Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Currently pfsense enforces unique unqualified hostnames for static dhcp ↵ | Berger Alexander | 2015-05-11 | 1 | -9/+13 |
| | | | | | | leases, which is not correct as only the fully qualified hostname (hostname + domainname) must be unique. With this commit the old validation logic for uniqeness is modified such that hostnames no longer need to be unique and at the same time the fully qualified hostname hast to be unique. This change makes it possible to have host with identical hostnames in different (sub)domains. For example myhost.sales.acme.com and myhost.support.acme.com will now be possible. | ||||
* | Firewall Rules Edit missing slash | Phil Davis | 2015-05-11 | 1 | -1/+1 |
| | | | | This should be the end of a "tr" here. Browsers seem to be forgiving of this stuff - I don't see any difference in rendering in Firefox before or after this change. | ||||
* | Unmatched td in firewall_nat | Phil Davis | 2015-05-08 | 1 | -0/+1 |
| | | | | | This file seems to have an unmatched "td" ending. Adding the line here matches the "td" at line 320 and this embraces the little table that has the 4 icons in it in a square that comes at the right hand end of each port-forward entry in the main table. I can't see any difference in the rendering of the page, at least on Firefox, with and without this fix. The tabbing of this file is woeful. I am fixing that up with a code-style review. But thought I should do a separate pull request for this kind-of-functional fix. | ||||
* | Call clear_subsystem_dirty('staticmaps') if using Unbound | Robert Nelson | 2015-05-08 | 1 | -1/+3 |
| | |||||
* | Encode server name before displaying back to the user. | jim-p | 2015-05-01 | 1 | -1/+1 |
| | |||||
* | Ticket #4652 actually return value as expected! | Ermal LUÇI | 2015-05-01 | 1 | -2/+2 |
| | |||||
* | Ticket #4235 put reply-to/route-to rules even for mobile-ipsec. | Ermal LUÇI | 2015-05-01 | 1 | -7/+6 |
| | |||||
* | Fixes #4633 Enable carp packets to flow on the first carp interface ↵ | Ermal LUÇI | 2015-05-01 | 1 | -0/+6 |
| | | | | creation. This is needed only when the system is booted up without any carp vip configured | ||||
* | Ticket #4131 before formatting the mac extract the needed statistics from below | Ermal LUÇI | 2015-05-01 | 1 | -1/+1 |
| | |||||
* | Ticket #4651 Oops correct name of var | Ermal LUÇI | 2015-05-01 | 1 | -1/+1 |
| | |||||
* | Fixes #4651 Assign a proper tracker for NEGATE rules | Ermal LUÇI | 2015-05-01 | 1 | -1/+9 |
| | |||||
* | Fixes #4652 put workaround for bogus timestamp until real data are cosnumed. | Ermal LUÇI | 2015-05-01 | 1 | -1/+6 |
| | |||||
* | Seems strongswan 5.3.0 has improved the situation on putting multiple phase2 ↵ | Ermal LUÇI | 2015-04-30 | 1 | -4/+4 |
| | | | | on IKEv1 behaviour and it behaves even better with reqid not defined in config. | ||||
* | Revert "Use a dirty hack to make IKEv1 with multiple phase2 to work ↵ | Ermal LUÇI | 2015-04-30 | 1 | -3/+0 |
| | | | | | | correctly with one IKE SA for each subnet" This reverts commit 7d5add01e48bab8d82d5a5699325fa7b6aeb4e5c. | ||||
* | Revert "Provide a description for the dirty hack to not come back ↵ | Ermal LUÇI | 2015-04-30 | 1 | -5/+0 |
| | | | | | | scratching.... on it" This reverts commit 6d7e7c0c5cd8ec613235cd9f2a01f60bb7c32c79. | ||||
* | Show correct selection for noshuntlan option. Ticket #4655 | Chris Buechler | 2015-04-30 | 1 | -1/+1 |
| | |||||
* | Add static mapping interface not set when IP in a pool | Phil Davis | 2015-04-27 | 1 | -0/+11 |
| | | | | | | If the DHCP IP address is in a pool (not in the main DHCP range for the interface) then the interface that corresponds to the IP address is not found. This results in the link to "add static mapping for this MAC address" not having any value for "if=" and thus clicking on the "+" button does not work. Reported in bug 4649 Process any pools when checking for which interface contains the IP address. | ||||
* | Fall back to getting local user pages and groups | Phil Davis | 2015-04-27 | 1 | -5/+7 |
| | | | | if the groups could not be found from LDAP and there is a local user. | ||||
* | Do not process dhcpd implementation if input errors | Phil Davis | 2015-04-27 | 1 | -1/+1 |
| | | | | | | If I go to Service->DHCP Server, make some edits that are invalid (e.g. change range start or end to some invalid string) and press Save then the page comes back displaying the input error(s). But it also says: "The changes have been applied successfully." Actually, the changes (which were invalid) have not been applied to the config - all is well there - but dhcpd has been stopped and started and dnsmasq or unbound has been kicked... which is all unnecessary processing since the user has not yet provided valid values to save. | ||||
* | Tidy up "services_unbound.php" XHTML | Colin Fleming | 2015-04-27 | 1 | -0/+1 |
| | | | | Add missing closing TD tag | ||||
* | Tidy up "status_upnp.php" XHTML | Colin Fleming | 2015-04-27 | 1 | -4/+4 |
| | | | | Remove double line from table | ||||
* | Remove the DHCP static lease overlap cleanup and associated function and ↵ | jim-p | 2015-04-24 | 1 | -49/+0 |
| | | | | kill, as it can cause problems with failover scenarios. | ||||
* | Provide a description for the dirty hack to not come back scratching.... on it | Ermal LUÇI | 2015-04-24 | 1 | -0/+5 |
| | |||||
* | Use a dirty hack to make IKEv1 with multiple phase2 to work correctly with ↵ | Ermal LUÇI | 2015-04-24 | 1 | -0/+3 |
| | | | | one IKE SA for each subnet | ||||
* | Is better to send the signal to starter rather than to charon directly. ↵ | Ermal LUÇI | 2015-04-24 | 1 | -4/+3 |
| | | | | Starter manager charon properly. This should fix a lot of issues with configuration reloading that before sometimes did not work especially when changing phase2 entries | ||||
* | This was meant to remove duplicates here, even though charon will do by ↵ | Ermal LUÇI | 2015-04-23 | 1 | -1/+1 |
| | | | | itself but better do it since it was meant to. | ||||
* | Trying to submit a symlink as part of crash reports will cause a failed | Chris Buechler | 2015-04-22 | 1 | -10/+12 |
| | | | | | submission. Remove symlinks first. Also properly set user agent while here, consistent with others. Fix some style and whitespace too. Ticket | ||||
* | Merge manually pull request #1626 to this branch | Ermal LUÇI | 2015-04-21 | 1 | -3/+2 |
| | |||||
* | s/;/:/ | Ermal LUÇI | 2015-04-21 | 1 | -5/+5 |
| | |||||
* | Revert "Revert "Move to specifically specifying the ID type apart when an ip ↵ | Ermal LUÇI | 2015-04-21 | 2 | -32/+34 |
| | | | | | | | | | address to have strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own."" This reverts commit 4e8eacfd7c0f1909c15d85b4cae2302b0ba3f0fc. Conflicts: etc/inc/ipsec.inc | ||||
* | Add new bios product id string | Jeremy Porter | 2015-04-20 | 1 | -0/+1 |
| | |||||
* | Allow to configure new modes for phase1 according to RFC 5903 by manually ↵ | Ermal LUÇI | 2015-04-20 | 2 | -0/+12 |
| | | | | merging pull request #1501 partially. While here preserve style. | ||||
* | Fix #4640 IPsec Auto-exclude LAN address toggles every time save is pressed. | Ermal LUÇI | 2015-04-20 | 1 | -1/+1 |
| | | | | Actually the GUI is displaying the opposite setting to what is in the config. When the user pressed save that opposite setting was saved, but then again it displays the opposite of the opposite... | ||||
* | Fixes #4625, manual merge of pull request #1617 for RELENG_2_2 branch on ↵ | Ermal LUÇI | 2015-04-20 | 1 | -1/+2 |
| | | | | fixing voucher disconnection. | ||||
* | Implement make bofre break feature avaliable on strongswan 5.3.0 useful for ↵ | Ermal LUÇI | 2015-04-18 | 2 | -1/+25 |
| | | | | IKEv2. Fixes #4626 | ||||
* | Merge pull request #1619 from ibauersachs/newipsecdns-eap-radius_2-2 | Ermal LUÇI | 2015-04-17 | 1 | -0/+1 |
|\ | |||||
| * | Make auth_get_authserver_list available to vpn.inc | Ingo Bauersachs | 2015-04-17 | 1 | -0/+1 |
|/ | | | This is a follow-up to PR #1613 and avoids a crash in this script at random times. | ||||
* | Fixes #4625 correct disconnection of users especially when called from ↵ | Ermal LUÇI | 2015-04-16 | 1 | -1/+3 |
| | | | | xmlrpc code. | ||||
* | Merge pull request #1613 from ibauersachs/ipsec-mobile-eap-radius_2-2 | Ermal LUÇI | 2015-04-16 | 3 | -1/+41 |
|\ | |||||
| * | Add support for EAP-RADIUS to IKEv2 Mobile Clients (Rel. 2.2) | Ingo Bauersachs | 2015-04-15 | 3 | -1/+41 |
| | | |||||
* | | Always do a filter reload in vpn_ipsec_configure to ensure the ruleset is | Chris Buechler | 2015-04-16 | 1 | -2/+3 |
| | | | | | | | | updated where necessary in every IPsec change scenario. | ||||
* | | Remove boot_serial='yes' from loader.conf when serial is disabled, error ↵ | Renato Botelho | 2015-04-16 | 1 | -1/+2 |
| | | | | | | | | introduced by me on commit 986e77a2eab | ||||
* | | Fix unbound warning when dnsallowoverride off and forwarding on | Phil Davis | 2015-04-16 | 1 | -0/+2 |
| | | | | | | | | | | | | Reported in forum: https://forum.pfsense.org/index.php?topic=92437.0 The $ns array was being used further down, but if dnsallowoverride was off, the array never got created. | ||||
* | | Bump version to 2.2.3-DEVELOPMENT | Renato Botelho | 2015-04-15 | 1 | -1/+1 |
| | | |||||
* | | Define var_path global key since it is being used in interfaces.inc, but it ↵ | Renato Botelho | 2015-04-15 | 1 | -0/+1 |
|/ | | | | was not being declared anywhere | ||||
* | Re-enable verification for selfhost since their chain issue is resolved. ↵ | Chris Buechler | 2015-04-14 | 1 | -1/+0 |
| | | | | Ticket #4545 | ||||
* | set forcesync to 1 by default for now, testing potential impact for Ticket ↵ | Chris Buechler | 2015-04-14 | 1 | -1/+1 |
| | | | | #4523. | ||||
* | Revert "Make forcesync default to the same behavior as freebsd rather than ↵ | Chris Buechler | 2015-04-14 | 1 | -2/+1 |
| | | | | | | as intended for cf cards. People with issues on CF can enable the tunable" This reverts commit 32e53d709f1d63e48ea13bd1eb53c2c30f719ee4. | ||||
* | Make forcesync default to the same behavior as freebsd rather than as ↵ | Ermal LUÇI | 2015-04-14 | 1 | -1/+2 |
| | | | | intended for cf cards. People with issues on CF can enable the tunable | ||||
* | Remove redundant/unused call to kldstat | Renato Botelho | 2015-04-14 | 1 | -1/+0 |
| |