summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Welcome 2015Renato Botelho2014-12-31299-305/+305
|
* Add config upgrade code to make sure iketype is set, bump config version to ↵Renato Botelho2014-12-313-2/+14
| | | | 11.4. It fixes #4163
* libreadline.so.6 is not supposed to be obsoleted, fixes #4159Renato Botelho2014-12-311-1/+0
|
* Allow IPv6 on loopback even where IPv6 is otherwise disabled. The intent of ↵Chris Buechler2014-12-311-0/+3
| | | | that feature is to prevent IPv6 from communicating on the network. Blocking it on localhost can result in issues and is unnecessary. Ticket #4074
* Reload Unbound after IP changes, to fix issues noted in Ticket #4095. Do so ↵Chris Buechler2014-12-302-0/+7
| | | | before Dynamic DNS updates occur to ensure the host has functioning DNS.
* Merge pull request #1412 from phil-davis/patch-2Chris Buechler2014-12-301-1/+1
|\
| * IPsec Widget allow for old settings that have no iketypePhil Davis2014-12-301-1/+1
| | | | | | | | | | as mentioned in https://forum.pfsense.org/index.php?topic=84527.msg471919#msg471919 This change makes it work like similar if tests in /usr/local/wwwvpn_ipsec.php, and code in /etc/inc/vpn.inc that effectively defaults to ikev1 when iketype is not specified. This should make the code here be executed and make $ikeid get the correct value to be used in later code.
* | Merge pull request #1413 from phil-davis/patch-3Chris Buechler2014-12-301-1/+1
|\ \
| * | Allow for old settings that have no iketypePhil Davis2014-12-301-1/+1
| |/ | | | | | | | | This bit of code looks like it could do with the same test as https://github.com/pfsense/pfsense/pull/1412 This is executed when the "Connect" button is pressed from Status->IPsec Somebody with these problematic old IPsec entries could test this - with current code I suspect that disconnect followed by connect - it will not connect. With this change it will (might?) connect again.
* | Only set route-to and reply-to on ESP and ISAKMP rules if the remote ↵Chris Buechler2014-12-301-12/+18
| | | | | | | | endpoint is not within the parent interface's subnet. Ticket #4157
* | Oops this should be 0s rather than 00. Linked with Ticket #4158Ermal2014-12-301-4/+4
| |
* | Merge pull request #1411 from phil-davis/patch-1Ermal2014-12-301-0/+7
|\ \
| * | ipsec_smp_dump_status get out of loop if errorPhil Davis2014-12-301-0/+7
| |/ | | | | | | | | | | | | when reading response from socket. Otherwise it would be in a loop and end up like: https://forum.pfsense.org/index.php?topic=86039.msg471848#msg471848 PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/ipsec.inc on line 383 This code runs on my system, but I do not know how to induce the possible loop condition to actually test if it would really break out and return nicely.
* | Unbreak IPsec rules generation for IPsec over CARP. Should help even Ticket ↵Ermal LUÇI2014-12-301-1/+1
| | | | | | | | #4157
* | Check for fqdn peerid/myids and prepend @ so strongswan does not try to be ↵Ermal LUÇI2014-12-301-5/+13
| | | | | | | | smart. Also use %any for myid instead of risking of putting the wrong value in the secrets file for traffic selector
* | Use base64 encoded secrets which Fixes #4158Ermal LUÇI2014-12-301-4/+4
|/
* Merge pull request #1410 from phil-davis/patch-1Renato Botelho2014-12-302-7/+7
|\
| * Captive portal spellingPhil Davis2014-12-301-2/+2
| |
| * Standardise text in priv listPhil Davis2014-12-301-5/+5
|/
* Merge pull request #1407 from phil-davis/patch-1Renato Botelho2014-12-291-3/+11
|\
| * Simplify cron array comparisonPhil Davis2014-12-291-7/+1
| | | | | | | | This works fine - I had not thought about how arrays are compared. Using "==" checks that the key/value pairs match in both arrays, regardless of the order the arrays happen to be in, which is what we want here. Using "===" would insist that the key/value pairs are also in the same order in the array and that the types and everything match identically, which we do not require.
| * Minimise config updates when checking cron jobsPhil Davis2014-12-291-3/+17
| |
* | Merge pull request #1408 from ExolonDX/masterRenato Botelho2014-12-296-95/+0
|\ \ | |/ |/|
| * Backout pull request #1391Colin Fleming2014-12-296-95/+0
| | | | | | | | | | | | https://forum.pfsense.org/index.php?topic=85944.0 Backout pull request #13191
* | Merge pull request #1405 from phil-davis/unbound-shortcutsjim-p2014-12-289-15/+21
|\ \ | |/ |/|
| * Fix unbound shortcut linksPhil Davis2014-12-289-15/+21
|/ | | | | | | | | | | | Fixes redmine #4151 1) Make the naming in shortcuts.inc more clear - forwarder=dnsmasq resolver=unbound 2) Make the value of $shortcuts_section correct in each dnsmasq and unbound php code 3) Make diag_logs_resolver.php smarter, so if dnsmasq is enabled, then show shortcuts for dnsmasq, otherwise show shortcuts for unbound. 4) Fix some references to forwarder in unbound code - should be resolver.
* clarify message here after customer feedback, it wasn't meant to imply "only ↵Chris Buechler2014-12-262-2/+2
| | | | a reboot will re-enable" but that's how some people have read it.
* Update /etc/ttys from new partition when upgrading nanobsd, and in this case ↵Renato Botelho2014-12-261-3/+5
| | | | do not call reload_ttys(). It should fix #4140
* Remove unused variableRenato Botelho2014-12-261-3/+0
|
* Move this check before full sync to disable dnsmasq/unbound in the first ↵Renato Botelho2014-12-261-12/+12
| | | | time it's sync'd
* Add dnsmasq and unbound config sections to full sync, it fixes #4076 that is ↵Renato Botelho2014-12-261-1/+1
| | | | caused because boolean config fields are not disabled on secondary
* Merge pull request #1402 from phil-davis/patch-1Renato Botelho2014-12-261-45/+49
|\
| * Display tunnel description on IPsec widgetPhil Davis2014-12-261-45/+49
|/ | | | | | | | There was not even code to attempt to display the description. Also, when I first created a phase1 and there were no phase2 yet, the widget spat out the warning for the line: foreach ($config['ipsec']['phase2'] as $ph2ent){ ... So I enclosed that in a block: if (isset($config['ipsec']['phase2'])) { ... } Tabbing that block in makes the diff look big when there really is little change - a diff ignoring spacing will look much nicer!
* Correct even other areas of CP using pfSense_ipfw_getTablestats function.Ermal LUÇI2014-12-243-3/+3
|
* Correctly call function for retrieving stats from ipfw. Fixes #4131Ermal LUÇI2014-12-241-2/+2
|
* Fixes #4130 Check for a certain size of file to start showing data on ↵Ermal LUÇI2014-12-241-0/+4
| | | | dashboard and avoiding xml parser errors
* Fix displaying description for IKEv1 connected tunnelsErmal LUÇI2014-12-242-11/+8
|
* Oops remove variable with same name unused!Ermal LUÇI2014-12-241-1/+1
|
* Add checks for ghost phase2 and no need to check for number of phase2 hereErmal LUÇI2014-12-241-3/+3
|
* Correct skipping of disabled tunnelsErmal LUÇI2014-12-241-1/+1
|
* Make this function readbleErmal LUÇI2014-12-241-5/+4
|
* Correct status counter of inactive tunnelsErmal LUÇI2014-12-241-0/+8
|
* Remove option that has now been merged into infra-host-ttl.Warren Baker2014-12-242-21/+1
|
* Oops do not override ipsec status array!Ermal LUÇI2014-12-231-2/+2
|
* Merge pull request #1401 from phil-davis/patch-1Renato Botelho2014-12-231-2/+0
|\
| * Reboot not required for password protect console menuPhil Davis2014-12-231-2/+0
|/ | | On my systems I can toggle and save "Password protect the console menu" back and forth and the console switches back and forth from the menu to a login prompt in real time. IMHO a reboot is no longer needed. Remove this note might save some people unnecessary reboot time.
* Merge pull request #1394 from phil-davis/patch-13Chris Buechler2014-12-221-2/+7
|\
| * Allow dot at end of FQDN for a hostPhil Davis2014-12-181-2/+7
| | | | | | Redmine #4124 has discussion of this.
* | Merge pull request #1393 from phil-davis/patch-12Chris Buechler2014-12-222-5/+15
|\ \
| * | Display better message when booting and awaiting package reinstallPhil Davis2014-12-181-5/+4
| | |
OpenPOWER on IntegriCloud