Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | remove old unused nopccard_platforms | Chris Buechler | 2015-07-29 | 1 | -1/+0 |
| | | | | | Conflicts: etc/inc/globals.inc | ||||
* | remove wrap and net4501 platforms, they haven't existed for years. | Chris Buechler | 2015-07-29 | 1 | -19/+0 |
| | |||||
* | Check both greater and less than for the configuration version in XMLRPC ↵ | jim-p | 2015-07-29 | 1 | -3/+4 |
| | | | | sync. Fixes #4902 | ||||
* | Use an alternate method to find VIP targets that should be allowed for ↵ | jim-p | 2015-07-29 | 2 | -20/+14 |
| | | | | Captive Portal. Fixes #4903 | ||||
* | Add "sockstat" output to status.php | jim-p | 2015-07-29 | 1 | -0/+1 |
| | |||||
* | Move cleargpt.sh and cleargmirror.sh scripts to main repo | Renato Botelho | 2015-07-27 | 2 | -0/+39 |
| | |||||
* | Merge pull request #1797 from phil-davis/patch-10 | Renato Botelho | 2015-07-27 | 1 | -1/+1 |
|\ | |||||
| * | Strip any \r when parsing URL table ports file | Phil Davis | 2015-07-27 | 1 | -1/+1 |
| | | | | | | | | If the URL table ports file at the URL specified has lines separated by "\r\n" rather than just "\n", then the code here ends up with ports that look like "80\r" "443\r" ... and group_ports() does not match any of those and the final file ends up empty. That seems a shame just because the file was made in some editor that put "\r\n" line breaks. I messed about for a while trying to make my URL table ports alias work until I realized this. This change first strips out any "\r" from the string, thus making it work with files that have either pure "\n" line breaks or "\r\n" line breaks. | ||||
* | | Fix typo in variable name, spotted by Phil Davis | Renato Botelho | 2015-07-27 | 1 | -1/+1 |
|/ | |||||
* | Consider url_port alias type when checking port-type aliases V2 | Phil Davis | 2015-07-27 | 1 | -1/+1 |
| | | | | This time I have typed url_ports correctly. | ||||
* | add a check to avoid foreach on non-array | Chris Buechler | 2015-07-27 | 1 | -0/+4 |
| | |||||
* | Bring back the ability to specify file and URL as command line arguments. ↵ | Chris Buechler | 2015-07-26 | 1 | -15/+21 |
| | | | | Clean it up a bit. | ||||
* | Upgrade config to 11.9. Changes IPsec peer ID for EAP types to "any", to ↵ | Chris Buechler | 2015-07-25 | 1 | -0/+13 |
| | | | | | | | retain previous behavior. Conflicts: etc/inc/upgrade_config.inc | ||||
* | Change the log for CRLs with no data (exists but no certs revoked) to a ↵ | Chris Buechler | 2015-07-25 | 1 | -1/+1 |
| | | | | warning since it's not technically an error. | ||||
* | Add 'any' option for peer ID, for mobile IPsec scenarios where you can't or ↵ | Chris Buechler | 2015-07-25 | 3 | -2/+7 |
| | | | | | | | don't want to check peer ID. Conflicts: usr/local/www/vpn_ipsec_phase1.php | ||||
* | Lower LoginGraceTime to 30s, should be plenty long for users, and mitigates ↵ | Chris Buechler | 2015-07-23 | 1 | -0/+1 |
| | | | | the password login attempt bypass bug in OpenSSH. Ticket #4875 | ||||
* | Only omit rightid for PSK mobile types. Flip the logic here as the 2_1 ! | Chris Buechler | 2015-07-23 | 1 | -2/+3 |
| | | | | logic gets ugly. | ||||
* | change iketype auto to ikev2 on upgrade. Ticket #4873 | Chris Buechler | 2015-07-23 | 1 | -0/+5 |
| | |||||
* | Remove "auto", it's just a synonym for IKEv2. Ticket #4873 | Chris Buechler | 2015-07-23 | 2 | -6/+4 |
| | | | | | Conflicts: usr/local/www/vpn_ipsec_phase1.php | ||||
* | include vpn.inc so IPsec CRL reload works. require_once filter.inc in | Chris Buechler | 2015-07-23 | 2 | -1/+3 |
| | | | | vpn.inc for callers there that haven't already included it. | ||||
* | Obsolete device.hints_wrap, it's not being used | Renato Botelho | 2015-07-23 | 2 | -93/+1 |
| | |||||
* | Move mfs related rc.d scripts from tools to main repo | Renato Botelho | 2015-07-23 | 3 | -0/+208 |
| | |||||
* | Obsolete /etc/rc.d/uzip and stop using it | Renato Botelho | 2015-07-23 | 3 | -6/+1 |
| | |||||
* | Most of the flowtable bits were removed some time ago, take out the last of ↵ | Chris Buechler | 2015-07-23 | 1 | -30/+0 |
| | | | | them too. | ||||
* | When a CRL is updated, refresh strongswan's CRLs. | Chris Buechler | 2015-07-23 | 1 | -0/+6 |
| | |||||
* | Merge pull request #1778 from phil-davis/patch-1 | Chris Buechler | 2015-07-22 | 1 | -1/+1 |
|\ | |||||
| * | Add isset check for strictcrlpolicy | Phil Davis | 2015-07-23 | 1 | -1/+1 |
|/ | | | To be consistent with the checks in the rest of this code. | ||||
* | make the IPsec bypass LAN from LAN subnet to LAN subnet rather than from | Chris Buechler | 2015-07-22 | 1 | -1/+1 |
| | | | | | LAN subnet to LAN IP. Same end result except it'll work for VIPs on same interface now. | ||||
* | Add IPsec advanced option for strict CRL checking | Chris Buechler | 2015-07-22 | 2 | -0/+20 |
| | |||||
* | fix typo | Chris Buechler | 2015-07-22 | 1 | -1/+1 |
| | |||||
* | Merge pull request #1777 from phil-davis/patch-1 | Chris Buechler | 2015-07-22 | 1 | -12/+16 |
|\ | |||||
| * | Handle IPsec Advanced Settings save before IPsec is enabled | Phil Davis | 2015-07-22 | 1 | -12/+16 |
| | | | | | | | | | | | | | | | | | | | | If the Advanced Settings are saved before any other IPsec is set up then $config['ipsec'] can be just the empty string. As a result you can get: a) If you select some debug settings then those are not saved. The code to save those settings was only executed when $config['ipsec'] was already an array. Actually the code already did the necessary "if isset() then unset()" stuuf. So I just took the the "if is_array()" away from the code block. b) Some potential unset() can go wrong with errors like: Fatal error: Cannot unset string offsets in /usr/local/www/vpn_ipsec_settings.php on line 168 This is corrected by adding more "if (isset())" checks. Fixes Redmine #4865 | ||||
* | | write out built-in CRLs for strongswan | Chris Buechler | 2015-07-22 | 1 | -2/+18 |
|/ | |||||
* | Merge pull request #1774 from phil-davis/interfaces-widget | Chris Buechler | 2015-07-21 | 2 | -5/+5 |
|\ | |||||
| * | Interfaces widget use more obscure separator | Phil Davis | 2015-07-22 | 2 | -5/+5 |
|/ | | | | | when acquiring the interface data. In particular the media information can have commas in it already as reported in Redmine bug #4859 | ||||
* | Merge pull request #1770 from phil-davis/patch-1 | Chris Buechler | 2015-07-21 | 1 | -0/+10 |
|\ | |||||
| * | Unset old CA and Cert in left system config | Phil Davis | 2015-07-21 | 1 | -0/+8 |
| | | | | | | Unset any old CA and Cert in the system section that might still be there from when upgrade_066_to_067 did not unset them. That will tidy up old configs that had the conversion done originally but these old sections were left behind. | ||||
| * | Unset old CA and Cert in system config | Phil Davis | 2015-07-21 | 1 | -0/+2 |
| | | | | | | | | | | This looked odd. Why would we leave behind the old "ca" and "cert" section in $config["system"]? I guess it would do no harm, but seems confusing for the future to have some unused entries like this remaining in the config. Should a piece of code be put into the latest upgrade function to clean out these in any current config? | ||||
* | | Merge pull request #1771 from phil-davis/patch-2 | Renato Botelho | 2015-07-21 | 1 | -3/+4 |
|\ \ | |||||
| * | | Allocate dnpipe and dnqueue numbers even if no filter rules | Phil Davis | 2015-07-21 | 1 | -3/+4 |
| |/ | | | | | It would be quite unusual to have no filter rules array, but if that is indeed the case then the first part of this code that sets dnpipe and dnqueue numbers should execute anyway. | ||||
* | | Merge pull request #1772 from phil-davis/patch-3 | Renato Botelho | 2015-07-21 | 1 | -1/+1 |
|\ \ | |/ |/| | |||||
| * | Captive Portal zoneid upgrade fix var name typo | Phil Davis | 2015-07-21 | 1 | -1/+1 |
|/ | | | With the typo, this empty() test would always have been true. So maybe on upgrade some existing captive portal zoneid values have been getting overwritten by this even number counter? Or? | ||||
* | Add "netstat -ni" to status.php | jim-p | 2015-07-21 | 1 | -0/+1 |
| | |||||
* | Allow pre-filling (but no automatic action) of the download filename on ↵ | jim-p | 2015-07-21 | 2 | -2/+3 |
| | | | | exec.php. Setup a link to download the status output.tgz in status.php | ||||
* | Reverting this for master, needs review in context of uniqid changes. ↵ | Chris Buechler | 2015-07-21 | 1 | -47/+33 |
| | | | | | | Opening redmine ticket. Revert "sync up rc.carpmaster with RELENG_2_2. Ticket #4854, plus removal of unnecessary loop that'll amplify notifications unnecessarily." This reverts commit 401adacfefbc6006bc2270ccc1640e1b15f767c1. | ||||
* | Going back to prior to earlier commit. Revert "fix indent my editor broke in ↵ | Chris Buechler | 2015-07-21 | 1 | -26/+26 |
| | | | | | | an earlier commit." This reverts commit 948bbc9baf77b47e636c904faf677a698c13a293. | ||||
* | fix indent my editor broke in an earlier commit. | Chris Buechler | 2015-07-21 | 1 | -26/+26 |
| | |||||
* | Add IPsec IKE Intermediate EKU to server certificates. The serverAuth EKU ↵ | Chris Buechler | 2015-07-20 | 1 | -2/+2 |
| | | | | already added suffices for Windows clients, though strongswan docs suggest setting this as well. | ||||
* | Specify keyUsage and extendedKeyUsage in openssl.cnf, use crl_ext. | Chris Buechler | 2015-07-20 | 1 | -6/+6 |
| | |||||
* | Merge pull request #1764 from doktornotor/patch-2 | Renato Botelho | 2015-07-19 | 3 | -4/+4 |
|\ |