summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | Do not obsolete after_installation_routines.sh, it's part of bsdinstaller pkgRenato Botelho2015-07-301-1/+0
| |
* | Remove unused ftmp referencesRenato Botelho2015-07-302-5/+0
| |
* | Remove bdiff supportRenato Botelho2015-07-303-71/+2
| |
* | Change welcome to /dev/null on login.conf and stop removing /etc/motdRenato Botelho2015-07-302-4/+1
| |
* | Take more care when attempting to open the CP database. Don't assume it's ↵jim-p2015-07-301-0/+10
| | | | | | | | valid before attempting to use it.
* | Reinitialize the captive portal database for a zone if it is ↵jim-p2015-07-301-10/+24
|/ | | | corrupt/unreadable. Fixes #4904
* remove more old, unused platform stuffChris Buechler2015-07-302-6/+0
|
* Fix killing of individual states for IPv6. Ticket #4906Chris Buechler2015-07-301-11/+27
|
* fix whitespaceChris Buechler2015-07-301-4/+4
|
* Use the appropriate source and dest IPs for all state types. Ticket #4907Chris Buechler2015-07-301-2/+10
|
* remove old unused nopccard_platformsChris Buechler2015-07-291-1/+0
| | | | | Conflicts: etc/inc/globals.inc
* remove wrap and net4501 platforms, they haven't existed for years.Chris Buechler2015-07-291-19/+0
|
* Check both greater and less than for the configuration version in XMLRPC ↵jim-p2015-07-291-3/+4
| | | | sync. Fixes #4902
* Use an alternate method to find VIP targets that should be allowed for ↵jim-p2015-07-292-20/+14
| | | | Captive Portal. Fixes #4903
* Add "sockstat" output to status.phpjim-p2015-07-291-0/+1
|
* Move cleargpt.sh and cleargmirror.sh scripts to main repoRenato Botelho2015-07-272-0/+39
|
* Merge pull request #1797 from phil-davis/patch-10Renato Botelho2015-07-271-1/+1
|\
| * Strip any \r when parsing URL table ports filePhil Davis2015-07-271-1/+1
| | | | | | | | If the URL table ports file at the URL specified has lines separated by "\r\n" rather than just "\n", then the code here ends up with ports that look like "80\r" "443\r" ... and group_ports() does not match any of those and the final file ends up empty. That seems a shame just because the file was made in some editor that put "\r\n" line breaks. I messed about for a while trying to make my URL table ports alias work until I realized this. This change first strips out any "\r" from the string, thus making it work with files that have either pure "\n" line breaks or "\r\n" line breaks.
* | Fix typo in variable name, spotted by Phil DavisRenato Botelho2015-07-271-1/+1
|/
* Consider url_port alias type when checking port-type aliases V2Phil Davis2015-07-271-1/+1
| | | | This time I have typed url_ports correctly.
* add a check to avoid foreach on non-arrayChris Buechler2015-07-271-0/+4
|
* Bring back the ability to specify file and URL as command line arguments. ↵Chris Buechler2015-07-261-15/+21
| | | | Clean it up a bit.
* Upgrade config to 11.9. Changes IPsec peer ID for EAP types to "any", to ↵Chris Buechler2015-07-251-0/+13
| | | | | | | retain previous behavior. Conflicts: etc/inc/upgrade_config.inc
* Change the log for CRLs with no data (exists but no certs revoked) to a ↵Chris Buechler2015-07-251-1/+1
| | | | warning since it's not technically an error.
* Add 'any' option for peer ID, for mobile IPsec scenarios where you can't or ↵Chris Buechler2015-07-253-2/+7
| | | | | | | don't want to check peer ID. Conflicts: usr/local/www/vpn_ipsec_phase1.php
* Lower LoginGraceTime to 30s, should be plenty long for users, and mitigates ↵Chris Buechler2015-07-231-0/+1
| | | | the password login attempt bypass bug in OpenSSH. Ticket #4875
* Only omit rightid for PSK mobile types. Flip the logic here as the 2_1 !Chris Buechler2015-07-231-2/+3
| | | | logic gets ugly.
* change iketype auto to ikev2 on upgrade. Ticket #4873Chris Buechler2015-07-231-0/+5
|
* Remove "auto", it's just a synonym for IKEv2. Ticket #4873Chris Buechler2015-07-232-6/+4
| | | | | Conflicts: usr/local/www/vpn_ipsec_phase1.php
* include vpn.inc so IPsec CRL reload works. require_once filter.inc inChris Buechler2015-07-232-1/+3
| | | | vpn.inc for callers there that haven't already included it.
* Obsolete device.hints_wrap, it's not being usedRenato Botelho2015-07-232-93/+1
|
* Move mfs related rc.d scripts from tools to main repoRenato Botelho2015-07-233-0/+208
|
* Obsolete /etc/rc.d/uzip and stop using itRenato Botelho2015-07-233-6/+1
|
* Most of the flowtable bits were removed some time ago, take out the last of ↵Chris Buechler2015-07-231-30/+0
| | | | them too.
* When a CRL is updated, refresh strongswan's CRLs.Chris Buechler2015-07-231-0/+6
|
* Merge pull request #1778 from phil-davis/patch-1Chris Buechler2015-07-221-1/+1
|\
| * Add isset check for strictcrlpolicyPhil Davis2015-07-231-1/+1
|/ | | To be consistent with the checks in the rest of this code.
* make the IPsec bypass LAN from LAN subnet to LAN subnet rather than fromChris Buechler2015-07-221-1/+1
| | | | | LAN subnet to LAN IP. Same end result except it'll work for VIPs on same interface now.
* Add IPsec advanced option for strict CRL checkingChris Buechler2015-07-222-0/+20
|
* fix typoChris Buechler2015-07-221-1/+1
|
* Merge pull request #1777 from phil-davis/patch-1Chris Buechler2015-07-221-12/+16
|\
| * Handle IPsec Advanced Settings save before IPsec is enabledPhil Davis2015-07-221-12/+16
| | | | | | | | | | | | | | | | | | | | If the Advanced Settings are saved before any other IPsec is set up then $config['ipsec'] can be just the empty string. As a result you can get: a) If you select some debug settings then those are not saved. The code to save those settings was only executed when $config['ipsec'] was already an array. Actually the code already did the necessary "if isset() then unset()" stuuf. So I just took the the "if is_array()" away from the code block. b) Some potential unset() can go wrong with errors like: Fatal error: Cannot unset string offsets in /usr/local/www/vpn_ipsec_settings.php on line 168 This is corrected by adding more "if (isset())" checks. Fixes Redmine #4865
* | write out built-in CRLs for strongswanChris Buechler2015-07-221-2/+18
|/
* Merge pull request #1774 from phil-davis/interfaces-widgetChris Buechler2015-07-212-5/+5
|\
| * Interfaces widget use more obscure separatorPhil Davis2015-07-222-5/+5
|/ | | | | when acquiring the interface data. In particular the media information can have commas in it already as reported in Redmine bug #4859
* Merge pull request #1770 from phil-davis/patch-1Chris Buechler2015-07-211-0/+10
|\
| * Unset old CA and Cert in left system configPhil Davis2015-07-211-0/+8
| | | | | | Unset any old CA and Cert in the system section that might still be there from when upgrade_066_to_067 did not unset them. That will tidy up old configs that had the conversion done originally but these old sections were left behind.
| * Unset old CA and Cert in system configPhil Davis2015-07-211-0/+2
| | | | | | | | | | This looked odd. Why would we leave behind the old "ca" and "cert" section in $config["system"]? I guess it would do no harm, but seems confusing for the future to have some unused entries like this remaining in the config. Should a piece of code be put into the latest upgrade function to clean out these in any current config?
* | Merge pull request #1771 from phil-davis/patch-2Renato Botelho2015-07-211-3/+4
|\ \
| * | Allocate dnpipe and dnqueue numbers even if no filter rulesPhil Davis2015-07-211-3/+4
| |/ | | | | It would be quite unusual to have no filter rules array, but if that is indeed the case then the first part of this code that sets dnpipe and dnqueue numbers should execute anyway.
OpenPOWER on IntegriCloud