Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add 'any' option for peer ID, for mobile IPsec scenarios where you can't or ↵ | Chris Buechler | 2015-07-25 | 1 | -0/+1 |
| | | | | | | | don't want to check peer ID. Conflicts: usr/local/www/vpn_ipsec_phase1.php | ||||
* | Add leftid and rightid value between double quotes on ipsec config when type ↵ | Renato Botelho | 2015-07-16 | 1 | -3/+0 |
| | | | | is asn1dn. Ticket #4792 | ||||
* | Code spacing | Phil Davis | 2015-06-15 | 1 | -3/+3 |
| | | | | | | | and other random stuff I noticed. I think this finishes messing with code style. The codebase should match the developer style guide closely enough that 99.9% of changes will not feel the need to also massage the formatting. | ||||
* | Code style bits and pieces from etc | Phil Davis | 2015-05-31 | 1 | -53/+53 |
| | |||||
* | ipsec: psk keyid bugfix | Bruno Thomsen | 2015-05-13 | 1 | -1/+1 |
| | | | | | | | | | | | | IPsec/IKEv2 PSK currently generates an invalid strongswan ipsec.conf file. The local IKE ID is not inserted correctly and therefore the all client authentication attempts will fail. A typo in the ipsec_find_id() function causes the fault. Generated output example: leftid = keyid: Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com> | ||||
* | ipsec: pfs ecc brainpool curve support | Bruno Thomsen | 2015-05-12 | 1 | -1/+4 |
| | | | | | | Use brainpool curves as perfect forward security. Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com> | ||||
* | ipsec: pfs ecc nist curve support | Bruno Thomsen | 2015-05-12 | 1 | -1/+4 |
| | | | | | | Use nist curves as perfect forward security. Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com> | ||||
* | ipsec: IKEv2 Diffie-Hellman ECC Brainpool support | Bruno Thomsen | 2015-05-12 | 1 | -1/+4 |
| | | | | | | Use of ECC Brainpool curves for IKEv2 is define in RFC6954. Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com> | ||||
* | ipsec: IKE phase one AES-GCM support | Bruno Thomsen | 2015-05-12 | 1 | -0/+3 |
| | | | | | | Use of Galois/Counter Mode (GCM) during IKE phase-1 is defined in RFC4106. Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com> | ||||
* | Allow to configure new modes for phase1 according to RFC 5903 by manually ↵ | Ermal LUÇI | 2015-04-20 | 1 | -0/+3 |
| | | | | merging pull request #1501 partially. While here preserve style. | ||||
* | Add support for EAP-RADIUS to IKEv2 Mobile Clients | Ingo Bauersachs | 2015-04-15 | 1 | -0/+1 |
| | |||||
* | Add a check for whether IPsec is enabled, so it doesn't spit out "IPsec | Chris Buechler | 2015-03-31 | 1 | -4/+8 |
| | | | | daemon not running or has a problem!" when IPsec isn't enabled. | ||||
* | correct missing == in ipsec.inc | Chris Buechler | 2015-03-12 | 1 | -1/+1 |
| | |||||
* | White space in ipsec.inc | Phil Davis | 2015-03-12 | 1 | -10/+10 |
| | |||||
* | Fix IPsec on CARP IPs, broken when fixing IPsec with gateway groups and VIPs. | Chris Buechler | 2015-03-12 | 1 | -5/+9 |
| | |||||
* | Use get_failover_interface here to find appropriate interface. Ticket #4482 | Chris Buechler | 2015-03-06 | 1 | -2/+3 |
| | |||||
* | Code style for etc inc i to p | Phil Davis | 2015-02-28 | 1 | -126/+158 |
| | |||||
* | Fix restartipsec command line script. | jim-p | 2015-02-04 | 1 | -0/+14 |
| | |||||
* | Fixes #4359 Allow controlling uniqueids | Ermal LUÇI | 2015-01-31 | 1 | -0/+4 |
| | |||||
* | Fixes #4275 use double quotes on asn1dn specification so strongswan properly ↵ | Ermal LUÇI | 2015-01-28 | 1 | -1/+2 |
| | | | | interprets it | ||||
* | Save the tradition and point to used binaries here | Ermal LUÇI | 2015-01-22 | 1 | -1/+1 |
| | |||||
* | Add EAP-MSChapv2 implementation for Windows ipsec support as reported here ↵ | Ermal LUÇI | 2015-01-14 | 1 | -0/+6 |
| | | | | https://forum.pfsense.org/index.php?topic=81657.15 | ||||
* | To avoid issues with clashing SAIDs go back to specifying the reqid in ↵ | Ermal LUÇI | 2015-01-13 | 1 | -0/+23 |
| | | | | | | | | | strongswan config. To be able to manage this first upgrade the config to assign each phase2 an reqid Second use that during config generation Ticket #4208 | ||||
* | Fix typos introduced by chaning to explicit id specification when necessary. ↵ | Ermal LUÇI | 2015-01-12 | 1 | -5/+5 |
| | | | | Fixes #4202 | ||||
* | Move to specifically specifying the ID type apart when an ip address to have ↵ | Ermal LUÇI | 2015-01-07 | 1 | -20/+22 |
| | | | | strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own. | ||||
* | Enforce subnet check here to avoid any issues resulting from function call. | Ermal LUÇI | 2015-01-06 | 1 | -1/+1 |
| | |||||
* | ipsec_smp_dump_status get out of loop if error | Phil Davis | 2014-12-30 | 1 | -0/+7 |
| | | | | | | | when reading response from socket. Otherwise it would be in a loop and end up like: https://forum.pfsense.org/index.php?topic=86039.msg471848#msg471848 PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/ipsec.inc on line 383 This code runs on my system, but I do not know how to induce the possible loop condition to actually test if it would really break out and return nicely. | ||||
* | Fixes #4130 Check for a certain size of file to start showing data on ↵ | Ermal LUÇI | 2014-12-24 | 1 | -0/+4 |
| | | | | dashboard and avoiding xml parser errors | ||||
* | Fix displaying description for IKEv1 connected tunnels | Ermal LUÇI | 2014-12-24 | 1 | -8/+4 |
| | |||||
* | Make this function readble | Ermal LUÇI | 2014-12-24 | 1 | -5/+4 |
| | |||||
* | Correct ipsec status page to make connect button work | Ermal LUÇI | 2014-12-22 | 1 | -0/+16 |
| | |||||
* | Remove unused function | Ermal LUÇI | 2014-12-19 | 1 | -83/+0 |
| | |||||
* | get_failover_interface() is already called inside get_interface_ip(v6), no ↵ | Renato Botelho | 2014-12-10 | 1 | -4/+2 |
| | | | | need to call it twice. It should fix #4089 | ||||
* | Add input validation on vpn_ipsec_settings.php. Fixes #4052. | Chris Buechler | 2014-11-28 | 1 | -1/+1 |
| | |||||
* | Make the parsing of setkey -d(SAs) more reliable. Fixes #4043 | Ermal LUÇI | 2014-11-27 | 1 | -18/+19 |
| | |||||
* | Rather than set the g['booting'] on globals provide a function to test for ↵ | Ermal LUÇI | 2014-11-26 | 1 | -1/+1 |
| | | | | that doing the right checks | ||||
* | Remove AES-GCM from phase1 settings algos since its not recommended | Ermal LUÇI | 2014-11-25 | 1 | -3/+0 |
| | |||||
* | remove unused function referencing racoon | Chris Buechler | 2014-11-25 | 1 | -8/+0 |
| | |||||
* | correctly specify arrays here. Fixes last of issue with Ticket #3955, and | Chris Buechler | 2014-11-17 | 1 | -2/+2 |
| | | | | probably a variety of other bugs. | ||||
* | Revert "Make phase1_status function wok whnever there is a smp dump. This ↵ | Ermal | 2014-11-12 | 1 | -9/+2 |
| | | | | | | should unbreak Ticket #3955" This reverts commit 694d368d818508a40bdef4f1a3f64b414b11c442. | ||||
* | Make phase1_status function wok whnever there is a smp dump. This should ↵ | Ermal | 2014-11-11 | 1 | -2/+9 |
| | | | | unbreak Ticket #3955 | ||||
* | touch up text | Chris Buechler | 2014-11-04 | 1 | -3/+3 |
| | |||||
* | get back to our standard RFC-defined capitalization of IPsec | Chris Buechler | 2014-10-02 | 1 | -3/+3 |
| | |||||
* | Remove wrongly used type | Ermal | 2014-09-12 | 1 | -1/+1 |
| | |||||
* | Only for movile users | Ermal | 2014-09-12 | 1 | -1/+1 |
| | |||||
* | Provide a first implementation of EAP-TLS authentication with IKEv2. It is a ↵ | Ermal | 2014-09-12 | 1 | -0/+1 |
| | | | | start and might not work on all cases | ||||
* | Fix path to xml and make sure the parser will see the custom tags | Ermal | 2014-09-11 | 1 | -2/+2 |
| | |||||
* | Make use of the xml output from stroke leases command | Ermal | 2014-09-10 | 1 | -25/+11 |
| | |||||
* | Return something meaningful until the widget is made to work correctly | Ermal | 2014-09-10 | 1 | -0/+3 |
| | |||||
* | Remove traces of older implementation still present | Ermal | 2014-09-10 | 1 | -6/+0 |
| |