summaryrefslogtreecommitdiffstats
path: root/etc/inc/config.inc
Commit message (Collapse)AuthorAgeFilesLines
...
* s/16/17Scott Ullrich2008-09-021-3/+3
| | | | Noticed-by: cmb
* Add icmplim when upgrading configuration from 1.2.1Scott Ullrich2008-09-011-0/+4
|
* Check if items are an array before treating them as such.Ermal Luçi2008-08-311-2/+3
|
* Bring bridge related support functions up to date with the other bridge code.Ermal Luçi2008-08-311-5/+2
| | | | NOTE: that the function link_int_to_bridge_interface needs a friendly interface as a parameter now i.e. "wan/lan/optX".
* When upgrading a configuration, validate openvpn configuration entries asMatthew Grooms2008-08-301-0/+9
| | | | arrays before treating them as such.
* Dump the per-configuration dh parameters data. It make no sense to keepMatthew Grooms2008-08-261-2/+12
| | | | | | | | | | this information in the configuration as its not specific to the server. It only contains the parameters ( a safe large prime number ) that is used during a DH key exchange. Instead, we now use a system wide dh file that is generated when the /var/etc/openvpn directory is setup. This shaves 10 to 30 seconds off of the server config creation process. Also correct a bug in the hack I added to work around carp related issues that prevented filter re-configuration from working properly.
* Rework most of the OpenVPN support. The interfaces have been updated toMatthew Grooms2008-08-261-14/+213
| | | | | | | | | | not use the pkg system and the configuration has been migrated to an openvpn prefix. The centralized user and certificate manager is now used to support the openvpn configurations. Most of the files removed in this commit were not being referenced. This commit also splits out the certificate management components into a new system menu item.
* Rename the bridge knob to bridged so that the upgrade code works correctly ↵Ermal Luçi2008-08-051-2/+2
| | | | and we play by the rules of the parser.
* Silence warnings generated by pw during configuration update. Requested byMatthew Grooms2008-08-051-1/+0
| | | | Scott.
* Try to overcome php smartiness with floating point numbers.Ermal Luçi2008-08-051-4/+4
|
* Record that we are on a new config format.Ermal Luçi2008-08-051-0/+1
|
* Try to convert old bridges config to the new format.Ermal Luçi2008-08-051-3/+22
|
* Remove old way bridge knobs too on the config. Anything has to be done ↵Ermal Luçi2008-08-051-0/+6
| | | | through the new bridging code.
* Upgrade older configs to the new way of bridging.Ermal Luçi2008-08-051-0/+15
|
* Fix openvpn upgrade code.Ermal Luçi2008-08-041-19/+24
|
* Cleanup authentication code. The basic auth method, the passwd, htpasswdMatthew Grooms2008-08-031-2/+2
| | | | | | | | | | | | | and pam backing functions have been removed. The basic auth method was legacy code and the backing functions were redundant with no added value that I could see. A simplified replacement backing function named local_backed has been added that authenticates to the local configuration info which should be identical to system pwdb credentials. Since the htpassword file is no longer required, sync_webgui_passwords and its wrapper function system_password_configure have been removed. The local account management functions were renamed for consistency. A few minor bugs related to setting local passwords have also been corrected.
* Rewrite the pfsense privilege system with the following goals in mind ...Matthew Grooms2008-08-011-2/+55
| | | | | | | | 1) Redefine page privileges to not use static urls 2) Accurate generation of privilege definitions from source 3) Merging the user and group privileges into a single set 4) Allow any privilege to be added to users or groups w/ inheritance 5) Cleaning up the related WebUI pages
* Rewrite portions of the user manager to ensure data is properly synced toMatthew Grooms2008-07-251-18/+77
| | | | | | | | | | | the system password and group databases. This is to provide better support for centralized user management when local account administration is preferred. I also took this opportunity to do some housekeeping. A lot of funtions that were only being used in one place or not at all were removed. The user page privelege checks were also simplified in preperation for future work in this area.
* Output . instead of random jibberish on bootup.Scott Ullrich2008-07-231-2/+2
|
* Silence the "Beginning upgrade to version 4.7" message.Matthew Grooms2008-07-191-2/+0
|
* change this to a legit value (3, and any other non-zero number does the same ↵Chris Buechler2008-07-191-1/+1
| | | | thing as 1 which is what the correct value is)
* * Merge multiple PPPoE/PPTP interfaces from RELENG_1_MULTI_ANYTHINGErmal Luçi2008-07-141-3/+70
| | | | | | | * Much improved rule generation speed * Many bug fixing in general of the interface handling NOTE: this is only half part of the changes the other half will come after
* Bump execution timeout to 15 minutes on upgradesSeth Mos2008-07-141-0/+6
|
* Correct a few more issues with the IPsec automatic configuration upgradeMatthew Grooms2008-07-131-62/+94
| | | | | | | | process. We now consolidate multuple enabled phase1 entries for the same remote gateway. This is to prevent multiple remote sections from being created in the racoon.conf file withe the same peer IP address. Also, make sure we don't add multiple AES definitions to a phase2 config. Add a single definition with an auto key length.
* Correct a problem with the IPsec upgrade code. This was related to theMatthew Grooms2008-07-131-2/+2
| | | | | key lengths being set to auto in phase1 which is not currently supported. Instead, set the key lengths to the default value.
* Overhaul IPsec related code. Shared functions have been consolidated intoMatthew Grooms2008-07-111-1/+177
| | | | | | | | | | | | | | a new file named /etc/ipsec.inc. Tunnel definitions have been split into phase1 and phase2. This allows any number of phase2 definitions to be created for a single phase1 definition. Several facets of configuration have also been improved. The key size for variable length algorithms can now be selected and the phase1 ID options have been extended to allow for more flexible configuration. Several NAT-T related issues have also been resolved. Please note, IPsec remote access functionality has been temporarily disabled. An improved implementation will be included in a follow up commit.
* Use the full path to the vlan parameters seems that the foreach block ↵Ermal Luçi2008-07-101-1/+1
| | | | | | | creates a copy of the original. This should fix vlan upgrade issues reported.
* Use the new way of enumerating interfaces.Ermal Luçi2008-06-181-8/+6
|
* Bring in relayd to perform server load balancingBill Marquette2008-06-161-0/+35
| | | | | | | | Move gateway load balancing code into gwlb.inc - still uses slbd TODO: vs and pool status screens are currently broken...and wouldn't work with the gateway pools anyway, ultimately, the gateway pools need to move.
* Compat shims to convert old vlan configs to the new one.Ermal Luçi2008-06-041-1/+10
| | | | Actually only one tag <vlanif>$if</vlanif> is added.
* add isset per billmChris Buechler2008-06-031-16/+16
|
* Ignore CarpDEV-DHCP interfaces during interface mismatch detection.Scott Ullrich2008-05-291-1/+3
|
* Atomic file writingBill Marquette2008-05-171-10/+4
| | | | | Patch-by: David Rees MFC: for 1.2.1
* Add optional config locking reason and note it in the lock file.Scott Ullrich2008-04-281-1/+2
|
* fix whitespaceChris Buechler2008-04-211-14/+14
|
* don't prompt to remove LAN config if booting (you likely never assigned one, ↵Chris Buechler2008-04-211-9/+33
| | | | | | just remove it) fix error when unset config items don't exist
* add space to not errpr out while starting ftpseasameErmal Luçi2008-04-171-2/+2
|
* Make recently commited code readable.Scott Ullrich2008-04-081-31/+29
|
* fix typo.Ermal Luçi2008-04-081-1/+1
|
* Convert old openvpn server configs to new the new config way.Ermal Luçi2008-04-081-2/+50
|
* Only process static ip address gateways on interfaces.Seth Mos2008-03-131-8/+10
|
* Remove duplicate rrd upgrade entry.Seth Mos2008-03-131-7/+21
| | | | Add first attempt at gateway upgrade code.
* Turn off kernel muting for time being while I sorta out a number ofScott Ullrich2008-03-061-1/+2
| | | | php5 issues.
* Missing unset items for appliance project.Scott Ullrich2008-02-231-0/+3
|
* Unset block private networks on WAN when only one interface configured. We ↵Chris Buechler2008-02-221-0/+1
| | | | | | | add antilockout rules on the WAN in this circumstance, and block private networks conflicts with that when your interface is on private IP space Single interface support Appliance Project
* Don't prompt for OPT assignment if LAN was not assigned. Previous check ↵Chris Buechler2008-02-221-32/+33
| | | | | | | didn't work because the LAN setup in config.xml isn't relevant to the current interface assignment. Single interface support Appliance Project
* Only delete a interface IP if it exists.Scott Ullrich2008-02-191-3/+4
|
* Backout last commit. The dependency order is not correct.Scott Ullrich2008-02-191-2/+1
|
* Remove extra c/rScott Ullrich2008-02-191-1/+0
|
* Ask the user if they would like to unload the IP address configuration ofScott Ullrich2008-02-191-3/+16
| | | | the LAN interface after they have elected to remove it (appliance mode).
OpenPOWER on IntegriCloud