summaryrefslogtreecommitdiffstats
path: root/etc/inc/ipsec.inc
Commit message (Collapse)AuthorAgeFilesLines
* Add 'any' option for peer ID, for mobile IPsec scenarios where you can't or ↵Chris Buechler2015-07-251-0/+1
| | | | | | | don't want to check peer ID. Conflicts: usr/local/www/vpn_ipsec_phase1.php
* Add leftid and rightid value between double quotes on ipsec config when type ↵Renato Botelho2015-07-161-3/+0
| | | | is asn1dn. Ticket #4792
* Code spacingPhil Davis2015-06-151-3/+3
| | | | | | | and other random stuff I noticed. I think this finishes messing with code style. The codebase should match the developer style guide closely enough that 99.9% of changes will not feel the need to also massage the formatting.
* Code style bits and pieces from etcPhil Davis2015-05-311-53/+53
|
* ipsec: psk keyid bugfixBruno Thomsen2015-05-131-1/+1
| | | | | | | | | | | | IPsec/IKEv2 PSK currently generates an invalid strongswan ipsec.conf file. The local IKE ID is not inserted correctly and therefore the all client authentication attempts will fail. A typo in the ipsec_find_id() function causes the fault. Generated output example: leftid = keyid: Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
* ipsec: pfs ecc brainpool curve supportBruno Thomsen2015-05-121-1/+4
| | | | | | Use brainpool curves as perfect forward security. Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
* ipsec: pfs ecc nist curve supportBruno Thomsen2015-05-121-1/+4
| | | | | | Use nist curves as perfect forward security. Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
* ipsec: IKEv2 Diffie-Hellman ECC Brainpool supportBruno Thomsen2015-05-121-1/+4
| | | | | | Use of ECC Brainpool curves for IKEv2 is define in RFC6954. Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
* ipsec: IKE phase one AES-GCM supportBruno Thomsen2015-05-121-0/+3
| | | | | | Use of Galois/Counter Mode (GCM) during IKE phase-1 is defined in RFC4106. Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
* Allow to configure new modes for phase1 according to RFC 5903 by manually ↵Ermal LUÇI2015-04-201-0/+3
| | | | merging pull request #1501 partially. While here preserve style.
* Add support for EAP-RADIUS to IKEv2 Mobile ClientsIngo Bauersachs2015-04-151-0/+1
|
* Add a check for whether IPsec is enabled, so it doesn't spit out "IPsecChris Buechler2015-03-311-4/+8
| | | | daemon not running or has a problem!" when IPsec isn't enabled.
* correct missing == in ipsec.incChris Buechler2015-03-121-1/+1
|
* White space in ipsec.incPhil Davis2015-03-121-10/+10
|
* Fix IPsec on CARP IPs, broken when fixing IPsec with gateway groups and VIPs.Chris Buechler2015-03-121-5/+9
|
* Use get_failover_interface here to find appropriate interface. Ticket #4482Chris Buechler2015-03-061-2/+3
|
* Code style for etc inc i to pPhil Davis2015-02-281-126/+158
|
* Fix restartipsec command line script.jim-p2015-02-041-0/+14
|
* Fixes #4359 Allow controlling uniqueidsErmal LUÇI2015-01-311-0/+4
|
* Fixes #4275 use double quotes on asn1dn specification so strongswan properly ↵Ermal LUÇI2015-01-281-1/+2
| | | | interprets it
* Save the tradition and point to used binaries hereErmal LUÇI2015-01-221-1/+1
|
* Add EAP-MSChapv2 implementation for Windows ipsec support as reported here ↵Ermal LUÇI2015-01-141-0/+6
| | | | https://forum.pfsense.org/index.php?topic=81657.15
* To avoid issues with clashing SAIDs go back to specifying the reqid in ↵Ermal LUÇI2015-01-131-0/+23
| | | | | | | | | strongswan config. To be able to manage this first upgrade the config to assign each phase2 an reqid Second use that during config generation Ticket #4208
* Fix typos introduced by chaning to explicit id specification when necessary. ↵Ermal LUÇI2015-01-121-5/+5
| | | | Fixes #4202
* Move to specifically specifying the ID type apart when an ip address to have ↵Ermal LUÇI2015-01-071-20/+22
| | | | strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own.
* Enforce subnet check here to avoid any issues resulting from function call.Ermal LUÇI2015-01-061-1/+1
|
* ipsec_smp_dump_status get out of loop if errorPhil Davis2014-12-301-0/+7
| | | | | | | when reading response from socket. Otherwise it would be in a loop and end up like: https://forum.pfsense.org/index.php?topic=86039.msg471848#msg471848 PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/ipsec.inc on line 383 This code runs on my system, but I do not know how to induce the possible loop condition to actually test if it would really break out and return nicely.
* Fixes #4130 Check for a certain size of file to start showing data on ↵Ermal LUÇI2014-12-241-0/+4
| | | | dashboard and avoiding xml parser errors
* Fix displaying description for IKEv1 connected tunnelsErmal LUÇI2014-12-241-8/+4
|
* Make this function readbleErmal LUÇI2014-12-241-5/+4
|
* Correct ipsec status page to make connect button workErmal LUÇI2014-12-221-0/+16
|
* Remove unused functionErmal LUÇI2014-12-191-83/+0
|
* get_failover_interface() is already called inside get_interface_ip(v6), no ↵Renato Botelho2014-12-101-4/+2
| | | | need to call it twice. It should fix #4089
* Add input validation on vpn_ipsec_settings.php. Fixes #4052.Chris Buechler2014-11-281-1/+1
|
* Make the parsing of setkey -d(SAs) more reliable. Fixes #4043Ermal LUÇI2014-11-271-18/+19
|
* Rather than set the g['booting'] on globals provide a function to test for ↵Ermal LUÇI2014-11-261-1/+1
| | | | that doing the right checks
* Remove AES-GCM from phase1 settings algos since its not recommendedErmal LUÇI2014-11-251-3/+0
|
* remove unused function referencing racoonChris Buechler2014-11-251-8/+0
|
* correctly specify arrays here. Fixes last of issue with Ticket #3955, andChris Buechler2014-11-171-2/+2
| | | | probably a variety of other bugs.
* Revert "Make phase1_status function wok whnever there is a smp dump. This ↵Ermal2014-11-121-9/+2
| | | | | | should unbreak Ticket #3955" This reverts commit 694d368d818508a40bdef4f1a3f64b414b11c442.
* Make phase1_status function wok whnever there is a smp dump. This should ↵Ermal2014-11-111-2/+9
| | | | unbreak Ticket #3955
* touch up textChris Buechler2014-11-041-3/+3
|
* get back to our standard RFC-defined capitalization of IPsecChris Buechler2014-10-021-3/+3
|
* Remove wrongly used typeErmal2014-09-121-1/+1
|
* Only for movile usersErmal2014-09-121-1/+1
|
* Provide a first implementation of EAP-TLS authentication with IKEv2. It is a ↵Ermal2014-09-121-0/+1
| | | | start and might not work on all cases
* Fix path to xml and make sure the parser will see the custom tagsErmal2014-09-111-2/+2
|
* Make use of the xml output from stroke leases commandErmal2014-09-101-25/+11
|
* Return something meaningful until the widget is made to work correctlyErmal2014-09-101-0/+3
|
* Remove traces of older implementation still presentErmal2014-09-101-6/+0
|
OpenPOWER on IntegriCloud