Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Deprecate strongswan smp components | Renato Botelho | 2015-10-30 | 1 | -0/+4 |
| | |||||
* | Remove ipsec_smp_dump_status(), last dependency of strongswan XMP module | Renato Botelho | 2015-10-30 | 1 | -47/+0 |
| | |||||
* | Rework ipsec widget to use VICI | Renato Botelho | 2015-10-30 | 1 | -17/+7 |
| | |||||
* | Remove diag_ipsec_xml.php, not being used | Renato Botelho | 2015-10-30 | 1 | -82/+0 |
| | |||||
* | Make IPsec status page retrieve status with VICI instead of SMP | Matt Smith | 2015-10-30 | 1 | -107/+117 |
| | |||||
* | Set leftsendcert=always for IKEv2 configurations with certificates to better ↵ | jim-p | 2015-10-28 | 1 | -0/+5 |
| | | | | accommodate OS X and iOS manual configurations. Fixes #5353 | ||||
* | Fix up descriptive text for logging levels. Ticket #5340 | Chris Buechler | 2015-10-26 | 1 | -4/+3 |
| | |||||
* | Default log level where none is selected should be 3 here. Ticket #5340 | Chris Buechler | 2015-10-26 | 1 | -1/+1 |
| | |||||
* | Correct available log levels. Ticket #5340 | Chris Buechler | 2015-10-26 | 1 | -16/+16 |
| | |||||
* | fix logging config upgrade. Ticket #5340 | Chris Buechler | 2015-10-26 | 1 | -2/+2 |
| | |||||
* | Logging fixes. Ticket #5340 | Chris Buechler | 2015-10-26 | 1 | -1/+3 |
| | |||||
* | terminate argument parsing before giving the log level. Ticket #5340 | Chris Buechler | 2015-10-26 | 1 | -1/+1 |
| | |||||
* | Merge pull request #1980 from doktornotor/patch-2 | Renato Botelho | 2015-10-26 | 1 | -10/+27 |
|\ | |||||
| * | Fix external interface variable in input error message | doktornotor | 2015-10-24 | 1 | -1/+1 |
| | | |||||
| * | Properly validate IPv4 for UPnP - RELENG_2_2 | doktornotor | 2015-10-24 | 1 | -10/+27 |
| | | | | | | | | | | Since https://redmine.pfsense.org/issues/1835 got exactly nowhere for the past 4 years, the input should be properly validated, instead of allowing people to configure nonfunctional/broken nonsense. P.S. If you don't plan on fixing the above-linked feature for 2.3, let me know and I'll do the same for 2.3 | ||||
* | | Merge pull request #1986 from phil-davis/patch-6 | Renato Botelho | 2015-10-26 | 1 | -2/+2 |
|\ \ | |||||
| * | | Fix Command Prompt Download and Upload when not in English - Redmine #5343 ↵ | Phil Davis | 2015-10-25 | 1 | -2/+2 |
| |/ | | | | | | | for RELENG_2_2 | ||||
* | | Merge pull request #1984 from phil-davis/patch-4 | Renato Botelho | 2015-10-26 | 1 | -1/+1 |
|\ \ | |||||
| * | | Fix multi-lingual save of NAT mode Redmine # for RELENG_2_2 | Phil Davis | 2015-10-25 | 1 | -1/+1 |
| |/ | | | | | and forum https://forum.pfsense.org/index.php?topic=101276.0 | ||||
* | | Use 1-6 rather than 0-5 for IPsec logging levels, to stay away from ↵ | Chris Buechler | 2015-10-26 | 5 | -8/+31 |
|/ | | | | complications of 0 due to PHP stupidity. Upgrade config to add 1 to any configured log levels. Default to 1 as log level where none is configured by the user. Ticket #5340 | ||||
* | IKE auto mode is back, remove this config upgrade code unsetting it. | Chris Buechler | 2015-10-24 | 1 | -4/+0 |
| | |||||
* | Merge pull request #1979 from phil-davis/patch-5 | Renato Botelho | 2015-10-23 | 1 | -4/+4 |
|\ | |||||
| * | interfaces_assign tab_array numbering | Phil Davis | 2015-10-23 | 1 | -4/+4 |
|/ | | | | | This was fixed in master for 2.3 by https://github.com/pfsense/pfsense/commit/50e6c063e6ec148917ff0bcb0bce8b0a08df5792 - in master all of these $tab_array entries, in each file that they appear in, had been modified to just use the $tab_array[] = form. But in RELENG_2_2 that has not happened. So it seems nicer to just fix the numbering here to match what is already in the other interfaces_*.php files in RELENG_2_2. Note that the code works OK without this "fix" - display_top_tabs() just loops through the existing array keys anyhow and so did not notice the missing number. | ||||
* | Check unbound root.key file contents, and remove it if invalid, before ↵ | Chris Buechler | 2015-10-21 | 1 | -0/+9 |
| | | | | unbound-anchor runs otherwise it will fail and unbound will fail to start. fsync the file after writing to prevent the problem. Ticket #5334 | ||||
* | Make setting charon.plugins.attr.subnet conditional on net_list being set. Set | Matt Smith | 2015-10-21 | 1 | -3/+1 |
| | | | | it's value to list of subnets configured as P2's for mobile IPsec. Fixes #5327. | ||||
* | Merge pull request #1971 from doktornotor/patch-5 | Chris Buechler | 2015-10-20 | 2 | -0/+9 |
|\ | |||||
| * | Point people to 'Clear Package Lock' if the reinstall of packages got stuck ↵ | doktornotor | 2015-10-20 | 1 | -0/+8 |
| | | | | | | | | (RELENG_2_2) | ||||
| * | Point people to 'Clear Package Lock' if the reinstall of packages got stuck ↵ | doktornotor | 2015-10-20 | 1 | -0/+1 |
| | | | | | | | | (RELENG_2_2) | ||||
* | | Disable strongswan logging under auth since it's all logged under daemon, | Chris Buechler | 2015-10-20 | 1 | -0/+5 |
| | | | | | | | | so nothing is duplicated. Ticket #5242 | ||||
* | | Check whether the P2 or its associated P1 are disabled before adding NAT | Chris Buechler | 2015-10-20 | 1 | -1/+8 |
| | | | | | | | | rules. Ticket #5320 | ||||
* | | Limit the auth methods where "My Certificate Authority" is displayed/saved for | Matt Smith | 2015-10-20 | 1 | -12/+7 |
|/ | | | | mobile clients. Fixes #5323. | ||||
* | Disable zero copy buffers in bpf. | Luiz Otavio O Souza | 2015-10-19 | 1 | -1/+0 |
| | | | | | | | | | This was a no-op before my changes (so this was never really enabled) and now it is known to cause issues with tcpdump and hostapd. Disable this until we fix all the raised issues. Issue: #5257 | ||||
* | Validate that the Mobile Client settings have a valid RADIUS server selected | Matt Smith | 2015-10-19 | 1 | -0/+11 |
| | | | | | as the source for user authentication when EAP-RADIUS is selected as the phase 1 authentication method for mobile IPsec. Fixes #5219. | ||||
* | Cherry-pick 98bf4991dc31f97fc7315a6b8aba433de9d39cea: | Luiz Otavio O Souza | 2015-10-19 | 1 | -20/+14 |
| | | | | | | | | | | | | Fixes #4150. Move to tables to accomodate unlimited number of interfaces. Cherry-pick 52fe0465b463dd8b8f4b2099d562254da320e704: Fix the captive portal rules after 98bf4991dc31f97fc7315a6b8aba433de9d39cea. The malformed rules breaks the parsing of initialisation rules. Issue: #4746 | ||||
* | Add 'caref' attribute to the ca object passed into ca_inter_create so a | Matt Smith | 2015-10-16 | 1 | -0/+1 |
| | | | | relationship to the signing CA can be maintained. Fixes #5313. | ||||
* | Limit strongswan trusted CA certificates to those required for authentication of | Matt Smith | 2015-10-16 | 1 | -22/+46 |
| | | | | the configured IPsec SA's instead of trusting all known CA's. Fixes #5243. | ||||
* | only use daemon and not auth for strongswan logging. As it was, all logs ↵ | Chris Buechler | 2015-10-15 | 1 | -6/+0 |
| | | | | were duplicated. Ticket #5242 | ||||
* | fix comparison here. Ticket #4558 | Chris Buechler | 2015-10-15 | 1 | -1/+1 |
| | |||||
* | Set rightca for IPsec phase 1 using Mutual RSA, Mutual RSA + xauth, or ↵ | Matt Smith | 2015-10-15 | 1 | -0/+24 |
| | | | | EAP-TLS. Fixes #5241. | ||||
* | s/ip/IP/ it got lost on revert. Spotted by @phil-davis | Renato Botelho | 2015-10-14 | 1 | -1/+1 |
| | |||||
* | This is necessary for dhcrelay to function. Revert "remove the destination ↵ | Chris Buechler | 2015-10-14 | 1 | -6/+132 |
| | | | | | | server's interface(s) from dhcrelay" This reverts commit 97613114b5b74c334609d7fcd79c94741b111793. | ||||
* | Auto-add firewall rules for DHCP Relay, same as is done for DHCP Server. Add ↵ | Chris Buechler | 2015-10-14 | 2 | -0/+15 |
| | | | | filter reload to DHCP Relay config so rules are immediately added/removed. Ticket #4558 | ||||
* | Remove original rightsourceip. Ticket #5284 | Chris Buechler | 2015-10-13 | 1 | -1/+0 |
| | |||||
* | set enabled/disabled status accordingly on initial page load. Ticket #5284 | Chris Buechler | 2015-10-13 | 1 | -0/+1 |
| | |||||
* | clean up empty lines | Chris Buechler | 2015-10-13 | 1 | -2/+0 |
| | |||||
* | Add all remaining log types to status.php. Ticket #5304 | Chris Buechler | 2015-10-13 | 1 | -6/+30 |
| | |||||
* | PHP chmod() doesn't like 1777, gives it 01777 then | Renato Botelho | 2015-10-13 | 1 | -1/+1 |
| | |||||
* | Add missing ; and also mute chmod | Renato Botelho | 2015-10-13 | 1 | -1/+1 |
| | |||||
* | Preserve /tmp permission, it fixes #5298 | Renato Botelho | 2015-10-13 | 1 | -0/+1 |
| | |||||
* | Update zoneinfo to 2015f, it fixes #5254 | Renato Botelho | 2015-10-13 | 1 | -0/+0 |
| |