diff options
| author | Seth Mos <seth.mos@dds.nl> | 2011-04-12 10:40:44 +0200 |
|---|---|---|
| committer | Seth Mos <seth.mos@dds.nl> | 2011-04-12 10:40:44 +0200 |
| commit | af8f910eebb9c86a034ea4e07546f41fca16b37c (patch) | |
| tree | 125deaadc7bff0668570c0959d4fe862707a10bd /usr | |
| parent | 86966fba757f554967773f518ef707f461b84636 (diff) | |
| parent | 127eb8e0238061ca8a66e25c2089dddc1826ec4d (diff) | |
| download | pfsense-af8f910eebb9c86a034ea4e07546f41fca16b37c.zip pfsense-af8f910eebb9c86a034ea4e07546f41fca16b37c.tar.gz | |
Merge remote branch 'upstream/master'
Diffstat (limited to 'usr')
| -rwxr-xr-x | usr/local/sbin/ntpdate_sync_once.sh | 12 | ||||
| -rw-r--r-- | usr/local/www/diag_packet_capture.php | 10 | ||||
| -rwxr-xr-x | usr/local/www/firewall_shaper.php | 5 | ||||
| -rwxr-xr-x | usr/local/www/head.inc | 2 | ||||
| -rwxr-xr-x | usr/local/www/services_snmp.php | 2 | ||||
| -rw-r--r-- | usr/local/www/system_advanced_firewall.php | 15 | ||||
| -rw-r--r-- | usr/local/www/system_advanced_misc.php | 28 | ||||
| -rw-r--r-- | usr/local/www/themes/_corporate/rrdcolors.inc.php | 3 | ||||
| -rw-r--r-- | usr/local/www/themes/nervecenter/rrdcolors.inc.php | 1 | ||||
| -rwxr-xr-x | usr/local/www/vpn_ipsec.php | 4 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_client.php | 2 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 6 |
12 files changed, 67 insertions, 23 deletions
diff --git a/usr/local/sbin/ntpdate_sync_once.sh b/usr/local/sbin/ntpdate_sync_once.sh index 508ce3e..e328ac4 100755 --- a/usr/local/sbin/ntpdate_sync_once.sh +++ b/usr/local/sbin/ntpdate_sync_once.sh @@ -2,16 +2,18 @@ NOTSYNCED="true" SERVER=`cat /cf/conf/config.xml | grep timeservers | cut -d">" -f2 | cut -d"<" -f1` +pkill -f ntpdate_sync_once.sh while [ "$NOTSYNCED" = "true" ]; do - ntpdate $SERVER + # Ensure that ntpd and ntpdate are not running so that the socket we want will be free. + killall ntpd 2>/dev/null + killall ntpdate + sleep 1 + ntpdate -s -t 5 $SERVER if [ "$?" = "0" ]; then NOTSYNCED="false" fi sleep 5 done -# Launch -- we have net. -killall ntpd 2>/dev/null -sleep 1 -/usr/local/sbin/ntpd -s -f /var/etc/ntpd.conf +/usr/local/sbin/ntpd -s -f /var/etc/ntpd.conf
\ No newline at end of file diff --git a/usr/local/www/diag_packet_capture.php b/usr/local/www/diag_packet_capture.php index 8a9cb41..b35cc1b 100644 --- a/usr/local/www/diag_packet_capture.php +++ b/usr/local/www/diag_packet_capture.php @@ -194,13 +194,13 @@ include("fbegin.inc"); <?php /* check to see if packet capture tcpdump is already running */ - $processcheck = (trim(shell_exec('/bin/ps axw -O pid= | /usr/bin/grep tcpdump | /usr/bin/grep $fn | /usr/bin/grep -v pflog'))); + $processcheck = (trim(shell_exec("/bin/ps axw -O pid= | /usr/bin/grep tcpdump | /usr/bin/grep {$fn} | /usr/bin/grep -v pflog"))); - $processisrunning = false; - - if ($processcheck != false) + if ($processcheck != "") $processisrunning = true; - + else + $processisrunning = false; + if (($action == gettext("Stop") or $action == "") and $processisrunning != true) echo "<input type=\"submit\" name=\"startbtn\" value=\"" . gettext("Start") . "\"> "; else { diff --git a/usr/local/www/firewall_shaper.php b/usr/local/www/firewall_shaper.php index f3cdbab..407c947 100755 --- a/usr/local/www/firewall_shaper.php +++ b/usr/local/www/firewall_shaper.php @@ -386,11 +386,8 @@ include("head.inc"); <link rel="stylesheet" type="text/css" media="all" href="./tree/tree.css" /> <script type="text/javascript" src="./tree/tree.js"></script> <?php -if ($queue) { - echo "<script type=\"text/javascript\">"; +if ($queue) echo $queue->build_javascript(); - echo "</script>"; -} echo $newjavascript; include("fbegin.inc"); diff --git a/usr/local/www/head.inc b/usr/local/www/head.inc index 97c7111..a24be9e 100755 --- a/usr/local/www/head.inc +++ b/usr/local/www/head.inc @@ -7,7 +7,7 @@ * if user has selected a custom template, use it. * otherwise default to pfsense tempalte */ -if($config['theme'] <> "") +if($config['theme'] <> "" && (is_dir($g["www_path"].'/themes/'.$config['theme']))) $g['theme'] = $config['theme']; else $g['theme'] = "pfsense"; diff --git a/usr/local/www/services_snmp.php b/usr/local/www/services_snmp.php index 432db3d..925cb7b 100755 --- a/usr/local/www/services_snmp.php +++ b/usr/local/www/services_snmp.php @@ -384,7 +384,7 @@ function enable_change(whichone) { <input name="hostres" type="checkbox" id="hostres" value="yes" onClick="check_deps()" <?php if ($pconfig['hostres']) echo "checked"; ?> ><?=gettext("Host Resources (Requires MibII)");?> </td> </tr> -<?php if(!$config['interfaces']['lan']): ?> +<?php if($config['interfaces']['lan']): ?> <tr> <td width="22%" valign="top" class="vtable"></td> <td width="78%" class="vtable"> diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php index 8165922..e532b78 100644 --- a/usr/local/www/system_advanced_firewall.php +++ b/usr/local/www/system_advanced_firewall.php @@ -66,6 +66,7 @@ $pconfig['reflectiontimeout'] = $config['system']['reflectiontimeout']; $pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']); $pconfig['disablescrub'] = isset($config['system']['disablescrub']); $pconfig['tftpinterface'] = explode(",", $config['system']['tftpinterface']); +$pconfig['disablevpnrules'] = isset($config['system']['disablevpnrules']); if ($_POST) { @@ -96,6 +97,10 @@ if ($_POST) { else unset($config['system']['disablefilter']); + if($_POST['disablevpnrules'] == "yes") + $config['system']['disablevpnrules'] = true; + else + unset($config['system']['disablevpnrules']); if($_POST['rfc959workaround'] == "yes") $config['system']['rfc959workaround'] = "enabled"; else @@ -331,6 +336,16 @@ function update_description(itemnum) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Disable Auto-added VPN rules</td> + <td width="78%" class="vtable"> + <input name="disablevpnrules" type="checkbox" id="disablevpnrules" value="yes" <?php if (isset($config['system']['disablevpnrules'])) echo "checked"; ?> /> + <strong><?=gettext("Disable all auto-added VPN rules.");?></strong> + <br /> + <span class="vexpl"><?=gettext("Note: This disables automatically added rules for IPsec, PPTP.");?> + </span> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell">Disable reply-to</td> <td width="78%" class="vtable"> <input name="disablereplyto" type="checkbox" id="disablereplyto" value="yes" <?php if ($pconfig['disablereplyto']) echo "checked"; ?> /> diff --git a/usr/local/www/system_advanced_misc.php b/usr/local/www/system_advanced_misc.php index b93301d..590a955 100644 --- a/usr/local/www/system_advanced_misc.php +++ b/usr/local/www/system_advanced_misc.php @@ -47,11 +47,13 @@ require("guiconfig.inc"); require_once("functions.inc"); require_once("filter.inc"); require_once("shaper.inc"); +require_once("ipsec.inc"); require_once("vpn.inc"); $pconfig['harddiskstandby'] = $config['system']['harddiskstandby']; $pconfig['lb_use_sticky'] = isset($config['system']['lb_use_sticky']); $pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']); +$pconfig['racoondebug_enable'] = isset($config['ipsec']['racoondebug']); $pconfig['maxmss_enable'] = isset($config['system']['maxmss_enable']); $pconfig['maxmss'] = $config['system']['maxmss']; $pconfig['powerd_enable'] = isset($config['system']['powerd_enable']); @@ -85,6 +87,19 @@ if ($_POST) { else unset($config['ipsec']['preferoldsa']); + $need_racoon_restart = false; + if($_POST['racoondebug_enable'] == "yes") { + if (!isset($config['ipsec']['racoondebug'])) { + $config['ipsec']['racoondebug'] = true; + $need_racoon_restart = true; + } + } else { + if (isset($config['ipsec']['racoondebug'])) { + unset($config['ipsec']['racoondebug']); + $need_racoon_restart = true; + } + } + if($_POST['maxmss_enable'] == "yes") { $config['system']['maxmss_enable'] = true; $config['system']['maxmss'] = $_POST['maxmss']; @@ -125,6 +140,8 @@ if ($_POST) { activate_powerd(); load_glxsb(); vpn_ipsec_configure_preferoldsa(); + if ($need_racoon_restart) + vpn_ipsec_force_reload(); } } @@ -259,6 +276,17 @@ function maxmss_checked(obj) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("IPsec Debug"); ?></td> + <td width="78%" class="vtable"> + <input name="racoondebug_enable" type="checkbox" id="racoondebug_enable" value="yes" <?php if ($pconfig['racoondebug_enable']) echo "checked"; ?> /> + <strong><?=gettext("Start racoon in debug mode"); ?></strong> + <br /> + <?=gettext("Launches racoon in debug mode so that more verbose logs " . + "will be generated to aid in troubleshooting."); ?><br/> + <?=gettext("NOTE: Changing this setting will restart racoon."); ?> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Maximum MSS"); ?></td> <td width="78%" class="vtable"> <input name="maxmss_enable" type="checkbox" id="maxmss_enable" value="yes" <?php if ($pconfig['maxmss_enable'] == true) echo "checked"; ?> onClick="maxmss_checked(this)" /> diff --git a/usr/local/www/themes/_corporate/rrdcolors.inc.php b/usr/local/www/themes/_corporate/rrdcolors.inc.php index e3153fd..09956cc 100644 --- a/usr/local/www/themes/_corporate/rrdcolors.inc.php +++ b/usr/local/www/themes/_corporate/rrdcolors.inc.php @@ -32,6 +32,7 @@ $colortrafficup = array("666666", "CCCCCC"); $colortrafficdown = array("990000", "CC0000"); +$colortraffic95 = array("660000", "FF0000"); $colorpacketsup = array("666666", "CCCCCC"); $colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); @@ -46,5 +47,7 @@ $colorqualityloss = "ee0000"; $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); +$colorvpnusers = array('990000'); +$colorcaptiveportalusers = array('990000'); ?> diff --git a/usr/local/www/themes/nervecenter/rrdcolors.inc.php b/usr/local/www/themes/nervecenter/rrdcolors.inc.php index ca6a70f..1ed3027 100644 --- a/usr/local/www/themes/nervecenter/rrdcolors.inc.php +++ b/usr/local/www/themes/nervecenter/rrdcolors.inc.php @@ -48,5 +48,6 @@ $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); $colorvpnusers = array('990000'); +$colorcaptiveportalusers = array('990000'); ?> diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index 16231ab..7e5122a 100755 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -418,7 +418,9 @@ include("head.inc"); <span class="red"> <strong><?=gettext("Note"); ?>:<br></strong> </span> - <?=gettext("You can check your IPsec status at"); ?> <a href="diag_ipsec.php"><?=gettext("Status:IPsec"); ?></a>. + <?=gettext("You can check your IPsec status at"); ?> <a href="diag_ipsec.php"><?=gettext("Status:IPsec"); ?></a>.<br/> + <?=gettext("IPsec Debug Mode can be enabled at"); ?> <a href="system_advanced_misc.php"><?=gettext("System:Advanced:Miscellaneous"); ?></a>.<br/> + <?=gettext("IPsec can be set to prefer older SAs at"); ?> <a href="system_advanced_misc.php"><?=gettext("System:Advanced:Miscellaneous"); ?></a>. </span> </p> </td> diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index d28315d..4b9fc74 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -654,8 +654,6 @@ if ($savemsg) $caname = ""; $inuse = ""; $revoked = ""; - if (is_user_cert($cert['refid'])) - continue; $ca = lookup_ca($cert['caref']); if ($ca) $caname = " (CA: {$ca['descr']})"; diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index cc38e65..204cb62 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -563,9 +563,9 @@ function netbios_change() { if (!$savemsg) $savemsg = ""; if (count($a_ca) == 0) - $savemsg .= "You have no Certificate Authorities defined. You must visit the <a href=\"system_camanager.php\">Certificate Manager</a> to make one."; + $savemsg .= "You have no Certificate Authorities defined. You can visit the <a href=\"system_camanager.php\">Certificate Manager</a> or use the <a href=\"wizard.php?xml=openvpn_wizard.xml\">Wizard.</a> to create one. "; if (count($a_cert) == 0) - $savemsg .= "<br/>You have no Certificates defined. You must visit the <a href=\"system_camanager.php\">Certificate Manager</a> to make one."; + $savemsg .= "<br/>You have no Certificates defined. You can visit the <a href=\"system_camanager.php\">Certificate Manager</a> or use the <a href=\"wizard.php?xml=openvpn_wizard.xml\">Wizard.</a> to create one. "; if ($input_errors) print_input_errors($input_errors); @@ -815,8 +815,6 @@ if ($savemsg) $caname = ""; $inuse = ""; $revoked = ""; - if (is_user_cert($cert['refid'])) - continue; $ca = lookup_ca($cert['caref']); if ($ca) $caname = " (CA: {$ca['descr']})"; |
