summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Properly validate IPv4 for UPnP - RELENG_2_2doktornotor2015-10-241-10/+27
| | | | | Since https://redmine.pfsense.org/issues/1835 got exactly nowhere for the past 4 years, the input should be properly validated, instead of allowing people to configure nonfunctional/broken nonsense. P.S. If you don't plan on fixing the above-linked feature for 2.3, let me know and I'll do the same for 2.3
* IKE auto mode is back, remove this config upgrade code unsetting it.Chris Buechler2015-10-241-4/+0
|
* Merge pull request #1979 from phil-davis/patch-5Renato Botelho2015-10-231-4/+4
|\
| * interfaces_assign tab_array numberingPhil Davis2015-10-231-4/+4
|/ | | | | This was fixed in master for 2.3 by https://github.com/pfsense/pfsense/commit/50e6c063e6ec148917ff0bcb0bce8b0a08df5792 - in master all of these $tab_array entries, in each file that they appear in, had been modified to just use the $tab_array[] = form. But in RELENG_2_2 that has not happened. So it seems nicer to just fix the numbering here to match what is already in the other interfaces_*.php files in RELENG_2_2. Note that the code works OK without this "fix" - display_top_tabs() just loops through the existing array keys anyhow and so did not notice the missing number.
* Check unbound root.key file contents, and remove it if invalid, before ↵Chris Buechler2015-10-211-0/+9
| | | | unbound-anchor runs otherwise it will fail and unbound will fail to start. fsync the file after writing to prevent the problem. Ticket #5334
* Make setting charon.plugins.attr.subnet conditional on net_list being set. SetMatt Smith2015-10-211-3/+1
| | | | it's value to list of subnets configured as P2's for mobile IPsec. Fixes #5327.
* Merge pull request #1971 from doktornotor/patch-5Chris Buechler2015-10-202-0/+9
|\
| * Point people to 'Clear Package Lock' if the reinstall of packages got stuck ↵doktornotor2015-10-201-0/+8
| | | | | | | | (RELENG_2_2)
| * Point people to 'Clear Package Lock' if the reinstall of packages got stuck ↵doktornotor2015-10-201-0/+1
| | | | | | | | (RELENG_2_2)
* | Disable strongswan logging under auth since it's all logged under daemon,Chris Buechler2015-10-201-0/+5
| | | | | | | | so nothing is duplicated. Ticket #5242
* | Check whether the P2 or its associated P1 are disabled before adding NATChris Buechler2015-10-201-1/+8
| | | | | | | | rules. Ticket #5320
* | Limit the auth methods where "My Certificate Authority" is displayed/saved forMatt Smith2015-10-201-12/+7
|/ | | | mobile clients. Fixes #5323.
* Disable zero copy buffers in bpf.Luiz Otavio O Souza2015-10-191-1/+0
| | | | | | | | | This was a no-op before my changes (so this was never really enabled) and now it is known to cause issues with tcpdump and hostapd. Disable this until we fix all the raised issues. Issue: #5257
* Validate that the Mobile Client settings have a valid RADIUS server selectedMatt Smith2015-10-191-0/+11
| | | | | as the source for user authentication when EAP-RADIUS is selected as the phase 1 authentication method for mobile IPsec. Fixes #5219.
* Cherry-pick 98bf4991dc31f97fc7315a6b8aba433de9d39cea:Luiz Otavio O Souza2015-10-191-20/+14
| | | | | | | | | | | | Fixes #4150. Move to tables to accomodate unlimited number of interfaces. Cherry-pick 52fe0465b463dd8b8f4b2099d562254da320e704: Fix the captive portal rules after 98bf4991dc31f97fc7315a6b8aba433de9d39cea. The malformed rules breaks the parsing of initialisation rules. Issue: #4746
* Add 'caref' attribute to the ca object passed into ca_inter_create so aMatt Smith2015-10-161-0/+1
| | | | relationship to the signing CA can be maintained. Fixes #5313.
* Limit strongswan trusted CA certificates to those required for authentication ofMatt Smith2015-10-161-22/+46
| | | | the configured IPsec SA's instead of trusting all known CA's. Fixes #5243.
* only use daemon and not auth for strongswan logging. As it was, all logs ↵Chris Buechler2015-10-151-6/+0
| | | | were duplicated. Ticket #5242
* fix comparison here. Ticket #4558Chris Buechler2015-10-151-1/+1
|
* Set rightca for IPsec phase 1 using Mutual RSA, Mutual RSA + xauth, or ↵Matt Smith2015-10-151-0/+24
| | | | EAP-TLS. Fixes #5241.
* s/ip/IP/ it got lost on revert. Spotted by @phil-davisRenato Botelho2015-10-141-1/+1
|
* This is necessary for dhcrelay to function. Revert "remove the destination ↵Chris Buechler2015-10-141-6/+132
| | | | | | server's interface(s) from dhcrelay" This reverts commit 97613114b5b74c334609d7fcd79c94741b111793.
* Auto-add firewall rules for DHCP Relay, same as is done for DHCP Server. Add ↵Chris Buechler2015-10-142-0/+15
| | | | filter reload to DHCP Relay config so rules are immediately added/removed. Ticket #4558
* Remove original rightsourceip. Ticket #5284Chris Buechler2015-10-131-1/+0
|
* set enabled/disabled status accordingly on initial page load. Ticket #5284Chris Buechler2015-10-131-0/+1
|
* clean up empty linesChris Buechler2015-10-131-2/+0
|
* Add all remaining log types to status.php. Ticket #5304Chris Buechler2015-10-131-6/+30
|
* PHP chmod() doesn't like 1777, gives it 01777 thenRenato Botelho2015-10-131-1/+1
|
* Add missing ; and also mute chmodRenato Botelho2015-10-131-1/+1
|
* Preserve /tmp permission, it fixes #5298Renato Botelho2015-10-131-0/+1
|
* Update zoneinfo to 2015f, it fixes #5254Renato Botelho2015-10-131-0/+0
|
* Remove strongswan's cert directories and repopulate them, to ensure no ↵Chris Buechler2015-10-121-0/+5
| | | | removed CAs, certs, or CRLs remain. Ticket #5238
* Fix up strongswan logging levels. Remove charondebug since strongswan.conf ↵Chris Buechler2015-10-121-7/+11
| | | | settings take precedence. Set logging levels in strongswan.conf to match what's set on a running system via 'ipsec stroke loglevel', and remove log levels that were hard coded in strongswan.conf. Ticket #5242
* Merge pull request #1962 from davidjwood/RELENG_2_2-ppp-ipv6Chris Buechler2015-10-123-34/+170
|\
| * Use named variables for ppp-linkup command line parametersDavid Wood2015-10-111-32/+40
| |
| * Make route deletions quiet - it may well be the routes have already disappearedDavid Wood2015-10-111-2/+2
| |
| * Make code dealing with the IPv4 default gateway conditional on the IPv4 link ↵David Wood2015-10-111-1/+1
| | | | | | | | going down
| * Connect ppp-ipv6 helper script to ppp-linkdown and ppp-linkupDavid Wood2015-10-112-0/+5
| |
| * Add /usr/local/sbin/ppp-ipv6 helper scriptDavid Wood2015-10-111-0/+123
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | /usr/local/sbin/ppp-ipv6 <real interface> up|down Interface using SLAAC or DHCP6 going down: * bring down dhcp6c if it is running * disable router advertisements (and therefore SLAAC) * remove any autoconfigured IPv6 addresses Interface using SLAAC or DHCP6 coming up: * call interface_dhcpv6_configure() if dhcp6c not running and router advertisements off interface_dhcpv6_configure() will enable router advertisements, configure rtsold and dhcp6c, then set rtsold to prime dhcp6c as required.
* | Merge pull request #1958 from phil-davis/patch-11Renato Botelho2015-10-121-8/+18
|\ \
| * | Redmine #5294 Do not delete a system groupPhil Davis2015-10-111-8/+18
| | | | | | | | | | | | This code checks if the user has somehow posted a group deletion for a group that has "system" scope. If so, then the delete is not done and an input error is displayed. Note that in normal use the group manager page does not display a delete button for "system" groups, so normally this does not happen - only if the user manually messes with the $POST variables.
* | | Merge pull request #1957 from phil-davis/patch-10Renato Botelho2015-10-121-8/+18
|\ \ \ | |/ / |/| |
| * | Redmine #5294 Do not delete a system userPhil Davis2015-10-111-8/+18
|/ / | | | | | | This code checks if the user has somehow posted a user deletion for a user that has "system" scope. If so, then the delete iscnot done and an input error is displayed. Note that in normal use the user manager page does not display a delete button for "system" users, so normally this does not happen - only if the user manually messes with the $POST variables.
* | Merge pull request #1954 from doktornotor/patch-2Renato Botelho2015-10-091-0/+1
|\ \
| * | Add SVG MIME type - RELENG_2_2doktornotor2015-10-091-0/+1
|/ / | | | | Because it breaks traffic graphs for people.https://forum.pfsense.org/index.php?topic=87390.0
* | Do curl_init above any curl_setopt, and take it out of that if block since ↵Chris Buechler2015-10-081-1/+2
| | | | | | | | it applies to all types.
* | Merge pull request #1953 from phil-davis/patch-10Chris Buechler2015-10-071-1/+1
|\ \
| * | Wording of alias_info_popup tipPhil Davis2015-10-081-1/+1
| | | | | | | | | | | | | | | | | | I noticed this while comparing alias popup behavior between 2.2.5-DEVELOPMENT and 2.3 Might as well fix the grammar here for 2.2.5 This tip does not exist in 2.3 because the popup works more nicely there and so this text is not needed. Therefore this change does not need to be ported forward to master.
* | | correct htmlentities unintentionally removed by earlier commitChris Buechler2015-10-071-1/+1
|/ /
* | https://redmine.pfsense.org/issues/5207Matt Smith2015-10-071-2/+1
| | | | | | | | change auth methods for both peers when using hybrid RSA + xauth with IKEv1
OpenPOWER on IntegriCloud