompt_[yes|no] OpenVPN 互換サーバー機能を有効化 (yes / no):
# OpenVpnGet コマンド
CMD_OpenVpnGet OpenVPN 互換サーバー機能の現在の設定を取得
CMD_OpenVpnGet_Help 現在の OpenVPN 互換サーバー機能の設定を取得して表示します。\n\nこのコマンドを実行するには、VPN Server の管理者権限が必要です。\nこのコマンドは、VPN Bridge では実行できません。\nこのコマンドは、クラスタとして動作している VPN Server の仮想 HUB では実行できません。
CMD_OpenVpnGet_Args OpenVpnGet
CMD_OpenVpnGet_PRINT_Enabled OpenVPN 互換サーバー機能が有効
# OpenVpnMakeConfig コマンド
CMD_OpenVpnMakeConfig OpenVPN 互換サーバー機能に接続可能なサンプルの OpenVPN 設定ファイルの生成
CMD_OpenVpnMakeConfig_Help 本来、OpenVPN クライアントを使うためには設定ファイルを手動で記述する必要がありますが、これは難易度が高い作業です。しかし、このコマンドを使用すればこの VPN Server に接続することができる基本的な OpenVPN クライアント用の設定ファイルを自動的に生成することができます。\n\nこのコマンドを実行するには、VPN Server の管理者権限が必要です。\nこのコマンドは、VPN Bridge では実行できません。\nこのコマンドは、クラスタとして動作している VPN Server の仮想 HUB では実行できません。
@ -6310,42 +6328,9 @@ CMD_OpenVpnMakeConfig_OK サンプル設定ファイルを "%s" ファイル
CMD_OpenVpnMakeConfig_ERROR サンプル設定ファイルを "%s" ファイルに保存できませんでした。ファイル名が正しくない可能性があります。\n
# OpenVpnObfuscationEnable
CMD_OpenVpnObfuscationEnable Enable / Disable the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationEnable_Help This allows an OpenVPN client to bypass a firewall which is aware of the protocol and is able to block it.\nThe same XOR mask have to be applied to the client, otherwise it will not be able to connect with certain obfuscation methods!\nBeware that you need a special OpenVPN client with the "XOR patch" applied in order to use this function, because it has never been merged in the official OpenVPN repository.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_OpenVpnObfuscationEnable_Args OpenVpnObfuscationEnable [yes|no] [/MASK:mask]
CMD_OpenVpnObfuscationEnable_[yes|no] Specify "yes" to enable the OpenVPN obfuscation function. Specify "no" to disable it.
CMD_OpenVpnObfuscationEnable_MASK Mask used to XOR the bytes in the packet (used for certain obfuscation modes).
CMD_OpenVpnObfuscationEnable_Prompt_[yes|no] Enable OpenVPN packet obfuscation (yes / no):
CMD_OpenVpnObfuscationEnable_Prompt_MASK XOR mask:
# OpenVpnObfuscationGet
CMD_OpenVpnObfuscationGet Get the current settings of the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationGet_Help Get and show the current settings of the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationGet_Args OpenVpnObfuscationGet
CMD_OpenVpnObfuscationGet_PRINT_Enabled OpenVPN obfuscation enabled
CMD_OpenVpnObfuscationGet_PRINT_Mask XOR mask
# SstpEnable コマンド
CMD_SstpEnable Microsoft SSTP VPN 互換サーバー機能を有効化 / 無効化
CMD_SstpEnable_Help SoftEther VPN Server には Microsoft 社の Windows Server 2008 / 2012 製品に搭載されている MS-SSTP VPN サーバー機能と互換性がある機能が搭載されています。Microsoft SSTP VPN 互換サーバー機能を有効にすると、Windows Vista / 7 / 8 / RT / 10 に標準搭載の MS-SSTP クライアントからこの VPN Server に接続できるようになります。\n\n[ご注意]\nVPN Server の SSL 証明書の CN の値がクライアント側で指定するホスト名と一致し、かつその証明書が信頼されている必要があります。詳しくは Microsoft 社のドキュメントを参照してください。\n指定された CN の値を持つ新しい SSL 証明書 (自己署名証明書) を生成して VPN Server の現在の証明書と置換するためには、ServerCertRegenerate コマンドを使用してください。この場合は、当該証明書を SSTP VPN クライアントのコンピュータの信頼されるルート証明書として登録する必要があります。このような手間をかけたくない場合は、代わりに VeriSign や GlobalSign 社などの市販の証明書業者の SSL 証明書の取得を検討してください。\n\nMicrosoft SSTP VPN 互換サーバー機能で仮想 HUB に接続する場合のユーザー名の指定方法、およびデフォルト仮想 HUB の選択規則は、IPsec サーバー機能と同様です。詳しくは IPsecEnable コマンドのヘルプを参照してください。\n\nこのコマンドを実行するには、VPN Server の管理者権限が必要です。\nこのコマンドは、VPN Bridge では実行できません。\nこのコマンドは、クラスタとして動作している VPN Server の仮想 HUB では実行できません。
CMD_SstpEnable_Args SstpEnable [yes|no]
CMD_SstpEnable_[yes|no] Microsoft SSTP VPN 互換サーバー機能を有効にする場合は yes、無効にする場合は no を指定します。
CMD_SstpEnable_Prompt_[yes|no] SSTP VPN 互換サーバー機能を有効化 (yes / no):
CMD_SstpEnable_PRINT_Enabled SSTP VPN 互換サーバー機能が有効
# SstpGet コマンド
CMD_SstpGet Microsoft SSTP VPN 互換サーバー機能の現在の設定を取得
CMD_SstpGet_Help 現在の Microsoft SSTP VPN 互換サーバー機能の設定を取得して表示します。\n\nこのコマンドを実行するには、VPN Server の管理者権限が必要です。\nこのコマンドは、VPN Bridge では実行できません。\nこのコマンドは、クラスタとして動作している VPN Server の仮想 HUB では実行できません。
CMD_SstpGet_Args SstpGet
# ServerCertRegenerate コマンド
CMD_ServerCertRegenerate 指定された CN (Common Name) を持つ自己署名証明書を新たに作成し VPN Server に登録
CMD_ServerCertRegenerate_Help SoftEther VPN Server の SSL-VPN 機能で提示されるサーバー証明書を、新たに作成する証明書に置き換えます。新たな証明書は自己署名証明書として生成され、CN (Common Name) の値を任意の文字列に設定することができます。\n\nこのコマンドは、Microsoft SSTP VPN 互換サーバー機能を使用しようとする場合に便利です。なぜならば、SSTP VPN クライアント (Windows Vista / 7 / 8 / RT / 10 に標準搭載) は接続先の VPN Server の提示する SSL 証明書の CN (Common Name) の値が接続先として指定されているホスト名文字列と完全に一致するかどうかを検証し、もし一致しない場合は接続をキャンセルするためです。\n詳しくは SstpEnable コマンドのヘルプを参照してください。\n\nこのコマンドは、既存の VPN Server の SSL 証明書を削除します。ServerCertGet コマンドおよび ServerKeyGet コマンドを用いて、現在の証明書と秘密鍵をバックアップしておくことを推奨します。\n\nこのコマンドを実行するには、VPN Server の管理者権限が必要です。\nこのコマンドは、VPN Bridge では実行できません。
CMD_ServerCertRegenerate_Help SoftEther VPN Server の SSL-VPN 機能で提示されるサーバー証明書を、新たに作成する証明書に置き換えます。新たな証明書は自己署名証明書として生成され、CN (Common Name) の値を任意の文字列に設定することができます。\n\nこのコマンドは、Microsoft SSTP VPN 互換サーバー機能を使用しようとする場合に便利です。なぜならば、SSTP VPN クライアント (Windows Vista / 7 / 8 / RT / 10 に標準搭載) は接続先の VPN Server の提示する SSL 証明書の CN (Common Name) の値が接続先として指定されているホスト名文字列と完全に一致するかどうかを検証し、もし一致しない場合は接続をキャンセルするためです。\n\nこのコマンドは、既存の VPN Server の SSL 証明書を削除します。ServerCertGet コマンドおよび ServerKeyGet コマンドを用いて、現在の証明書と秘密鍵をバックアップしておくことを推奨します。\n\nこのコマンドを実行するには、VPN Server の管理者権限が必要です。\nこのコマンドは、VPN Bridge では実行できません。
CMD_ServerCertRegenerate_Args ServerCertRegenerate [CN]
CMD_ServerCertRegenerate_[CN] 新たに生成する自己署名証明書の Common Name (CN) の値を指定します。
CMD_ServerCertRegenerate_Prompt_CN Common Name (CN) の値:

View File

@ -1971,6 +1971,7 @@ LA_DELETE_LISTENER TCP 리스너 (포트 번호 %u)을 삭제했습니다.
LA_ENABLE_LISTENER TCP 리스너 (포트 번호 %u)를 활성화했습니다.
LA_DISABLE_LISTENER TCP 리스너 (포트 번호 %u)를 비활성화했습니다.
LA_SET_PORTS_UDP UDP ports have been set: %s.
LA_SET_PROTO_OPTIONS %s options have been set.
LA_SET_SERVER_PASSWORD 서버 관리자 암호를 설정했습니다.
LA_SET_FARM_SETTING 클러스터링 설정을 변경했습니다.
LA_SET_SERVER_CERT 서버 인증서를 설정했습니다.
@ -4543,6 +4544,36 @@ CMD_PortsUDPGet_Args PortsUDPGet
CMD_PortsUDPGet_Ports UDP ports
# ProtoOptionsSet 명령
CMD_ProtoOptionsSet Sets an option's value for the specified protocol
CMD_ProtoOptionsSet_Help This command can be used to change an option's value for a specific protocol. \nYou can retrieve the options using the ProtoOptionsGet command. \nTo execute this command, you must have VPN Server administrator privileges.
CMD_ProtoOptionsSet_Args ProtoOptionsSet [protocol] [/NAME:option_name] [/VALUE:string/true/false]
CMD_ProtoOptionsSet_[protocol] Protocol name.
CMD_ProtoOptionsSet_NAME Option name.
CMD_ProtoOptionsSet_VALUE Option value. Make sure to write a value that is accepted by the specified protocol!
CMD_ProtoOptionsSet_Prompt_[protocol] Protocol:
CMD_ProtoOptionsSet_Prompt_NAME Option:
CMD_ProtoOptionsSet_Prompt_VALUE Value:
# ProtoOptionsGet 명령
CMD_ProtoOptionsGet Lists the options for the specified protocol
CMD_ProtoOptionsGet_Help This command can be used to retrieve the options for a specific protocol. \nDetailed info (e.g. value type) will be shown. \nYou can change an option's value with the ProtoOptionsSet command.
CMD_ProtoOptionsGet_Args ProtoOptionsGet [protocol]
CMD_ProtoOptionsGet_[protocol] Protocol name.
CMD_ProtoOptionsGet_Prompt_[protocol] Protocol:
CMD_ProtoOptionsGet_Column_Name Name
CMD_ProtoOptionsGet_Column_Type Type
CMD_ProtoOptionsGet_Column_Value Value
CMD_ProtoOptionsGet_Column_Description Description
# ProtoOptions
CMD_ProtoOptions_Description_OpenVPN_DefaultClientOption When OpenVPN is compiled without OCC code, it doesn't send the options string to the server. The original OpenVPN server still works, because the configuration is static. SoftEther VPN is heuristic and wants to support as many different configurations as possible. This option allows to define the string that is sent to clients built without OCC code, so that they can successfully connect.
CMD_ProtoOptions_Description_OpenVPN_Obfuscation This may help an OpenVPN client bypass firewalls that are aware of the protocol and block it. The same XOR mask has to be applied client-side, otherwise it will not be able to connect with certain obfuscation methods!
CMD_ProtoOptions_Description_OpenVPN_ObfuscationMask Mask used to XOR the bytes in the packet (used for certain obfuscation modes).
CMD_ProtoOptions_Description_OpenVPN_PushDummyIPv4AddressOnL2Mode There's a bug that manifests under certain circumstances on Linux. It causes the OpenVPN client to disconnect unless the TAP device is UP. This option tells the server to push a dummy IPv4 address (RFC7600) to the client, so that the TAP adapter is forced to be UP.
# ServerPasswordSet 명령
CMD_ServerPasswordSet VPN Server 관리자 암호 설정
CMD_ServerPasswordSet_Help VPN Server 관리자 암호를 설정합니다. 매개 변수로 암호를 지정 할 수 있습니다. 매개 변수를 지정하지 않으면, 패스워드와 그 확인 입력을위한 프롬프트가 표시됩니다. 비밀번호를 매개 변수로 주었을 경우, 암호가 일시적으로 화면에 표시되기 때문에 위험합니다. 가능한 매개 변수를 지정하지 않고 암호 프롬프트를 사용하여 암호를 입력 할 것을 권장합니다. \n이 명령을 실행하려면 VPN Server 관리자 권한이 있어야합니다.
@ -6262,20 +6293,6 @@ CMD_EtherIpClientList_Help EtherIP/L2TPv3 over IPsec 서버 기능의 클라이
CMD_EtherIpClientList_Args EtherIpClientList
# OpenVpnEnable 명령
CMD_OpenVpnEnable OpenVPN 호환 서버 기능을 활성화/비활성화
CMD_OpenVpnEnable_Help SoftEther VPN Server는 OpenVPN 사의 OpenVPN 소프트웨어 제품과 동일한 VPN 서버 기능이 탑재되어 있습니다. OpenVPN 서버 기능을 활성화하면 OpenVPN 클라이언트에서 OpenVPN 서버에 연결 할 수 있습니다. \n \nOpenVPN 호환 서버 기능으로 가상 HUB에 연결하는 경우 사용자 이름 지정 방법 및 기본 가상 HUB 선택 규칙은 IPsec 서버 기능과 유사합니다. 자세한 내용은 IPsecEnable 명령의 도움말을 참조하십시오. \n \n이 명령을 실행하려면 VPN Server 관리자 권한이 있어야합니다. \n이 명령은 VPN Bridge에서는 실행되지 않습니다. \n이 명령은 클러스터로 작동하는 VPN Server의 가상 HUB에서는 실행되지 않습니다.
CMD_OpenVpnEnable_Args OpenVpnEnable [yes|no]
CMD_OpenVpnEnable_[yes|no] OpenVPN 호환 서버 기능을 활성화하려면 yes, 무효로하는 경우 no를 지정합니다.
CMD_OpenVpnEnable_Prompt_[yes|no] OpenVPN 호환 서버 기능을 활성화 (yes/no):
# OpenVpnGet 명령
CMD_OpenVpnGet OpenVPN 호환 서버 기능의 현재 설정을 가져
CMD_OpenVpnGet_Help 현재 OpenVPN 호환 서버 기능의 설정을 검색하고 표시합니다. \n \n이 명령을 실행하려면 VPN Server 관리자 권한이 있어야합니다. \n이 명령은 VPN Bridge에서는 실행되지 않습니다. \n이 명령은 클러스터로 작동하는 VPN Server의 가상 HUB에서는 실행되지 않습니다.
CMD_OpenVpnGet_Args OpenVpnGet
CMD_OpenVpnGet_PRINT_Enabled OpenVPN 호환 서버 기능이 활성화
# OpenVpnMakeConfig 명령
CMD_OpenVpnMakeConfig OpenVPN 호환 서버 기능에 연결 가능한 샘플의 OpenVPN 설정 파일 생성
CMD_OpenVpnMakeConfig_Help 원래 OpenVPN 클라이언트를 사용하기 위해서는 설정 파일을 수동으로 작성해야하지만, 이것은 난이도가 높은 작업입니다. 그러나이 명령을 사용하면이 VPN Server에 연결할 수있는 기본적인 OpenVPN 클라이언트의 설정 파일을 자동으로 생성 할 수 있습니다. \n \n이 명령을 실행하려면 VPN Server 관리자 권한이 있어야합니다. \n이 명령은 VPN Bridge에서는 실행되지 않습니다. \n이 명령은 클러스터로 작동하는 VPN Server의 가상 HUB에서는 실행되지 않습니다.
@ -6286,41 +6303,9 @@ CMD_OpenVpnMakeConfig_OK 예제 구성 파일 "%s"파일에 저장했습니다.
CMD_OpenVpnMakeConfig_ERROR 예제 구성 파일 "%s"파일에 저장할 수 없습니다. 파일 이름이 잘못되었을 수 있습니다. \n
# OpenVpnObfuscationEnable
CMD_OpenVpnObfuscationEnable Enable / Disable the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationEnable_Help This allows an OpenVPN client to bypass a firewall which is aware of the protocol and is able to block it.\nThe same XOR mask have to be applied to the client, otherwise it will not be able to connect with certain obfuscation methods!\nBeware that you need a special OpenVPN client with the "XOR patch" applied in order to use this function, because it has never been merged in the official OpenVPN repository.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_OpenVpnObfuscationEnable_Args OpenVpnObfuscationEnable [yes|no] [/MASK:mask]
CMD_OpenVpnObfuscationEnable_[yes|no] Specify "yes" to enable the OpenVPN obfuscation function. Specify "no" to disable it.
CMD_OpenVpnObfuscationEnable_MASK Mask used to XOR the bytes in the packet (used for certain obfuscation modes).
CMD_OpenVpnObfuscationEnable_Prompt_[yes|no] Enable OpenVPN packet obfuscation (yes / no):
CMD_OpenVpnObfuscationEnable_Prompt_MASK XOR mask:
# OpenVpnObfuscationGet
CMD_OpenVpnObfuscationGet Get the current settings of the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationGet_Help Get and show the current settings of the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationGet_Args OpenVpnObfuscationGet
CMD_OpenVpnObfuscationGet_PRINT_Enabled OpenVPN obfuscation enabled
CMD_OpenVpnObfuscationGet_PRINT_Mask XOR mask
# SstpEnable 명령
CMD_SstpEnable Microsoft SSTP VPN 호환 서버 기능을 활성화/비활성화
CMD_SstpEnable_Help SoftEther VPN Server는 Microsoft 사의 Windows Server 2008/2012 제품에 탑재 된 MS-SSTP VPN 서버 기능과 호환 기능이 탑재되어 있습니다. Microsoft SSTP VPN 호환 서버 기능을 활성화하면 Windows Vista/7/8/RT에 내장 된 MS-SSTP 클라이언트에서이 VPN Server에 연결할 수 있도록합니다. \n \n [주의] \nVPN Server의 SSL 인증서의 CN 값이 클라이언트 측에서 지정하는 호스트 이름과 일치하며 그 인증서를 신뢰할 수 있어야합니다. 자세한 내용은 Microsoft 문서를 참조하십시오. \n 지정된 CN 값을 가지는 새로운 SSL 인증서 (자체 서명 인증서)를 생성하여 VPN Server의 현재 인증서로 대체하기 위해서는 ServerCertRegenerate 명령을 사용하십시오. 이 경우 해당 인증서를 SSTP VPN 클라이언트 컴퓨터의 신뢰할 수있는 루트 인증서로 등록해야합니다. 이러한 번거 로움 않으려면 대신 VeriSign이나 GlobalSign 사 등의 상용 인증서 공급자의 SSL 인증서 취득을 검토하십시오. \n \nMicrosoft SSTP VPN 호환 서버 기능으로 가상 HUB에 연결하는 경우 사용자 이름 지정 방법 및 기본 가상 HUB 선택 규칙은 IPsec 서버 기능과 유사합니다. 자세한 내용은 IPsecEnable 명령의 도움말을 참조하십시오. \n \n이 명령을 실행하려면 VPN Server 관리자 권한이 있어야합니다. \n이 명령은 VPN Bridge에서는 실행되지 않습니다. \n이 명령은 클러스터로 작동하는 VPN Server의 가상 HUB에서는 실행되지 않습니다.
CMD_SstpEnable_Args SstpEnable [yes|no]
CMD_SstpEnable_[yes|no] Microsoft SSTP VPN 호환 서버 기능을 활성화하려면 yes, 무효로하는 경우 no를 지정합니다.
CMD_SstpEnable_Prompt_[yes|no] SSTP VPN 호환 서버 기능을 활성화 (yes/no):
CMD_SstpEnable_PRINT_Enabled SSTP VPN 호환 서버 기능이 활성화
# SstpGet 명령
CMD_SstpGet Microsoft SSTP VPN 호환 서버 기능의 현재 설정을 가져
CMD_SstpGet_Help 현재 Microsoft SSTP VPN 호환 서버 기능의 설정을 검색하고 표시합니다. \n \n이 명령을 실행하려면 VPN Server 관리자 권한이 있어야합니다. \n이 명령은 VPN Bridge에서는 실행되지 않습니다. \n이 명령은 클러스터로 작동하는 VPN Server의 가상 HUB에서는 실행되지 않습니다.
CMD_SstpGet_Args SstpGet
# ServerCertRegenerate 명령
CMD_ServerCertRegenerate 지정된 CN (Common Name)을 가진 자체 서명 인증서를 새로 만든 VPN Server에 등록
CMD_ServerCertRegenerate_Help SoftEther VPN Server의 SSL-VPN 기능을 제공하는 서버 인증서를 새로 생성하는 인증서로 대체합니다. 새로운 인증서는 자체 서명 인증서로 생성되며, CN (Common Name) 값을 임의의 문자열로 설정할 수 있습니다. \n \n이 명령은 Microsoft SSTP VPN 호환 서버 기능을 사용하고자하는 경우에 유용합니다. 왜냐하면 SSTP VPN 클라이언트 (Windows Vista/7/8/RT에 내장) 연결 대상 VPN Server가 제시하는 SSL 인증서의 CN (Common Name) 값이 연결 대상으로 지정되는 호스트 이름 문자 열과 정확히 일치 여부를 확인하고 만약 일치하지 않을 경우 연결을 취소 할 수 있습니다. \n 자세한 내용은 SstpEnable 명령의 도움말을 참조하십시오. \n \n이 명령은 기존의 VPN Server의 SSL 인증서를 삭제합니다. ServerCertGet 명령 및 ServerKeyGet 명령을 사용하여 현재 인증서와 개인 키를 백업 해 둘 것을 권장합니다. \n \n이 명령을 실행하려면 VPN Server 관리자 권한이 있어야합니다. \n이 명령은 VPN Bridge에서는 실행되지 않습니다.
CMD_ServerCertRegenerate_Help SoftEther VPN Server의 SSL-VPN 기능을 제공하는 서버 인증서를 새로 생성하는 인증서로 대체합니다. 새로운 인증서는 자체 서명 인증서로 생성되며, CN (Common Name) 값을 임의의 문자열로 설정할 수 있습니다. \n \n이 명령은 Microsoft SSTP VPN 호환 서버 기능을 사용하고자하는 경우에 유용합니다. 왜냐하면 SSTP VPN 클라이언트 (Windows Vista/7/8/RT에 내장) 연결 대상 VPN Server가 제시하는 SSL 인증서의 CN (Common Name) 값이 연결 대상으로 지정되는 호스트 이름 문자 열과 정확히 일치 여부를 확인하고 만약 일치하지 않을 경우 연결을 취소 할 수 있습니다. \n \n이 명령은 기존의 VPN Server의 SSL 인증서를 삭제합니다. ServerCertGet 명령 및 ServerKeyGet 명령을 사용하여 현재 인증서와 개인 키를 백업 해 둘 것을 권장합니다. \n \n이 명령을 실행하려면 VPN Server 관리자 권한이 있어야합니다. \n이 명령은 VPN Bridge에서는 실행되지 않습니다.
CMD_ServerCertRegenerate_Args ServerCertRegenerate [CN]
CMD_ServerCertRegenerate_[CN] 새로 생성하는 자체 서명 인증서 Common Name (CN) 값을 지정합니다.
CMD_ServerCertRegenerate_Prompt_CN Common Name (CN) 값:

View File

@ -1990,6 +1990,7 @@ LA_DELETE_LISTENER TCP listener (port number %u) has been deleted.
LA_ENABLE_LISTENER TCP listener (port number %u) has been enabled.
LA_DISABLE_LISTENER TCP listener (port number %u) has been disabled.
LA_SET_PORTS_UDP UDP ports have been set: %s.
LA_SET_PROTO_OPTIONS %s options have been set.
LA_SET_SERVER_PASSWORD The server administrator password has been set.
LA_SET_FARM_SETTING The clustering setting has been changed.
LA_SET_SERVER_CERT The server certificates have been set.
@ -4284,6 +4285,36 @@ CMD_PortsUDPGet_Args PortsUDPGet
CMD_PortsUDPGet_Ports UDP ports
# ProtoOptionsSet command
CMD_ProtoOptionsSet Sets an option's value for the specified protocol
CMD_ProtoOptionsSet_Help This command can be used to change an option's value for a specific protocol. \nYou can retrieve the options using the ProtoOptionsGet command. \nTo execute this command, you must have VPN Server administrator privileges.
CMD_ProtoOptionsSet_Args ProtoOptionsSet [protocol] [/NAME:option_name] [/VALUE:string/true/false]
CMD_ProtoOptionsSet_[protocol] Protocol name.
CMD_ProtoOptionsSet_NAME Option name.
CMD_ProtoOptionsSet_VALUE Option value. Make sure to write a value that is accepted by the specified protocol!
CMD_ProtoOptionsSet_Prompt_[protocol] Protocol:
CMD_ProtoOptionsSet_Prompt_NAME Option:
CMD_ProtoOptionsSet_Prompt_VALUE Value:
# ProtoOptionsGet command
CMD_ProtoOptionsGet Lists the options for the specified protocol
CMD_ProtoOptionsGet_Help This command can be used to retrieve the options for a specific protocol. \nDetailed info (e.g. value type) will be shown. \nYou can change an option's value with the ProtoOptionsSet command.
CMD_ProtoOptionsGet_Args ProtoOptionsGet [protocol]
CMD_ProtoOptionsGet_[protocol] Protocol name.
CMD_ProtoOptionsGet_Prompt_[protocol] Protocol:
CMD_ProtoOptionsGet_Column_Name Name
CMD_ProtoOptionsGet_Column_Type Type
CMD_ProtoOptionsGet_Column_Value Value
CMD_ProtoOptionsGet_Column_Description Description
# ProtoOptions
CMD_ProtoOptions_Description_OpenVPN_DefaultClientOption When OpenVPN is compiled without OCC code, it doesn't send the options string to the server. The original OpenVPN server still works, because the configuration is static. SoftEther VPN is heuristic and wants to support as many different configurations as possible. This option allows to define the string that is sent to clients built without OCC code, so that they can successfully connect.
CMD_ProtoOptions_Description_OpenVPN_Obfuscation This may help an OpenVPN client bypass firewalls that are aware of the protocol and block it. The same XOR mask has to be applied client-side, otherwise it will not be able to connect with certain obfuscation methods!
CMD_ProtoOptions_Description_OpenVPN_ObfuscationMask Mask used to XOR the bytes in the packet (used for certain obfuscation modes).
CMD_ProtoOptions_Description_OpenVPN_PushDummyIPv4AddressOnL2Mode There's a bug that manifests under certain circumstances on Linux. It causes the OpenVPN client to disconnect unless the TAP device is UP. This option tells the server to push a dummy IPv4 address (RFC7600) to the client, so that the TAP adapter is forced to be UP.
# ServerPasswordSet command
CMD_ServerPasswordSet Set VPN Server Administrator Password
CMD_ServerPasswordSet_Help This sets the VPN Server administrator password. You can specify the password as a parameter. If the password is not specified, a prompt will be displayed to input the password and password confirmation. If you include the password as a parameter, this password will be displayed momentarily on the screen, which poses a risk. We recommend that whenever possible, avoid specifying this parameter and input the password using the password prompt. \nTo execute this command, you must have VPN Server administrator privileges.
@ -6007,21 +6038,6 @@ CMD_EtherIpClientList_Help This command gets and shows the list of entries to ac
CMD_EtherIpClientList_Args EtherIpClientList
# OpenVpnEnable command
CMD_OpenVpnEnable Enable / Disable OpenVPN Clone Server Function
CMD_OpenVpnEnable_Help This VPN Server has the clone functions of OpenVPN software products by OpenVPN Technologies, Inc. Any OpenVPN Clients can connect to this VPN Server.\n\nThe manner to specify a username to connect to the Virtual Hub, and the selection rule of default Hub by using this clone server functions are same to the IPsec Server functions. For details, please see the help of the IPsecEnable command.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_OpenVpnEnable_Args OpenVpnEnable [yes|no]
CMD_OpenVpnEnable_[yes|no] Specify yes to enable the OpenVPN Clone Server Function. Specify no to disable.
CMD_OpenVpnEnable_Prompt_[yes|no] Enables OpenVPN Clone Server Function (yes / no):
# OpenVpnGet command
CMD_OpenVpnGet Get the Current Settings of OpenVPN Clone Server Function
CMD_OpenVpnGet_Help Get and show the current settings of OpenVPN Clone Server Function.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_OpenVpnGet_Args OpenVpnGet
CMD_OpenVpnGet_PRINT_Enabled OpenVPN Clone Server Enabled
# OpenVpnMakeConfig command
CMD_OpenVpnMakeConfig Generate a Sample Setting File for OpenVPN Client
CMD_OpenVpnMakeConfig_Help Originally, the OpenVPN Client requires a user to write a very difficult configuration file manually. This tool helps you to make a useful configuration sample. What you need to generate the configuration file for the OpenVPN Client is to run this command.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
@ -6032,42 +6048,9 @@ CMD_OpenVpnMakeConfig_OK The sample setting file was saved as "%s". You can unzi
CMD_OpenVpnMakeConfig_ERROR The sample setting files were unable to be saved as "%s". The filename might be invalid.\n
# OpenVpnObfuscationEnable
CMD_OpenVpnObfuscationEnable Enable / Disable the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationEnable_Help This allows an OpenVPN client to bypass a firewall which is aware of the protocol and is able to block it.\nThe same XOR mask have to be applied to the client, otherwise it will not be able to connect with certain obfuscation methods!\nBeware that you need a special OpenVPN client with the "XOR patch" applied in order to use this function, because it has never been merged in the official OpenVPN repository.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_OpenVpnObfuscationEnable_Args OpenVpnObfuscationEnable [yes|no] [/MASK:mask]
CMD_OpenVpnObfuscationEnable_[yes|no] Specify "yes" to enable the OpenVPN obfuscation function. Specify "no" to disable it.
CMD_OpenVpnObfuscationEnable_MASK Mask used to XOR the bytes in the packet (used for certain obfuscation modes).
CMD_OpenVpnObfuscationEnable_Prompt_[yes|no] Enable OpenVPN packet obfuscation (yes / no):
CMD_OpenVpnObfuscationEnable_Prompt_MASK Máscara XOR
# OpenVpnObfuscationGet
CMD_OpenVpnObfuscationGet Get the current settings of the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationGet_Help Get and show the current settings of the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationGet_Args OpenVpnObfuscationGet
CMD_OpenVpnObfuscationGet_PRINT_Enabled OpenVPN obfuscation enabled
CMD_OpenVpnObfuscationGet_PRINT_Mask Máscara XOR
# SstpEnable command
CMD_SstpEnable Enable / Disable Microsoft SSTP VPN Clone Server Function
CMD_SstpEnable_Help This VPN Server has the clone functions of MS-SSTP VPN Server which is on Windows Server 2008 / 2012 by Microsoft Corporation. Standard MS-SSTP Clients in Windows Vista / 7 / 8 / RT / 10 can connect to this VPN Server.\n\n[Caution]\nThe value of CN (Common Name) on the SSL certificate of VPN Server must match to the hostname specified on the client, and that certificate must be in the trusted list on the SSTP VPN client. For details refer the Microsoft's documents.\nYou can use the ServerCertRegenerate command to replace the current certificate on the VPN Server to a new self-signed certificate which has the CN (Common Name) value in the fields. In that case, you have to register such a new self-signed certificate on the SSTP VPN Client as a trusted root certificate. If you do not want to do such a bother tasks, please consider to purchase a SSL certificate provided by commercial authority such as VeriSign or GlobalSign.\n\nThe manner to specify a username to connect to the Virtual Hub, and the selection rule of default Hub by using this clone server functions are same to the IPsec Server functions. For details, please see the help of the IPsecEnable command.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_SstpEnable_Args SstpEnable [yes|no]
CMD_SstpEnable_[yes|no] Specify yes to enable the Microsoft SSTP VPN Clone Server Function. Specify no to disable.
CMD_SstpEnable_Prompt_[yes|no] Enables SSTP VPN Clone Server Function (yes / no):
CMD_SstpEnable_PRINT_Enabled SSTP VPN Clone Server Enabled
# SstpGet command
CMD_SstpGet Get the Current Settings of Microsoft SSTP VPN Clone Server Function
CMD_SstpGet_Help Get and show the current settings of Microsoft SSTP VPN Clone Server Function.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_SstpGet_Args SstpGet
# ServerCertRegenerate command
CMD_ServerCertRegenerate Generate New Self-Signed Certificate with Specified CN (Common Name) and Register on VPN Server
CMD_ServerCertRegenerate_Help You can use this command to replace the current certificate on the VPN Server to a new self-signed certificate which has the CN (Common Name) value in the fields.\n\nThis command is convenient if you are planning to use Microsoft SSTP VPN Clone Server Function. Because of the value of CN (Common Name) on the SSL certificate of VPN Server must match to the hostname specified on the SSTP VPN client.\nFor details please see the help of SstpEnable command.\n\nThis command will delete the existing SSL certificate of the VPN Server. It is recommended to backup the current SSL certificate and private key by using the ServerKeyGet command beforehand.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_ServerCertRegenerate_Help You can use this command to replace the current certificate on the VPN Server to a new self-signed certificate which has the CN (Common Name) value in the fields.\n\nThis command is convenient if you are planning to use Microsoft SSTP VPN Clone Server Function. Because of the value of CN (Common Name) on the SSL certificate of VPN Server must match to the hostname specified on the SSTP VPN client.\n\nThis command will delete the existing SSL certificate of the VPN Server. It is recommended to backup the current SSL certificate and private key by using the ServerKeyGet command beforehand.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_ServerCertRegenerate_Args ServerCertRegenerate [CN]
CMD_ServerCertRegenerate_[CN] Specify a Common Name (CN) which the new certificate will have.
CMD_ServerCertRegenerate_Prompt_CN Value of Common Name (CN):

View File

@ -1990,6 +1990,7 @@ LA_DELETE_LISTENER TCP listener (port number %u) has been deleted.
LA_ENABLE_LISTENER TCP listener (port number %u) has been enabled.
LA_DISABLE_LISTENER TCP listener (port number %u) has been disabled.
LA_SET_PORTS_UDP UDP ports have been set: %s.
LA_SET_PROTO_OPTIONS %s options have been set.
LA_SET_SERVER_PASSWORD The server administrator password has been set.
LA_SET_FARM_SETTING The clustering setting has been changed.
LA_SET_SERVER_CERT The server certificates have been set.
@ -4562,6 +4563,36 @@ CMD_PortsUDPGet_Args PortsUDPGet
CMD_PortsUDPGet_Ports UDP ports
# ProtoOptionsSet command
CMD_ProtoOptionsSet Sets an option's value for the specified protocol
CMD_ProtoOptionsSet_Help This command can be used to change an option's value for a specific protocol. \nYou can retrieve the options using the ProtoOptionsGet command. \nTo execute this command, you must have VPN Server administrator privileges.
CMD_ProtoOptionsSet_Args ProtoOptionsSet [protocol] [/NAME:option_name] [/VALUE:string/true/false]
CMD_ProtoOptionsSet_[protocol] Protocol name.
CMD_ProtoOptionsSet_NAME Option name.
CMD_ProtoOptionsSet_VALUE Option value. Make sure to write a value that is accepted by the specified protocol!
CMD_ProtoOptionsSet_Prompt_[protocol] Protocol:
CMD_ProtoOptionsSet_Prompt_NAME Option:
CMD_ProtoOptionsSet_Prompt_VALUE Value:
# ProtoOptionsGet command
CMD_ProtoOptionsGet Lists the options for the specified protocol
CMD_ProtoOptionsGet_Help This command can be used to retrieve the options for a specific protocol. \nDetailed info (e.g. value type) will be shown. \nYou can change an option's value with the ProtoOptionsSet command.
CMD_ProtoOptionsGet_Args ProtoOptionsGet [protocol]
CMD_ProtoOptionsGet_[protocol] Protocol name.
CMD_ProtoOptionsGet_Prompt_[protocol] Protocol:
CMD_ProtoOptionsGet_Column_Name Name
CMD_ProtoOptionsGet_Column_Type Type
CMD_ProtoOptionsGet_Column_Value Value
CMD_ProtoOptionsGet_Column_Description Description
# ProtoOptions
CMD_ProtoOptions_Description_OpenVPN_DefaultClientOption When OpenVPN is compiled without OCC code, it doesn't send the options string to the server. The original OpenVPN server still works, because the configuration is static. SoftEther VPN is heuristic and wants to support as many different configurations as possible. This option allows to define the string that is sent to clients built without OCC code, so that they can successfully connect.
CMD_ProtoOptions_Description_OpenVPN_Obfuscation This may help an OpenVPN client bypass firewalls that are aware of the protocol and block it. The same XOR mask has to be applied client-side, otherwise it will not be able to connect with certain obfuscation methods!
CMD_ProtoOptions_Description_OpenVPN_ObfuscationMask Mask used to XOR the bytes in the packet (used for certain obfuscation modes).
CMD_ProtoOptions_Description_OpenVPN_PushDummyIPv4AddressOnL2Mode There's a bug that manifests under certain circumstances on Linux. It causes the OpenVPN client to disconnect unless the TAP device is UP. This option tells the server to push a dummy IPv4 address (RFC7600) to the client, so that the TAP adapter is forced to be UP.
# ServerPasswordSet command
CMD_ServerPasswordSet Set VPN Server Administrator Password
CMD_ServerPasswordSet_Help This sets the VPN Server administrator password. You can specify the password as a parameter. If the password is not specified, a prompt will be displayed to input the password and password confirmation. If you include the password as a parameter, this password will be displayed momentarily on the screen, which poses a risk. We recommend that whenever possible, avoid specifying this parameter and input the password using the password prompt. \nTo execute this command, you must have VPN Server administrator privileges.
@ -6280,20 +6311,6 @@ CMD_EtherIpClientList_Help This command gets and shows the list of entries to ac
CMD_EtherIpClientList_Args EtherIpClientList
# OpenVpnEnable command
CMD_OpenVpnEnable Enable / Disable OpenVPN Clone Server Function
CMD_OpenVpnEnable_Help This VPN Server has the clone functions of OpenVPN software products by OpenVPN Technologies, Inc. Any OpenVPN Clients can connect to this VPN Server.\n\nThe manner to specify a username to connect to the Virtual Hub, and the selection rule of default Hub by using this clone server functions are same to the IPsec Server functions. For details, please see the help of the IPsecEnable command.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_OpenVpnEnable_Args OpenVpnEnable [yes|no]
CMD_OpenVpnEnable_[yes|no] Specify yes to enable the OpenVPN Clone Server Function. Specify no to disable.
CMD_OpenVpnEnable_Prompt_[yes|no] Enables OpenVPN Clone Server Function (yes / no):
# OpenVpnGet command
CMD_OpenVpnGet Get the Current Settings of OpenVPN Clone Server Function
CMD_OpenVpnGet_Help Get and show the current settings of OpenVPN Clone Server Function.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_OpenVpnGet_Args OpenVpnGet
CMD_OpenVpnGet_PRINT_Enabled OpenVPN Clone Server Enabled
# OpenVpnMakeConfig command
CMD_OpenVpnMakeConfig Generate a Sample Setting File for OpenVPN Client
CMD_OpenVpnMakeConfig_Help Originally, the OpenVPN Client requires a user to write a very difficult configuration file manually. This tool helps you to make a useful configuration sample. What you need to generate the configuration file for the OpenVPN Client is to run this command.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
@ -6304,42 +6321,9 @@ CMD_OpenVpnMakeConfig_OK The sample setting file was saved as "%s". You can un
CMD_OpenVpnMakeConfig_ERROR The sample setting files were unable to be saved as "%s". The filename might be invalid.\n
# OpenVpnObfuscationEnable
CMD_OpenVpnObfuscationEnable Enable / Disable the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationEnable_Help This allows an OpenVPN client to bypass a firewall which is aware of the protocol and is able to block it.\nThe same XOR mask have to be applied to the client, otherwise it will not be able to connect with certain obfuscation methods!\nBeware that you need a special OpenVPN client with the "XOR patch" applied in order to use this function, because it has never been merged in the official OpenVPN repository.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_OpenVpnObfuscationEnable_Args OpenVpnObfuscationEnable [yes|no] [/MASK:mask]
CMD_OpenVpnObfuscationEnable_[yes|no] Specify "yes" to enable the OpenVPN obfuscation function. Specify "no" to disable it.
CMD_OpenVpnObfuscationEnable_MASK Mask used to XOR the bytes in the packet (used for certain obfuscation modes).
CMD_OpenVpnObfuscationEnable_Prompt_[yes|no] Enable OpenVPN packet obfuscation (yes / no):
CMD_OpenVpnObfuscationEnable_Prompt_MASK XOR mask:
# OpenVpnObfuscationGet
CMD_OpenVpnObfuscationGet Get the current settings of the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationGet_Help Get and show the current settings of the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationGet_Args OpenVpnObfuscationGet
CMD_OpenVpnObfuscationGet_PRINT_Enabled OpenVPN obfuscation enabled
CMD_OpenVpnObfuscationGet_PRINT_Mask XOR mask
# SstpEnable command
CMD_SstpEnable Enable / Disable Microsoft SSTP VPN Clone Server Function
CMD_SstpEnable_Help This VPN Server has the clone functions of MS-SSTP VPN Server which is on Windows Server 2008 / 2012 by Microsoft Corporation. Standard MS-SSTP Clients in Windows Vista / 7 / 8 / RT / 10 can connect to this VPN Server.\n\n[Caution]\nThe value of CN (Common Name) on the SSL certificate of VPN Server must match to the hostname specified on the client, and that certificate must be in the trusted list on the SSTP VPN client. For details refer the Microsoft's documents.\nYou can use the ServerCertRegenerate command to replace the current certificate on the VPN Server to a new self-signed certificate which has the CN (Common Name) value in the fields. In that case, you have to register such a new self-signed certificate on the SSTP VPN Client as a trusted root certificate. If you do not want to do such a bother tasks, please consider to purchase a SSL certificate provided by commercial authority such as VeriSign or GlobalSign.\n\nThe manner to specify a username to connect to the Virtual Hub, and the selection rule of default Hub by using this clone server functions are same to the IPsec Server functions. For details, please see the help of the IPsecEnable command.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_SstpEnable_Args SstpEnable [yes|no]
CMD_SstpEnable_[yes|no] Specify yes to enable the Microsoft SSTP VPN Clone Server Function. Specify no to disable.
CMD_SstpEnable_Prompt_[yes|no] Enables SSTP VPN Clone Server Function (yes / no):
CMD_SstpEnable_PRINT_Enabled SSTP VPN Clone Server Enabled
# SstpGet command
CMD_SstpGet Get the Current Settings of Microsoft SSTP VPN Clone Server Function
CMD_SstpGet_Help Get and show the current settings of Microsoft SSTP VPN Clone Server Function.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_SstpGet_Args SstpGet
# ServerCertRegenerate command
CMD_ServerCertRegenerate Generate New Self-Signed Certificate with Specified CN (Common Name) and Register on VPN Server
CMD_ServerCertRegenerate_Help You can use this command to replace the current certificate on the VPN Server to a new self-signed certificate which has the CN (Common Name) value in the fields.\n\nThis command is convenient if you are planning to use Microsoft SSTP VPN Clone Server Function. Because of the value of CN (Common Name) on the SSL certificate of VPN Server must match to the hostname specified on the SSTP VPN client.\nFor details please see the help of SstpEnable command.\n\nThis command will delete the existing SSL certificate of the VPN Server. It is recommended to backup the current SSL certificate and private key by using the ServerKeyGet command beforehand.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_ServerCertRegenerate_Help You can use this command to replace the current certificate on the VPN Server to a new self-signed certificate which has the CN (Common Name) value in the fields.\n\nThis command is convenient if you are planning to use Microsoft SSTP VPN Clone Server Function. Because of the value of CN (Common Name) on the SSL certificate of VPN Server must match to the hostname specified on the SSTP VPN client.\n\nThis command will delete the existing SSL certificate of the VPN Server. It is recommended to backup the current SSL certificate and private key by using the ServerKeyGet command beforehand.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_ServerCertRegenerate_Args ServerCertRegenerate [CN]
CMD_ServerCertRegenerate_[CN] Specify a Common Name (CN) which the new certificate will have.
CMD_ServerCertRegenerate_Prompt_CN Value of Common Name (CN):

View File

@ -2010,6 +2010,7 @@ LA_DELETE_LISTENER 已刪除 TCP 監聽器 (埠號 %u)。
LA_ENABLE_LISTENER 已啟用 TCP 監聽器 (埠號 %u)。
LA_DISABLE_LISTENER 已禁用 TCP 監聽器 (埠號 %u)。
LA_SET_PORTS_UDP UDP ports have been set: %s.
LA_SET_PROTO_OPTIONS %s options have been set.
LA_SET_SERVER_PASSWORD 服務端管理員密碼設置完成。
LA_SET_FARM_SETTING 群集設置變更完成。
LA_SET_SERVER_CERT 服務端證書設定完成。
@ -4581,6 +4582,36 @@ CMD_PortsUDPGet_Args PortsUDPGet
CMD_PortsUDPGet_Ports UDP ports
# ProtoOptionsSet 命令
CMD_ProtoOptionsSet Sets an option's value for the specified protocol
CMD_ProtoOptionsSet_Help This command can be used to change an option's value for a specific protocol. \nYou can retrieve the options using the ProtoOptionsGet command. \nTo execute this command, you must have VPN Server administrator privileges.
CMD_ProtoOptionsSet_Args ProtoOptionsSet [protocol] [/NAME:option_name] [/VALUE:string/true/false]
CMD_ProtoOptionsSet_[protocol] Protocol name.
CMD_ProtoOptionsSet_NAME Option name.
CMD_ProtoOptionsSet_VALUE Option value. Make sure to write a value that is accepted by the specified protocol!
CMD_ProtoOptionsSet_Prompt_[protocol] Protocol:
CMD_ProtoOptionsSet_Prompt_NAME Option:
CMD_ProtoOptionsSet_Prompt_VALUE Value:
# ProtoOptionsGet 命令
CMD_ProtoOptionsGet Lists the options for the specified protocol
CMD_ProtoOptionsGet_Help This command can be used to retrieve the options for a specific protocol. \nDetailed info (e.g. value type) will be shown. \nYou can change an option's value with the ProtoOptionsSet command.
CMD_ProtoOptionsGet_Args ProtoOptionsGet [protocol]
CMD_ProtoOptionsGet_[protocol] Protocol name.
CMD_ProtoOptionsGet_Prompt_[protocol] Protocol:
CMD_ProtoOptionsGet_Column_Name Name
CMD_ProtoOptionsGet_Column_Type Type
CMD_ProtoOptionsGet_Column_Value Value
CMD_ProtoOptionsGet_Column_Description Description
# ProtoOptions
CMD_ProtoOptions_Description_OpenVPN_DefaultClientOption When OpenVPN is compiled without OCC code, it doesn't send the options string to the server. The original OpenVPN server still works, because the configuration is static. SoftEther VPN is heuristic and wants to support as many different configurations as possible. This option allows to define the string that is sent to clients built without OCC code, so that they can successfully connect.
CMD_ProtoOptions_Description_OpenVPN_Obfuscation This may help an OpenVPN client bypass firewalls that are aware of the protocol and block it. The same XOR mask has to be applied client-side, otherwise it will not be able to connect with certain obfuscation methods!
CMD_ProtoOptions_Description_OpenVPN_ObfuscationMask Mask used to XOR the bytes in the packet (used for certain obfuscation modes).
CMD_ProtoOptions_Description_OpenVPN_PushDummyIPv4AddressOnL2Mode There's a bug that manifests under certain circumstances on Linux. It causes the OpenVPN client to disconnect unless the TAP device is UP. This option tells the server to push a dummy IPv4 address (RFC7600) to the client, so that the TAP adapter is forced to be UP.
# ServerPasswordSet 命令
CMD_ServerPasswordSet 設置 VPN Server 管理員密碼
CMD_ServerPasswordSet_Help 這將設置 VPN Server 管理員密碼。您可以指定密碼為一個參數。如果密碼沒有指定,將顯示提示輸入密碼和密碼確認。如果指定密碼為一個參數,這個密碼將在螢幕上顯示瞬間,這構成了風險。我們建議盡可能避免指定這個參數,使用密碼提示輸入密碼。\n為了執行這個命令您必須有 VPN Server 管理員許可權。
@ -6298,20 +6329,6 @@ CMD_EtherIpClientList_Help 這個命令會獲得和顯示通過 EtherIP / L2TPv
CMD_EtherIpClientList_Args EtherIpClientList
# OpenVpnEnable 命令
CMD_OpenVpnEnable 啟用/禁用 OpenVPN 克隆伺服器功能
CMD_OpenVpnEnable_Help 本 VPN Server 有 OpenVPN Technologies, Inc. 公司生產的 OpenVPN 軟體產品的克隆功能。任何 OpenVPN Client 都可以連接到本 VPN Server。\n\n指定用戶名連接到虛擬 HUB 的的方式,使用本克隆伺服器功能來為預設虛擬 HUB 的選擇規則都與 IPsec 伺服器功能相同。詳情,請參見 IPsecEnable 命令的幫助。\n\n要執行此命令您必須具有 VPN Server 管理員許可權。\n該命令在 VPN Bridge 上不能運行。\n以集群成員運行的 VPN Server 的虛擬 HUB 不能執行此命令。
CMD_OpenVpnEnable_Args OpenVpnEnable [yes|no]
CMD_OpenVpnEnable_[yes|no] 指定 "yes",啟用 OpenVPN 克隆伺服器功能。指定 "no" 禁用該功能。
CMD_OpenVpnEnable_Prompt_[yes|no] 啟用 OpenVPN 克隆伺服器功能 (yes / no):
# OpenVpnGet 命令
CMD_OpenVpnGet 獲取 OpenVPN 克隆伺服器功能的當前設置
CMD_OpenVpnGet_Help 獲取並顯示 OpenVPN 克隆伺服器功能的當前設置。\n\n要執行此命令您必須具有 VPN Server 管理員許可權。\n該命令在 VPN Bridge 上不能運行。\n以集群成員運行的 VPN Server 的虛擬 HUB 不能執行此命令。
CMD_OpenVpnGet_Args OpenVpnGet
CMD_OpenVpnGet_PRINT_Enabled OpenVPN 克隆伺服器已啟用
# OpenVpnMakeConfig 命令
CMD_OpenVpnMakeConfig 生成 OpenVPN Client 樣本設置檔案
CMD_OpenVpnMakeConfig_Help 原來OpenVPN Client 會要求用戶手寫很難的設定檔案。本工具可以説明您創建一個有用的配置樣本。你所需要生成的 OpenVPN Client 設定檔案就是運行此命令。\n\n要執行此命令您必須具有 VPN Server 管理員許可權。\n該命令在 VPN Bridge 上不能運行。\n以集群成員運行的 VPN Server 的虛擬 HUB 不能執行此命令。
@ -6322,42 +6339,9 @@ CMD_OpenVpnMakeConfig_OK 樣本設置檔案被保存為 "%s"。您可以解
CMD_OpenVpnMakeConfig_ERROR 本樣本設置檔案不能保存為 "%s"。該檔案名無效。\n
# OpenVpnObfuscationEnable
CMD_OpenVpnObfuscationEnable Enable / Disable the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationEnable_Help This allows an OpenVPN client to bypass a firewall which is aware of the protocol and is able to block it.\nThe same XOR mask have to be applied to the client, otherwise it will not be able to connect with certain obfuscation methods!\nBeware that you need a special OpenVPN client with the "XOR patch" applied in order to use this function, because it has never been merged in the official OpenVPN repository.\n\nTo execute this command, you must have VPN Server administrator privileges. \nThis command cannot be run on VPN Bridge.\nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
CMD_OpenVpnObfuscationEnable_Args OpenVpnObfuscationEnable [yes|no] [/MASK:mask]
CMD_OpenVpnObfuscationEnable_[yes|no] Specify "yes" to enable the OpenVPN obfuscation function. Specify "no" to disable it.
CMD_OpenVpnObfuscationEnable_MASK Mask used to XOR the bytes in the packet (used for certain obfuscation modes).
CMD_OpenVpnObfuscationEnable_Prompt_[yes|no] Enable OpenVPN packet obfuscation (yes / no):
CMD_OpenVpnObfuscationEnable_Prompt_MASK XOR mask:
# OpenVpnObfuscationGet
CMD_OpenVpnObfuscationGet Get the current settings of the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationGet_Help Get and show the current settings of the OpenVPN clone server function's obfuscation mode
CMD_OpenVpnObfuscationGet_Args OpenVpnObfuscationGet
CMD_OpenVpnObfuscationGet_PRINT_Enabled OpenVPN obfuscation enabled
CMD_OpenVpnObfuscationGet_PRINT_Mask XOR mask
# SstpEnable 命令
CMD_SstpEnable 啟用/禁用 Microsoft SSTP VPN 克隆伺服器功能
CMD_SstpEnable_Help 本 VPN Server 擁有植入在微軟 Windows Server 2008 / 2012 中的 MS-SSTP VPN Server 的克隆功能。Windows Vista / 7 / 8 / RT / 10 中的標準 MS-SSTP 用戶端可以連接本 VPN Server。\n\n[注意]\n在 VPN Server 上的 SSL 證書 CN 值必須要和指定給用戶端的主機名稱吻合。並且,該證書必須在 SSTP VPN Client 的信任清單中。詳情請參見微軟相關檔。\n您可以用用 ServerCertRegenerate 命令來取代當前 VPN Server 的證書,形成一個新的,有 CN 值欄位的自我認證證書。這樣的話,您需要在 SSTP VPN Client 註冊這樣一個新的自我認證證書作為一個可信任根證書。如果您的確想做這件複雜的事,請考慮購買一個商業權威機構的 SSL 證書,如 VeriSign 或者 GlobalSign。\n\n指定用戶名連接到虛擬 HUB 的的方式,使用本克隆伺服器功能來為預設虛擬 HUB 的選擇規則都與 IPsec 伺服器功能相同。詳情,請參見 IPsecEnable 命令的幫助。\n\n要執行此命令您必須具有 VPN Server 管理員許可權。\n該命令在 VPN Bridge 上不能運行。\n以集群成員運行的 VPN Server 的虛擬 HUB 不能執行此命令。
CMD_SstpEnable_Args SstpEnable [yes|no]
CMD_SstpEnable_[yes|no] 指定 "yes"啟用Microsoft SSTP VPN 克隆伺服器功能。指定 "no" 禁用該功能。
CMD_SstpEnable_Prompt_[yes|no] 啟用 SSTP VPN 克隆伺服器功能(yes/no):
CMD_SstpEnable_PRINT_Enabled SSTP VPN 克隆伺服器已禁用
# SstpGet 命令
CMD_SstpGet 獲得 Microsoft SSTP VPN 克隆伺服器功能的當前設置
CMD_SstpGet_Help 獲得並顯示 Microsoft SSTP VPN 克隆伺服器功能的當前設置。\n\n要執行此命令您必須具有 VPN Server 管理員許可權。\n該命令在 VPN Bridge 上不能運行。\n以集群成員運行的 VPN Server 的虛擬 HUB 不能執行此命令。
CMD_SstpGet_Args SstpGet
# ServerCertRegenerate 命令
CMD_ServerCertRegenerate 生成一個新的帶有指定 CN (Common Name) 的自簽章憑證,並且在 VPN Server 上註冊。
CMD_ServerCertRegenerate_Help 您可以使用此命令,將當前 VPN Server 上的證書替換成一個新的、有 CN (Common Name) 值欄位的、自簽字證書。n\n此命令在您想使用 Microsoft SSTP VPN 克隆伺服器功能時很方便。因為在 VPN Server 上 SSL 證書的 CN 值必須要與 SSTP VPN Client 指定的主機名稱吻合。\n詳情參見 SstpEnable 命令的幫助。\n\n本命令會刪除 VPN Server 上現有的 SSL 證書。這要求事先使用 ServerKeyGet 命令備份當前的 SSL 證書和金鑰。\n\n要執行此命令您必須具有 VPN Server 管理員許可權。\n該命令在 VPN Bridge 上不能運行。\n以集群成員運行的 VPN Server 的虛擬 HUB 不能執行此命令。
CMD_ServerCertRegenerate_Help 您可以使用此命令,將當前 VPN Server 上的證書替換成一個新的、有 CN (Common Name) 值欄位的、自簽字證書。n\n此命令在您想使用 Microsoft SSTP VPN 克隆伺服器功能時很方便。因為在 VPN Server 上 SSL 證書的 CN 值必須要與 SSTP VPN Client 指定的主機名稱吻合。\n\n本命令會刪除 VPN Server 上現有的 SSL 證書。這要求事先使用 ServerKeyGet 命令備份當前的 SSL 證書和金鑰。\n\n要執行此命令您必須具有 VPN Server 管理員許可權。\n該命令在 VPN Bridge 上不能運行。\n以集群成員運行的 VPN Server 的虛擬 HUB 不能執行此命令。
CMD_ServerCertRegenerate_Args ServerCertRegenerate [CN]
CMD_ServerCertRegenerate_[CN] 指定一個新證書要使用的 Common Name(CN)
CMD_ServerCertRegenerate_Prompt_CN Common Name(CN)值: