Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
| * | | Fix lineup of copyright lines | Phil Davis | 2015-01-01 | 296 | -1503/+1578 | |
| | | | | | | | | | | | | | | | and module names and other bits of formatting and typos in header comment sections. | |||||
* | | | Merge pull request #1415 from phil-davis/copyright-dup | Renato Botelho | 2015-01-01 | 3 | -4/+1 | |
|\ \ \ | |/ / |/| | | ||||||
| * | | Remove duplicate copyright | Phil Davis | 2015-01-01 | 3 | -4/+1 | |
|/ / | | | | | | | Noticed these had the copyright twice | |||||
* | | Use binat, not nat, where IPsec NAT is configured with an address for local ↵ | Chris Buechler | 2014-12-31 | 1 | -10/+6 | |
| | | | | | | | | and NAT. Ticket #4169 | |||||
* | | Welcome 2015 | Renato Botelho | 2014-12-31 | 299 | -305/+305 | |
|/ | ||||||
* | Add config upgrade code to make sure iketype is set, bump config version to ↵ | Renato Botelho | 2014-12-31 | 3 | -2/+14 | |
| | | | | 11.4. It fixes #4163 | |||||
* | libreadline.so.6 is not supposed to be obsoleted, fixes #4159 | Renato Botelho | 2014-12-31 | 1 | -1/+0 | |
| | ||||||
* | Allow IPv6 on loopback even where IPv6 is otherwise disabled. The intent of ↵ | Chris Buechler | 2014-12-31 | 1 | -0/+3 | |
| | | | | that feature is to prevent IPv6 from communicating on the network. Blocking it on localhost can result in issues and is unnecessary. Ticket #4074 | |||||
* | Reload Unbound after IP changes, to fix issues noted in Ticket #4095. Do so ↵ | Chris Buechler | 2014-12-30 | 2 | -0/+7 | |
| | | | | before Dynamic DNS updates occur to ensure the host has functioning DNS. | |||||
* | Merge pull request #1412 from phil-davis/patch-2 | Chris Buechler | 2014-12-30 | 1 | -1/+1 | |
|\ | ||||||
| * | IPsec Widget allow for old settings that have no iketype | Phil Davis | 2014-12-30 | 1 | -1/+1 | |
| | | | | | | | | | | as mentioned in https://forum.pfsense.org/index.php?topic=84527.msg471919#msg471919 This change makes it work like similar if tests in /usr/local/wwwvpn_ipsec.php, and code in /etc/inc/vpn.inc that effectively defaults to ikev1 when iketype is not specified. This should make the code here be executed and make $ikeid get the correct value to be used in later code. | |||||
* | | Merge pull request #1413 from phil-davis/patch-3 | Chris Buechler | 2014-12-30 | 1 | -1/+1 | |
|\ \ | ||||||
| * | | Allow for old settings that have no iketype | Phil Davis | 2014-12-30 | 1 | -1/+1 | |
| |/ | | | | | | | | | This bit of code looks like it could do with the same test as https://github.com/pfsense/pfsense/pull/1412 This is executed when the "Connect" button is pressed from Status->IPsec Somebody with these problematic old IPsec entries could test this - with current code I suspect that disconnect followed by connect - it will not connect. With this change it will (might?) connect again. | |||||
* | | Only set route-to and reply-to on ESP and ISAKMP rules if the remote ↵ | Chris Buechler | 2014-12-30 | 1 | -12/+18 | |
| | | | | | | | | endpoint is not within the parent interface's subnet. Ticket #4157 | |||||
* | | Oops this should be 0s rather than 00. Linked with Ticket #4158 | Ermal | 2014-12-30 | 1 | -4/+4 | |
| | | ||||||
* | | Merge pull request #1411 from phil-davis/patch-1 | Ermal | 2014-12-30 | 1 | -0/+7 | |
|\ \ | ||||||
| * | | ipsec_smp_dump_status get out of loop if error | Phil Davis | 2014-12-30 | 1 | -0/+7 | |
| |/ | | | | | | | | | | | | | when reading response from socket. Otherwise it would be in a loop and end up like: https://forum.pfsense.org/index.php?topic=86039.msg471848#msg471848 PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/ipsec.inc on line 383 This code runs on my system, but I do not know how to induce the possible loop condition to actually test if it would really break out and return nicely. | |||||
* | | Unbreak IPsec rules generation for IPsec over CARP. Should help even Ticket ↵ | Ermal LUÇI | 2014-12-30 | 1 | -1/+1 | |
| | | | | | | | | #4157 | |||||
* | | Check for fqdn peerid/myids and prepend @ so strongswan does not try to be ↵ | Ermal LUÇI | 2014-12-30 | 1 | -5/+13 | |
| | | | | | | | | smart. Also use %any for myid instead of risking of putting the wrong value in the secrets file for traffic selector | |||||
* | | Use base64 encoded secrets which Fixes #4158 | Ermal LUÇI | 2014-12-30 | 1 | -4/+4 | |
|/ | ||||||
* | Merge pull request #1410 from phil-davis/patch-1 | Renato Botelho | 2014-12-30 | 2 | -7/+7 | |
|\ | ||||||
| * | Captive portal spelling | Phil Davis | 2014-12-30 | 1 | -2/+2 | |
| | | ||||||
| * | Standardise text in priv list | Phil Davis | 2014-12-30 | 1 | -5/+5 | |
|/ | ||||||
* | Merge pull request #1407 from phil-davis/patch-1 | Renato Botelho | 2014-12-29 | 1 | -3/+11 | |
|\ | ||||||
| * | Simplify cron array comparison | Phil Davis | 2014-12-29 | 1 | -7/+1 | |
| | | | | | | | | This works fine - I had not thought about how arrays are compared. Using "==" checks that the key/value pairs match in both arrays, regardless of the order the arrays happen to be in, which is what we want here. Using "===" would insist that the key/value pairs are also in the same order in the array and that the types and everything match identically, which we do not require. | |||||
| * | Minimise config updates when checking cron jobs | Phil Davis | 2014-12-29 | 1 | -3/+17 | |
| | | ||||||
* | | Merge pull request #1408 from ExolonDX/master | Renato Botelho | 2014-12-29 | 6 | -95/+0 | |
|\ \ | |/ |/| | ||||||
| * | Backout pull request #1391 | Colin Fleming | 2014-12-29 | 6 | -95/+0 | |
| | | | | | | | | | | | | https://forum.pfsense.org/index.php?topic=85944.0 Backout pull request #13191 | |||||
* | | Merge pull request #1405 from phil-davis/unbound-shortcuts | jim-p | 2014-12-28 | 9 | -15/+21 | |
|\ \ | |/ |/| | ||||||
| * | Fix unbound shortcut links | Phil Davis | 2014-12-28 | 9 | -15/+21 | |
|/ | | | | | | | | | | | | Fixes redmine #4151 1) Make the naming in shortcuts.inc more clear - forwarder=dnsmasq resolver=unbound 2) Make the value of $shortcuts_section correct in each dnsmasq and unbound php code 3) Make diag_logs_resolver.php smarter, so if dnsmasq is enabled, then show shortcuts for dnsmasq, otherwise show shortcuts for unbound. 4) Fix some references to forwarder in unbound code - should be resolver. | |||||
* | clarify message here after customer feedback, it wasn't meant to imply "only ↵ | Chris Buechler | 2014-12-26 | 2 | -2/+2 | |
| | | | | a reboot will re-enable" but that's how some people have read it. | |||||
* | Update /etc/ttys from new partition when upgrading nanobsd, and in this case ↵ | Renato Botelho | 2014-12-26 | 1 | -3/+5 | |
| | | | | do not call reload_ttys(). It should fix #4140 | |||||
* | Remove unused variable | Renato Botelho | 2014-12-26 | 1 | -3/+0 | |
| | ||||||
* | Move this check before full sync to disable dnsmasq/unbound in the first ↵ | Renato Botelho | 2014-12-26 | 1 | -12/+12 | |
| | | | | time it's sync'd | |||||
* | Add dnsmasq and unbound config sections to full sync, it fixes #4076 that is ↵ | Renato Botelho | 2014-12-26 | 1 | -1/+1 | |
| | | | | caused because boolean config fields are not disabled on secondary | |||||
* | Merge pull request #1402 from phil-davis/patch-1 | Renato Botelho | 2014-12-26 | 1 | -45/+49 | |
|\ | ||||||
| * | Display tunnel description on IPsec widget | Phil Davis | 2014-12-26 | 1 | -45/+49 | |
|/ | | | | | | | | There was not even code to attempt to display the description. Also, when I first created a phase1 and there were no phase2 yet, the widget spat out the warning for the line: foreach ($config['ipsec']['phase2'] as $ph2ent){ ... So I enclosed that in a block: if (isset($config['ipsec']['phase2'])) { ... } Tabbing that block in makes the diff look big when there really is little change - a diff ignoring spacing will look much nicer! | |||||
* | Correct even other areas of CP using pfSense_ipfw_getTablestats function. | Ermal LUÇI | 2014-12-24 | 3 | -3/+3 | |
| | ||||||
* | Correctly call function for retrieving stats from ipfw. Fixes #4131 | Ermal LUÇI | 2014-12-24 | 1 | -2/+2 | |
| | ||||||
* | Fixes #4130 Check for a certain size of file to start showing data on ↵ | Ermal LUÇI | 2014-12-24 | 1 | -0/+4 | |
| | | | | dashboard and avoiding xml parser errors | |||||
* | Fix displaying description for IKEv1 connected tunnels | Ermal LUÇI | 2014-12-24 | 2 | -11/+8 | |
| | ||||||
* | Oops remove variable with same name unused! | Ermal LUÇI | 2014-12-24 | 1 | -1/+1 | |
| | ||||||
* | Add checks for ghost phase2 and no need to check for number of phase2 here | Ermal LUÇI | 2014-12-24 | 1 | -3/+3 | |
| | ||||||
* | Correct skipping of disabled tunnels | Ermal LUÇI | 2014-12-24 | 1 | -1/+1 | |
| | ||||||
* | Make this function readble | Ermal LUÇI | 2014-12-24 | 1 | -5/+4 | |
| | ||||||
* | Correct status counter of inactive tunnels | Ermal LUÇI | 2014-12-24 | 1 | -0/+8 | |
| | ||||||
* | Remove option that has now been merged into infra-host-ttl. | Warren Baker | 2014-12-24 | 2 | -21/+1 | |
| | ||||||
* | Oops do not override ipsec status array! | Ermal LUÇI | 2014-12-23 | 1 | -2/+2 | |
| | ||||||
* | Merge pull request #1401 from phil-davis/patch-1 | Renato Botelho | 2014-12-23 | 1 | -2/+0 | |
|\ | ||||||
| * | Reboot not required for password protect console menu | Phil Davis | 2014-12-23 | 1 | -2/+0 | |
|/ | | | On my systems I can toggle and save "Password protect the console menu" back and forth and the console switches back and forth from the menu to a login prompt in real time. IMHO a reboot is no longer needed. Remove this note might save some people unnecessary reboot time. |