summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add missing ; and also mute chmodRenato Botelho2015-10-131-1/+1
|
* Preserve /tmp permission, it fixes #5298Renato Botelho2015-10-131-0/+1
|
* Update zoneinfo to 2015f, it fixes #5254Renato Botelho2015-10-131-0/+0
|
* Remove strongswan's cert directories and repopulate them, to ensure no ↵Chris Buechler2015-10-121-0/+5
| | | | removed CAs, certs, or CRLs remain. Ticket #5238
* Fix up strongswan logging levels. Remove charondebug since strongswan.conf ↵Chris Buechler2015-10-121-7/+11
| | | | settings take precedence. Set logging levels in strongswan.conf to match what's set on a running system via 'ipsec stroke loglevel', and remove log levels that were hard coded in strongswan.conf. Ticket #5242
* Merge pull request #1962 from davidjwood/RELENG_2_2-ppp-ipv6Chris Buechler2015-10-123-34/+170
|\
| * Use named variables for ppp-linkup command line parametersDavid Wood2015-10-111-32/+40
| |
| * Make route deletions quiet - it may well be the routes have already disappearedDavid Wood2015-10-111-2/+2
| |
| * Make code dealing with the IPv4 default gateway conditional on the IPv4 link ↵David Wood2015-10-111-1/+1
| | | | | | | | going down
| * Connect ppp-ipv6 helper script to ppp-linkdown and ppp-linkupDavid Wood2015-10-112-0/+5
| |
| * Add /usr/local/sbin/ppp-ipv6 helper scriptDavid Wood2015-10-111-0/+123
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | /usr/local/sbin/ppp-ipv6 <real interface> up|down Interface using SLAAC or DHCP6 going down: * bring down dhcp6c if it is running * disable router advertisements (and therefore SLAAC) * remove any autoconfigured IPv6 addresses Interface using SLAAC or DHCP6 coming up: * call interface_dhcpv6_configure() if dhcp6c not running and router advertisements off interface_dhcpv6_configure() will enable router advertisements, configure rtsold and dhcp6c, then set rtsold to prime dhcp6c as required.
* | Merge pull request #1958 from phil-davis/patch-11Renato Botelho2015-10-121-8/+18
|\ \
| * | Redmine #5294 Do not delete a system groupPhil Davis2015-10-111-8/+18
| | | | | | | | | | | | This code checks if the user has somehow posted a group deletion for a group that has "system" scope. If so, then the delete is not done and an input error is displayed. Note that in normal use the group manager page does not display a delete button for "system" groups, so normally this does not happen - only if the user manually messes with the $POST variables.
* | | Merge pull request #1957 from phil-davis/patch-10Renato Botelho2015-10-121-8/+18
|\ \ \ | |/ / |/| |
| * | Redmine #5294 Do not delete a system userPhil Davis2015-10-111-8/+18
|/ / | | | | | | This code checks if the user has somehow posted a user deletion for a user that has "system" scope. If so, then the delete iscnot done and an input error is displayed. Note that in normal use the user manager page does not display a delete button for "system" users, so normally this does not happen - only if the user manually messes with the $POST variables.
* | Merge pull request #1954 from doktornotor/patch-2Renato Botelho2015-10-091-0/+1
|\ \
| * | Add SVG MIME type - RELENG_2_2doktornotor2015-10-091-0/+1
|/ / | | | | Because it breaks traffic graphs for people.https://forum.pfsense.org/index.php?topic=87390.0
* | Do curl_init above any curl_setopt, and take it out of that if block since ↵Chris Buechler2015-10-081-1/+2
| | | | | | | | it applies to all types.
* | Merge pull request #1953 from phil-davis/patch-10Chris Buechler2015-10-071-1/+1
|\ \
| * | Wording of alias_info_popup tipPhil Davis2015-10-081-1/+1
| | | | | | | | | | | | | | | | | | I noticed this while comparing alias popup behavior between 2.2.5-DEVELOPMENT and 2.3 Might as well fix the grammar here for 2.2.5 This tip does not exist in 2.3 because the popup works more nicely there and so this text is not needed. Therefore this change does not need to be ported forward to master.
* | | correct htmlentities unintentionally removed by earlier commitChris Buechler2015-10-071-1/+1
|/ /
* | https://redmine.pfsense.org/issues/5207Matt Smith2015-10-071-2/+1
| | | | | | | | change auth methods for both peers when using hybrid RSA + xauth with IKEv1
* | Add support for an IPv6 pool for mobile clients.Matt Smith2015-10-072-5/+72
| |
* | Don't enforce the use of only IPv4 or IPv6 when using IKEv2 since it works ↵jim-p2015-10-071-1/+1
| | | | | | | | fine with IKEv2
* | Where doing a dynamic DNS update on IPv4, force curl to resolve IPv4 IPs. ↵Chris Buechler2015-10-031-0/+4
| | | | | | | | Ticket #3858
* | Fix typoChris Buechler2015-10-021-1/+1
| |
* | Specify PSK for mobile configurations without the leading ID selectors. ↵Chris Buechler2015-10-021-0/+3
| | | | | | | | Fixes PSK mismatches from iOS clients.
* | When using eap-radius, if the virtual address pool is left blank, pull the ↵jim-p2015-10-011-2/+6
| | | | | | | | IP addresses from RADIUS instead. (Will need an IP address defined for each account.) Doesn't seem to be possible to pull from either RADIUS *or* a local pool that I can see from experimenting and looking at strongSwan's docs.
* | Specify %any where identifier is "any", so the note on these pagesChris Buechler2015-10-013-2/+5
|/ | | | actually works.
* Only need to check 'vip' here.Chris Buechler2015-09-301-1/+1
|
* Can't use continue here as it continues the foreach, which skips theChris Buechler2015-09-301-6/+5
| | | | | "ipfw zone" command, breaking CP for any system that doesn't have VIPs defined.
* Fix up IKE auto modeChris Buechler2015-09-292-3/+3
|
* Correctly show v1/v2/auto on vpn_ipsec.phpChris Buechler2015-09-291-2/+5
|
* Bring this back, I'll fix issues afterwards. Revert "Remove "auto", it's ↵Chris Buechler2015-09-292-4/+6
| | | | | | just a synonym for IKEv2. Ticket #4873" This reverts commit 47f802694a1e1dfbbd011d7ec431c0948358b5c3.
* Use the appropriate parent interface with gateway groups using CARP VIPs.Chris Buechler2015-09-291-2/+9
| | | | Ticket #4990
* Do a service reload of dyndns when changing gateways in case something hasChris Buechler2015-09-291-0/+2
| | | | changed. Ticket #5214
* Disable DHS as a dynamic DNS provider option. It's never worked, andChris Buechler2015-09-292-5/+6
| | | | | | | fixing is more complex than just fixing the variable screw up and disabling cert validation for their SSLLabs F-graded site. Updates made on their site even take quite some time to be reflected, seems to be a largely abandoned service.
* Use self rather than any in auto-added IPsec rules to preventChris Buechler2015-09-281-8/+8
| | | | over-matching. Ticket #5211
* Ensure this only contains a partial name, not a path, before attempting to ↵jim-p2015-09-281-0/+1
| | | | craft a full name and read the file. Fixes #5203.
* Merge pull request #1938 from phil-davis/patch-5Renato Botelho2015-09-281-2/+21
|\
| * Redmine #5200 be less aggressive about DHCP Pool Notice V2Phil Davis2015-09-261-2/+21
| | | | | | | | | | This one will log_error() the DHCP pool message when it detects the inconsistency at the end of the setup wizard during reload all. That way it can still be seen in the system log that this happened, and one day someone might chase down all the steps in the "reload all" process. Compare this with https://github.com/pfsense/pfsense/pull/1935 and choose which way you would like to go.
* | Merge pull request #1939 from doktornotor/patch-5Renato Botelho2015-09-281-3/+10
|\ \ | |/ |/|
| * Fix comment languagedoktornotor2015-09-281-1/+1
| |
| * Remove syslog.conf entries on package uninstall (Bug #5210) - RELENG_2_2doktornotor2015-09-271-3/+10
|/ | | The remove_text_from_file() is not needed at all. However, system_syslogd_start() must be run after the package entries are gone from config.xml, otherwise system_syslogd_start() just re-adds the (now almost removed) package logging configuration from there.
* Reset the value of a package field before this test in case it has no ↵jim-p2015-09-241-0/+1
| | | | default. Fixes #5199
* Merge pull request #1933 from phil-davis/patch-4Renato Botelho2015-09-241-10/+14
|\
| * Redmine #5196 Remove incorrect text about DNS servers - RELENG_2_2Phil Davis2015-09-241-10/+14
|/ | | | The correct text is already displayed under the DNS server boxes at line 892. This should also be done to master once the conversion of services_dhcp.php to bootstrap is stable.
* Use get_interface rather than find_interface here. It'll work for VIPs on ↵Chris Buechler2015-09-231-2/+2
| | | | gateway groups this way, and cache doesn't really matter here. Partial fix for Ticket #4990
* Do not pass vouchers shorter than 5 characters to voucher application, theyLuiz Otavio O Souza2015-09-221-2/+4
| | | | | | | are too short to be a valid voucher. Discussed with: Jim P Issue: #4985
* Merge pull request #1928 from phil-davis/patch-1Renato Botelho2015-09-221-14/+27
|\
OpenPOWER on IntegriCloud