| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
| |
Noticed-by: cmb
|
| |
|
| |
|
|
|
|
| |
NOTE: that the function link_int_to_bridge_interface needs a friendly interface as a parameter now i.e. "wan/lan/optX".
|
|
|
|
| |
arrays before treating them as such.
|
|
|
|
|
|
|
|
|
|
| |
this information in the configuration as its not specific to the server.
It only contains the parameters ( a safe large prime number ) that is
used during a DH key exchange. Instead, we now use a system wide dh file
that is generated when the /var/etc/openvpn directory is setup. This
shaves 10 to 30 seconds off of the server config creation process. Also
correct a bug in the hack I added to work around carp related issues
that prevented filter re-configuration from working properly.
|
|
|
|
|
|
|
|
|
|
| |
not use the pkg system and the configuration has been migrated to an
openvpn prefix. The centralized user and certificate manager is now used
to support the openvpn configurations. Most of the files removed in this
commit were not being referenced.
This commit also splits out the certificate management components into a
new system menu item.
|
|
|
|
| |
and we play by the rules of the parser.
|
|
|
|
| |
Scott.
|
| |
|
| |
|
| |
|
|
|
|
| |
through the new bridging code.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and pam backing functions have been removed. The basic auth method was
legacy code and the backing functions were redundant with no added value
that I could see. A simplified replacement backing function named
local_backed has been added that authenticates to the local configuration
info which should be identical to system pwdb credentials. Since the
htpassword file is no longer required, sync_webgui_passwords and its
wrapper function system_password_configure have been removed.
The local account management functions were renamed for consistency. A few
minor bugs related to setting local passwords have also been corrected.
|
|
|
|
|
|
|
|
| |
1) Redefine page privileges to not use static urls
2) Accurate generation of privilege definitions from source
3) Merging the user and group privileges into a single set
4) Allow any privilege to be added to users or groups w/ inheritance
5) Cleaning up the related WebUI pages
|
|
|
|
|
|
|
|
|
|
|
| |
the system password and group databases. This is to provide better support
for centralized user management when local account administration is
preferred.
I also took this opportunity to do some housekeeping. A lot of funtions
that were only being used in one place or not at all were removed. The
user page privelege checks were also simplified in preperation for future
work in this area.
|
| |
|
| |
|
|
|
|
| |
thing as 1 which is what the correct value is)
|
|
|
|
|
|
|
| |
* Much improved rule generation speed
* Many bug fixing in general of the interface handling
NOTE: this is only half part of the changes the other half will come after
|
| |
|
|
|
|
|
|
|
|
| |
process. We now consolidate multuple enabled phase1 entries for the same
remote gateway. This is to prevent multiple remote sections from being
created in the racoon.conf file withe the same peer IP address. Also,
make sure we don't add multiple AES definitions to a phase2 config. Add
a single definition with an auto key length.
|
|
|
|
|
| |
key lengths being set to auto in phase1 which is not currently supported.
Instead, set the key lengths to the default value.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a new file named /etc/ipsec.inc. Tunnel definitions have been split into
phase1 and phase2. This allows any number of phase2 definitions to be
created for a single phase1 definition. Several facets of configuration
have also been improved. The key size for variable length algorithms can
now be selected and the phase1 ID options have been extended to allow for
more flexible configuration. Several NAT-T related issues have also been
resolved.
Please note, IPsec remote access functionality has been temporarily
disabled. An improved implementation will be included in a follow up
commit.
|
|
|
|
|
|
|
| |
creates a copy of the
original.
This should fix vlan upgrade issues reported.
|
| |
|
|
|
|
|
|
|
|
| |
Move gateway load balancing code into gwlb.inc - still uses slbd
TODO: vs and pool status screens are currently broken...and wouldn't work
with the gateway pools anyway, ultimately, the gateway pools need
to move.
|
|
|
|
| |
Actually only one tag <vlanif>$if</vlanif> is added.
|
| |
|
| |
|
|
|
|
|
| |
Patch-by: David Rees
MFC: for 1.2.1
|
| |
|
| |
|
|
|
|
|
|
| |
just remove it)
fix error when unset config items don't exist
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Add first attempt at gateway upgrade code.
|
|
|
|
| |
php5 issues.
|
| |
|
|
|
|
|
|
|
| |
add antilockout rules on the WAN in this circumstance, and block private networks conflicts with that when your interface is on private IP space
Single interface support
Appliance Project
|
|
|
|
|
|
|
| |
didn't work because the LAN setup in config.xml isn't relevant to the current interface assignment.
Single interface support
Appliance Project
|
| |
|
| |
|
| |
|
|
|
|
| |
the LAN interface after they have elected to remove it (appliance mode).
|