Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Backport ipsec_dump_mobile() from 2.3 to make it work witn new strongswan ↵ | Renato Botelho | 2016-02-17 | 1 | -18/+38 |
| | | | | port (without stroke_list.c patch) | ||||
* | A new fix for #4130:RELENG_2_2_5 | Renato Botelho | 2015-11-03 | 1 | -2/+10 |
| | | | | | | | | | | | | The fix added for this bug, that check xml file size is < 200 to decide if file must or not be read created a new issue, single entry is not showed. Instead of doing this, check parse_xml_config() return and return empty array when it's -1 While here, prevent errors saying parse_xml_config() doesn't exist and make sure xmlparse.inc is required | ||||
* | Only call pfSense_ipsec_list_sa() when IPsec is enabled | Renato Botelho | 2015-11-03 | 1 | -0/+13 |
| | |||||
* | Remove ipsec_smp_dump_status(), last dependency of strongswan XMP module | Renato Botelho | 2015-10-30 | 1 | -47/+0 |
| | |||||
* | Add 'any' option for peer ID, for mobile IPsec scenarios where you can't or ↵ | Chris Buechler | 2015-07-25 | 1 | -0/+1 |
| | | | | don't want to check peer ID. | ||||
* | Add leftid and rightid value between double quotes on ipsec config when type ↵ | Renato Botelho | 2015-07-16 | 1 | -3/+0 |
| | | | | is asn1dn. Ticket #4792 | ||||
* | sync up ipsec.inc with master. Mostly whitespace and style changes. | Chris Buechler | 2015-07-02 | 1 | -174/+219 |
| | |||||
* | fix part of keyid problem. Ticket #4811 | Chris Buechler | 2015-07-01 | 1 | -1/+1 |
| | |||||
* | This is incomplete. Leaving for 2.3. Revert "Ticket #4683 merge in brainpool ↵ | Chris Buechler | 2015-06-22 | 1 | -11/+2 |
| | | | | | | for DH parameters" This reverts commit 7dc35024af3af1d644c25b002ca9f40f1d61c05b. | ||||
* | Ticket #4683 merge in brainpool for DH parameters | Ermal LUÇI | 2015-06-19 | 1 | -2/+11 |
| | |||||
* | s/;/:/ | Ermal LUÇI | 2015-04-21 | 1 | -5/+5 |
| | |||||
* | Revert "Revert "Move to specifically specifying the ID type apart when an ip ↵ | Ermal LUÇI | 2015-04-21 | 1 | -21/+21 |
| | | | | | | | | | address to have strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own."" This reverts commit 4e8eacfd7c0f1909c15d85b4cae2302b0ba3f0fc. Conflicts: etc/inc/ipsec.inc | ||||
* | Allow to configure new modes for phase1 according to RFC 5903 by manually ↵ | Ermal LUÇI | 2015-04-20 | 1 | -0/+3 |
| | | | | merging pull request #1501 partially. While here preserve style. | ||||
* | Add support for EAP-RADIUS to IKEv2 Mobile Clients (Rel. 2.2) | Ingo Bauersachs | 2015-04-15 | 1 | -0/+1 |
| | |||||
* | Add a check for whether IPsec is enabled, so it doesn't spit out "IPsec | Chris Buechler | 2015-03-31 | 1 | -4/+8 |
| | | | | daemon not running or has a problem!" when IPsec isn't enabled. | ||||
* | add missing double == in ipsec.inc | Chris Buechler | 2015-03-12 | 1 | -1/+1 |
| | |||||
* | White space in ipsec.inc | Phil Davis | 2015-03-12 | 1 | -10/+10 |
| | |||||
* | Fix IPsec on CARP IPs, broken when fixing IPsec with gateway groups and VIPs. | Chris Buechler | 2015-03-12 | 1 | -5/+9 |
| | |||||
* | Use get_failover_interface here to find appropriate interface. Ticket #4482 | Chris Buechler | 2015-03-06 | 1 | -3/+4 |
| | | | | | Conflicts: etc/inc/ipsec.inc | ||||
* | Fix restartipsec command line script. | jim-p | 2015-02-04 | 1 | -0/+14 |
| | |||||
* | Fixes #4359 Allow controlling uniqueids | Ermal LUÇI | 2015-01-31 | 1 | -0/+4 |
| | |||||
* | Fixes #4275 use double quotes on asn1dn specification so strongswan properly ↵ | Ermal LUÇI | 2015-01-28 | 1 | -2/+4 |
| | | | | interprets it | ||||
* | Save the tradition and point to used binaries here | Ermal LUÇI | 2015-01-22 | 1 | -1/+1 |
| | |||||
* | Revert "Move to specifically specifying the ID type apart when an ip address ↵ | Ermal LUÇI | 2015-01-15 | 1 | -22/+20 |
| | | | | | | to have strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own." This reverts commit 1ada4c8c514cc33b0df6238b7f2f177078bfe2e8. | ||||
* | Revert "Fix typos introduced by chaning to explicit id specification when ↵ | Ermal LUÇI | 2015-01-15 | 1 | -5/+5 |
| | | | | | | necessary. Fixes #4202" This reverts commit 324311043385aed357ca8838bde2c3af3111e564. | ||||
* | Add EAP-MSChapv2 implementation for Windows ipsec support as reported here ↵ | Ermal LUÇI | 2015-01-15 | 1 | -0/+6 |
| | | | | https://forum.pfsense.org/index.php?topic=81657.15 | ||||
* | To avoid issues with clashing SAIDs go back to specifying the reqid in ↵ | Ermal LUÇI | 2015-01-13 | 1 | -0/+23 |
| | | | | | | | | | strongswan config. To be able to manage this first upgrade the config to assign each phase2 an reqid Second use that during config generation Ticket #4208 | ||||
* | Fix typos introduced by chaning to explicit id specification when necessary. ↵ | Ermal LUÇI | 2015-01-12 | 1 | -5/+5 |
| | | | | Fixes #4202 | ||||
* | Move to specifically specifying the ID type apart when an ip address to have ↵ | Ermal LUÇI | 2015-01-07 | 1 | -20/+22 |
| | | | | strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own. | ||||
* | Enforce subnet check here to avoid any issues resulting from function call. | Ermal LUÇI | 2015-01-06 | 1 | -1/+1 |
| | |||||
* | ipsec_smp_dump_status get out of loop if error | Phil Davis | 2014-12-30 | 1 | -0/+7 |
| | | | | | | | | when reading response from socket. Otherwise it would be in a loop and end up like: https://forum.pfsense.org/index.php?topic=86039.msg471848#msg471848 PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/ipsec.inc on line 383 This code runs on my system, but I do not know how to induce the possible loop condition to actually test if it would really break out and return nicely. | ||||
* | Fixes #4130 Check for a certain size of file to start showing data on ↵ | Ermal LUÇI | 2014-12-24 | 1 | -0/+4 |
| | | | | dashboard and avoiding xml parser errors | ||||
* | Fix displaying description for IKEv1 connected tunnels | Ermal LUÇI | 2014-12-24 | 1 | -8/+4 |
| | |||||
* | Make this function readble | Ermal LUÇI | 2014-12-24 | 1 | -5/+4 |
| | |||||
* | Correct ipsec status page to make connect button work | Ermal LUÇI | 2014-12-22 | 1 | -0/+16 |
| | |||||
* | Remove unused function | Ermal LUÇI | 2014-12-19 | 1 | -83/+0 |
| | |||||
* | get_failover_interface() is already called inside get_interface_ip(v6), no ↵ | Renato Botelho | 2014-12-10 | 1 | -4/+2 |
| | | | | need to call it twice. It should fix #4089 | ||||
* | Add input validation on vpn_ipsec_settings.php. Fixes #4052. | Chris Buechler | 2014-11-28 | 1 | -1/+1 |
| | |||||
* | Make the parsing of setkey -d(SAs) more reliable. Fixes #4043 | Ermal LUÇI | 2014-11-27 | 1 | -18/+19 |
| | |||||
* | Rather than set the g['booting'] on globals provide a function to test for ↵ | Ermal LUÇI | 2014-11-26 | 1 | -1/+1 |
| | | | | that doing the right checks | ||||
* | Remove AES-GCM from phase1 settings algos since its not recommended | Ermal LUÇI | 2014-11-25 | 1 | -3/+0 |
| | |||||
* | remove unused function referencing racoon | Chris Buechler | 2014-11-25 | 1 | -8/+0 |
| | |||||
* | correctly specify arrays here. Fixes last of issue with Ticket #3955, and | Chris Buechler | 2014-11-17 | 1 | -2/+2 |
| | | | | probably a variety of other bugs. | ||||
* | Revert "Make phase1_status function wok whnever there is a smp dump. This ↵ | Ermal | 2014-11-12 | 1 | -9/+2 |
| | | | | | | should unbreak Ticket #3955" This reverts commit 694d368d818508a40bdef4f1a3f64b414b11c442. | ||||
* | Make phase1_status function wok whnever there is a smp dump. This should ↵ | Ermal | 2014-11-11 | 1 | -2/+9 |
| | | | | unbreak Ticket #3955 | ||||
* | touch up text | Chris Buechler | 2014-11-04 | 1 | -3/+3 |
| | |||||
* | get back to our standard RFC-defined capitalization of IPsec | Chris Buechler | 2014-10-02 | 1 | -3/+3 |
| | |||||
* | Remove wrongly used type | Ermal | 2014-09-12 | 1 | -1/+1 |
| | |||||
* | Only for movile users | Ermal | 2014-09-12 | 1 | -1/+1 |
| | |||||
* | Provide a first implementation of EAP-TLS authentication with IKEv2. It is a ↵ | Ermal | 2014-09-12 | 1 | -0/+1 |
| | | | | start and might not work on all cases |