diff options
author | Arne Schwabe <arne@rfc2549.org> | 2012-12-26 04:58:57 +0100 |
---|---|---|
committer | Arne Schwabe <arne@rfc2549.org> | 2012-12-26 04:58:57 +0100 |
commit | 8a94d6c21681896f60054c18e2495ef8c53e6f7c (patch) | |
tree | 42f3214fe619e402d8f02f2164097e4717d07c16 | |
parent | fd7570835b7e7fdd335b55bc006791ecb402277b (diff) | |
parent | 58131bfbde80b433992ab2e7deabb0b63aac072e (diff) |
Return to the old icon, I do not like the new ones yet...
102 files changed, 4056 insertions, 1967 deletions
@@ -0,0 +1 @@ +google-breakpad=[svn]http://google-breakpad.googlecode.com/svn/trunk/ diff --git a/.hgsubstate b/.hgsubstate new file mode 100644 index 00000000..248e9942 --- /dev/null +++ b/.hgsubstate @@ -0,0 +1 @@ +1093 google-breakpad diff --git a/AndroidManifest.xml b/AndroidManifest.xml index d1339ee0..b15156d6 100644 --- a/AndroidManifest.xml +++ b/AndroidManifest.xml @@ -17,8 +17,8 @@ <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="de.blinkt.openvpn" - android:versionCode="52" - android:versionName="0.5.25" > + android:versionCode="57" + android:versionName="0.5.29" > <uses-permission android:name="android.permission.INTERNET" /> <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" /> @@ -28,9 +28,12 @@ <!-- <uses-permission android:name="com.android.vending.BILLING" /> --> - <uses-sdk android:minSdkVersion="14" /> + <uses-sdk + android:minSdkVersion="14" + android:targetSdkVersion="14" /> <application + android:allowBackup="true" android:icon="@drawable/icon" android:label="@string/app" > <activity android:name=".AboutFragment" /> @@ -40,6 +43,7 @@ <activity android:name=".LogWindow" android:label="@string/openvpn_log" /> + <activity android:name=".SendDumpActivity" /> <activity android:name=".FileSelect" /> <activity android:name=".MainActivity" > <intent-filter> @@ -114,6 +118,12 @@ <category android:name="android.intent.category.DEFAULT" /> </intent-filter> </activity-alias> + + <provider + android:name=".FileProvider" + android:authorities="de.blinkt.openvpn.FileProvider" + android:exported="true" + android:grantUriPermissions="true" /> </application> -</manifest>
\ No newline at end of file +</manifest> diff --git a/fetchtranslations.sh b/fetchtranslations.sh index ff265954..847dd3cd 100755 --- a/fetchtranslations.sh +++ b/fetchtranslations.sh @@ -10,7 +10,7 @@ fi echo "Fetch translation archive" fetch -q http://crowdin.net/download/project/ics-openvpn.zip -langtoinclude="de cs ko et fr he ru" +langtoinclude="ca cs de es et fr he id it ja ko no nl ru" for lang in $langtoinclude do @@ -19,11 +19,14 @@ done # Chinese language require zh-CN and zh-TW -for lang in "zh-CN" +for lang in zh-CN zh-TW do if [ $lang = "zh-CN" ] ; then rlang="zh-rCN" + elif [ $lang = "zh-TW" ] ; then + rlang="zh-rTW" fi + echo "Fetch archive for $lang" fetch http://crowdin.net/download/project/ics-openvpn/$lang.zip tar -xv -C res/values-$rlang/ --strip-components 3 -f $lang.zip diff --git a/genFAQ.py b/genFAQ.py new file mode 100755 index 00000000..1815f7a2 --- /dev/null +++ b/genFAQ.py @@ -0,0 +1,96 @@ +#!/usr/bin/env python +# Quick and dirty script to generate googlecode wiki pages + +import codecs +import xml.dom.minidom as dom +import os.path + +faqpath = "/Users/arne/oss/ics-openvpn.wiki" + +header=""" +<wiki:comment> +This page is autogenerated. Do not edit +</wiki:comment> + += Frequently aksed questions = +""" + +def getString(strid,lang): + if strid in strres[lang]: + return strres[lang][strid] + else: + return strres["default"][strid] + +def genPage(faqdom,lang): + out ="" + + out+="#summary %s\n" % getString("faq_summary",lang) + out+= header + + for xmld in faqdom.firstChild.childNodes: + for xmle in xmld.childNodes: + if xmle.nodeName == "TextView": + style = xmle.getAttribute("style") + + textstyle = None + if style == "@style/faqhead": + textstyle = "== %s ==\n" + elif style == "@style/faqitem": + textstyle = "%s\n" + + atext = xmle.getAttribute("android:text") + aid = xmle.getAttribute("android:id") + if atext: + atextid = atext.replace("@string/","") + else: + atextid = aid.replace("@+id/","") + + out += textstyle % getString(atextid,lang) + + return out + + +strres={} + +def loadstrres(filename,lang): + xmlstr = dom.parse(filename) + strres[lang]={} + for xmld in xmlstr.childNodes: + for xmle in xmld.childNodes: + if xmle.nodeName == "string": + strname= xmle.getAttribute("name") + strdata = xmle.firstChild.data + strres[lang][strname]=strdata + + +def main(): + + loadstrres("res/values/strings.xml","default") + + faqdom = dom.parse("res/layout/faq.xml") + faq= genPage(faqdom,"default") + + open(faqpath + "/FAQ.wiki","w").write(faq) + + for directory in os.listdir("res"): + if directory.startswith("values-"): + lang = directory.split("-",1)[1] + loadstrres("res/values-%s/strings.xml" % lang,lang) + + langdir= "%s/%s" %(faqpath,lang) + if lang=="zh-rCN": + langdir= "%s/%s" %(faqpath,"zh-Hans") + elif lang=="zh-rTW": + langdir= "%s/%s" %(faqpath,"zh-Hant") + + + if not os.path.exists(langdir): + os.mkdir(langdir) + + print lang + faq= genPage(faqdom,lang) + open("%s/FAQ.wiki" % langdir,"w").write(faq.encode("utf-8")) + + +if __name__=="__main__": + main() diff --git a/jni/Android.mk b/jni/Android.mk index 3514b920..283be302 100644 --- a/jni/Android.mk +++ b/jni/Android.mk @@ -5,6 +5,10 @@ include lzo/Android.mk include openssl/Android.mk +ifneq ($(TARGET_ARCH),mips) +include google-breakpad/android/google_breakpad/Android.mk +endif + include openvpn/Android.mk diff --git a/jni/Application.mk b/jni/Application.mk index 38ce95f3..5670b6e3 100644 --- a/jni/Application.mk +++ b/jni/Application.mk @@ -1,6 +1,7 @@ APP_ABI := all NDK_TOOLCHAIN_VERSION=4.4.3 #APP_PLATFORM := android-14 +APP_STL:=stlport_static #APP_OPTIM := release diff --git a/openvpn/.gitignore b/openvpn/.gitignore index f762089d..a04afff7 100644 --- a/openvpn/.gitignore +++ b/openvpn/.gitignore @@ -37,6 +37,7 @@ stamp-h1 install-sh missing ltmain.sh +libtool m4/libtool.m4 m4/ltoptions.m4 m4/ltsugar.m4 @@ -50,5 +51,6 @@ config-msvc-version.h doc/openvpn.8.html distro/rpm/openvpn.spec tests/t_client.sh +tests/t_client-*-20??????-??????/ src/openvpn/openvpn config-version.h diff --git a/openvpn/Android.mk b/openvpn/Android.mk index b27ef794..c68bcccf 100644 --- a/openvpn/Android.mk +++ b/openvpn/Android.mk @@ -1,17 +1,21 @@ -# Android openvpn JNI LOCAL_PATH:= $(call my-dir)/ include $(CLEAR_VARS) LOCAL_LDLIBS := -lz -LOCAL_C_INCLUDES := openssl/include lzo/include openssl/crypto openssl openvpn/src/compat openvpn/src/openvpn openvpn/include +LOCAL_C_INCLUDES := openssl/include lzo/include openssl/crypto openssl openvpn/src/compat openvpn/src/openvpn openvpn/include google-breakpad/src google-breakpad/src/common/android/include LOCAL_SHARED_LIBRARIES := libssl libcrypto #LOCAL_STATIC_LIBRARIES := libssl_static libcrypto_static liblzo-static + +LOCAL_CFLAGS= -DHAVE_CONFIG_H -DTARGET_ABI=\"${TARGET_ABI}\" LOCAL_STATIC_LIBRARIES := liblzo-static +ifneq ($(TARGET_ARCH),mips) +LOCAL_STATIC_LIBRARIES += breakpad_client +LOCAL_CFLAGS += -DGOOGLE_BREAKPAD=1 +endif -LOCAL_CFLAGS= -DHAVE_CONFIG_H -DTARGET_ABI=\"${TARGET_ABI}\" LOCAL_MODULE = openvpn LOCAL_SRC_FILES:= \ @@ -85,7 +89,12 @@ LOCAL_SRC_FILES:= \ src/openvpn/ssl_verify_openssl.c \ src/openvpn/ssl_verify_polarssl.c \ src/openvpn/status.c \ - src/openvpn/tun.c + src/openvpn/tun.c +ifneq ($(TARGET_ARCH),mips) +LOCAL_SRC_FILES+=src/openvpn/breakpad.cpp +endif + + include $(BUILD_SHARED_LIBRARY) #include $(BUILD_EXECUTABLE) diff --git a/openvpn/config.h b/openvpn/config.h index 6684f70d..0d86c1d9 100644 --- a/openvpn/config.h +++ b/openvpn/config.h @@ -450,7 +450,7 @@ #define PACKAGE_NAME "OpenVPN" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "OpenVPN 2.3_beta1" +#define PACKAGE_STRING "OpenVPN 2.3_rc1+dspatch3" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "openvpn" diff --git a/openvpn/configure.ac b/openvpn/configure.ac index d3d974dc..2f780b7a 100644 --- a/openvpn/configure.ac +++ b/openvpn/configure.ac @@ -934,7 +934,7 @@ if test "${enable_ssl}" = "yes"; then fi if test "${enable_crypto}" = "yes"; then - test "${have_crypto_crypto}" != "yes" && AC_MSG_ERROR([${with_crypto_library} crytpo is required but missing]) + test "${have_crypto_crypto}" != "yes" && AC_MSG_ERROR([${with_crypto_library} crypto is required but missing]) OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CRYPTO_CFLAGS}" OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_CRYPTO_LIBS}" AC_DEFINE([ENABLE_CRYPTO], [1], [Enable crypto library]) diff --git a/openvpn/doc/management-notes.txt b/openvpn/doc/management-notes.txt index a07a5142..ef39b855 100644 --- a/openvpn/doc/management-notes.txt +++ b/openvpn/doc/management-notes.txt @@ -750,6 +750,34 @@ To accept connecting to the host and port directly, use this command: proxy NONE +COMMAND -- rsa-sig (OpenVPN 2.3 or higher) +------------------------------------------ +Provides support for external storage of the private key. Requires the +--management-external-key option. This option can be used instead of "key" +in client mode, and allows the client to run without the need to load the +actual private key. When the SSL protocol needs to perform an RSA sign +operation, the data to be signed will be sent to the management interface +via a notification as follows: + +>RSA_SIGN:[BASE64_DATA] + +The management interface client should then sign BASE64_DATA +using the private key and return the SSL signature as follows: + +rsa-sig +[BASE64_SIG_LINE] +. +. +. +END + +Base64 encoded output of RSA_sign(NID_md5_sha1,... will provide a +correct signature. + +This capability is intended to allow the use of arbitrary cryptographic +service providers with OpenVPN via the management interface. + + OUTPUT FORMAT ------------- diff --git a/openvpn/doc/openvpn.8 b/openvpn/doc/openvpn.8 index da1c0f9e..d66bd665 100644 --- a/openvpn/doc/openvpn.8 +++ b/openvpn/doc/openvpn.8 @@ -456,13 +456,9 @@ possess a built-in reliability layer. .\"********************************************************* .TP .B \-\-connect-retry n -For -.B \-\-proto tcp-client, -take +Wait .B n -as the -number of seconds to wait -between connection retries (default=5). +seconds between connection attempts (default=5). .\"********************************************************* .TP .B \-\-connect-timeout n @@ -474,12 +470,15 @@ seconds (default=10). .\"********************************************************* .TP .B \-\-connect-retry-max n -For -.B \-\-proto tcp-client, -take .B n -as the -number of retries of connection attempt (default=infinite). +specifies the number of times all +.B \-\-remote +respectively +.B <connection> +statements are tried. Specifiying +.B n +as one would try each entry exactly once. A sucessful connection +resets the counter. (default=umlimited). .\"********************************************************* .TP .B \-\-show-proxy-settings @@ -651,18 +650,18 @@ peer on its new IP address. .\"********************************************************* .TP .B \-\-port port -TCP/UDP port number for both local and remote. The current +TCP/UDP port number or port name for both local and remote. The current default of 1194 represents the official IANA port number assignment for OpenVPN and has been used since version 2.0-beta17. Previous versions used port 5000 as the default. .\"********************************************************* .TP .B \-\-lport port -TCP/UDP port number for bind. +TCP/UDP port number or name for bind. .\"********************************************************* .TP .B \-\-rport port -TCP/UDP port number for remote. +TCP/UDP port number or name for remote. .\"********************************************************* .TP .B \-\-bind @@ -1886,7 +1885,7 @@ is a safety precaution to prevent a LD_PRELOAD style attack from a malicious or compromised server. .\"********************************************************* .TP -.B \-\-script-security level [method] +.B \-\-script-security level This directive offers policy-level control over OpenVPN's usage of external programs and scripts. Lower .B level @@ -1905,24 +1904,40 @@ Allow calling of built-in executables and user-defined scripts. .B 3 \-\- Allow passwords to be passed to scripts via environmental variables (potentially unsafe). -The +OpenVPN releases before v2.3 also supported a .B method -parameter indicates how OpenVPN should call external commands and scripts. -Settings for -.B method: +flag which indicated how OpenVPN should call external commands and scripts. This +could be either +.B execve +or +.B system. +As of OpenVPN v2.3, this flag is no longer accepted. In most *nix environments the execve() +approach has been used without any issues. + +To run scripts in Windows in earlier OpenVPN +versions you needed to either add a full path to the script interpreter which can parse the +script or use the +.B system +flag to run these scripts. As of OpenVPN v2.3 it is now a strict requirement to have +full path to the script interpreter when running non-executables files. +This is not needed for executable files, such as .exe, .com, .bat or .cmd files. For +example, if you have a Visual Basic script, you must use this syntax now: -.B execve \-\- -(default) Use execve() function on Unix family OSes and CreateProcess() on Windows. -.br -.B system \-\- -Use system() function (deprecated and less safe since the external program command -line is subject to shell expansion). +.nf +.ft 3 +.in +4 +\-\-up 'C:\\\\Windows\\\\System32\\\\wscript.exe C:\\\\Program\\ Files\\\\OpenVPN\\\\config\\\\my-up-script.vbs' +.in -4 +.ft +.fi -The -.B \-\-script-security -option was introduced in OpenVPN 2.1_rc9. For configuration file compatibility -with previous OpenVPN versions, use: -.B \-\-script-security 3 system +Please note the single quote marks and the escaping of the backslashes (\\) and +the space character. + +The reason the support for the +.B system +flag was removed is due to the security implications with shell expansions +when executing scripts via the system() call. .\"********************************************************* .TP .B \-\-disable-occ @@ -2464,6 +2479,11 @@ Allow management interface to override .B \-\-remote directives (client-only). .\"********************************************************* +.B \-\-management-external-key +Allows usage for external private key file instead of +.B \-\-key +option (client-only). +.\"********************************************************* .TP .B \-\-management-forget-disconnect Make OpenVPN forget passwords when management session @@ -5675,7 +5695,7 @@ Set on program initiation and reset on SIGHUP. .\"********************************************************* .TP .B local_port -The local port number, specified by +The local port number or name, specified by .B \-\-port or .B \-\-lport. diff --git a/openvpn/src/openvpn/breakpad.cpp b/openvpn/src/openvpn/breakpad.cpp new file mode 100644 index 00000000..cfcc10a8 --- /dev/null +++ b/openvpn/src/openvpn/breakpad.cpp @@ -0,0 +1,29 @@ + +#include "breakpad.h" +#include "client/linux/handler/exception_handler.h" + + +static +bool DumpCallback(const google_breakpad::MinidumpDescriptor& descriptor, + void* context, + bool succeeded) { + printf("Dump path: %s\n", descriptor.path()); + fflush(stdout); + fflush(stderr); + return succeeded; +} + +static google_breakpad::MinidumpDescriptor* desc; +static google_breakpad::ExceptionHandler* eh; + +void breakpad_setup(void) +{ + printf("Initializing Google Breakpad!\n"); + desc = new google_breakpad::MinidumpDescriptor("/data/data/de.blinkt.openvpn/cache"); + eh = new google_breakpad::ExceptionHandler(*desc, NULL, DumpCallback, NULL, true,-1); +} + +void breakpad_dodump(void) +{ + eh->WriteMinidump(); +} diff --git a/openvpn/src/openvpn/breakpad.h b/openvpn/src/openvpn/breakpad.h new file mode 100644 index 00000000..84df62ab --- /dev/null +++ b/openvpn/src/openvpn/breakpad.h @@ -0,0 +1,13 @@ +#ifndef BUFFER_H +#define BUFFER_H + +#ifdef __cplusplus +extern "C" { +#endif + void breakpad_setup(void); + void breakpad_dodump(void); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/openvpn/src/openvpn/buffer.c b/openvpn/src/openvpn/buffer.c index 5eee3ee4..56d14b1a 100644 --- a/openvpn/src/openvpn/buffer.c +++ b/openvpn/src/openvpn/buffer.c @@ -782,6 +782,16 @@ char_class (const unsigned char c, const unsigned int flags) return true; if ((flags & CC_EQUAL) && c == '=') return true; + if ((flags & CC_LESS_THAN) && c == '<') + return true; + if ((flags & CC_GREATER_THAN) && c == '>') + return true; + if ((flags & CC_PIPE) && c == '|') + return true; + if ((flags & CC_QUESTION_MARK) && c == '?') + return true; + if ((flags & CC_ASTERISK) && c == '*') + return true; return false; } diff --git a/openvpn/src/openvpn/buffer.h b/openvpn/src/openvpn/buffer.h index 9bc33dba..5e11de05 100644 --- a/openvpn/src/openvpn/buffer.h +++ b/openvpn/src/openvpn/buffer.h @@ -736,6 +736,11 @@ const char *np (const char *str); #define CC_REVERSE_QUOTE (1<<23) #define CC_AT (1<<24) #define CC_EQUAL (1<<25) +#define CC_LESS_THAN (1<<26) +#define CC_GREATER_THAN (1<<27) +#define CC_PIPE (1<<28) +#define CC_QUESTION_MARK (1<<29) +#define CC_ASTERISK (1<<30) /* macro classes */ #define CC_NAME (CC_ALNUM|CC_UNDERBAR) diff --git a/openvpn/src/openvpn/error.c b/openvpn/src/openvpn/error.c index 6848425e..98611a1b 100644 --- a/openvpn/src/openvpn/error.c +++ b/openvpn/src/openvpn/error.c @@ -57,6 +57,10 @@ #endif #endif +#ifdef GOOGLE_BREAKPAD +#include "breakpad.h" +#endif + /* Globals */ unsigned int x_debug_level; /* GLOBAL */ @@ -259,7 +263,7 @@ void x_msg_va (const unsigned int flags, const char *format, va_list arglist) if (flags & M_SSL) { int nerrs = 0; - int err; + size_t err; while ((err = ERR_get_error ())) { openvpn_snprintf (m2, ERR_BUF_SIZE, "%s: %s", @@ -399,6 +403,9 @@ dont_mute (unsigned int flags) void assert_failed (const char *filename, int line) { +#ifdef GOOGLE_BREAKPAD + breakpad_dodump(); +#endif msg (M_FATAL, "Assertion failed at %s:%d", filename, line); } @@ -602,7 +609,7 @@ x_check_status (int status, const char *extended_msg = NULL; msg (x_cs_verbose_level, "%s %s returned %d", - sock ? proto2ascii (sock->info.proto, true) : "", + sock ? proto2ascii (sock->info.proto, sock->info.af, true) : "", description, status); @@ -630,14 +637,14 @@ x_check_status (int status, if (extended_msg) msg (x_cs_info_level, "%s %s [%s]: %s (code=%d)", description, - sock ? proto2ascii (sock->info.proto, true) : "", + sock ? proto2ascii (sock->info.proto, sock->info.af, true) : "", extended_msg, strerror_ts (my_errno, &gc), my_errno); else msg (x_cs_info_level, "%s %s: %s (code=%d)", description, - sock ? proto2ascii (sock->info.proto, true) : "", + sock ? proto2ascii (sock->info.proto, sock->info.af, true) : "", strerror_ts (my_errno, &gc), my_errno); diff --git a/openvpn/src/openvpn/forward-inline.h b/openvpn/src/openvpn/forward-inline.h index 5853ce29..7eb480dd 100644 --- a/openvpn/src/openvpn/forward-inline.h +++ b/openvpn/src/openvpn/forward-inline.h @@ -228,6 +228,7 @@ context_reschedule_sec (struct context *c, int sec) static inline struct link_socket_info * get_link_socket_info (struct context *c) { + if (c->c2.link_socket_info) return c->c2.link_socket_info; else diff --git a/openvpn/src/openvpn/forward.c b/openvpn/src/openvpn/forward.c index 57c78462..9e9c406c 100644 --- a/openvpn/src/openvpn/forward.c +++ b/openvpn/src/openvpn/forward.c @@ -620,7 +620,7 @@ check_timeout_random_component (struct context *c) static inline void socks_postprocess_incoming_link (struct context *c) { - if (c->c2.link_socket->socks_proxy && c->c2.link_socket->info.proto == PROTO_UDPv4) + if (c->c2.link_socket->socks_proxy && c->c2.link_socket->info.proto == PROTO_UDP) socks_process_incoming_udp (&c->c2.buf, &c->c2.from); } @@ -629,7 +629,7 @@ socks_preprocess_outgoing_link (struct context *c, struct link_socket_actual **to_addr, int *size_delta) { - if (c->c2.link_socket->socks_proxy && c->c2.link_socket->info.proto == PROTO_UDPv4) + if (c->c2.link_socket->socks_proxy && c->c2.link_socket->info.proto == PROTO_UDP) { *size_delta += socks_process_outgoing_udp (&c->c2.to_link, c->c2.to_link_addr); *to_addr = &c->c2.link_socket->socks_relay; @@ -778,7 +778,7 @@ process_incoming_link (struct context *c) fprintf (stderr, "R"); #endif msg (D_LINK_RW, "%s READ [%d] from %s: %s", - proto2ascii (lsi->proto, true), + proto2ascii (lsi->proto, lsi->af, true), BLEN (&c->c2.buf), print_link_socket_actual (&c->c2.from, &gc), PROTO_DUMP (&c->c2.buf, &gc)); @@ -985,9 +985,9 @@ process_incoming_tun (struct context *c) { /* * The --passtos and --mssfix options require - * us to examine the IPv4 header. + * us to examine the IP header (IPv4 or IPv6). */ - process_ipv4_header (c, PIPV4_PASSTOS|PIPV4_MSSFIX|PIPV4_CLIENT_NAT, &c->c2.buf); + process_ip_header (c, PIPV4_PASSTOS|PIP_MSSFIX|PIPV4_CLIENT_NAT, &c->c2.buf); #ifdef PACKET_TRUNCATION_CHECK /* if (c->c2.buf.len > 1) --c->c2.buf.len; */ @@ -1009,10 +1009,10 @@ process_incoming_tun (struct context *c) } void -process_ipv4_header (struct context *c, unsigned int flags, struct buffer *buf) +process_ip_header (struct context *c, unsigned int flags, struct buffer *buf) { if (!c->options.ce.mssfix) - flags &= ~PIPV4_MSSFIX; + flags &= ~PIP_MSSFIX; #if PASSTOS_CAPABILITY if (!c->options.passtos) flags &= ~PIPV4_PASSTOS; @@ -1027,9 +1027,9 @@ process_ipv4_header (struct context *c, unsigned int flags, struct buffer *buf) * us to examine the IPv4 header. */ #if PASSTOS_CAPABILITY - if (flags & (PIPV4_PASSTOS|PIPV4_MSSFIX)) + if (flags & (PIPV4_PASSTOS|PIP_MSSFIX)) #else - if (flags & PIPV4_MSSFIX) + if (flags & PIP_MSSFIX) #endif { struct buffer ipbuf = *buf; @@ -1042,8 +1042,8 @@ process_ipv4_header (struct context *c, unsigned int flags, struct buffer *buf) #endif /* possibly alter the TCP MSS */ - if (flags & PIPV4_MSSFIX) - mss_fixup (&ipbuf, MTU_TO_MSS (TUN_MTU_SIZE_DYNAMIC (&c->c2.frame))); + if (flags & PIP_MSSFIX) + mss_fixup_ipv4 (&ipbuf, MTU_TO_MSS (TUN_MTU_SIZE_DYNAMIC (&c->c2.frame))); #ifdef ENABLE_CLIENT_NAT /* possibly do NAT on packet */ @@ -1061,6 +1061,12 @@ process_ipv4_header (struct context *c, unsigned int flags, struct buffer *buf) route_list_add_vpn_gateway (c->c1.route_list, c->c2.es, dhcp_router); } } + else if (is_ipv6 (TUNNEL_TYPE (c->c1.tuntap), &ipbuf)) + { + /* possibly alter the TCP MSS */ + if (flags & PIP_MSSFIX) + mss_fixup_ipv6 (&ipbuf, MTU_TO_MSS (TUN_MTU_SIZE_DYNAMIC (&c->c2.frame))); + } } } } @@ -1116,7 +1122,7 @@ process_outgoing_link (struct context *c) fprintf (stderr, "W"); #endif msg (D_LINK_RW, "%s WRITE [%d] to %s: %s", - proto2ascii (c->c2.link_socket->info.proto, true), + proto2ascii (c->c2.link_socket->info.proto, c->c2.link_socket->info.proto, true), BLEN (&c->c2.to_link), print_link_socket_actual (c->c2.to_link_addr, &gc), PROTO_DUMP (&c->c2.to_link, &gc)); @@ -1217,9 +1223,9 @@ process_outgoing_tun (struct context *c) /* * The --mssfix option requires - * us to examine the IPv4 header. + * us to examine the IP header (IPv4 or IPv6). */ - process_ipv4_header (c, PIPV4_MSSFIX|PIPV4_EXTRACT_DHCP_ROUTER|PIPV4_CLIENT_NAT|PIPV4_OUTGOING, &c->c2.to_tun); + process_ip_header (c, PIP_MSSFIX|PIPV4_EXTRACT_DHCP_ROUTER|PIPV4_CLIENT_NAT|PIPV4_OUTGOING, &c->c2.to_tun); if (c->c2.to_tun.len <= MAX_RW_SIZE_TUN (&c->c2.frame)) { diff --git a/openvpn/src/openvpn/forward.h b/openvpn/src/openvpn/forward.h index 0f829bde..1830a00b 100644 --- a/openvpn/src/openvpn/forward.h +++ b/openvpn/src/openvpn/forward.h @@ -228,12 +228,12 @@ void process_outgoing_tun (struct context *c); bool send_control_channel_string (struct context *c, const char *str, int msglevel); #define PIPV4_PASSTOS (1<<0) -#define PIPV4_MSSFIX (1<<1) +#define PIP_MSSFIX (1<<1) /* v4 and v6 */ #define PIPV4_OUTGOING (1<<2) #define PIPV4_EXTRACT_DHCP_ROUTER (1<<3) #define PIPV4_CLIENT_NAT (1<<4) -void process_ipv4_header (struct context *c, unsigned int flags, struct buffer *buf); +void process_ip_header (struct context *c, unsigned int flags, struct buffer *buf); #if P2MP void schedule_exit (struct context *c, const int n_seconds, const int signal); diff --git a/openvpn/src/openvpn/init.c b/openvpn/src/openvpn/init.c index 1f06eaa5..b3125282 100644 --- a/openvpn/src/openvpn/init.c +++ b/openvpn/src/openvpn/init.c @@ -125,28 +125,19 @@ management_callback_proxy_cmd (void *arg, const char **p) ret = true; else if (p[2] && p[3]) { - const int port = atoi(p[3]); - if (!legal_ipv4_port (port)) - { - msg (M_WARN, "Bad proxy port number: %s", p[3]); - return false; - } - if (streq (p[1], "HTTP")) { #ifndef ENABLE_HTTP_PROXY msg (M_WARN, "HTTP proxy support is not available"); #else struct http_proxy_options *ho; - if (ce->proto != PROTO_TCPv4 && ce->proto != PROTO_TCPv4_CLIENT && - ce->proto != PROTO_TCPv6 && ce->proto != PROTO_TCPv6_CLIENT) - { + if (ce->proto != PROTO_TCP && ce->proto != PROTO_TCP_CLIENT ) { msg (M_WARN, "HTTP proxy support only works for TCP based connections"); return false; } ho = init_http_proxy_options_once (&ce->http_proxy_options, gc); ho->server = string_alloc (p[2], gc); - ho->port = port; + ho->port = string_alloc (p[3], gc); ho->retry = true; ho->auth_retry = (p[4] && streq (p[4], "nct") ? PAR_NCT : PAR_ALL); ret = true; @@ -158,7 +149,7 @@ management_callback_proxy_cmd (void *arg, const char **p) msg (M_WARN, "SOCKS proxy support is not available"); #else ce->socks_proxy_server = string_alloc (p[2], gc); - ce->socks_proxy_port = port; + ce->socks_proxy_port = p[3]; ret = true; #endif } @@ -225,8 +216,7 @@ management_callback_remote_cmd (void *arg, const char **p) } else if (!strcmp(p[1], "MOD") && p[2] && p[3]) { - const int port = atoi(p[3]); - if (strlen(p[2]) < RH_HOST_LEN && legal_ipv4_port(port)) + if (strlen(p[2]) < RH_HOST_LEN && strlen(p[3]) < RH_PORT_LEN) { struct remote_host_store *rhs = c->options.rh_store; if (!rhs) @@ -235,8 +225,10 @@ management_callback_remote_cmd (void *arg, const char **p) c->options.rh_store = rhs; } strncpynt(rhs->host, p[2], RH_HOST_LEN); + strncpynt(rhs->port, p[3], RH_PORT_LEN); + ce->remote = rhs->host; - ce->remote_port = port; + ce->remote_port = rhs->port; flags = CE_MAN_QUERY_REMOTE_MOD; ret = true; } @@ -251,7 +243,7 @@ management_callback_remote_cmd (void *arg, const char **p) } static bool -ce_management_query_remote (struct context *c, const char *remote_ip_hint) +ce_management_query_remote (struct context *c) { struct gc_arena gc = gc_new (); volatile struct connection_entry *ce = &c->options.ce; @@ -260,7 +252,7 @@ ce_management_query_remote (struct context *c, const char *remote_ip_hint) if (management) { struct buffer out = alloc_buf_gc (256, &gc); - buf_printf (&out, ">REMOTE:%s,%d,%s", np(ce->remote), ce->remote_port, proto2ascii(ce->proto, false)); + buf_printf (&out, ">REMOTE:%s,%s,%s", np(ce->remote), ce->remote_port, proto2ascii(ce->proto, ce->af, false)); management_notify_generic(management, BSTR (&out)); ce->flags &= ~(CE_MAN_QUERY_REMOTE_MASK<<CE_MAN_QUERY_REMOTE_SHIFT); ce->flags |= (CE_MAN_QUERY_REMOTE_QUERY<<CE_MAN_QUERY_REMOTE_SHIFT); @@ -276,8 +268,6 @@ ce_management_query_remote (struct context *c, const char *remote_ip_hint) } { const int flags = ((ce->flags>>CE_MAN_QUERY_REMOTE_SHIFT) & CE_MAN_QUERY_REMOTE_MASK); - if (flags == CE_MAN_QUERY_REMOTE_ACCEPT && remote_ip_hint) - ce->remote = remote_ip_hint; ret = (flags != CE_MAN_QUERY_REMOTE_SKIP); } gc_free (&gc); @@ -292,95 +282,126 @@ static void init_connection_list (struct context *c) { struct connection_list *l = c->options.connection_list; - if (l) + l->current = -1; + if (c->options.remote_random) { - l->current = -1; - if (c->options.remote_random) - { - int i; - for (i = 0; i < l->len; ++i) - { - const int j = get_random () % l->len; - if (i != j) - { - struct connection_entry *tmp; - tmp = l->array[i]; - l->array[i] = l->array[j]; - l->array[j] = tmp; - } - } - } + int i; + for (i = 0; i < l->len; ++i) + { + const int j = get_random () % l->len; + if (i != j) + { + struct connection_entry *tmp; + tmp = l->array[i]; + l->array[i] = l->array[j]; + l->array[j] = tmp; + } + } } } /* + * Clear the remote address list + */ +static void clear_remote_addrlist (struct link_socket_addr *lsa) +{ + if (lsa->remote_list) { + freeaddrinfo(lsa->remote_list); + } + lsa->remote_list = NULL; + lsa->current_remote = NULL; +} + +/* * Increment to next connection entry */ static void next_connection_entry (struct context *c) { struct connection_list *l = c->options.connection_list; - if (l) - { - bool ce_defined; - struct connection_entry *ce; - int n_cycles = 0; - - do { - const char *remote_ip_hint = NULL; - bool newcycle = false; - - ce_defined = true; - if (l->no_advance && l->current >= 0) - { - l->no_advance = false; - } - else - { - if (++l->current >= l->len) - { - l->current = 0; - ++l->n_cycles; - if (++n_cycles >= 2) - msg (M_FATAL, "No usable connection profiles are present"); - } - - if (l->current == 0) - newcycle = true; - } - - ce = l->array[l->current]; + bool ce_defined; + struct connection_entry *ce; + int n_cycles = 0; + + do { + ce_defined = true; + if (c->options.no_advance && l->current >= 0) + { + c->options.no_advance = false; + } + else + { + /* Check if there is another resolved address to try for + * the current connection */ + if (c->c1.link_socket_addr.current_remote && + c->c1.link_socket_addr.current_remote->ai_next) + { + c->c1.link_socket_addr.current_remote = + c->c1.link_socket_addr.current_remote->ai_next; + } + else + { + /* FIXME (schwabe) fix the persist-remote-ip option for real, + * this is broken probably ever since connection lists and multiple + * remote existed + */ + + if (!c->options.persist_remote_ip) + clear_remote_addrlist (&c->c1.link_socket_addr); + else + c->c1.link_socket_addr.current_remote = + c->c1.link_socket_addr.remote_list; + + /* + * Increase the number of connection attempts + * If this is connect-retry-max * size(l) + * OpenVPN will quit + */ + + c->options.unsuccessful_attempts++; + + if (++l->current >= l->len) + { + + l->current = 0; + if (++n_cycles >= 2) + msg (M_FATAL, "No usable connection profiles are present"); + } + } + } - if (c->options.remote_ip_hint && !l->n_cycles) - remote_ip_hint = c->options.remote_ip_hint; + ce = l->array[l->current]; - if (ce->flags & CE_DISABLED) - ce_defined = false; + if (ce->flags & CE_DISABLED) + ce_defined = false; - c->options.ce = *ce; + c->options.ce = *ce; #ifdef ENABLE_MANAGEMENT - if (ce_defined && management && management_query_remote_enabled(management)) - { - /* allow management interface to override connection entry details */ - ce_defined = ce_management_query_remote(c, remote_ip_hint); - if (IS_SIG (c)) - break; - } - else + if (ce_defined && management && management_query_remote_enabled(management)) + { + /* allow management interface to override connection entry details */ + ce_defined = ce_management_query_remote(c); + if (IS_SIG (c)) + break; + } + else #endif - if (remote_ip_hint) - c->options.ce.remote = remote_ip_hint; #ifdef ENABLE_MANAGEMENT - if (ce_defined && management && management_query_proxy_enabled (management)) - { - ce_defined = ce_management_query_proxy (c); - if (IS_SIG (c)) - break; - } + if (ce_defined && management && management_query_proxy_enabled (management)) + { + ce_defined = ce_management_query_proxy (c); + if (IS_SIG (c)) + break; + } #endif - } while (!ce_defined); - } + } while (!ce_defined); + + /* Check if this connection attempt would bring us over the limit */ + if (c->options.connect_retry_max > 0 && + c->options.unsuccessful_attempts > (l->len * c->options.connect_retry_max)) + msg(M_FATAL, "All connections have been connect-retry-max (%d) times unsuccessful, exiting", + c->options.connect_retry_max); update_options_ce_post (&c->options); } @@ -415,12 +436,6 @@ init_query_passwords (struct context *c) #ifdef GENERAL_PROXY_SUPPORT -static int -proxy_scope (struct context *c) -{ - return connection_list_defined (&c->options) ? 2 : 1; -} - static void uninit_proxy_dowork (struct context *c) { @@ -482,17 +497,15 @@ init_proxy_dowork (struct context *c) } static void -init_proxy (struct context *c, const int scope) +init_proxy (struct context *c) { - if (scope == proxy_scope (c)) - init_proxy_dowork (c); + init_proxy_dowork (c); } static void uninit_proxy (struct context *c) { - if (c->sig->signal_received != SIGUSR1 || proxy_scope (c) == 2) - uninit_proxy_dowork (c); + uninit_proxy_dowork (c); } #else @@ -544,8 +557,6 @@ context_init_1 (struct context *c) } #endif - /* initialize HTTP or SOCKS proxy object at scope level 1 */ - init_proxy (c, 1); } void @@ -1240,6 +1251,9 @@ void initialization_sequence_completed (struct context *c, const unsigned int flags) { static const char message[] = "Initialization Sequence Completed"; + + /* Reset the unsuccessful connection counter on complete initialisation */ + c->options.unsuccessful_attempts=0; /* If we delayed UID/GID downgrade or chroot, do it now */ do_uid_gid_chroot (c, true); @@ -1258,9 +1272,9 @@ initialization_sequence_completed (struct context *c, const unsigned int flags) else msg (M_INFO, "%s", message); - /* Flag connection_list that we initialized */ - if ((flags & (ISC_ERRORS|ISC_SERVER)) == 0 && connection_list_defined (&c->options)) - connection_list_set_no_advance (&c->options); + /* Flag that we initialized */ + if ((flags & (ISC_ERRORS|ISC_SERVER)) == 0) + c->options.no_advance=true; #ifdef WIN32 fork_register_dns_action (c->c1.tuntap); @@ -1374,8 +1388,8 @@ do_init_tun (struct context *c) c->options.ifconfig_ipv6_local, c->options.ifconfig_ipv6_netbits, c->options.ifconfig_ipv6_remote, - addr_host (&c->c1.link_socket_addr.local), - addr_host (&c->c1.link_socket_addr.remote), + c->c1.link_socket_addr.bind_local, + c->c1.link_socket_addr.remote_list, !c->options.ifconfig_nowarn, c->c2.es); @@ -1853,17 +1867,11 @@ socket_restart_pause (struct context *c) switch (c->options.ce.proto) { - case PROTO_UDPv4: - case PROTO_UDPv6: - if (proxy) - sec = c->options.ce.connect_retry_seconds; - break; - case PROTO_TCPv4_SERVER: - case PROTO_TCPv6_SERVER: + case PROTO_TCP_SERVER: sec = 1; break; - case PROTO_TCPv4_CLIENT: - case PROTO_TCPv6_CLIENT: + case PROTO_UDP: + case PROTO_TCP_CLIENT: sec = c->options.ce.connect_retry_seconds; break; } @@ -2219,7 +2227,7 @@ do_init_crypto_tls (struct context *c, const unsigned int flags) /* should we not xmit any packets until we get an initial response from client? */ - if (to.server && options->ce.proto == PROTO_TCPv4_SERVER) + if (to.server && options->ce.proto == PROTO_TCP_SERVER) to.xmit_hold = true; #ifdef ENABLE_OCC @@ -2504,8 +2512,6 @@ do_option_warnings (struct context *c) msg (M_WARN, "NOTE: --connect-timeout option is not supported on this OS"); #endif - if (script_method == SM_SYSTEM) - msg (M_WARN, "NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion"); } static void @@ -2628,12 +2634,12 @@ do_init_socket_1 (struct context *c, const int mode) #endif link_socket_init_phase1 (c->c2.link_socket, - connection_list_defined (&c->options), c->options.ce.local, c->options.ce.local_port, c->options.ce.remote, c->options.ce.remote_port, c->options.ce.proto, + c->options.ce.af, mode, c->c2.accept_from, #ifdef ENABLE_HTTP_PROXY @@ -2652,9 +2658,7 @@ do_init_socket_1 (struct context *c, const int mode) c->options.ipchange, c->plugins, c->options.resolve_retry_seconds, - c->options.ce.connect_retry_seconds, c->options.ce.connect_timeout, - c->options.ce.connect_retry_max, c->options.ce.mtu_discover_type, c->options.rcvbuf, c->options.sndbuf, @@ -2669,7 +2673,7 @@ static void do_init_socket_2 (struct context *c) { link_socket_init_phase2 (c->c2.link_socket, &c->c2.frame, - &c->sig->signal_received); + c->sig); } /* @@ -2841,14 +2845,30 @@ do_close_link_socket (struct context *c) c->c2.link_socket = NULL; } - if (!(c->sig->signal_received == SIGUSR1 && c->options.persist_remote_ip)) - { - CLEAR (c->c1.link_socket_addr.remote); + + /* Preserve the resolved list of remote if the user request to or if we want + * reconnect to the same host again or there are still addresses that need + * to be tried */ + if (!(c->sig->signal_received == SIGUSR1 && + ( (c->options.persist_remote_ip) + || + ( c->sig->source != SIG_SOURCE_HARD && + ((c->c1.link_socket_addr.current_remote && c->c1.link_socket_addr.current_remote->ai_next) + || c->options.no_advance)) + ))) + { + clear_remote_addrlist(&c->c1.link_socket_addr); + } + + /* Clear the remote actual address when persist_remote_ip is not in use */ + if (!(c->sig->signal_received == SIGUSR1 && c->options.persist_remote_ip)) CLEAR (c->c1.link_socket_addr.actual); - } - if (!(c->sig->signal_received == SIGUSR1 && c->options.persist_local_ip)) - CLEAR (c->c1.link_socket_addr.local); + if (!(c->sig->signal_received == SIGUSR1 && c->options.persist_local_ip)) { + if (c->c1.link_socket_addr.bind_local) + freeaddrinfo(c->c1.link_socket_addr.bind_local); + c->c1.link_socket_addr.bind_local=NULL; + } } /* @@ -3271,7 +3291,7 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int /* signals caught here will abort */ c->sig->signal_received = 0; c->sig->signal_text = NULL; - c->sig->hard = false; + c->sig->source = SIG_SOURCE_SOFT; if (c->mode == CM_P2P) init_management_callback_p2p (c); @@ -3290,8 +3310,7 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int /* link_socket_mode allows CM_CHILD_TCP instances to inherit acceptable fds from a top-level parent */ - if (c->options.ce.proto == PROTO_TCPv4_SERVER - || c->options.ce.proto == PROTO_TCPv6_SERVER) + if (c->options.ce.proto == PROTO_TCP_SERVER) { if (c->mode == CM_TOP) link_socket_mode = LS_MODE_TCP_LISTEN; @@ -3358,7 +3377,7 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int do_event_set_init (c, false); /* initialize HTTP or SOCKS proxy object at scope level 2 */ - init_proxy (c, 2); + init_proxy (c); /* allocate our socket object */ if (c->mode == CM_P2P || c->mode == CM_TOP || c->mode == CM_CHILD_TCP) @@ -3689,8 +3708,11 @@ close_context (struct context *c, int sig, unsigned int flags) if (c->sig->signal_received == SIGUSR1) { if ((flags & CC_USR1_TO_HUP) - || (c->sig->hard && (flags & CC_HARD_USR1_TO_HUP))) - c->sig->signal_received = SIGHUP; + || (c->sig->source == SIG_SOURCE_HARD && (flags & CC_HARD_USR1_TO_HUP))) + { + c->sig->signal_received = SIGHUP; + c->sig->signal_text = "close_context usr1 to hup"; + } } if (!(flags & CC_NO_CLOSE)) diff --git a/openvpn/src/openvpn/manage.c b/openvpn/src/openvpn/manage.c index 45e0bd43..c4e834b2 100644 --- a/openvpn/src/openvpn/manage.c +++ b/openvpn/src/openvpn/manage.c @@ -287,13 +287,13 @@ virtual_output_callback_func (void *arg, const unsigned int flags, const char *s # define AF_DID_PUSH (1<<0) # define AF_DID_RESET (1<<1) - unsigned int action_flags = 0; if (!recursive_level) /* don't allow recursion */ { struct gc_arena gc = gc_new (); struct log_entry e; const char *out = NULL; + unsigned int action_flags = 0; ++recursive_level; @@ -334,14 +334,15 @@ virtual_output_callback_func (void *arg, const unsigned int flags, const char *s } } - --recursive_level; gc_free (&gc); - } - if (action_flags & AF_DID_PUSH) - man_output_list_push_finalize (man); - if (action_flags & AF_DID_RESET) - man_reset_client_socket (man, true); + if (action_flags & AF_DID_PUSH) + man_output_list_push_finalize (man); + if (action_flags & AF_DID_RESET) + man_reset_client_socket (man, true); + + --recursive_level; + } } /* @@ -1460,7 +1461,7 @@ man_new_connection_post (struct management *man, const char *description) #endif msg (D_MANAGEMENT, "MANAGEMENT: %s %s", description, - print_sockaddr (&man->settings.local, &gc)); + print_sockaddr (man->settings.local->ai_addr, &gc)); buffer_list_reset (man->connection.out); @@ -1568,7 +1569,8 @@ man_listen (struct management *man) #endif { man->connection.sd_top = create_socket_tcp (AF_INET); - socket_bind (man->connection.sd_top, &man->settings.local, "MANAGEMENT"); + socket_bind (man->connection.sd_top, man->settings.local, + AF_INET, "MANAGEMENT"); } /* @@ -1592,7 +1594,7 @@ man_listen (struct management *man) else #endif msg (D_MANAGEMENT, "MANAGEMENT: TCP Socket listening on %s", - print_sockaddr (&man->settings.local, &gc)); + print_sockaddr (man->settings.local->ai_addr, &gc)); } #ifdef WIN32 @@ -1635,7 +1637,7 @@ man_connect (struct management *man) { man->connection.sd_cli = create_socket_tcp (AF_INET); status = openvpn_connect (man->connection.sd_cli, - &man->settings.local, + man->settings.local->ai_addr, 5, &signal_received); } @@ -1660,7 +1662,7 @@ man_connect (struct management *man) #endif msg (D_LINK_ERRORS, "MANAGEMENT: connect to %s failed: %s", - print_sockaddr (&man->settings.local, &gc), + print_sockaddr (man->settings.local->ai_addr, &gc), strerror_ts (status, &gc)); throw_signal_soft (SIGTERM, "management-connect-failed"); goto done; @@ -2044,7 +2046,7 @@ man_persist_close (struct man_persist *mp) static void man_settings_init (struct man_settings *ms, const char *addr, - const int port, + const char *port, const char *pass_file, const char *client_user, const char *client_group, @@ -2097,12 +2099,6 @@ man_settings_init (struct man_settings *ms, else #endif { - /* - * Initialize socket address - */ - ms->local.addr.in4.sin_family = AF_INET; - ms->local.addr.in4.sin_addr.s_addr = 0; - ms->local.addr.in4.sin_port = htons (port); /* * Run management over tunnel, or @@ -2114,8 +2110,9 @@ man_settings_init (struct man_settings *ms, } else { - ms->local.addr.in4.sin_addr.s_addr = getaddr - (GETADDR_RESOLVE|GETADDR_WARN_ON_SIGNAL|GETADDR_FATAL, addr, 0, NULL, NULL); + int status = openvpn_getaddrinfo(GETADDR_RESOLVE|GETADDR_WARN_ON_SIGNAL|GETADDR_FATAL, + addr, port, 0, NULL, AF_INET, &ms->local); + ASSERT(status==0); } } @@ -2234,7 +2231,7 @@ management_init (void) bool management_open (struct management *man, const char *addr, - const int port, + const char *port, const char *pass_file, const char *client_user, const char *client_group, @@ -2600,7 +2597,13 @@ management_post_tunnel_open (struct management *man, const in_addr_t tun_local_i && man->connection.state == MS_INITIAL) { /* listen on our local TUN/TAP IP address */ - man->settings.local.addr.in4.sin_addr.s_addr = htonl (tun_local_ip); + struct in_addr ia; + int ret; + + ia.s_addr = htonl(tun_local_ip); + ret = openvpn_getaddrinfo(0, inet_ntoa(ia), NULL, 0, NULL, + AF_INET, &man->settings.local); + ASSERT (ret==0); man_connection_init (man); } diff --git a/openvpn/src/openvpn/manage.h b/openvpn/src/openvpn/manage.h index eec24a2e..d2790dd4 100644 --- a/openvpn/src/openvpn/manage.h +++ b/openvpn/src/openvpn/manage.h @@ -212,7 +212,7 @@ struct man_persist { struct man_settings { bool defined; unsigned int flags; /* MF_x flags */ - struct openvpn_sockaddr local; + struct addrinfo* local; #if UNIX_SOCK_SUPPORT struct sockaddr_un local_unix; #endif @@ -341,7 +341,7 @@ struct management *management_init (void); bool management_open (struct management *man, const char *addr, - const int port, + const char *port, const char *pass_file, const char *client_user, const char *client_group, diff --git a/openvpn/src/openvpn/misc.c b/openvpn/src/openvpn/misc.c index d2882d81..fcc85526 100644 --- a/openvpn/src/openvpn/misc.c +++ b/openvpn/src/openvpn/misc.c @@ -53,9 +53,6 @@ const char *iproute_path = IPROUTE_PATH; /* GLOBAL */ /* contains an SSEC_x value defined in misc.h */ int script_security = SSEC_BUILT_IN; /* GLOBAL */ -/* contains SM_x value defined in misc.h */ -int script_method = SM_EXECVE; /* GLOBAL */ - /* * Pass tunnel endpoint and MTU parms to a user-supplied script. * Used to execute the up/down script/plugins. @@ -303,36 +300,25 @@ openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned i #if defined(ENABLE_FEATURE_EXECVE) if (openvpn_execve_allowed (flags)) { - if (script_method == SM_EXECVE) - { - const char *cmd = a->argv[0]; - char *const *argv = a->argv; - char *const *envp = (char *const *)make_env_array (es, true, &gc); - pid_t pid; - - pid = fork (); - if (pid == (pid_t)0) /* child side */ - { - execve (cmd, argv, envp); - exit (127); - } - else if (pid < (pid_t)0) /* fork failed */ - msg (M_ERR, "openvpn_execve: unable to fork"); - else /* parent side */ - { - if (waitpid (pid, &ret, 0) != pid) - ret = -1; - } - } - else if (script_method == SM_SYSTEM) - { - ret = openvpn_system (argv_system_str (a), es, flags); - } - else - { - ASSERT (0); - } - } + const char *cmd = a->argv[0]; + char *const *argv = a->argv; + char *const *envp = (char *const *)make_env_array (es, true, &gc); + pid_t pid; + + pid = fork (); + if (pid == (pid_t)0) /* child side */ + { + execve (cmd, argv, envp); + exit (127); + } + else if (pid < (pid_t)0) /* fork failed */ + msg (M_ERR, "openvpn_execve: unable to fork"); + else /* parent side */ + { + if (waitpid (pid, &ret, 0) != pid) + ret = -1; + } + } else if (!warn_shown && (script_security < SSEC_SCRIPTS)) { msg (M_WARN, SCRIPT_SECURITY_WARNING); @@ -353,52 +339,6 @@ openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned i #endif /* - * Wrapper around the system() call. - */ -int -openvpn_system (const char *command, const struct env_set *es, unsigned int flags) -{ -#ifdef HAVE_SYSTEM - int ret; - - perf_push (PERF_SCRIPT); - - /* - * add env_set to environment. - */ - if (flags & S_SCRIPT) - env_set_add_to_environment (es); - - - /* debugging */ - dmsg (D_SCRIPT, "SYSTEM[%u] '%s'", flags, command); - if (flags & S_SCRIPT) - env_set_print (D_SCRIPT, es); - - /* - * execute the command - */ - ret = platform_system(command); - - /* debugging */ - dmsg (D_SCRIPT, "SYSTEM return=%u", ret); - - /* - * remove env_set from environment - */ - if (flags & S_SCRIPT) - env_set_remove_from_environment (es); - - perf_pop (); - return ret; - -#else - msg (M_FATAL, "Sorry but I can't execute the shell command '%s' because this operating system doesn't appear to support the system() call", command); - return -1; /* NOTREACHED */ -#endif -} - -/* * Run execve() inside a fork(), duping stdout. Designed to replicate the semantics of popen() but * in a safer way that doesn't require the invocation of a shell or the risks * assocated with formatting and parsing a command line. @@ -1056,7 +996,13 @@ hostname_randomize(const char *hostname, struct gc_arena *gc) const char * gen_path (const char *directory, const char *filename, struct gc_arena *gc) { - const char *safe_filename = string_mod_const (filename, CC_ALNUM|CC_UNDERBAR|CC_DASH|CC_DOT|CC_AT, 0, '_', gc); +#if WIN32 + const int CC_PATH_RESERVED = CC_LESS_THAN|CC_GREATER_THAN|CC_COLON| + CC_DOUBLE_QUOTE|CC_SLASH|CC_BACKSLASH|CC_PIPE|CC_QUESTION_MARK|CC_ASTERISK; +#else + const int CC_PATH_RESERVED = CC_SLASH; +#endif + const char *safe_filename = string_mod_const (filename, CC_PRINT, CC_PATH_RESERVED, '_', gc); if (safe_filename && strcmp (safe_filename, ".") diff --git a/openvpn/src/openvpn/misc.h b/openvpn/src/openvpn/misc.h index b6da3f4b..183898e3 100644 --- a/openvpn/src/openvpn/misc.h +++ b/openvpn/src/openvpn/misc.h @@ -96,7 +96,6 @@ int openvpn_popen (const struct argv *a, const struct env_set *es); int openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned int flags); bool openvpn_execve_check (const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message); bool openvpn_execve_allowed (const unsigned int flags); -int openvpn_system (const char *command, const struct env_set *es, unsigned int flags); static inline bool openvpn_run_script (const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook) @@ -322,10 +321,6 @@ extern const char *iproute_path; #define SSEC_PW_ENV 3 /* allow calling of built-in programs and user-defined scripts that may receive a password as an environmental variable */ extern int script_security; /* GLOBAL */ -#define SM_EXECVE 0 /* call external programs with execve() or CreateProcess() */ -#define SM_SYSTEM 1 /* call external programs with system() */ -extern int script_method; /* GLOBAL */ - /* return the next largest power of 2 */ size_t adjust_power_of_2 (size_t u); diff --git a/openvpn/src/openvpn/mss.c b/openvpn/src/openvpn/mss.c index 8981badc..64fd722f 100644 --- a/openvpn/src/openvpn/mss.c +++ b/openvpn/src/openvpn/mss.c @@ -38,8 +38,13 @@ * problems which arise from protocol * encapsulation. */ + +/* + * IPv4 packet: find TCP header, check flags for "SYN" + * if yes, hand to mss_fixup_dowork() + */ void -mss_fixup (struct buffer *buf, int maxmss) +mss_fixup_ipv4 (struct buffer *buf, int maxmss) { const struct openvpn_iphdr *pip; int hlen; @@ -69,6 +74,56 @@ mss_fixup (struct buffer *buf, int maxmss) } } +/* + * IPv6 packet: find TCP header, check flags for "SYN" + * if yes, hand to mss_fixup_dowork() + * (IPv6 header structure is sufficiently different from IPv4...) + */ +void +mss_fixup_ipv6 (struct buffer *buf, int maxmss) +{ + const struct openvpn_ipv6hdr *pip6; + struct buffer newbuf; + + if (BLEN (buf) < (int) sizeof (struct openvpn_ipv6hdr)) + return; + + verify_align_4 (buf); + pip6 = (struct openvpn_ipv6hdr *) BPTR (buf); + + /* do we have the full IPv6 packet? + * "payload_len" does not include IPv6 header (+40 bytes) + */ + if (BLEN (buf) != (int) ntohs(pip6->payload_len)+40 ) + return; + + /* follow header chain until we reach final header, then check for TCP + * + * An IPv6 packet could, theoretically, have a chain of multiple headers + * before the final header (TCP, UDP, ...), so we'd need to walk that + * chain (see RFC 2460 and RFC 6564 for details). + * + * In practice, "most typically used" extention headers (AH, routing, + * fragment, mobility) are very unlikely to be seen inside an OpenVPN + * tun, so for now, we only handle the case of "single next header = TCP" + */ + if ( pip6->nexthdr != OPENVPN_IPPROTO_TCP ) + return; + + newbuf = *buf; + if ( buf_advance( &newbuf, 40 ) ) + { + struct openvpn_tcphdr *tc = (struct openvpn_tcphdr *) BPTR (&newbuf); + if (tc->flags & OPENVPN_TCPH_SYN_MASK) + mss_fixup_dowork (&newbuf, (uint16_t) maxmss-20); + } +} + +/* + * change TCP MSS option in SYN/SYN-ACK packets, if present + * this is generic for IPv4 and IPv6, as the TCP header is the same + */ + void mss_fixup_dowork (struct buffer *buf, uint16_t maxmss) { diff --git a/openvpn/src/openvpn/mss.h b/openvpn/src/openvpn/mss.h index 0b290c36..0d329432 100644 --- a/openvpn/src/openvpn/mss.h +++ b/openvpn/src/openvpn/mss.h @@ -28,7 +28,8 @@ #include "proto.h" #include "error.h" -void mss_fixup (struct buffer *buf, int maxmss); +void mss_fixup_ipv4 (struct buffer *buf, int maxmss); +void mss_fixup_ipv6 (struct buffer *buf, int maxmss); void mss_fixup_dowork (struct buffer *buf, uint16_t maxmss); #endif diff --git a/openvpn/src/openvpn/multi.c b/openvpn/src/openvpn/multi.c index 9876b80a..ab3f10cb 100644 --- a/openvpn/src/openvpn/multi.c +++ b/openvpn/src/openvpn/multi.c @@ -2411,13 +2411,13 @@ multi_get_queue (struct mbuf_set *ms) if (mbuf_extract_item (ms, &item)) /* cleartext IP packet */ { - unsigned int pipv4_flags = PIPV4_PASSTOS; + unsigned int pip_flags = PIPV4_PASSTOS; set_prefix (item.instance); item.instance->context.c2.buf = item.buffer->buf; if (item.buffer->flags & MF_UNICAST) /* --mssfix doesn't make sense for broadcast or multicast */ - pipv4_flags |= PIPV4_MSSFIX; - process_ipv4_header (&item.instance->context, pipv4_flags, &item.instance->context.c2.buf); + pip_flags |= PIP_MSSFIX; + process_ip_header (&item.instance->context, pip_flags, &item.instance->context.c2.buf); encrypt_sign (&item.instance->context, true); mbuf_free_buf (item.buffer); diff --git a/openvpn/src/openvpn/openvpn.c b/openvpn/src/openvpn/openvpn.c index 104c9e93..a177d9e8 100644 --- a/openvpn/src/openvpn/openvpn.c +++ b/openvpn/src/openvpn/openvpn.c @@ -41,6 +41,10 @@ #define P2P_CHECK_SIG() EVENT_LOOP_CHECK_SIGNAL (c, process_signal_p2p, c); +#ifdef GOOGLE_BREAKPAD +#include "breakpad.h" +#endif + static bool process_signal_p2p (struct context *c) { @@ -321,6 +325,10 @@ wmain (int argc, wchar_t *wargv[]) { #else int main (int argc, char *argv[]) { +#ifdef GOOGLE_BREAKPAD + breakpad_setup(); +#endif + return openvpn_main(argc, argv); } #endif diff --git a/openvpn/src/openvpn/openvpn.h b/openvpn/src/openvpn/openvpn.h index 7abfb087..bdfa6852 100644 --- a/openvpn/src/openvpn/openvpn.h +++ b/openvpn/src/openvpn/openvpn.h @@ -474,6 +474,7 @@ struct context_2 bool did_pre_pull_restore; /* hash of pulled options, so we can compare when options change */ + bool pulled_options_md5_init_done; struct md5_state pulled_options_state; struct md5_digest pulled_options_digest; diff --git a/openvpn/src/openvpn/options.c b/openvpn/src/openvpn/options.c index 47aaffcb..64c81cf2 100644 --- a/openvpn/src/openvpn/options.c +++ b/openvpn/src/openvpn/options.c @@ -167,8 +167,8 @@ static const char usage_message[] = "--ipchange cmd : Run command cmd on remote ip address initial\n" " setting or change -- execute as: cmd ip-address port#\n" "--port port : TCP/UDP port # for both local and remote.\n" - "--lport port : TCP/UDP port # for local (default=%d). Implies --bind.\n" - "--rport port : TCP/UDP port # for remote (default=%d).\n" + "--lport port : TCP/UDP port # for local (default=%s). Implies --bind.\n" + "--rport port : TCP/UDP port # for remote (default=%s).\n" "--bind : Bind to local address and port. (This is the default unless\n" " --proto tcp-client" #ifdef ENABLE_HTTP_PROXY @@ -248,7 +248,7 @@ static const char usage_message[] = "--setenv name value : Set a custom environmental variable to pass to script.\n" "--setenv FORWARD_COMPATIBLE 1 : Relax config file syntax checking to allow\n" " directives for future OpenVPN versions to be ignored.\n" - "--script-security level mode : mode='execve' (default) or 'system', level=\n" + "--script-security level: Where level can be:\n" " 0 -- strictly no calling of external programs\n" " 1 -- (default) only call built-ins such as ifconfig\n" " 2 -- allow calling of built-ins and scripts\n" @@ -767,10 +767,11 @@ init_options (struct options *o, const bool init_gc) } o->mode = MODE_POINT_TO_POINT; o->topology = TOP_NET30; - o->ce.proto = PROTO_UDPv4; + o->ce.proto = PROTO_UDP; + o->ce.af = AF_UNSPEC; o->ce.connect_retry_seconds = 5; o->ce.connect_timeout = 10; - o->ce.connect_retry_max = 0; + o->connect_retry_max = 0; o->ce.local_port = o->ce.remote_port = OPENVPN_PORT; o->verbosity = 1; o->status_file_update_freq = 60; @@ -897,24 +898,24 @@ setenv_connection_entry (struct env_set *es, const struct connection_entry *e, const int i) { - setenv_str_i (es, "proto", proto2ascii (e->proto, false), i); + setenv_str_i (es, "proto", proto2ascii (e->proto, e->af, false), i); setenv_str_i (es, "local", e->local, i); - setenv_int_i (es, "local_port", e->local_port, i); + setenv_str_i (es, "local_port", e->local_port, i); setenv_str_i (es, "remote", e->remote, i); - setenv_int_i (es, "remote_port", e->remote_port, i); + setenv_str_i (es, "remote_port", e->remote_port, i); #ifdef ENABLE_HTTP_PROXY if (e->http_proxy_options) { setenv_str_i (es, "http_proxy_server", e->http_proxy_options->server, i); - setenv_int_i (es, "http_proxy_port", e->http_proxy_options->port, i); + setenv_str_i (es, "http_proxy_port", e->http_proxy_options->port, i); } #endif #ifdef ENABLE_SOCKS if (e->socks_proxy_server) { setenv_str_i (es, "socks_proxy_server", e->socks_proxy_server, i); - setenv_int_i (es, "socks_proxy_port", e->socks_proxy_port, i); + setenv_str_i (es, "socks_proxy_port", e->socks_proxy_port, i); } #endif } @@ -1216,7 +1217,7 @@ show_p2mp_parms (const struct options *o) SHOW_BOOL (auth_user_pass_verify_script_via_file); #if PORT_SHARE SHOW_STR (port_share_host); - SHOW_INT (port_share_port); + SHOW_STR (port_share_port); #endif #endif /* P2MP_SERVER */ @@ -1287,7 +1288,7 @@ show_http_proxy_options (const struct http_proxy_options *o) { msg (D_SHOW_PARMS, "BEGIN http_proxy"); SHOW_STR (server); - SHOW_INT (port); + SHOW_STR (port); SHOW_STR (auth_method_string); SHOW_STR (auth_file); SHOW_BOOL (retry); @@ -1338,17 +1339,16 @@ cnol_check_alloc (struct options *options) static void show_connection_entry (const struct connection_entry *o) { - msg (D_SHOW_PARMS, " proto = %s", proto2ascii (o->proto, false)); + msg (D_SHOW_PARMS, " proto = %s", proto2ascii (o->proto, o->af, false)); SHOW_STR (local); - SHOW_INT (local_port); + SHOW_STR (local_port); SHOW_STR (remote); - SHOW_INT (remote_port); + SHOW_STR (remote_port); SHOW_BOOL (remote_float); SHOW_BOOL (bind_defined); SHOW_BOOL (bind_local); SHOW_INT (connect_retry_seconds); SHOW_INT (connect_timeout); - SHOW_INT (connect_retry_max); #ifdef ENABLE_HTTP_PROXY if (o->http_proxy_options) @@ -1356,7 +1356,7 @@ show_connection_entry (const struct connection_entry *o) #endif #ifdef ENABLE_SOCKS SHOW_STR (socks_proxy_server); - SHOW_INT (socks_proxy_port); + SHOW_STR (socks_proxy_port); SHOW_BOOL (socks_proxy_retry); #endif SHOW_INT (tun_mtu); @@ -1425,6 +1425,7 @@ show_settings (const struct options *o) #endif #endif + SHOW_INT (connect_retry_max); show_connection_entries (o); SHOW_BOOL (remote_random); @@ -1536,7 +1537,7 @@ show_settings (const struct options *o) #ifdef ENABLE_MANAGEMENT SHOW_STR (management_addr); - SHOW_INT (management_port); + SHOW_STR (management_port); SHOW_STR (management_user_pass); SHOW_INT (management_log_history_cache); SHOW_INT (management_echo_buffer_size); @@ -1683,17 +1684,9 @@ parse_http_proxy_override (const char *server, if (server && port) { struct http_proxy_options *ho; - const int int_port = atoi(port); - - if (!legal_ipv4_port (int_port)) - { - msg (msglevel, "Bad http-proxy port number: %s", port); - return NULL; - } - ALLOC_OBJ_CLEAR_GC (ho, struct http_proxy_options, gc); ho->server = string_alloc(server, gc); - ho->port = int_port; + ho->port = port; ho->retry = true; ho->timeout = 5; if (flags && !strcmp(flags, "nct")) @@ -1712,32 +1705,31 @@ void options_postprocess_http_proxy_override (struct options *o) { const struct connection_list *l = o->connection_list; - if (l) + int i; + bool succeed = false; + for (i = 0; i < l->len; ++i) + { + struct connection_entry *ce = l->array[i]; + if (ce->proto == PROTO_TCP_CLIENT || ce->proto == PROTO_TCP) + { + ce->http_proxy_options = o->http_proxy_override; + succeed = true; + } + } + if (succeed) { - int i; - bool succeed = false; for (i = 0; i < l->len; ++i) - { - struct connection_entry *ce = l->array[i]; - if (ce->proto == PROTO_TCPv4_CLIENT || ce->proto == PROTO_TCPv4) - { - ce->http_proxy_options = o->http_proxy_override; - succeed = true; - } - } - if (succeed) - { - for (i = 0; i < l->len; ++i) - { - struct connection_entry *ce = l->array[i]; - if (ce->proto == PROTO_UDPv4) - { - ce->flags |= CE_DISABLED; - } - } - } - else - msg (M_WARN, "Note: option http-proxy-override ignored because no TCP-based connection profiles are defined"); + { + struct connection_entry *ce = l->array[i]; + if (ce->proto == PROTO_UDP) + { + ce->flags |= CE_DISABLED; + } + } + } + else + { + msg (M_WARN, "Note: option http-proxy-override ignored because no TCP-based connection profiles are defined"); } } @@ -1796,10 +1788,12 @@ connection_entry_load_re (struct connection_entry *ce, const struct remote_entry { if (re->remote) ce->remote = re->remote; - if (re->remote_port >= 0) + if (re->remote_port) ce->remote_port = re->remote_port; if (re->proto >= 0) ce->proto = re->proto; + if (re->af > 0) + ce->af = re->af; } static void @@ -1829,7 +1823,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne * If "proto tcp" is specified, make sure we know whether it is * tcp-client or tcp-server. */ - if (ce->proto == PROTO_TCPv4) + if (ce->proto == PROTO_TCP) msg (M_USAGE, "--proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"); /* @@ -1842,10 +1836,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne if (options->inetd && (ce->local || ce->remote)) msg (M_USAGE, "--local or --remote cannot be used with --inetd"); - if (options->inetd && ce->proto == PROTO_TCPv4_CLIENT) + if (options->inetd && ce->proto == PROTO_TCP_CLIENT) msg (M_USAGE, "--proto tcp-client cannot be used with --inetd"); - if (options->inetd == INETD_NOWAIT && ce->proto != PROTO_TCPv4_SERVER) + if (options->inetd == INETD_NOWAIT && ce->proto != PROTO_TCP_SERVER) msg (M_USAGE, "--inetd nowait can only be used with --proto tcp-server"); if (options->inetd == INETD_NOWAIT @@ -1865,14 +1859,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne /* * Sanity check on TCP mode options */ - - if (ce->connect_retry_defined && ce->proto != PROTO_TCPv4_CLIENT - && ce->proto != PROTO_TCPv6_CLIENT) - msg (M_USAGE, "--connect-retry doesn't make sense unless also used with " - "--proto tcp-client or tcp6-client"); - - if (ce->connect_timeout_defined && ce->proto != PROTO_TCPv4_CLIENT - && ce->proto != PROTO_TCPv6_CLIENT) + if (ce->connect_timeout_defined && ce->proto != PROTO_TCP_CLIENT) msg (M_USAGE, "--connect-timeout doesn't make sense unless also used with " "--proto tcp-client or tcp6-client"); @@ -1898,7 +1885,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne if (proto_is_net(ce->proto) && string_defined_equal (ce->local, ce->remote) - && ce->local_port == ce->remote_port) + && string_defined_equal (ce->local_port, ce->remote_port)) msg (M_USAGE, "--remote and --local addresses are the same"); if (string_defined_equal (ce->remote, options->ifconfig_local) @@ -1971,12 +1958,11 @@ options_postprocess_verify_ce (const struct options *options, const struct conne msg (M_USAGE, "--explicit-exit-notify can only be used with --proto udp"); #endif - if (!ce->remote && (ce->proto == PROTO_TCPv4_CLIENT - || ce->proto == PROTO_TCPv6_CLIENT)) + if (!ce->remote && ce->proto == PROTO_TCP_CLIENT) msg (M_USAGE, "--remote MUST be used in TCP Client mode"); #ifdef ENABLE_HTTP_PROXY - if ((ce->http_proxy_options) && ce->proto != PROTO_TCPv4_CLIENT) + if ((ce->http_proxy_options) && ce->proto != PROTO_TCP_CLIENT) msg (M_USAGE, "--http-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)"); #endif @@ -1986,12 +1972,11 @@ options_postprocess_verify_ce (const struct options *options, const struct conne #endif #ifdef ENABLE_SOCKS - if (ce->socks_proxy_server && ce->proto == PROTO_TCPv4_SERVER) + if (ce->socks_proxy_server && ce->proto == PROTO_TCP_SERVER) msg (M_USAGE, "--socks-proxy can not be used in TCP Server mode"); #endif - if ((ce->proto == PROTO_TCPv4_SERVER || ce->proto == PROTO_TCPv6_SERVER) - && connection_list_defined (options)) + if (ce->proto == PROTO_TCP_SERVER && (options->connection_list->len > 1)) msg (M_USAGE, "TCP server mode allows at most one --remote address"); #if P2MP_SERVER @@ -2005,13 +1990,12 @@ options_postprocess_verify_ce (const struct options *options, const struct conne msg (M_USAGE, "--mode server only works with --dev tun or --dev tap"); if (options->pull) msg (M_USAGE, "--pull cannot be used with --mode server"); - if (!(proto_is_udp(ce->proto) || ce->proto == PROTO_TCPv4_SERVER - || ce->proto == PROTO_TCPv6_SERVER)) + if (!(proto_is_udp(ce->proto) || ce->proto == PROTO_TCP_SERVER)) msg (M_USAGE, "--mode server currently only supports " "--proto udp or --proto tcp-server or proto tcp6-server"); #if PORT_SHARE if ((options->port_share_host || options->port_share_port) && - (ce->proto != PROTO_TCPv4_SERVER && ce->proto != PROTO_TCPv6_SERVER)) + (ce->proto != PROTO_TCP_SERVER)) msg (M_USAGE, "--port-share only works in TCP server mode " "(--proto tcp-server or tcp6-server)"); #endif @@ -2041,8 +2025,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne msg (M_USAGE, "--inetd cannot be used with --mode server"); if (options->ipchange) msg (M_USAGE, "--ipchange cannot be used with --mode server (use --client-connect instead)"); - if (!(proto_is_dgram(ce->proto) || ce->proto == PROTO_TCPv4_SERVER - || ce->proto == PROTO_TCPv6_SERVER)) + if (!(proto_is_dgram(ce->proto) || ce->proto == PROTO_TCP_SERVER)) msg (M_USAGE, "--mode server currently only supports " "--proto udp or --proto tcp-server or --proto tcp6-server"); if (!proto_is_udp(ce->proto) && (options->cf_max || options->cf_per)) @@ -2194,13 +2177,15 @@ options_postprocess_verify_ce (const struct options *options, const struct conne } else #endif -#ifdef ENABLE_CRYPTOAPI #ifdef MANAGMENT_EXTERNAL_KEY if((options->management_flags & MF_EXTERNAL_KEY) && options->priv_key_file) - msg (M_USAGE, "--key and --management-external-key are mutually exclusive"); + { + msg (M_USAGE, "--key and --management-external-key are mutually exclusive"); + } + else #endif - - if (options->cryptoapi_cert) +#ifdef ENABLE_CRYPTOAPI + if (options->cryptoapi_cert) { if ((!(options->ca_file)) && (!(options->ca_path))) msg(M_USAGE, "You must define CA file (--ca) or CA path (--capath)"); @@ -2274,7 +2259,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne { notnull (options->cert_file, "certificate file (--cert) or PKCS#12 file (--pkcs12)"); #ifdef MANAGMENT_EXTERNAL_KEY - if (!options->management_flags & MF_EXTERNAL_KEY) + if (!(options->management_flags & MF_EXTERNAL_KEY)) #endif notnull (options->priv_key_file, "private key file (--key) or PKCS#12 file (--pkcs12)"); } @@ -2350,35 +2335,33 @@ options_postprocess_mutate_ce (struct options *o, struct connection_entry *ce) #if P2MP_SERVER if (o->server_defined || o->server_bridge_defined || o->server_bridge_proxy_dhcp) { - if (ce->proto == PROTO_TCPv4) - ce->proto = PROTO_TCPv4_SERVER; + if (ce->proto == PROTO_TCP) + ce->proto = PROTO_TCP_SERVER; } #endif #if P2MP if (o->client) { - if (ce->proto == PROTO_TCPv4) - ce->proto = PROTO_TCPv4_CLIENT; - else if (ce->proto == PROTO_TCPv6) - ce->proto = PROTO_TCPv6_CLIENT; + if (ce->proto == PROTO_TCP) + ce->proto = PROTO_TCP_CLIENT; } #endif - if (ce->proto == PROTO_TCPv4_CLIENT && !ce->local && !ce->local_port_defined && !ce->bind_defined) + if (ce->proto == PROTO_TCP_CLIENT && !ce->local && !ce->local_port_defined && !ce->bind_defined) ce->bind_local = false; #ifdef ENABLE_SOCKS - if (ce->proto == PROTO_UDPv4 && ce->socks_proxy_server && !ce->local && !ce->local_port_defined && !ce->bind_defined) + if (ce->proto == PROTO_UDP && ce->socks_proxy_server && !ce->local && !ce->local_port_defined && !ce->bind_defined) ce->bind_local = false; #endif if (!ce->bind_local) - ce->local_port = 0; + ce->local_port = NULL; /* if protocol forcing is enabled, disable all protocols except for the forced one */ - if (o->proto_force >= 0 && proto_is_tcp(o->proto_force) != proto_is_tcp(ce->proto)) + if (o->proto_force >= 0 && o->proto_force != ce->proto) ce->flags |= CE_DISABLED; - + /* * If --mssfix is supplied without a parameter, default * it to --fragment value, if --fragment is specified. @@ -2488,48 +2471,40 @@ options_postprocess_mutate (struct options *o) if (o->remote_list && !o->connection_list) { /* - * For compatibility with 2.0.x, map multiple --remote options - * into connection list (connection lists added in 2.1). + * Convert remotes into connection list */ - if (o->remote_list->len > 1 || o->force_connection_list) - { - const struct remote_list *rl = o->remote_list; - int i; - for (i = 0; i < rl->len; ++i) - { - const struct remote_entry *re = rl->array[i]; - struct connection_entry ce = o->ce; - struct connection_entry *ace; - - ASSERT (re->remote); - connection_entry_load_re (&ce, re); - ace = alloc_connection_entry (o, M_USAGE); - ASSERT (ace); - *ace = ce; - } - } - else if (o->remote_list->len == 1) /* one --remote option specified */ - { - connection_entry_load_re (&o->ce, o->remote_list->array[0]); - } - else - { - ASSERT (0); - } + const struct remote_list *rl = o->remote_list; + int i; + for (i = 0; i < rl->len; ++i) + { + const struct remote_entry *re = rl->array[i]; + struct connection_entry ce = o->ce; + struct connection_entry *ace; + + ASSERT (re->remote); + connection_entry_load_re (&ce, re); + ace = alloc_connection_entry (o, M_USAGE); + ASSERT (ace); + *ace = ce; + } } - if (o->connection_list) + else if(!o->remote_list && !o->connection_list) { - int i; - for (i = 0; i < o->connection_list->len; ++i) - options_postprocess_mutate_ce (o, o->connection_list->array[i]); + struct connection_entry *ace; + ace = alloc_connection_entry (o, M_USAGE); + ASSERT (ace); + *ace = o->ce; + } + ASSERT (o->connection_list); + int i; + for (i = 0; i < o->connection_list->len; ++i) + options_postprocess_mutate_ce (o, o->connection_list->array[i]); + #if HTTP_PROXY_OVERRIDE - if (o->http_proxy_override) + if (o->http_proxy_override) options_postprocess_http_proxy_override(o); #endif - } - else - options_postprocess_mutate_ce (o, &o->ce); #if P2MP /* @@ -2666,7 +2641,7 @@ options_postprocess_filechecks (struct options *options) errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->extra_certs_file, R_OK, "--extra-certs"); #ifdef MANAGMENT_EXTERNAL_KEY - if(!options->management_flags & MF_EXTERNAL_KEY) + if(!(options->management_flags & MF_EXTERNAL_KEY)) #endif errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->priv_key_file, R_OK, "--key"); @@ -2916,8 +2891,12 @@ options_string (const struct options *o, buf_printf (&out, ",dev-type %s", dev_type_string (o->dev, o->dev_type)); buf_printf (&out, ",link-mtu %d", EXPANDED_SIZE (frame)); buf_printf (&out, ",tun-mtu %d", PAYLOAD_SIZE (frame)); - buf_printf (&out, ",proto %s", proto2ascii (proto_remote (o->ce.proto, remote), true)); - if (o->tun_ipv6) + buf_printf (&out, ",proto %s", proto_remote (o->ce.proto, remote)); + + /* send tun_ipv6 only in peer2peer mode - in client/server mode, it + * is usually pushed by the server, triggering a non-helpful warning + */ + if (o->tun_ipv6 && o->mode == MODE_POINT_TO_POINT && !PULL_DEFINED(o)) buf_printf (&out, ",tun-ipv6"); /* @@ -3097,6 +3076,15 @@ options_warning_safe_scan2 (const int msglevel, const char *b1_name, const char *b2_name) { + /* we will stop sending 'proto xxx' in OCC in a future version + * (because it's not useful), and to reduce questions when + * interoperating, we start not-printing a warning about it today + */ + if (strncmp(p1, "proto ", 6) == 0 ) + { + return; + } + if (strlen (p1) > 0) { struct gc_arena gc = gc_new (); @@ -4096,8 +4084,6 @@ add_option (struct options *options, #ifdef ENABLE_MANAGEMENT else if (streq (p[0], "management") && p[1] && p[2]) { - int port = 0; - VERIFY_PERMISSION (OPT_P_GENERAL); if (streq (p[2], "unix")) { @@ -4108,18 +4094,9 @@ add_option (struct options *options, goto err; #endif } - else - { - port = atoi (p[2]); - if (!legal_ipv4_port (port)) - { - msg (msglevel, "port number associated with --management directive is out of range"); - goto err; - } - } options->management_addr = p[1]; - options->management_port = port; + options->management_port = p[2]; if (p[3]) { options->management_user_pass = p[3]; @@ -4149,7 +4126,6 @@ add_option (struct options *options, { VERIFY_PERMISSION (OPT_P_GENERAL); options->management_flags |= MF_QUERY_PROXY; - options->force_connection_list = true; } else if (streq (p[0], "management-hold")) { @@ -4378,11 +4354,6 @@ add_option (struct options *options, uninit_options (&sub); } } - else if (streq (p[0], "remote-ip-hint") && p[1]) - { - VERIFY_PERMISSION (OPT_P_GENERAL); - options->remote_ip_hint = p[1]; - } #if HTTP_PROXY_OVERRIDE else if (streq (p[0], "http-proxy-override") && p[1] && p[2]) { @@ -4390,35 +4361,31 @@ add_option (struct options *options, options->http_proxy_override = parse_http_proxy_override(p[1], p[2], p[3], msglevel, &options->gc); if (!options->http_proxy_override) goto err; - options->force_connection_list = true; } #endif else if (streq (p[0], "remote") && p[1]) { struct remote_entry re; - re.remote = NULL; - re.remote_port = re.proto = -1; + re.remote = re.remote_port= NULL; + re.proto = -1; + re.af=0; VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION); re.remote = p[1]; if (p[2]) { - const int port = atoi (p[2]); - if (!legal_ipv4_port (port)) - { - msg (msglevel, "remote: port number associated with host %s is out of range", p[1]); - goto err; - } - re.remote_port = port; + re.remote_port = p[2]; if (p[3]) { const int proto = ascii2proto (p[3]); + const sa_family_t af = ascii2af (p[3]); if (proto < 0) { msg (msglevel, "remote: bad protocol associated with host %s: '%s'", p[1], p[3]); goto err; } re.proto = proto; + re.af = af; } } if (permission_mask & OPT_P_GENERAL) @@ -4445,7 +4412,6 @@ add_option (struct options *options, { VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION); options->ce.connect_retry_seconds = positive_atoi (p[1]); - options->ce.connect_retry_defined = true; } else if (streq (p[0], "connect-timeout") && p[1]) { @@ -4456,7 +4422,7 @@ add_option (struct options *options, else if (streq (p[0], "connect-retry-max") && p[1]) { VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION); - options->ce.connect_retry_max = positive_atoi (p[1]); + options->connect_retry_max = positive_atoi (p[1]); } else if (streq (p[0], "ipchange") && p[1]) { @@ -4811,43 +4777,19 @@ add_option (struct options *options, } else if (streq (p[0], "port") && p[1]) { - int port; - VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION); - port = atoi (p[1]); - if (!legal_ipv4_port (port)) - { - msg (msglevel, "Bad port number: %s", p[1]); - goto err; - } - options->ce.local_port = options->ce.remote_port = port; + options->ce.local_port = options->ce.remote_port = p[1]; } else if (streq (p[0], "lport") && p[1]) { - int port; - VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION); - port = atoi (p[1]); - if ((port != 0) && !legal_ipv4_port (port)) - { - msg (msglevel, "Bad local port number: %s", p[1]); - goto err; - } options->ce.local_port_defined = true; - options->ce.local_port = port; + options->ce.local_port = p[1]; } else if (streq (p[0], "rport") && p[1]) { - int port; - VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION); - port = atoi (p[1]); - if (!legal_ipv4_port (port)) - { - msg (msglevel, "Bad remote port number: %s", p[1]); - goto err; - } - options->ce.remote_port = port; + options->ce.remote_port = p[1]; } else if (streq (p[0], "bind")) { @@ -4874,8 +4816,10 @@ add_option (struct options *options, else if (streq (p[0], "proto") && p[1]) { int proto; + sa_family_t af; VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION); proto = ascii2proto (p[1]); + af = ascii2af(p[1]); if (proto < 0) { msg (msglevel, "Bad protocol: '%s'. Allowed protocols with --proto option: %s", @@ -4884,6 +4828,7 @@ add_option (struct options *options, goto err; } options->ce.proto = proto; + options->ce.af = af; } else if (streq (p[0], "proto-force") && p[1]) { @@ -4896,7 +4841,6 @@ add_option (struct options *options, goto err; } options->proto_force = proto_force; - options->force_connection_list = true; } #ifdef ENABLE_HTTP_PROXY else if (streq (p[0], "http-proxy") && p[1]) @@ -4906,23 +4850,16 @@ add_option (struct options *options, VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION); { - int port; if (!p[2]) { msg (msglevel, "http-proxy port number not defined"); goto err; } - port = atoi (p[2]); - if (!legal_ipv4_port (port)) - { - msg (msglevel, "Bad http-proxy port number: %s", p[2]); - goto err; - } ho = init_http_proxy_options_once (&options->ce.http_proxy_options, &options->gc); ho->server = p[1]; - ho->port = port; + ho->port = p[2]; } if (p[3]) @@ -4992,19 +4929,12 @@ add_option (struct options *options, VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION); if (p[2]) - { - int port; - port = atoi (p[2]); - if (!legal_ipv4_port (port)) - { - msg (msglevel, "Bad socks-proxy port number: %s", p[2]); - goto err; - } - options->ce.socks_proxy_port = port; + { + options->ce.socks_proxy_port = p[2]; } else { - options->ce.socks_proxy_port = 1080; + options->ce.socks_proxy_port = "1080"; } options->ce.socks_proxy_server = p[1]; options->ce.socks_proxy_authfile = p[3]; /* might be NULL */ @@ -5141,6 +5071,11 @@ add_option (struct options *options, msg (msglevel, "--max-routes parameter is out of range"); goto err; } + if (options->routes || options->routes_ipv6) + { + msg (msglevel, "--max-routes must to be specifed before any route/route-ipv6/redirect-gateway option"); + goto err; + } options->max_routes = max_routes; } else if (streq (p[0], "route-gateway") && p[1]) @@ -5293,20 +5228,6 @@ add_option (struct options *options, { VERIFY_PERMISSION (OPT_P_GENERAL); script_security = atoi (p[1]); - if (p[2]) - { - if (streq (p[2], "execve")) - script_method = SM_EXECVE; - else if (streq (p[2], "system")) - script_method = SM_SYSTEM; - else - { - msg (msglevel, "unknown --script-security method: %s", p[2]); - goto err; - } - } - else - script_method = SM_EXECVE; } else if (streq (p[0], "mssfix")) { @@ -5652,18 +5573,9 @@ add_option (struct options *options, #if PORT_SHARE else if (streq (p[0], "port-share") && p[1] && p[2]) { - int port; - VERIFY_PERMISSION (OPT_P_GENERAL); - port = atoi (p[2]); - if (!legal_ipv4_port (port)) - { - msg (msglevel, "port number associated with --port-share directive is out of range"); - goto err; - } - options->port_share_host = p[1]; - options->port_share_port = port; + options->port_share_port = p[2]; options->port_share_journal_dir = p[3]; } #endif diff --git a/openvpn/src/openvpn/options.h b/openvpn/src/openvpn/options.h index 306520b0..909cb38a 100644 --- a/openvpn/src/openvpn/options.h +++ b/openvpn/src/openvpn/options.h @@ -87,17 +87,16 @@ struct options_pre_pull struct connection_entry { int proto; - int local_port; + sa_family_t af; + const char* local_port; bool local_port_defined; - int remote_port; + const char* remote_port; const char *local; const char *remote; bool remote_float; bool bind_defined; bool bind_local; int connect_retry_seconds; - bool connect_retry_defined; - int connect_retry_max; int connect_timeout; bool connect_timeout_defined; #ifdef ENABLE_HTTP_PROXY @@ -105,7 +104,7 @@ struct connection_entry #endif #ifdef ENABLE_SOCKS const char *socks_proxy_server; - int socks_proxy_port; + const char *socks_proxy_port; const char *socks_proxy_authfile; bool socks_proxy_retry; #endif @@ -143,8 +142,9 @@ struct connection_entry struct remote_entry { const char *remote; - int remote_port; + const char *remote_port; int proto; + sa_family_t af; }; #define CONNECTION_LIST_SIZE 64 @@ -153,8 +153,6 @@ struct connection_list { int len; int current; - int n_cycles; - bool no_advance; struct connection_entry *array[CONNECTION_LIST_SIZE]; }; @@ -168,6 +166,8 @@ struct remote_host_store { # define RH_HOST_LEN 80 char host[RH_HOST_LEN]; +#define RH_PORT_LEN 20 + char port[RH_PORT_LEN]; }; /* Command line options */ @@ -203,11 +203,15 @@ struct options #endif /* Networking parms */ + int connect_retry_max; struct connection_entry ce; - char *remote_ip_hint; struct connection_list *connection_list; + struct remote_list *remote_list; - bool force_connection_list; + /* Do not advanced the connection or remote addr list*/ + bool no_advance; + /* Counts the number of unsuccessful connection attempts */ + unsigned int unsuccessful_attempts; #if HTTP_PROXY_OVERRIDE struct http_proxy_options *http_proxy_override; @@ -354,7 +358,7 @@ struct options #ifdef ENABLE_MANAGEMENT const char *management_addr; - int management_port; + const char *management_port; const char *management_user_pass; int management_log_history_cache; int management_echo_buffer_size; @@ -449,7 +453,7 @@ struct options bool auth_user_pass_verify_script_via_file; #if PORT_SHARE char *port_share_host; - int port_share_port; + char *port_share_port; const char *port_share_journal_dir; #endif #endif @@ -769,20 +773,5 @@ bool get_ipv6_addr( const char * prefix_str, struct in6_addr *network, unsigned int * netbits, char ** printable_ipv6, int msglevel ); -/* - * inline functions - */ -static inline bool -connection_list_defined (const struct options *o) -{ - return o->connection_list != NULL; -} - -static inline void -connection_list_set_no_advance (struct options *o) -{ - if (o->connection_list) - o->connection_list->no_advance = true; -} #endif diff --git a/openvpn/src/openvpn/pf.c b/openvpn/src/openvpn/pf.c index 3c468019..aafe9ff0 100644 --- a/openvpn/src/openvpn/pf.c +++ b/openvpn/src/openvpn/pf.c @@ -606,7 +606,6 @@ pf_destroy_context (struct pf_context *pfc) if (pfc->filename) { platform_unlink (pfc->filename); - free (pfc->filename); } #endif if (pfc->pfs) diff --git a/openvpn/src/openvpn/pkcs11.c b/openvpn/src/openvpn/pkcs11.c index 645f1f48..3a15ef68 100644 --- a/openvpn/src/openvpn/pkcs11.c +++ b/openvpn/src/openvpn/pkcs11.c @@ -887,7 +887,7 @@ show_pkcs11_ids ( (dn = pkcs11_certificate_dn ( certificate, &gc - )) + )) == NULL ) { goto cleanup1; } diff --git a/openvpn/src/openvpn/platform.c b/openvpn/src/openvpn/platform.c index c79f6807..e79de7a7 100644 --- a/openvpn/src/openvpn/platform.c +++ b/openvpn/src/openvpn/platform.c @@ -205,7 +205,7 @@ platform_chdir (const char* dir) } /* - * convert system() return into a success/failure value + * convert execve() return into a success/failure value */ bool platform_system_ok (int stat) @@ -217,19 +217,6 @@ platform_system_ok (int stat) #endif } -/* - * did system() call execute the given command? - */ -bool -platform_system_executed (int stat) -{ -#ifdef WIN32 - return stat != -1; -#else - return stat != -1 && WEXITSTATUS (stat) != 127; -#endif -} - int platform_access (const char *path, int mode) { @@ -288,18 +275,6 @@ platform_unlink (const char *filename) #endif } -int platform_system(const char *command) { - int ret; -#ifdef WIN32 - struct gc_arena gc = gc_new (); - ret = _wsystem (wide_string (command, &gc)); - gc_free (&gc); -#else - ret = system (command); -#endif - return ret; -} - int platform_putenv(char *string) { int status; diff --git a/openvpn/src/openvpn/platform.h b/openvpn/src/openvpn/platform.h index 7bd20671..7c0a4d72 100644 --- a/openvpn/src/openvpn/platform.h +++ b/openvpn/src/openvpn/platform.h @@ -113,10 +113,8 @@ void platform_mlockall (bool print_msg); /* Disable paging */ int platform_chdir (const char* dir); -/* interpret the status code returned by system()/execve() */ +/* interpret the status code returned by execve() */ bool platform_system_ok (int stat); -bool platform_system_executed (int stat); -int platform_system(const char *command); int platform_access (const char *path, int mode); diff --git a/openvpn/src/openvpn/plugin.c b/openvpn/src/openvpn/plugin.c index d785daec..83f79e4f 100644 --- a/openvpn/src/openvpn/plugin.c +++ b/openvpn/src/openvpn/plugin.c @@ -98,7 +98,9 @@ plugin_type_name (const int type) case OPENVPN_PLUGIN_TLS_FINAL: return "PLUGIN_TLS_FINAL"; case OPENVPN_PLUGIN_ENABLE_PF: - return "OPENVPN_PLUGIN_ENABLE_PF"; + return "PLUGIN_ENABLE_PF"; + case OPENVPN_PLUGIN_ROUTE_PREDOWN: + return "PLUGIN_ROUTE_PREDOWN"; default: return "PLUGIN_???"; } @@ -376,10 +378,10 @@ plugin_open_item (struct plugin *p, struct openvpn_plugin_args_open_return retargs; CLEAR(retargs); + retargs.return_list = retlist; if ((*p->open3)(OPENVPN_PLUGINv3_STRUCTVER, &args, &retargs) == OPENVPN_PLUGIN_FUNC_SUCCESS) { p->plugin_type_mask = retargs.type_mask; p->plugin_handle = retargs.handle; - retlist = retargs.return_list; } else { p->plugin_handle = NULL; } @@ -458,8 +460,8 @@ plugin_call_item (const struct plugin *p, struct openvpn_plugin_args_func_return retargs; CLEAR(retargs); + retargs.return_list = retlist; status = (*p->func3)(OPENVPN_PLUGINv3_STRUCTVER, &args, &retargs); - retlist = retargs.return_list; } else if (p->func2) status = (*p->func2)(p->plugin_handle, type, (const char **)a.argv, envp, per_client_context, retlist); else if (p->func1) diff --git a/openvpn/src/openvpn/proto.c b/openvpn/src/openvpn/proto.c index 2cf8314b..b437f1ad 100644 --- a/openvpn/src/openvpn/proto.c +++ b/openvpn/src/openvpn/proto.c @@ -36,11 +36,12 @@ #include "memdbg.h" /* - * If raw tunnel packet is IPv4, return true and increment + * If raw tunnel packet is IPv<X>, return true and increment * buffer offset to start of IP header. */ +static bool -is_ipv4 (int tunnel_type, struct buffer *buf) +is_ipv_X ( int tunnel_type, struct buffer *buf, int ip_ver ) { int offset; const struct openvpn_iphdr *ih; @@ -68,12 +69,24 @@ is_ipv4 (int tunnel_type, struct buffer *buf) ih = (const struct openvpn_iphdr *) (BPTR (buf) + offset); - if (OPENVPN_IPH_GET_VER (ih->version_len) == 4) + /* IP version is stored in the same bits for IPv4 or IPv6 header */ + if (OPENVPN_IPH_GET_VER (ih->version_len) == ip_ver) return buf_advance (buf, offset); else return false; } +bool +is_ipv4 (int tunnel_type, struct buffer *buf) +{ + return is_ipv_X( tunnel_type, buf, 4 ); +} +bool +is_ipv6 (int tunnel_type, struct buffer *buf) +{ + return is_ipv_X( tunnel_type, buf, 6 ); +} + #ifdef PACKET_TRUNCATION_CHECK void diff --git a/openvpn/src/openvpn/proto.h b/openvpn/src/openvpn/proto.h index 8cd4edec..f91e787e 100644 --- a/openvpn/src/openvpn/proto.h +++ b/openvpn/src/openvpn/proto.h @@ -219,10 +219,11 @@ struct ip_tcp_udp_hdr { - sizeof(struct openvpn_tcphdr)) /* - * If raw tunnel packet is IPv4, return true and increment + * If raw tunnel packet is IPv4 or IPv6, return true and increment * buffer offset to start of IP header. */ bool is_ipv4 (int tunnel_type, struct buffer *buf); +bool is_ipv6 (int tunnel_type, struct buffer *buf); #ifdef PACKET_TRUNCATION_CHECK void ipv4_packet_size_verify (const uint8_t *data, diff --git a/openvpn/src/openvpn/proxy.c b/openvpn/src/openvpn/proxy.c index 363d8a73..17748504 100644 --- a/openvpn/src/openvpn/proxy.c +++ b/openvpn/src/openvpn/proxy.c @@ -444,7 +444,7 @@ http_proxy_new (const struct http_proxy_options *o) if (!o || !o->server) msg (M_FATAL, "HTTP_PROXY: server not specified"); - ASSERT (legal_ipv4_port (o->port)); + ASSERT ( o->port); ALLOC_OBJ_CLEAR (p, struct http_proxy_info); p->options = *o; @@ -493,7 +493,7 @@ bool establish_http_proxy_passthru (struct http_proxy_info *p, socket_descriptor_t sd, /* already open to proxy */ const char *host, /* openvpn server remote */ - const int port, /* openvpn server port */ + const char *port, /* openvpn server port */ struct buffer *lookahead, volatile int *signal_received) { @@ -521,7 +521,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p, else { /* format HTTP CONNECT message */ - openvpn_snprintf (buf, sizeof(buf), "CONNECT %s:%d HTTP/%s", + openvpn_snprintf (buf, sizeof(buf), "CONNECT %s:%s HTTP/%s", host, port, p->options.http_version); @@ -642,7 +642,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p, /* now send the phase 3 reply */ /* format HTTP CONNECT message */ - openvpn_snprintf (buf, sizeof(buf), "CONNECT %s:%d HTTP/%s", + openvpn_snprintf (buf, sizeof(buf), "CONNECT %s:%s HTTP/%s", host, port, p->options.http_version); @@ -730,7 +730,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p, /* build the digest response */ - openvpn_snprintf (uri, sizeof(uri), "%s:%d", + openvpn_snprintf (uri, sizeof(uri), "%s:%s", host, port); diff --git a/openvpn/src/openvpn/proxy.h b/openvpn/src/openvpn/proxy.h index 5e476f16..9d75e063 100644 --- a/openvpn/src/openvpn/proxy.h +++ b/openvpn/src/openvpn/proxy.h @@ -40,7 +40,7 @@ struct http_proxy_options { const char *server; - int port; + const char *port; bool retry; int timeout; @@ -57,7 +57,7 @@ struct http_proxy_options { struct http_proxy_options_simple { const char *server; - int port; + const char *port; int auth_retry; }; @@ -80,7 +80,7 @@ void http_proxy_close (struct http_proxy_info *hp); bool establish_http_proxy_passthru (struct http_proxy_info *p, socket_descriptor_t sd, /* already open to proxy */ const char *host, /* openvpn server remote */ - const int port, /* openvpn server port */ + const char *port, /* openvpn server port */ struct buffer *lookahead, volatile int *signal_received); diff --git a/openvpn/src/openvpn/ps.c b/openvpn/src/openvpn/ps.c index 6495dc71..c1868642 100644 --- a/openvpn/src/openvpn/ps.c +++ b/openvpn/src/openvpn/ps.c @@ -330,8 +330,8 @@ journal_add (const char *journal_dir, struct proxy_connection *pc, struct proxy_ if (!getpeername (pc->sd, (struct sockaddr *) &from.addr.sa, &slen) && !getsockname (cp->sd, (struct sockaddr *) &to.addr.sa, &dlen)) { - const char *f = print_sockaddr_ex (&from, ":", PS_SHOW_PORT, &gc); - const char *t = print_sockaddr_ex (&to, ":", PS_SHOW_PORT, &gc); + const char *f = print_openvpn_sockaddr (&from, &gc); + const char *t = print_openvpn_sockaddr (&to, &gc); fnlen = strlen(journal_dir) + strlen(t) + 2; jfn = (char *) malloc(fnlen); check_malloc_return (jfn); @@ -403,8 +403,7 @@ proxy_connection_io_requeue (struct proxy_connection *pc, const int rwflags_new, static bool proxy_entry_new (struct proxy_connection **list, struct event_set *es, - const in_addr_t server_addr, - const int server_port, + const struct sockaddr_in server_addr, const socket_descriptor_t sd_client, struct buffer *initial_data, const char *journal_dir) @@ -416,7 +415,7 @@ proxy_entry_new (struct proxy_connection **list, struct proxy_connection *cp; /* connect to port share server */ - sock_addr_set (&osaddr, server_addr, server_port); + osaddr.addr.in4 = server_addr; if ((sd_server = socket (PF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { msg (M_WARN|M_ERRNO, "PORT SHARE PROXY: cannot create socket"); @@ -482,8 +481,7 @@ static bool control_message_from_parent (const socket_descriptor_t sd_control, struct proxy_connection **list, struct event_set *es, - const in_addr_t server_addr, - const int server_port, + const struct sockaddr_in server_addr, const int max_initial_buf, const char *journal_dir) { @@ -539,7 +537,6 @@ control_message_from_parent (const socket_descriptor_t sd_control, if (proxy_entry_new (list, es, server_addr, - server_port, received_fd, &buf, journal_dir)) @@ -716,8 +713,7 @@ proxy_connection_io_dispatch (struct proxy_connection *pc, * This is the main function for the port share proxy background process. */ static void -port_share_proxy (const in_addr_t hostaddr, - const int port, +port_share_proxy (const struct sockaddr_in hostaddr, const socket_descriptor_t sd_control, const int max_initial_buf, const char *journal_dir) @@ -754,7 +750,7 @@ port_share_proxy (const in_addr_t hostaddr, const struct event_set_return *e = &esr[i]; if (e->arg == sd_control_marker) { - if (!control_message_from_parent (sd_control, &list, es, hostaddr, port, max_initial_buf, journal_dir)) + if (!control_message_from_parent (sd_control, &list, es, hostaddr, max_initial_buf, journal_dir)) goto done; } else @@ -789,14 +785,16 @@ port_share_proxy (const in_addr_t hostaddr, */ struct port_share * port_share_open (const char *host, - const int port, + const char *port, const int max_initial_buf, const char *journal_dir) { pid_t pid; socket_descriptor_t fd[2]; - in_addr_t hostaddr; + struct sockaddr_in hostaddr; struct port_share *ps; + int status; + struct addrinfo* ai; ALLOC_OBJ_CLEAR (ps, struct port_share); ps->foreground_fd = -1; @@ -805,7 +803,12 @@ port_share_open (const char *host, /* * Get host's IP address */ - hostaddr = getaddr (GETADDR_RESOLVE|GETADDR_HOST_ORDER|GETADDR_FATAL, host, 0, NULL, NULL); + + status = openvpn_getaddrinfo (GETADDR_RESOLVE|GETADDR_HOST_ORDER|GETADDR_FATAL, + host, port, 0, NULL, AF_INET, &ai); + ASSERT (status==0); + hostaddr = *((struct sockaddr_in*) ai->ai_addr); + freeaddrinfo(ai); /* * Make a socket for foreground and background processes @@ -881,7 +884,7 @@ port_share_open (const char *host, prng_init (NULL, 0); /* execute the event loop */ - port_share_proxy (hostaddr, port, fd[1], max_initial_buf, journal_dir); + port_share_proxy (hostaddr, fd[1], max_initial_buf, journal_dir); openvpn_close_socket (fd[1]); diff --git a/openvpn/src/openvpn/ps.h b/openvpn/src/openvpn/ps.h index 4280635d..e8919d48 100644 --- a/openvpn/src/openvpn/ps.h +++ b/openvpn/src/openvpn/ps.h @@ -44,7 +44,7 @@ struct port_share { extern struct port_share *port_share; struct port_share *port_share_open (const char *host, - const int port, + const char *port, const int max_initial_buf, const char *journal_dir); diff --git a/openvpn/src/openvpn/push.c b/openvpn/src/openvpn/push.c index 05a38e0d..994b7ba7 100644 --- a/openvpn/src/openvpn/push.c +++ b/openvpn/src/openvpn/push.c @@ -49,7 +49,7 @@ void receive_auth_failed (struct context *c, const struct buffer *buffer) { msg (M_VERB0, "AUTH: Received control message: %s", BSTR(buffer)); - connection_list_set_no_advance(&c->options); + c->options.no_advance=true; if (c->options.pull) { switch (auth_retry_get ()) @@ -446,10 +446,14 @@ process_incoming_push_msg (struct context *c, if (ch == ',') { struct buffer buf_orig = buf; + if (!c->c2.pulled_options_md5_init_done) + { + md5_state_init (&c->c2.pulled_options_state); + c->c2.pulled_options_md5_init_done = true; + } if (!c->c2.did_pre_pull_restore) { pre_pull_restore (&c->options); - md5_state_init (&c->c2.pulled_options_state); c->c2.did_pre_pull_restore = true; } if (apply_push_options (&c->options, @@ -463,6 +467,7 @@ process_incoming_push_msg (struct context *c, case 1: md5_state_update (&c->c2.pulled_options_state, BPTR(&buf_orig), BLEN(&buf_orig)); md5_state_final (&c->c2.pulled_options_state, &c->c2.pulled_options_digest); + c->c2.pulled_options_md5_init_done = false; ret = PUSH_MSG_REPLY; break; case 2: diff --git a/openvpn/src/openvpn/route.c b/openvpn/src/openvpn/route.c index caa2459b..8a778884 100644 --- a/openvpn/src/openvpn/route.c +++ b/openvpn/src/openvpn/route.c @@ -294,12 +294,12 @@ init_route (struct route *r, if(get_special_addr (rl, ro->network, &special.s_addr, &status)) { special.s_addr = htonl(special.s_addr); - ret = openvpn_getaddrinfo(0, inet_ntoa(special), 0, NULL, + ret = openvpn_getaddrinfo(0, inet_ntoa(special), NULL, 0, NULL, AF_INET, network_list); } else ret = openvpn_getaddrinfo(GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL, - ro->network, 0, NULL, AF_INET, network_list); + ro->network, NULL, 0, NULL, AF_INET, network_list); status = (ret == 0); @@ -2722,7 +2722,7 @@ get_default_gateway (struct route_gateway_info *rgi) if (write(s, (char *)&m_rtmsg, l) < 0) { - warn("writing to routing socket"); + msg(M_WARN|M_ERRNO, "Could not retrieve default gateway from route socket:"); gc_free (&gc); close(s); return; @@ -3088,7 +3088,7 @@ get_default_gateway (struct route_gateway_info *rgi) if (write(s, (char *)&m_rtmsg, l) < 0) { - warn("writing to routing socket"); + msg(M_WARN|M_ERRNO, "Could not retrieve default gateway from route socket:"); gc_free (&gc); close(s); return; diff --git a/openvpn/src/openvpn/sig.c b/openvpn/src/openvpn/sig.c index 0ebde245..7ddfd0ed 100644 --- a/openvpn/src/openvpn/sig.c +++ b/openvpn/src/openvpn/sig.c @@ -97,14 +97,14 @@ void throw_signal (const int signum) { siginfo_static.signal_received = signum; - siginfo_static.hard = true; + siginfo_static.source = SIG_SOURCE_HARD; } void throw_signal_soft (const int signum, const char *signal_text) { siginfo_static.signal_received = signum; - siginfo_static.hard = false; + siginfo_static.source = SIG_SOURCE_SOFT; siginfo_static.signal_text = signal_text; } @@ -115,7 +115,7 @@ signal_reset (struct signal_info *si) { si->signal_received = 0; si->signal_text = NULL; - si->hard = false; + si->source = SIG_SOURCE_SOFT; } } @@ -124,9 +124,23 @@ print_signal (const struct signal_info *si, const char *title, int msglevel) { if (si) { - const char *hs = (si->hard ? "hard" : "soft"); const char *type = (si->signal_text ? si->signal_text : ""); const char *t = (title ? title : "process"); + const char *hs; + switch (si->source) + { + case SIG_SOURCE_SOFT: + hs= "soft"; + break; + case SIG_SOURCE_HARD: + hs = "hard"; + break; + case SIG_SOURCE_CONNECTION_FAILED: + hs = "connection failed(soft)"; + break; + default: + ASSERT(0); + } switch (si->signal_received) { diff --git a/openvpn/src/openvpn/sig.h b/openvpn/src/openvpn/sig.h index 987efef5..c2c7b54e 100644 --- a/openvpn/src/openvpn/sig.h +++ b/openvpn/src/openvpn/sig.h @@ -28,6 +28,15 @@ #include "status.h" #include "win32.h" + + +#define SIG_SOURCE_SOFT 0 +#define SIG_SOURCE_HARD 1 +/* CONNECTION_FAILED is also a "soft" status, + * It is thrown if a connection attempt fails + */ +#define SIG_SOURCE_CONNECTION_FAILED 2 + /* * Signal information, including signal code * and descriptive text. @@ -35,7 +44,7 @@ struct signal_info { volatile int signal_received; - volatile bool hard; + volatile int source; const char *signal_text; }; diff --git a/openvpn/src/openvpn/socket.c b/openvpn/src/openvpn/socket.c index 1e38e82c..9a33197c 100644 --- a/openvpn/src/openvpn/socket.c +++ b/openvpn/src/openvpn/socket.c @@ -101,8 +101,8 @@ getaddr (unsigned int flags, { struct addrinfo *ai; int status; - status = openvpn_getaddrinfo(flags, hostname, resolve_retry_seconds, - signal_received, AF_INET, &ai); + status = openvpn_getaddrinfo (flags & ~GETADDR_HOST_ORDER, hostname, NULL, + resolve_retry_seconds, signal_received, AF_INET, &ai); if(status==0) { struct in_addr ia; if(succeeded) @@ -125,6 +125,7 @@ getaddr (unsigned int flags, int openvpn_getaddrinfo (unsigned int flags, const char *hostname, + const char *servname, int resolve_retry_seconds, volatile int *signal_received, int ai_family, @@ -135,6 +136,8 @@ openvpn_getaddrinfo (unsigned int flags, int sigrec = 0; int msglevel = (flags & GETADDR_FATAL) ? M_FATAL : D_RESOLVE_ERRORS; struct gc_arena gc = gc_new (); + const char *print_hostname; + const char *print_servname; ASSERT(res); @@ -142,8 +145,19 @@ openvpn_getaddrinfo (unsigned int flags, res_init (); #endif - if (!hostname) - hostname = "::"; + ASSERT (hostname || servname); + ASSERT (!(flags & GETADDR_HOST_ORDER)); + + if(hostname) + print_hostname = hostname; + else + print_hostname = "undefined"; + + if(servname) + print_servname = servname; + else + print_servname = ""; + if (flags & GETADDR_RANDOMIZE) hostname = hostname_randomize(hostname, &gc); @@ -159,25 +173,36 @@ openvpn_getaddrinfo (unsigned int flags, CLEAR(hints); hints.ai_family = ai_family; hints.ai_flags = AI_NUMERICHOST; - hints.ai_socktype = dnsflags_to_socktype(flags); + hints.ai_socktype = SOCK_STREAM; + + if(flags & GETADDR_PASSIVE) + hints.ai_flags |= AI_PASSIVE; + + if(flags & GETADDR_DATAGRAM) + hints.ai_socktype = SOCK_DGRAM; + else + hints.ai_socktype = SOCK_STREAM; - status = getaddrinfo(hostname, NULL, &hints, res); + status = getaddrinfo(hostname, servname, &hints, res); if (status != 0) /* parse as numeric address failed? */ { const int fail_wait_interval = 5; /* seconds */ - int resolve_retries = (flags & GETADDR_TRY_ONCE) ? 1 : (resolve_retry_seconds / fail_wait_interval); + /* Add +4 to cause integer division rounding up (1 + 4) = 5, (0+4)/5=0 */ + int resolve_retries = (flags & GETADDR_TRY_ONCE) ? 1 : + ((resolve_retry_seconds + 4)/ fail_wait_interval); const char *fmt; int level = 0; - - fmt = "RESOLVE: Cannot resolve host address: %s: %s"; + + fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s)"; if ((flags & GETADDR_MENTION_RESOLVE_RETRY) && !resolve_retry_seconds) - fmt = "RESOLVE: Cannot resolve host address: %s: %s (I would have retried this name query if you had specified the --resolv-retry option.)"; + fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s) (I would have retried this name query if you had specified the --resolv-retry option.)"; if (!(flags & GETADDR_RESOLVE) || status == EAI_FAIL) { - msg (msglevel, "RESOLVE: Cannot parse IP address: %s", hostname); + msg (msglevel, "RESOLVE: Cannot parse IP address: %s:%s (%s)", + print_hostname,print_servname, gai_strerror(status)); goto done; } @@ -199,28 +224,30 @@ openvpn_getaddrinfo (unsigned int flags, while (true) { /* try hostname lookup */ - hints.ai_flags = 0; + hints.ai_flags &= ~AI_NUMERICHOST; dmsg (D_SOCKET_DEBUG, "GETADDRINFO flags=0x%04x ai_family=%d ai_socktype=%d", flags, hints.ai_family, hints.ai_socktype); - status = getaddrinfo(hostname, NULL, &hints, res); + status = getaddrinfo(hostname, servname, &hints, res); if (signal_received) { get_signal (signal_received); if (*signal_received) /* were we interrupted by a signal? */ { - if (0 == status) { - ASSERT(res); - freeaddrinfo(*res); - res = NULL; - } if (*signal_received == SIGUSR1) /* ignore SIGUSR1 */ { msg (level, "RESOLVE: Ignored SIGUSR1 signal received during DNS resolution attempt"); *signal_received = 0; } else - goto done; + { + if (0 == status) { + ASSERT(res); + freeaddrinfo(*res); + res = NULL; + } + goto done; + } } } @@ -236,7 +263,8 @@ openvpn_getaddrinfo (unsigned int flags, msg (level, fmt, - hostname, + print_hostname, + print_servname, gai_strerror(status)); if (--resolve_retries <= 0) @@ -249,7 +277,8 @@ openvpn_getaddrinfo (unsigned int flags, /* hostname resolve succeeded */ - /* Do not chose an IP Addresse by random or change the order * + /* + * Do not chose an IP Addresse by random or change the order * * of IP addresses, doing so will break RFC 3484 address selection * */ } @@ -419,59 +448,6 @@ mac_addr_safe (const char *mac_addr) return true; } -static void -update_remote (const char* host, - struct openvpn_sockaddr *addr, - bool *changed, - const unsigned int sockflags) -{ - switch(addr->addr.sa.sa_family) - { - case AF_INET: - if (host && addr) - { - const in_addr_t new_addr = getaddr ( - sf2gaf(GETADDR_RESOLVE|GETADDR_UPDATE_MANAGEMENT_STATE, sockflags), - host, - 1, - NULL, - NULL); - if (new_addr && addr->addr.in4.sin_addr.s_addr != new_addr) - { - addr->addr.in4.sin_addr.s_addr = new_addr; - *changed = true; - } - } - break; - case AF_INET6: - if (host && addr) - { - int status; - struct addrinfo* ai; - - status = openvpn_getaddrinfo(sf2gaf(GETADDR_RESOLVE|GETADDR_UPDATE_MANAGEMENT_STATE, sockflags), host, 1, NULL, AF_INET6, &ai); - - if ( status ==0 ) - { - struct sockaddr_in6 sin6; - CLEAR(sin6); - sin6 = *((struct sockaddr_in6*)ai->ai_addr); - if (!IN6_ARE_ADDR_EQUAL(&sin6.sin6_addr, &addr->addr.in6.sin6_addr)) - { - int port = addr->addr.in6.sin6_port; - /* ipv6 requires also eg. sin6_scope_id => easier to fully copy and override port */ - addr->addr.in6 = sin6; - addr->addr.in6.sin6_port = port; - } - freeaddrinfo(ai); - } - } - break; - default: - ASSERT(0); - } -} - static int socket_get_sndbuf (int sd) { @@ -643,51 +619,41 @@ create_socket_tcp (int af) } static socket_descriptor_t -create_socket_udp (const unsigned int flags) +create_socket_udp (const int af, const unsigned int flags) { socket_descriptor_t sd; - if ((sd = socket (PF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) - msg (M_ERR, "UDP: Cannot create UDP socket"); + if ((sd = socket (af, SOCK_DGRAM, IPPROTO_UDP)) < 0) + msg (M_ERR, "UDP: Cannot create UDP/UDP6 socket"); #if ENABLE_IP_PKTINFO else if (flags & SF_USE_IP_PKTINFO) { int pad = 1; + if(af == AF_INET) + { #ifdef IP_PKTINFO - if (setsockopt (sd, SOL_IP, IP_PKTINFO, - (void*)&pad, sizeof(pad)) < 0) - msg(M_ERR, "UDP: failed setsockopt for IP_PKTINFO"); + if (setsockopt (sd, SOL_IP, IP_PKTINFO, + (void*)&pad, sizeof(pad)) < 0) + msg(M_ERR, "UDP: failed setsockopt for IP_PKTINFO"); #elif defined(IP_RECVDSTADDR) - if (setsockopt (sd, IPPROTO_IP, IP_RECVDSTADDR, - (void*)&pad, sizeof(pad)) < 0) - msg(M_ERR, "UDP: failed setsockopt for IP_RECVDSTADDR"); + if (setsockopt (sd, IPPROTO_IP, IP_RECVDSTADDR, + (void*)&pad, sizeof(pad)) < 0) + msg(M_ERR, "UDP: failed setsockopt for IP_RECVDSTADDR"); #else #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h) #endif - } -#endif - return sd; -} - -static socket_descriptor_t -create_socket_udp6 (const unsigned int flags) -{ - socket_descriptor_t sd; - - if ((sd = socket (PF_INET6, SOCK_DGRAM, IPPROTO_UDP)) < 0) - msg (M_ERR, "UDP: Cannot create UDP6 socket"); -#if ENABLE_IP_PKTINFO - else if (flags & SF_USE_IP_PKTINFO) - { - int pad = 1; + } + else if (af == AF_INET6 ) + { #ifndef IPV6_RECVPKTINFO /* Some older Darwin platforms require this */ - if (setsockopt (sd, IPPROTO_IPV6, IPV6_PKTINFO, - (void*)&pad, sizeof(pad)) < 0) + if (setsockopt (sd, IPPROTO_IPV6, IPV6_PKTINFO, + (void*)&pad, sizeof(pad)) < 0) #else - if (setsockopt (sd, IPPROTO_IPV6, IPV6_RECVPKTINFO, - (void*)&pad, sizeof(pad)) < 0) + if (setsockopt (sd, IPPROTO_IPV6, IPV6_RECVPKTINFO, + (void*)&pad, sizeof(pad)) < 0) #endif - msg(M_ERR, "UDP: failed setsockopt for IPV6_RECVPKTINFO"); + msg(M_ERR, "UDP: failed setsockopt for IPV6_RECVPKTINFO"); + } } #endif return sd; @@ -696,36 +662,37 @@ create_socket_udp6 (const unsigned int flags) static void create_socket (struct link_socket *sock) { - /* create socket */ - if (sock->info.proto == PROTO_UDPv4) + /* create socket, use information carried over from getaddrinfo */ + const int ai_proto = sock->info.lsa->actual.ai_protocol; + const int ai_family = sock->info.lsa->actual.ai_family; + + ASSERT (sock->info.af == AF_UNSPEC || sock->info.af == ai_family); + + + if (ai_proto == IPPROTO_UDP) { - sock->sd = create_socket_udp (sock->sockflags); + sock->sd = create_socket_udp (ai_family, sock->sockflags); sock->sockflags |= SF_GETADDRINFO_DGRAM; #ifdef ENABLE_SOCKS if (sock->socks_proxy) - sock->ctrl_sd = create_socket_tcp (AF_INET); + sock->ctrl_sd = create_socket_tcp (ai_family); #endif } - else if (sock->info.proto == PROTO_TCPv4_SERVER - || sock->info.proto == PROTO_TCPv4_CLIENT) - { - sock->sd = create_socket_tcp (AF_INET); - } - else if (sock->info.proto == PROTO_TCPv6_SERVER - || sock->info.proto == PROTO_TCPv6_CLIENT) + else if (ai_proto == IPPROTO_TCP) { - sock->sd = create_socket_tcp (AF_INET6); - } - else if (sock->info.proto == PROTO_UDPv6) - { - sock->sd = create_socket_udp6 (sock->sockflags); - sock->sockflags |= SF_GETADDRINFO_DGRAM; + sock->sd = create_socket_tcp (ai_family); } else { ASSERT (0); } + /* set socket buffers based on --sndbuf and --rcvbuf options */ + socket_set_buffers (sock->sd, &sock->socket_buffer_sizes); + + /* set socket to --mark packets with given value */ + socket_set_mark (sock->sd, sock->mark); + #ifdef TARGET_ANDROID struct user_pass up; strcpy(up.username ,__func__); @@ -740,10 +707,9 @@ create_socket (struct link_socket *sock) /* * Functions used for establishing a TCP stream connection. */ - static void socket_do_listen (socket_descriptor_t sd, - const struct openvpn_sockaddr *local, + const struct sockaddr *local, bool do_listen, bool do_set_nonblock) { @@ -833,8 +799,7 @@ static int socket_listen_accept (socket_descriptor_t sd, struct link_socket_actual *act, const char *remote_dynamic, - bool *remote_changed, - const struct openvpn_sockaddr *local, + const struct addrinfo *local, bool do_listen, bool nowait, volatile int *signal_received) @@ -845,7 +810,7 @@ socket_listen_accept (socket_descriptor_t sd, int new_sd = SOCKET_UNDEFINED; CLEAR (*act); - socket_do_listen (sd, local, do_listen, true); + socket_do_listen (sd, local->ai_addr, do_listen, true); while (true) { @@ -880,18 +845,26 @@ socket_listen_accept (socket_descriptor_t sd, if (socket_defined (new_sd)) { - update_remote (remote_dynamic, &remote_verify, remote_changed, 0); - if (addr_defined (&remote_verify) - && !addr_match (&remote_verify, &act->dest)) - { - msg (M_WARN, - "TCP NOTE: Rejected connection attempt from %s due to --remote setting", - print_link_socket_actual (act, &gc)); - if (openvpn_close_socket (new_sd)) - msg (M_ERR, "TCP: close socket failed (new_sd)"); - } + struct addrinfo* ai; + if(remote_dynamic) + openvpn_getaddrinfo(0, remote_dynamic, NULL, 1, NULL, + remote_verify.addr.sa.sa_family, &ai); + + if(ai && !addrlist_match(&remote_verify, ai)) + { + msg (M_WARN, + "TCP NOTE: Rejected connection attempt from %s due to --remote setting", + print_link_socket_actual (act, &gc)); + if (openvpn_close_socket (new_sd)) + msg (M_ERR, "TCP: close socket failed (new_sd)"); + freeaddrinfo(ai); + } else - break; + { + if(ai) + freeaddrinfo(ai); + break; + } } openvpn_sleep (1); } @@ -907,17 +880,38 @@ socket_listen_accept (socket_descriptor_t sd, void socket_bind (socket_descriptor_t sd, - struct openvpn_sockaddr *local, + struct addrinfo *local, + int ai_family, const char *prefix) { struct gc_arena gc = gc_new (); - if (bind (sd, &local->addr.sa, af_addr_size(local->addr.sa.sa_family))) + /* FIXME (schwabe) + * getaddrinfo for the bind address might return multiple AF_INET/AF_INET6 + * entries for the requested protocol. + * For example if an address has multiple A records + * What is the correct way to deal with it? + */ + + ASSERT(local); + struct addrinfo* cur; + + /* find the first addrinfo with correct ai_family */ + for (cur = local; cur; cur=cur->ai_next) + { + if(cur->ai_family == ai_family) + break; + } + if (!cur) + msg (M_FATAL, "%s: Socket bind failed: Addr to bind has no %s record", + prefix, addr_family_name(ai_family)); + + if (bind (sd, cur->ai_addr, cur->ai_addrlen)) { const int errnum = openvpn_errno (); msg (M_FATAL, "%s: Socket bind failed on local address %s: %s", prefix, - print_sockaddr (local, &gc), + print_sockaddr_ex (local->ai_addr, ":", PS_SHOW_PORT, &gc), strerror_ts (errnum, &gc)); } gc_free (&gc); @@ -925,7 +919,7 @@ socket_bind (socket_descriptor_t sd, int openvpn_connect (socket_descriptor_t sd, - struct openvpn_sockaddr *remote, + const struct sockaddr *remote, int connect_timeout, volatile int *signal_received) { @@ -933,7 +927,7 @@ openvpn_connect (socket_descriptor_t sd, #ifdef CONNECT_NONBLOCK set_nonblock (sd); - status = connect (sd, &remote->addr.sa, af_addr_size(remote->addr.sa.sa_family)); + status = connect (sd, remote, af_addr_size(remote->sa_family)); if (status) status = openvpn_errno (); if ( @@ -1005,85 +999,76 @@ openvpn_connect (socket_descriptor_t sd, return status; } +void set_actual_address (struct link_socket_actual* actual, struct addrinfo* ai) +{ + CLEAR (*actual); + ASSERT (ai); + + if (ai->ai_family == AF_INET) + actual->dest.addr.in4 = + *((struct sockaddr_in*) ai->ai_addr); + else if (ai->ai_family == AF_INET6) + actual->dest.addr.in6 = + *((struct sockaddr_in6*) ai->ai_addr); + else + ASSERT(0); + + /* Copy addrinfo sock parameters for socket creating */ + actual->ai_family = ai->ai_family; + actual->ai_protocol = ai->ai_protocol; + actual->ai_socktype = ai->ai_socktype; +} + void socket_connect (socket_descriptor_t *sd, - struct openvpn_sockaddr *local, - bool bind_local, - struct openvpn_sockaddr *remote, - const bool connection_profiles_defined, - const char *remote_dynamic, - bool *remote_changed, - const int connect_retry_seconds, - const int connect_timeout, - const int connect_retry_max, - const unsigned int sockflags, - volatile int *signal_received) + struct link_socket_addr *lsa, + const int connect_timeout, + struct signal_info* sig_info) { struct gc_arena gc = gc_new (); - int retry = 0; - + const struct sockaddr *dest = &lsa->actual.dest.addr.sa; + + int status; + #ifdef CONNECT_NONBLOCK - msg (M_INFO, "Attempting to establish TCP connection with %s [nonblock]", - print_sockaddr (remote, &gc)); + msg (M_INFO, "Attempting to establish TCP connection with %s [nonblock]", + print_sockaddr (dest, &gc)); #else - msg (M_INFO, "Attempting to establish TCP connection with %s", - print_sockaddr (remote, &gc)); + msg (M_INFO, "Attempting to establish TCP connection with %s", + print_sockaddr (dest, &gc)); #endif - - while (true) - { - int status; - + #ifdef ENABLE_MANAGEMENT - if (management) + if (management) management_set_state (management, - OPENVPN_STATE_TCP_CONNECT, - NULL, - (in_addr_t)0, - (in_addr_t)0); + OPENVPN_STATE_TCP_CONNECT, + NULL, + (in_addr_t)0, + (in_addr_t)0); #endif - status = openvpn_connect (*sd, remote, connect_timeout, signal_received); + /* Set the actual address */ + status = openvpn_connect (*sd, dest, connect_timeout, &sig_info->signal_received); - get_signal (signal_received); - if (*signal_received) + get_signal (&sig_info->signal_received); + if (sig_info->signal_received) goto done; - if (!status) - break; - - msg (D_LINK_ERRORS, - "TCP: connect to %s failed, will try again in %d seconds: %s", - print_sockaddr (remote, &gc), - connect_retry_seconds, - strerror_ts (status, &gc)); - - gc_reset (&gc); - - openvpn_close_socket (*sd); - *sd = SOCKET_UNDEFINED; - - if ((connect_retry_max > 0 && ++retry >= connect_retry_max) || connection_profiles_defined) - { - *signal_received = SIGUSR1; - goto done; - } + if (status) { - openvpn_sleep (connect_retry_seconds); + msg (D_LINK_ERRORS, + "TCP: connect to %s failed: %s", + print_sockaddr (dest, &gc), + strerror_ts (status, &gc)); - get_signal (signal_received); - if (*signal_received) - goto done; - - *sd = create_socket_tcp (local->addr.sa.sa_family); - - if (bind_local) - socket_bind (*sd, local, "TCP Client"); - update_remote (remote_dynamic, remote, remote_changed, sockflags); - } - - msg (M_INFO, "TCP connection established with %s", - print_sockaddr (remote, &gc)); + openvpn_close_socket (*sd); + *sd = SOCKET_UNDEFINED; + sig_info->signal_received = SIGUSR1; + sig_info->source = SIG_SOURCE_CONNECTION_FAILED; + } else { + msg (M_INFO, "TCP connection established with %s", + print_sockaddr (dest, &gc)); + } done: gc_free (&gc); @@ -1134,72 +1119,47 @@ frame_adjust_path_mtu (struct frame *frame, int pmtu, int proto) } static void -resolve_bind_local (struct link_socket *sock) +resolve_bind_local (struct link_socket *sock, const sa_family_t af) { struct gc_arena gc = gc_new (); /* resolve local address if undefined */ - if (!addr_defined (&sock->info.lsa->local)) + if (!sock->info.lsa->bind_local) { - /* may return AF_{INET|INET6} guessed from local_host */ - switch(addr_guess_family(sock->info.proto, sock->local_host)) - { - case AF_INET: - sock->info.lsa->local.addr.in4.sin_family = AF_INET; - sock->info.lsa->local.addr.in4.sin_addr.s_addr = - (sock->local_host ? getaddr (GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL | GETADDR_FATAL, - sock->local_host, - 0, - NULL, - NULL) - : htonl (INADDR_ANY)); - sock->info.lsa->local.addr.in4.sin_port = htons (sock->local_port); - break; - case AF_INET6: - { - int status; - int err; - CLEAR(sock->info.lsa->local.addr.in6); - if (sock->local_host) - { - struct addrinfo *ai; - - status = openvpn_getaddrinfo(GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL | GETADDR_FATAL, - sock->local_host, 0, NULL, AF_INET6, &ai); - if(status ==0) { - sock->info.lsa->local.addr.in6 = *((struct sockaddr_in6*)(ai->ai_addr)); - freeaddrinfo(ai); - } - } - else - { - sock->info.lsa->local.addr.in6.sin6_family = AF_INET6; - sock->info.lsa->local.addr.in6.sin6_addr = in6addr_any; - status = 0; - } - if (!status == 0) - { - msg (M_FATAL, "getaddr6() failed for local \"%s\": %s", - sock->local_host, - gai_strerror(err)); - } - sock->info.lsa->local.addr.in6.sin6_port = htons (sock->local_port); - } - break; - } + int flags = GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL | + GETADDR_FATAL | GETADDR_PASSIVE; + int status; + + if(proto_is_dgram(sock->info.proto)) + flags |= GETADDR_DATAGRAM; + + /* will return AF_{INET|INET6}from local_host */ + status = openvpn_getaddrinfo(flags, sock->local_host, sock->local_port, 0, + NULL, af, &sock->info.lsa->bind_local); + if(status !=0) { + msg (M_FATAL, "getaddrinfo() failed for local \"%s:%s\": %s", + sock->local_host, sock->local_port, + gai_strerror(status)); + } } - - /* bind to local address/port */ - if (sock->bind_local) - { + + gc_free (&gc); +} + +static void bind_local (struct link_socket *sock) +{ + /* bind to local address/port */ + if (sock->bind_local) + { #ifdef ENABLE_SOCKS - if (sock->socks_proxy && sock->info.proto == PROTO_UDPv4) - socket_bind (sock->ctrl_sd, &sock->info.lsa->local, "SOCKS"); - else + if (sock->socks_proxy && sock->info.proto == PROTO_UDP) + socket_bind (sock->ctrl_sd, sock->info.lsa->bind_local, + sock->info.lsa->actual.ai_family, "SOCKS"); + else #endif - socket_bind (sock->sd, &sock->info.lsa->local, "TCP/UDP"); - } - gc_free (&gc); + socket_bind (sock->sd, sock->info.lsa->bind_local, + sock->info.lsa->actual.ai_family, "TCP/UDP"); + } } static void @@ -1209,34 +1169,22 @@ resolve_remote (struct link_socket *sock, volatile int *signal_received) { struct gc_arena gc = gc_new (); - int af; if (!sock->did_resolve_remote) { /* resolve remote address if undefined */ - if (!addr_defined (&sock->info.lsa->remote)) + if (!sock->info.lsa->remote_list) { - af = addr_guess_family(sock->info.proto, sock->remote_host); - switch(af) - { - case AF_INET: - sock->info.lsa->remote.addr.in4.sin_family = AF_INET; - sock->info.lsa->remote.addr.in4.sin_addr.s_addr = 0; - break; - case AF_INET6: - CLEAR(sock->info.lsa->remote.addr.in6); - sock->info.lsa->remote.addr.in6.sin6_family = AF_INET6; - sock->info.lsa->remote.addr.in6.sin6_addr = in6addr_any; - break; - } - if (sock->remote_host) { unsigned int flags = sf2gaf(GETADDR_RESOLVE|GETADDR_UPDATE_MANAGEMENT_STATE, sock->sockflags); int retry = 0; int status = -1; + + if (proto_is_dgram(sock->info.proto)) + flags |= GETADDR_DATAGRAM; - if (sock->connection_profiles_defined && sock->resolve_retry_seconds == RESOLV_RETRY_INFINITE) + if (sock->resolve_retry_seconds == RESOLV_RETRY_INFINITE) { if (phase == 2) flags |= (GETADDR_TRY_ONCE | GETADDR_FATAL); @@ -1272,12 +1220,11 @@ resolve_remote (struct link_socket *sock, } struct addrinfo* ai; - /* Temporary fix, this need to be changed for dual stack */ - status = openvpn_getaddrinfo(flags, sock->remote_host, retry, - signal_received, af, &ai); + status = openvpn_getaddrinfo (flags, sock->remote_host, sock->remote_port, + retry, signal_received, sock->info.af, &ai); if(status == 0) { - sock->info.lsa->remote.addr.in6 = *((struct sockaddr_in6*)(ai->ai_addr)); - freeaddrinfo(ai); + sock->info.lsa->remote_list = ai; + sock->info.lsa->current_remote = ai; dmsg (D_SOCKET_DEBUG, "RESOLVE_REMOTE flags=0x%04x phase=%d rrs=%d sig=%d status=%d", flags, @@ -1298,15 +1245,6 @@ resolve_remote (struct link_socket *sock, goto done; } } - switch(af) - { - case AF_INET: - sock->info.lsa->remote.addr.in4.sin_port = htons (sock->remote_port); - break; - case AF_INET6: - sock->info.lsa->remote.addr.in6.sin6_port = htons (sock->remote_port); - break; - } } /* should we re-use previous active remote address? */ @@ -1317,10 +1255,14 @@ resolve_remote (struct link_socket *sock, if (remote_dynamic) *remote_dynamic = NULL; } - else + /* else, quick hack to fix persistent-remote ....*/ { - CLEAR (sock->info.lsa->actual); - sock->info.lsa->actual.dest = sock->info.lsa->remote; + CLEAR (sock->info.lsa->actual); + if(sock->info.lsa->current_remote) + { + set_actual_address (&sock->info.lsa->actual, + sock->info.lsa->current_remote); + } } /* remember that we finished */ @@ -1331,6 +1273,8 @@ resolve_remote (struct link_socket *sock, gc_free (&gc); } + + struct link_socket * link_socket_new (void) { @@ -1344,15 +1288,47 @@ link_socket_new (void) return sock; } +void +create_new_socket (struct link_socket* sock) +{ + if (sock->bind_local) { + resolve_bind_local (sock, sock->info.af); + } + resolve_remote (sock, 1, NULL, NULL); + /* + * In P2P or server mode we must create the socket even when resolving + * the remote site fails/is not specified. */ + + if (sock->info.af && sock->info.lsa->actual.ai_family==0 && sock->bind_local) + { + /* Copy sock parameters from bind addr */ + set_actual_address (&sock->info.lsa->actual, sock->info.lsa->bind_local); + /* clear destination set by set_actual_address */ + CLEAR(sock->info.lsa->actual.dest); + } + + /* + * Create the socket early if socket should be bound + */ + if (sock->bind_local && sock->info.lsa->actual.ai_family) + { + create_socket (sock); + + if (sock->bind_local) + bind_local(sock); + } +} + + /* bind socket if necessary */ void link_socket_init_phase1 (struct link_socket *sock, - const bool connection_profiles_defined, const char *local_host, - int local_port, + const char *local_port, const char *remote_host, - int remote_port, + const char *remote_port, int proto, + sa_family_t af, int mode, const struct link_socket *accept_from, #ifdef ENABLE_HTTP_PROXY @@ -1371,9 +1347,7 @@ link_socket_init_phase1 (struct link_socket *sock, const char *ipchange_command, const struct plugin_list *plugins, int resolve_retry_seconds, - int connect_retry_seconds, int connect_timeout, - int connect_retry_max, int mtu_discover_type, int rcvbuf, int sndbuf, @@ -1382,8 +1356,6 @@ link_socket_init_phase1 (struct link_socket *sock, { ASSERT (sock); - sock->connection_profiles_defined = connection_profiles_defined; - sock->local_host = local_host; sock->local_port = local_port; sock->remote_host = remote_host; @@ -1400,9 +1372,7 @@ link_socket_init_phase1 (struct link_socket *sock, sock->bind_local = bind_local; sock->inetd = inetd; sock->resolve_retry_seconds = resolve_retry_seconds; - sock->connect_retry_seconds = connect_retry_seconds; sock->connect_timeout = connect_timeout; - sock->connect_retry_max = connect_retry_max; sock->mtu_discover_type = mtu_discover_type; #ifdef ENABLE_DEBUG @@ -1413,8 +1383,10 @@ link_socket_init_phase1 (struct link_socket *sock, sock->socket_buffer_sizes.sndbuf = sndbuf; sock->sockflags = sockflags; + sock->mark = mark; sock->info.proto = proto; + sock->info.af = af; sock->info.remote_float = remote_float; sock->info.lsa = lsa; sock->info.ipchange_command = ipchange_command; @@ -1424,20 +1396,18 @@ link_socket_init_phase1 (struct link_socket *sock, if (mode == LS_MODE_TCP_ACCEPT_FROM) { ASSERT (accept_from); - ASSERT (sock->info.proto == PROTO_TCPv4_SERVER - || sock->info.proto == PROTO_TCPv6_SERVER - ); + ASSERT (sock->info.proto == PROTO_TCP_SERVER); ASSERT (!sock->inetd); sock->sd = accept_from->sd; } - + if (false) ; #ifdef ENABLE_HTTP_PROXY /* are we running in HTTP proxy mode? */ else if (sock->http_proxy) { - ASSERT (sock->info.proto == PROTO_TCPv4_CLIENT); + ASSERT (sock->info.proto == PROTO_TCP_CLIENT); ASSERT (!sock->inetd); /* the proxy server */ @@ -1453,7 +1423,7 @@ link_socket_init_phase1 (struct link_socket *sock, /* or in Socks proxy mode? */ else if (sock->socks_proxy) { - ASSERT (sock->info.proto == PROTO_TCPv4_CLIENT || sock->info.proto == PROTO_UDPv4); + ASSERT (sock->info.af == AF_INET); ASSERT (!sock->inetd); /* the proxy server */ @@ -1472,7 +1442,7 @@ link_socket_init_phase1 (struct link_socket *sock, } /* bind behavior for TCP server vs. client */ - if (sock->info.proto == PROTO_TCPv4_SERVER) + if (sock->info.proto == PROTO_TCP_SERVER && sock->info.af==AF_INET) { if (sock->mode == LS_MODE_TCP_ACCEPT_FROM) sock->bind_local = false; @@ -1483,248 +1453,59 @@ link_socket_init_phase1 (struct link_socket *sock, /* were we started by inetd or xinetd? */ if (sock->inetd) { - ASSERT (sock->info.proto != PROTO_TCPv4_CLIENT - && sock->info.proto != PROTO_TCPv6_CLIENT); + ASSERT (sock->info.proto != PROTO_TCP_CLIENT); ASSERT (socket_defined (inetd_socket_descriptor)); sock->sd = inetd_socket_descriptor; } else if (mode != LS_MODE_TCP_ACCEPT_FROM) { - create_socket (sock); - - /* set socket buffers based on --sndbuf and --rcvbuf options */ - socket_set_buffers (sock->sd, &sock->socket_buffer_sizes); - - /* set socket to --mark packets with given value */ - socket_set_mark (sock->sd, mark); - - resolve_bind_local (sock); - resolve_remote (sock, 1, NULL, NULL); + create_new_socket (sock); } } -/* finalize socket initialization */ -void -link_socket_init_phase2 (struct link_socket *sock, - const struct frame *frame, - volatile int *signal_received) +static +void phase2_inetd (struct link_socket* sock, const struct frame *frame, + const char *remote_dynamic, volatile int *signal_received) { - struct gc_arena gc = gc_new (); - const char *remote_dynamic = NULL; bool remote_changed = false; - int sig_save = 0; - - ASSERT (sock); - - if (signal_received && *signal_received) - { - sig_save = *signal_received; - *signal_received = 0; - } - - /* initialize buffers */ - socket_frame_init (frame, sock); - - /* - * Pass a remote name to connect/accept so that - * they can test for dynamic IP address changes - * and throw a SIGUSR1 if appropriate. - */ - if (sock->resolve_retry_seconds) - remote_dynamic = sock->remote_host; - /* were we started by inetd or xinetd? */ - if (sock->inetd) - { - if (sock->info.proto == PROTO_TCPv4_SERVER - || sock->info.proto == PROTO_TCPv6_SERVER) { - /* AF_INET as default (and fallback) for inetd */ - sock->info.lsa->actual.dest.addr.sa.sa_family = AF_INET; + if (sock->info.proto == PROTO_TCP_SERVER) { + /* AF_INET as default (and fallback) for inetd */ + sock->info.lsa->actual.dest.addr.sa.sa_family = AF_INET; #ifdef HAVE_GETSOCKNAME - { - /* inetd: hint family type for dest = local's */ - struct openvpn_sockaddr local_addr; - socklen_t addrlen = sizeof(local_addr); - if (getsockname (sock->sd, (struct sockaddr *)&local_addr, &addrlen) == 0) { - sock->info.lsa->actual.dest.addr.sa.sa_family = local_addr.addr.sa.sa_family; - dmsg (D_SOCKET_DEBUG, "inetd(%s): using sa_family=%d from getsockname(%d)", - proto2ascii(sock->info.proto, false), local_addr.addr.sa.sa_family, - sock->sd); - } else - msg (M_WARN, "inetd(%s): getsockname(%d) failed, using AF_INET", - proto2ascii(sock->info.proto, false), sock->sd); - } -#else - msg (M_WARN, "inetd(%s): this OS does not provide the getsockname() " - "function, using AF_INET", - proto2ascii(sock->info.proto, false)); -#endif - sock->sd = - socket_listen_accept (sock->sd, - &sock->info.lsa->actual, - remote_dynamic, - &remote_changed, - &sock->info.lsa->local, - false, - sock->inetd == INETD_NOWAIT, - signal_received); - } - ASSERT (!remote_changed); - if (*signal_received) - goto done; - } - else { - resolve_remote (sock, 2, &remote_dynamic, signal_received); - - if (*signal_received) - goto done; - - /* TCP client/server */ - if (sock->info.proto == PROTO_TCPv4_SERVER - ||sock->info.proto == PROTO_TCPv6_SERVER) - { - switch (sock->mode) - { - case LS_MODE_DEFAULT: - sock->sd = socket_listen_accept (sock->sd, - &sock->info.lsa->actual, - remote_dynamic, - &remote_changed, - &sock->info.lsa->local, - true, - false, - signal_received); - break; - case LS_MODE_TCP_LISTEN: - socket_do_listen (sock->sd, - &sock->info.lsa->local, - true, - false); - break; - case LS_MODE_TCP_ACCEPT_FROM: - sock->sd = socket_do_accept (sock->sd, - &sock->info.lsa->actual, - false); - if (!socket_defined (sock->sd)) - { - *signal_received = SIGTERM; - goto done; - } - tcp_connection_established (&sock->info.lsa->actual); - break; - default: - ASSERT (0); - } - } - else if (sock->info.proto == PROTO_TCPv4_CLIENT - ||sock->info.proto == PROTO_TCPv6_CLIENT) - { - -#ifdef GENERAL_PROXY_SUPPORT - bool proxy_retry = false; -#else - const bool proxy_retry = false; -#endif - do { - socket_connect (&sock->sd, - &sock->info.lsa->local, - sock->bind_local, - &sock->info.lsa->actual.dest, - sock->connection_profiles_defined, - remote_dynamic, - &remote_changed, - sock->connect_retry_seconds, - sock->connect_timeout, - sock->connect_retry_max, - sock->sockflags, - signal_received); - - if (*signal_received) - goto done; - - if (false) - ; -#ifdef ENABLE_HTTP_PROXY - else if (sock->http_proxy) - { - proxy_retry = establish_http_proxy_passthru (sock->http_proxy, - sock->sd, - sock->proxy_dest_host, - sock->proxy_dest_port, - &sock->stream_buf.residual, - signal_received); - } -#endif -#ifdef ENABLE_SOCKS - else if (sock->socks_proxy) - { - establish_socks_proxy_passthru (sock->socks_proxy, - sock->sd, - sock->proxy_dest_host, - sock->proxy_dest_port, - signal_received); - } -#endif - if (proxy_retry) - { - openvpn_close_socket (sock->sd); - sock->sd = create_socket_tcp (AF_INET); - } - } while (proxy_retry); - } -#ifdef ENABLE_SOCKS - else if (sock->info.proto == PROTO_UDPv4 && sock->socks_proxy) - { - socket_connect (&sock->ctrl_sd, - &sock->info.lsa->local, - sock->bind_local, - &sock->info.lsa->actual.dest, - sock->connection_profiles_defined, - remote_dynamic, - &remote_changed, - sock->connect_retry_seconds, - sock->connect_timeout, - sock->connect_retry_max, - sock->sockflags, - signal_received); - - if (*signal_received) - goto done; - - establish_socks_proxy_udpassoc (sock->socks_proxy, - sock->ctrl_sd, - sock->sd, - &sock->socks_relay.dest, - signal_received); - - if (*signal_received) - goto done; - - sock->remote_host = sock->proxy_dest_host; - sock->remote_port = sock->proxy_dest_port; - sock->did_resolve_remote = false; - - addr_zero_host(&sock->info.lsa->actual.dest); - addr_zero_host(&sock->info.lsa->remote); - - resolve_remote (sock, 1, NULL, signal_received); - - if (*signal_received) - goto done; - } -#endif - - if (*signal_received) - goto done; - - if (remote_changed) - { - msg (M_INFO, "TCP/UDP: Dynamic remote address changed during TCP connection establishment"); - addr_copy_host(&sock->info.lsa->remote, &sock->info.lsa->actual.dest); - } + /* inetd: hint family type for dest = local's */ + struct openvpn_sockaddr local_addr; + socklen_t addrlen = sizeof(local_addr); + if (getsockname (sock->sd, &local_addr.addr.sa, &addrlen) == 0) { + sock->info.lsa->actual.dest.addr.sa.sa_family = local_addr.addr.sa.sa_family; + dmsg (D_SOCKET_DEBUG, "inetd(%s): using sa_family=%d from getsockname(%d)", + proto2ascii(sock->info.proto, sock->info.af, false), local_addr.addr.sa.sa_family, + sock->sd); + } else + msg (M_WARN, "inetd(%s): getsockname(%d) failed, using AF_INET", + proto2ascii(sock->info.proto, sock->info.af, false), sock->sd); } +#else + msg (M_WARN, "inetd(%s): this OS does not provide the getsockname() " + "function, using AF_INET", + proto2ascii(sock->info.proto, false)); +#endif + sock->sd = + socket_listen_accept (sock->sd, + &sock->info.lsa->actual, + remote_dynamic, + sock->info.lsa->bind_local, + false, + sock->inetd == INETD_NOWAIT, + signal_received); + } + ASSERT (!remote_changed); +} +static void +phase2_set_socket_flags (struct link_socket* sock) +{ /* set misc socket parameters */ socket_set_flags (sock->sd, sock->sockflags); @@ -1747,35 +1528,265 @@ link_socket_init_phase2 (struct link_socket *sock, /* if the OS supports it, enable extended error passing on the socket */ set_sock_extended_error_passing (sock->sd); #endif +} + + +static void +linksock_print_addr (struct link_socket *sock) +{ + struct gc_arena gc = gc_new (); /* print local address */ { const int msglevel = (sock->mode == LS_MODE_TCP_ACCEPT_FROM) ? D_INIT_MEDIUM : M_INFO; - + if (sock->inetd) - msg (msglevel, "%s link local: [inetd]", proto2ascii (sock->info.proto, true)); + msg (msglevel, "%s link local: [inetd]", proto2ascii (sock->info.proto, sock->info.af, true)); + else if (sock->bind_local) + { + /* Socket is always bound on the first matching address */ + struct addrinfo *cur; + for (cur = sock->info.lsa->bind_local; cur; cur=cur->ai_next) + { + if(cur->ai_family == sock->info.lsa->actual.ai_family) + break; + } + ASSERT (cur); + msg (msglevel, "%s link local (bound): %s", + proto2ascii (sock->info.proto, sock->info.af, true), + print_sockaddr(cur->ai_addr,&gc)); + } else - msg (msglevel, "%s link local%s: %s", - proto2ascii (sock->info.proto, true), - (sock->bind_local ? " (bound)" : ""), - print_sockaddr_ex (&sock->info.lsa->local, ":", sock->bind_local ? PS_SHOW_PORT : 0, &gc)); - + msg (msglevel, "%s link local: (not bound)", + proto2ascii (sock->info.proto, sock->info.af, true)); + /* print active remote address */ msg (msglevel, "%s link remote: %s", - proto2ascii (sock->info.proto, true), - print_link_socket_actual_ex (&sock->info.lsa->actual, - ":", - PS_SHOW_PORT_IF_DEFINED, - &gc)); + proto2ascii (sock->info.proto, sock->info.af, true), + print_link_socket_actual_ex (&sock->info.lsa->actual, + ":", + PS_SHOW_PORT_IF_DEFINED, + &gc)); } + gc_free(&gc); +} + +static void +phase2_tcp_server (struct link_socket *sock, const char *remote_dynamic, + volatile int *signal_received) +{ + switch (sock->mode) + { + case LS_MODE_DEFAULT: + sock->sd = socket_listen_accept (sock->sd, + &sock->info.lsa->actual, + remote_dynamic, + sock->info.lsa->bind_local, + true, + false, + signal_received); + break; + case LS_MODE_TCP_LISTEN: + socket_do_listen (sock->sd, + sock->info.lsa->bind_local->ai_addr, + true, + false); + break; + case LS_MODE_TCP_ACCEPT_FROM: + sock->sd = socket_do_accept (sock->sd, + &sock->info.lsa->actual, + false); + if (!socket_defined (sock->sd)) + { + *signal_received = SIGTERM; + return; + } + tcp_connection_established (&sock->info.lsa->actual); + break; + default: + ASSERT (0); + } + +} + + +static void +phase2_tcp_client (struct link_socket *sock, struct signal_info *sig_info) +{ +#ifdef GENERAL_PROXY_SUPPORT + bool proxy_retry = false; +#else + const bool proxy_retry = false; +#endif + do { + socket_connect (&sock->sd, + sock->info.lsa, + sock->connect_timeout, + sig_info); + + if (sig_info->signal_received) + return; + + if (false) + ; +#ifdef ENABLE_HTTP_PROXY + else if (sock->http_proxy) + { + proxy_retry = establish_http_proxy_passthru (sock->http_proxy, + sock->sd, + sock->proxy_dest_host, + sock->proxy_dest_port, + &sock->stream_buf.residual, + &sig_info->signal_received); + } +#endif +#ifdef ENABLE_SOCKS + else if (sock->socks_proxy) + { + establish_socks_proxy_passthru (sock->socks_proxy, + sock->sd, + sock->proxy_dest_host, + sock->proxy_dest_port, + &sig_info->signal_received); + } +#endif + if (proxy_retry) + { + /* TODO (schwabe): This code assumes AF_INET for the proxy socket + * when retrying a connection */ + openvpn_close_socket (sock->sd); + sock->sd = create_socket_tcp (AF_INET); + } + } while (proxy_retry); + +} + +#ifdef ENABLE_SOCKS +static void +phase2_socks_client (struct link_socket *sock, struct signal_info *sig_info) +{ + socket_connect (&sock->ctrl_sd, + sock->info.lsa, + sock->connect_timeout, + sig_info); + + if (sig_info->signal_received) + return; + + establish_socks_proxy_udpassoc (sock->socks_proxy, + sock->ctrl_sd, + sock->sd, + &sock->socks_relay.dest, + &sig_info->signal_received); + + if (sig_info->signal_received) + return; + + sock->remote_host = sock->proxy_dest_host; + sock->remote_port = sock->proxy_dest_port; + sock->did_resolve_remote = false; + + addr_zero_host(&sock->info.lsa->actual.dest); + if (sock->info.lsa->remote_list) + freeaddrinfo(sock->info.lsa->remote_list); + + resolve_remote (sock, 1, NULL, &sig_info->signal_received); + +} +#endif + +/* finalize socket initialization */ +void +link_socket_init_phase2 (struct link_socket *sock, + const struct frame *frame, + struct signal_info *sig_info) +{ + const char *remote_dynamic = NULL; + int sig_save = 0; + + ASSERT (sock); + if (sig_info && sig_info->signal_received) + { + sig_save = sig_info->signal_received; + sig_info->signal_received = 0; + } + + /* initialize buffers */ + socket_frame_init (frame, sock); + + /* + * Pass a remote name to connect/accept so that + * they can test for dynamic IP address changes + * and throw a SIGUSR1 if appropriate. + */ + if (sock->resolve_retry_seconds) + remote_dynamic = sock->remote_host; + + /* were we started by inetd or xinetd? */ + if (sock->inetd) + { + phase2_inetd (sock, frame, remote_dynamic, &sig_info->signal_received); + if (sig_info && sig_info->signal_received) + goto done; + + } + else + { + /* Second chance to resolv/create socket */ + resolve_remote (sock, 2, &remote_dynamic, &sig_info->signal_received); + + /* If socket has not already been created create it now */ + if (sock->sd == SOCKET_UNDEFINED) + { + if (sock->info.lsa->actual.ai_family) + { + create_socket (sock); + } + else + { + msg (M_WARN, "Could not determine IPv4/IPv6 protocol"); + sig_info->signal_received = SIGUSR1; + goto done; + } + + if (sock->bind_local) + bind_local(sock); + } + + + if (sig_info && sig_info->signal_received) + goto done; + + if (sock->info.proto == PROTO_TCP_SERVER) + { + phase2_tcp_server (sock, remote_dynamic, + &sig_info->signal_received); + } + else if (sock->info.proto == PROTO_TCP_CLIENT) + { + phase2_tcp_client (sock, sig_info); + + } +#ifdef ENABLE_SOCKS + else if (sock->info.proto == PROTO_UDP && sock->socks_proxy && sock->info.af == AF_INET) + { + phase2_socks_client (sock, sig_info); +#endif + } + if (sig_info && sig_info->signal_received) + goto done; + } + + phase2_set_socket_flags(sock); + linksock_print_addr(sock); + done: - if (sig_save && signal_received) + if (sig_save && sig_info) { - if (!*signal_received) - *signal_received = sig_save; + if (!sig_info->signal_received) + sig_info->signal_received = sig_save; } - gc_free (&gc); } void @@ -1843,17 +1854,14 @@ setenv_trusted (struct env_set *es, const struct link_socket_info *info) static void ipchange_fmt (const bool include_cmd, struct argv *argv, const struct link_socket_info *info, struct gc_arena *gc) { - const char *ip = print_sockaddr_ex (&info->lsa->actual.dest, NULL, 0, gc); - const char *port = print_sockaddr_ex (&info->lsa->actual.dest, NULL, PS_DONT_SHOW_ADDR|PS_SHOW_PORT, gc); + const char *host = print_sockaddr_ex (&info->lsa->actual.dest.addr.sa, " ", PS_SHOW_PORT , gc); if (include_cmd) - argv_printf (argv, "%sc %s %s", + argv_printf (argv, "%sc %s", info->ipchange_command, - ip, - port); + host); else - argv_printf (argv, "%s %s", - ip, - port); + argv_printf (argv, "%s", host); + } void @@ -1910,6 +1918,7 @@ link_socket_bad_incoming_addr (struct buffer *buf, const struct link_socket_actual *from_addr) { struct gc_arena gc = gc_new (); + struct addrinfo* ai; switch(from_addr->dest.addr.sa.sa_family) { @@ -1919,7 +1928,12 @@ link_socket_bad_incoming_addr (struct buffer *buf, "TCP/UDP: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source address/port by removing --remote or adding --float)", print_link_socket_actual (from_addr, &gc), (int)from_addr->dest.addr.sa.sa_family, - print_sockaddr (&info->lsa->remote, &gc)); + print_sockaddr_ex (info->lsa->remote_list->ai_addr,":" ,PS_SHOW_PORT, &gc)); + /* print additional remote addresses */ + for(ai=info->lsa->remote_list->ai_next;ai;ai=ai->ai_next) { + msg(D_LINK_ERRORS,"or from peer address: %s", + print_sockaddr_ex(ai->ai_addr,":",PS_SHOW_PORT, &gc)); + } break; } buf->len = 0; @@ -1944,14 +1958,17 @@ link_socket_current_remote (const struct link_socket_info *info) * Maybe in the future consider PF_INET6 endpoints also ... * by now just ignore it * + * For --remote entries with multiple addresses this + * only return the actual endpoint we have sucessfully connected to */ if (lsa->actual.dest.addr.sa.sa_family != AF_INET) return IPV4_INVALID_ADDR; if (link_socket_actual_defined (&lsa->actual)) return ntohl (lsa->actual.dest.addr.in4.sin_addr.s_addr); - else if (addr_defined (&lsa->remote)) - return ntohl (lsa->remote.addr.in4.sin_addr.s_addr); + else if (lsa->current_remote) + return ntohl (((struct sockaddr_in*)lsa->current_remote->ai_addr) + ->sin_addr.s_addr); else return 0; } @@ -2018,7 +2035,7 @@ stream_buf_init (struct stream_buf *sb, sb->residual = alloc_buf (sb->maxlen); sb->error = false; #if PORT_SHARE - sb->port_share_state = ((sockflags & SF_PORT_SHARE) && (proto == PROTO_TCPv4_SERVER)) + sb->port_share_state = ((sockflags & SF_PORT_SHARE) && (proto == PROTO_TCP_SERVER)) ? PS_ENABLED : PS_DISABLED; #endif @@ -2167,67 +2184,60 @@ socket_listen_event_handle (struct link_socket *s) */ const char * -print_sockaddr (const struct openvpn_sockaddr *addr, struct gc_arena *gc) -{ - return print_sockaddr_ex (addr, ":", PS_SHOW_PORT, gc); -} - -const char * -print_sockaddr_ex (const struct openvpn_sockaddr *addr, - const char* separator, - const unsigned int flags, - struct gc_arena *gc) +print_sockaddr_ex (const struct sockaddr *sa, + const char* separator, + const unsigned int flags, + struct gc_arena *gc) { struct buffer out = alloc_buf_gc (128, gc); bool addr_is_defined; - addr_is_defined = addr_defined (addr); - if (!addr_is_defined) { - return "[undef]"; - } - switch(addr->addr.sa.sa_family) + char hostaddr[NI_MAXHOST] = ""; + char servname[NI_MAXSERV] = ""; + int status; + + socklen_t salen; + switch(sa->sa_family) { case AF_INET: - { - const int port= ntohs (addr->addr.in4.sin_port); - buf_puts (&out, "[AF_INET]"); - - if (!(flags & PS_DONT_SHOW_ADDR)) - buf_printf (&out, "%s", (addr_defined (addr) ? inet_ntoa (addr->addr.in4.sin_addr) : "[undef]")); - - if (((flags & PS_SHOW_PORT) || (addr_defined (addr) && (flags & PS_SHOW_PORT_IF_DEFINED))) - && port) - { - if (separator) - buf_printf (&out, "%s", separator); - - buf_printf (&out, "%d", port); - } - } + buf_puts (&out, "[AF_INET]"); + salen = sizeof (struct sockaddr_in); + addr_is_defined = ((struct sockaddr_in*) sa)->sin_addr.s_addr != 0; break; case AF_INET6: - { - const int port= ntohs (addr->addr.in6.sin6_port); - char buf[INET6_ADDRSTRLEN] = ""; - buf_puts (&out, "[AF_INET6]"); - if (addr_is_defined) - { - getnameinfo(&addr->addr.sa, sizeof (struct sockaddr_in6), - buf, sizeof (buf), NULL, 0, NI_NUMERICHOST); - buf_puts (&out, buf); - } - if (((flags & PS_SHOW_PORT) || (addr_is_defined && (flags & PS_SHOW_PORT_IF_DEFINED))) - && port) - { - if (separator) - buf_puts (&out, separator); - - buf_printf (&out, "%d", port); - } - } + buf_puts (&out, "[AF_INET6]"); + salen = sizeof (struct sockaddr_in6); + addr_is_defined = !IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6*) sa)->sin6_addr); break; + case AF_UNSPEC: + return "[AF_UNSPEC]"; default: ASSERT(0); } + + status = getnameinfo(sa, salen, hostaddr, sizeof (hostaddr), + servname, sizeof(servname), NI_NUMERICHOST | NI_NUMERICSERV); + + if(status!=0) { + buf_printf(&out,"[nameinfo() err: %s]",gai_strerror(status)); + return BSTR(&out); + } + + if (!(flags & PS_DONT_SHOW_ADDR)) + { + if (addr_is_defined) + buf_puts (&out, hostaddr); + else + buf_puts (&out, "[undef]"); + } + + if ((flags & PS_SHOW_PORT) || (flags & PS_SHOW_PORT_IF_DEFINED)) + { + if (separator) + buf_puts (&out, separator); + + buf_puts (&out, servname); + } + return BSTR (&out); } @@ -2251,7 +2261,7 @@ print_link_socket_actual_ex (const struct link_socket_actual *act, { char ifname[IF_NAMESIZE] = "[undef]"; struct buffer out = alloc_buf_gc (128, gc); - buf_printf (&out, "%s", print_sockaddr_ex (&act->dest, separator, flags, gc)); + buf_printf (&out, "%s", print_sockaddr_ex (&act->dest.addr.sa, separator, flags, gc)); #if ENABLE_IP_PKTINFO if ((flags & PS_SHOW_PKTINFO) && addr_defined_ipi(act)) { @@ -2272,7 +2282,7 @@ print_link_socket_actual_ex (const struct link_socket_actual *act, #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h) #endif buf_printf (&out, " (via %s%%%s)", - print_sockaddr_ex (&sa, separator, 0, gc), + print_sockaddr_ex (&sa.addr.sa, separator, 0, gc), ifname); } break; @@ -2434,22 +2444,23 @@ setenv_link_socket_actual (struct env_set *es, struct proto_names { const char *short_form; const char *display_form; - bool is_dgram; - bool is_net; - unsigned short proto_af; + sa_family_t proto_af; + int proto; }; /* Indexed by PROTO_x */ -static const struct proto_names proto_names[PROTO_N] = { - {"proto-uninitialized", "proto-NONE",0,0, AF_UNSPEC}, - {"udp", "UDPv4",1,1, AF_INET}, - {"tcp-server", "TCPv4_SERVER",0,1, AF_INET}, - {"tcp-client", "TCPv4_CLIENT",0,1, AF_INET}, - {"tcp", "TCPv4",0,1, AF_INET}, - {"udp6" ,"UDPv6",1,1, AF_INET6}, - {"tcp6-server","TCPv6_SERVER",0,1, AF_INET6}, - {"tcp6-client","TCPv6_CLIENT",0,1, AF_INET6}, - {"tcp6" ,"TCPv6",0,1, AF_INET6}, +static const struct proto_names proto_names[] = { + {"proto-uninitialized", "proto-NONE", AF_UNSPEC, PROTO_NONE}, + {"udp", "UDP", AF_UNSPEC, PROTO_UDP}, + {"udp4", "UDPv4", AF_INET, PROTO_UDP}, + {"tcp-server", "TCPv4_SERVER", AF_INET, PROTO_TCP_SERVER}, + {"tcp-client", "TCPv4_CLIENT", AF_INET, PROTO_TCP_CLIENT}, + {"tcp", "TCP", AF_UNSPEC, PROTO_TCP}, + {"tcp4", "TCPv4", AF_INET, PROTO_TCP}, + {"udp6" ,"UDPv6", AF_INET6, PROTO_UDP}, + {"tcp6-server","TCPv6_SERVER", AF_INET6, PROTO_TCP_SERVER}, + {"tcp6-client","TCPv6_CLIENT", AF_INET6, PROTO_TCP_CLIENT}, + {"tcp6" ,"TCPv6", AF_INET6, PROTO_TCP}, }; bool @@ -2457,59 +2468,66 @@ proto_is_net(int proto) { if (proto < 0 || proto >= PROTO_N) ASSERT(0); - return proto_names[proto].is_net; + return proto != PROTO_NONE; } bool proto_is_dgram(int proto) { - if (proto < 0 || proto >= PROTO_N) - ASSERT(0); - return proto_names[proto].is_dgram; + return proto_is_udp(proto); } + bool proto_is_udp(int proto) { if (proto < 0 || proto >= PROTO_N) ASSERT(0); - return proto_names[proto].is_dgram&&proto_names[proto].is_net; + return proto == PROTO_UDP; } + bool proto_is_tcp(int proto) { if (proto < 0 || proto >= PROTO_N) ASSERT(0); - return (!proto_names[proto].is_dgram)&&proto_names[proto].is_net; -} - -unsigned short -proto_sa_family(int proto) -{ - if (proto < 0 || proto >= PROTO_N) - ASSERT(0); - return proto_names[proto].proto_af; + return proto == PROTO_TCP_CLIENT || proto == PROTO_TCP_SERVER || proto == PROTO_TCP_CLIENT; } int ascii2proto (const char* proto_name) { int i; - ASSERT (PROTO_N == SIZE (proto_names)); - for (i = 0; i < PROTO_N; ++i) + for (i = 0; i < SIZE (proto_names); ++i) if (!strcmp (proto_name, proto_names[i].short_form)) - return i; + return proto_names[i].proto; return -1; } +sa_family_t +ascii2af (const char* proto_name) +{ + int i; + for (i = 0; i < SIZE (proto_names); ++i) + if (!strcmp (proto_name, proto_names[i].short_form)) + return proto_names[i].proto_af; + return 0; +} + const char * -proto2ascii (int proto, bool display_form) +proto2ascii (int proto, sa_family_t af, bool display_form) { - ASSERT (PROTO_N == SIZE (proto_names)); - if (proto < 0 || proto >= PROTO_N) - return "[unknown protocol]"; - else if (display_form) - return proto_names[proto].display_form; - else - return proto_names[proto].short_form; + unsigned int i; + for (i = 0; i < SIZE (proto_names); ++i) + { + if(proto_names[i].proto_af == af && proto_names[i].proto == proto) + { + if(display_form) + return proto_names[i].display_form; + else + return proto_names[i].short_form; + } + } + + return "[unknown protocol]"; } const char * @@ -2518,23 +2536,22 @@ proto2ascii_all (struct gc_arena *gc) struct buffer out = alloc_buf_gc (256, gc); int i; - ASSERT (PROTO_N == SIZE (proto_names)); - for (i = 0; i < PROTO_N; ++i) + for (i = 0; i < SIZE (proto_names); ++i) { if (i) buf_printf(&out, " "); - buf_printf(&out, "[%s]", proto2ascii(i, false)); + buf_printf(&out, "[%s]", proto_names[i].short_form); } return BSTR (&out); } int -addr_guess_family(int proto, const char *name) +addr_guess_family(sa_family_t af, const char *name) { unsigned short ret; - if (proto) + if (af) { - return proto_sa_family(proto); /* already stamped */ + return af; /* already stamped */ } else { @@ -2570,22 +2587,24 @@ addr_family_name (int af) * * This is used for options compatibility * checking. + * + * IPv6 and IPv4 protocols are comptabile but OpenVPN + * has always sent UDPv4, TCPv4 over the wire. Keep these + * strings for backward compatbility */ -int +const char* proto_remote (int proto, bool remote) { ASSERT (proto >= 0 && proto < PROTO_N); - if (remote) - { - switch (proto) - { - case PROTO_TCPv4_SERVER: return PROTO_TCPv4_CLIENT; - case PROTO_TCPv4_CLIENT: return PROTO_TCPv4_SERVER; - case PROTO_TCPv6_SERVER: return PROTO_TCPv6_CLIENT; - case PROTO_TCPv6_CLIENT: return PROTO_TCPv6_SERVER; - } - } - return proto; + if (proto == PROTO_UDP) + return "UDPv4"; + + if ( (remote && proto == PROTO_TCP_CLIENT) || proto == PROTO_TCP_SERVER) + return "TCPv4_SERVER"; + if ( (remote && proto == PROTO_TCP_SERVER) || proto == PROTO_TCP_CLIENT) + return "TCPv4_CLIENT"; + + ASSERT (0); } /* @@ -2733,7 +2752,7 @@ link_socket_read_udp_posix (struct link_socket *sock, struct link_socket_actual *from) { socklen_t fromlen = sizeof (from->dest.addr); - socklen_t expectedlen = af_addr_size(proto_sa_family(sock->info.proto)); + socklen_t expectedlen = af_addr_size(sock->info.af); addr_zero_host(&from->dest); ASSERT (buf_safe (buf, maxsize)); #if ENABLE_IP_PKTINFO @@ -2774,7 +2793,7 @@ link_socket_write_tcp (struct link_socket *sock, #if ENABLE_IP_PKTINFO -int +size_t link_socket_write_udp_posix_sendmsg (struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to) @@ -2787,7 +2806,7 @@ link_socket_write_udp_posix_sendmsg (struct link_socket *sock, iov.iov_len = BLEN (buf); mesg.msg_iov = &iov; mesg.msg_iovlen = 1; - switch (sock->info.lsa->remote.addr.sa.sa_family) + switch (to->ai_family) { case AF_INET: { diff --git a/openvpn/src/openvpn/socket.h b/openvpn/src/openvpn/socket.h index 44f1098b..b30a1bc7 100644 --- a/openvpn/src/openvpn/socket.h +++ b/openvpn/src/openvpn/socket.h @@ -39,7 +39,7 @@ /* * OpenVPN's default port number as assigned by IANA. */ -#define OPENVPN_PORT 1194 +#define OPENVPN_PORT "1194" /* * Maximum size passed passed to setsockopt SNDBUF/RCVBUF @@ -81,6 +81,11 @@ struct openvpn_sockaddr struct link_socket_actual { /*int dummy;*/ /* add offset to force a bug if dest not explicitly dereferenced */ + int ai_family; /* PF_xxx */ + int ai_socktype; /* SOCK_xxx */ + int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ + + struct openvpn_sockaddr dest; #if ENABLE_IP_PKTINFO union { @@ -97,8 +102,10 @@ struct link_socket_actual /* IP addresses which are persistant across SIGUSR1s */ struct link_socket_addr { - struct openvpn_sockaddr local; - struct openvpn_sockaddr remote; /* initial remote */ + struct addrinfo* bind_local; + struct addrinfo* remote_list; /* complete remote list */ + struct addrinfo* current_remote; /* remote used in the + current connection attempt */ struct link_socket_actual actual; /* reply to this address */ }; @@ -110,6 +117,7 @@ struct link_socket_info const struct plugin_list *plugins; bool remote_float; int proto; /* Protocol (PROTO_x defined below) */ + sa_family_t af; /* Address family like AF_INET, AF_INET6 or AF_UNSPEC*/ int mtu_changed; /* Set to true when mtu value is changed */ }; @@ -175,13 +183,10 @@ struct link_socket /* used for long-term queueing of pre-accepted socket listen */ bool listen_persistent_queued; - /* Does config file contain any <connection> ... </connection> blocks? */ - bool connection_profiles_defined; - const char *remote_host; - int remote_port; + const char *remote_port; const char *local_host; - int local_port; + const char *local_port; bool bind_local; # define INETD_NONE 0 @@ -195,9 +200,7 @@ struct link_socket int mode; int resolve_retry_seconds; - int connect_retry_seconds; int connect_timeout; - int connect_retry_max; int mtu_discover_type; struct socket_buffer_size socket_buffer_sizes; @@ -212,6 +215,7 @@ struct link_socket # define SF_HOST_RANDOMIZE (1<<3) # define SF_GETADDRINFO_DGRAM (1<<4) unsigned int sockflags; + int mark; /* for stream sockets */ struct stream_buf stream_buf; @@ -232,7 +236,7 @@ struct link_socket #if defined(ENABLE_HTTP_PROXY) || defined(ENABLE_SOCKS) /* The OpenVPN server we will use the proxy to connect to */ const char *proxy_dest_host; - int proxy_dest_port; + const char *proxy_dest_port; #endif #if PASSTOS_CAPABILITY @@ -279,11 +283,12 @@ int socket_finalize ( struct link_socket *link_socket_new (void); void socket_bind (socket_descriptor_t sd, - struct openvpn_sockaddr *local, + struct addrinfo *local, + int af_family, const char *prefix); int openvpn_connect (socket_descriptor_t sd, - struct openvpn_sockaddr *remote, + const struct sockaddr *remote, int connect_timeout, volatile int *signal_received); @@ -293,12 +298,12 @@ int openvpn_connect (socket_descriptor_t sd, void link_socket_init_phase1 (struct link_socket *sock, - const bool connection_profiles_defined, const char *local_host, - int local_port, + const char *local_port, const char *remote_host, - int remote_port, + const char *remote_port, int proto, + sa_family_t af, int mode, const struct link_socket *accept_from, #ifdef ENABLE_HTTP_PROXY @@ -317,9 +322,7 @@ link_socket_init_phase1 (struct link_socket *sock, const char *ipchange_command, const struct plugin_list *plugins, int resolve_retry_seconds, - int connect_retry_seconds, int connect_timeout, - int connect_retry_max, int mtu_discover_type, int rcvbuf, int sndbuf, @@ -328,7 +331,7 @@ link_socket_init_phase1 (struct link_socket *sock, void link_socket_init_phase2 (struct link_socket *sock, const struct frame *frame, - volatile int *signal_received); + struct signal_info *sig_info); void socket_adjust_frame_parameters (struct frame *frame, int proto); @@ -343,14 +346,35 @@ void sd_close (socket_descriptor_t *sd); #define PS_SHOW_PKTINFO (1<<2) #define PS_DONT_SHOW_ADDR (1<<3) -const char *print_sockaddr_ex (const struct openvpn_sockaddr *addr, +const char *print_sockaddr_ex (const struct sockaddr *addr, const char* separator, const unsigned int flags, struct gc_arena *gc); +static inline +const char *print_openvpn_sockaddr_ex (const struct openvpn_sockaddr *addr, + const char* separator, + const unsigned int flags, + struct gc_arena *gc) +{ + return print_sockaddr_ex(&addr->addr.sa, separator, flags, gc); +} + +static inline +const char *print_openvpn_sockaddr (const struct openvpn_sockaddr *addr, + struct gc_arena *gc) +{ + return print_sockaddr_ex (&addr->addr.sa, ":", PS_SHOW_PORT, gc); +} + +static inline +const char *print_sockaddr (const struct sockaddr *addr, + struct gc_arena *gc) +{ + return print_sockaddr_ex (addr, ":", PS_SHOW_PORT, gc); +} + -const char *print_sockaddr (const struct openvpn_sockaddr *addr, - struct gc_arena *gc); const char *print_link_socket_actual_ex (const struct link_socket_actual *act, const char* separator, @@ -402,6 +426,9 @@ void link_socket_bad_incoming_addr (struct buffer *buf, const struct link_socket_info *info, const struct link_socket_actual *from_addr); +void set_actual_address (struct link_socket_actual* actual, + struct addrinfo* ai); + void link_socket_bad_outgoing_addr (void); void setenv_trusted (struct env_set *es, const struct link_socket_info *info); @@ -477,11 +504,8 @@ bool unix_socket_get_peer_uid_gid (const socket_descriptor_t sd, int *uid, int * #define GETADDR_TRY_ONCE (1<<7) #define GETADDR_UPDATE_MANAGEMENT_STATE (1<<8) #define GETADDR_RANDOMIZE (1<<9) - -/* [ab]use flags bits to get socktype info downstream */ -/* TODO(jjo): resolve tradeoff between hackiness|args-overhead */ -#define GETADDR_DGRAM (1<<10) -#define dnsflags_to_socktype(flags) ((flags & GETADDR_DGRAM) ? SOCK_DGRAM : SOCK_STREAM) +#define GETADDR_PASSIVE (1<<10) +#define GETADDR_DATAGRAM (1<<11) in_addr_t getaddr (unsigned int flags, const char *hostname, @@ -491,6 +515,7 @@ in_addr_t getaddr (unsigned int flags, int openvpn_getaddrinfo (unsigned int flags, const char *hostname, + const char *servname, int resolve_retry_seconds, volatile int *signal_received, int ai_family, @@ -506,21 +531,18 @@ int openvpn_getaddrinfo (unsigned int flags, */ enum proto_num { PROTO_NONE, /* catch for uninitialized */ - PROTO_UDPv4, - PROTO_TCPv4_SERVER, - PROTO_TCPv4_CLIENT, - PROTO_TCPv4, - PROTO_UDPv6, - PROTO_TCPv6_SERVER, - PROTO_TCPv6_CLIENT, - PROTO_TCPv6, + PROTO_UDP, + PROTO_TCP, + PROTO_TCP_SERVER, + PROTO_TCP_CLIENT, PROTO_N }; int ascii2proto (const char* proto_name); -const char *proto2ascii (int proto, bool display_form); +sa_family_t ascii2af (const char* proto_name); +const char *proto2ascii (int proto, sa_family_t af, bool display_form); const char *proto2ascii_all (struct gc_arena *gc); -int proto_remote (int proto, bool remote); +const char *proto_remote (int proto, bool remote); const char *addr_family_name(int af); /* @@ -545,12 +567,6 @@ datagram_overhead (int proto) */ static inline bool -legal_ipv4_port (int port) -{ - return port > 0 && port < 65536; -} - -static inline bool link_socket_proto_connection_oriented (int proto) { return !proto_is_dgram(proto); @@ -604,29 +620,65 @@ link_socket_actual_defined (const struct link_socket_actual *act) static inline bool addr_match (const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2) { - switch(a1->addr.sa.sa_family) { + switch(a1->addr.sa.sa_family) { + case AF_INET: + return a1->addr.in4.sin_addr.s_addr == a2->addr.in4.sin_addr.s_addr; + case AF_INET6: + return IN6_ARE_ADDR_EQUAL(&a1->addr.in6.sin6_addr, &a2->addr.in6.sin6_addr); + } + ASSERT(0); + return false; +} + +static inline bool +addrlist_match (const struct openvpn_sockaddr *a1, const struct addrinfo *addrlist) +{ + const struct addrinfo *curele; + for (curele = addrlist; curele; curele=curele->ai_next) { + + switch(a1->addr.sa.sa_family) { case AF_INET: - return a1->addr.in4.sin_addr.s_addr == a2->addr.in4.sin_addr.s_addr; + if (a1->addr.in4.sin_addr.s_addr == ((struct sockaddr_in*)curele->ai_addr)->sin_addr.s_addr) + return true; + break; case AF_INET6: - return IN6_ARE_ADDR_EQUAL(&a1->addr.in6.sin6_addr, &a2->addr.in6.sin6_addr); + if (IN6_ARE_ADDR_EQUAL(&a1->addr.in6.sin6_addr, &((struct sockaddr_in6*) curele->ai_addr)->sin6_addr)) + return true; + break; + default: + ASSERT(0); + } } - ASSERT(0); return false; } -static inline in_addr_t -addr_host (const struct openvpn_sockaddr *addr) +static inline bool +addrlist_port_match (const struct openvpn_sockaddr *a1, const struct addrinfo *a2) { - /* - * "public" addr returned is checked against ifconfig for - * possible clash: non sense for now given - * that we do ifconfig only IPv4 - */ - if(addr->addr.sa.sa_family != AF_INET) - return 0; - return ntohl (addr->addr.in4.sin_addr.s_addr); + const struct addrinfo *curele; + for(curele=a2;curele;curele = curele->ai_next) { + switch(a1->addr.sa.sa_family) { + case AF_INET: + if (curele->ai_family == AF_INET + && a1->addr.in4.sin_addr.s_addr == ((struct sockaddr_in*)curele->ai_addr)->sin_addr.s_addr + && a1->addr.in4.sin_port == ((struct sockaddr_in*)curele->ai_addr)->sin_port) + return true; + break; + case AF_INET6: + if (curele->ai_family == AF_INET6 + && IN6_ARE_ADDR_EQUAL(&a1->addr.in6.sin6_addr, &((struct sockaddr_in6*) curele->ai_addr)->sin6_addr) + && a1->addr.in6.sin6_port == ((struct sockaddr_in6*) curele->ai_addr)->sin6_port) + return true; + break; + default: + ASSERT(0); + } + } + return false; } + + static inline bool addr_port_match (const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2) { @@ -644,14 +696,25 @@ addr_port_match (const struct openvpn_sockaddr *a1, const struct openvpn_sockadd static inline bool addr_match_proto (const struct openvpn_sockaddr *a1, - const struct openvpn_sockaddr *a2, - const int proto) + const struct openvpn_sockaddr *a2, + const int proto) { - return link_socket_proto_connection_oriented (proto) + return link_socket_proto_connection_oriented (proto) ? addr_match (a1, a2) : addr_port_match (a1, a2); } + +static inline bool +addrlist_match_proto (const struct openvpn_sockaddr *a1, + struct addrinfo *addr_list, + const int proto) +{ + return link_socket_proto_connection_oriented (proto) + ? addrlist_match (a1, addr_list) + : addrlist_port_match (a1, addr_list); +} + static inline void addr_zero_host(struct openvpn_sockaddr *addr) { @@ -671,28 +734,15 @@ addr_copy_sa(struct openvpn_sockaddr *dst, const struct openvpn_sockaddr *src) dst->addr = src->addr; } -static inline void -addr_copy_host(struct openvpn_sockaddr *dst, const struct openvpn_sockaddr *src) -{ - switch(src->addr.sa.sa_family) { - case AF_INET: - dst->addr.in4.sin_addr.s_addr = src->addr.in4.sin_addr.s_addr; - break; - case AF_INET6: - dst->addr.in6.sin6_addr = src->addr.in6.sin6_addr; - break; - } -} - static inline bool addr_inet4or6(struct sockaddr *addr) { return addr->sa_family == AF_INET || addr->sa_family == AF_INET6; } -int addr_guess_family(int proto, const char *name); +int addr_guess_family(sa_family_t af,const char *name); static inline int -af_addr_size(unsigned short af) +af_addr_size(sa_family_t af) { switch(af) { case AF_INET: return sizeof (struct sockaddr_in); @@ -768,9 +818,9 @@ link_socket_verify_incoming_addr (struct buffer *buf, case AF_INET: if (!link_socket_actual_defined (from_addr)) return false; - if (info->remote_float || !addr_defined (&info->lsa->remote)) + if (info->remote_float || !info->lsa->remote_list) return true; - if (addr_match_proto (&from_addr->dest, &info->lsa->remote, info->proto)) + if (addrlist_match_proto (&from_addr->dest, info->lsa->remote_list, info->proto)) return true; } } @@ -812,8 +862,8 @@ link_socket_set_outgoing_addr (const struct buffer *buf, || !addr_match_proto (&act->dest, &lsa->actual.dest, info->proto)) /* address undef or address == remote or --float */ && (info->remote_float - || !addr_defined (&lsa->remote) - || addr_match_proto (&act->dest, &lsa->remote, info->proto)) + || !lsa->remote_list) + || addrlist_match_proto (&act->dest, lsa->remote_list, info->proto) ) { link_socket_connection_initiated (buf, info, act, common_name, es); @@ -937,13 +987,13 @@ link_socket_write_win32 (struct link_socket *sock, #else -static inline int +static inline size_t link_socket_write_udp_posix (struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to) { #if ENABLE_IP_PKTINFO - int link_socket_write_udp_posix_sendmsg (struct link_socket *sock, + size_t link_socket_write_udp_posix_sendmsg (struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to); @@ -957,7 +1007,7 @@ link_socket_write_udp_posix (struct link_socket *sock, (socklen_t) af_addr_size(to->dest.addr.sa.sa_family)); } -static inline int +static inline size_t link_socket_write_tcp_posix (struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to) @@ -967,7 +1017,7 @@ link_socket_write_tcp_posix (struct link_socket *sock, #endif -static inline int +static inline size_t link_socket_write_udp (struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to) diff --git a/openvpn/src/openvpn/socks.c b/openvpn/src/openvpn/socks.c index 235982e4..804c9836 100644 --- a/openvpn/src/openvpn/socks.c +++ b/openvpn/src/openvpn/socks.c @@ -55,13 +55,13 @@ void socks_adjust_frame_parameters (struct frame *frame, int proto) { - if (proto == PROTO_UDPv4) + if (proto == PROTO_UDP) frame_add_to_extra_link (frame, 10); } struct socks_proxy_info * socks_proxy_new (const char *server, - int port, + const char *port, const char *authfile, bool retry) { @@ -70,7 +70,7 @@ socks_proxy_new (const char *server, ALLOC_OBJ_CLEAR (p, struct socks_proxy_info); ASSERT (server); - ASSERT (legal_ipv4_port (port)); + ASSERT (port); strncpynt (p->server, server, sizeof (p->server)); p->port = port; @@ -389,11 +389,27 @@ recv_socks_reply (socket_descriptor_t sd, return true; } +static int +port_from_servname(const char* servname) +{ + int port =0; + port = atoi(servname); + if(port >0 && port < 65536) + return port; + + struct servent* service; + service = getservbyname(servname, NULL); + if(service) + return service->s_port; + + return 0; +} + void establish_socks_proxy_passthru (struct socks_proxy_info *p, socket_descriptor_t sd, /* already open to proxy */ const char *host, /* openvpn server remote */ - const int port, /* openvpn server port */ + const char *servname, /* openvpn server port */ volatile int *signal_received) { char buf[128]; @@ -414,6 +430,13 @@ establish_socks_proxy_passthru (struct socks_proxy_info *p, buf[4] = (char) len; memcpy(buf + 5, host, len); + int port = port_from_servname (servname); + if (port ==0) + { + msg (D_LINK_ERRORS, "establish_socks_proxy_passthrough: Cannot convert %s to port number", servname); + goto error; + } + buf[5 + len] = (char) (port >> 8); buf[5 + len + 1] = (char) (port & 0xff); @@ -425,6 +448,7 @@ establish_socks_proxy_passthru (struct socks_proxy_info *p, goto error; } } + /* receive reply from Socks proxy and discard */ if (!recv_socks_reply (sd, NULL, signal_received)) diff --git a/openvpn/src/openvpn/socks.h b/openvpn/src/openvpn/socks.h index b55ff6fb..30b957d7 100644 --- a/openvpn/src/openvpn/socks.h +++ b/openvpn/src/openvpn/socks.h @@ -42,14 +42,14 @@ struct socks_proxy_info { bool retry; char server[128]; - int port; + const char *port; char authfile[256]; }; void socks_adjust_frame_parameters (struct frame *frame, int proto); struct socks_proxy_info *socks_proxy_new (const char *server, - int port, + const char *port, const char *authfile, bool retry); @@ -58,7 +58,7 @@ void socks_proxy_close (struct socks_proxy_info *sp); void establish_socks_proxy_passthru (struct socks_proxy_info *p, socket_descriptor_t sd, /* already open to proxy */ const char *host, /* openvpn server remote */ - const int port, /* openvpn server port */ + const char *servname, /* openvpn server port */ volatile int *signal_received); void establish_socks_proxy_udpassoc (struct socks_proxy_info *p, diff --git a/openvpn/src/openvpn/ssl_polarssl.c b/openvpn/src/openvpn/ssl_polarssl.c index 6995958b..12318b33 100644 --- a/openvpn/src/openvpn/ssl_polarssl.c +++ b/openvpn/src/openvpn/ssl_polarssl.c @@ -338,7 +338,7 @@ void tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file, if (ca_file && !strcmp (ca_file, INLINE_FILE_TAG) && ca_file_inline) { - if (0 != x509parse_crt(ctx->ca_chain, ca_file_inline, strlen(ca_file_inline))); + if (0 != x509parse_crt(ctx->ca_chain, ca_file_inline, strlen(ca_file_inline))) msg (M_FATAL, "Cannot load inline CA certificates"); } else diff --git a/openvpn/src/openvpn/tun.c b/openvpn/src/openvpn/tun.c index 1b2e5822..a0754427 100644 --- a/openvpn/src/openvpn/tun.c +++ b/openvpn/src/openvpn/tun.c @@ -413,8 +413,8 @@ init_tun (const char *dev, /* --dev option */ const char *ifconfig_ipv6_local_parm, /* --ifconfig parm 1 IPv6 */ int ifconfig_ipv6_netbits_parm, const char *ifconfig_ipv6_remote_parm, /* --ifconfig parm 2 IPv6 */ - in_addr_t local_public, - in_addr_t remote_public, + struct addrinfo *local_public, + struct addrinfo *remote_public, const bool strict_warn, struct env_set *es) { @@ -468,24 +468,31 @@ init_tun (const char *dev, /* --dev option */ */ if (strict_warn) { + struct addrinfo *curele; ifconfig_sanity_check (tt->type == DEV_TYPE_TUN, tt->remote_netmask, tt->topology); /* * If local_public or remote_public addresses are defined, * make sure they do not clash with our virtual subnet. */ - - check_addr_clash ("local", + + for(curele=remote_public;curele;curele=curele->ai_next) { + if(curele->ai_family == AF_INET) + check_addr_clash ("local", tt->type, - local_public, + ((struct sockaddr_in*)curele->ai_addr)->sin_addr.s_addr, tt->local, tt->remote_netmask); + } - check_addr_clash ("remote", - tt->type, - remote_public, - tt->local, - tt->remote_netmask); + for(curele=remote_public;curele;curele=curele->ai_next) { + if(curele->ai_family == AF_INET) + check_addr_clash ("remote", + tt->type, + ((struct sockaddr_in*)curele->ai_addr)->sin_addr.s_addr, + tt->local, + tt->remote_netmask); + } if (tt->type == DEV_TYPE_TAP || (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)) check_subnet_conflict (tt->local, tt->remote_netmask, "TUN/TAP adapter"); @@ -1405,7 +1412,7 @@ close_tun_generic (struct tuntap *tt) if (tt->fd >= 0) close (tt->fd); if (tt->actual_name) - free (tt->actual_name); + free (tt->actual_name); clear_tuntap (tt); } @@ -1439,8 +1446,8 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tu msg (M_ERR, "ERROR: Cannot open TUN"); } /* Set the actual name to a dummy name to enable scripts */ - tt->actual_name = (char *) malloc(32); - strncpy(tt->actual_name, "vpnservice-tun",32); + tt->actual_name = (char *) malloc(32); + strncpy(tt->actual_name, "vpnservice-tun",32); gc_free (&gc); } diff --git a/openvpn/src/openvpn/tun.h b/openvpn/src/openvpn/tun.h index c31ac001..e7d941ab 100644 --- a/openvpn/src/openvpn/tun.h +++ b/openvpn/src/openvpn/tun.h @@ -231,8 +231,8 @@ struct tuntap *init_tun (const char *dev, /* --dev option */ const char *ifconfig_ipv6_local_parm, /* --ifconfig parm 1 / IPv6 */ int ifconfig_ipv6_netbits_parm, /* --ifconfig parm 1 / bits */ const char *ifconfig_ipv6_remote_parm, /* --ifconfig parm 2 / IPv6 */ - in_addr_t local_public, - in_addr_t remote_public, + struct addrinfo *local_public, + struct addrinfo *remote_public, const bool strict_warn, struct env_set *es); diff --git a/openvpn/src/openvpn/win32.c b/openvpn/src/openvpn/win32.c index d00088eb..2db96a8d 100644 --- a/openvpn/src/openvpn/win32.c +++ b/openvpn/src/openvpn/win32.c @@ -82,51 +82,6 @@ struct semaphore netcmd_semaphore; /* GLOBAL */ */ static char *win_sys_path = NULL; /* GLOBAL */ -/* - * Configure PATH. On Windows, sometimes PATH is not set correctly - * by default. - */ -static void -configure_win_path (void) -{ - static bool done = false; /* GLOBAL */ - if (!done) - { - FILE *fp; - fp = fopen ("c:\\windows\\system32\\route.exe", "rb"); - if (fp) - { - const int bufsiz = 4096; - struct gc_arena gc = gc_new (); - struct buffer oldpath = alloc_buf_gc (bufsiz, &gc); - struct buffer newpath = alloc_buf_gc (bufsiz, &gc); - const char* delim = ";"; - DWORD status; - fclose (fp); - status = GetEnvironmentVariable ("PATH", BPTR(&oldpath), (DWORD)BCAP(&oldpath)); -#if 0 - status = 0; -#endif - if (!status) - { - *BPTR(&oldpath) = '\0'; - delim = ""; - } - buf_printf (&newpath, "C:\\WINDOWS\\System32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem%s%s", - delim, - BSTR(&oldpath)); - SetEnvironmentVariable ("PATH", BSTR(&newpath)); -#if 0 - status = GetEnvironmentVariable ("PATH", BPTR(&oldpath), (DWORD)BCAP(&oldpath)); - if (status > 0) - printf ("PATH: %s\n", BSTR(&oldpath)); -#endif - gc_free (&gc); - done = true; - } - } -} - void init_win32 (void) { @@ -907,53 +862,41 @@ openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned i { if (openvpn_execve_allowed (flags)) { - if (script_method == SM_EXECVE) - { - struct gc_arena gc = gc_new (); - STARTUPINFOW start_info; - PROCESS_INFORMATION proc_info; - - char *env = env_block (es); - WCHAR *cl = wide_cmd_line (a, &gc); - WCHAR *cmd = wide_string (a->argv[0], &gc); - - CLEAR (start_info); - CLEAR (proc_info); - - /* fill in STARTUPINFO struct */ - GetStartupInfoW(&start_info); - start_info.cb = sizeof(start_info); - start_info.dwFlags = STARTF_USESHOWWINDOW; - start_info.wShowWindow = SW_HIDE; - - if (CreateProcessW (cmd, cl, NULL, NULL, FALSE, 0, env, NULL, &start_info, &proc_info)) - { - DWORD exit_status = 0; - CloseHandle (proc_info.hThread); - WaitForSingleObject (proc_info.hProcess, INFINITE); - if (GetExitCodeProcess (proc_info.hProcess, &exit_status)) - ret = (int)exit_status; - else - msg (M_WARN|M_ERRNO, "openvpn_execve: GetExitCodeProcess %S failed", cmd); - CloseHandle (proc_info.hProcess); - } - else - { - msg (M_WARN|M_ERRNO, "openvpn_execve: CreateProcess %S failed", cmd); - } - free (env); - gc_free (&gc); - } - else if (script_method == SM_SYSTEM) - { - configure_win_path (); - ret = openvpn_system (argv_system_str (a), es, flags); - } - else - { - ASSERT (0); - } - } + struct gc_arena gc = gc_new (); + STARTUPINFOW start_info; + PROCESS_INFORMATION proc_info; + + char *env = env_block (es); + WCHAR *cl = wide_cmd_line (a, &gc); + WCHAR *cmd = wide_string (a->argv[0], &gc); + + CLEAR (start_info); + CLEAR (proc_info); + + /* fill in STARTUPINFO struct */ + GetStartupInfoW(&start_info); + start_info.cb = sizeof(start_info); + start_info.dwFlags = STARTF_USESHOWWINDOW; + start_info.wShowWindow = SW_HIDE; + + if (CreateProcessW (cmd, cl, NULL, NULL, FALSE, 0, env, NULL, &start_info, &proc_info)) + { + DWORD exit_status = 0; + CloseHandle (proc_info.hThread); + WaitForSingleObject (proc_info.hProcess, INFINITE); + if (GetExitCodeProcess (proc_info.hProcess, &exit_status)) + ret = (int)exit_status; + else + msg (M_WARN|M_ERRNO, "openvpn_execve: GetExitCodeProcess %S failed", cmd); + CloseHandle (proc_info.hProcess); + } + else + { + msg (M_WARN|M_ERRNO, "openvpn_execve: CreateProcess %S failed", cmd); + } + free (env); + gc_free (&gc); + } else if (!exec_warn && (script_security < SSEC_SCRIPTS)) { msg (M_WARN, SCRIPT_SECURITY_WARNING); diff --git a/openvpn/version.m4 b/openvpn/version.m4 index 161462e5..1ea1c32f 100644 --- a/openvpn/version.m4 +++ b/openvpn/version.m4 @@ -1,7 +1,7 @@ dnl define the OpenVPN version define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_TARNAME], [openvpn]) -define([PRODUCT_VERSION], [2.3_beta1]) +define([PRODUCT_VERSION], [2.3_master]) define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) define([PRODUCT_VERSION_RESOURCE], [2,3,0,0]) dnl define the TAP version diff --git a/project.properties b/project.properties index 730e911f..c4f09d2b 100644 --- a/project.properties +++ b/project.properties @@ -8,4 +8,4 @@ # project structure. # Project target. -target=android-14 +target=android-17 diff --git a/res/layout/faq.xml b/res/layout/faq.xml index c4fd57f0..959e82a5 100644 --- a/res/layout/faq.xml +++ b/res/layout/faq.xml @@ -37,7 +37,7 @@ android:text="@string/battery_consumption_title" /> <TextView - android:id="@+id/faq_battery" + android:id="@+id/baterry_consumption" style="@style/faqitem" /> <TextView @@ -50,6 +50,14 @@ <TextView style="@style/faqhead" + android:text="@string/vpn_tethering_title" /> + + <TextView + style="@style/faqitem" + android:id="@+id/faq_tethering" /> + + <TextView + style="@style/faqhead" android:text="@string/faq_security_title" /> <TextView @@ -61,7 +69,7 @@ android:text="@string/broken_images" /> <TextView - android:id="@+id/brokenimages" + android:id="@+id/broken_images_faq" style="@style/faqitem" /> <TextView diff --git a/res/menu/logmenu.xml b/res/menu/logmenu.xml index 4b55e73b..bb810df0 100644 --- a/res/menu/logmenu.xml +++ b/res/menu/logmenu.xml @@ -1,6 +1,5 @@ <?xml version="1.0" encoding="utf-8"?>
<menu xmlns:android="http://schemas.android.com/apk/res/android" >
-
<item
android:id="@+id/clearlog"
android:icon="@drawable/ic_menu_trash_holo_light"
@@ -19,17 +18,18 @@ android:showAsAction="ifRoom|withText"
android:title="@string/show_connection_details"
android:titleCondensed="@string/info"/>
+
<item
android:id="@+id/send"
android:icon="@android:drawable/ic_menu_share"
android:showAsAction="ifRoom|withText"
android:title="@string/send_logfile"
android:titleCondensed="@string/send"/>
- <item
+ <item
android:id="@+id/edit_vpn"
android:alphabeticShortcut="e"
android:icon="@android:drawable/ic_menu_edit"
android:showAsAction="withText|ifRoom"
android:title="@string/edit_vpn"/>
-
+
</menu>
\ No newline at end of file diff --git a/res/values-ca/arrays.xml b/res/values-ca/arrays.xml new file mode 100755 index 00000000..9cb9ead4 --- /dev/null +++ b/res/values-ca/arrays.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<!--Generated by crowdin.net--> +<resources> + <string-array name="vpn_types"> + <item>Certificats</item> + <item>Fitxer PKCS12</item> + <item>Certificat Android</item> + <item>Usuari/Contrasenya</item> + <item>Claus Estàtiques</item> + <item>Usuari/Con + Certificats</item> + <item>Usuari/Con + PKCS12 </item> + <item>Usuari/Con + Android</item> + </string-array> + <string-array name="tls_directions_entries"> + <item>0</item> + <item>1</item> + <item>Sense especificar</item> + </string-array> + <string-array name="verb_entries"> + <item>0 - Sense registre</item> + <item>1 - Registre per defecte</item> + <item>2 - Registre extens</item> + <item>3</item> + <item>4</item> + <item>5 - Registre de depuració</item> + </string-array> +</resources> diff --git a/res/values-ca/strings.xml b/res/values-ca/strings.xml new file mode 100755 index 00000000..f2d18c0f --- /dev/null +++ b/res/values-ca/strings.xml @@ -0,0 +1,146 @@ +<?xml version="1.0" encoding="utf-8"?> +<!--Generated by crowdin.net--> +<resources> + <string name="app">OpenVPN per Android</string> + <string name="address">Adreá del servidor:</string> + <string name="port">Port del servidor:</string> + <string name="location">Lloc</string> + <string name="cant_read_folder">No es pot llegir la carpeta!</string> + <string name="select">Selecciona</string> + <string name="cancel">Cancel·la</string> + <string name="no_data">Sense informació</string> + <string name="useLZO">Compresió LZO</string> + <string name="client_no_certificate">Sense Certificat</string> + <string name="client_certificate_title">Certificat Client</string> + <string name="client_key_title">Clau del certificat client</string> + <string name="client_pkcs12_title">Fitxer PKCS12</string> + <string name="ca_title">Certificat CA</string> + <string name="no_certificate">Res seleccionat</string> + <string name="copyright_guicode">Codi font i gestor d\'incidències disponible a http://code.google.com/p/ics-openvpn/ </string> + <string name="copyright_others">Aquest programa utiltiza els components següents. Mireu el codi font per a més detalls</string> + <string name="about">Quan a</string> + <string name="about_summary">Quan a OpenVPN per Android</string> + <string name="vpn_list_summary">Llista de VPNs configurades</string> + <string name="vpn_list_title">Perfils VPN</string> + <string name="vpn_type">Tipus</string> + <string name="pkcs12pwquery">Contrasenya PKCS12</string> + <string name="file_select">Selecciona...</string> + <string name="file_nothing_selected">Res seleccionat</string> + <string name="useTLSAuth">Utiltiza autenticació TLS</string> + <string name="tls_direction">Direcció TLS</string> + <string name="ipv6_dialog_tile">Introduïu l\'adreça/mascara de xarxa IPv6 en format CIDR Format (e.g. 2000:dd::23/64)</string> + <string name="ipv4_dialog_title">Introduïu l\'adreça/mascara de xarxa IPv4 en format CIDR (e.g. 1.2.3.4/24)</string> + <string name="ipv4_address">Adreça IPv4</string> + <string name="ipv6_address">Adreça IPv6</string> + <string name="custom_option_warning">Introduiu opcions personalitzades de OpenVPN. Utilitzeu amb cura. Alguns de les configuracions de OpenVPN pot ser que no estiguin suportadse pel diseny de VPNSettings. Si trobeu en falta alguna acció important contacteu l\'autor.</string> + <string name="auth_username">Usuari</string> + <string name="auth_pwquery">Contrasenya</string> + <string name="static_keys_info">Per la configuració estàtica les claus d\'autenticació TLS s\'utiltizaran com a claus estàtiques.</string> + <string name="configure_the_vpn">Configura la VPN</string> + <string name="menu_add_profile">Afegeix un perfil</string> + <string name="add_profile_name_prompt">Introduïu un nom identificant el perfil</string> + <string name="duplicate_profile_name">Nom del perfil duplicat</string> + <string name="profilename">Nom del perfil</string> + <string name="no_keystore_cert_selected">No s\'ha seleccionat un certificat d\'usuari.</string> + <string name="no_error_found">No s\'ha trobat cap error</string> + <string name="config_error_found">S\'ha trobat un error a la configuració</string> + <string name="ipv4_format_error">No es pot parsejar l\'adreça IPv4</string> + <string name="custom_route_format_error">No es poden parsejar les rutes personalitzades</string> + <string name="pw_query_hint">Deixeu en blan per consultes sota demanda</string> + <string name="vpn_shortcut">Acces directe de OpenVPN</string> + <string name="vpn_launch_title">Conecta a la VPN</string> + <string name="shortcut_profile_notfound">No s\'ha trobat el perfil especificat a l\'accès directe</string> + <string name="random_host_prefix">Prefix aleatoria del host</string> + <string name="route_rejected">La ruta ha estat refusas per Android</string> + <string name="cancel_connection">Desconecta</string> + <string name="clear_log">Neteja el registre</string> + <string name="title_cancel">Cancela la confirmació</string> + <string name="cancel_connection_query">Desconcta la conexió VPN/cancela l\'intent de conexió?</string> + <string name="remove_vpn">Eliminar VPN</string> + <string name="dns">DNS</string> + <string name="dns1_summary">Servidor DNS a utilitzar.</string> + <string name="dns_server">Servidor DNS</string> + <string name="default_route_summary">Redirecciona tot el trafic a través de la VPN</string> + <string name="use_default_title">Utilitza la ruta per defecte</string> + <string name="custom_routes_title">Rutes personalitzadse</string> + <string name="log_verbosity_level">Nivell de detall del registre</string> + <string name="custom_options_title">Opcions personalitzades</string> + <string name="edit_vpn">Edita la configuració VPN</string> + <string name="remove_vpn_query">Elimina el perfil VPN %s?</string> + <string name="error">"Error: "</string> + <string name="clear">Neteja</string> + <string name="info">info</string> + <string name="show_connection_details">Mostra els detalls de conexió</string> + <string name="dns_server_info">Servidor DNS: %s</string> + <string name="dns_domain_info">Domini DNS: %s</string> + <string name="routes_info">Rutes: %s</string> + <string name="routes_info6">Rutes IPv6: %s</string> + <string name="send_logfile">Envia el fitxer de registre</string> + <string name="send">Envia</string> + <string name="ics_openvpn_log_file">Fitxer de registre de ICS OpenVPN</string> + <string name="copied_entry">S\'ha copiat l\'entrada al porta-retalls</string> + <string name="tap_mode">Mode Tap</string> + <string name="faq_tap_mode">No es pot utiltizar el mode tap amb la api no rootejada. L\'aplicació no suporta tap</string> + <string name="faq">FAQ</string> + <string name="faq_summary">Preguntes frequents</string> + <string name="copying_log_entries">Copiant entrades de registre</string> + <string name="faq_shortcut">Acces directe per inciar</string> + <string name="encryption">Encriptació</string> + <string name="cipher_dialog_title">Introduïu el mètode d\'encriptació</string> + <string name="settings_auth">Autentificació/Encriptació</string> + <string name="file_explorer_tab">Explorador de fitxers</string> + <string name="inline_file_tab">Fitxer en linea</string> + <string name="import_file">Importa</string> + <string name="error_importing_file">Error important el fitxer</string> + <string name="import_error_message">No s\'ha pogut importar el fitxer del sistema de fitxers</string> + <string name="inline_file_data">[[Inline file data]]</string> + <string name="menu_import">Importa el perfil d\'un fitxer ovpn</string> + <string name="menu_import_short">Importa</string> + <string name="import_content_resolve_error">No s\'ha pogut llegir el fitxer a importar</string> + <string name="error_reading_config_file">Error llegint el fitxer de configuració</string> + <string name="add_profile">afegir un Perfil</string> + <string name="import_done">S\'ha llegit el fitxer de configuració.</string> + <string name="import_vpn">Importa</string> + <string name="ipv4">IPv4</string> + <string name="ipv6">IPv6</string> + <string name="speed_waiting">Esperant el missatge d\'estat...</string> + <string name="converted_profile">Perfil importat</string> + <string name="converted_profile_i">Perfil importat %d</string> + <string name="broken_images">Imatges trencades</string> + <string name="private_key_password">Contrasenya de la clau privada</string> + <string name="password">Contrasenya</string> + <string name="file_icon">Icona del fitxer</string> + <string name="tls_authentication">Autentificació TLS</string> + <string name="generated_config">Configuració generada</string> + <string name="generalsettings">Configuració General</string> + <string name="owner_fix">Corregir els permisos de /dev/tun</string> + <string name="generated_config_summary">Mostra el fitxer de configuració d\'OpenVPN generat</string> + <string name="edit_profile_title">Editant \"%s\"</string> + <string name="building_configration">Construint la configuració...</string> + <string name="netchange">Reconecta al canviar de xarxa</string> + <string name="netstatus">Estat de la xarxa %s</string> + <string name="select_file">Selecciona</string> + <string name="show_log_window">Mostra la finestra de registre</string> + <string name="keepstatus">Mostra les estadístiques de trafic</string> + <string name="translationby">Traducció al catala per Sergi Almacellas +<sergi@koolpi.com></string> + <string name="ipdns">IP i DNS</string> + <string name="basic">Bàsic</string> + <string name="routing">Ruting</string> + <string name="advanced">Avançat</string> + <string name="faq_howto_title">Inici rapid</string> + <string name="using_proxy">Utilitzant el proxy %1$s %2$d</string> + <string name="use_system_proxy">Utiliza el proxy del sistema</string> + <string name="onbootrestart">Torna a conectar al reiniciar</string> + <string name="ignore">Ignorar</string> + <string name="restart">Reinicia</string> + <string name="restart_vpn_after_change">Els canvis de configuració s\'apliquen desprès de reinicar la VPN. (Re)inicar la VPN ara?</string> + <string name="configuration_changed">S\'ha canviat la configuració</string> + <string name="faq_duplicate_notification_title">Notificacions duplicades</string> + <string name="no_vpn_profiles_defined">No s\'han definit cap perfil.</string> + <string name="faq_routing_title">Configuració del Ruting/Interficies</string> + <string name="translation">Traducció</string> + <string name="openvpn_log">Registre OpenVPN</string> + <string name="import_config">Importa la configuració OpenVPN</string> + <string name="battery_consumption_title">Consum de la bateria</string> +</resources> diff --git a/res/values-cs/strings.xml b/res/values-cs/strings.xml index 4ba3c4f3..23b77358 100755 --- a/res/values-cs/strings.xml +++ b/res/values-cs/strings.xml @@ -5,7 +5,7 @@ <string name="address">Adresa serveru:</string> <string name="port">Port serveru:</string> <string name="location">Lokace</string> - <string name="cant_read_folder">adresář nelze číst!</string> + <string name="cant_read_folder">Nelze přečíst adresář</string> <string name="select">Zvolit</string> <string name="cancel">Storno</string> <string name="no_data">Žádná data</string> @@ -15,9 +15,9 @@ <string name="client_key_title">Klientský klíč</string> <string name="client_pkcs12_title">PKCS12 soubor</string> <string name="ca_title">CA certifikát</string> - <string name="no_certificate">Nic nezvoleno</string> - <string name="copyright_guicode">Zdrojové kódy a podpora je k dispozici na http://code.google.com/p/ics-openvpn/ </string> - <string name="copyright_others">Program používá následující komponenty. Detaily jsou k dispozici ve zdrojových kódech</string> + <string name="no_certificate">Je třeba vybrat certifikát</string> + <string name="copyright_guicode">Zdrojové kódy a seznam problémů je na http://code.google.com/p/ics-openvpn/</string> + <string name="copyright_others">Tento program používá následující komponenty; viz zdrojový kód pro detaily o licenci</string> <string name="about">O programu</string> <string name="about_summary">O programu OpenVPN pro Android</string> <string name="vpn_list_summary">Seznam všech nakonfigurovaných VPN</string> @@ -25,28 +25,28 @@ <string name="vpn_type">Typ</string> <string name="pkcs12pwquery">PKCS12 heslo</string> <string name="file_select">Vyber…</string> - <string name="file_nothing_selected">Nic nevybráno</string> + <string name="file_nothing_selected">Je třeba vybrat soubor</string> <string name="useTLSAuth">Použij TLS</string> <string name="tls_direction">TLS řízení</string> <string name="ipv6_dialog_tile">Zadej IPv6 adresu/masku v CIDR formátu (tj. 2000:dd::23/64)</string> <string name="ipv4_dialog_title">Zadej IPv4 adresu/masku v CIDR formátu (tj. 1.2.3.4/24)</string> <string name="ipv4_address">IPv4 adresa</string> <string name="ipv6_address">IPv6 adresa</string> - <string name="custom_option_warning">Zadej vlastní OpenVPN volby. Používej opatrně. Měj na paměti, že většina voleb pro tun nemůže být podporována kvůli designu komponenty VPNSettings. Pokud si myslíš, že chybí důležitá vlastnost, kontaktuj autora</string> + <string name="custom_option_warning">Zadat vlastní nastavení. Používat opatrně. Poznámka, mnoho voleb okolo tun adaptéru nemůže být podporováno. Pokud si myslíte, že chybí podstatná volba, kontaktujte autora</string> <string name="auth_username">Jméno</string> <string name="auth_pwquery">Heslo</string> - <string name="static_keys_info">Pro statickou konfiguraci, TLS klíč bude použit jako statický klíč.</string> + <string name="static_keys_info">Pro statickou konfiguraci bude jako klíč použit autentizační klíč TLS</string> <string name="configure_the_vpn">Konfigurace VPN</string> <string name="menu_add_profile">Přidat profil</string> <string name="add_profile_name_prompt">Zadej jméno identifikující nový profil</string> - <string name="duplicate_profile_name">Duplikátní jméno profilu</string> + <string name="duplicate_profile_name">Zadej prosím unikátní jméno profilu</string> <string name="profilename">Jméno profilu</string> - <string name="no_keystore_cert_selected">Není zvolen uživatelský certifikát.</string> + <string name="no_keystore_cert_selected">Je třeba vybrat uživatelský certifikát</string> <string name="no_error_found">Bez chyb</string> <string name="config_error_found">Chyba v konfiguraci</string> - <string name="ipv4_format_error">Chyba při čtení IPv4 adresy</string> - <string name="custom_route_format_error">Chyba při čtení vlastního směrování</string> - <string name="pw_query_hint">Nech prázdné pro zadávání až bude potřeba</string> + <string name="ipv4_format_error">Chyba při zpracování IPv4 adresy</string> + <string name="custom_route_format_error">Chyba při zpracování vlastního směrování</string> + <string name="pw_query_hint">(nechej prázdné pro dotazování, až bude potřeba)</string> <string name="vpn_shortcut">OpenVPN zkratka</string> <string name="vpn_launch_title">Připojit k VPN</string> <string name="shortcut_profile_notfound">Profil zvolený ve zkratce nenalezen</string> @@ -90,9 +90,9 @@ <string name="float_title">Povol plovoucí server</string> <string name="custom_options_title">Vlastní nastavení</string> <string name="edit_vpn">Změnit nastavení VPN</string> - <string name="remove_vpn_query">Odstranit VPN profil %s?</string> + <string name="remove_vpn_query">Odstranit VPN profil \'%s\'?</string> <string name="tun_error_helpful">Na některých ICS systémech může být oprávnění pro /dev/tun špatně nastavené, nebo tun modul může zcela chybět. Pro systém s CM9 zkus využít opravy vlastnictví v obecném nastavení</string> - <string name="tun_open_error">Otvírání tun irozhraní selhalo.</string> + <string name="tun_open_error">Chyba při otvírání tun zařízení</string> <string name="error">"Chyba: "</string> <string name="clear">Vymazat</string> <string name="info">info</string> @@ -106,7 +106,7 @@ <string name="ip_not_cidr">Získány informace o rozhraní %1$s a %2$s, předpokládám, že druhá adresa je adresa vzdáleného kolegy. Používám /32 masku pro místní IP adresu. Mód OpenVPN je \"%3$s\".</string> <string name="route_not_cidr">%1$s a %2$s jako IP adresy s CIDR maskou nedávají smysl, používám /32 jako masku.</string> <string name="route_not_netip">Směrování opraveno z %1$s/%2$s na %3$s/%2$s</string> - <string name="keychain_access">Nemohu přistoupit k Androidímu úložišti certifikátů. (To může být způsobeno aktualizací firmwaru nebo obnovením zálohy aplikace/nastavení.) Prosím, uprav nastavení VPN a znovu zvol certifikát pro znovu vytvoření oprávnění pro přístup k cerifikátu.</string> + <string name="keychain_access">Nelze přistoupit k Androidímu úložišti certifikátů. To může být způsobeno aktualizací firmwaru nebo obnovováním aplikace a jejího nastavení ze zálohy. Uprav VPN profil a znovu vyber certifikát pro vytvoření patřičných povolení.</string> <string name="version_info">%1$s %2$s</string> <string name="send_logfile">Odeslat soubor s logem</string> <string name="send">Odeslat</string> @@ -114,15 +114,15 @@ <string name="copied_entry">Záznam z logu zkopírován do schránky</string> <string name="tap_mode">Tap mód</string> <string name="faq_tap_mode">Tap mód není možný bez rootovského VPN API, proto tato aplikace nemá podporu pro tap</string> - <string name="tap_faq2">Znovu? Tap mód opravdu nemůže být podporová a proto posílání mailů nemůže pomoci.</string> - <string name="tap_faq3">Potřetí? No, někdo by mohl napsat emulátor tap rozhraní pomocí tun, který by přidal informace na druhé vrstvě. Ale tahle emulace by musela mít i podporu pro ARP a DHCP. Nejsem si vědom, že by někdo dělal něco podobného. Napiš mi, pokud bys chtěl něco podobného naprogramovat.</string> + <string name="tap_faq2">Opět? Děláš si srandu? Ne, tap mód opravdu není podporován a další maily na tom nic nezmění.</string> + <string name="tap_faq3">Potřetí? Ve skutečnosti, šlo by napsat emulátor tap zařizení pomocí tun, které by patřičně zpracovávalo informace z druhé vrstvy. Ale tento emulátor by také musel implementovat ARP a DHCP. Nejsem si vědom, že by někdo tímto směrem něco podnikl. Kontaktuj mne, pokud máš zájem toto naprogramovat.</string> <string name="faq">FAQ</string> <string name="faq_summary">Často kladené otázky a nějaké rady</string> <string name="copying_log_entries">Kopírování záznamů z logu</string> <string name="faq_copying">Pro zkopírování jednoho záznamu stačí dlouze zmáčknout požadovaný záznam. Pro zkopírování/odeslání celého logu použij možnost Odeslat soubor s logem. Pokud není tlačítko viditené v uživatelském rozhraní, zkus použít to hardwarové.</string> <string name="faq_shortcut">Zkratka na spuštění</string> <string name="faq_howto_shortcut">Je možné přidat zkratku pro spuštění konkrétní VPN na domovskou obrazovku.</string> - <string name="no_vpn_support_image">Tvúj systém nepodporuje VPNService API, je mi líto :(</string> + <string name="no_vpn_support_image">Tvůj obrázek není podporovaný rozhraním VPNService, je mi líto :-(</string> <string name="encryption">Šifrování</string> <string name="cipher_dialog_title">Zadej šifrovací metodu</string> <string name="chipher_dialog_message">Zadej šifru pro OpenVPN. Nech prázdné pro výchozí šifru</string> @@ -142,7 +142,7 @@ <string name="trying_to_read">Snažim se přečíst soubor: %1$s</string> <string name="import_could_not_open">Nemohu najít soubor %1$s zmiňovaný v importovaném profilu</string> <string name="importing_config">Importuji nastavení z %1$s</string> - <string name="import_warning_custom_options">Tvoje konfigurace obsahuje několik dalších nastavení, které jsem přečetl. Jsou přidány jako další vlastní nastavení. Toto nastavení je zobrazeno níže:</string> + <string name="import_warning_custom_options">Tvé nastavení obsahuje několik položek, které se nepodařilo zpracovat. Tyto položky byly přidány jako vlastní nastavení. Vlastní nastavení je zobrazeno níže:</string> <string name="import_done">Dočetl jsem konfigurační soubor.</string> <string name="nobind_summary">Nevázat se k místní adrese a portu</string> <string name="no_bind">Nesvazovat se</string> @@ -172,7 +172,7 @@ <string name="generated_config_summary">Zobrazí vygenerované nastavení OpenVPN</string> <string name="edit_profile_title">Úprava \"%s\"</string> <string name="building_configration">Vytvářím konfiguraci…</string> - <string name="netchange_summary">Zapnutí tohoto nastavení vynutí opětovné připojení, pokud se změní stav sítě (WIFI na mobilní nebo zpět)</string> + <string name="netchange_summary">Zapnutím této volby bude vynuceno opětovné připojení, pokud se změní stav sítě (např. z WiFi na mobilní síť a zpět)</string> <string name="netchange">Opětovně připojit při změně sítě</string> <string name="cert_from_keystore">Získán certifikát \'%s\' z úložiště</string> <string name="netstatus">Stav sítě: %s</string> @@ -224,4 +224,18 @@ <string name="faq_routing">Směrování a rozhraní není nastavováno tradičním ifconfig/route způsobem, ale použitím VPNService API. Výsledkem je odlišný způsob směrování než na jiných operační systémech. Nastavení sestává pouze z IP tunelového rozhraní a sítě, která má být směrována skrz tento interface. Speciálně, žádná adresa partnera nebo brány není potřeba. Zvláštní směrování pro připojení k VPN serveru (například při poušití direktivy redirect-gateway) také nejsou potřeba. Aplikace bude tato nastavení při importu ignorovat. Aplikace zajišťuje ve spojení s VPNService API, že připojení k serveru nejde skrz tunel. Protože je podporované jen nastavení sítí, které jsou směrované skrz tunel, nelze podporovat nastavení extra sítí, které skrz runel nejdou (např route x.x.x.x y.y.y.y net_gateway). V okně s logem je možné zobrazit současné nastavení VPNService.</string> <string name="persisttun_summary">Nevracej se ke spojení mimo VPN, zatímco se OpenVPN připojuje.</string> <string name="persistent_tun_title">Trvalý tun</string> + <string name="translation">Překlad</string> + <string name="openvpn_log">OpenVPN Log</string> + <string name="import_config">Importovat OpenVPN nastavení</string> + <string name="battery_consumption_title">Spotřeba baterie</string> + <string name="baterry_consumption">V testech se jako hlavní důvod vysoké spotřeby baterie ukázaly keepalive pakety. Většina OpenVPN serverů má v konfiguraci něco jako \'keepalive 10 60\', což znamená posílání paketů každých deset vteřin. <p> Tyto pakety jsou malé a neznamenají velký provoz, ale udržují mobilní síť aktivní a zvyšují spotřebu energie. <p> Toto nastavení nelze změnit na klientské straně. Jen administrátor OpenVPN může toto nastavení změnit. <p> Bohužel používání keepalive hodnot větších než 60 vteřin spolu s UDP může způsobovat problémy s některými NATy, které ukončují po krátkém čase spojení. Použití TCP s dlouhým keepalive funguje, ale má problém \"TCP přes TCP\" (Viz <a href=\"http://sites.inka.de/bigred/devel/tcp-tcp.html\">Proč je TCP přes TCP špatný nápad</a>)</string> + <string name="faq_tethering">Androidí funkce tetheringu (přes WiFi, USB, nebo Bluetooth) a VPService API (používané tímto programem) spolu nepracují. Více detailů viz <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=34\">problém #34</a></string> + <string name="vpn_tethering_title">VPN a tethering</string> + <string name="connection_retries">Opakování připojení</string> + <string name="reconnection_settings">Nastavení obnovení</string> + <string name="connectretrymessage">Počet vteřin mezi pokusy o připojení.</string> + <string name="connectretrywait">Vteřin mezi připojeními</string> + <string name="minidump_generated">OpenVPN neočekávaně havarovalo. Zvaž možnost použití volby poslat Minidump z hlavního menu</string> + <string name="send_minidump">Poslat Minidump vývojáři</string> + <string name="send_minidump_summary">Poslat ladící informace o poslední havárii vývojáři</string> </resources> diff --git a/res/values-de/strings.xml b/res/values-de/strings.xml index b03f0238..8bca3e9c 100755 --- a/res/values-de/strings.xml +++ b/res/values-de/strings.xml @@ -15,7 +15,7 @@ <string name="client_key_title">Clientzertifikatsschlüssel</string> <string name="client_pkcs12_title">PKCS12 Datei</string> <string name="ca_title">CA Zertifikat</string> - <string name="no_certificate">Nichts ausgewählt</string> + <string name="no_certificate">Kein Zertifikat ausgewählt</string> <string name="copyright_guicode">Quellcode und Iusse Tracker unter http://code.google.com/p/ics-openvpn/ verfügbar</string> <string name="copyright_others">Dieses Programm nutzt die folgenden Komponenten. Die kompletten Lizenzdetails sind im Quelltext verfügbar</string> <string name="about">Über</string> @@ -32,21 +32,21 @@ <string name="ipv4_dialog_title">Tragen Sie die IPv4 Adresse und Netzmaske im CIDR Format ein (z.B. 1.2.3.4/24)</string> <string name="ipv4_address">IPv4 Adresse</string> <string name="ipv6_address">IPv6 Adresse</string> - <string name="custom_option_warning">Tragen Sie eigene OpenVPN Optionen ein. Beachten Sie, dass einige (vor allem tun spezifische) Optionen von der Android Version nicht unterstützt werden können. Wenn Sie denken, dass eine wichtige Option fehlt, kontaktieren Sie den Autor.</string> + <string name="custom_option_warning">Tragen Sie eigene OpenVPN Optionen ein. Beachten Sie, dass einige (vor allem tun spezifische) Optionen von der Android Version nicht unterstützt werden können. Wenn Sie denken, dass eine wichtige Option fehlt, kontaktieren Sie den Autor</string> <string name="auth_username">Benutzername</string> <string name="auth_pwquery">Passwort</string> - <string name="static_keys_info">Für die statische Konfiguration werden die TLS Auth Schlüssel als statische Schlüssel benutzt.</string> + <string name="static_keys_info">Für die statische Konfiguration werden die TLS Auth Schlüssel als statische Schlüssel benutzt</string> <string name="configure_the_vpn">VPN konfigurieren</string> <string name="menu_add_profile">Profil hinzufügen</string> <string name="add_profile_name_prompt">Geben Sie einen Namen für das neue Profil an</string> - <string name="duplicate_profile_name">Doppelter Profilname</string> + <string name="duplicate_profile_name">Doppelter Profilname, bitte vergeben Sie einen eindeutigen Profilnamen.</string> <string name="profilename">Profilname</string> - <string name="no_keystore_cert_selected">Kein Benutzerzertifikat ausgewählt.</string> + <string name="no_keystore_cert_selected">Kein Benutzerzertifikat ausgewählt</string> <string name="no_error_found">Kein Fehler.</string> <string name="config_error_found">Fehler in der Konfiguration</string> <string name="ipv4_format_error">Kann die die IPv4 Adresse nicht parsen</string> - <string name="custom_route_format_error">Kann die Routen nicht parsen</string> - <string name="pw_query_hint">Password nicht speichern</string> + <string name="custom_route_format_error">Kann die manuell angegeben Routen nicht parsen</string> + <string name="pw_query_hint">(Leer lassen um nicht zu speichern)</string> <string name="vpn_shortcut">OpenVPN Verknüpfung</string> <string name="vpn_launch_title">VPN verbinden</string> <string name="shortcut_profile_notfound">Von der Verknüpfung referenziertes Profil konnte nicht gefunden werden</string> @@ -90,9 +90,9 @@ <string name="float_title">Erlaube floating Server</string> <string name="custom_options_title">Eigene Optionen</string> <string name="edit_vpn">Ändere VPN Einstellungen</string> - <string name="remove_vpn_query">VPN %s löschen?</string> + <string name="remove_vpn_query">VPN Profile \'%s\' löschen?</string> <string name="tun_error_helpful">Auf manchen ROM Version sind eventuell die Zugriffsrechte von /dev/tun falsch oder das tun Kernel Modul fehlt. Für Cyanogenmod 9 ROMs mit root gibt einen provisorischen Fix in den generellen Einstellungen.</string> - <string name="tun_open_error">Das Öffnen des tun Interfaces ist katastrophal gescheitert.</string> + <string name="tun_open_error">Das Öffnen des tun Interfaces ist katastrophal gescheitert</string> <string name="error">"Fehler: "</string> <string name="clear">Clear</string> <string name="info">Info</string> @@ -114,7 +114,7 @@ <string name="copied_entry">Log Eintrag in die Zwischenablage kopiert</string> <string name="tap_mode">Tap Mode</string> <string name="faq_tap_mode">Die VPN API von Android, die ohne rooten des Telefons funktioniert, unterstützt nur den tun Modus. Das Unterstützen des Tap Modus ist daher nicht möglich.</string> - <string name="tap_faq2">Die gleiche Frage nochmal? Meinen Sie das ernst? Ohne root kann tap wirklich nicht unterstützt werden. Emails an mich mit der Frage wann tap unterstützt wird, helfen hier kein Stück</string> + <string name="tap_faq2">Die gleiche Frage nochmal? Meinen Sie das ernst? Ohne root kann tap wirklich nicht unterstützt werden. Emails an mich mit der Frage wann tap unterstützt wird, helfen hier kein Stück.</string> <string name="tap_faq3">Ein drittes Mal? Nun gut, theoretisch kann tap mit einem tun Gerät emuliert werden. Dieser tap Emulator müsste die Layer 2 Informationen beim Senden hinzufügen und beim Empfangen wieder entfernen. Zusätzlich muss noch ARP und sinnvollerweise auch ein DHCP Client implementiert werden. Mir ist niemand bekannt, der etwas in diese Richtung unternimmt. Kontaktieren Sie mich, wenn Sie etwas in dies implementieren wollen.</string> <string name="faq">FAQ</string> <string name="faq_summary">häufig gestellte Fragen und Hinweise</string> @@ -172,7 +172,7 @@ <string name="generated_config_summary">Zeigt die generierte Konfigurationsdatei</string> <string name="edit_profile_title">Editiere \"%s\"</string> <string name="building_configration">Generiere OpenVPN Konfiguration…</string> - <string name="netchange_summary">Aktivieren dieser Option zwingt OpenVPN dazu beim Wechsel des Netzwerkes (WLAN zu Mobilfunk und umgekehrt) neu zu verbinden.</string> + <string name="netchange_summary">Aktivieren dieser Option zwingt OpenVPN dazu beim Wechsel des Netzwerkes (WLAN zu Mobilfunk und umgekehrt) neu zu verbinden</string> <string name="netchange">Netzwerkänderungen beachten</string> <string name="cert_from_keystore">Zertifikat (KeyStore): \'%s\' </string> <string name="netstatus">Netzwerkstatus: %s</string> @@ -187,6 +187,7 @@ <string name="error_rsa_sign">Fehler beim Zugriff auf den Android Keystore %1$s: %2$s</string> <string name="faq_system_dialogs">Die Meldung, dass OpenVPN versucht eine VPN-Verbindung aufzubauen und dabei den gesamten Netzwerkverkehr abhören kann, wird vom Android System selbst erzeugt. Diese wird vom System erzwungen, damit keine Anwendung vom Benutzer unbemerkt eine VPN Verbindung aufbauen kann\Die VPN Benachrichtigung (Das Schlüssel Symbol) wird genauso vom Android System angezeigt um eine bestehende VPN anzuzeigen.\nDiese beiden Features wurden in Android für die Sicherheit des Nutzers implementiert und können nicht umgangen werden. (Auf machen Telefon/Tablets wird die Benachrichtigung leider mit einem Ton signalisiert.)</string> <string name="faq_system_dialogs_title">Warnung beim Verbinden und Benachrichtigungston</string> + <string name="translationby">Deutsche Übersetzung von Arne Schwabe <arne@rfc2549.org></string> <string name="ipdns">IP und DNS</string> <string name="basic">Grundeinstellungen</string> <string name="routing">Routing</string> @@ -223,4 +224,18 @@ <string name="faq_routing">In dieser Anwendung wird die Routing und Netzwerkkonfiguration nicht mit den traditionellen ifconfig/route Kommandos konfiguriert sondern mittels der VPNService API. Diese erwartet eine Tunnel IP Adresse und die Netzwerke, die über den Tunnel geroutet werden sollen. Insbesondere wird keine Gateway oder Peer IP Adresse benötigt. Die Anwendung ignoriert diese daher auch beim Import. Dass die Verbindung zum VPN Server nicht über den Tunnel geroutet wird, wird auch über die VPNService API sichergestellt ohne dass hierfür spezielle Routen nötig sind. Da nur Netzwerke, die über den Tunnel geroutet werden sollen, angeben werden können, ist es nicht möglich andere Routen zu unterstützen (z.B. route x.x.x.x y.y.y.y net_gateway)\"</string> <string name="persisttun_summary">Verhindere Zurückfallen auf nicht VPN Verbindungen während OpenVPN neu verbindet.</string> <string name="persistent_tun_title">Persistentes tun Device</string> + <string name="translation">Übersetzung</string> + <string name="openvpn_log">OpenVPN-Log</string> + <string name="import_config">OpenVPN Konfiguration importieren</string> + <string name="battery_consumption_title">Energieverbrauch</string> + <string name="baterry_consumption">In meinen eigenen Tests ist der Hauptgrund für den hohen Stromverbrauch von OpenVPN das Senden und Empfangen der Keepalive-Pakete. Die meisten OpenVPN-Server haben eine Konfigurationsoption wie \' keepalive 10 60\', was bedeutet dass vom Client an den Server und Server an den Client alle zehn Sekunden ein Paket geschickt wird. lt;pgt; Diese Pakete sind klein und erzeugen keine große Datenmenge. Sie sorgen allerdings dafür, dass das permanent Daten übertragen werden und somit auch die Mobilfunk bzw. WLAN Einheit aktiv ist und steigern damit den Energieverbrauch. lt;pgt; Diese keepalive Einstellung kann nicht auf dem Client geändert werden. Nur der Systemadministrator des VPN Servers kann die Einstellung ändern. lt;pgt; Leider hat eine keepalive Einstellung von mehr als 60 Sekunden mit udp Probleme mit einigen NAT-Gateways, die für inaktive Verbindung nur eine sehr kurze Haltzeit haben und danach verwerfen (60s in meinen Tests). Benutzen von TCP mit langen Keep-Alive-Timeout funktioniert, hat aber das TCP über TCP Problem. (Siehe lt; a href=\"http://sites.inka.de/bigred/devel/tcp-tcp.html\" gt; Why TCP Over TCP Is A Bad Idelt;/agt;)</string> + <string name="faq_tethering">Die \"Anbindung & mobiler WLAN-Hotspot\" Funktion und die VPNService-API, die von diesem Programm verwendet wird, funktionieren nicht zusammen. Für weitere Details siehe <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=34\"> Issue #34 </a></string> + <string name="vpn_tethering_title">VPN und \"Anbindung & mobiler WLAN-Hotspot\"</string> + <string name="connection_retries">Anzahl Verbindungsversuche</string> + <string name="reconnection_settings">Einstellungen für das Neuverbinden</string> + <string name="connectretrymessage">Anzahl von Sekunden zwischen Verbindungsversuchen.</string> + <string name="connectretrywait">Sekunden zwischen Verbindungsversuchen</string> + <string name="minidump_generated">Der OpenVPN Prozess ist unerwartet abgestützt. Bitte erwägen Sie die \"Minidump senden\" im Hauptmenü</string> + <string name="send_minidump">Minidump an Entwickler senden</string> + <string name="send_minidump_summary">Sendet Debugging Informationen des letzten Absturzes an den Entwickler</string> </resources> diff --git a/res/values-es/arrays.xml b/res/values-es/arrays.xml index ed33c8c7..fd401872 100644..100755 --- a/res/values-es/arrays.xml +++ b/res/values-es/arrays.xml @@ -1,28 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<!--Generated by crowdin.net--> <resources> - <!-- Keep the order the same as the TYPE_ constants in VPNProfile --> - <string-array name="vpn_types"> - <item>"Certificados"</item> - <item>"Archivo PKCS12"</item> - <item>"Certificado Android"</item> - <item>"Usuario/contraseña"</item> - <item>"Claves estáticas"</item> - <item>"Usuario/contr. + Certificados"</item> - <item>"Usuario/contr. + PKCS12 "</item> - <item>"Usuario/contr. + Android"</item> - </string-array> - - <string-array name="tls_directions_entries"> - <item>"0"</item> - <item>"1"</item> - <item>"Sin especificar"</item> - </string-array> - <string-array name="verb_entries"> - <item>"0 - No hay registro"</item> - <item>"1 - Detalle prederminado"</item> - <item>"2 - Registro más detallado"</item> - <item>"3"</item> - <item>"4"</item> - <item>"5 - registro de depuración"</item> - </string-array> - -</resources>
\ No newline at end of file + <string-array name="vpn_types"> + <item>Certificados</item> + <item>Archivo PKCS12</item> + <item>Certificado de Android</item> + <item>Usuario/Contraseña</item> + <item>Llaves Estaticas</item> + <item>Usuario/Contraseña + Certificados</item> + <item>Usuario/Contraseña + PKCS12 </item> + <item>Usuario/Contraseña + Android</item> + </string-array> + <string-array name="tls_directions_entries"> + <item>0</item> + <item>1</item> + <item>No especificado</item> + </string-array> + <string-array name="verb_entries"> + <item>0 - No registrar</item> + <item>1 - Registro predeterminado</item> + <item>2 - Registro más detallado</item> + <item>3</item> + <item>4</item> + <item>5 - Registro de depuración</item> + </string-array> +</resources> diff --git a/res/values-es/strings.xml b/res/values-es/strings.xml index 5674bfdf..ca437077 100644..100755 --- a/res/values-es/strings.xml +++ b/res/values-es/strings.xml @@ -1,202 +1,234 @@ -<!-- - Copyright (C) 2011 The Android Open Source Project - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---><resources> - - <string name="app">OpenVPN para Android</string> - <string name="address">Dirección del servidor:</string> - <string name="port">Puerto del servidor:</string> - <string name="location">Ubicación</string> - <string name="cant_read_folder">¡carpeta no se puede leer!</string> - <string name="select">Seleccionar</string> - <string name="cancel">Cancelar</string> - <string name="no_data">Sin datos</string> - <string name="useLZO">Compresión LZO</string> - <string name="client_no_certificate">Sin certificado</string> - <string name="client_certificate_title">Certificado cliente</string> - <string name="client_key_title">Clave de certificado cliente</string> - <string name="client_pkcs12_title">Archivo PKCS12</string> - <string name="ca_title">Certificado CA</string> - <string name="no_certificate">No hay nada seleccionado</string> - <string name="copyright_guicode">El código fuente y seguimiento de problemas están disponibles a http://code.google.com/p/ics-openvpn/ </string> - <string name="copyright_others">Este programa utiliza los siguientes componentes. Ver la fuente para detalles completos sobre las licencias.</string> - <string name="about">Acerca de</string> - <string name="about_summary">Acerca de OpenVPN para Android</string> - <string name="vpn_list_summary">Lista de todas las VPNs configuradas</string> - <string name="vpn_list_title">Todas tus VPNs</string> - <string name="vpn_type">Tipo</string> - <string name="pkcs12pwquery">Contraseña PKCS12</string> - <string name="file_select">Seleccionar…</string> - <string name="file_nothing_selected">Nada seleccionado</string> - <string name="useTLSAuth">Utilizar autenticación TLS</string> - <string name="tls_direction">Dirección TLS</string> - <string name="ipv6_dialog_tile">Introducir la dirección IPv6/máscara de red en formato CIDR (por ejemplo: 2000:dd::23/64)</string> - <string name="ipv4_dialog_title">Introducir la dirección IPv4/máscara de red en formato CIDR (por ejemplo: 1.2.3.4/24)</string> - <string name="ipv4_address">Dirección IPv4</string> - <string name="ipv6_address">Dirección IPv6</string> - <string name="custom_option_warning">Introducir las opciones personalizadas de OpenVPN. Ten mucho cuidado. Además, ten en cuenta que muchos de los ajustes OpenVPN relacionados con tun no se pueden soportar por el diseño de VPNSettings. Si crees que falta una opción importante, ponte en contacto con el autor</string> - <string name="auth_username">Usuario</string> - <string name="auth_pwquery">Contraseña</string> - <string name="static_keys_info">Para la configuración estática, las claves de autentificación TLS se utilizarán como claves estáticas.</string> - <string name="configure_the_vpn">Configurar la VPN</string> - <string name="menu_add_profile">Añadir perfil</string> - <string name="add_profile_name_prompt">Escribir un nombre para identificar el nuevo perfil</string> - <string name="duplicate_profile_name">Nombre de perfil ya existe</string> - <string name="profilename">Nombre de perfil</string> - <string name="no_keystore_cert_selected">No hay certificado usuario seleccionado.</string> - <string name="no_error_found">No hay ningún error encontrado</string> - <string name="config_error_found">Error de configuración</string> - <string name="ipv4_format_error">No se puede analizar la dirección IPv4</string> - <string name="custom_route_format_error">No se puede analizar las rutas personalizadas</string> - <string name="pw_query_hint">Dejar en blanco para preguntar a petición</string> - <string name="vpn_shortcut">Acceso directo OpenVPN</string> - <string name="vpn_launch_title">Conectar a VPN</string> - <string name="shortcut_profile_notfound">Perfil especificado en el acceso directo no se encuentra</string> - <string name="random_host_prefix">Prefijo de host aleatorio</string> - <string name="random_host_summary">Añade 6 caracteres aleatorios antes del nombre de host</string> - <string name="custom_config_title">Habilitar opciones personalizadas</string> - <string name="custom_config_summary">Especificar opciones personalizadas. ¡Utiliza con cuidado!</string> - <string name="route_rejected">Ruta rechazada por Android</string> - <string name="cancel_connection">Desconectar</string> - <string name="clear_log">borrar registro</string> - <string name="title_cancel">Confirmar cancelación</string> - <string name="cancel_connection_query">¿Desconectar la VPN conectada / cancelar el intento de conexión?</string> - <string name="remove_vpn">Eliminar VPN</string> - <string name="check_remote_tlscert">Comprueba si el servidor utiliza un certificado servidor TLS</string> - <string name="check_remote_tlscert_title">Salvo servidor TLS</string> - <string name="remote_tlscn_check_title">Verificación del certificado nombre de host </string> - <string name="enter_tlscn_title">Nombre de host remoto (CN)</string> - <string name="tls_key_auth">Habilita la autenticación de clave TLS</string> - <string name="tls_auth_file">Archivo de autenticación TLS</string> - <string name="pull_on_summary">Pide al servidor las direcciones IP, rutas y opciones de sincronización.</string> - <string name="pull_off_summary">No se pide información del servidor. Hay que configurar los ajustes en bajo.</string> - <string name="use_pull">Ajustes de pull</string> - <string name="dns">DNS</string> - <string name="override_dns">Reemplazar la configuración DNS del servidor</string> - <string name="dns_override_summary">Utilizar servidores DNS personalizados</string> - <string name="searchdomain">searchDomain</string> - <string name="dns1_summary">Servidor DNS que se utilizará.</string> - <string name="dns_server">Servidor DNS:</string> - <string name="secondary_dns_message">Servidor DNS secundario se utiliza si el servidor DNS primario no se puede alcanzar.</string> - <string name="backup_dns">Servidor DNS de reserva</string> - <string name="ignored_pushed_routes">Rechazar rutas proporcionadas</string> - <string name="ignore_routes_summary">Rechazar rutas proporcionadas por el servidor.</string> - <string name="default_route_summary">Redirige todo el tráfico hacia la VPN</string> - <string name="use_default_title">Utilizar ruta por defecto</string> - <string name="custom_route_message">Introducir rutas personalizadas. Introducir el destino sólo en formato CIDR. \"10.0.0.0/8 2002::/16\\" dirigiría las redes 10.0.0.0/8 y 2002::/16 hacia la VPN.</string> - <string name="custom_routes_title">Rutas personalizadas</string> - <string name="log_verbosity_level">Nivel de detalle del registro</string> - <string name="float_summary">Permite los paquetes autenticados de cualquier IP</string> - <string name="float_title">Permitir servidor flotante</string> - <string name="custom_options_title">Opciones personalizadas</string> - <string name="edit_vpn">Editar ajustes de VPN</string> - <string name="remove_vpn_query">¿Eliminar el perfil VPN %s?</string> - <string name="tun_error_helpful">En algunos firmwares personalizados ICS el permiso de /dev/tun puede ser incorrecto, o el módulo tun puede faltar totalmente. Para firmwares CM9 intenta corregir la propiedad en los ajustes.</string> - <string name="tun_open_error">Error grave en la apertura de la interfaz tun</string> - <string name="error">Error: </string> - <string name="clear">Borrar</string> - <string name="info">información</string> - <string name="show_connection_details">Mostrar detalles de conexión</string> - <string name="last_openvpn_tun_config">Última configuración de la interfaz OpenVPN:</string> - <string name="local_ip_info">Local IPv4: %1$s/%2$d IPv6: %3$s MTU: %4$d</string> - <string name="dns_server_info">Servidor DNS: %s</string> - <string name="dns_domain_info">Dominio DNS: %s</string> - <string name="routes_info">Rutas: %s</string> - <string name="routes_info6">Rutas IPv6: %s</string> - <string name="ip_not_cidr">Se ha obtenido información de interfaz %1$s, y %2$s, suponiendo que la segunda dirección es la dirección del nodo remoto. Utilizando máscara de red /32 para IP local. Modo relatado por OpenVPN es \\"%3$s\\".</string> - <string name="route_not_cidr">No se puede entender %1$s, y %2$s como ruta IP con máscara de red CIDR, utilizando /32 como la máscara de red.</string> - <string name="route_not_netip">Ruta %1$s/%2$s corregida en %3$s/%2$s</string> - - <string name="version_info">%1$s %2$s</string> - <string name="send_logfile">Enviar el archivo de registro</string> - <string name="send">Enviar</string> - <string name="ics_openvpn_log_file">Archivo de registro de ICS OpenVPN </string> - <string name="copied_entry">Entrada de registro copiada al portapapeles</string> - <string name="tap_mode">Modo tap</string> - <string name="faq_tap_mode">Modo pap no es posible con la API VPN sin root. Por lo tanto esta aplicación no puede soportar tap.</string> - <string name="tap_faq2">¿Otra vez? ¿Estás de broma? Modo tap no se soporta de verdad, y mandarme más correos no lo va a cambiar.</string> - <string name="tap_faq3">¿Por tercera vez?</string> - <string name="faq">Preguntas frecuentes</string> - <string name="faq_summary">Preguntas frecuentes y algunos consejos</string> - <string name="copying_log_entries">Copiar entradas de registro</string> - <string name="faq_copying">Para copiar una sola entrada de registro, púlsala y mantén pulsada. Para copiar/enviar el registro entero, utiliza la opción \\"Enviar el archivo de registro\\". Utilice el botón de menú físico si no se ve en la interfaz gráfica de usuario.</string> - <string name="faq_shortcut">Acceso directo para iniciar</string> - <string name="faq_howto_shortcut">Puede poner un acceso directo para iniciar OpenVPN en su escritorio. Según tu </string> - <string name="no_vpn_support_image">Tu firmware no soporta la API de VPNService :(</string> - <string name="encryption">Cifrado</string> - <string name="cipher_dialog_title">Introducir método de cifrado</string> - <string name="chipher_dialog_message">Introducir la clave de cifrado para OpenVPN. Dejar en blanco para utilizar cifrado por defecto.</string> - <string name="settings_auth">Autenticación/cifrado</string> - <string name="file_explorer_tab">Explorador de archivos</string> - <string name="inline_file_tab">Archivo en línea</string> - <string name="import_file">Importar</string> - <string name="error_importing_file">Error al importar archivo</string> - <string name="import_error_message">No se pudo importar el archivo de sistema de archivos</string> - <string name="inline_file_data">[[Datos de archivos en línea]]</string> - <string name="opentun_no_ipaddr">Rechaza abrir el dispositivo tun, sin la información de IP</string> - <string name="menu_import">Importar perfil de archivo ovpn</string> - <string name="menu_import_short">Importar</string> - <string name="import_content_resolve_error">No se pudo leer el perfil que importar</string> - <string name="error_reading_config_file">Error al leer el archivo de configuración</string> - <string name="add_profile">añadir perfil</string> - <string name="trying_to_read">Intentando leer el archivo: %1$s</string> - <string name="import_could_not_open">No se encontró el archivo %1$s que se menciona en el archivo de configuración importado</string> - <string name="importing_config">Importando archivo de configuración de la fuente %1$s</string> - <string name="import_warning_custom_options">Tu configuración tiene algunas opciones de configuración que no se pudieron analizar. Estas opciones se han añadido como opciones de configuración personalizada. La configuración personalizada se muestra abajo:</string> - <string name="import_done">Lectura del archivo de configuración terminada.</string> - <string name="nobind_summary">No enlazar a la dirección local y el puerto</string> - <string name="no_bind">Sin enlazamiento local</string> - <string name="import_configuration_file">Importar archivo de configuración</string> - <string name="faq_security_title">Seguridad</string> - <string name="import_vpn">Importar</string> - <string name="broken_image_cert_title">Error al mostrar selección de certificado</string> - <string name="ipv4">IPv4</string> - <string name="ipv6">IPv6</string> - <string name="speed_waiting">Esperando mensaje de estado…</string> - <string name="converted_profile">perfil importado</string> - <string name="converted_profile_i">perfil importado %d</string> - <string name="broken_images">Firmwares rotos</string> - <string name="error_empty_username">El nombre de usuario no puede estar vacío.</string> - <string name="pkcs12_file_encryption_key">Clave de cifrado de archivo PKCS12</string> - <string name="private_key_password">Contraseña de clave privada</string> - <string name="password">Contraseña</string> - <string name="file_icon">icono</string> - <string name="tls_authentication">Autenticación TLS</string> - <string name="generated_config">Configuración generada</string> - <string name="generalsettings">Ajustes generales</string> - <string name="owner_fix_summary">Intentar definir la propriedad de /dev/tun como system. Algunos firmwares CM9 lo necesita para que la API VPNService funcione. Necesita root.</string> - <string name="owner_fix">Corregir la propiedad de /dev/tun</string> - <string name="generated_config_summary">Muestra el archivo de configuración de OpenVPN generado</string> - <string name="edit_profile_title">Editar \\"%s\\"</string> - <string name="building_configration">Generando configuración…</string> - <string name="netchange_summary">Habilitar esta opción obliga la reconexión si el estado de la red se cambia (Wi-Fi a móvil, y al revés)</string> - <string name="netchange">Reconectar si la red se cambia</string> - <string name="cert_from_keystore">Tiene certificado de \'%s\' del llavero</string> - <string name="netstatus">Estado de red: %s</string> - <string name="select_file">Seleccionar</string> - <string name="show_log_summary">Mostrar la ventana de registro cuando se establece la conexión. La ventana de registro se puede acceder de la barra de notificaciones.</string> - <string name="show_log_window">Mostrar ventana de registro</string> - <string name="keppstatus_summary">Mantener la notificación mostrada después de que la conexión se establece, para mostrar las estadísticas de tráfico.</string> - <string name="keepstatus">Mostrar estadísticas de tráfico</string> - <string name="mobile_info">Utilizando %1$s (%2$s) %3$s, Android API %4$d</string> - <string name="translationby">Traducción español por Gerard Bonner - <59539051+ovpntrans.es@mail.dcu.ie></string> - <!--When translating use a string like this: - <string name="translationby">English translation by Arne Schwabe<arne@rfc2549.org></string>--> - <string name="ipdns">IP y DNS</string> - <string name="basic">Básico</string> - <string name="routing">Enrutamiento</string> - <string name="obscure">Ajustes OpenVPN raros. Normalmente, no se necesitan.</string> - <string name="advanced">Avanzado</string> -</resources>
\ No newline at end of file +<?xml version="1.0" encoding="utf-8"?> +<!--Generated by crowdin.net--> +<resources> + <string name="app">OpenVPN para Android</string> + <string name="address">Dirección del servidor:</string> + <string name="port">Puerto del servidor:</string> + <string name="location">Ubicación</string> + <string name="cant_read_folder">No se puede leer el directorio</string> + <string name="select">Seleccionar</string> + <string name="cancel">Cancelar</string> + <string name="no_data">No hay datos</string> + <string name="useLZO">Compresión LZO</string> + <string name="client_no_certificate">Sin Certificado</string> + <string name="client_certificate_title">Certificado de Cliente</string> + <string name="client_key_title">Llave del Certificado de Cliente</string> + <string name="client_pkcs12_title">Archivo PKCS12</string> + <string name="ca_title">Certificado de la CA</string> + <string name="no_certificate">Debe seleccionar un certificado</string> + <string name="copyright_guicode">Codigo fuente y sistema de reporte de errores disponibles en http://code.google.com/p/ics-openvpn/</string> + <string name="copyright_others">El programa utiliza los siguientes componentes. Vea los códigos fuentes para obtener más información sobre las licencias</string> + <string name="about">Acerca de</string> + <string name="about_summary">Acerca de OpenVPN para Android</string> + <string name="vpn_list_summary">Lista de todas las VPN configuradas</string> + <string name="vpn_list_title">Perfiles VPN</string> + <string name="vpn_type">Tipo</string> + <string name="pkcs12pwquery">Contraseña PKCS12</string> + <string name="file_select">Seleccionar...</string> + <string name="file_nothing_selected">Debe seleccionar un archivo</string> + <string name="useTLSAuth">Utilizar la autenticación TLS</string> + <string name="tls_direction">Dirección TLS</string> + <string name="ipv6_dialog_tile">Introduzca la dirección/máscara de red IPv6 en formato CIDR (por ejemplo, 2000:dd::23/64)</string> + <string name="ipv4_dialog_title">Introduzca la dirección/máscara de red IPv4 en formato CIDR (por ejemplo, 1.2.3.4/24)</string> + <string name="ipv4_address">Dirección IPv4</string> + <string name="ipv6_address">Dirección IPv6</string> + <string name="custom_option_warning">Introduzca las opciones personalizadas de OpenVPN. Úselas con mucho cuidado. Además, tenga en cuenta que muchas de las configuraciones de OpenVPN relacionadas con tun no pueden ser soportadas por el diseño de VPNSettings. Si cree que falta una función importante, contacte al autor</string> + <string name="auth_username">Nombre de usuario</string> + <string name="auth_pwquery">Contraseña</string> + <string name="static_keys_info">Para la configuración estática las claves de autenticación TLS se utilizaran como claves estáticas</string> + <string name="configure_the_vpn">Configurar la VPN</string> + <string name="menu_add_profile">Agregar perfil</string> + <string name="add_profile_name_prompt">Escriba un nombre que identifica el nuevo perfil</string> + <string name="duplicate_profile_name">Por favor, introduzca un nombre de perfil único</string> + <string name="profilename">Nombre del Perfil</string> + <string name="no_keystore_cert_selected">Debe seleccionar un certificado de usuario</string> + <string name="no_error_found">No se encontraron errores</string> + <string name="config_error_found">Error en la configuración</string> + <string name="ipv4_format_error">Error al analizar la dirección IPv4</string> + <string name="custom_route_format_error">Error al analizar las rutas personalizadas</string> + <string name="pw_query_hint">(Deje en blanco para consultar sobre demanda)</string> + <string name="vpn_shortcut">Acceso directo de OpenVPN</string> + <string name="vpn_launch_title">Conectar a VPN</string> + <string name="shortcut_profile_notfound">Perfil especificado en el acceso directo no encontrado</string> + <string name="random_host_prefix">Prefijo aleatorio de Host</string> + <string name="random_host_summary">Agrega 6 caracteres al azar delante del nombre de host</string> + <string name="custom_config_title">Habilitar opciones personalizadas</string> + <string name="custom_config_summary">Especificar opciones personalizadas. ¡Use con cuidado!</string> + <string name="route_rejected">Ruta rechazada por Android</string> + <string name="cancel_connection">Desconectar</string> + <string name="clear_log">Limpiar registro</string> + <string name="title_cancel">Cancelar confirmación</string> + <string name="cancel_connection_query">¿Desconectar la conexión VPN/cancelar el intento de conexión?</string> + <string name="remove_vpn">Eliminar VPN</string> + <string name="check_remote_tlscert">Comprueba si el servidor utiliza un certificado de servidor TLS</string> + <string name="check_remote_tlscert_title">Excepto servidor TLS</string> + <string name="remote_tlscn_check_summary">Comprueba el CN del certificado del servidor remoto contra una cadena</string> + <string name="remote_tlscn_check_title">Comprobación del certificado de nombre de host</string> + <string name="enter_tlscn_dialog">Introduzca la cadena contra la que se comprueba el servidor remoto. OpenVPN usará coincidencias de prefijos. \"Servidor\" coincide con \"Servidor-1\" y \"Servidor-2\"\nDeje vacío para comprobar el CN contra el nombre de host del servidor.</string> + <string name="enter_tlscn_title">Nombre de Host remoto(CN)</string> + <string name="tls_key_auth">habilita la autenticación de clave TLS</string> + <string name="tls_auth_file">Archivo de autenticación TLS</string> + <string name="pull_on_summary">Obtener Direcciones IP, rutas y opciones de sincronizacion del servidor.</string> + <string name="pull_off_summary">No se pedira informacion del servidor. Necesita especifiar la configuracion abajo.</string> + <string name="use_pull">Obtener Configuracion</string> + <string name="dns">DNS</string> + <string name="override_dns">Reemplazar la configuración DNS del Servidor</string> + <string name="dns_override_summary">Usar sus propios servidores DNS</string> + <string name="searchdomain">searchDomain</string> + <string name="dns1_summary">Servidor DNS a ser usado.</string> + <string name="dns_server">Servidor DNS</string> + <string name="secondary_dns_message">El servidor DNS secundario se utiliza si el servidor DNS normal no puede alcanzarse.</string> + <string name="backup_dns">Servidor DNS de respaldo</string> + <string name="ignored_pushed_routes">Ignorar rutas obtenidas</string> + <string name="ignore_routes_summary">Ignorar rutas obtenidas del servidor.</string> + <string name="default_route_summary">Redirige todo el tráfico a través de VPN</string> + <string name="use_default_title">Usar ruta predeterminada</string> + <string name="custom_route_message">Introduzca las rutas personalizadas. Sólo introduzca destinos en formato CIDR. \"10.0.0.0/8 2002:: / 16\" dirigiría las redes 10.0.0.0/8 y 2002::/16 sobre la VPN.</string> + <string name="custom_routes_title">Rutas personalizadas</string> + <string name="log_verbosity_level">Nivel de detalle del registro</string> + <string name="float_summary">Permite paquetes autenticados desde cualquier IP</string> + <string name="float_title">Permitir servidor flotante</string> + <string name="custom_options_title">Opciones personalizadas</string> + <string name="edit_vpn">Modificar la configuración de VPN</string> + <string name="remove_vpn_query">¿Eliminar el perfil VPN %s?</string> + <string name="tun_error_helpful">En algunas imágenes personalizadas de ICS los permisos sobre /dev/tun podrían ser incorrectos, o el módulo tun podría faltar completamente. Para imágenes de CM9 pruebe la opción \"arreglar la propiedad de /dev/tun\" ubicada en la configuración general</string> + <string name="tun_open_error">La apertura de la interfaz tun falĺó</string> + <string name="error">"Error: "</string> + <string name="clear">Borrar</string> + <string name="info">información</string> + <string name="show_connection_details">Mostrar detalles de la conexión</string> + <string name="last_openvpn_tun_config">Última configuración de interfaz de OpenVPN:</string> + <string name="local_ip_info">Local IPv4: %1$s/%2$d IPv6: %3$s MTU: %4$d</string> + <string name="dns_server_info">Servidor DNS: %s</string> + <string name="dns_domain_info">Dominio DNS: %s</string> + <string name="routes_info">Rutas: %s</string> + <string name="routes_info6">Rutas IPv6: %s</string> + <string name="ip_not_cidr">Información de la interfaz obtenida %1$s and %2$s, asumiendo que la segunda dirección es una dirección equivalente del remoto. Usando una máscara de red /32 para la IP local. El modo dado por OpenVPN es \"%3$s\".</string> + <string name="route_not_cidr">No tienen sentido %1$s y %2$s como ruta IP con máscara de red CIDR, usando /32 como máscara de red.</string> + <string name="route_not_netip">Ruta conectada de %1$s/%2$s a %3$s/%2$s</string> + <string name="version_info">%1$s %2$s</string> + <string name="send_logfile">Enviar el archivo de registro</string> + <string name="send">Enviar</string> + <string name="ics_openvpn_log_file">Archivo de registro de OpenVPN de ICS</string> + <string name="copied_entry">Entrada de registro copiada al Portapapeles</string> + <string name="tap_mode">Modo Tap</string> + <string name="faq_tap_mode">El Modo tap no es posible sin la API VPN de root. Por lo tanto la aplicacion no puede dar soporte a tap</string> + <string name="tap_faq2">¿Otra vez? ¿Estás bromeando? No, el modo tap realmente no está soportado y enviar más correos preguntando si será soportado no ayudará.</string> + <string name="tap_faq3">¿Una tercera vez? En realidad se podría escribir un emulador de tap basado en tun que podria agregar información layer2 al enviar y obtener información layer2 al recibir. Pero este emulador tap tendría que implementar también ARP y posiblemente un cliente DHCP. No sé de alguien que este realizando trabajo en esa dirección. Ponte en contacto conmigo si deseas iniciar la codificación de esto.</string> + <string name="faq">P+F</string> + <string name="faq_summary">Preguntas frecuentes y consejos</string> + <string name="copying_log_entries">Copiar las entradas del registro</string> + <string name="faq_copying">Para copiar una sola entrada de registro presione y mantenga pulsado sobre la entrada del registro. Para copiar y enviar el registro completo use la opción Enviar registro. Utilice el botón fisico de menú si no visible en la interfaz.</string> + <string name="faq_shortcut">Acceso directo para iniciar</string> + <string name="faq_howto_shortcut">Puede colocar un acceso directo para iniciar OpenVPN en el escritorio. Dependiendo del programa de la pantalla de inicio tiene que añadir un acceso directo o un widget.</string> + <string name="encryption">Cifrado</string> + <string name="cipher_dialog_title">Especifique el método de cifrado</string> + <string name="chipher_dialog_message">Introduzca la clave de cifrado para OpenVPN. Deje en blanco para utilizar cifrado predeterminado</string> + <string name="settings_auth">Autenticación/Cifrado</string> + <string name="file_explorer_tab">Administrador de archivos</string> + <string name="inline_file_tab">Archivo en línea</string> + <string name="import_file">Importar</string> + <string name="error_importing_file">Error al importar el archivo</string> + <string name="import_error_message">No se pudo importar el archivo del sistema de archivos</string> + <string name="inline_file_data">[[Datos de archivo en línea]]</string> + <string name="opentun_no_ipaddr">Negandose a abrir el dispositivo tun sin información de IP</string> + <string name="menu_import">Importar perfil de un archivo ovpn</string> + <string name="menu_import_short">Importar</string> + <string name="import_content_resolve_error">No se pudo leer el perfil a importar</string> + <string name="error_reading_config_file">Error al leer el archivo de configuración</string> + <string name="add_profile">Agregar perfil</string> + <string name="trying_to_read">Intentando leer el archivo: %1$s</string> + <string name="import_could_not_open">No se pudo encontrar el archivo %1$s mencionado en el archivo de configuracion importado</string> + <string name="importing_config">Importando archivo de configuración del origen %1$s</string> + <string name="import_warning_custom_options">Su configuración tiene algunas opciones de configuración que pueden ser analizadas. Estas opciones se agregaron como opciones de configuración personalizadas. A continuación se muestra la configuración personalizada:</string> + <string name="import_done">Se termino de leer el archivo de configuracion.</string> + <string name="nobind_summary">No enlazar con el puerto y la dirección local</string> + <string name="no_bind">Ningún enlace local</string> + <string name="import_configuration_file">Importar archivo de configuracion</string> + <string name="faq_security_title">Consideraciones de seguridad</string> + <string name="faq_security">"Como OpenVPN es sensible a la seguridad, son razonables algunas notas acerca de seguridad. Todos los datos en la tarjeta SD son inherentemente inseguros. Cualquier aplicación puede leerla (por ejemplo, esta aplicación no requiere ningún permiso especial sobre la tarjeta SD). Los datos de esta aplicación sólo pueden ser leidos por la misma aplicación. Al utilizar la opción importar para el certificado de la CA/certificado/llave, en la ventana de diálogo para selección de archivos, los datos se almacenan en el perfil de la VPN. Los perfiles de VPN sólo son accesibles por esta aplicación. (No olvide después borrar las copias de la tarjeta SD). Aunque sólo sea accesible por esta aplicación, los datos aún están sin encriptar. Al acceder el dispositivo portátil como root u otro medio, es posible recuperar estos datos. Las contraseñas guardadas son almacenadas también en texto plano. Para archivos pkcs12 es muy recomendable que los importe al repositorio de llaves de Android."</string> + <string name="import_vpn">Importar</string> + <string name="broken_image_cert_title">Error mostrando la seleccion de certificados</string> + <string name="broken_image_cert">Se obtuvo una excepción al intentar mostrar el diálogo de selección de certificado de Android 4.0+. Esto nunca debería ocurrir por ser una funcionalidad estándar de Android 4.0+. Quizás el respaldo ROM para almacenamiento de certificados de su Android está arruinado</string> + <string name="ipv4">IPv4</string> + <string name="ipv6">IPv6</string> + <string name="speed_waiting">Esperando el mensaje de estado...</string> + <string name="converted_profile">perfil importado</string> + <string name="converted_profile_i">perfil importado %d</string> + <string name="broken_images">Imágenes rotas</string> + <string name="error_empty_username">El nombre de usuario no debe estar vacío.</string> + <string name="pkcs12_file_encryption_key">Clave PKCS12 de cifrado de archivos</string> + <string name="private_key_password">Contraseña de clave privada</string> + <string name="password">Contraseña</string> + <string name="file_icon">icono de archivo</string> + <string name="tls_authentication">Autenticación TLS</string> + <string name="generated_config">Configuración generada</string> + <string name="generalsettings">Preferencias generales</string> + <string name="owner_fix_summary">Intenta establecer el propietario de /dev/tun a system. Algunas imágenes de CM9 lo necesitan hacer funcionar la API de VPNService. Requiere permisos root.</string> + <string name="owner_fix">Arreglar la propiedad de /dev/tun</string> + <string name="generated_config_summary">Muestra el archivo de configuración OpenVPN generado</string> + <string name="edit_profile_title">Editando \"%s\"</string> + <string name="building_configration">Construyendo configuracion...</string> + <string name="netchange_summary">Turning this option on will force a reconnect if the network state is changed (e.g. WiFi to/from mobile)</string> + <string name="netchange">Reconectar en cambio de red</string> + <string name="cert_from_keystore">Conseguido el certificado de \'%s\' de almacén de claves</string> + <string name="netstatus">Estado de la red: %s</string> + <string name="extracahint">El certificado de la CA usualmente es recuperado del almacén de claves de Android. Especifique un certificado diferente si obtiene errores de verificación de certificado.</string> + <string name="select_file">Seleccionar</string> + <string name="keychain_nocacert">No se obtuvo ningún certificado de CA al leer el almacén de claves de Android. La autenticación probablemente fallará.</string> + <string name="show_log_summary">Muestra la ventana de registro el conectarse. La ventana de registro siempre puede accederse desde el estado de la notificación.</string> + <string name="show_log_window">Mostrar ventana de registro</string> + <string name="keppstatus_summary">Mantenga la notificación visible después de que la conexión es establecida para mostrar estadísticas de tráfico.</string> + <string name="keepstatus">Mostrar estadísticas de tráfico</string> + <string name="mobile_info">Ejecutándose en %1$s (%2$s) %3$s, API de Android %4$d</string> + <string name="error_rsa_sign">Error al firmar con la llave del almacén de llaves de Android %1$s: %2$s</string> + <string name="faq_system_dialogs_title">Advertencia de conexión y sonido de notificación</string> + <string name="translationby">Traducción al español por José Luis Bandala Perez<luis.449bp@gmail.com></string> + <string name="ipdns">IP y DNS</string> + <string name="basic">Básico</string> + <string name="routing">Enrutamiento</string> + <string name="obscure">Configuraciones oscuras de OpenVPN. Normalmente no se necesitan.</string> + <string name="advanced">Avanzado</string> + <string name="export_config_title">Configuracion Openvpn de ICS</string> + <string name="warn_no_dns">Sin servidores DNS utilizados. La resolución de nombres puede que no funcione. Considere configurar servidores DNS personalizados</string> + <string name="dns_add_error">No se puede agregar el servidor DNS \"%1$s\", rechazado por el sistema: %2$s</string> + <string name="faq_howto_title">Inicio rápido</string> + <string name="setting_loadtun_summary">Intente cargar el módulo del kernel tun.ko antes de intentar conectarse. Necesita dispositivos rooteados.</string> + <string name="setting_loadtun">Cargar modulo tun</string> + <string name="importpkcs12fromconfig">Importar PKCS12 de la configuración en el almacén de claves de Android</string> + <string name="getproxy_error">Error al obtener la configuración de proxy: %s</string> + <string name="using_proxy">Usando proxy %1$s %2$d</string> + <string name="use_system_proxy">Usar el proxy del sistema</string> + <string name="use_system_proxy_summary">Utilice la configuración del sistema para los proxies HTTP/HTTPS a conectar.</string> + <string name="donatewithpaypal">Usted puede <a href=\"https://www.paypal.com/cgi-bin/webscr?hosted_button_id=R2M6ZP9AF25LS&amp;cmd=_s-xclick\">donar con PayPal</a> </string> + <string name="onbootrestartsummary">OpenVPN volvera a conectar a una VPN si estaba activa en el apagado/reinicio del sistema. Por favor lea la P+F de advertencia de conexión antes de usar esta opción.</string> + <string name="onbootrestart">Vuelva a conectar al reiniciar</string> + <string name="ignore">Ignorar</string> + <string name="restart">Reiniciar</string> + <string name="restart_vpn_after_change">Los cambios de configuración se aplican después de reiniciar la VPN. ¿(Re)iniciar la VPN ahora?</string> + <string name="configuration_changed">Configuración cambiada</string> + <string name="log_no_last_vpn">No se pudo determinar el último perfil conectado para editar</string> + <string name="faq_duplicate_notification_title">Notificaciones duplicadas</string> + <string name="no_vpn_profiles_defined">No hay perfiles VPN definidos.</string> + <string name="add_new_vpn_hint">Use el icono <img src=\"ic_menu_add\"/> para agregar una nueva VPN</string> + <string name="vpn_import_hint">Use el icono <img src=\"ic_menu_archive\"/> para importar un perfil existente (.ovpn or .conf) de tu tarjeta.</string> + <string name="faq_hint">Asegúrese de checar también las preguntas frecuentes. Hay una guía de inicio rápido.</string> + <string name="correcttls">Convertir formato remote-tls de OpenVPN 2.2 al formato 2.3</string> + <string name="faq_routing_title">Configuración de enrutamiento o interfaz</string> + <string name="persisttun_summary">No regresar a modo sin conexión VPN cuando OpenVPN esta volviendose a conectar.</string> + <string name="persistent_tun_title">Tun persistente</string> + <string name="translation">Traducción</string> + <string name="openvpn_log">Registro de OpenVPN</string> + <string name="import_config">Importar configuración de OpenVPN</string> + <string name="battery_consumption_title">Consumo de batería</string> + <string name="baterry_consumption">En mis pruebas personales la razón principal del alto consumo de batería de OpenVPN son los paquetes de sobrevivencia (keepalive). La mayoría de servidores de OpenVPN tienen una configuración como \'keepalive 10 60\' que se traduce en un paquete de keepalive del cliente al servidor y viceversa cada diez segundos. <p> Si bien estos paquetes son pequeños y no utilizan mucho tráfico, mantienen la red móvil ocupada e incrementan el consumo de energía. <p> Esta configuración de sobrevivencia no puede ser cambiada en el cliente. Sólo el administrador de sistemas de la OpenVPN puede cambiar esta configuración. <p> Desafortunadamente, usar una sobrevivencia mayor a 60 segundos con udp ocasiona problemas con algunas puertas de entrada NAT los cuales terminan una conexión después de un corto tiempo de espera (60s en mis pruebas). Usar TCP con un tiempo de sobrevivencia largo funciona pero genera el problema de TCP sobre TCP. (Ver <a href=\"http://sites.inka.de/bigred/devel/tcp-tcp.html\"> Por qué TCP sobre TCP es una mala idea (en inglés) </a>)</string> + <string name="faq_tethering">La funcionalidad de Tethering de Android (sobre WiFi, USB o Bluetooth) y la API del servicio de VPN (utilizada por esta aplicación) no pueden trabajar juntas. Para más detalles vea el <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=34\">problema #34</a></string> + <string name="vpn_tethering_title">VPN y Tethering</string> + <string name="connection_retries">Reintentos de conexión</string> + <string name="reconnection_settings">Configuración de reconexión</string> + <string name="connectretrymessage">Número de segundos de espera entre intentos de conexión.</string> + <string name="connectretrywait">Segundos entre las conexiones</string> + <string name="minidump_generated">OpenVPN falló inesperadamente. Por favor considere usar la opción envío de minivolcado en el menú principal</string> + <string name="send_minidump">Enviar minivolcado al desarrollador</string> + <string name="send_minidump_summary">Enviar información de depuración sobre último fallo al desarrollador</string> +</resources> diff --git a/res/values-et/strings.xml b/res/values-et/strings.xml index e3f6ef66..81a8565c 100755 --- a/res/values-et/strings.xml +++ b/res/values-et/strings.xml @@ -5,7 +5,7 @@ <string name="address">Serveri aadress:</string> <string name="port">Serveri port:</string> <string name="location">Asukoht</string> - <string name="cant_read_folder">Kataloogi ei saa lugeda!</string> + <string name="cant_read_folder">Kataloog pole loetav</string> <string name="select">Vali</string> <string name="cancel">Tühista</string> <string name="no_data">Andmed puuduvad</string> @@ -15,8 +15,8 @@ <string name="client_key_title">Kliendisertifikaadi võti</string> <string name="client_pkcs12_title">PKCS12 fail</string> <string name="ca_title">CA sertifikaat</string> - <string name="no_certificate">Pole valitud</string> - <string name="copyright_guicode">Lähtetekst ja probleemihaldur asuvad veebilehel http://code.google.com/p/ics-openvpn/ </string> + <string name="no_certificate">Peate valima sertifikaadi</string> + <string name="copyright_guicode">Lähtetekst ja probleemihaldur asuvad veebilehel http://code.google.com/p/ics-openvpn/</string> <string name="copyright_others">Programmis kasutatakse järgnevaid komponente. Detailse litsenseerimisinfo leiate lähtekoodist</string> <string name="about">Lähemalt</string> <string name="about_summary">Täpsemalt programmist OpenVPN Androidile</string> @@ -25,7 +25,7 @@ <string name="vpn_type">Tüüp</string> <string name="pkcs12pwquery">PKCS12 salasõna</string> <string name="file_select">Vali…</string> - <string name="file_nothing_selected">Pole valitud</string> + <string name="file_nothing_selected">Valige fail</string> <string name="useTLSAuth">Kasuta TLS autentimist</string> <string name="tls_direction">TLS suund</string> <string name="ipv6_dialog_tile">Sisesta IPv6 Aadress/Võrgumask CIDR formaadis (nt. 2000:dd::23/64)</string> @@ -35,18 +35,18 @@ <string name="custom_option_warning">Sisestage OpenVPN kohandatud valikud. Ettevaatlikkus ei tee paha. Palun samuti tähele panna et VPNSettings API ei toeta paljusid tun liidesega seotud OpenVPN seadistusi. Siiski, kui te leiate et mõni oluline seadistusvalik on puudu, siis kontakteeruge programmi autoriga</string> <string name="auth_username">Kasutajanimi</string> <string name="auth_pwquery">Salasõna</string> - <string name="static_keys_info">Staatilise konfiguratsiooni puhul kasutatakse TLS Auth võtmeid staatiliste võtmetena.</string> + <string name="static_keys_info">Staatilise konfiguratsiooni puhul kasutatakse TLS Auth võtmeid staatiliste võtmetena</string> <string name="configure_the_vpn">Konfigureeri VPN</string> <string name="menu_add_profile">Lisa profiil</string> <string name="add_profile_name_prompt">Lisage uuele profiilile osutav nimi</string> - <string name="duplicate_profile_name">Topelt profiili nimi</string> + <string name="duplicate_profile_name">Palun sisestage unikaalne profiilinimi</string> <string name="profilename">Profiili nimi</string> - <string name="no_keystore_cert_selected">Ühtegi kasutajasertifikaati pole valitud.</string> + <string name="no_keystore_cert_selected">Peate valima kasutaja sertifikaadi</string> <string name="no_error_found">Vigu ei leitud</string> <string name="config_error_found">Konfiguratsiooni viga</string> - <string name="ipv4_format_error">IPv4 aadress ei allu analüüsile</string> + <string name="ipv4_format_error">Sisestatud IPv4 aadress ei allu süntaksianalüüsile</string> <string name="custom_route_format_error">Kohandatud marsruudid ei allu süntaksianalüüsile</string> - <string name="pw_query_hint">Jäta tühjaks, küsitakse vajadusel</string> + <string name="pw_query_hint">(jäta tühjaks, küsitakse vajadusel)</string> <string name="vpn_shortcut">OpenVPN kiirkäivitus</string> <string name="vpn_launch_title">Ühendu VPN\'iga</string> <string name="shortcut_profile_notfound">Lühivalikus määratud profiil puudub</string> @@ -84,15 +84,15 @@ <string name="default_route_summary">Suuna kogu võrguliiklus VPN kaudu</string> <string name="use_default_title">Kasuta vaikeruutingut</string> <string name="custom_route_message">Sisesta oma personaalsed ruutingud. Sihtkoht peab olema CIDR formaadis. \"10.0.0.0/8 2002::/16\" suunab võrgud 10.0.0.0/8 ja 2002::/16 VPN kaudu.</string> - <string name="custom_routes_title">Omalt poolt määratud ruutingud</string> + <string name="custom_routes_title">Marsruutide kohandamine</string> <string name="log_verbosity_level">Logimise detailsus</string> <string name="float_summary">Suvalise IP autenditud paketid on lubatud</string> <string name="float_title">Luba \'ujuv\' server</string> <string name="custom_options_title">Kohandatud valikud</string> <string name="edit_vpn">Muuda VPN seadistusi</string> - <string name="remove_vpn_query">Kas eemaldada VPN profiil %s?</string> + <string name="remove_vpn_query">Kas eemaldada VPN profiil \'%s\'?</string> <string name="tun_error_helpful">Mõnel modifitseeritud ICS versioonil võivad /dev/tun õigused olla valed, või selle moodul sootuks puududa. CM9 puhul võib probleemi lahendada üldiste seadistuste alt omanikuõiguste parandamine</string> - <string name="tun_open_error">tun liidese avamine ebaõnnestus täielikult.</string> + <string name="tun_open_error">Tun liidese avamine ebaõnnestus</string> <string name="error">"Viga:"</string> <string name="clear">Tühjenda</string> <string name="info">info</string> @@ -101,12 +101,12 @@ <string name="local_ip_info">Lokaalne IPv4: %1$s/%2$d IPv6: %3$s MTU: %4$d</string> <string name="dns_server_info">DNS Server: %s</string> <string name="dns_domain_info">DNS domeen: %s</string> - <string name="routes_info">Ruutingud: %s</string> - <string name="routes_info6">IPv6 ruutingud: %s</string> + <string name="routes_info">Marsruudid: %s</string> + <string name="routes_info6">IPv6 marsruudid: %s</string> <string name="ip_not_cidr">Liidese andmed on %1$s ja %2$s, eeldades et teine aadress on eemalasuva serveri aadress. Lokaalse IP jaoks kasutatakse /32 võrgumaski. OpenVPN teatab režiimiks %3$s\".</string> - <string name="route_not_cidr">%1$s ja %2$s on mõttetud CIDR võrgumaskiga IP ruutingud, võrgumaskiks määratakse /32.</string> - <string name="route_not_netip">%1$s/%2$s ruuting parandatud: %3$s/%2$s</string> - <string name="keychain_access">Androidi Keychain sertifikaadid on kättesaamatud. (See võib olla põhjustatud püsivara uuendamisest või appide/apiseadistuste taastamisest). Sertifikaatide pääsuõiguste taastamiseks redigeerige palun VPN seadistusi ja valige uuesti üldiste seadistuste alt sertifikaat.</string> + <string name="route_not_cidr">%1$s ja %2$s on mõttetud CIDR võrgumaskiga IP marsruutidest, võrgumaskiks määratakse /32.</string> + <string name="route_not_netip">%1$s/%2$s marsruut parandatud: %3$s/%2$s</string> + <string name="keychain_access">Androidi Keychain sertifikaadid on kättesaamatud. See võib olla põhjustatud püsivara uuendamisest või appide/apiseadistuste taastamisest. Sertifikaatide pääsuõiguste taastamiseks redigeerige palun VPN seadistusi ja valige uuesti üldiste seadistuste alt sertifikaat.</string> <string name="version_info">%1$s %2$s</string> <string name="send_logfile">Saada logifail</string> <string name="send">Saada</string> @@ -142,7 +142,7 @@ <string name="trying_to_read">Üritan lugeda faili: %1$s</string> <string name="import_could_not_open">Ei õnnestunud leida imporditavas konfiguratsioonifailis mainitud faili: %1$s</string> <string name="importing_config">Allikast %1$s imporditakse konfiguratsioonifaili</string> - <string name="import_warning_custom_options">Teie konfiguratsioonis leidus vähe analüüsile alluvaid valikuid. Leitud valikud lisati kohandatud seadistusvalikutena. Kohandatud konfiguratiooni leiate allpool:</string> + <string name="import_warning_custom_options">Teie konfiguratsioonis on mõned süntaktilisele analüüsile allumatud valikuid. Leitud valikud lisati kohandatud seadistusvalikutena. Kohandatud konfiguratiooni leiate allpool:</string> <string name="import_done">Konfiguratsioonifail loetud.</string> <string name="nobind_summary">Ära seo lokaalse aadressi ja pordiga</string> <string name="no_bind">Lokaalne sidumine puudub</string> @@ -158,7 +158,7 @@ <string name="converted_profile">imporditud profiil</string> <string name="converted_profile_i">imporditud profiil %d</string> <string name="broken_images">Probleemsed Androidi püsivara versioonid</string> - <string name="broken_images_faq"><p>Ametlikel HTC versioonidel teatakse olevat kummaline marsruutimisprobleem, mille tulemusel ei liigu andmevoog läbi tunneli (Vaata ka <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=18\">Issue 18</a> veahalduses.)</p><p>Ametlike SONY versioonid Xperia arc S ja Xperia Ray puhul on raporteeritud ka täielikku VPNService API puudumist. Ka teised Sony tarkvaraversioonid võivad olla mõjutatud samast probleemist. (Vaata <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=29\">Issue 29</a> veahalduses.)</p><p>Kohandatud tarkvaraversioonides võib puududa tun moodul või /dev/tun õigused võivad olla valed. Mõned CM9 versioonid nõuavad üldseadistuste alt õiguste parandamise valiku kasutamist.</p><p>Aga mis kõige olulisem: kui teil juhtub olema vigane tarkvaraversioon, siis teatage sellest oma tarnijale. Mida rohkem kliente tarnijat seadme probleemidest teavitab, seda suurema tõenäosusega tehakse seadme tarkvara ka korda.</p></string> + <string name="broken_images_faq"><p>Ametlikel HTC versioonidel teatakse olevat kummaline marsruutimisprobleem mille tulemusel ei liigu andmevoog läbi tunneli (Vaata ka <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=18\">Issue 18</a> veahalduses.)</p><p>Ametlike SONY versioonid Xperia arc S ja Xperia Ray puhul on raporteeritud ka täielikku VPNService API puudumist. Ka teised Sony tarkvaraversioonid võivad olla mõjutatud samast probleemist. (Vaata <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=29\">Issue 29</a> veahalduses.)</p><p>Kohandatud tarkvaraversioonides võib puududa tun moodul või /dev/tun õigused võivad olla valed. Mõned CM9 versioonid nõuavad üldseadistuste alt õiguste parandamise valiku kasutamist.</p><p>Aga mis kõige olulisem: kui teil juhtub olema vigane tarkvaraversioon, siis teatage sellest oma tarnijale. Mida rohkem kliente tarnijat seadme probleemidest teavitab, seda suurema tõenäosusega tehakse seadme tarkvara ka korda.</p></string> <string name="error_empty_username">Kasutajanimi peab olema määratud.</string> <string name="pkcs12_file_encryption_key">PKCS12 faili krüpteerimisvõti</string> <string name="private_key_password">Privaatse võtme salasõna</string> @@ -172,7 +172,7 @@ <string name="generated_config_summary">Näitab genereeritud OpenVPN konfiguratsioonifaili</string> <string name="edit_profile_title">Redigeeritakse \"%s\"</string> <string name="building_configration">Koostatakse konfiguratsiooni…</string> - <string name="netchange_summary">Selle valiku aktiveerimine kutsub esile VPN uuestiühendumise kui võrgu olek muutub (WIFI peale/pealt mobiilile)</string> + <string name="netchange_summary">Selle valiku aktiveerimine kutsub esile VPN uuestiühendumise kui võrgu olek muutub (nt. WIFI peale/pealt mobiilile)</string> <string name="netchange">Uuestiühendus võrgu oleku muutumisel</string> <string name="cert_from_keystore">Saadud sertifikaat \'%s\' võtmehoidlast</string> <string name="netstatus">Võrgu olek: %s</string> @@ -204,7 +204,7 @@ <string name="getproxy_error">Viga proxy seadistuste vastuvõtul: %s</string> <string name="using_proxy">Kasutusel proxy %1$s %2$d</string> <string name="use_system_proxy">Kasuta süsteemset proxy\'t</string> - <string name="use_system_proxy_summary">Kasuta ühendumisel süsteemset HTTP/HTTPS proxy konfiguratsiooni.</string> + <string name="use_system_proxy_summary">Kasuta ühendumisel süsteemse HTTP/HTTPS proxy konfiguratsiooni.</string> <string name="donatewithpaypal">Sul on võimalus <a href=\"https://www.paypal.com/cgi-bin/webscr?hosted_button_id=R2M6ZP9AF25LS&amp;cmd=_s-xclick\">annetada PayPal vahendusel</a> </string> <string name="onbootrestartsummary">Kui VPN oli süsteemi uuestilaadimisel/sulgemisel aktiivne siis taastatakse seadme käivitamisel OpenVPN ühendus. Palun lugege enne selle valiku kasutamist läbi ühendumise hoiatuse KKK.</string> <string name="onbootrestart">Uuestilaadimisel ühendu uuesti</string> @@ -220,8 +220,22 @@ <string name="vpn_import_hint">Kasuta olemasoleva (.ovpn või .conf) profiili importimiseks sdcard pealt <img src=\"ic_menu_archive\"/> ikooni.</string> <string name="faq_hint">Kindlasti vaata KKK\'d. See sisaldab ka alustamise lühijuhendit.</string> <string name="correcttls">Teisenda remote-tls formaat OpenVPN 2.2 pealt 2.3 peale</string> - <string name="faq_routing_title">marsruutimise/liidese konfigureerimine</string> + <string name="faq_routing_title">Marsruutimine ja võrguliidese konfigureerimine</string> <string name="faq_routing">Marsruutimine ja liidese seadistamine ei toimu traditsiooniliste ifconfig/route käskudega vaid VPNService API abil. Tulemuseks on teistest OS\'dest erinev marsruutimise konfiguratsioon. Konfiguratsioonis on kirjed ainult tunneli-liidese IP jaoks ja nende võrkude kirjeldused mis peavad olema marsruuditud läbi selle liidese. Täpsemalt, pole vaja kirjeldada ei teise poole aadressi ega ruuterit. Spetsiaalsed ruutingukirjed VPN serveriga kontakteerumiseks (nagu näiteks redirect-gateway kasutamisel) ei ole samuti vajalikud. Seetõttu ignoreeritakse konfiguratsiooni importimisel neid kirjeid. Programm kindlustab VPNService API abil et VPN serveriga kontakteerumist nõudvaid ühendusi ei ruudita läbi VPN tunneli. Kuna toetatud on ainult tunneldatavate võrkude marsruudid, siis ei saa kirjeldada ka ruutinguid mis ei suuna liiklust läbi tunneli. (nt. route x.x.x.x y.y.y.y net_gateway). \'Näita ühenduse andmeid\' nupp logiaknas näitab kehtivat VPNService võrgukonfiguratsiooni.</string> <string name="persisttun_summary">Ära taasta otseühendust kui OpenVPN on taasühendumas.</string> <string name="persistent_tun_title">Katkematu tun</string> + <string name="translation">Tõlge</string> + <string name="openvpn_log">OpenVPN Logi</string> + <string name="import_config">Impordi OpenVPN konfiguratsioon</string> + <string name="battery_consumption_title">Akukasutus</string> + <string name="baterry_consumption">Minu isiklike testide põhjal kulutavad akut peamiselt OpenVPN keepalive paketid. Enamikel OpenVPN serveritel esineb direktiiv nagu \'keepalive 10 60\' mis tähendab et klient saadab serverile ja server kliendile keepalive pakette iga 10 sekundi tagant. <p> Ehkki keepalive paketid on väikesed ja ei põhjusta märgatavat võrguliiklust, ei lase nad mobiilse ühenduse raadiovõrgukiibil minna energiasäästurežiimi. <p> Need keepalive seadistused pole kliendi poolt muudetavad, neid seadistusi saab muuta ainult OpenVPN serveri süsteemiadministraator. <p> Kahjuks esineb üle 60 sekundi pikkuse keepalive puhul probleeme UDP protokolliga üle mõnede NAT ruuterite mis kustutavad UDP ühenduste olekuinfo väga lühikese aja jooksul (minu testides 60s). TCP protokolliga seda probleemi ei esine, kuid esineb TCP üle TCP tunneldamise probleem. (Vaata <a href=\"http://sites.inka.de/bigred/devel/tcp-tcp.html\">Miks TCP üle TCP on halb mõte</a>)</string> + <string name="faq_tethering">Android Tethering (üle WiFi, USB või Bluetoothi) ja VPNService API (mida käesolev programm kasutab) ei ole koos kasutatavad. Täpsemad detailid leiad <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=34\">issue #34</a></string> + <string name="vpn_tethering_title">VPN ja tether</string> + <string name="connection_retries">Ühendumise korduskatseid</string> + <string name="reconnection_settings">Taasühendusseaded</string> + <string name="connectretrymessage">Mitu sekundit oodata ühendumiskatsete vahel.</string> + <string name="connectretrywait">Sekundeid ühenduste vahel</string> + <string name="minidump_generated">OpenVPN jooksis ootamatult kokku. Palun kaaluge \"saada Minitõmmis\" valiku lubamist peamenüüs</string> + <string name="send_minidump">Saada arendajale minitõmmis</string> + <string name="send_minidump_summary">Saada eelmise kokkujooksmise kohta käiv silumisinfo arendajale</string> </resources> diff --git a/res/values-fr/strings.xml b/res/values-fr/strings.xml index 673ca018..a5f589f4 100755 --- a/res/values-fr/strings.xml +++ b/res/values-fr/strings.xml @@ -15,7 +15,7 @@ <string name="client_key_title">"Clé du certificat client"</string> <string name="client_pkcs12_title">"Fichier PKCS12"</string> <string name="ca_title">"Certificat CA"</string> - <string name="no_certificate">"Rien de sélectionné"</string> + <string name="no_certificate">"Vous devez sélectionner un certificat"</string> <string name="copyright_guicode">"Le code source et le tracker de bugs est disponible ici: http://code.google.com/p/ics-openvpn/ "</string> <string name="copyright_others">"Le programme utilise les composants suivants. Voir le code source pour plus de détails sur les licences."</string> <string name="about">"À propos"</string> @@ -25,7 +25,6 @@ <string name="vpn_type">"Type"</string> <string name="pkcs12pwquery">"Mot de passe PKCS12"</string> <string name="file_select">"Sélectionner..."</string> - <string name="file_nothing_selected">"Rien de sélectionné"</string> <string name="useTLSAuth">"Utiliser l\'authentification TLS"</string> <string name="tls_direction">"Direction de l\'authentification TLS"</string> <string name="ipv6_dialog_tile">"Entrez l\'adresse IPv6 / masque de réseau au format CIDR (ex.: 2000:jj::23/64)"</string> @@ -39,7 +38,6 @@ <string name="configure_the_vpn">"Configurer le VPN"</string> <string name="menu_add_profile">"Ajouter un profil"</string> <string name="add_profile_name_prompt">"Entrez un nom identifiant le nouveau profil"</string> - <string name="duplicate_profile_name">"Dupliquer un nom de profil"</string> <string name="profilename">"Nom de profil"</string> <string name="no_keystore_cert_selected">"Aucun certificat utilisateur sélectionné."</string> <string name="no_error_found">"Aucune erreur"</string> @@ -91,7 +89,7 @@ <string name="float_title">"Permettre des serveur flottants"</string> <string name="custom_options_title">"Options personnalisées"</string> <string name="edit_vpn">"Modifier les paramètres VPN"</string> - <string name="remove_vpn_query">"Effacer le profil VPN %s ?"</string> + <string name="remove_vpn_query">\"Effacer le profil VPN %s ?\"?</string> <string name="tun_error_helpful">"Sur certaines ROMs ICS les permissions de /dev/tun peuvent être incorrectes, ou le module Tun peut être manquant. Pour les ROMs CM9, essayez de corriger les options dans \"General Settings\""</string> <string name="tun_open_error">"L\'ouverture de l\'interface Tun a échoué."</string> <string name="error">"Erreur: "</string> @@ -107,7 +105,7 @@ <string name="ip_not_cidr">"Informations récupérées de l\'interface: %1$s et %2$s , en supposant que la seconde adresse est l\'adresse peer du réseau distant. Utilisation du masque de réseau /32 pour l\'IP locale. Mode donné par OpenVPN: \"%3$s\"."</string> <string name="route_not_cidr">"Ne peut pas donner un sens à %1$s et %2$s comme routage IP avec masque réseau de type CIDR, en utilisant /32 comme masque de réseau."</string> <string name="route_not_netip">"Règle de redirection corrigée: %1$s / %2$s en %3$s / %2$s"</string> - <string name="keychain_access">"Impossible d\'accéder aux certificats \"Android Keychain\". (Peut être causé par une mise à jour du firmware ou par une restauration d\'une sauvegarde des paramètres de l\'application). Veuillez modifier le profil VPN et sélectionnez de nouveau le certificat dans les réglages de base pour recréer l\'autorisation d\'accéder au certificat."</string> + <string name="keychain_access">\"Impossible d\'accéder aux certificats \"Android Keychain\". (Peut être causé par une mise à jour du firmware ou par une restauration d\'une sauvegarde des paramètres de l\'application). Veuillez modifier le profil VPN et sélectionnez de nouveau le certificat dans les réglages de base pour recréer l\'autorisation d\'accéder au certificat.\".</string> <string name="version_info">"%1$s %2$s"</string> <string name="send_logfile">"Envoyer le fichier de log"</string> <string name="send">"Envoyer"</string> @@ -115,8 +113,8 @@ <string name="copied_entry">"Entrée du log copiée"</string> <string name="tap_mode">"Mode TAP"</string> <string name="faq_tap_mode">"Le mode TAP est indisponible avec l\'API non root VPN. Par conséquent, cette application ne peut pas supporter TAP"</string> - <string name="tap_faq2">"Encore une fois? Vous plaisantez? Le mode TAP n\'est absolument pas pris en charge et l\'envoi de plus d\'e-mails demandant si il sera intégré ne va en rien aider."</string> - <string name="tap_faq3">"Encore une fois ? En fait il est possible que quelqu\'un puisse écrire un émulateur TAP basé sur TUN qui pourrait analyser des informations de type \"layer2\". Mais cet émulateur devrait aussi implémenter ARP et un client DHCP. Je ne suis actuellement pas au courant que quelqu\'un travail dessus. Contactez moi si vous voulez m\'aider là dessus"</string> + <string name="tap_faq2">\"Encore une fois? Vous plaisantez? Le mode TAP n\'est absolument pas pris en charge et l\'envoi de plus d\'e-mails demandant si il sera intégré ne va en rien aider.\".</string> + <string name="tap_faq3">\"Encore une fois ? En fait il est possible que quelqu\'un puisse écrire un émulateur TAP basé sur TUN qui pourrait analyser des informations de type \"layer2\". Mais cet émulateur devrait aussi implémenter ARP et un client DHCP. Je ne suis actuellement pas au courant que quelqu\'un travail dessus. Contactez moi si vous voulez m\'aider là dessus\".</string> <string name="faq">"FAQ"</string> <string name="faq_summary">"Foire aux questions et quelques conseils"</string> <string name="copying_log_entries">"Copie des entrées du log"</string> @@ -143,7 +141,7 @@ <string name="trying_to_read">"Tentative de lecture du fichier: %1$s"</string> <string name="import_could_not_open">"Impossible de trouver le fichier %1$s mentionné dans le fichier de configuration importé"</string> <string name="importing_config">"Importation du fichier de configuration depuis %1$s"</string> - <string name="import_warning_custom_options">"Votre configuration a quelques options de configuration qui pourraient être analysées. Ces options ont été ajoutées comme options de configuration personnalisées. La configuration personnalisée est affichée ci-dessous:"</string> + <string name="import_warning_custom_options">\"Votre configuration a des options de configuration qui ne pouvaient pas être analysées. Ces options ont été ajoutées comme options de configuration personnalisées. La configuration personnalisée est affichée ci-dessous:\":</string> <string name="import_done">"Fin de la lecture du fichier de configuration."</string> <string name="nobind_summary">"Ne pas se lier à l\'adresse locale et au port"</string> <string name="no_bind">"Aucune liaison locale"</string> @@ -224,5 +222,17 @@ Sur certaines images, cette notification joue un son.\nAndroid à introduit ces <string name="correcttls">"Converti le format \"remote-tls\" du format OpenVPN 2.2 au 2.3"</string> <string name="faq_routing_title">"Redirections / Configuration de l\'interface"</string> <string name="faq_routing">"La configuration de l\'interface TUN et des règles de redirection de ports n\'est pas faite par les commandes traditionnelles du genre \"ifconfig\" ou \"route\" mais en utilisant l\'API VPNService. Il en résulte que la configuration de routage est différente des autres systèmes d\'exploitation. La configuration se compose uniquement de l\'adresse IP de l\'interface du tunnel, et les réseaux qui doivent être routés via cette interface. Aucune adresse peer partenaire ou passerelle n\'est nécessaire. Des règles de redirection spéciales pour atteindre le serveur VPN (par exemple ajouté lors de l\'utilisation redirect-gateway) ne sont pas nécessaires non plus. L\'application va donc ignorer ces paramètres lors de l\'importation d\'une configuration. L\'application permet à l\'API VPNService que la connexion au serveur n\'est pas acheminé par le tunnel VPN. Étant donné que seuls les réseaux spécifiant vouloir être routés via le tunnel sont pris en charge, les règles de redirection supplémentaires ne pointant pas vers le tunnel ne sont aussi pas prises en charge. (ex.: x.x.x.x y.y.y.y net_gateway). Le bouton d\'information dans le log affiche la configuration actuelle de la configuration du réseau VPNService."</string> + <string name="persisttun_summary">Ne pas couper la connexion VPN lors de la reconnexion d\'OpenVPN.</string> <string name="persistent_tun_title">Persistance de l\'interface TUN</string> + <string name="translation">"Traduction"</string> + <string name="openvpn_log">Log OpenVPN</string> + <string name="import_config">"Importer une configuration OpenVPN"</string> + <string name="battery_consumption_title">"Consommation de la batterie"</string> + <string name="baterry_consumption">"Lors de mes tests d\'OpenVPN, la source de principale de consommation de la batterie est l\'émission des paquets de servant à maintenir la connexion active (keepalive). La plupart des serveurs OpenVPN utilisent la directive \'keepalive 10 60\' ce qui signifie que des packets de keepalive sont envoyés toutes les 10 secondes du client au serveur et vice-versa, et que la connexion sera redemmarée après 60s en cas d\'inactivité. lt;gt;Bien que le trafic généré soit faible, ces paquets maintiennent le module radio actif et augmentent la consommation d\'énergie. lt;pgt; Malheureusement, la configuration du keepalive ne peut pas être changé sur le client, seul l\'administrateur du réseau OpenVPN peut le faire. En effet, utiliser une période de keepalive supérieure à 60 secondes pose problème pour les réseaux UDP et les passerelles NAT qui ferment alors la connexion (mes tests ont mis en évidence un timeout de 60s). L\'usage de TCP et d\'une plus longue periode de keepalive est possible mais présente les inconvénient lié aux connexion TCP encapsulées (cf., site en anglais: lt;a href=\"http://sites.inka.de/bigred/devel/tcp-tcp.html\"gt;Why TCP Over TCP Is A Bad Idelt;/agt;)"</string> + <string name="faq_tethering">La fonctionnalité de Tethering Android (sur WiFi, USB ou Bluetooth) et l\'API VPNService (utilisé par ce programme) ne fonctionnent pas ensemble. Pour plus de détails, voir la <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=34\" > page #34 </a></string> + <string name="vpn_tethering_title">VPN et Tethering</string> + <string name="connection_retries">"Tentatives de connexion"</string> + <string name="reconnection_settings">"Paramètres de reconnexion"</string> + <string name="connectretrymessage">"Nombre de secondes d\'attente entre chaque tentative de connexion."</string> + <string name="connectretrywait">"Temps, en secondes, entre deux connexions"</string> </resources> diff --git a/res/values-he/strings.xml b/res/values-he/strings.xml index a71e2c4c..62b5ca91 100755 --- a/res/values-he/strings.xml +++ b/res/values-he/strings.xml @@ -1,7 +1,33 @@ <?xml version="1.0" encoding="utf-8"?> <!--Generated by crowdin.net--> <resources> + <string name="app">OpenVPN עבור אנדרואיד</string> + <string name="address">כתובת שרת:</string> + <string name="port">יציאת שרת:</string> + <string name="location">מיקום</string> + <string name="cant_read_folder">אין אפשרות לקרוא את התיקיה!</string> + <string name="select">בחר</string> + <string name="cancel">ביטול</string> + <string name="no_data">אין נתונים</string> + <string name="useLZO">דחיסת LZO</string> + <string name="client_no_certificate">אין תעודה</string> + <string name="client_certificate_title">תעודת Client</string> + <string name="client_key_title">מפתח תעודת Client</string> + <string name="client_pkcs12_title">קובץ PKCS12</string> + <string name="ca_title">תעודת רשות אישורים</string> + <string name="no_certificate">לא נבחר דבר</string> + <string name="copyright_guicode">קוד מקור וקוד עוקב זמינים תחת http://code.google.com/p/ics-openvpn/ </string> + <string name="copyright_others">התוכנית משתמשת ברכיבים הבאים. קרא את קוד המקור לקבלת פרטים מלאים על הרשיונות</string> + <string name="about">אודות</string> + <string name="about_summary">אודות OpenVPN עבור אנדרואיד</string> + <string name="vpn_list_summary">רשימה של כל תצורת ה-Vpn המוגדרות</string> + <string name="vpn_list_title">פרופילים של תצורות VPN</string> + <string name="vpn_type">סוג</string> + <string name="pkcs12pwquery">סיסמת PKCS12</string> <string name="file_select">בחר</string> + <string name="file_nothing_selected">לא נבחר דבר</string> + <string name="useTLSAuth">השתמש באימות TLS</string> + <string name="tls_direction">כיוון TLS</string> <string name="dns1_summary">שרת DNS כדי להשתמש.</string> <string name="dns_server">שרת DNS</string> <string name="secondary_dns_message">אם אין אפשרות להגיע לשרת DNS רגיל שרת DNS משני.</string> diff --git a/res/values-it/arrays.xml b/res/values-it/arrays.xml new file mode 100755 index 00000000..54ff474c --- /dev/null +++ b/res/values-it/arrays.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<!--Generated by crowdin.net--> +<resources> + <string-array name="vpn_types"> + <item>Certificati</item> + <item>File PKCS12</item> + <item>Certificato Android</item> + <item>Utente/Password</item> + <item>Chiavi statiche</item> + <item>Utente/password + Certificati</item> + <item>Utente/Passowrd + PKCS12 </item> + <item>Utente/Passsword + Android</item> + </string-array> + <string-array name="tls_directions_entries"> + <item>0</item> + <item>1</item> + <item>Non specificato</item> + </string-array> + <string-array name="verb_entries"> + <item>Log disattivato</item> + <item>Default log</item> + <item>Log più dettagliato</item> + <item>3</item> + <item>4</item> + <item>Log per debug</item> + </string-array> +</resources> diff --git a/res/values-it/strings.xml b/res/values-it/strings.xml new file mode 100755 index 00000000..63b92df8 --- /dev/null +++ b/res/values-it/strings.xml @@ -0,0 +1,228 @@ +<?xml version="1.0" encoding="utf-8"?> +<!--Generated by crowdin.net--> +<resources> + <string name="app">OpenVPN per Android</string> + <string name="address">Indirizzo server:</string> + <string name="port">Porta del server:</string> + <string name="location">Posizione</string> + <string name="cant_read_folder">Impossibile leggere la directory</string> + <string name="select">Seleziona</string> + <string name="cancel">Annulla</string> + <string name="no_data">Nessun dato</string> + <string name="useLZO">Compressione LZO</string> + <string name="client_no_certificate">Nessun certificato</string> + <string name="client_certificate_title">Certificato client</string> + <string name="client_key_title">Chiave del certificato client</string> + <string name="client_pkcs12_title">File PKCS12</string> + <string name="ca_title">Certificato CA</string> + <string name="no_certificate">Devi selezionare un certificato</string> + <string name="copyright_others">Questo programma usa i seguenti componenti; guarda il codice sorgente per i dettagli completi sulle licenze</string> + <string name="about">Informazioni</string> + <string name="about_summary">Informazioni su OpenVPN per Android</string> + <string name="vpn_list_summary">Elenco connessioni VPN configurate</string> + <string name="vpn_list_title">Profili VPN</string> + <string name="vpn_type">Tipo</string> + <string name="pkcs12pwquery">Password PKCS12</string> + <string name="file_select">Seleziona…</string> + <string name="file_nothing_selected">Devi selezionare un file</string> + <string name="useTLSAuth">Usa autenticazione TLS</string> + <string name="tls_direction">Direzione TLS</string> + <string name="ipv6_dialog_tile">Inserire l\'indirizzo IPv6 e la maschera di rete in formato CIDR (ad esempio 2000:dd::23/64)</string> + <string name="ipv4_dialog_title">Inserire l\'indirizzo IPv4 e la maschera di rete in formato CIDR (ad esempio 1.2.3.4/24)</string> + <string name="ipv4_address">Indirizzo IPv4</string> + <string name="ipv6_address">Indirizzo IPv6</string> + <string name="auth_username">Utente</string> + <string name="auth_pwquery">Password</string> + <string name="static_keys_info">Per la configurazione statica le chiavi di autorizzazione TLS saranno usate come chiavi statiche</string> + <string name="configure_the_vpn">Configura la VPN</string> + <string name="menu_add_profile">Aggiungi profilo</string> + <string name="add_profile_name_prompt">Immettere un nome per identificare il nuovo profilo</string> + <string name="duplicate_profile_name">Si prega di inserire un nome univoco del profilo</string> + <string name="profilename">Nome del profilo</string> + <string name="no_keystore_cert_selected">Devi selezionare un certificato utente</string> + <string name="no_error_found">Nessun errore trovato</string> + <string name="config_error_found">Errore nella configurazione</string> + <string name="ipv4_format_error">Impossibile analizzare l\'indirizzo IPv4</string> + <string name="vpn_shortcut">Collegamento a OpenVPN</string> + <string name="vpn_launch_title">Connetti alla VPN</string> + <string name="shortcut_profile_notfound">Profilo indicato nel collegamento non trovato</string> + <string name="random_host_prefix">Prefisso Host casuale</string> + <string name="random_host_summary">Aggiunge 6 caratteri casuali prima dell\'hostname</string> + <string name="custom_config_title">Abilita le opzioni personalizzate</string> + <string name="custom_config_summary">Specifica opzioni personalizzate. Utilizzare con cautela!</string> + <string name="route_rejected">Reindirizzamento (route) rifiutato da Android</string> + <string name="cancel_connection">Scollega</string> + <string name="clear_log">Cancella registro</string> + <string name="title_cancel">Conferma l\'annullamento</string> + <string name="cancel_connection_query">Disconnetti la VPN in uso/annulli il tentativo di connessione?</string> + <string name="remove_vpn">Rimuovi VPN</string> + <string name="check_remote_tlscert">Controlla se il server utilizza un certificato Server TLS</string> + <string name="check_remote_tlscert_title">Eccezioni del server TLS</string> + <string name="remote_tlscn_check_summary">Controlla il certificato del server remoto CN confrontandolo con una stringa</string> + <string name="remote_tlscn_check_title">Verifica il certificato dell\'Host</string> + <string name="enter_tlscn_dialog">Inserisci una stringa con cui controllare il server remoto. OpenVPN controllerà che il prefisso corrissponda. Ad esempio \"Server\" riconosce validi \"Server-1\" e \"Server-2\".\nLasciare vuoto se si desidera controllare il nome dell\'host remoto CN con il nome del server.</string> + <string name="enter_tlscn_title">Nome dell\'host remoto (CN)</string> + <string name="tls_key_auth">Abilita l\'autenticazione tramite TLS</string> + <string name="tls_auth_file">File di autenticazione TLS</string> + <string name="pull_on_summary">Richiede indirizzi IP, instradamenti r opzioni di sincronizzazione dal server.</string> + <string name="pull_off_summary">Nessuna informazione è chiesta al server. Le impostazioni devono essere specificate di seguito.</string> + <string name="use_pull">Richiedi impostazioni</string> + <string name="dns">DNS</string> + <string name="override_dns">Sovrascrive le impostazioni DNS del server</string> + <string name="dns_override_summary">Utilizzare il proprio server DNS</string> + <string name="searchdomain">Dominio di ricerca</string> + <string name="dns1_summary">Server DNS da utilizzare.</string> + <string name="dns_server">Server DNS</string> + <string name="secondary_dns_message">Server DNS secondario utilizzato se il Server DNS primario non può essere raggiunto.</string> + <string name="backup_dns">Server DNS secondario</string> + <string name="ignored_pushed_routes">Ignora gli instradamenti</string> + <string name="ignore_routes_summary">Ignora impostazioni di routing comunicate dal server.</string> + <string name="default_route_summary">Reindirizza tutto il traffico sulla VPN</string> + <string name="use_default_title">Utilizza il Routing di default</string> + <string name="custom_route_message">Inserisci instradamenti personalizzati. Usare il formato CIDR. \"10.0.0.0/8 2002::/16\" reindirizza le reti 10.0.0.0/8 e 2002::/16 sulla VPN.</string> + <string name="custom_routes_title">Rotte personalizzate</string> + <string name="log_verbosity_level">Livello di dettaglio del registro</string> + <string name="float_summary">Permette pacchetti autenticati da qualsiasi IP</string> + <string name="float_title">Consenti che il server possa cambiare indirizzo IP (modalità float)</string> + <string name="custom_options_title">Opzioni personalizzate</string> + <string name="edit_vpn">Modifica impostazioni VPN</string> + <string name="remove_vpn_query">Rimuovere il profilo VPN \'%s\'?</string> + <string name="tun_error_helpful">In alcune immagini ICS personalizzate i permessi su /dev/tun potrebbero essere errati, oppure il modulo TUN completamente assente. Per le immagini CM9 provare a correggere le opzioni Proprietà nella sezione impostazioni generali</string> + <string name="tun_open_error">Impossibile accedere all\'interfaccia tun</string> + <string name="error">"Errore:"</string> + <string name="clear">Azzera</string> + <string name="info">Info</string> + <string name="show_connection_details">Visualizza i dettagli della connessione</string> + <string name="last_openvpn_tun_config">Ultima configurazione interfaccia OpenVPN:</string> + <string name="local_ip_info">Indirizzi locali - IPv4: %1$s/%2$d IPv6: %3$s MTU: %4$d</string> + <string name="dns_server_info">Server DNS: %s</string> + <string name="dns_domain_info">Dominio DNS: %s</string> + <string name="routes_info">Instradamenti (route): %s</string> + <string name="routes_info6">Instradamenti (route) IPv6: %s</string> + <string name="ip_not_cidr">Ottenute le informazioni sulle interfacce %1$s e %2$s, assumendo che il secondo indirizzo sia il peer remoto. Utilizzata la maschera /32 per l\'IP locale. La modalità impostata da OpenVPN è \"%3$s\".</string> + <string name="route_not_cidr">Impossibile utilizzare %1$s e %2$s come reindirizzamenti IP con la maschera CIDR, è stata quindi usata la maschera /32.</string> + <string name="route_not_netip">Instradamento %1$s/%2$s corretto con %3$s/%2$s</string> + <string name="version_info">%1$s %2$s</string> + <string name="send_logfile">Invia il file di log</string> + <string name="send">Invia</string> + <string name="ics_openvpn_log_file">File log di OpenVPN ICS</string> + <string name="copied_entry">Voce di registro copiata negli appunti</string> + <string name="tap_mode">Modalità TAP</string> + <string name="faq_tap_mode">La modalità TAP non è disponibile con le VPN API non root</string> + <string name="tap_faq2">Ancora? Stai scherzando? No, la modalità tap non è supportata e mandare nuove email chiedendo se sarà supportata non aiuterà.</string> + <string name="faq">Domande frequenti (FAQ)</string> + <string name="faq_summary">Domande più frequenti e qualche consiglio</string> + <string name="copying_log_entries">Sto copiando le voci di log</string> + <string name="faq_copying">Per copiare una singola voce del log, premi e mantieni sulla voce del log. Per copiare/inviare l\'intero log usa l\'opzione \"Manda log\". +Usa il tasto hardware Menù se non è visibile nella GUI.</string> + <string name="faq_shortcut">Scorciatoia per l\'avvio</string> + <string name="faq_howto_shortcut">È possibile inserire un collegamento per avviare OpenVPN sul desktop. A seconda del vostro launcher dovrete aggiungere un collegamento o un widget.</string> + <string name="no_vpn_support_image">La tua immagine non è supportata dal VPNService API, mi dispiace :(</string> + <string name="encryption">Crittografia</string> + <string name="cipher_dialog_title">Inserire il metodo di crittografia</string> + <string name="chipher_dialog_message">Inserisci la chiave di cifratura per OpenVPN. Lascia vuoto per usare la chiave di cifratura predefinita</string> + <string name="settings_auth">Autenticazione/crittografia</string> + <string name="file_explorer_tab">Esplora risorse</string> + <string name="inline_file_tab">Blocco note</string> + <string name="import_file">Importa</string> + <string name="error_importing_file">Errore durante l\'importazione del file</string> + <string name="import_error_message">Impossibile importare il file dal filesystem</string> + <string name="inline_file_data">[[dati del blocco note]]</string> + <string name="opentun_no_ipaddr">Rifiuto di attivare il dispositivo tun senza informazioni sull\'IP</string> + <string name="menu_import">Importa il profilo dal file .ovpn</string> + <string name="menu_import_short">Importa</string> + <string name="import_content_resolve_error">Impossibile leggere il profilo da importare</string> + <string name="error_reading_config_file">Errore di lettura del file di configurazione</string> + <string name="add_profile">Aggiungi profilo</string> + <string name="trying_to_read">Tentativo di lettura del file: %1$s</string> + <string name="import_could_not_open">Impossibile trovare il file %1$s menzionato nel file di configurazione importato</string> + <string name="importing_config">Importa il file di configurazione dalla sorgente %1$s</string> + <string name="import_done"> +Effettuata la lettura del file di configurazione</string> + <string name="nobind_summary">Non legarti all\'indirizzo e alla porta locali (bind)</string> + <string name="no_bind">No local binding</string> + <string name="import_configuration_file">Importa file di configurazione</string> + <string name="faq_security_title">Considerazioni sulla sicurezza</string> + <string name="faq_security">"Dato che si usa OpenVPN per motivi di sicurezza, si riportano alcune note su quanto la sicurezza sia sensibile. Tutti i dati memorizzati sulla scheda SD sono intrinsecamente insicuri. Qualunque programma può leggerli (ad esempio a questo programma non sono richiesti speciali diritti per accedere alla scheda SD). I dati di questo programma invece possono essere letti solo dal programma stesso. Utilizzando l\'opzione di importazione di cacert/cert/key nelle impostazioni, i dati vengono memorizzati nel profilo della VPN. I profili delle VPN sono accessibili solo da questo programma (non bisogna però dimenticarsi di eliminare le copie dei certificati sulla scheda SD dopo questa operazione). Tuttavia anche se accessibili solamente da questo programma, i dati vengono memorizzati senza alcuna crittografia. E\' possibile pertanto mediante rooting o altre procedure recuperare tali dati. Anche le password salvate vengono memorizzate in chiaro. Si raccomanda caldamente di importare i file pkcs12 nel keystore di Android."</string> + <string name="import_vpn">Importa</string> + <string name="broken_image_cert_title">Errore nel mostrare il certificato selezionato</string> + <string name="broken_image_cert">Si è incappati in una eccezione tentando di visualizzare la finestra di selezione dei certificati di Android 4.0+. Questo non dovrebbe mai accadere dato che questa è una caratteristica standard di Android 4.0+. Forse il supporto al salvataggio dei certificati del tuo firmware di Android è corrotto.</string> + <string name="ipv4">IPv4</string> + <string name="ipv6">IPv6</string> + <string name="speed_waiting">In attesa del messaggio di stato...</string> + <string name="converted_profile">profilo importato</string> + <string name="converted_profile_i">profilo importato %d</string> + <string name="broken_images">Immagini danneggiate</string> + <string name="broken_images_faq"><p>E\' risaputo che i firmware ufficiali dell\'HTC presentano uno strano problema sull\'indirizzamento impedendo al traffico di passare attraverso il tunnel (vedi anche <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=18\">il problema n.18</a> +nel bug tracker).</p><p>Si è visto che ai firmware ufficiali della SONY per Xperia arc S ed Xperia Ray manca completamente il serivizio VPN. Anche altri firmware Sony potrebbero presentare lo stesso inconveniente (vedi anche <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=29\">il problema n.29</a> nel bug tracker).</p><p>Nei firmware personalizzati dagli utenti il modulo tun potrebbe essere stato rimosso o possono essere sbagliate le autorizzazioni per /dev/tun. Alcuni firmware per CM9 richiedono che venga selezionata nelle impostazioni generali l\'opzione per correggere i proprietari.</p><p>E\' molto importante che, nel caso abbiate un firmware che non funziona, lo segnaliate al costruttore. Maggiori sono le persone che segnalano il problema al costruttore, maggiore è la probabilità che il problema venga risolto.</p></string> + <string name="error_empty_username">L\'username non deve essere vuoto.</string> + <string name="pkcs12_file_encryption_key">File con la chiave di crittografia PKCS12</string> + <string name="private_key_password">Password della chiave privata</string> + <string name="password">Password</string> + <string name="file_icon">icona del file</string> + <string name="tls_authentication">Autenticazione TLS</string> + <string name="generated_config">Configurazione generata</string> + <string name="generalsettings">Impostazioni generali</string> + <string name="owner_fix_summary">Tenta di impostare system come proprietario di /dev/tun. Alcune immaggini CM9 necessitano di questa impostazione affinché le API del servizio VPN funzionino. E\' necessario essere root.</string> + <string name="owner_fix">Correggi i diritti su /dev/tun</string> + <string name="generated_config_summary">Mostra il file di configurazione di OpenVPN generato</string> + <string name="edit_profile_title">Modifica \"%s\"</string> + <string name="building_configration">Configurazione in corso...</string> + <string name="netchange">Riconnetti in caso cambi la rete</string> + <string name="cert_from_keystore">Ottenuto il certificato \'%s\' dal Keystore</string> + <string name="netstatus">Stato della rete: %s</string> + <string name="extracahint">Il certificato della CA è solitamente prelevato dal Keystore di Android. Indica un certificato differente se si generano errori di verifica del certificato.</string> + <string name="select_file">Selezionare</string> + <string name="keychain_nocacert">Nessun certificato della CA è stato prelevato dal Keystore di Android. E\' probabile che l\'autenticazione fallisca.</string> + <string name="show_log_summary">Mostra la finestra dei log della connessione. Si può sempre accedere alla finestra dei log tramite la barra delle notifiche.</string> + <string name="show_log_window">Visualizza la finestra dei log</string> + <string name="keppstatus_summary">Continua a mostrare le notifiche, dopo che la connessione è stata stabilita, per vedere le statistiche sul traffico.</string> + <string name="keepstatus">Visualizza le statistiche sul traffico</string> + <string name="mobile_info">In esecuzione su %1$s (%2$s) %3$s, Android API %4$d</string> + <string name="error_rsa_sign">Errore di firma con la chiave %1$s: %2$s del Keystore di Android.</string> + <string name="faq_system_dialogs">L\'avverimento durante la connessione VPN, in cui si informa che questo programma può intercettare tutto il traffico del sistema, serve a prevenire un uso fraudolento delle API del servizio VPN.\nL\'icona di notifica a forma di chiave è altresì imposta dal sistema Android per avvertire che si è connessi ad una VPN. Su alcuni apparecchi questa notifica è accompagnata da un suono.\nAndroid utilizza questi sistemi per la tua sicurezza e per assicurarsi che questi non vengano aggirati (in alcuni firmware questo sfortunamente è accompagnato da un suono di avvertimento).</string> + <string name="faq_system_dialogs_title">Avviso di connessione e notifica audio</string> + <string name="translationby">Traduzione in inglese di Arne Schwabe<arne@rfc2549.org></string> + <string name="ipdns">IP e DNS</string> + <string name="basic">Principali</string> + <string name="routing">Instradamento (routing)</string> + <string name="obscure">Impostazioni complesse di OpenVPN. Normalmente non necessarie.</string> + <string name="advanced">Avanzate</string> + <string name="export_config_title">Configurazione OpenVPN ICS</string> + <string name="warn_no_dns">Nessun server DNS in uso. La risoluzione dei nomi potrebbe non funzionare. Valuta se inserire dei server DNS personalizzati.</string> + <string name="dns_add_error">Impossibile aggiungere il server DNS \"%1$s\", respinto dal sistema: %2$s</string> + <string name="faq_howto"><p>Ottieni una configurazione funzionante (testata sul tuo computer o fornita dal tuo provider o dalla tua ditta).</p><p>Se si tratta di un singolo file senza ulteriori file tipo pem/pkcs12, puoi spedire il file a te stesso via email ad aprire l\'allegato. Se hai più file, salvali sulla scheda SD.</p><p>Clicca sull\'allegato dell\'email oppure utilizza l\'icona della cartella nell\'elendo delle VPN per importare il file di configurazione.</p><p>Se compaiono degli errori relativi a file non trovati, copia i file mancanti sulla tua scheda SD.</p><p>Clicca sull\'icona di salvataggio per aggiungere la VPN importata nell\'elenco delle tue VPN.</p><p>Connettiti alla VPN cliccando sul nome della VPN.</p><p>Se compaiono degli errori o degli avvertimenti nei log, si consiglia di non ignorarli, ma di cercare delle soluzioni.</p> </string> + <string name="faq_howto_title">Guida rapida</string> + <string name="setting_loadtun_summary">Prova a caricare il modulo tun.ko prima di connettersi. Si devono avere diritti di root sul dispositivo.</string> + <string name="setting_loadtun">Carica il modulo tun</string> + <string name="importpkcs12fromconfig">Importa i PKCS12 dalla configurazione presente nel Keystore di Android</string> + <string name="getproxy_error">Errore nell\'ottenere le impostazioni del proxy: %s</string> + <string name="using_proxy">Si sta utilizzando il proxy %1$s %2$d</string> + <string name="use_system_proxy">Utilizza il proxy di sistema</string> + <string name="use_system_proxy_summary">Utilizza la configurazione generale del sistema relativa ai proxy HTTP/HTTPS per connettersi.</string> + <string name="donatewithpaypal">Puoi <a href=\"https://www.paypal.com/cgi-bin/webscr?hosted_button_id=R2M6ZP9AF25LS&amp;cmd=_s-xclick\">donare tramite PayPal</a> </string> + <string name="onbootrestartsummary">OpenVPN is riconnetterà alla VPN se era in funzione durante un riavvio od un spegnimento dell\'apparecchio. Leggi con attenzione le FAQ con gli avvertimenti sulla connessione prima di scegliere questa opzione.</string> + <string name="onbootrestart">Riconnetti al riavvio</string> + <string name="ignore">Ignora</string> + <string name="restart">Riavvia</string> + <string name="restart_vpn_after_change">Le modifiche sarannoi applicate dopo aver riavviato la connessione VPN. Riavviare ora la connessione?</string> + <string name="configuration_changed">Configurazione modificata</string> + <string name="log_no_last_vpn">Impossibile determinare l\'ultimo profilo con cui ci si è connessi per poterlo modificare</string> + <string name="faq_duplicate_notification_title">Doppie notifiche</string> + <string name="faq_duplicate_notification">Normalmente, se la memoria di sistema (RAM) di Android è insufficiente, i programmi ed i servizi che non sono in quel momento necessari vengono rimossi dalla memoria attiva. In questo caso la connessione VPN in corso sarebbe terminata. Per far sì che la conessione OpenVPN resti in funzione, il servizio viene eseguito in priorità alta e per questo motivo appare un\'icona permanente nella barra delle notifiche. L\'icona di notifica a forma di chiave è invece imposta dal sistema come descritto nella precedente voce delle FAQ e non serve a far eseguire il programma con priorità alta.</string> + <string name="no_vpn_profiles_defined">Nessun profilo VPN definito.</string> + <string name="add_new_vpn_hint">Usa l\'icona <img src=\"ic_menu_add\"/> per aggiungere una nuova VPN</string> + <string name="vpn_import_hint">Usa l\'icona <img src=\"ic_menu_archive\"/> per importare il profilo (.ovpn o .conf) dalla tua scheda SD.</string> + <string name="faq_hint">Si raccomanda di leggere anche le FAQ. C\'è anche una guida rapida.</string> + <string name="correcttls">Converti il formato di remote-tls da quello di OpenVPN 2.2 a quello della 2.3</string> + <string name="faq_routing_title">Configurazione dei reindirizzamenti e dell\'interfaccia</string> + <string name="faq_routing">Le configurazioni di instradamento e dell\'interfaccia non vengono eseguite tramite i tradizionali comandi ifconfig e route ma utilizzando le API del servizio VPN. Questa comporta differenti configurazioni di instradamento rispetto ad altri sistemi operativi. In particolare non sono richiesti gli indirizzi del partner peer o del gateway. Non sono nemmeno richiesti instradamenti particolari per raggiungere il server VPN, ad esempio quando si utilizza un gateway di reindirizzamento. Il programma ignora pertanto queste impostazioni quando viene importata una configurazione. Il programma inoltra si assicura tramite le API del servizio VPN che la connessione col server non sia indirizzata attraverso il tunnel della VPN. Dal momento che solo le reti che esplicitamente vengono reindirizzate attraverso il tunnel sono supportate, non sono supportate ulteriori reti che non puntano verso il tunnel, come ad esempio quelle realizzate col comando route x.x.x.x y.y.y.y net_gateway. Il pulsante \"Mostra informazioni\" nella finestra dei log mostra la configurazione dell\'attuale rete VPN.</string> + <string name="persisttun_summary">Non tornare nello stato di \"Nessuna connessione VPN\" quando OpenVPN sta eseguendo un tentativo di riconnessione.</string> + <string name="persistent_tun_title">tun persistente</string> + <string name="translation">Traduzione</string> + <string name="openvpn_log">Log di OpenVPN</string> + <string name="import_config">Importa configurazione OpenVPN</string> + <string name="battery_consumption_title">Consumo della batteria</string> + <string name="faq_tethering">Il Tethering di Android (via WiFi, USB o Bluetooth) e le API del servizio VPN (utilizzate da questo programma) non possono funzionare contemporaneamente. Per maggiori informazioni, <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=34\">vedi qui#34</a></string> + <string name="vpn_tethering_title">VPN e Tethering</string> +</resources> diff --git a/res/values-ja/arrays.xml b/res/values-ja/arrays.xml new file mode 100755 index 00000000..c2428a74 --- /dev/null +++ b/res/values-ja/arrays.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<!--Generated by crowdin.net--> +<resources> + <string-array name="vpn_types"> + <item>証明書</item> + <item>PKCS12 ファイル</item> + <item>Androidの証明書管理</item> + <item>ユーザー名/パスワード</item> + <item>共有鍵</item> + <item>User/PWと証明書</item> + <item>User/PWとPKCS12ファイル</item> + <item>User/PWとAndroidの証明書管理</item> + </string-array> + <string-array name="tls_directions_entries"> + <item>0</item> + <item>1</item> + <item>未指定</item> + </string-array> + <string-array name="verb_entries"> + <item>0 - ログなし</item> + <item>1 - 標準的なログ</item> + <item>2 - 詳細なログ</item> + <item>3</item> + <item>4</item> + <item>5 - デバッグログ</item> + </string-array> +</resources> diff --git a/res/values-ja/strings.xml b/res/values-ja/strings.xml new file mode 100755 index 00000000..57d7fd8d --- /dev/null +++ b/res/values-ja/strings.xml @@ -0,0 +1,281 @@ +<?xml version="1.0" encoding="utf-8"?> +<!--Generated by crowdin.net--> +<resources> + <string name="app">OpenVPN for Android</string> + <string name="address">サーバアドレス</string> + <string name="port">ポート番号</string> + <string name="location">場所</string> + <string name="cant_read_folder">ディレクトリが読み取れません</string> + <string name="select">選択</string> + <string name="cancel">キャンセル</string> + <string name="no_data">データなし</string> + <string name="useLZO">LZO 圧縮</string> + <string name="client_no_certificate">証明書がありません。</string> + <string name="client_certificate_title">クライアント証明書</string> + <string name="client_key_title">クライアント証明書のキー</string> + <string name="client_pkcs12_title">PKCS12ファイル</string> + <string name="ca_title">CA 証明書</string> + <string name="no_certificate">証明書を選択する必要があります。</string> + <string name="copyright_guicode">ソースコードと問題管理は以下で: http://code.google.com/p/ics-openvpn/</string> + <string name="copyright_others">プログラムは、次のコンポーネントを使用します。完全な詳細についてはソース上のライセンスを参照してください。</string> + <string name="about">バージョン情報</string> + <string name="about_summary">OpenVPN for Androidについて</string> + <string name="vpn_list_summary">設定されたすべてのVPN</string> + <string name="vpn_list_title">VPNプロファイル</string> + <string name="vpn_type">種別</string> + <string name="pkcs12pwquery">PKCS12のパスワード</string> + <string name="file_select">選択</string> + <string name="file_nothing_selected">ファイルを選択する必要があります。</string> + <string name="useTLSAuth">TLS認証を使用します。</string> + <string name="tls_direction">TLS Direction</string> + <string name="ipv6_dialog_tile">IPv6アドレスをCIDR形式で入力(例:2000:dd::23/64)</string> + <string name="ipv4_dialog_title">IPv4アドレスをCIDR形式で入力(例:1.2.3.4/24)</string> + <string name="ipv4_address">IPv4アドレス</string> + <string name="ipv6_address">IPv6アドレス</string> + <string name="custom_option_warning">OpenVPNのカスタムオプションを入力します。利用には細心の注意が必要です。設定画面ではTUNモジュールの多くの設定がサポートされていません。もしほかに重要と思う設定があれば作者に連絡してください。</string> + <string name="auth_username">ユーザー名</string> + <string name="auth_pwquery">パスワード</string> + <string name="static_keys_info">TLS認証鍵の設定は、静的キーとして使用されます。</string> + <string name="configure_the_vpn">VPNの設定</string> + <string name="menu_add_profile">プロファイルの追加</string> + <string name="add_profile_name_prompt">新しいプロファイルを識別する名前を入力します</string> + <string name="duplicate_profile_name">プロファイル名が重複しています。</string> + <string name="profilename">プロファイル名</string> + <string name="no_keystore_cert_selected">ユーザー証明書を選択する必要があります。</string> + <string name="no_error_found">エラーは見つかりませんでした。</string> + <string name="config_error_found">設定に誤りがあります。</string> + <string name="ipv4_format_error">IPv4 アドレスの解析エラー</string> + <string name="custom_route_format_error">カスタム経路の解析エラー</string> + <string name="pw_query_hint">必要に応じて入力するには空欄にしてください</string> + <string name="vpn_shortcut">OpenVPN のショートカット</string> + <string name="vpn_launch_title">VPNに接続</string> + <string name="shortcut_profile_notfound">ショートカットで指定されたプロファイルが見つかりません</string> + <string name="random_host_prefix">ランダムなホスト プレフィックス</string> + <string name="random_host_summary">ランダムな6文字をホスト名の前に付加します。</string> + <string name="custom_config_title">カスタム オプションを使用する</string> + <string name="custom_config_summary">カスタムオプションを指定します。注意を要します。</string> + <string name="route_rejected">経路がAndroidにより拒否されました。</string> + <string name="cancel_connection">切断</string> + <string name="clear_log">ログをクリア</string> + <string name="title_cancel">キャンセルの確認</string> + <string name="cancel_connection_query">接続中または試行中の接続をキャンセルしますか?</string> + <string name="remove_vpn">VPN を削除</string> + <string name="check_remote_tlscert">サーバがTLSサーバ証明書を使用する場合はチェックします。</string> + <string name="check_remote_tlscert_title">TLS サーバーを除く</string> + <string name="remote_tlscn_check_summary">リモートサーバの証明書のCNをチェックします。</string> + <string name="remote_tlscn_check_title">証明書のホスト名を確認する</string> + <string name="enter_tlscn_dialog">リモートサーバをチェックする際の文字列を指定します。OpenVPNでは前方一致を行います。\"Server\"は\"Server-1\"と\"Server-2\"にマッチします。\n +空欄にすると、CNとサーバのホスト名を比較します。</string> + <string name="enter_tlscn_title">リモートホスト名(CN)</string> + <string name="tls_key_auth">TLS鍵認証を有効にする</string> + <string name="tls_auth_file">TLS 認証ファイル</string> + <string name="pull_on_summary">IPアドレス、経路情報、DNSなどの情報をサーバから取得します。</string> + <string name="pull_off_summary">サーバからは何も情報が取得できません。指定が必要な設定は以下の通りです。</string> + <string name="use_pull">情報取得の設定</string> + <string name="dns">DNS</string> + <string name="override_dns">サーバ指定のDNSサーバ設定をオーバーライドします。</string> + <string name="dns_override_summary">DNSをユーザ側で指定します。</string> + <string name="searchdomain">検索ドメイン</string> + <string name="dns1_summary">使用する DNS サーバー</string> + <string name="dns_server">DNS サーバー</string> + <string name="secondary_dns_message">セカンダリDNSサーバーは、プライマリDNSサーバーに到達できない場合に使用します。</string> + <string name="backup_dns">セカンダリDNSサーバー</string> + <string name="ignored_pushed_routes">サーバ側指定の経路情報を無視する</string> + <string name="ignore_routes_summary">サーバからプッシュされた経路情報を無視します。</string> + <string name="default_route_summary">すべての通信をVPN経由にします</string> + <string name="use_default_title">既定の経路に使用</string> + <string name="custom_route_message">カスタム経路を入力します。宛先のみをCIDR形式で指定します。例えば \"10.0.0.0/8 2002::/16\"と指定すれば10.0.0.0/8と2002::/16への通信はVPNに向けられます。</string> + <string name="custom_routes_title">カスタム経路情報</string> + <string name="log_verbosity_level">ログの詳細度</string> + <string name="float_summary">認証済みパケットをどのIPからでも受け付けます。</string> + <string name="float_title">フローティング サーバーを許可</string> + <string name="custom_options_title">カスタム オプション</string> + <string name="edit_vpn">VPN 設定の編集</string> + <string name="remove_vpn_query">VPN プロファイル %s を削除しますか?</string> + <string name="tun_error_helpful">いくつかのカスタムICSイメージは、/dev/tunのパーミッションが異常か、TUNモジュールが含まれていません。CM9イメージの場合は全般設定で所有権設定を修正してください。</string> + <string name="tun_open_error">TUNデバイスを開こうとして失敗しました。</string> + <string name="error">"エラー:"</string> + <string name="clear">クリア</string> + <string name="info">情報</string> + <string name="show_connection_details">接続の詳細を表示</string> + <string name="last_openvpn_tun_config">OpenVPNから設定した最後のインターフェイス:</string> + <string name="local_ip_info">ローカル IPv4: %1$s/%2$d IPv6: %3$s MTU: %4$d</string> + <string name="dns_server_info">DNS サーバー: %s</string> + <string name="dns_domain_info">DNS ドメイン: %s</string> + <string name="routes_info">経路:%s</string> + <string name="routes_info6">経路 IPv6:%s</string> + <string name="ip_not_cidr">インターフェース情報として[%1$s]と[%2$s]を取得しました。2つめのアドレスはリモート側のピアアドレスです。32ビットマスクをローカルIPに使用します。 OpenVPNのモードは[%3$s]です。</string> + <string name="route_not_cidr">%1$sと%2$sではCIDR形式のIP経路情報として意味をなしません。32ビットマスクを使用します。</string> + <string name="route_not_netip">経路情報%1$s/%2$sを%3$s/%2$sに修正しました。</string> + <string name="keychain_access">Androidの証明書管理にアクセスできません。(ファームウェアの更新、アプリケーションまたはその設定のリストアによって発生する場合があります)。VPNの設定で証明書の選択を再度行ってください。</string> + <string name="version_info">%1$s %2$s</string> + <string name="send_logfile">ログ ファイルを送信します。</string> + <string name="send">送信</string> + <string name="ics_openvpn_log_file">ICS OpenVPN ログ ファイル</string> + <string name="copied_entry">クリップ ボードにコピーされたログ エントリ</string> + <string name="tap_mode">TAPモード</string> + <string name="faq_tap_mode">TAPモードは非root化環境では動作しません。よってこのアプリケーションではTAPをサポートできません。</string> + <string name="tap_faq2">またですか?TAPモードはサポートされていませんし、サポートされるかどうかメールを送ることは何の役にも立ちません。</string> + <string name="tap_faq3">3回目です。本当のところ、TUN上で動くレイヤ2エミュレータを書くことはできました。(送信時の情報追加と受信時の情報削除で)。しかしこのエミュレータはARPやおそらくはDHCPをも実装しなければならないでしょう。誰もこのことに気がついていません。もしあなたがこの機能を作る気になったのであれば、どうぞ私に連絡してください。 +</string> + <string name="faq">よくある質問</string> + <string name="faq_summary">よくある質問といくつかのアドバイス</string> + <string name="copying_log_entries">ログ エントリのコピー</string> + <string name="faq_copying">1行のログエントリをコピーするには、そのエントリをタッチし続けます。コピー/送信するには「ログエントリを送信」を使用します。GUIで表示されない場合はハードウェアのメニューボタンを使用してください。</string> + <string name="faq_shortcut">起動ショートカット</string> + <string name="faq_howto_shortcut">OpenVPNを起動するためのショートカットをデスクトップに配置できます。ショートカットやウィジェットを配置できるかどうかはホームスクリーンプログラムに依存します。</string> + <string name="no_vpn_support_image">申し訳ありませんが、お使いの環境ではVPNサービスがサポートされていません。</string> + <string name="encryption">暗号化</string> + <string name="cipher_dialog_title">暗号化方式を入力</string> + <string name="chipher_dialog_message">OpenVPNに使用する暗号キーを入力してください。デフォルト値を使用する場合は空欄にしてください。</string> + <string name="settings_auth">認証/暗号化</string> + <string name="file_explorer_tab">ファイルを選択</string> + <string name="inline_file_tab">インライン ファイル</string> + <string name="import_file">インポート</string> + <string name="error_importing_file">ファイルのインポート エラー</string> + <string name="import_error_message">ファイルシステムからファイルをインポートできませんでした。</string> + <string name="inline_file_data">[インライン ファイル データ]</string> + <string name="opentun_no_ipaddr">IP情報なしでのTUNデバイス使用は拒否しています</string> + <string name="menu_import">OVPNファイルからプロファイルをインポート</string> + <string name="menu_import_short">インポート</string> + <string name="import_content_resolve_error">インポートするプロファイルを読み取れませんでした。</string> + <string name="error_reading_config_file">構成ファイルの読み取りエラー</string> + <string name="add_profile">プロファイルの追加</string> + <string name="trying_to_read">ファイルを読み取ろうとしています: %1$s</string> + <string name="import_could_not_open">インポートされた構成ファイルに記載されたファイル %1$s が見つかりません。</string> + <string name="importing_config">構成ファイルを%1$sからインポートしています。</string> + <string name="import_warning_custom_options">いくつかの設定が解析されました。これらはカスタムオプションとして設定に追加されています。カスタムオプションは以下の通りです。</string> + <string name="import_done">構成ファイルの読み取り終了。</string> + <string name="nobind_summary">ローカル アドレスとポートにバインドを行いません。</string> + <string name="no_bind">ローカルバインドしない</string> + <string name="import_configuration_file">構成ファイルのインポート</string> + <string name="faq_security_title">セキュリティに関する考慮事項</string> + <string name="faq_security">OpenVPNがセキュリティに敏感であるように、セキュリティに関してのいくつかの注意事項は理にかなっています。 +SDカード上のデータは本質的に無防備です。すべてのアプリケーションが読み取り可能です。(たとえばこのプログラムはSDカードへの特別な読み取り許可を必要としていません) +このアプリケーションのデータは、自分自身のみが読み取り可能です。インポートされた証明書類はVPNプロファイルに保存されています。VPNプロファイルはこのアプリケーションからのみアクセス可能です。(あとでSDカード上のファイルを消すのを忘れないでください) +ただし、このアプリケーションからのみ読み取り可能ではあるものの、暗号化されてはいません。 +機体をroot化したり、あるいはその他の脆弱性によってファイルは読み取ることが可能かもしれません。パスワードは平文で保存されています。PKCS12ファイルをAndroidの証明書管理機能にインポートして使用することが強く推奨されます。</string> + <string name="import_vpn">インポート</string> + <string name="broken_image_cert_title">証明書の選択でエラーが表示されます</string> + <string name="broken_image_cert">Android 4.0以降の証明書選択ダイアログ表示で例外を検知しました。 +この事象は標準的なAndroid 4.0以降では発生しません。お使いのAndroidの証明書管理機構が壊れている可能性があります。</string> + <string name="ipv4">IPv4</string> + <string name="ipv6">IPv6</string> + <string name="speed_waiting">状態メッセージを待っています。</string> + <string name="converted_profile">インポートされたプロファイル</string> + <string name="converted_profile_i">インポートされたプロファイル %d</string> + <string name="broken_images">壊れたイメージ</string> + <string name="broken_images_faq"><p>HTCの公式OSイメージはトンネルにトラフィックを流せないという奇妙な経路問題を抱えています。(詳しくはバグトラッカーを参照 <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=18\">Issue 18</a>)</p> +<p>SONYの公式OSイメージのうちXperia arc SとXperia Rayでは、VPNServiceが含まれていないと報告されています。その他の公式OSイメージにも同様の影響があるかもしれません。(詳しくはバグトラッカーを参照 <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=29\">Issue 29</a>)</p> +<p>カスタムビルドのOSイメージの場合、TUNモジュールが含まれていなかったり、/dev/tunの権限が間違っていることがあります。いくつかのCM9のイメージでは全般設定で所有権の修正を行う必要があります。</p> +<p>最も重要なこと:もしおかしなOSイメージがあったら、製作者に問題を報告してください。より多くの人が問題を製作者に報告すれば、問題は修正されるでしょう。</p> +</string> + <string name="error_empty_username">ユーザ名を空に設定することはできません</string> + <string name="pkcs12_file_encryption_key">PKCS12ファイルの暗号化キー</string> + <string name="private_key_password">秘密鍵のパスワード</string> + <string name="password">パスワード</string> + <string name="file_icon">ファイルのアイコン</string> + <string name="tls_authentication">TLS認証</string> + <string name="generated_config">生成された構成</string> + <string name="generalsettings">全般設定</string> + <string name="owner_fix_summary">システムに/dev/tunの所有者を設定します。いくつかのCM9のイメージでVPNService APIを動作させるために必要です。root権限が必要です。</string> + <string name="owner_fix">/dev/tun の所有権を修正</string> + <string name="generated_config_summary">生成された OpenVPN の構成ファイルを表示します</string> + <string name="edit_profile_title">\"%S\"の編集</string> + <string name="building_configration">構成中・・・</string> + <string name="netchange_summary">この設定を有効にすると、ネットワークの状態変化時(WiFi/モバイル)に再接続を行います。</string> + <string name="netchange">ネットワーク変化時に再接続</string> + <string name="cert_from_keystore">\'%s\'の証明書をキーストアから読み出し</string> + <string name="netstatus">ネットワーク状態: %s</string> + <string name="extracahint">認証局証明書(CA cert)は、通常、Android のキーストアから返されます。証明書の検証でエラーになる場合は、個別の証明書を指定します。</string> + <string name="select_file">選択</string> + <string name="keychain_nocacert">認証局証明書(CA Cert)がAndroidのキーストアから取得できませんでした。認証はおそらく失敗します。</string> + <string name="show_log_summary">接続時にログウィンドウを表示します。ログウィンドウは常に状態通知からアクセスできます。</string> + <string name="show_log_window">ログウィンドウを表示</string> + <string name="keppstatus_summary">トラフィック統計を表示するために、接続中は状態通知を表示し続ける</string> + <string name="keepstatus">トラフィック統計を表示</string> + <string name="mobile_info">実行中:%1$s (%2$s)%3$s Android API %4$d</string> + <string name="error_rsa_sign">Androidキーストアに保存されたキー %1$s: %2$sの署名エラーです</string> + <string name="faq_system_dialogs">VPN接続の警告は、このアプリケーションがVPNService APIを悪用してすべての通信を傍受できることを、システムがあなたに知らせるものです。\n +VPN接続通知(鍵の形)は、VPN接続が稼働中であることをAndroidが知らせています。いくつかのシステムではこの通知で音を鳴らします。\n +Androidはあなた自身の安全性のために、これらを迂回できないようにしています。(いくつかのシステムでは、遺憾ながら音も伴います)</string> + <string name="faq_system_dialogs_title">接続時の警告と通知音</string> + <string name="translationby">日本語翻訳 高橋正希@埼玉 <tools@artin.nu></string> + <string name="ipdns">IPとDNS</string> + <string name="basic">基本</string> + <string name="routing">経路設定</string> + <string name="obscure">特殊なOpenVPNの設定。通常は必要ありません</string> + <string name="advanced">高度</string> + <string name="export_config_title">ICSのOpenVPN設定</string> + <string name="warn_no_dns">使用されている DNS サーバーはありません。名前解決は動作しません。DNSサーバーの設定を見直してください。</string> + <string name="dns_add_error">DNSサーバ \"%1$s\" の追加に失敗しました。%2$sに拒否されました。</string> + <string name="faq_howto"><p>動作確認済の設定ファイルを入手します。(あなたのコンピュータでテスト済のものや、プロバイダや会社などの組織からダウンロードしたもの)</p> +<p>もしそれが単一のファイルでpemやpks12ファイルを伴わないなら、自分宛のメールに添付して送付し、それを開いてください。もし複数のファイルで構成されているならSDカードに格納してください。</p> +<p>メールの添付ファイルを開く、あるいはVPNリストのフォルダアイコンをクリックして設定ファイルをインポートします。</p> +<p>もしファイルが足りないというエラーが表示されたら、足りなかったファイルをSDカード上に格納してください。</p> +<p>インポートされたVPN設定をリストに追加するには、保存アイコンをクリックします。</p> +<p>VPNを接続するには、VPNの名称をクリックします。</p> +<p>もし警告やエラーがログエントリに表示されたら、それらを調べて解決してください。</p> +</string> + <string name="faq_howto_title">クイックスタート</string> + <string name="setting_loadtun_summary">接続の試行前にTUNデバイスモジュール(tun.ko)を読み込みます。デバイスのroot化が必要です。</string> + <string name="setting_loadtun">TUNモジュールをロード</string> + <string name="importpkcs12fromconfig">PKCS12の設定をAndroidのキーストアにインポートします</string> + <string name="getproxy_error">プロキシ設定でエラー: %s</string> + <string name="using_proxy">プロキシを使用します %1$s %2$d</string> + <string name="use_system_proxy">システムのプロキシ設定を使用</string> + <string name="use_system_proxy_summary">システム全体の構成の HTTP/HTTPS プロキシ接続を使用します。</string> + <string name="donatewithpaypal">以下のURLより寄付いただけます。 <a href=\"https://www.paypal.com/cgi-bin/webscr?hosted_button_id=R2M6ZP9AF25LS&amp;cmd=_s-xclick\">PayPalで寄付</a> </string> + <string name="onbootrestartsummary">OpenVPNはシステムの再起動やシャットダウン時に再接続するようになります。このオプションを使用する前にFAQをご一読ください。</string> + <string name="onbootrestart">システム起動後に再接続</string> + <string name="ignore">無視</string> + <string name="restart">再起動</string> + <string name="restart_vpn_after_change">設定の変更はVPNの再起動後に反映されます。VPNを(再)起動しますか?</string> + <string name="configuration_changed">設定が変更されました</string> + <string name="log_no_last_vpn">編集されたため、最後に接続したプロファイルを確認できませんでした +</string> + <string name="faq_duplicate_notification_title">重複した通知</string> + <string name="faq_duplicate_notification">もしAndroidがメモリ不足に陥った場合、その時点で必要とされないアプリケーションやサービスはアクティブなメモリから排除されます。 +この処理に伴い、VPN接続は終了されます。 +OpenVPNの接続を保証するためには、アプリケーションを高い優先度で稼働させます。 +高い優先度でアプリケーションを稼働させる場合、アプリケーションは通知を表示しなければなりません。 +鍵の形をした通知アイコンは、先述のFAQにあるとおりシステムにより表示させられたものです。 +高い優先度で稼働するための通知はアプリケーションの通知には含まれません。</string> + <string name="no_vpn_profiles_defined">VPNのプロファイルが定義されていません</string> + <string name="add_new_vpn_hint">新しいVPNを追加するには <img src=\"ic_menu_add\"/> のアイコンを使用します</string> + <string name="vpn_import_hint">SDカードからプロファイル(.ovpnや.conf)をインポートするには <img src=\"ic_menu_archive\"/> のアイコンを使用します。</string> + <string name="faq_hint">FAQを確認してください。クイックスタートガイドがあります。</string> + <string name="correcttls">リモートTLSをOpenVPN 2.2形式から2.3形式に変換します</string> + <string name="faq_routing_title">経路情報/インターフェース設定</string> + <string name="faq_routing">経路設定とインターフェース設定は伝統的なifconfig/routeコマンドでは行われず、VPNService APIを使用して行われます。 +この結果は、ほかのOSの経路設定とは異なります。 +設定はトンネルのIPのみで成立し、ネットワークへの経路設定はこのインターフェースを通して行われます。 +とりわけ、ピアパートナーやゲートウェイアドレスを必要としません。 +VPNサーバへの特別な経路(たとえばリダイレクトゲートウェイ)は必要ありません。 +従って、OpenVPNは設定のインポート時に、これらの設定を無視します。 +VPNService APIを使用してサーバに接続するアプリケーションはVPNトンネルを経路設定していなくても保証されます。 +トンネルを指定しないその他の経路設定はサポートされません。(たとえば route x.x.x.x y.y.y.y net_gateway) +ログウィンドウの情報表示ボタンは、現在のVPNServiceのネットワーク設定を表示します。</string> + <string name="persisttun_summary">OpenVPNが再接続試行中は、VPNなし状態を報告しません。</string> + <string name="persistent_tun_title">永続的なTUNデバイス</string> + <string name="translation">翻訳</string> + <string name="openvpn_log">OpenVPN のログ</string> + <string name="import_config">OpenVPN の構成のインポート</string> + <string name="battery_consumption_title">バッテリー消費量</string> + <string name="baterry_consumption">私の個人的な検証では、OpenVPNの高いバッテリ消耗の主要因はkeepaliveパケットです。 +大半のOpenVPNサーバは\'keepalive 10 60\'のような設定を持っており、これは10秒ごとにクライアントとサーバで相互にkeepaliveパケットを送ることを意味します。 +<p> これらのパケットは小さく、大きな帯域は要しませんが、通信機能を稼働させ続け電力消費を増大させます。 +<p> このkeepaliveの設定はクライアント側からは変更できません。システム管理者のみがOpenVPNの設定を変更できます。 +<p> 残念ながら60秒より大きなkeepaliveの間隔は、いくつかのNATゲートウェイにおいては接続状態が維持できずそれより短い間隔でタイムアウトします。(私の検証では60秒) +TCPモードと長めのkeepaliveタイムアウトは動作しますが、しかしTCP over TCP問題を引き起こします。(<a href=\"http://sites.inka.de/bigred/devel/tcp-tcp.html\">TCP over TCPは何故悪いのか</a>を参照) +</string> + <string name="faq_tethering">Androidのテザリング機能(WiFi, USB, Bluetooth経由)とVPNService API(このプログラムから使用する機能)は同時に利用できません。詳細については<a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=34\">issue #34</a>を参照</string> + <string name="vpn_tethering_title">VPN とテザリング</string> + <string name="connection_retries">接続の再試行</string> + <string name="reconnection_settings">再接続の設定</string> + <string name="connectretrymessage">再接続を試行する際の間隔(秒)</string> + <string name="connectretrywait">接続間隔(秒)</string> + <string name="minidump_generated">OpenVPN は予期せず終了しました。メイン メニューでミニダンプの送信オプションを検討してください。</string> + <string name="send_minidump">ミニダンプを開発者に送信</string> + <string name="send_minidump_summary">最後にクラッシュした時のデバッグ情報を作者に送信します。</string> +</resources> diff --git a/res/values-ko/strings.xml b/res/values-ko/strings.xml index a1099152..957df8e2 100755 --- a/res/values-ko/strings.xml +++ b/res/values-ko/strings.xml @@ -224,4 +224,9 @@ <string name="faq_routing">라우팅과 인터페이스 설정은 일반적인 ifconfig/route 명령어를 사용하지 않고 VPNService API를 사용합니다. 그 결과 타 OS들과 비교해 다른 라우팅 설정이 요구됩니다. 설정은 터널 인터페이스의 IP와 이 인터페이스로 라우팅이 되야되는 네트워크만으로 이루어 저야 합니다. 특히 피어 파트너 주소 또는 게이트웨이 주소는 요구되지 않습니다. VPN 서버에 도달하기 위한 특별한 라우트 (예를 들어 redirect-gateway를 사용할때 추가하는 경우) 역시 필요하지 않습니다. 따라서 응용프로그램 설정을 가져올 때 이러한 설정을 무시 합니다. 앱은 VPNService API를 사용하여 서버와의 연결이 VPN 터널을 통해 라우팅 되지 않도록 합니다. 터널을 통해 라우팅이 되야되는 네트워크만 지정할 수 있음으로 터널을 통하지 않는 추가 라우팅 기능도 지원하지 않습니다. (예: route x.x.x.x y.y.y.y net_gateway). 로그 위도우에 정보 보기 버튼은 VPNService 네트워크 설정의 현재 설정을 표시 합니다.</string> <string name="persisttun_summary">OpenVPN을 다시 연결 하는 경우 VPN 연결 없음으로 표기하지 마십시오.</string> <string name="persistent_tun_title">tun 유지</string> + <string name="translation">번역</string> + <string name="openvpn_log">OpenVPN 로그</string> + <string name="import_config">OpenVPN 설정 가져오기</string> + <string name="battery_consumption_title">배터리 소모</string> + <string name="baterry_consumption">내 개인적인 테스트에서 Openvpn의 높은 배터리 소비에 대한 주요 이유는 keepalive 패킷 때문이었습니다. 대부분의 OpenVPN 서버 설정에는 \'keepalive 10 60\' 와 같은 문구가 있는데 이는 클라이언트에서 서버로 서버에서 클라이언트로 keepalive 패킷을 10 초 마다 보냅니다. <p> 이러한 패킷은 작고 많은 트래픽을 사용 하지 않습니다만 이들은 모바일 라디오 네트워크를 계속 유지하게 만들게되고 따라서 에너지 소비를 증가 합니다. <p>이 keepalive 설정을 클라이언트에서 변경할 수 없습니다. OpenVPN의 시스템 관리자만 설정을 변경할 수 있습니다. <p> 불행히도 udp를 사용할때 keepalive값을 60초 이상으로 하면 짧은 만료기간 (제 테스트의 경우 60초) 후 연결을 종료 하는 NAT 게이트웨이들과 사용시 문제가 있습니다. TCP와 긴 keepalive 만료기간을 함께 사용할 수는 있지만 이런경우에는 TCP TCP 문제에 노출될 수 있습니다. (참조 <a href=\"http://sites.inka.de/bigred/devel/tcp-tcp.html\">왜 TCP를 통한 TCP는 안좋은 방법인지</a>)</string> </resources> diff --git a/res/values-nl/arrays.xml b/res/values-nl/arrays.xml new file mode 100755 index 00000000..9be2a9d4 --- /dev/null +++ b/res/values-nl/arrays.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<!--Generated by crowdin.net--> +<resources> + <string-array name="vpn_types"> + <item>Certificaten</item> + <item>PKCS12 Bestand</item> + <item>Android Certificaat</item> + <item>Gebruikersnaam/Wachtwoord</item> + <item>Statische Sleutels</item> + <item>Gebruiker/WW + Certificaten</item> + <item>Gebruiker/WW + PKCS12 </item> + <item>Gebruiker/WW + Android</item> + </string-array> + <string-array name="tls_directions_entries"> + <item>0</item> + <item>1</item> + <item>Niet-gespecificeerd</item> + </string-array> + <string-array name="verb_entries"> + <item>0 - Geen logboek</item> + <item>1 - Standaard logboek</item> + <item>2 - Uitgebreid logboek</item> + <item>3</item> + <item>4</item> + <item>5 - Debug logboek</item> + </string-array> +</resources> diff --git a/res/values-nl/strings.xml b/res/values-nl/strings.xml new file mode 100755 index 00000000..5403ae06 --- /dev/null +++ b/res/values-nl/strings.xml @@ -0,0 +1,108 @@ +<?xml version="1.0" encoding="utf-8"?> +<!--Generated by crowdin.net--> +<resources> + <string name="app">OpenVPN voor Android</string> + <string name="address">Server Adres:</string> + <string name="port">Server Poort:</string> + <string name="location">Locatie</string> + <string name="select">Selecteer</string> + <string name="cancel">Annuleer</string> + <string name="no_data">Geen Gegevens</string> + <string name="useLZO">LZO Compressie</string> + <string name="client_no_certificate">Geen Certificaat</string> + <string name="client_certificate_title">Client Certificaat</string> + <string name="client_key_title">Client Certificaat Sleutel</string> + <string name="client_pkcs12_title">PKCS12 Bestand</string> + <string name="ca_title">CA Certificaat</string> + <string name="about">Over</string> + <string name="about_summary">Over OpenVPN voor Android</string> + <string name="vpn_list_summary">Lijst van alle geconfigureerde VPN verbindingen</string> + <string name="vpn_list_title">VPN Profielen</string> + <string name="vpn_type">Type</string> + <string name="pkcs12pwquery">PKCS12 Wachtwoord</string> + <string name="file_select">Selecteer…</string> + <string name="useTLSAuth">Gebruik TLS autentificatie</string> + <string name="tls_direction">TLS Richting</string> + <string name="ipv6_dialog_tile">Voer een IPv6 Adres/Netmask in met het CIDR Formaat (v.b. 2000:dd::23/64)</string> + <string name="ipv4_dialog_title">Voer een IPv4 Adres/Netmask in met het CIDR Formaat (v.b. 1.2.3.4/24)</string> + <string name="ipv4_address">IPv4 Adres</string> + <string name="ipv6_address">IPv4 Adres</string> + <string name="auth_username">Gebruikersnaam</string> + <string name="auth_pwquery">wachtwoord</string> + <string name="configure_the_vpn">VPN configureren</string> + <string name="menu_add_profile">Profiel toevoegen</string> + <string name="add_profile_name_prompt">Voer een naam in voor het nieuwe Profiel</string> + <string name="profilename">Profiel name</string> + <string name="no_error_found">Geen fout.</string> + <string name="config_error_found">Fout in de configuratie</string> + <string name="vpn_shortcut">Open VPN shortcut</string> + <string name="vpn_launch_title">Met VPN verbinden</string> + <string name="shortcut_profile_notfound">Het profiel zoals aangegeven in de snelkoppeling kon niet gevonden worden.</string> + <string name="random_host_prefix">Willekeurig Host Voorvoegsel</string> + <string name="random_host_summary">Voegt 6 willekeurige tekens toe voor de hostname</string> + <string name="custom_config_title">Eigen configuratie opties</string> + <string name="custom_config_summary">Geef je eigen configuratieopties aan. Wees voorzichtig!</string> + <string name="route_rejected">Route geweigert door Android</string> + <string name="cancel_connection">Verbinding verbreken</string> + <string name="clear_log">logboek wissen</string> + <string name="title_cancel">Annuleer bevestiging</string> + <string name="cancel_connection_query">Sluit de verbonden VPN af/annuleer de verbindingspoging?</string> + <string name="remove_vpn">VPN wissen</string> + <string name="check_remote_tlscert">Checkt of de server een TLS server certificaat gebruikt.</string> + <string name="remote_tlscn_check_title">Controleer Certificaat Hostname</string> + <string name="enter_tlscn_title">Externe Hostname(CN)</string> + <string name="tls_auth_file">TLS Auth Bestand</string> + <string name="pull_on_summary">Vraag IP adres, routes en timing opties van de server.</string> + <string name="use_pull">Pull Instellingen</string> + <string name="dns">DNS</string> + <string name="override_dns">DNS Instellingen van Server Overschrijven</string> + <string name="dns_override_summary">Gebruik eigen DNS Servers</string> + <string name="searchdomain">Zoekd domein</string> + <string name="dns1_summary">Primaire DNS server</string> + <string name="dns_server">DNS Server</string> + <string name="secondary_dns_message">Secundaire DNS server. Deze wordt gebruikt voor het geval dat de primaire DNS server niet bereikbaar is</string> + <string name="backup_dns">Backup DNS server</string> + <string name="ignored_pushed_routes">Negeer ontvangen routes</string> + <string name="ignore_routes_summary">Negeer routes ontvangen van de server.</string> + <string name="default_route_summary">Leid al het Verkeer over de VPN</string> + <string name="use_default_title">Gebruik standaard Route</string> + <string name="custom_routes_title">Eigen routes</string> + <string name="float_summary">Geverifieerde pakketen zijn vanuit elk IP toegestaan</string> + <string name="float_title">Zwevende server toestaan</string> + <string name="custom_options_title">Aangepaste Opties</string> + <string name="edit_vpn">VPN Instellingen Bewerken</string> + <string name="error">"Fout:"</string> + <string name="clear">Leeg maken</string> + <string name="info">info</string> + <string name="show_connection_details">Details van de verbinding weergeven</string> + <string name="last_openvpn_tun_config">Laatste interfaceconfiguratie van OpenVPN:</string> + <string name="local_ip_info">Lokaal IPv4: %1$s/%2$d IPv6: %3$s MTU: %4$d</string> + <string name="dns_server_info">DNS Server: %s</string> + <string name="dns_domain_info">DNS Domein: %s</string> + <string name="routes_info">Routes: %s</string> + <string name="routes_info6">Routes IPv6: %s</string> + <string name="version_info">%1$s %2$s</string> + <string name="send_logfile">Logboek verzenden</string> + <string name="send">Verzenden</string> + <string name="tap_mode">Tap mode</string> + <string name="faq_tap_mode">De VPN API van Android werkt zonder rooten van de telefoon en ondersteunt alleen de tun modus. Daarom is de tap modus niet mogelijk met deze app.</string> + <string name="import_configuration_file">configuratie bestand importeren</string> + <string name="faq_security_title">Beveiligingsoverwegingen</string> + <string name="import_vpn">Importeren</string> + <string name="broken_image_cert_title">Fout bij het weergeven van de certificaat selectie</string> + <string name="ipv4">IPv4</string> + <string name="ipv6">IPv6</string> + <string name="speed_waiting">Wachten op status bericht…</string> + <string name="converted_profile">Geïmporteerd profiel</string> + <string name="converted_profile_i">Geïmporteerd profiel %d</string> + <string name="broken_images">Niet Werkende Afbeeldingen</string> + <string name="error_empty_username">De gebruikersnaam moet niet leeg zijn.</string> + <string name="pkcs12_file_encryption_key">PKCS12 Bestand Encryptie Sleutel</string> + <string name="private_key_password">Privé Sleutel Wachtwoord</string> + <string name="password">Wachtwoord</string> + <string name="file_icon">bestands pictogram</string> + <string name="tls_authentication">TLS Verificatie</string> + <string name="generated_config">Gegenereerde Configuratie</string> + <string name="generalsettings">Algemene Instellingen</string> + <string name="ipdns">IP en DNS</string> +</resources> diff --git a/res/values-no/arrays.xml b/res/values-no/arrays.xml new file mode 100755 index 00000000..a5a6b76d --- /dev/null +++ b/res/values-no/arrays.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<!--Generated by crowdin.net--> +<resources> + <string-array name="vpn_types"> + <item>Sertifikater</item> + <item>PKCS12 fil</item> + <item>Android sertifikat</item> + <item>Brukernavn/passord</item> + <item>Statiske nøkler</item> + <item>Brukernavn/Passord + sertifikater</item> + <item>Brukernavn/Passord + PKCS12 </item> + <item>Brukernavn/Passord + Android</item> + </string-array> + <string-array name="tls_directions_entries"> + <item>0</item> + <item>1</item> + <item>Uspesifisert</item> + </string-array> + <string-array name="verb_entries"> + <item>0 - Ingen Logging</item> + <item>1 - Standard logging</item> + <item>2 - Mer detaljert logging</item> + <item>3</item> + <item>4</item> + <item>5 - feilsøke logging</item> + </string-array> +</resources> diff --git a/res/values-no/strings.xml b/res/values-no/strings.xml new file mode 100755 index 00000000..17ab1ac0 --- /dev/null +++ b/res/values-no/strings.xml @@ -0,0 +1,152 @@ +<?xml version="1.0" encoding="utf-8"?> +<!--Generated by crowdin.net--> +<resources> + <string name="app">OpenVPN for Android</string> + <string name="address">Server adresse:</string> + <string name="port">Server port:</string> + <string name="location">Plassering</string> + <string name="cant_read_folder">mappen kan ikke leses!</string> + <string name="select">velg</string> + <string name="cancel">Avbryt</string> + <string name="no_data">Ingen Data</string> + <string name="useLZO">LZO-komprimering</string> + <string name="client_no_certificate">Ingen sertifikat</string> + <string name="client_certificate_title">Klient sertifikat</string> + <string name="client_key_title">Klientsertifikat nøkkel</string> + <string name="client_pkcs12_title">PKCS12 fil</string> + <string name="ca_title">CA-sertifikat</string> + <string name="no_certificate">Ingenting er valgt</string> + <string name="copyright_guicode">Kildekoden og problemsporing er tilgjengelig under http://code.google.com/p/ics-openvpn/ </string> + <string name="copyright_others">Programmet bruker følgende komponenter. Se kilden for full informasjon om lisensene</string> + <string name="about">Om</string> + <string name="about_summary">Om OpenVPN for Android</string> + <string name="vpn_list_summary">Liste over alle konfigurerte VPN-tilkoblinger</string> + <string name="vpn_list_title">VPN-profiler</string> + <string name="vpn_type">Type</string> + <string name="pkcs12pwquery">PKCS12 passord</string> + <string name="file_select">Velg...</string> + <string name="file_nothing_selected">Ingenting valgt</string> + <string name="useTLSAuth">Bruke TLS-godkjenning</string> + <string name="tls_direction">TLS-retning</string> + <string name="ipv6_dialog_tile">Angi IPv6-adresse/nettmaske i CIDR format (f.eks 2000:dd::23/64)</string> + <string name="ipv4_dialog_title">Angi IPv6-adresse/nettmaske i CIDR format (f.eks 1.2.3.4/24)</string> + <string name="ipv4_address">IPv4-adresse</string> + <string name="ipv6_address">IPv6-adresse</string> + <string name="auth_username">Brukernavn</string> + <string name="auth_pwquery">Passord</string> + <string name="configure_the_vpn">Konfigurer VPN</string> + <string name="menu_add_profile">Legge til profil</string> + <string name="add_profile_name_prompt">Angi et navn som identifiserer den nye profilen</string> + <string name="duplicate_profile_name">Profilnavnet finnes allerde</string> + <string name="profilename">Profilnavn</string> + <string name="no_keystore_cert_selected">Ingen brukersertifikat er valgt.</string> + <string name="no_error_found">Ingen feil funnet</string> + <string name="config_error_found">Feil i konfigurasjonen</string> + <string name="ipv4_format_error">Kan ikke tolke IPv4-adressen</string> + <string name="custom_route_format_error">Kan ikke tolke de egendefinerte rutene</string> + <string name="vpn_shortcut">OpenVPN snarvei</string> + <string name="vpn_launch_title">Koble til VPN</string> + <string name="random_host_prefix">Tilfeldig vert prefiks</string> + <string name="custom_config_title">Aktiver egendefinerte valg</string> + <string name="cancel_connection">Koble fra</string> + <string name="clear_log">Tøm logg</string> + <string name="title_cancel">Avbryt bekreftelse</string> + <string name="remove_vpn">Fjern VPN</string> + <string name="tls_auth_file">TLS-Auth-fil</string> + <string name="dns">DNS</string> + <string name="dns_override_summary">Bruk din egen DNS-server</string> + <string name="dns1_summary">DNS-Server som skal brukes.</string> + <string name="dns_server">DNS-server</string> + <string name="use_default_title">Bruk standard rute</string> + <string name="custom_routes_title">Egendefinert rute</string> + <string name="log_verbosity_level">Detaljnivå for Logging</string> + <string name="custom_options_title">Egendefinerte valg</string> + <string name="edit_vpn">Rediger VPN-innstillinger</string> + <string name="remove_vpn_query">Fjerne VPN profilen %s?</string> + <string name="error">"Feil:"</string> + <string name="clear">Fjern</string> + <string name="info">info</string> + <string name="show_connection_details">Vis Tilkoblingsdetaljer</string> + <string name="dns_server_info">DNS-server: %s</string> + <string name="dns_domain_info">DNS-domene: %s</string> + <string name="routes_info">Ruter: %s</string> + <string name="version_info">%1$s %2$s</string> + <string name="send_logfile">Send loggfilen</string> + <string name="send">Send</string> + <string name="ics_openvpn_log_file">ICS OpenVPN loggfil</string> + <string name="tap_mode">Tap modus</string> + <string name="faq">FAQ</string> + <string name="faq_summary">Vanlige spørsmål og noen råd</string> + <string name="copying_log_entries">Kopier loggoppføringer</string> + <string name="faq_shortcut">Snarvei til start</string> + <string name="encryption">Kryptering</string> + <string name="cipher_dialog_title">Angi krypteringsmetode</string> + <string name="settings_auth">Autentisering/kryptering</string> + <string name="file_explorer_tab">Filutforsker</string> + <string name="import_file">Importer</string> + <string name="error_importing_file">Feil ved import av fil</string> + <string name="import_error_message">Kunne ikke importere filen fra filsystemet</string> + <string name="menu_import">Importer profil fra ovpn-fil</string> + <string name="menu_import_short">Importer</string> + <string name="import_content_resolve_error">Kan ikke lese profil for importering</string> + <string name="error_reading_config_file">Feil under lesing av config-filen</string> + <string name="add_profile">legg til profil</string> + <string name="trying_to_read">Forsøker å lese filen: %1$s</string> + <string name="import_could_not_open">Finner ikke filen %1$s nevnt i importert konfigurasjons fil</string> + <string name="importing_config">Importerer konfigurasjonsfilen fra kilde %1$s</string> + <string name="import_done">Ferdig med å lese konfigurasjons-filen.</string> + <string name="no_bind">Ingen lokale binding</string> + <string name="import_configuration_file">Importer konfigurasjonsfil</string> + <string name="faq_security_title">Sikkerhetsvurderinger</string> + <string name="import_vpn">Importer</string> + <string name="broken_image_cert_title">Feil ved visning av sertifikatvalg</string> + <string name="ipv4">IPv4</string> + <string name="ipv6">IPv6</string> + <string name="speed_waiting">Venter på tilstands melding...</string> + <string name="converted_profile">importert profil</string> + <string name="converted_profile_i">importert profilen %d</string> + <string name="broken_images">Ødelagte bilder</string> + <string name="error_empty_username">Brukernavnet kan ikke være tomt.</string> + <string name="pkcs12_file_encryption_key">PKCS12 Filkrypteringsnøkkel</string> + <string name="private_key_password">Privat nøkkel passord</string> + <string name="password">Passord</string> + <string name="file_icon">fil ikon</string> + <string name="tls_authentication">TLS-godkjenning</string> + <string name="generated_config">Generert konfigurasjon</string> + <string name="generalsettings">Generelle innstillinger</string> + <string name="owner_fix">Fiks eierskap av /dev/tun</string> + <string name="edit_profile_title">Rediger \"%s\"</string> + <string name="building_configration">Lager konfigurasjon...</string> + <string name="netchange">Koble til på nytt ved nettverks endring</string> + <string name="netstatus">Nettverksstatus: %s</string> + <string name="select_file">Velg</string> + <string name="show_log_window">Vis logg-vindu</string> + <string name="keepstatus">Vis trafikk-statistikk</string> + <string name="mobile_info">Kjører på %1$s (%2$s) %3$s, Android API %4$d</string> + <string name="translationby">Norsk oversettelse av Jonny</string> + <string name="ipdns">IP og DNS</string> + <string name="basic">Grunnleggende</string> + <string name="routing">Ruting</string> + <string name="advanced">Avansert</string> + <string name="export_config_title">ICS Openvpn konfigurasjon</string> + <string name="faq_howto_title">Hurtigstart</string> + <string name="setting_loadtun_summary">Prøv å laste tun.ko kjernemodul før tilkobling. Krever at enheten er rootet.</string> + <string name="setting_loadtun">Last tun modul</string> + <string name="getproxy_error">Feil ved henting av proxy-innstillinger: %s</string> + <string name="using_proxy">Bruker proxy %1$s %2$d</string> + <string name="use_system_proxy">Bruk systemet proxy</string> + <string name="use_system_proxy_summary">Bruk global systemkonfigurasjon for HTTP/HTTPS proxy for å koble til.</string> + <string name="donatewithpaypal">Du kan <a href=\"https://www.paypal.com/cgi-bin/webscr?hosted_button_id=R2M6ZP9AF25LS&amp;cmd=_s-xclick\">donere med PayPal</a> </string> + <string name="onbootrestart">Koble til på nytt ved restart</string> + <string name="ignore">Ignorer</string> + <string name="restart">Start på nytt</string> + <string name="configuration_changed">Konfigurasjon endret</string> + <string name="faq_duplicate_notification_title">Kopier varsler</string> + <string name="no_vpn_profiles_defined">Ingen VPN-profiler er definert.</string> + <string name="faq_routing_title">Ruting/grensesnitt-konfigurasjon</string> + <string name="persisttun_summary">Ikke gå tilbake til ingen VPN-tilkoblingen mens OpenVPN kobler til på nytt.</string> + <string name="translation">Oversettelse</string> + <string name="openvpn_log">OpenVPN Logg</string> + <string name="import_config">Importer OpenVPN konfigurasjon</string> + <string name="battery_consumption_title">Batteriforbruk</string> +</resources> diff --git a/res/values-ru/strings.xml b/res/values-ru/strings.xml index 32902e78..b21714a4 100755 --- a/res/values-ru/strings.xml +++ b/res/values-ru/strings.xml @@ -21,7 +21,7 @@ <string name="about">О программе</string> <string name="about_summary">Описание OpenVPN для Android</string> <string name="vpn_list_summary">Список всех туннелей VPN</string> - <string name="vpn_list_title">Конфигурации VPN</string> + <string name="vpn_list_title">Профили VPN</string> <string name="vpn_type">Тип</string> <string name="pkcs12pwquery">Пароль для PKCS12</string> <string name="file_select">Выбрать…</string> @@ -50,24 +50,27 @@ <string name="vpn_shortcut">Ярлык OpenVPN</string> <string name="vpn_launch_title">Подключиться к VPN</string> <string name="shortcut_profile_notfound">Не найден профиль, указанный в ярлыке</string> - <string name="random_host_prefix">Случайные префикс узла</string> + <string name="random_host_prefix">Случайный префикс узла</string> <string name="random_host_summary">Добавляет 6 случайных символов перед именем хоста</string> <string name="custom_config_title">Включить пользовательские параметры</string> <string name="custom_config_summary">Пользовательские параметры. Используйте с осторожностью!</string> <string name="route_rejected">Маршрут отвергнут Android</string> <string name="cancel_connection">Отключение</string> - <string name="clear_log">очистить лог</string> + <string name="clear_log">очистить журнал</string> <string name="title_cancel">Подтверждение отмены</string> <string name="cancel_connection_query">Отключение активных VPN/Отмена попыток подключения?</string> <string name="remove_vpn">Удалить VPN</string> <string name="check_remote_tlscert">Проверять, использует ли сервер сертификат TLS</string> - <string name="check_remote_tlscert_title">Исключить сервер TLS</string> + <string name="check_remote_tlscert_title">Исключить TLS на сервере</string> + <string name="remote_tlscn_check_summary">Проверка корневого сертификата сервера на основе строки-шаблона</string> <string name="remote_tlscn_check_title">Проверка имени хоста сертификата</string> + <string name="enter_tlscn_dialog">Введите шаблон для проверки. OpenVPN использует его как преффикс. \"Server\" будет соответствовать как \"Server-1\", так и \"Server-2\"\nоставьте пустым для проверки имени сервера на основе данных CA.</string> <string name="enter_tlscn_title">Удаленный хост (CN)</string> <string name="tls_key_auth">Включить аутентификацию по TLS ключу</string> <string name="tls_auth_file">Файл аутентификации TLS</string> <string name="pull_on_summary">Запрос IP-адреса, маршрутов и параметров от сервера.</string> <string name="pull_off_summary">Игнорировать все параметры сервера. Параметры должны быть указаны ниже.</string> + <string name="use_pull">Запрашивать параметры</string> <string name="dns">DNS</string> <string name="override_dns">Переопределить параметры DNS от сервера</string> <string name="dns_override_summary">Использовать ваши DNS</string> @@ -84,18 +87,26 @@ <string name="custom_routes_title">Пользовательские маршруты</string> <string name="log_verbosity_level">Уровень детализации лога</string> <string name="float_summary">Разрешить пакеты аутентификации с любого IP-адреса</string> + <string name="float_title">Разрешать \"плавающие\" сервера</string> <string name="custom_options_title">Пользовательские параметры</string> <string name="edit_vpn">Редактирование параметров VPN</string> <string name="remove_vpn_query">Удаление профиля VPN %s?</string> + <string name="tun_error_helpful">На некторых костомных сборках права на /dev/tun могут быть неверными или tun-модуль может быть не включен. Для прошивки CM9 можете попробовать исправить владельца прямо из настроек программы</string> <string name="tun_open_error">Открытие интерфейса tun окончилось неудачей.</string> <string name="error">"Ошибка: "</string> <string name="clear">Очистить</string> <string name="info">информация</string> <string name="show_connection_details">Показать подробности о подключении</string> + <string name="last_openvpn_tun_config">Последняя используемая конфигурация OpenVPN:</string> + <string name="local_ip_info">Адрес IPv4: %1$s/%2$d IPv6: %3$s MTU: %4$d</string> <string name="dns_server_info">DNS-сервер: %s</string> <string name="dns_domain_info">DNS-домен: %s</string> <string name="routes_info">Маршруты: %s</string> <string name="routes_info6">Маршруты IPv6: %s</string> + <string name="ip_not_cidr">Получена информация интерфейса %1$s и %2$s, второй адрес является удалённым адресом канала. Используется сетевая маска /32 для локального IP адреса. Режим, установленный OpenVPN: \"%3$s\".</string> + <string name="route_not_cidr">Невозможно использовать выражения %1$s и %2$s как маршрут по стандарту CIDR. используется /32 как маска подсети.</string> + <string name="route_not_netip">Маршрут исправлен с %1$s/%2$s на %3$s/%2$s</string> + <string name="keychain_access">Не удается получить доступ к хранилищу ключей и сертификатов Android. Это может быть вызвано обновлением прошивки или восстановления старой копии приложения или его настроек. Пожалуйста, отредактируйте профиль VPN и заново укажите ключи и сертификаты в разделе Основные параметры.</string> <string name="version_info">%1$s %2$s</string> <string name="send_logfile">Отправить файл журнала</string> <string name="send">Отправить</string> @@ -104,9 +115,11 @@ <string name="tap_mode">Режим TAP</string> <string name="faq_tap_mode">Режим TAP невозможен на устройствах без root-а. Поэтому это приложение не поддерживает TAP</string> <string name="tap_faq2">Снова? Вы издеваетесь? Не поддерживается режим TAP и просьбы к автору об этом не помогут ему реализоваться.</string> + <string name="tap_faq3">Третий раз? На самом деле можно было бы писать эмулятор tap, основанные на tun, который бы добавлял информацию 2 уровня при отправке и извлекал бы ее при получении. Но этот эмулятор потребует также ARP и, возможно, клиента DHCP. Я не знаю никого, кто мог бы этим заняться. Свяжитесь со мной, если вы хотите заняться этим.</string> <string name="faq">Вопросы и ответы</string> <string name="faq_summary">Часто задаваемые вопросы и некоторые советы</string> <string name="copying_log_entries">Копирование записей лога</string> + <string name="faq_copying">Для копирования одного элемента журнала необходимо нажать и удерживать. Для копирования/передачи всего файла журнала используйте опцию \"Отправить файл журнала\". Используйте hardware кнопку меню, если вы не в графическом интерфейсе.</string> <string name="faq_shortcut">Ярлык для запуска</string> <string name="faq_howto_shortcut">Вы можете поместить ярлык для запуска OpenVPN на рабочий стол. В зависимости от вашего окружения необходимо добавить ярлык или виджет.</string> <string name="no_vpn_support_image">Ваше изображение не поддерживает API VPNService, извините:(</string> @@ -131,16 +144,20 @@ <string name="importing_config">Импорт файла конфигурации из исходного %1$s</string> <string name="import_warning_custom_options">Ваша конфигурация имела несколько директив, которые не поняты программой. Эти директивы были добавлены в дополнительные параметры пользовательской конфигурации. Пользовательская конфигурация отображена ниже:</string> <string name="import_done">Файла конфигурации успешно прочитан.</string> + <string name="nobind_summary">Не привязываться к локальному адресу и порту</string> + <string name="no_bind">Не использовать привязки</string> <string name="import_configuration_file">Импорт файла конфигурации</string> <string name="faq_security_title">Соображения безопасности</string> <string name="import_vpn">Импорт</string> <string name="broken_image_cert_title">Ошибка вывода выбранного сертификата</string> + <string name="broken_image_cert">Произошла ошибка при попытке вызова системного диалога выбора сертификатов Android 4.0+ Этого не должно было случиться на стандартной прошивке. Может быть в вашей прошивке испорчено хранилище сертификатов</string> <string name="ipv4">IPv4</string> <string name="ipv6">IPv6</string> <string name="speed_waiting">Ожидание сообщения о состоянии…</string> <string name="converted_profile">импортируемый профиль</string> <string name="converted_profile_i">импортируемый профиль %d</string> <string name="broken_images">Нечитаемое изображение</string> + <string name="broken_images_faq"><p>Извествно, что официальные прошивки HTC имеют странные проблемы с марщрутизацией, вызванной тем, что трафик не идёт через тунель (см. также <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=18\">Issue 18</a> в баг-трекере)</p><p> Также сообщалось, что в официальных прошивках SONY от Xperia arc S и Xperia Ray полностью отсутствует сервис VPNService. Также и другие прошивки от Sony могут иметь такие же проблемы. (см. также <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=29\">Issue 29</a> в баг-трекере)</p><p>В некоторых встроенных прошивках модуль tun может отсутствовать или иметь не правильные права файла-устройства /dev/tun. Некоторые CM9 прошивки могут требовать исправлений опции прав в главных настройках.</p><p>Важная информация: Если у вас прошивка с указанными проблемами, сообщите об этом производителю устройства. Чем больше пользователей сообщит о проблеме производителю, тем более шансов, что этот производитель соизволит убрать свои косяки.</p></string> <string name="error_empty_username">Имя пользователя не должно быть пустым.</string> <string name="pkcs12_file_encryption_key">Файл PKCS12-ключа</string> <string name="private_key_password">Пароль закрытого ключа</string> @@ -149,27 +166,36 @@ <string name="tls_authentication">TLS-аутентификация</string> <string name="generated_config">Сгенерированая конфигурация</string> <string name="generalsettings">Общие параметры</string> + <string name="owner_fix_summary">Попытаться изменить владельца для /dev/tun. Некоторые прошивки CM9 требуют этого для корректной работы API OpenVPN. Требуется root.</string> + <string name="owner_fix">Исправить права для /dev/tun</string> <string name="generated_config_summary">Показать сгенерированный файл конфигурации OpenVPN</string> <string name="edit_profile_title">Правка \"%s\"</string> <string name="building_configration">Создание конфигурации…</string> <string name="netchange_summary">Включение этого параметра заставит переподключиться, если состояние сети изменения (WIFI с мобильного)</string> <string name="netchange">Переподключение при изменении сети</string> + <string name="cert_from_keystore">Получен сертификат \'%s\' из хранилища ключей</string> <string name="netstatus">Статус сети: %s</string> + <string name="extracahint">Сертификат CA обычно возвращается из хранилища Android Keystore. Укажите отдельный сертификат, если у вас возникли ошибки при проверке сертификата.</string> <string name="select_file">Выбрать</string> + <string name="keychain_nocacert">Не удалось получить CA из хранилища ключей Android. Аутентификация не удалась.</string> <string name="show_log_summary">Показывает окно журнала при подключении. Окно журнала всегда может быть доступно из панели уведомлений.</string> - <string name="show_log_window">Показать окно лога</string> - <string name="keppstatus_summary">Не закрывать окно с информацией о подключении после соединения для показа информации о траффике.</string> + <string name="show_log_window">Показать окно журнала</string> + <string name="keppstatus_summary">Не закрывать окно с информацией о подключении после соединения для вывода информации о трафике.</string> <string name="keepstatus">Показать статистику трафика</string> + <string name="mobile_info">Работает на %1$s (%2$s) %3$s, Android API %4$d</string> <string name="error_rsa_sign">Ошибка подписи с использованием ключа из хранилища Android %1$s: %2$s</string> + <string name="faq_system_dialogs">Предупреждение VPN соединения сообщает вам, что это приложение может перехватывать весь сетевой трафик, и сообщается системой предупреждений VPNService API.\nИзвещение о VPN соединении (символ \"Ключа\") также формируется системой Android для сигнализации исходящего VPN соединения. В некоторых прошивках это оповещение сопровождается сигналом.\nAndroid использует эти оповещения для вашей собственной безопасности и из нельзя обойти. (К сожалению, на некоторых прошивках также издается оповещение звуком)</string> <string name="faq_system_dialogs_title">Сообщение о подключении и звук уведомления</string> + <string name="translationby">Русский перевод от RusFox <horonitel@gmail.com></string> <string name="ipdns">IP-адрес и DNS</string> <string name="basic">Основные</string> <string name="routing">Маршрутизация</string> - <string name="obscure">Скрывать параметры OpenVPN. Обычно не требуется.</string> + <string name="obscure">Скрытые параметры OpenVPN. Обычно не требуются.</string> <string name="advanced">Расширенные</string> <string name="export_config_title">ICS Openvpn конфигурация</string> <string name="warn_no_dns">DNS-серверы не используются. Разрешение имен может не работать. Рассмотрите возможность указания DNS-серверов</string> <string name="dns_add_error">Не удалось добавить DNS-сервер \"%1$s\", отклонен системой: %2$s</string> + <string name="faq_howto"><p>Используйте готовую конфигурацию (протестированную на вашем компьютере или полученную от вашего провайдера)</p><p>Если это простой файл без pem/pks12 вы можете отправить его по email на свое устройство. Если же это несколько файлов, вы можете использовать их со своей карты памяти.</p><p>Просто кликните на .conf файл или выберите его с помощью меню в программе для импорта конфигурации</p><p>Если программа выдаст ошибку о нехватке некоторых файлов, просто поместите эти файлы на карту памяти</p><p>Нажмите кнопку сохранения для добавления импортируемой конфигурации в программу</p><p>Запустите ваш VPN-тоннель нажав на его название в списке</p><p>Если при запуске возникли ошибки попробуйте разобраться и устранить их.</p> </string> <string name="faq_howto_title">Быстрый старт</string> <string name="setting_loadtun_summary">Попробуйте загрузить модуль ядра tun.ko прежде чем пытаться подключиться. Требуется root-доступ на устройстве.</string> <string name="setting_loadtun">Загрузить tun-модуль</string> @@ -177,15 +203,28 @@ <string name="getproxy_error">Ошибка при получении параметров прокси-сервера: %s</string> <string name="using_proxy">Используется прокси-сервер %1$s %2$d</string> <string name="use_system_proxy">Использовать прокси-сервер системы</string> + <string name="use_system_proxy_summary">Использовать системную конфигурацию прокси HTTP/HTTPS для соединения.</string> + <string name="donatewithpaypal">Вы можете <a href=\"https://www.paypal.com/cgi-bin/webscr?hosted_button_id=R2M6ZP9AF25LS&amp;cmd=_s-xclick\">пожертвовать с PayPal</a> </string> + <string name="onbootrestartsummary">OpenVPN будет переподключаться, если он был активен в момент выключения/перезагрузки. Пожалуйста, прочтите FAQ перед тем, как использовать эту настройку.</string> <string name="onbootrestart">Переподключение после перезагрузки</string> <string name="ignore">Игнорировать</string> <string name="restart">Перезагрузка</string> <string name="restart_vpn_after_change">Изменения конфигурации применяются после перезапуска VPN. (Пере)запустить VPN теперь?</string> <string name="configuration_changed">Конфигурация изменена</string> + <string name="log_no_last_vpn">Не удалось определить последний используемый профиль для редактирования</string> <string name="faq_duplicate_notification_title">Дублирующиеся уведомления</string> + <string name="faq_duplicate_notification">Если в Android возникает нехватка оперативной памяти (RAM), ненужные службы и приложения останавливаются. Из-за этого прерывается установленное VPN-соединение. Чтобы избежать этого, приложение нужно запускать с повышенным приоритетом. Для запуска с высоким приоритетом приложение должно вывести предупреждение. The key notification icon is imposed by the system as described in the previous FAQ entry. It does not count as app notification for purpose of running with higher priority.</string> <string name="no_vpn_profiles_defined">Профили VPN не указаны.</string> + <string name="add_new_vpn_hint">Используйте <img src=\"ic_menu_add\"/> иконку для добавления нового VPN</string> + <string name="vpn_import_hint">Используйте <img src=\"ic_menu_archive\"/> кнопку для импорта существующих профилей (.ovpn or .conf) с вашей карты памяти.</string> <string name="faq_hint">Не забудьте заглянуть в FAQ. Также имеется краткое руководство.</string> <string name="correcttls">Преобразовать формат удаленного tls OpenVPN 2.2 в формат 2.3</string> <string name="faq_routing_title">Конфигурация маршрутизации/интерфейса</string> + <string name="faq_routing">Маршрутизация и конфигурация интерфейса не сделаны через традиционную ifconfig/route команду, а используют VPNService API. Это сделано по причине того, что конфигурирование маршрутизации отличаются в разных операционных системах. Конфигурация состоит только из IP интерфейса тунеллирования и сетей, которые должны маршрутизироваться через этот интерфейс. Особенно не требуется адрес канала (peer) или адрес шлюза. Специальные марщруты для достижения VPN сервера (для примера, добавленные, когда использован redirect-gateway) больше не требуются. Следовательно, приложение будет игнорировать эти установки при импорте конфигурации. Такое поведение с использованием VPNService API гарантирует, что соединение до сервера не будет маршрутизироваться в VPN тунель. Поскольку поддерживаются только такие сети, которые маршрутизируются через тунель, маршруты, которые не указывают на тунель, не могут поддерживаться (например route x.x.x.x y.y.y.y net_gateway). Кнопка \"Показать информацию\" в окне журнала показывает текущую сетевую конфигурацию VPNService.</string> + <string name="persisttun_summary">Не открывать диалог, когда происходит переподключение VPN.</string> <string name="persistent_tun_title">Стойкость tun</string> + <string name="translation">Перевод</string> + <string name="openvpn_log">OpenVPN Журнал</string> + <string name="import_config">Импорт конфигурации OpenVPN</string> + <string name="battery_consumption_title">Потребление батареи</string> </resources> diff --git a/res/values-zh-rCN/strings.xml b/res/values-zh-rCN/strings.xml index 730b2add..c6ea7198 100755 --- a/res/values-zh-rCN/strings.xml +++ b/res/values-zh-rCN/strings.xml @@ -5,7 +5,7 @@ <string name="address">服务器地址:</string> <string name="port">服务器端口:</string> <string name="location">地点</string> - <string name="cant_read_folder">无法读取文件夹!</string> + <string name="cant_read_folder">无法读取目录</string> <string name="select">选择</string> <string name="cancel">取消</string> <string name="no_data">无数据</string> @@ -15,7 +15,7 @@ <string name="client_key_title">客户端证书密钥</string> <string name="client_pkcs12_title">PKCS12 文件</string> <string name="ca_title">CA 证书</string> - <string name="no_certificate">无证书</string> + <string name="no_certificate">您必须选择一个证书</string> <string name="copyright_guicode">请前往 http://code.google.com/p/ics-openvpn/ 源码或提供问题反馈</string> <string name="copyright_others">本程序使用以下组件,请在 Licenses 查看源码获取更详细内容。</string> <string name="about">关于</string> @@ -25,26 +25,21 @@ <string name="vpn_type">类型</string> <string name="pkcs12pwquery">PKCS12 密码</string> <string name="file_select">选择</string> - <string name="file_nothing_selected">未选择任何项</string> + <string name="file_nothing_selected">您必须选择一个文件</string> <string name="useTLSAuth">使用 TLS 认证</string> <string name="tls_direction">TLS 方向</string> <string name="ipv6_dialog_tile">输入 CIDR 格式 IPv6 地址/子网掩码(例如:2000:dd::23/64)</string> <string name="ipv4_dialog_title">输入 CIDR 格式 IPv4 地址/子网掩码(例如:1.2.3.4/24)</string> <string name="ipv4_address">IPv4 地址</string> <string name="ipv6_address">IPv6 地址</string> - <string name="custom_option_warning">输入自定义 OpenVPN 选项</string> <string name="auth_username">用户名</string> <string name="auth_pwquery">密码</string> <string name="configure_the_vpn">配置 VPN</string> <string name="menu_add_profile">添加配置文件</string> <string name="add_profile_name_prompt">输入新配置文件名:</string> - <string name="duplicate_profile_name">配置文件名已存在</string> <string name="profilename">配置文件名</string> - <string name="no_keystore_cert_selected">未选用户证书。</string> <string name="no_error_found">未找到错误</string> <string name="config_error_found">配置有错误</string> - <string name="ipv4_format_error">无法解析 IPv4 地址</string> - <string name="custom_route_format_error">无法解析自定义路由</string> <string name="vpn_shortcut">OpenVPN 快捷方式</string> <string name="vpn_launch_title">连接到 VPN</string> <string name="shortcut_profile_notfound">未找到快捷方式中指定的配置文件</string> @@ -59,6 +54,7 @@ <string name="cancel_connection_query">断开已连接的 VPN / 取消连接尝试?</string> <string name="remove_vpn">删除 VPN</string> <string name="check_remote_tlscert">检查服务器是否使用 TLS 服务器证书</string> + <string name="remote_tlscn_check_title">证书主机名检查</string> <string name="enter_tlscn_title">远程主机名 (CN)</string> <string name="tls_key_auth">启用 TLS 密钥认证</string> <string name="tls_auth_file">TLS 认证文件</string> @@ -73,6 +69,7 @@ <string name="backup_dns">备用 DNS 服务器</string> <string name="ignored_pushed_routes">忽略推送路由</string> <string name="ignore_routes_summary">忽略服务器推送的路由</string> + <string name="default_route_summary">重定向所有流量到VPN</string> <string name="use_default_title">使用默认路由</string> <string name="custom_route_message">输入自定义路由。输入 CIDR 格式地址。</string> <string name="custom_routes_title">自定义路由</string> @@ -81,7 +78,6 @@ <string name="float_title">允许浮服务器</string> <string name="custom_options_title">自定义选项</string> <string name="edit_vpn">编辑 VPN 设置</string> - <string name="remove_vpn_query">删除 VPN 配置文件 %s 吗?</string> <string name="error">错误</string> <string name="clear">清除</string> <string name="info">信息</string> @@ -107,9 +103,11 @@ <string name="chipher_dialog_message">输入 OpenVPN 密钥。留空以使用默认密码</string> <string name="settings_auth">认证/加密</string> <string name="file_explorer_tab">文件浏览器</string> + <string name="inline_file_tab">内联文件</string> <string name="import_file">导入</string> <string name="error_importing_file">导入文件出错</string> <string name="import_error_message">无法导入文件系统文件</string> + <string name="inline_file_data">[[内联文件数据]]</string> <string name="menu_import">从 ovpn 文件中导入配置文件</string> <string name="menu_import_short">导入</string> <string name="import_content_resolve_error">无法读取要导入的配置文件</string> @@ -120,6 +118,7 @@ <string name="importing_config">从 %1$s 中导入配置文件</string> <string name="import_done">读取配置文件完成</string> <string name="nobind_summary">不关联到本地地址和端口</string> + <string name="no_bind">无本地绑定</string> <string name="import_configuration_file">导入配置文件</string> <string name="faq_security_title">安全注意</string> <string name="import_vpn">导入</string> @@ -129,6 +128,7 @@ <string name="speed_waiting">等待状态消息</string> <string name="converted_profile">已导入配置文件</string> <string name="converted_profile_i">已导入配置文件 %d</string> + <string name="broken_images">图像已损坏</string> <string name="error_empty_username">用户名不能为空。</string> <string name="pkcs12_file_encryption_key">PKCS12 文件加密密钥</string> <string name="private_key_password">私钥密码</string> @@ -153,15 +153,25 @@ <string name="routing">路由设置</string> <string name="obscure">其他 OpenVPN 设置,一般不需要修改。</string> <string name="advanced">高级设置</string> + <string name="export_config_title">ICS Openvpn 配置</string> <string name="faq_howto_title">快速入门</string> <string name="setting_loadtun_summary">尝试在连接之前加载 tun.ko 内核模块。需要 root 权限。</string> <string name="setting_loadtun">载入 tun 模块</string> <string name="importpkcs12fromconfig">将 PKCS12 导入 Android 密钥库</string> <string name="getproxy_error">获取代理设置时出错:%s</string> + <string name="using_proxy">使用代理 %1$s %2$d</string> + <string name="use_system_proxy">使用系统代理</string> <string name="onbootrestart">重启时重新连接</string> <string name="ignore">忽略</string> <string name="restart">重启</string> <string name="configuration_changed">配置已更改</string> + <string name="faq_duplicate_notification_title">重复的通知</string> + <string name="no_vpn_profiles_defined">没有定义 VPN 配置文件</string> + <string name="add_new_vpn_hint">使用 < img src =\"ic_menu_add\"/ > 图标以添加新的 VPN</string> <string name="persisttun_summary">当 OpenVPN 重连时,也一直使用 VPN 连接。</string> <string name="persistent_tun_title">保持 tun 通道</string> + <string name="translation">翻译</string> + <string name="openvpn_log">OpenVPN 日志</string> + <string name="import_config">导入 OpenVPN 配置文件</string> + <string name="battery_consumption_title">电池消耗</string> </resources> diff --git a/res/values-zh-rTW/arrays.xml b/res/values-zh-rTW/arrays.xml new file mode 100755 index 00000000..a2e9f209 --- /dev/null +++ b/res/values-zh-rTW/arrays.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<!--Generated by crowdin.net--> +<resources> + <string-array name="vpn_types"> + <item>證書</item> + <item>PKCS12檔案</item> + <item>Android證書</item> + <item>用戶名稱/密碼</item> + <item>固定金鑰(Static Keys)</item> + <item>用戶名稱/密碼 + 證書</item> + <item>用戶名稱/密碼 + PKCS12檔案</item> + <item>用戶名稱/密碼 + Android</item> + </string-array> + <string-array name="tls_directions_entries"> + <item>0</item> + <item>1</item> + <item>不指定</item> + </string-array> + <string-array name="verb_entries"> + <item>0 - 不作記錄</item> + <item>1 - 預設記錄</item> + <item>2 - 詳細記錄</item> + <item>3</item> + <item>4</item> + <item>5 - 除錯</item> + </string-array> +</resources> diff --git a/res/values-zh-rTW/strings.xml b/res/values-zh-rTW/strings.xml new file mode 100755 index 00000000..595f53ec --- /dev/null +++ b/res/values-zh-rTW/strings.xml @@ -0,0 +1,192 @@ +<?xml version="1.0" encoding="utf-8"?> +<!--Generated by crowdin.net--> +<resources> + <string name="app">OpenVPN for Android</string> + <string name="address">伺服器地址:</string> + <string name="port">伺服器端口:</string> + <string name="location">位置</string> + <string name="cant_read_folder">目法讀取檔案目錄</string> + <string name="select">選擇</string> + <string name="cancel">取消</string> + <string name="no_data">沒有資料</string> + <string name="useLZO">LZO壓縮</string> + <string name="client_no_certificate">沒有證書</string> + <string name="client_certificate_title">客戶端證書</string> + <string name="client_key_title">客戶端證書密碼</string> + <string name="client_pkcs12_title">PKCS12 檔案</string> + <string name="ca_title">CA證書</string> + <string name="no_certificate">您必須選擇一個憑證</string> + <string name="copyright_guicode">取得原始碼與個案追蹤,可上 http://code.google.com/p/ics-openvpn/</string> + <string name="copyright_others">本程序使用了以下元件,其作者和授權資訊如下</string> + <string name="about">關於</string> + <string name="about_summary">關於 OpenVPN for Android</string> + <string name="vpn_list_summary">列出所有已設置的VPN</string> + <string name="vpn_list_title">VPN設定檔</string> + <string name="vpn_type">類型</string> + <string name="pkcs12pwquery">PKCS12 密碼</string> + <string name="file_select">選擇…</string> + <string name="file_nothing_selected">你必須選擇一個檔案</string> + <string name="useTLSAuth">使用傳輸層防火牆(TLS-Auth)</string> + <string name="tls_direction">TLS方向</string> + <string name="ipv6_dialog_tile">以CIDR格式輸入IPv6地址/遮罩(例如 2000:dd::23/64)</string> + <string name="ipv4_dialog_title">以CIDR格式輸入IPv4地址/遮罩(例如 1.2.3.4/24)</string> + <string name="ipv4_address">IPv4地址</string> + <string name="ipv6_address">IPv6地址</string> + <string name="custom_option_warning">使用自訂的OpenVPN選項,請加倍緊慎。請注意因Android API限制,很多與Tun相關的OpenVPN設定皆無法正常使用。如果你認為我們遺忘了重要的OpenVPN選項,請向作者反映。</string> + <string name="auth_username">用戶名稱</string> + <string name="auth_pwquery">密碼</string> + <string name="configure_the_vpn">設定VPN</string> + <string name="menu_add_profile">新增設定檔</string> + <string name="add_profile_name_prompt">輸入新的設定檔名稱</string> + <string name="duplicate_profile_name">重複的設定檔名稱</string> + <string name="profilename">設定檔名稱</string> + <string name="no_keystore_cert_selected">你必須選取一個使用者證書</string> + <string name="no_error_found">未有找到錯誤</string> + <string name="config_error_found">設定中含有錯誤</string> + <string name="ipv4_format_error">解析IPv4地址時發生錯誤</string> + <string name="custom_route_format_error">解析自訂路由時發生錯誤</string> + <string name="vpn_shortcut">OpenVPN捷徑</string> + <string name="vpn_launch_title">連接到VPN</string> + <string name="shortcut_profile_notfound">在快捷方式找不到指定的設定檔</string> + <string name="random_host_prefix">隨機主機名稱字首</string> + <string name="random_host_summary">在主機名稱前加入6個隨機字符</string> + <string name="custom_config_title">啟用自訂選項</string> + <string name="custom_config_summary">自訂選項,使用時請小心!</string> + <string name="route_rejected">路由被Android拒絕</string> + <string name="cancel_connection">斷線</string> + <string name="clear_log">清除記錄檔</string> + <string name="title_cancel">確認取消</string> + <string name="remove_vpn">移除VPN</string> + <string name="check_remote_tlscert">檢查對方出示的是否TLS伺服器憑證</string> + <string name="check_remote_tlscert_title">預期對方出示TLS伺服器憑證</string> + <string name="remote_tlscn_check_summary">檢查遠端伺服器所出示的證書的CN欄位是否特定字串</string> + <string name="enter_tlscn_title">遠端主機名稱(CN)</string> + <string name="tls_key_auth">啟用傳輸層防火牆(TLS-Auth)</string> + <string name="tls_auth_file">TLS驗證檔</string> + <string name="pull_on_summary">向伺服器請求IP地址, 路由和時間資訊</string> + <string name="use_pull">接受設定推送(Pull)</string> + <string name="dns">DNS</string> + <string name="override_dns">忽略伺服器提供的DNS設定</string> + <string name="dns_override_summary">使用自訂的DNS伺服器</string> + <string name="searchdomain">搜索網域</string> + <string name="dns1_summary">要使用的DNS伺服器。</string> + <string name="dns_server">DNS伺服器</string> + <string name="secondary_dns_message">當主要DNS伺服器無法使用,就會嘗試備用DNS伺服器</string> + <string name="backup_dns">後備VPN伺服器</string> + <string name="ignored_pushed_routes">忽略伺服器推送的路由</string> + <string name="ignore_routes_summary">忽略從伺服器推送的路由。</string> + <string name="default_route_summary">重定向所有流量到VPN</string> + <string name="use_default_title">使用VPN作為預設閘道</string> + <string name="custom_route_message">以CIDR格式輸入目的地路由,例如\"10.0.0.0/8 2002::/16\",以上兩個路由將導向到VPN。</string> + <string name="custom_routes_title">自訂路由</string> + <string name="log_verbosity_level">記錄的詳細級別</string> + <string name="float_summary">只要能夠經過驗證,接受從任何IP地址而來的伺服器訊息</string> + <string name="float_title">容許浮動的伺服器</string> + <string name="custom_options_title">自訂選項</string> + <string name="edit_vpn">編輯VPN設定</string> + <string name="remove_vpn_query">要移除VPN設定檔 %s 嗎?</string> + <string name="tun_error_helpful">一些自訂的Android4.0 ROM存在/dev/tun的擁有者權限問題,甚至完全沒有Tun模組。CM9用家請嘗試於\"全域設置\"下修正Tun擁有者。</string> + <string name="tun_open_error">無法開啟Tun網絡介面</string> + <string name="error">"錯誤: "</string> + <string name="clear">清除</string> + <string name="info">資訊</string> + <string name="show_connection_details">顯示連線的詳細資訊</string> + <string name="local_ip_info">本地IPv4: %1$s/%2$d IPv6: %3$s MTU: %4$d</string> + <string name="dns_server_info">DNS伺服器: %s</string> + <string name="dns_domain_info">DNS網域: %s</string> + <string name="routes_info">路徑: %s</string> + <string name="routes_info6">IPv6路由: %s</string> + <string name="version_info">%1$s %2$s</string> + <string name="send_logfile">分享記錄檔</string> + <string name="send">分享</string> + <string name="ics_openvpn_log_file">ICS OpenVPN 記錄檔</string> + <string name="copied_entry">已將記錄複製到剪貼簿</string> + <string name="tap_mode">Tap模式</string> + <string name="faq_tap_mode">Android內置的VPN API並不支援Tap介面,故此本程序並不支援Tap模式。</string> + <string name="faq">FAQ</string> + <string name="faq_summary">經常會被問到的問題和一些建議</string> + <string name="copying_log_entries">複製記錄檔條目</string> + <string name="faq_shortcut">以快捷方式啟動</string> + <string name="no_vpn_support_image">你的Android ROM不支援VPN服務API,抱歉了。 :(</string> + <string name="encryption">加密</string> + <string name="cipher_dialog_title">輸入加密方法</string> + <string name="chipher_dialog_message">輸入OpenVPN加密方法,留空則使用預設</string> + <string name="settings_auth">驗證/加密</string> + <string name="file_explorer_tab">檔案瀏覽器</string> + <string name="inline_file_tab">內嵌檔案</string> + <string name="import_file">匯入</string> + <string name="error_importing_file">匯入過程中發生錯誤</string> + <string name="import_error_message">無法從檔案系統中匯入檔案</string> + <string name="inline_file_data"><內嵌於設定檔></string> + <string name="menu_import">匯入.ovpn檔案</string> + <string name="menu_import_short">匯入</string> + <string name="import_content_resolve_error">匯入過程中無法讀取設定檔</string> + <string name="error_reading_config_file">讀取設定檔時發生錯誤</string> + <string name="add_profile">新增設定檔</string> + <string name="trying_to_read">正嘗試讀取檔案: %1$s</string> + <string name="import_done">成功讀取設定檔</string> + <string name="nobind_summary">不要綁定本地地址和端口</string> + <string name="no_bind">沒有本地綁定</string> + <string name="import_configuration_file">匯入設定檔</string> + <string name="faq_security_title">保安上的考慮</string> + <string name="import_vpn">匯入</string> + <string name="ipv4">IPv4</string> + <string name="ipv6">IPv6</string> + <string name="speed_waiting">等待狀態訊息...</string> + <string name="error_empty_username">使用者名稱不能為空。</string> + <string name="pkcs12_file_encryption_key">PKCS12檔加密金鑰</string> + <string name="private_key_password">私密金鑰密碼</string> + <string name="password">密碼</string> + <string name="file_icon">檔案圖標</string> + <string name="tls_authentication">傳輸層防火牆(TLS Firewall)</string> + <string name="generated_config">生成的設定檔</string> + <string name="generalsettings">全域設置</string> + <string name="owner_fix_summary">嘗試修正/dev/tun擁有者權限。已知有些CM9 ROM需要透過這個來才能使得VPN服務API得以運作。本功能需要Root。</string> + <string name="owner_fix">修正 /dev/tun 的擁有者</string> + <string name="generated_config_summary">顯示本程序生成的設定檔</string> + <string name="edit_profile_title">正在編輯\"%s\"</string> + <string name="building_configration">正在生成設定檔…</string> + <string name="netchange_summary">當網絡狀況變更時強制重新連接(例如從WiFi變成手機網絡,反之亦然)</string> + <string name="netchange">網絡異動時重新連接</string> + <string name="netstatus">網絡狀態: %s</string> + <string name="select_file">選擇</string> + <string name="show_log_window">顯示記錄視窗</string> + <string name="keepstatus">顯示流量狀態</string> + <string name="mobile_info">於 %1$s (%2$s) %3$s 上運行, Android API 版本: %4$d</string> + <string name="faq_system_dialogs_title">連線警告和通知時發出音效</string> + <string name="translationby">繁體中文 由 羊羊@自由網絡研究中心 <sora8964@gmail.com> 翻譯</string> + <string name="ipdns">IP和DNS</string> + <string name="basic">基本</string> + <string name="routing">路由</string> + <string name="obscure">鮮為人知的OpenVPN設定,一般情況下不需要派上用場。</string> + <string name="advanced">進階</string> + <string name="export_config_title">ICS Openvpn 設定</string> + <string name="warn_no_dns">沒有任何DNS伺服器可用,可能無法進行網域名稱解析。請考慮設置自訂的DNS伺服器</string> + <string name="faq_howto_title">快速入門</string> + <string name="setting_loadtun_summary">在連線前嘗試載入Tun模組,需要Root。</string> + <string name="setting_loadtun">載入Tun模組</string> + <string name="getproxy_error">取得代理伺服器資訊時發生錯誤: %s</string> + <string name="using_proxy">使用代理伺服器 %1$s %2$d</string> + <string name="use_system_proxy">使用系統代理</string> + <string name="use_system_proxy_summary">使用系統配置的 HTTP/HTTPS 代理伺服器進行連接。</string> + <string name="donatewithpaypal">你可以透過 <a href=\"https://www.paypal.com/cgi-bin/webscr?hosted_button_id=R2M6ZP9AF25LS&amp;cmd=_s-xclick\">PayPal</a> 提供捐助</string> + <string name="onbootrestartsummary">如果在重新開機或關機前正連接VPN,開機時自動重新連接。在使用這個選項之前請先閱讀連線警告FAQ。</string> + <string name="onbootrestart">開機時重新連接</string> + <string name="ignore">忽略</string> + <string name="restart">重置</string> + <string name="restart_vpn_after_change">配置變更只會在重新啟動VPN時才生效,現在要(重新)啟動VPN嗎?</string> + <string name="configuration_changed">設定已變更</string> + <string name="faq_duplicate_notification_title">重複的通知</string> + <string name="faq_routing_title">路由/網絡介面 設定</string> + <string name="translation">翻譯</string> + <string name="openvpn_log">OpenVPN 運作記錄</string> + <string name="import_config">匯入 OpenVPN 配置</string> + <string name="battery_consumption_title">電池消耗</string> + <string name="vpn_tethering_title">VPN與可攜式無線基地台</string> + <string name="connection_retries">連線重試次數</string> + <string name="connectretrymessage">嘗試重新連線之間的等待秒數</string> + <string name="connectretrywait">重新連接間隔時間</string> + <string name="minidump_generated">OpenVPN非預期地崩潰,你或者會考慮在主選單下傳送Minidump給開發人員。</string> + <string name="send_minidump">向開發人員傳送Minidump</string> + <string name="send_minidump_summary">將最後一次崩潰的除錯資訊傳送給開發人員</string> +</resources> diff --git a/res/values/arrays.xml b/res/values/arrays.xml index b88e975e..4af8f90f 100644 --- a/res/values/arrays.xml +++ b/res/values/arrays.xml @@ -24,5 +24,11 @@ <item>4</item> <item>5 - Debug logging</item> </string-array> - + <string-array name="crm_entries" translatable="false"> + <item>No reconnection retries</item> + <item>One reconnection retry</item> + <item>Five reconnection retries</item> + <item>Fifty reconnection retries</item> + <item>Unlimited reconnection retries</item> + </string-array> </resources> diff --git a/res/values/strings.xml b/res/values/strings.xml index a0d1a4f0..ab629a00 100644..100755 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -1,10 +1,12 @@ <?xml version="1.0" encoding="utf-8"?> +<!-- Generated by crowdin.net --> <resources> + <string name="app">OpenVPN for Android</string> <string name="address">Server Address:</string> <string name="port">Server Port:</string> <string name="location">Location</string> - <string name="cant_read_folder">folder can\'t be read!</string> + <string name="cant_read_folder">Unable to read directory</string> <string name="select">Select</string> <string name="cancel">Cancel</string> <string name="no_data">No Data</string> @@ -14,9 +16,9 @@ <string name="client_key_title">Client Certificate Key</string> <string name="client_pkcs12_title">PKCS12 File</string> <string name="ca_title">CA Certificate</string> - <string name="no_certificate">Nothing selected</string> - <string name="copyright_guicode">Source code and issue tracker available under http://code.google.com/p/ics-openvpn/ </string> - <string name="copyright_others">The program uses the following components. See the source for full details on the licenses</string> + <string name="no_certificate">You must select a certificate</string> + <string name="copyright_guicode">Source code and issue tracker available at http://code.google.com/p/ics-openvpn/</string> + <string name="copyright_others">This program uses the following components; see the source code for full details on the licenses</string> <string name="about">About</string> <string name="about_summary">About OpenVPN for Android</string> <string name="vpn_list_summary">List of all configured VPNs</string> @@ -24,28 +26,28 @@ <string name="vpn_type">Type</string> <string name="pkcs12pwquery">PKCS12 Password</string> <string name="file_select">Select…</string> - <string name="file_nothing_selected">Nothing Selected</string> + <string name="file_nothing_selected">You must select a file</string> <string name="useTLSAuth">Use TLS Authentication</string> <string name="tls_direction">TLS Direction</string> <string name="ipv6_dialog_tile">Enter IPv6 Address/Netmask in CIDR Format (e.g. 2000:dd::23/64)</string> <string name="ipv4_dialog_title">Enter IPv4 Address/Netmask in CIDR Format (e.g. 1.2.3.4/24)</string> <string name="ipv4_address">IPv4 Address</string> <string name="ipv6_address">IPv6 Address</string> - <string name="custom_option_warning">Enter custom OpenVPN options. Use with great care. Also note that many of the tun related OpenVPN settings cannot be supported by design of the VPNSettings. If you think an important option is missing contact the author</string> + <string name="custom_option_warning">Enter custom OpenVPN options. Use with caution. Also note that many of the tun related OpenVPN settings cannot be supported by design of the VPNSettings. If you think an important option is missing contact the author</string> <string name="auth_username">Username</string> <string name="auth_pwquery">Password</string> - <string name="static_keys_info">For the static configuration the TLS Auth Keys will be used as static keys.</string> + <string name="static_keys_info">For the static configuration the TLS Auth Keys will be used as static keys</string> <string name="configure_the_vpn">Configure the VPN</string> <string name="menu_add_profile">Add Profile</string> <string name="add_profile_name_prompt">Enter a name identifying the new Profile</string> - <string name="duplicate_profile_name">Duplicate Profile Name</string> + <string name="duplicate_profile_name">Please enter a unique Profile Name</string> <string name="profilename">Profile Name</string> - <string name="no_keystore_cert_selected">No User certificate selected.</string> + <string name="no_keystore_cert_selected">You must select a User certificate</string> <string name="no_error_found">No error found</string> <string name="config_error_found">Error in Configuration</string> - <string name="ipv4_format_error">Cannot parse the IPv4 address</string> - <string name="custom_route_format_error">Cannot parse the custom routes</string> - <string name="pw_query_hint">Leave empty to query on demand</string> + <string name="ipv4_format_error">Error parsing the IPv4 address</string> + <string name="custom_route_format_error">Error parsing the custom routes</string> + <string name="pw_query_hint">(leave empty to query on demand)</string> <string name="vpn_shortcut">OpenVPN Shortcut</string> <string name="vpn_launch_title">Connect to VPN</string> <string name="shortcut_profile_notfound">Profile specified in shortcut not found</string> @@ -63,7 +65,7 @@ <string name="check_remote_tlscert_title">Except TLS Server</string> <string name="remote_tlscn_check_summary">Checks the Remote Server Certificate CN against a string</string> <string name="remote_tlscn_check_title">Certificate Hostname Check</string> - <string name="enter_tlscn_dialog">Enter the string against which the remote Server is checked. OpenVPN will use prefix matching. "Server" matches "Server-1" and "Server-2"\nLeave empty to check the CN against the server hostname.</string> + <string name="enter_tlscn_dialog">Enter the string against which the remote Server is checked. OpenVPN will use prefix matching. \"Server\" matches \"Server-1\" and \"Server-2\"\nLeave empty to check the CN against the server hostname.</string> <string name="enter_tlscn_title">Remote Hostname(CN)</string> <string name="tls_key_auth">Enables the TLS Key Authentication</string> <string name="tls_auth_file">TLS Auth File</string> @@ -82,16 +84,16 @@ <string name="ignore_routes_summary">Ignore routed pushed by the server.</string> <string name="default_route_summary">Redirects all Traffic over the VPN</string> <string name="use_default_title">Use default Route</string> - <string name="custom_route_message">Enter custom routes. Only enter destination in CIDR format. "10.0.0.0/8 2002::/16" would direct the networks 10.0.0.0/8 and 2002::/16 over the VPN.</string> + <string name="custom_route_message">Enter custom routes. Only enter destination in CIDR format. \"10.0.0.0/8 2002::/16\" would direct the networks 10.0.0.0/8 and 2002::/16 over the VPN.</string> <string name="custom_routes_title">Custom Routes</string> <string name="log_verbosity_level">Log verbosity level</string> <string name="float_summary">Allows authenticated packets from any IP</string> <string name="float_title">Allow floating server</string> <string name="custom_options_title">Custom Options</string> <string name="edit_vpn">Edit VPN Settings</string> - <string name="remove_vpn_query">Remove the VPN Profile %s?</string> + <string name="remove_vpn_query">Remove the VPN Profile \'%s\'?</string> <string name="tun_error_helpful">On some custom ICS images the permission on /dev/tun might be wrong, or the tun module might be missing completely. For CM9 images try the fix ownership option under general settings</string> - <string name="tun_open_error">Opening tun interface failed badly.</string> + <string name="tun_open_error">Failed to open the tun interface</string> <string name="error">"Error: "</string> <string name="clear">Clear</string> <string name="info">info</string> @@ -105,7 +107,7 @@ <string name="ip_not_cidr">Got interface information %1$s and %2$s, assuming second address is peer address of remote. Using /32 netmask for local IP. Mode given by OpenVPN is \"%3$s\".</string> <string name="route_not_cidr">Cannot make sense of %1$s and %2$s as IP route with CIDR netmask, using /32 as netmask.</string> <string name="route_not_netip">Corrected route %1$s/%2$s to %3$s/%2$s</string> - <string name="keychain_access">Cannot access the Android Keychain Certificates. (Can be caused by a firmware upgrade or by restoring a backup of the app/app settings). Please edit the VPN and reselect the certificate under basic settings to recreate the permission to access the certificate.</string> + <string name="keychain_access">Cannot access the Android Keychain Certificates. This can be caused by a firmware upgrade or by restoring a backup of the app/app settings. Please edit the VPN and reselect the certificate under basic settings to recreate the permission to access the certificate.</string> <string name="version_info">%1$s %2$s</string> <string name="send_logfile">Send log file</string> <string name="send">Send</string> @@ -113,15 +115,15 @@ <string name="copied_entry">Copied log entry to clip board</string> <string name="tap_mode">Tap Mode</string> <string name="faq_tap_mode">Tap Mode is not possible with the non root VPN API. Therefore this application cannot provide tap support</string> - <string name="tap_faq2">Again? Are you kidding? No tap mode is really not supported and sending more mail asking if it will be supported will not help.</string> - <string name="tap_faq3">A third time? Actually one could write a a tap emulator based on tun that would add layer2 information on send and strip layer2 information on receive. But this tap emulator would have to implement also ARP and possible a DHCP client. I am not aware of anybody doing any work in this direction. Contact me if you want to start coding on this.</string> + <string name="tap_faq2">Again? Are you kidding? No, tap mode is really not supported and sending more mail asking if it will be supported will not help.</string> + <string name="tap_faq3">A third time? Actually, one could write a a tap emulator based on tun that would add layer2 information on send and strip layer2 information on receive. But this tap emulator would also have to implement ARP and possibly a DHCP client. I am not aware of anybody doing any work in this direction. Contact me if you want to start coding on this.</string> <string name="faq">FAQ</string> <string name="faq_summary">Frequently asked questions and some advice</string> <string name="copying_log_entries">Copying log entries</string> <string name="faq_copying">To copy a single log entry press and and hold on the log entry. To copy/send the whole log use the Send Log option. Use the hardware menu button if not visible in the GUI.</string> <string name="faq_shortcut">Shortcut to start</string> <string name="faq_howto_shortcut">You can place a shortcut to start OpenVPN on your desktop. Depending on your homescreen program you have to add a shortcut or a widget.</string> - <string name="no_vpn_support_image">Your image does not support the VPNService API,sorry :(</string> + <string name="no_vpn_support_image">Your image does not support the VPNService API, sorry :(</string> <string name="encryption">Encryption</string> <string name="cipher_dialog_title">Enter encryption method</string> <string name="chipher_dialog_message">Enter the cipher key for OpenVPN. Leave empty to use default cipher</string> @@ -138,10 +140,9 @@ <string name="import_content_resolve_error">Could not read Profile to import</string> <string name="error_reading_config_file">Error reading config file</string> <string name="add_profile">add Profile</string> - <string name="trying_to_read">Trying to read file: %1$s</string> <string name="import_could_not_open">Could not find file %1$s mentioned in the imported config file</string> <string name="importing_config">Importing config file from source %1$s</string> - <string name="import_warning_custom_options">Your configuration had a few configuration options that could be parsed. These options were added as custom configuration options. The custom configuration is displayed below:</string> + <string name="import_warning_custom_options">Your configuration had a few configuration options that could not be parsed. These options were added as custom configuration options. The custom configuration is displayed below:</string> <string name="import_done">Done reading config file.</string> <string name="nobind_summary">Do not bind to local address and port</string> <string name="no_bind">No local binding</string> @@ -157,7 +158,7 @@ <string name="converted_profile">imported profile</string> <string name="converted_profile_i">imported profile %d</string> <string name="broken_images">Broken Images</string> - <string name="broken_images_faq"><p>Official HTC images are known to have a strange routing problem causing traffic not to flow through the tunnel (See also <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=18\">Issue 18</a> in the bug tracker.)</p><p>The official SONY images from Xperia arc S and Xperia Ray have been reported to be missing the VPNService completely from the image. Other Sony images may be affected as well. (See also <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=29\">Issue 29</a> in the bug tracker.)</p><p>On custom build images the tun module might be missing or the rights of /dev/tun might be wrong. Some CM9 images need the fix ownership option under general settings.</p><p>Most important: If you have a broken image, report it to your vendor. The more people report the issue to the vendor the more likely you will get a fix.</p></string> + <string name="broken_images_faq"><p>Official HTC images are known to have a strange routing problem causing traffic not to flow through the tunnel (See also <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=18\">Issue 18</a> in the bug tracker.)</p><p>The official SONY images from Xperia arc S and Xperia Ray have been reported to be missing the VPNService completely from the image. Other Sony images may be affected as well. (See also <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=29\">Issue 29</a> in the bug tracker.)</p><p>On custom build images the tun module might be missing or the rights of /dev/tun might be wrong. Some CM9 images need the fix ownership option under general settings.</p><p>Most important: If you have a broken image, report it to your vendor. The more people report the issue to the vendor the more likely you will get a fix.</p></string> <string name="error_empty_username">The username must not be empty.</string> <string name="pkcs12_file_encryption_key">PKCS12 File Encryption Key</string> <string name="private_key_password">Private Key Password</string> @@ -171,7 +172,7 @@ <string name="generated_config_summary">Shows the generated OpenVPN Configuration File</string> <string name="edit_profile_title">Editing \"%s\"</string> <string name="building_configration">Building configuration…</string> - <string name="netchange_summary">Turning this option on will force a reconnect if the network state is change (WIFI to/from mobile)</string> + <string name="netchange_summary">Turning this option on will force a reconnect if the network state is changed (e.g. WiFi to/from mobile)</string> <string name="netchange">Reconnect on network change</string> <string name="cert_from_keystore">Got certificate \'%s\' from Keystore</string> <string name="netstatus">Network Status: %s</string> @@ -180,14 +181,11 @@ <string name="keychain_nocacert">No CA Certificate returned while reading from Android keystore. Auhtentication will probably fail.</string> <string name="show_log_summary">Shows the log window on connect. The log window can always be accessed from the notification status.</string> <string name="show_log_window">Show log window</string> - <string name="keppstatus_summary">Keep the notification displayed after the connection is established to show traffic statistics.</string> - <string name="keepstatus">Show Traffic Statistics</string> <string name="mobile_info">Running on %1$s (%2$s) %3$s, Android API %4$d</string> <string name="error_rsa_sign">Error signing with Android keystore key %1$s: %2$s</string> <string name="faq_system_dialogs">The VPN connection warning telling you that this app can intercept all traffic is imposed by the system to prevent abuse of the VPNService API.\nThe VPN connection notification (The key symbol) is also imposed by the Android system to signal an ongoing VPN connection. On some images this notification plays a sound.\nAndroid introduced these system dialogs for your own safety and made sure that they cannot be circumenvented. (On some images this unfortunely includes a notifciation sound)</string> <string name="faq_system_dialogs_title">Connection warning and notification sound</string> - - <string name="translationby">English translation by Arne Schwabe<arne@rfc2549.org></string> + <string name="translationby">English translation by Arne Schwabe<arne@rfc2549.org></string> <string name="ipdns">IP and DNS</string> <string name="basic">Basic</string> <string name="routing">Routing</string> @@ -196,7 +194,7 @@ <string name="export_config_title">ICS Openvpn Config</string> <string name="warn_no_dns">No DNS servers being used. Name resolution may not work. Consider setting custom DNS Servers</string> <string name="dns_add_error">Could not add DNS Server \"%1$s\", rejected by the system: %2$s</string> - <string name="faq_howto"><p>Get a working config (tested on your computer or download from your provider/organisation)</p><p>If it is a single file no with no extra pem/pks12 files you can email the file yourself and open the attachment. If you have multiple files put them on your sd card.</p><p>Click on the email attachment/Use the folder icon in the vpn list to import the config file</p><p>If there are errors about missing files put the missing files on your sd card.</p><p>Click on the save symbol to add the imported VPN to your VPN list</p><p>Connect the VPN by clicking on the name of the VPN</p><p>If there are error or warnings in the log try to understand the warnings/error and try to fix them</p> </string> + <string name="faq_howto"><p>Get a working config (tested on your computer or download from your provider/organisation)</p><p>If it is a single file no with no extra pem/pks12 files you can email the file yourself and open the attachment. If you have multiple files put them on your sd card.</p><p>Click on the email attachment/Use the folder icon in the vpn list to import the config file</p><p>If there are errors about missing files put the missing files on your sd card.</p><p>Click on the save symbol to add the imported VPN to your VPN list</p><p>Connect the VPN by clicking on the name of the VPN</p><p>If there are error or warnings in the log try to understand the warnings/error and try to fix them</p> </string> <string name="faq_howto_title">Quick Start</string> <string name="setting_loadtun_summary">Try to load the tun.ko kernel module before trying to connect. Needs rooted devices.</string> <string name="setting_loadtun">Load tun module</string> @@ -205,7 +203,7 @@ <string name="using_proxy">Using proxy %1$s %2$d</string> <string name="use_system_proxy">Use system proxy</string> <string name="use_system_proxy_summary">Use the system wide configuration for HTTP/HTTPS proxies to connect.</string> - <string name="donatewithpaypal">You can <a href=\"https://www.paypal.com/cgi-bin/webscr?hosted_button_id=R2M6ZP9AF25LS&amp;cmd=_s-xclick\">donate with PayPal</a> </string> + <string name="donatewithpaypal">You can <a href=\"https://www.paypal.com/cgi-bin/webscr?hosted_button_id=R2M6ZP9AF25LS&amp;cmd=_s-xclick\">donate with PayPal</a> </string> <string name="onbootrestartsummary">OpenVPN will reconnect a VPN if it was active on system reboot/shutdown. Please read the Connection warning FAQ before using this option.</string> <string name="onbootrestart">Reconnect on reboot</string> <string name="ignore">Ignore</string> @@ -216,8 +214,8 @@ <string name="faq_duplicate_notification_title">Duplicate notifications</string> <string name="faq_duplicate_notification">If Android is under system memory (RAM) pressure, apps and service which are not needed at the moment are removed from active memory. This terminates an ongoing VPN connection. To ensure that the connection/OpenVPN survives the service runs with higher priority. To run with higher priority the application must display a notification. The key notification icon is imposed by the system as described in the previous FAQ entry. It does not count as app notification for purpose of running with higher priority.</string> <string name="no_vpn_profiles_defined">No VPN profiles defined.</string> - <string name="add_new_vpn_hint">Use the <img src=\"ic_menu_add\"/> icon to add a new VPN</string> - <string name="vpn_import_hint">Use the <img src=\"ic_menu_archive\"/> icon to import an existing (.ovpn or .conf) profile from your sdcard.</string> + <string name="add_new_vpn_hint">Use the <img src=\"ic_menu_add\"/> icon to add a new VPN</string> + <string name="vpn_import_hint">Use the <img src=\"ic_menu_archive\"/> icon to import an existing (.ovpn or .conf) profile from your sdcard.</string> <string name="faq_hint">Be sure to also check out the FAQ. There is a quick start guide.</string> <string name="correcttls">Convert remote-tls format from OpenVPN 2.2 to 2.3 format</string> <string name="faq_routing_title">Routing/Interface Configuration</string> @@ -228,5 +226,15 @@ <string name="openvpn_log">OpenVPN Log</string> <string name="import_config">Import OpenVPN configuration</string> <string name="battery_consumption_title">Battery consumption</string> - <string name="baterry_consumption">In my personal tests the main reason for high battery consumption of OpenVPN are the keepalive packets. Most OpenVPN servers have a configuration directive like \'keepalive 10 60\' which translates to a keepalive packet from client to server and server to client every ten seconds. <p> While these packets are small and do not use much traffic, they keep the mobile radio network busy and increase the energy consumption. <p> This keepalive setting cannot be changed on the client. Only the system administrator of the OpenVPN can change the setting. <p> Unfortunatly using a keepalive larger than 60 seconds with udp has problems with some NAT gateways which terminate the state for a connnection after a short timeout (60s in my tests). Using TCP with long keepalive timeout works but has the TCP over TCP problem. (See <a href=\"http://sites.inka.de/bigred/devel/tcp-tcp.html\">Why TCP Over TCP Is A Bad Ide</a>)</string> + <string name="baterry_consumption">In my personal tests the main reason for high battery consumption of OpenVPN are the keepalive packets. Most OpenVPN servers have a configuration directive like \'keepalive 10 60\' which translates to a keepalive packet from client to server and server to client every ten seconds. <p> While these packets are small and do not use much traffic, they keep the mobile radio network busy and increase the energy consumption. <p> This keepalive setting cannot be changed on the client. Only the system administrator of the OpenVPN can change the setting. <p> Unfortunatly using a keepalive larger than 60 seconds with udp has problems with some NAT gateways which terminate the state for a connnection after a short timeout (60s in my tests). Using TCP with long keepalive timeout works but has the TCP over TCP problem. (See <a href=\"http://sites.inka.de/bigred/devel/tcp-tcp.html\">Why TCP Over TCP Is A Bad Ide</a>)</string> + <string name="faq_tethering">The Android Tethering feature (over WiFi, USB or Bluetooth) and the VPNService API (used by this program) do not work together. For more details see the <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=34\">issue #34</a></string> + <string name="vpn_tethering_title">VPN and Tethering</string> + <string name="connection_retries">Connection retries</string> + <string name="reconnection_settings">Reconnection settings</string> + <string name="connectretrymessage">Number of seconds to wait between connection attempts.</string> + <string name="connectretrywait">Seconds between connections</string> + <string name="minidump_generated">OpenVPN crashed unexpectedly. Please consider using the send Minidump option in the main menu</string> + <string name="send_minidump">Send Minidump to developer</string> + <string name="send_minidump_summary">Send debugging information about last crash to developer</string> + </resources> diff --git a/res/values/untranslatable.xml b/res/values/untranslatable.xml index cb5bea14..d5a30a03 100644 --- a/res/values/untranslatable.xml +++ b/res/values/untranslatable.xml @@ -31,5 +31,11 @@ <item>4</item> <item>5</item> </string-array> - -</resources> + <string-array name="crm_values" translatable="false"> + <item>1</item> + <item>2</item> + <item>5</item> + <item>50</item> + <item>-1</item> + </string-array> + </resources> diff --git a/res/xml/vpn_obscure.xml b/res/xml/vpn_obscure.xml index c99e039c..ecdd4e29 100644 --- a/res/xml/vpn_obscure.xml +++ b/res/xml/vpn_obscure.xml @@ -24,6 +24,20 @@ android:summary="@string/persisttun_summary" android:title="@string/persistent_tun_title" /> + <PreferenceCategory android:title="@string/reconnection_settings" > + <ListPreference + android:entries="@array/crm_entries" + android:entryValues="@array/crm_values" + android:key="connectretrymax" + android:persistent="false" + android:title="@string/connection_retries" /> + + <EditTextPreference + android:dialogMessage="@string/connectretrymessage" + android:key="connectretry" + android:persistent="false" + android:title="@string/connectretrywait" /> + </PreferenceCategory> <PreferenceCategory android:title="@string/custom_config_title" > <CheckBoxPreference android:key="enableCustomOptions" diff --git a/src/de/blinkt/openvpn/ConfigConverter.java b/src/de/blinkt/openvpn/ConfigConverter.java index 3f204368..40aa24e0 100644 --- a/src/de/blinkt/openvpn/ConfigConverter.java +++ b/src/de/blinkt/openvpn/ConfigConverter.java @@ -6,6 +6,7 @@ import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; +import java.io.InputStreamReader; import java.util.List; import java.util.Vector; @@ -143,23 +144,22 @@ public class ConfigConverter extends ListActivity { private Intent installPKCS12() { if(!((CheckBox)findViewById(R.id.importpkcs12)).isChecked()) { - embedPKCS12File(); + setAuthTypeToEmbeddedPKCS12(); return null; + } - - File possiblepkcs12 = findFile(mResult.mPKCS12Filename); - if(possiblepkcs12!=null) { + String pkcs12datastr = mResult.mPKCS12Filename; + if(pkcs12datastr!=null && pkcs12datastr.startsWith(VpnProfile.INLINE_TAG)) { Intent inkeyintent = KeyChain.createInstallIntent(); - byte[] pkcs12data; - try { - pkcs12data = readBytesFromFile(possiblepkcs12); - } catch (IOException e) { - return null; - } + + pkcs12datastr= pkcs12datastr.substring(VpnProfile.INLINE_TAG.length()); + + + byte[] pkcs12data = Base64.decode(pkcs12datastr, Base64.DEFAULT); + inkeyintent.putExtra(KeyChain.EXTRA_PKCS12,pkcs12data ); - mAliasName = possiblepkcs12.getName().replace(".p12", ""); if(mAliasName.equals("")) mAliasName=null; @@ -174,9 +174,8 @@ public class ConfigConverter extends ListActivity { - private void embedPKCS12File() { - mResult.mPKCS12Filename = embedFile(mResult.mPKCS12Filename,true); - if(mResult.mPKCS12Filename.startsWith(VpnProfile.INLINE_TAG)) { + private void setAuthTypeToEmbeddedPKCS12() { + if(mResult.mPKCS12Filename!=null && mResult.mPKCS12Filename.startsWith(VpnProfile.INLINE_TAG)) { if(mResult.mAuthenticationType==VpnProfile.TYPE_USERPASS_KEYSTORE) mResult.mAuthenticationType=VpnProfile.TYPE_USERPASS_PKCS12; @@ -228,13 +227,24 @@ public class ConfigConverter extends ListActivity { File possibleFile = findFile(filename); if(possibleFile==null) - return null; + return filename; else return readFileContent(possibleFile,base64encode); } - private File findFile(String filename) + private File findFile(String filename) { + File foundfile =findFileRaw(filename); + + if (foundfile==null && filename!=null && !filename.equals("")) + log(R.string.import_could_not_open,filename); + + return foundfile; + } + + + + private File findFileRaw(String filename) { if(filename == null || filename.equals("")) return null; @@ -274,7 +284,6 @@ public class ConfigConverter extends ListActivity { } } - log(R.string.import_could_not_open,filename); return null; } @@ -324,10 +333,22 @@ public class ConfigConverter extends ListActivity { // This where I would like to have a c++ style // void embedFile(std::string & option) + if (mResult.mPKCS12Filename!=null) { + File pkcs12file = findFileRaw(mResult.mPKCS12Filename); + if(pkcs12file!=null) { + mAliasName = pkcs12file.getName().replace(".p12", ""); + } else { + mAliasName = "Imported PKCS12"; + } + } + + mResult.mCaFilename = embedFile(mResult.mCaFilename); mResult.mClientCertFilename = embedFile(mResult.mClientCertFilename); mResult.mClientKeyFilename = embedFile(mResult.mClientKeyFilename); mResult.mTLSAuthFilename = embedFile(mResult.mTLSAuthFilename); + mResult.mPKCS12Filename = embedFile(mResult.mPKCS12Filename,true); + if(mResult.mUsername != null && !mResult.mUsername.equals("")){ String data =embedFile(mResult.mUsername); @@ -387,7 +408,9 @@ public class ConfigConverter extends ListActivity { private void doImport(InputStream is) { ConfigParser cp = new ConfigParser(); try { - cp.parseConfig(is); + InputStreamReader isr = new InputStreamReader(is); + + cp.parseConfig(isr); VpnProfile vp = cp.convertProfile(); mResult = vp; embedFiles(); diff --git a/src/de/blinkt/openvpn/ConfigParser.java b/src/de/blinkt/openvpn/ConfigParser.java index 3d20bc31..cdec964e 100644 --- a/src/de/blinkt/openvpn/ConfigParser.java +++ b/src/de/blinkt/openvpn/ConfigParser.java @@ -4,7 +4,9 @@ import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; +import java.io.Reader; import java.util.HashMap; +import java.util.Locale; import java.util.Vector; //! Openvpn Config FIle Parser, probably not 100% accurate but close enough @@ -17,11 +19,10 @@ public class ConfigParser { private HashMap<String, Vector<Vector<String>>> options = new HashMap<String, Vector<Vector<String>>>(); - public void parseConfig(InputStream inputStream) throws IOException, ConfigParseError { + public void parseConfig(Reader reader) throws IOException, ConfigParseError { - InputStreamReader fr = new InputStreamReader(inputStream); - BufferedReader br =new BufferedReader(fr); + BufferedReader br =new BufferedReader(reader); @SuppressWarnings("unused") int lineno=0; @@ -85,7 +86,7 @@ public class ConfigParser { private boolean space(char c) { // I really hope nobody is using zero bytes inside his/her config file // to sperate parameter but here we go: - return Character.isSpace(c) || c == '\0'; + return Character.isWhitespace(c) || c == '\0'; } @@ -229,10 +230,14 @@ public class ConfigParser { "route-gateway", "route-metric", "route-method", + "status", + "script-security", "show-net-up", "suppress-timestamps", "tmp-dir", + "tun-ipv6", "topology", + "win-sys", }; @@ -351,10 +356,12 @@ public class ConfigParser { Vector<String> proto = getOption("proto", 1,1); if(proto!=null){ - if(proto.get(1).equals("udp")) + if(proto.get(1).equals("udp") || proto.get(1).equals("udp6")) np.mUseUdp=true; else if (proto.get(1).equals("tcp-client") || - proto.get(1).equals("tcp")) + proto.get(1).equals("tcp") || + proto.get(1).equals("tcp6") || + proto.get(1).endsWith("tcp6-client")) np.mUseUdp=false; else throw new ConfigParseError("Unsupported option to --proto " + proto.get(1)); @@ -437,6 +444,21 @@ public class ConfigParser { if(getOption("persist-tun", 0,0) != null) np.mPersistTun=true; + Vector<String> connectretry = getOption("connect-retry", 1, 1); + if(connectretry!=null) + np.mConnectRetry =connectretry.get(1); + + Vector<String> connectretrymax = getOption("connect-retry-max", 1, 1); + if(connectretrymax!=null) + np.mConnectRetryMax =connectretrymax.get(1); + + Vector<Vector<String>> remotetls = getAllOption("remote-cert-tls", 1, 1); + if(remotetls!=null) + if(remotetls.get(0).get(1).equals("server")) + np.mExpectTLSCert=true; + else + options.put("remotetls",remotetls); + Vector<String> authuser = getOption("auth-user-pass",0,1); if(authuser !=null){ @@ -512,7 +534,7 @@ public class ConfigParser { for(Vector<String> optionline:args) if(optionline.size()< (minarg+1) || optionline.size() > maxarg+1) { - String err = String.format("Option %s has %d parameters, expected between %d and %d", + String err = String.format(Locale.getDefault(),"Option %s has %d parameters, expected between %d and %d", option,optionline.size()-1,minarg,maxarg ); throw new ConfigParseError(err); } diff --git a/src/de/blinkt/openvpn/FaqFragment.java b/src/de/blinkt/openvpn/FaqFragment.java index 79029757..a358dc9a 100644 --- a/src/de/blinkt/openvpn/FaqFragment.java +++ b/src/de/blinkt/openvpn/FaqFragment.java @@ -22,9 +22,10 @@ public class FaqFragment extends Fragment { Bundle savedInstanceState) { View v= inflater.inflate(R.layout.faq, container, false); - insertHtmlEntry(v,R.id.brokenimages,R.string.broken_images_faq); + insertHtmlEntry(v,R.id.broken_images_faq,R.string.broken_images_faq); insertHtmlEntry(v,R.id.faq_howto,R.string.faq_howto); - insertHtmlEntry(v, R.id.faq_battery, R.string.baterry_consumption); + insertHtmlEntry(v, R.id.baterry_consumption, R.string.baterry_consumption); + insertHtmlEntry(v, R.id.faq_tethering, R.string.faq_tethering); return v; diff --git a/src/de/blinkt/openvpn/FileProvider.java b/src/de/blinkt/openvpn/FileProvider.java new file mode 100644 index 00000000..e86b544f --- /dev/null +++ b/src/de/blinkt/openvpn/FileProvider.java @@ -0,0 +1,157 @@ +/* + * Copyright (C) 2011 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package de.blinkt.openvpn; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; + +import android.content.ContentProvider; +import android.content.ContentProvider.PipeDataWriter; +import android.content.ContentValues; +import android.content.res.AssetFileDescriptor; +import android.database.Cursor; +import android.database.MatrixCursor; +import android.net.Uri; +import android.os.Bundle; +import android.os.ParcelFileDescriptor; +import android.provider.OpenableColumns; +import android.util.Log; + +/** + * A very simple content provider that can serve arbitrary asset files from + * our .apk. + */ +public class FileProvider extends ContentProvider +implements PipeDataWriter<InputStream> { + @Override + public boolean onCreate() { + return true; + } + + @Override + public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, + String sortOrder) { + try { + File dumpfile = getFileFromURI(uri); + + + MatrixCursor c = new MatrixCursor(projection); + + Object[] row = new Object[projection.length]; + int i=0; + for (String r:projection) { + if(r.equals(OpenableColumns.SIZE)) + row[i] = dumpfile.length(); + if(r.equals(OpenableColumns.DISPLAY_NAME)) + row[i] = dumpfile.getName(); + i++; + } + c.addRow(row); + return c; + } catch (FileNotFoundException e) { + e.printStackTrace(); + return null; + } + + + } + + @Override + public Uri insert(Uri uri, ContentValues values) { + // Don't support inserts. + return null; + } + + @Override + public int delete(Uri uri, String selection, String[] selectionArgs) { + // Don't support deletes. + return 0; + } + + @Override + public int update(Uri uri, ContentValues values, String selection, String[] selectionArgs) { + // Don't support updates. + return 0; + } + + @Override + public String getType(Uri uri) { + // For this sample, assume all files are .apks. + return "application/octet-stream"; + } + + @Override + public AssetFileDescriptor openAssetFile(Uri uri, String mode) throws FileNotFoundException { + File dumpfile = getFileFromURI(uri); + + try { + + InputStream is = new FileInputStream(dumpfile); + // Start a new thread that pipes the stream data back to the caller. + return new AssetFileDescriptor( + openPipeHelper(uri, null, null, is, this), 0, + dumpfile.length()); + } catch (IOException e) { + FileNotFoundException fnf = new FileNotFoundException("Unable to open minidump " + uri); + throw fnf; + } + } + + private File getFileFromURI(Uri uri) throws FileNotFoundException { + // Try to open an asset with the given name. + String path = uri.getPath(); + if(path.startsWith("/")) + path = path.replaceFirst("/", ""); + + // I think this already random enough, no need for magic secure cookies + // 1f9563a4-a1f5-2165-255f2219-111823ef.dmp + if (!path.matches("^[0-9a-z-.]*(dmp|dmp.log)$")) + throw new FileNotFoundException("url not in expect format " + uri); + File cachedir = getContext().getCacheDir(); + File dumpfile = new File(cachedir,path); + return dumpfile; + } + + @Override + public void writeDataToPipe(ParcelFileDescriptor output, Uri uri, String mimeType, + Bundle opts, InputStream args) { + // Transfer data from the asset to the pipe the client is reading. + byte[] buffer = new byte[8192]; + int n; + FileOutputStream fout = new FileOutputStream(output.getFileDescriptor()); + try { + while ((n=args.read(buffer)) >= 0) { + fout.write(buffer, 0, n); + } + } catch (IOException e) { + Log.i("OpenVPNFileProvider", "Failed transferring", e); + } finally { + try { + args.close(); + } catch (IOException e) { + } + try { + fout.close(); + } catch (IOException e) { + } + } + } +} diff --git a/src/de/blinkt/openvpn/LaunchVPN.java b/src/de/blinkt/openvpn/LaunchVPN.java index c89704fa..bc0a4cf2 100644 --- a/src/de/blinkt/openvpn/LaunchVPN.java +++ b/src/de/blinkt/openvpn/LaunchVPN.java @@ -73,8 +73,8 @@ import android.widget.TextView; */ public class LaunchVPN extends ListActivity implements OnItemClickListener { - static final String EXTRA_KEY = "de.blinkt.openvpn.shortcutProfileUUID"; - static final String EXTRA_NAME = "de.blinkt.openvpn.shortcutProfileName"; + public static final String EXTRA_KEY = "de.blinkt.openvpn.shortcutProfileUUID"; + public static final String EXTRA_NAME = "de.blinkt.openvpn.shortcutProfileName"; public static final String EXTRA_HIDELOG = "de.blinkt.openvpn.showNoLogWindow";; private static final int START_VPN_PROFILE= 70; diff --git a/src/de/blinkt/openvpn/LogWindow.java b/src/de/blinkt/openvpn/LogWindow.java index 8d228cf1..790e143a 100644 --- a/src/de/blinkt/openvpn/LogWindow.java +++ b/src/de/blinkt/openvpn/LogWindow.java @@ -76,6 +76,7 @@ public class LogWindow extends ListActivity implements StateListener { return str; } + private void shareLog() { Intent shareIntent = new Intent(Intent.ACTION_SEND); shareIntent.putExtra(Intent.EXTRA_TEXT, getLogStr()); @@ -215,12 +216,13 @@ public class LogWindow extends ListActivity implements StateListener { OpenVpnManagementThread.stopOpenVPN(); } }); - + builder.show(); return true; } else if(item.getItemId()==R.id.info) { if(mBconfig==null) OpenVPN.triggerLogBuilderConfig(); + } else if(item.getItemId()==R.id.send) { ladapter.shareLog(); } else if(item.getItemId()==R.id.edit_vpn) { @@ -252,6 +254,7 @@ public class LogWindow extends ListActivity implements StateListener { return true; } + @Override protected void onResume() { super.onResume(); diff --git a/src/de/blinkt/openvpn/MainActivity.java b/src/de/blinkt/openvpn/MainActivity.java index 9b329817..32cf575b 100644 --- a/src/de/blinkt/openvpn/MainActivity.java +++ b/src/de/blinkt/openvpn/MainActivity.java @@ -1,8 +1,11 @@ package de.blinkt.openvpn; +import java.io.File; +import java.util.ArrayList; import java.util.List; import android.content.Intent; +import android.net.Uri; import android.preference.PreferenceActivity; public class MainActivity extends PreferenceActivity { @@ -19,6 +22,15 @@ public class MainActivity extends PreferenceActivity { translation.summary = translatedby; target.add(translation); } + + if(SendDumpActivity.getLastestDump(this)!=null) { + Header sendDump = new Header(); + sendDump.titleRes = R.string.send_minidump; + sendDump.summaryRes = R.string.send_minidump_summary; + sendDump.intent = new Intent(this,SendDumpActivity.class); + target.add(sendDump); + } + } @Override @@ -29,4 +41,6 @@ public class MainActivity extends PreferenceActivity { } + + } diff --git a/src/de/blinkt/openvpn/NetworkSateReceiver.java b/src/de/blinkt/openvpn/NetworkSateReceiver.java index 6c38a0cb..e20c8e52 100644 --- a/src/de/blinkt/openvpn/NetworkSateReceiver.java +++ b/src/de/blinkt/openvpn/NetworkSateReceiver.java @@ -6,11 +6,7 @@ import android.content.Intent; import android.content.SharedPreferences;
import android.net.ConnectivityManager;
import android.net.NetworkInfo;
-import android.net.NetworkInfo.DetailedState;
import android.net.NetworkInfo.State;
-import android.net.wifi.SupplicantState;
-import android.net.wifi.WifiInfo;
-import android.net.wifi.WifiManager;
import android.preference.PreferenceManager;
public class NetworkSateReceiver extends BroadcastReceiver {
diff --git a/src/de/blinkt/openvpn/OpenVPN.java b/src/de/blinkt/openvpn/OpenVPN.java index 6b65c22e..0ae681bc 100644 --- a/src/de/blinkt/openvpn/OpenVPN.java +++ b/src/de/blinkt/openvpn/OpenVPN.java @@ -7,10 +7,10 @@ import android.content.Context; import android.os.Build; public class OpenVPN { - + public static LinkedList<LogItem> logbuffer; - + private static Vector<LogListener> logListener; private static Vector<StateListener> stateListener; private static String[] mBconfig; @@ -18,14 +18,14 @@ public class OpenVPN { private static String mLaststatemsg; private static String mLaststate; - + static { logbuffer = new LinkedList<LogItem>(); logListener = new Vector<OpenVPN.LogListener>(); stateListener = new Vector<OpenVPN.StateListener>(); logInformation(); } - + static class LogItem { public static final int ERROR = 1; public static final int INFO = 2; @@ -36,20 +36,20 @@ public class OpenVPN { private int mRessourceId; // Default log priority int mLevel = INFO; - + public LogItem(int ressourceId, Object[] args) { - mRessourceId = ressourceId; - mArgs = args; + mRessourceId = ressourceId; + mArgs = args; } - + public LogItem(int loglevel,int ressourceId, Object[] args) { - mRessourceId = ressourceId; - mArgs = args; - mLevel = loglevel; - } + mRessourceId = ressourceId; + mArgs = args; + mLevel = loglevel; + } + - public LogItem(String message) { mMessage = message; } @@ -70,28 +70,32 @@ public class OpenVPN { if(mMessage !=null) { return mMessage; } else { - if(mArgs == null) - return c.getString(mRessourceId); - else - return c.getString(mRessourceId,mArgs); + if(c!=null) { + if(mArgs == null) + return c.getString(mRessourceId); + else + return c.getString(mRessourceId,mArgs); + } else { + return String.format("Log (no context) resid %d", mRessourceId); + } } } } - + private static final int MAXLOGENTRIES = 200; public static final String MANAGMENT_PREFIX = "M:"; - + public interface LogListener { void newLog(LogItem logItem); } - + public interface StateListener { void updateState(String state, String logmessage); } @@ -108,7 +112,7 @@ public class OpenVPN { } private static void logInformation() { - + logInfo(R.string.mobile_info,Build.MODEL, Build.BOARD,Build.BRAND,Build.VERSION.SDK_INT); } @@ -120,7 +124,7 @@ public class OpenVPN { logListener.remove(ll); } - + synchronized static void addStateListener(StateListener sl){ stateListener.add(sl); if(mLaststate!=null) @@ -156,14 +160,14 @@ public class OpenVPN { public synchronized static void updateStateString(String state, String msg) { mLaststate= state; mLaststatemsg = msg; - + for (StateListener sl : stateListener) { sl.updateState(state,msg); } } public static void logInfo(String message) { - + newlogItem(new LogItem(LogItem.INFO, message)); } public static void logInfo(int ressourceId, Object... args) { @@ -174,7 +178,7 @@ public class OpenVPN { logbuffer.addLast(logItem); if(logbuffer.size()>MAXLOGENTRIES) logbuffer.removeFirst(); - + for (LogListener ll : logListener) { ll.newLog(logItem); } @@ -182,7 +186,7 @@ public class OpenVPN { public static void logError(String msg) { newlogItem(new LogItem(LogItem.ERROR, msg)); - + } public static void logError(int ressourceId) { @@ -191,6 +195,6 @@ public class OpenVPN { public static void logError(int ressourceId, Object... args) { newlogItem(new LogItem(LogItem.ERROR, ressourceId,args)); } - - + + } diff --git a/src/de/blinkt/openvpn/OpenVPNThread.java b/src/de/blinkt/openvpn/OpenVPNThread.java index b4ead269..7d58552a 100644 --- a/src/de/blinkt/openvpn/OpenVPNThread.java +++ b/src/de/blinkt/openvpn/OpenVPNThread.java @@ -1,19 +1,24 @@ package de.blinkt.openvpn;
import java.io.BufferedReader;
+import java.io.BufferedWriter;
+import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.LinkedList;
import android.util.Log;
+import de.blinkt.openvpn.OpenVPN.LogItem;
public class OpenVPNThread implements Runnable {
+ private static final String DUMP_PATH_STRING = "Dump path: ";
private static final String TAG = "OpenVPN";
private String[] mArgv;
private Process mProcess;
private String mNativeDir;
private OpenVpnService mService;
+ private String mDumpPath;
public OpenVPNThread(OpenVpnService service,String[] argv, String nativelibdir)
{
@@ -39,15 +44,28 @@ public class OpenVPNThread implements Runnable { } finally {
int exitvalue = 0;
try {
- exitvalue = mProcess.exitValue();
+ exitvalue = mProcess.waitFor();
} catch ( IllegalThreadStateException ite) {
OpenVPN.logError("Illegal Thread state: " + ite.getLocalizedMessage());
+ } catch (InterruptedException ie) {
+ OpenVPN.logError("InterruptedException: " + ie.getLocalizedMessage());
}
if( exitvalue != 0)
OpenVPN.logError("Process exited with exit value " + exitvalue);
OpenVPN.updateStateString("NOPROCESS","No process running.");
-
+ if(mDumpPath!=null) {
+ try {
+ BufferedWriter logout = new BufferedWriter(new FileWriter(mDumpPath + ".log"));
+ for(LogItem li :OpenVPN.getlogbuffer()){
+ logout.write(li.getString(null) + "\n");
+ }
+ logout.close();
+ OpenVPN.logError(R.string.minidump_generated);
+ } catch (IOException e) {
+ OpenVPN.logError("Writing minidump log: " +e.getLocalizedMessage());
+ }
+ }
mService.processDied();
Log.i(TAG, "Exiting");
@@ -84,12 +102,15 @@ public class OpenVPNThread implements Runnable { mProcess.getOutputStream().close();
InputStream in = mProcess.getInputStream();
BufferedReader br = new BufferedReader(new InputStreamReader(in));
-
-
+
while(true) {
String logline = br.readLine();
- if(logline==null)
+ if (logline.startsWith(DUMP_PATH_STRING))
+ mDumpPath = logline.substring(DUMP_PATH_STRING.length());
+
+ if(logline==null) {
return;
+ }
OpenVPN.logMessage(0, "P:", logline);
}
diff --git a/src/de/blinkt/openvpn/OpenVpnManagementThread.java b/src/de/blinkt/openvpn/OpenVpnManagementThread.java index 24537732..4e26c44b 100644 --- a/src/de/blinkt/openvpn/OpenVpnManagementThread.java +++ b/src/de/blinkt/openvpn/OpenVpnManagementThread.java @@ -39,7 +39,8 @@ public class OpenVpnManagementThread implements Runnable { private long mLastOut=0;
private LocalServerSocket mServerSocket;
private boolean mReleaseHold=true;
- private boolean mWaitingForRelease=false;
+ private boolean mWaitingForRelease=false;
+ private long mLastHoldRelease=0;
private static Vector<OpenVpnManagementThread> active=new Vector<OpenVpnManagementThread>();
@@ -223,18 +224,24 @@ public class OpenVpnManagementThread implements Runnable { }
}
private void releaseHoldCmd() {
+ if ((System.currentTimeMillis()- mLastHoldRelease) < 5000) {
+ try {
+ Thread.sleep(3000);
+ } catch (InterruptedException e) {}
+
+ }
mWaitingForRelease=false;
- mReleaseHold=true;
+ mLastHoldRelease = System.currentTimeMillis();
managmentCommand("hold release\n");
managmentCommand("bytecount " + mBytecountinterval + "\n");
managmentCommand("state on\n");
}
public void releaseHold() {
+ mReleaseHold=true;
if(mWaitingForRelease)
releaseHoldCmd();
- else
- mReleaseHold=true;
+
}
private void processProxyCMD(String argument) {
@@ -459,9 +466,9 @@ public class OpenVpnManagementThread implements Runnable { }
public void signalusr1() {
+ mReleaseHold=false;
if(!mWaitingForRelease)
managmentCommand("signal SIGUSR1\n");
- mReleaseHold=false;
}
public void reconnect() {
@@ -473,11 +480,12 @@ public class OpenVpnManagementThread implements Runnable { PrivateKey privkey = mProfile.getKeystoreKey();
Exception err =null;
- // The Jelly Bean *evil* Hack
byte[] data = Base64.decode(b64data, Base64.DEFAULT);
- if(Build.VERSION.SDK_INT>=16){
+ // The Jelly Bean *evil* Hack
+ // 4.2 implements the RSA/ECB/PKCS1PADDING in the OpenSSLprovider
+ if(Build.VERSION.SDK_INT==16){
processSignJellyBeans(privkey,data);
return;
}
diff --git a/src/de/blinkt/openvpn/OpenVpnService.java b/src/de/blinkt/openvpn/OpenVpnService.java index ca199cc6..603f86ce 100644 --- a/src/de/blinkt/openvpn/OpenVpnService.java +++ b/src/de/blinkt/openvpn/OpenVpnService.java @@ -19,6 +19,7 @@ package de.blinkt.openvpn; import java.io.IOException; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; +import java.util.Locale; import java.util.Vector; import android.app.Notification; @@ -104,22 +105,11 @@ public class OpenVpnService extends VpnService implements StateListener { // Try to set the priority available since API 16 (Jellybean) - if( lowpriority) { - try { - Method setpriority = nbuilder.getClass().getMethod("setPriority", int.class); - // PRIORITY_MIN == -2 - setpriority.invoke(nbuilder, -2 ); - - //ignore exception - } catch (NoSuchMethodException nsm) { - } catch (IllegalArgumentException e) { - } catch (IllegalAccessException e) { - } catch (InvocationTargetException e) { - } - } + jbNotificationExtras(lowpriority, nbuilder); if(tickerText!=null) nbuilder.setTicker(tickerText); + @SuppressWarnings("deprecation") Notification notification = nbuilder.getNotification(); @@ -127,6 +117,29 @@ public class OpenVpnService extends VpnService implements StateListener { startForeground(OPENVPN_STATUS, notification); } + private void jbNotificationExtras(boolean lowpriority, + android.app.Notification.Builder nbuilder) { + try { + if( lowpriority) { + Method setpriority = nbuilder.getClass().getMethod("setPriority", int.class); + // PRIORITY_MIN == -2 + setpriority.invoke(nbuilder, -2 ); + +/* PendingIntent cancelconnet=null; + + nbuilder.addAction(android.R.drawable.ic_menu_close_clear_cancel, + getString(R.string.cancel_connection),cancelconnet); */ + } + + //ignore exception + } catch (NoSuchMethodException nsm) { + } catch (IllegalArgumentException e) { + } catch (IllegalAccessException e) { + } catch (InvocationTargetException e) { + } + + } + PendingIntent getLogPendingIntent() { // Let the configure Button show the Log Intent intent = new Intent(getBaseContext(),LogWindow.class); @@ -436,11 +449,11 @@ public class OpenVpnService extends VpnService implements StateListener { } else { mDisplayBytecount = false; } - + // Other notifications are shown, // This also mean we are no longer connected, ignore bytecount messages until next // CONNECTED - String ticker = state.toLowerCase(); + String ticker = state.toLowerCase(Locale.getDefault()); showNotification(state +" " + logmessage,ticker,false,0); } diff --git a/src/de/blinkt/openvpn/ProfileManager.java b/src/de/blinkt/openvpn/ProfileManager.java index d2e08a97..9457b53f 100644 --- a/src/de/blinkt/openvpn/ProfileManager.java +++ b/src/de/blinkt/openvpn/ProfileManager.java @@ -51,7 +51,7 @@ public class ProfileManager { } } - public static ProfileManager getInstance(Context context) { + synchronized public static ProfileManager getInstance(Context context) { checkInstance(context); return instance; } diff --git a/src/de/blinkt/openvpn/SendDumpActivity.java b/src/de/blinkt/openvpn/SendDumpActivity.java new file mode 100644 index 00000000..8a09b535 --- /dev/null +++ b/src/de/blinkt/openvpn/SendDumpActivity.java @@ -0,0 +1,60 @@ +package de.blinkt.openvpn; + +import java.io.File; +import java.util.ArrayList; + +import android.app.Activity; +import android.content.Context; +import android.content.Intent; +import android.net.Uri; + +public class SendDumpActivity extends Activity { + + protected void onStart() { + super.onStart(); + emailMiniDumps(); + finish(); + }; + + public void emailMiniDumps() + { + //need to "send multiple" to get more than one attachment + final Intent emailIntent = new Intent(android.content.Intent.ACTION_SEND_MULTIPLE); + emailIntent.setType("*/*"); + emailIntent.putExtra(android.content.Intent.EXTRA_EMAIL, + new String[]{"Arne Schwabe <arne@rfc2549.org>"}); + emailIntent.putExtra(Intent.EXTRA_SUBJECT, "OpenVPN Minidump"); + + emailIntent.putExtra(Intent.EXTRA_TEXT, "Please describe the issue you have experienced"); + + ArrayList<Uri> uris = new ArrayList<Uri>(); + + File ldump = getLastestDump(this); + if(ldump==null) { + OpenVPN.logError("No Minidump found!"); + } + + uris.add(Uri.parse("content://de.blinkt.openvpn.FileProvider/" + ldump.getName())); + uris.add(Uri.parse("content://de.blinkt.openvpn.FileProvider/" + ldump.getName() + ".log")); + + emailIntent.addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); + emailIntent.putParcelableArrayListExtra(Intent.EXTRA_STREAM, uris); + startActivity(emailIntent); + } + + static public File getLastestDump(Context c) { + long newestDumpTime=0; + File newestDumpFile=null; + + for(File f:c.getCacheDir().listFiles()) { + if(!f.getName().endsWith(".dmp")) + continue; + + if (newestDumpTime < f.lastModified()) { + newestDumpTime = f.lastModified(); + newestDumpFile=f; + } + } + return newestDumpFile; + } +} diff --git a/src/de/blinkt/openvpn/Settings_Obscure.java b/src/de/blinkt/openvpn/Settings_Obscure.java index f7a63043..160dbe0c 100644 --- a/src/de/blinkt/openvpn/Settings_Obscure.java +++ b/src/de/blinkt/openvpn/Settings_Obscure.java @@ -14,13 +14,15 @@ public class Settings_Obscure extends OpenVpnPreferencesFragment implements OnPr private EditTextPreference mCustomConfig; private ListPreference mLogverbosity; private CheckBoxPreference mPersistent; + private ListPreference mConnectretrymax; + private EditTextPreference mConnectretry; @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); // Load the preferences from an XML resource addPreferencesFromResource(R.xml.vpn_obscure); - + mUseRandomHostName = (CheckBoxPreference) findPreference("useRandomHostname"); mUseFloat = (CheckBoxPreference) findPreference("useFloat"); @@ -28,10 +30,17 @@ public class Settings_Obscure extends OpenVpnPreferencesFragment implements OnPr mCustomConfig = (EditTextPreference) findPreference("customOptions"); mLogverbosity = (ListPreference) findPreference("verblevel"); mPersistent = (CheckBoxPreference) findPreference("usePersistTun"); - + mConnectretrymax = (ListPreference) findPreference("connectretrymax"); + mConnectretry = (EditTextPreference) findPreference("connectretry"); + mLogverbosity.setOnPreferenceChangeListener(this); mLogverbosity.setSummary("%s"); + mConnectretrymax.setOnPreferenceChangeListener(this); + mConnectretrymax.setSummary("%s"); + + mConnectretry.setOnPreferenceChangeListener(this); + loadSettings(); @@ -46,6 +55,12 @@ public class Settings_Obscure extends OpenVpnPreferencesFragment implements OnPr mLogverbosity.setValue(mProfile.mVerb); onPreferenceChange(mLogverbosity, mProfile.mVerb); + + mConnectretrymax.setValue(mProfile.mConnectRetryMax); + onPreferenceChange(mConnectretrymax, mProfile.mConnectRetryMax); + + mConnectretry.setText(mProfile.mConnectRetry); + onPreferenceChange(mConnectretry, mProfile.mConnectRetry); } @@ -55,7 +70,9 @@ public class Settings_Obscure extends OpenVpnPreferencesFragment implements OnPr mProfile.mUseCustomConfig = mUseCustomConfig.isChecked(); mProfile.mCustomConfigOptions = mCustomConfig.getText(); mProfile.mVerb = mLogverbosity.getValue(); + mProfile.mConnectRetryMax = mConnectretrymax.getValue(); mProfile.mPersistTun = mPersistent.isChecked(); + mProfile.mConnectRetry = mConnectretry.getText(); } @@ -69,7 +86,27 @@ public class Settings_Obscure extends OpenVpnPreferencesFragment implements OnPr mLogverbosity.setDefaultValue(newValue); //This is idiotic. int i =Integer.parseInt((String) newValue); - mLogverbosity.setSummary(mLogverbosity.getEntries()[i]); + + // verb >= 5 is not supported by the chooser + if(i < mLogverbosity.getEntries().length ) + mLogverbosity.setSummary(mLogverbosity.getEntries()[i]); + else + mLogverbosity.setSummary(String.format("debug verbosity: %d",i)); + } else if (preference == mConnectretrymax) { + if(newValue==null) { + newValue="5"; + } + mConnectretrymax.setDefaultValue(newValue); + + for(int i=0;i<mConnectretrymax.getEntryValues().length;i++){ + if(mConnectretrymax.getEntryValues().equals(newValue)) + mConnectretrymax.setSummary(mConnectretrymax.getEntries()[i]); + } + + } else if (preference == mConnectretry) { + if(newValue==null || newValue=="") + newValue="5"; + mConnectretry.setSummary(String.format("%s s" , newValue)); } return true; diff --git a/src/de/blinkt/openvpn/VpnProfile.java b/src/de/blinkt/openvpn/VpnProfile.java index bdfdd70a..4c3c05f0 100644 --- a/src/de/blinkt/openvpn/VpnProfile.java +++ b/src/de/blinkt/openvpn/VpnProfile.java @@ -101,9 +101,16 @@ public class VpnProfile implements Serializable{ public boolean mUseDefaultRoutev6=true; public String mCustomRoutesv6=""; public String mKeyPassword=""; + public boolean mPersistTun = false; + public String mConnectRetryMax="5"; + public String mConnectRetry="5"; + public boolean mUserEditable=true; + static final String MINIVPN = "miniopenvpn"; - public boolean mPersistTun = false; + + + public void clearDefaults() { @@ -191,11 +198,19 @@ public class VpnProfile implements Serializable{ cfg+="verb " + mVerb + "\n"; - - - - // quit after 5 tries - cfg+="connect-retry-max 5\n"; + if(mConnectRetryMax ==null) { + mConnectRetryMax="5"; + } + + if(!mConnectRetryMax.equals("-1")) + cfg+="connect-retry-max " + mConnectRetryMax+ "\n"; + + if(mConnectRetry==null) + mConnectRetry="5"; + + + cfg+="connect-retry " + mConnectRetry + "\n"; + cfg+="resolv-retry 60\n"; |