summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Currently pfsense enforces unique unqualified hostnames for static dhcp ↵Berger Alexander2015-05-111-9/+13
| | | | | | leases, which is not correct as only the fully qualified hostname (hostname + domainname) must be unique. With this commit the old validation logic for uniqeness is modified such that hostnames no longer need to be unique and at the same time the fully qualified hostname hast to be unique. This change makes it possible to have host with identical hostnames in different (sub)domains. For example myhost.sales.acme.com and myhost.support.acme.com will now be possible.
* Firewall Rules Edit missing slashPhil Davis2015-05-111-1/+1
| | | | This should be the end of a "tr" here. Browsers seem to be forgiving of this stuff - I don't see any difference in rendering in Firefox before or after this change.
* Unmatched td in firewall_natPhil Davis2015-05-081-0/+1
| | | | | This file seems to have an unmatched "td" ending. Adding the line here matches the "td" at line 320 and this embraces the little table that has the 4 icons in it in a square that comes at the right hand end of each port-forward entry in the main table. I can't see any difference in the rendering of the page, at least on Firefox, with and without this fix. The tabbing of this file is woeful. I am fixing that up with a code-style review. But thought I should do a separate pull request for this kind-of-functional fix.
* Call clear_subsystem_dirty('staticmaps') if using UnboundRobert Nelson2015-05-081-1/+3
|
* Encode server name before displaying back to the user.jim-p2015-05-011-1/+1
|
* Ticket #4652 actually return value as expected!Ermal LUÇI2015-05-011-2/+2
|
* Ticket #4235 put reply-to/route-to rules even for mobile-ipsec.Ermal LUÇI2015-05-011-7/+6
|
* Fixes #4633 Enable carp packets to flow on the first carp interface ↵Ermal LUÇI2015-05-011-0/+6
| | | | creation. This is needed only when the system is booted up without any carp vip configured
* Ticket #4131 before formatting the mac extract the needed statistics from belowErmal LUÇI2015-05-011-1/+1
|
* Ticket #4651 Oops correct name of varErmal LUÇI2015-05-011-1/+1
|
* Fixes #4651 Assign a proper tracker for NEGATE rulesErmal LUÇI2015-05-011-1/+9
|
* Fixes #4652 put workaround for bogus timestamp until real data are cosnumed.Ermal LUÇI2015-05-011-1/+6
|
* Seems strongswan 5.3.0 has improved the situation on putting multiple phase2 ↵Ermal LUÇI2015-04-301-4/+4
| | | | on IKEv1 behaviour and it behaves even better with reqid not defined in config.
* Revert "Use a dirty hack to make IKEv1 with multiple phase2 to work ↵Ermal LUÇI2015-04-301-3/+0
| | | | | | correctly with one IKE SA for each subnet" This reverts commit 7d5add01e48bab8d82d5a5699325fa7b6aeb4e5c.
* Revert "Provide a description for the dirty hack to not come back ↵Ermal LUÇI2015-04-301-5/+0
| | | | | | scratching.... on it" This reverts commit 6d7e7c0c5cd8ec613235cd9f2a01f60bb7c32c79.
* Show correct selection for noshuntlan option. Ticket #4655Chris Buechler2015-04-301-1/+1
|
* Add static mapping interface not set when IP in a poolPhil Davis2015-04-271-0/+11
| | | | | | If the DHCP IP address is in a pool (not in the main DHCP range for the interface) then the interface that corresponds to the IP address is not found. This results in the link to "add static mapping for this MAC address" not having any value for "if=" and thus clicking on the "+" button does not work. Reported in bug 4649 Process any pools when checking for which interface contains the IP address.
* Fall back to getting local user pages and groupsPhil Davis2015-04-271-5/+7
| | | | if the groups could not be found from LDAP and there is a local user.
* Do not process dhcpd implementation if input errorsPhil Davis2015-04-271-1/+1
| | | | | | If I go to Service->DHCP Server, make some edits that are invalid (e.g. change range start or end to some invalid string) and press Save then the page comes back displaying the input error(s). But it also says: "The changes have been applied successfully." Actually, the changes (which were invalid) have not been applied to the config - all is well there - but dhcpd has been stopped and started and dnsmasq or unbound has been kicked... which is all unnecessary processing since the user has not yet provided valid values to save.
* Tidy up "services_unbound.php" XHTMLColin Fleming2015-04-271-0/+1
| | | | Add missing closing TD tag
* Tidy up "status_upnp.php" XHTMLColin Fleming2015-04-271-4/+4
| | | | Remove double line from table
* Remove the DHCP static lease overlap cleanup and associated function and ↵jim-p2015-04-241-49/+0
| | | | kill, as it can cause problems with failover scenarios.
* Provide a description for the dirty hack to not come back scratching.... on itErmal LUÇI2015-04-241-0/+5
|
* Use a dirty hack to make IKEv1 with multiple phase2 to work correctly with ↵Ermal LUÇI2015-04-241-0/+3
| | | | one IKE SA for each subnet
* Is better to send the signal to starter rather than to charon directly. ↵Ermal LUÇI2015-04-241-4/+3
| | | | Starter manager charon properly. This should fix a lot of issues with configuration reloading that before sometimes did not work especially when changing phase2 entries
* This was meant to remove duplicates here, even though charon will do by ↵Ermal LUÇI2015-04-231-1/+1
| | | | itself but better do it since it was meant to.
* Trying to submit a symlink as part of crash reports will cause a failedChris Buechler2015-04-221-10/+12
| | | | | submission. Remove symlinks first. Also properly set user agent while here, consistent with others. Fix some style and whitespace too. Ticket
* Merge manually pull request #1626 to this branchErmal LUÇI2015-04-211-3/+2
|
* s/;/:/Ermal LUÇI2015-04-211-5/+5
|
* Revert "Revert "Move to specifically specifying the ID type apart when an ip ↵Ermal LUÇI2015-04-212-32/+34
| | | | | | | | | address to have strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own."" This reverts commit 4e8eacfd7c0f1909c15d85b4cae2302b0ba3f0fc. Conflicts: etc/inc/ipsec.inc
* Add new bios product id stringJeremy Porter2015-04-201-0/+1
|
* Allow to configure new modes for phase1 according to RFC 5903 by manually ↵Ermal LUÇI2015-04-202-0/+12
| | | | merging pull request #1501 partially. While here preserve style.
* Fix #4640 IPsec Auto-exclude LAN address toggles every time save is pressed.Ermal LUÇI2015-04-201-1/+1
| | | | Actually the GUI is displaying the opposite setting to what is in the config. When the user pressed save that opposite setting was saved, but then again it displays the opposite of the opposite...
* Fixes #4625, manual merge of pull request #1617 for RELENG_2_2 branch on ↵Ermal LUÇI2015-04-201-1/+2
| | | | fixing voucher disconnection.
* Implement make bofre break feature avaliable on strongswan 5.3.0 useful for ↵Ermal LUÇI2015-04-182-1/+25
| | | | IKEv2. Fixes #4626
* Merge pull request #1619 from ibauersachs/newipsecdns-eap-radius_2-2Ermal LUÇI2015-04-171-0/+1
|\
| * Make auth_get_authserver_list available to vpn.incIngo Bauersachs2015-04-171-0/+1
|/ | | This is a follow-up to PR #1613 and avoids a crash in this script at random times.
* Fixes #4625 correct disconnection of users especially when called from ↵Ermal LUÇI2015-04-161-1/+3
| | | | xmlrpc code.
* Merge pull request #1613 from ibauersachs/ipsec-mobile-eap-radius_2-2Ermal LUÇI2015-04-163-1/+41
|\
| * Add support for EAP-RADIUS to IKEv2 Mobile Clients (Rel. 2.2)Ingo Bauersachs2015-04-153-1/+41
| |
* | Always do a filter reload in vpn_ipsec_configure to ensure the ruleset isChris Buechler2015-04-161-2/+3
| | | | | | | | updated where necessary in every IPsec change scenario.
* | Remove boot_serial='yes' from loader.conf when serial is disabled, error ↵Renato Botelho2015-04-161-1/+2
| | | | | | | | introduced by me on commit 986e77a2eab
* | Fix unbound warning when dnsallowoverride off and forwarding onPhil Davis2015-04-161-0/+2
| | | | | | | | | | | | Reported in forum: https://forum.pfsense.org/index.php?topic=92437.0 The $ns array was being used further down, but if dnsallowoverride was off, the array never got created.
* | Bump version to 2.2.3-DEVELOPMENTRenato Botelho2015-04-151-1/+1
| |
* | Define var_path global key since it is being used in interfaces.inc, but it ↵Renato Botelho2015-04-151-0/+1
|/ | | | was not being declared anywhere
* Re-enable verification for selfhost since their chain issue is resolved. ↵Chris Buechler2015-04-141-1/+0
| | | | Ticket #4545
* set forcesync to 1 by default for now, testing potential impact for Ticket ↵Chris Buechler2015-04-141-1/+1
| | | | #4523.
* Revert "Make forcesync default to the same behavior as freebsd rather than ↵Chris Buechler2015-04-141-2/+1
| | | | | | as intended for cf cards. People with issues on CF can enable the tunable" This reverts commit 32e53d709f1d63e48ea13bd1eb53c2c30f719ee4.
* Make forcesync default to the same behavior as freebsd rather than as ↵Ermal LUÇI2015-04-141-1/+2
| | | | intended for cf cards. People with issues on CF can enable the tunable
* Remove redundant/unused call to kldstatRenato Botelho2015-04-141-1/+0
|
OpenPOWER on IntegriCloud