summaryrefslogtreecommitdiffstats
path: root/etc/inc/ipsec.inc
Commit message (Collapse)AuthorAgeFilesLines
* Backport ipsec_dump_mobile() from 2.3 to make it work witn new strongswan ↵Renato Botelho2016-02-171-18/+38
| | | | port (without stroke_list.c patch)
* A new fix for #4130:RELENG_2_2_5Renato Botelho2015-11-031-2/+10
| | | | | | | | | | | | The fix added for this bug, that check xml file size is < 200 to decide if file must or not be read created a new issue, single entry is not showed. Instead of doing this, check parse_xml_config() return and return empty array when it's -1 While here, prevent errors saying parse_xml_config() doesn't exist and make sure xmlparse.inc is required
* Only call pfSense_ipsec_list_sa() when IPsec is enabledRenato Botelho2015-11-031-0/+13
|
* Remove ipsec_smp_dump_status(), last dependency of strongswan XMP moduleRenato Botelho2015-10-301-47/+0
|
* Add 'any' option for peer ID, for mobile IPsec scenarios where you can't or ↵Chris Buechler2015-07-251-0/+1
| | | | don't want to check peer ID.
* Add leftid and rightid value between double quotes on ipsec config when type ↵Renato Botelho2015-07-161-3/+0
| | | | is asn1dn. Ticket #4792
* sync up ipsec.inc with master. Mostly whitespace and style changes.Chris Buechler2015-07-021-174/+219
|
* fix part of keyid problem. Ticket #4811Chris Buechler2015-07-011-1/+1
|
* This is incomplete. Leaving for 2.3. Revert "Ticket #4683 merge in brainpool ↵Chris Buechler2015-06-221-11/+2
| | | | | | for DH parameters" This reverts commit 7dc35024af3af1d644c25b002ca9f40f1d61c05b.
* Ticket #4683 merge in brainpool for DH parametersErmal LUÇI2015-06-191-2/+11
|
* s/;/:/Ermal LUÇI2015-04-211-5/+5
|
* Revert "Revert "Move to specifically specifying the ID type apart when an ip ↵Ermal LUÇI2015-04-211-21/+21
| | | | | | | | | address to have strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own."" This reverts commit 4e8eacfd7c0f1909c15d85b4cae2302b0ba3f0fc. Conflicts: etc/inc/ipsec.inc
* Allow to configure new modes for phase1 according to RFC 5903 by manually ↵Ermal LUÇI2015-04-201-0/+3
| | | | merging pull request #1501 partially. While here preserve style.
* Add support for EAP-RADIUS to IKEv2 Mobile Clients (Rel. 2.2)Ingo Bauersachs2015-04-151-0/+1
|
* Add a check for whether IPsec is enabled, so it doesn't spit out "IPsecChris Buechler2015-03-311-4/+8
| | | | daemon not running or has a problem!" when IPsec isn't enabled.
* add missing double == in ipsec.incChris Buechler2015-03-121-1/+1
|
* White space in ipsec.incPhil Davis2015-03-121-10/+10
|
* Fix IPsec on CARP IPs, broken when fixing IPsec with gateway groups and VIPs.Chris Buechler2015-03-121-5/+9
|
* Use get_failover_interface here to find appropriate interface. Ticket #4482Chris Buechler2015-03-061-3/+4
| | | | | Conflicts: etc/inc/ipsec.inc
* Fix restartipsec command line script.jim-p2015-02-041-0/+14
|
* Fixes #4359 Allow controlling uniqueidsErmal LUÇI2015-01-311-0/+4
|
* Fixes #4275 use double quotes on asn1dn specification so strongswan properly ↵Ermal LUÇI2015-01-281-2/+4
| | | | interprets it
* Save the tradition and point to used binaries hereErmal LUÇI2015-01-221-1/+1
|
* Revert "Move to specifically specifying the ID type apart when an ip address ↵Ermal LUÇI2015-01-151-22/+20
| | | | | | to have strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own." This reverts commit 1ada4c8c514cc33b0df6238b7f2f177078bfe2e8.
* Revert "Fix typos introduced by chaning to explicit id specification when ↵Ermal LUÇI2015-01-151-5/+5
| | | | | | necessary. Fixes #4202" This reverts commit 324311043385aed357ca8838bde2c3af3111e564.
* Add EAP-MSChapv2 implementation for Windows ipsec support as reported here ↵Ermal LUÇI2015-01-151-0/+6
| | | | https://forum.pfsense.org/index.php?topic=81657.15
* To avoid issues with clashing SAIDs go back to specifying the reqid in ↵Ermal LUÇI2015-01-131-0/+23
| | | | | | | | | strongswan config. To be able to manage this first upgrade the config to assign each phase2 an reqid Second use that during config generation Ticket #4208
* Fix typos introduced by chaning to explicit id specification when necessary. ↵Ermal LUÇI2015-01-121-5/+5
| | | | Fixes #4202
* Move to specifically specifying the ID type apart when an ip address to have ↵Ermal LUÇI2015-01-071-20/+22
| | | | strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own.
* Enforce subnet check here to avoid any issues resulting from function call.Ermal LUÇI2015-01-061-1/+1
|
* ipsec_smp_dump_status get out of loop if errorPhil Davis2014-12-301-0/+7
| | | | | | | | when reading response from socket. Otherwise it would be in a loop and end up like: https://forum.pfsense.org/index.php?topic=86039.msg471848#msg471848 PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/ipsec.inc on line 383 This code runs on my system, but I do not know how to induce the possible loop condition to actually test if it would really break out and return nicely.
* Fixes #4130 Check for a certain size of file to start showing data on ↵Ermal LUÇI2014-12-241-0/+4
| | | | dashboard and avoiding xml parser errors
* Fix displaying description for IKEv1 connected tunnelsErmal LUÇI2014-12-241-8/+4
|
* Make this function readbleErmal LUÇI2014-12-241-5/+4
|
* Correct ipsec status page to make connect button workErmal LUÇI2014-12-221-0/+16
|
* Remove unused functionErmal LUÇI2014-12-191-83/+0
|
* get_failover_interface() is already called inside get_interface_ip(v6), no ↵Renato Botelho2014-12-101-4/+2
| | | | need to call it twice. It should fix #4089
* Add input validation on vpn_ipsec_settings.php. Fixes #4052.Chris Buechler2014-11-281-1/+1
|
* Make the parsing of setkey -d(SAs) more reliable. Fixes #4043Ermal LUÇI2014-11-271-18/+19
|
* Rather than set the g['booting'] on globals provide a function to test for ↵Ermal LUÇI2014-11-261-1/+1
| | | | that doing the right checks
* Remove AES-GCM from phase1 settings algos since its not recommendedErmal LUÇI2014-11-251-3/+0
|
* remove unused function referencing racoonChris Buechler2014-11-251-8/+0
|
* correctly specify arrays here. Fixes last of issue with Ticket #3955, andChris Buechler2014-11-171-2/+2
| | | | probably a variety of other bugs.
* Revert "Make phase1_status function wok whnever there is a smp dump. This ↵Ermal2014-11-121-9/+2
| | | | | | should unbreak Ticket #3955" This reverts commit 694d368d818508a40bdef4f1a3f64b414b11c442.
* Make phase1_status function wok whnever there is a smp dump. This should ↵Ermal2014-11-111-2/+9
| | | | unbreak Ticket #3955
* touch up textChris Buechler2014-11-041-3/+3
|
* get back to our standard RFC-defined capitalization of IPsecChris Buechler2014-10-021-3/+3
|
* Remove wrongly used typeErmal2014-09-121-1/+1
|
* Only for movile usersErmal2014-09-121-1/+1
|
* Provide a first implementation of EAP-TLS authentication with IKEv2. It is a ↵Ermal2014-09-121-0/+1
| | | | start and might not work on all cases
OpenPOWER on IntegriCloud