summaryrefslogtreecommitdiffstats
path: root/etc/inc/ipsec.inc
Commit message (Collapse)AuthorAgeFilesLines
* Correct the step for phase2 algos as wellErmal2014-03-061-1/+1
|
* Use a step of 64 here too to comply with what the daemon can parse/understandErmal2014-03-061-1/+1
|
* Make the IPSec status page work with strongswanErmal2014-02-271-2/+2
|
* Oops forgot the query messageErmal2014-02-261-0/+3
|
* Add a function to read the status of connections/SAs/SPDs from smp plugin of ↵Ermal2014-02-261-0/+32
| | | | StrongSWAN. No need to go through the setkey dumps
* Push log changes for IPSec and fix generation of strongswan.conf and ↵Ermal2014-02-251-0/+6
| | | | ipsec.secrets to be properly considered
* Try to remove as much as possible _stf special case through the codeErmal2013-03-181-5/+5
|
* Fixes IPSec Status for natted tunnelsMichele Di Maria2013-03-151-1/+1
| | | | | See http://redmine.pfsense.org/issues/2884 for details. Thanks, Michele
* IPsec status corrections, should fix #2861jim-p2013-03-061-3/+3
|
* When auth algorithm is hmac-sha512, it produces long lines and wrap them, ↵Renato Botelho2013-02-261-1/+1
| | | | what breaks the parser. Ignore lines that starts with a space to fix it. Fixes #2842
* Make function return correct address info for respective familyErmal2013-02-111-42/+59
|
* Correct function nameErmal2013-02-071-4/+4
|
* Fix IPsec status when using interface macros (e.g. "LAN subnet") and handle ↵jim-p2013-02-061-16/+35
| | | | matching better when IPs may not match up due to IPv6 formatting/compression.
* Correct displaying of ipsec status for natted networks.Ermal2013-01-271-1/+1
|
* This should fix ipsec status for natted tunnel(s).Ermal2012-10-051-3/+8
|
* Activate more Hash, DH, and PFS options that are available in racoon now. ↵jim-p2012-08-021-6/+31
| | | | Note that SHA256-512 are RFC4868 compliant in FreeBSD, may break with other incompatible stacks.
* Add Gateway Group support to the IPsec interface drop down.smos2012-06-031-1/+1
| | | | | | Edit of gateway group correctly reflects the new IP Address. We need to make a blacklist for interface names in the gateway group edit page. Redmine ticket #1965
* Don't display a "mobile" user without a username.jim-p2012-05-301-1/+2
|
* List logged-in IPsec xauth users and provide a mechanism to disconnect them. ↵jim-p2012-05-251-0/+37
| | | | Implements #1986
* Don't do resolve_retry on ipsec_get_phase1_dst() results, because ↵jim-p2012-05-241-1/+1
| | | | ipsec_get_phase1_dst() already does that before returning output.
* Test for empty here, rather than !, so a blank value (as from mobile ↵jim-p2012-05-241-1/+1
| | | | clients) doesn't fall to the other tests.
* Merge remote-tracking branch 'upstream/master'jim-p2011-07-121-15/+15
|\ | | | | | | | | | | | | | | | | | | | | Conflicts: etc/inc/easyrule.inc etc/inc/filter.inc etc/inc/interfaces.inc etc/inc/services.inc etc/inc/xmlrpc_client.inc usr/local/www/fbegin.inc usr/local/www/services_dhcp.php
| * Merge remote-tracking branch 'mainline/master' into incVinicius Coque2011-06-281-1/+2
| |\
| * \ Merge remote-tracking branch 'mainline/master' into incVinicius Coque2011-06-071-0/+4
| |\ \ | | | | | | | | | | | | | | | | | | | | Conflicts: etc/inc/voucher.inc usr/local/www/fbegin.inc
| * \ \ Merge remote-tracking branch 'mainline/master' into incVinicius Coque2011-03-251-3/+5
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: etc/inc/auth.inc etc/inc/config.lib.inc etc/inc/filter.inc etc/inc/pfsense-utils.inc etc/inc/pkg-utils.inc etc/inc/priv.defs.inc etc/inc/services.inc etc/inc/shaper.inc etc/inc/voucher.inc etc/inc/vpn.inc usr/local/www/fbegin.inc
| * \ \ \ Merge branch 'master' into incVinicius Coque2011-01-281-0/+17
| |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: etc/inc/captiveportal.inc etc/inc/config.console.inc etc/inc/config.lib.inc etc/inc/easyrule.inc etc/inc/filter.inc etc/inc/ipsec.inc etc/inc/pkg-utils.inc etc/inc/shaper.inc etc/inc/system.inc etc/inc/voucher.inc
| * \ \ \ \ Merge remote branch 'mainline/master' into incVinicius Coque2010-12-141-5/+11
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: etc/inc/auth.inc etc/inc/config.lib.inc etc/inc/filter.inc etc/inc/gwlb.inc etc/inc/interfaces.inc etc/inc/pfsense-utils.inc etc/inc/pkg-utils.inc etc/inc/shaper.inc etc/inc/upgrade_config.inc etc/inc/xmlparse.inc usr/local/www/fbegin.inc
| * | | | | | Implement gettext() calls on ipsec.incCarlos Eduardo Ramos2010-08-161-15/+15
| | | | | | |
* | | | | | | Merge remote branch 'upstream/master'jim-p2011-06-271-1/+2
|\ \ \ \ \ \ \ | | |_|_|_|_|/ | |/| | | | |
| * | | | | | Bail out of ipsec_get_phase1_dst if there is no remote gateway, else it ↵jim-p2011-06-271-1/+2
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | falls into running resolve_retry() with invalid parameters causing a long delay in returning.
* | | | | | Merge remote branch 'upstream/master'jim-p2011-06-031-0/+4
|\ \ \ \ \ \ | |/ / / / / | | | | | | | | | | | | | | | | | | Conflicts: etc/inc/openvpn.inc
| * | | | | Show how much data has passed on an SAD entry.jim-p2011-06-021-0/+4
| | |_|_|/ | |/| | |
* | | | | Try to make IPv6 feature complete for IPv6 support. Looks like ipsec-tools ↵Seth Mos2011-03-151-19/+42
| | | | | | | | | | | | | | | | | | | | was built without v6 support, make sure you have a newer build
* | | | | Extend the IPsec configuration with a protocol family for the phase 1Seth Mos2011-03-141-4/+11
| | | | |
* | | | | Make sure to note the limitations to gethostbyname, it does not work for ↵Seth Mos2011-03-141-1/+1
| | | | | | | | | | | | | | | | | | | | Quad A records. Fix resolve_retry in the process, use that.
* | | | | Add the ability to differentiate between v4 and v6 tunnels. Bill says he can ↵Seth Mos2011-03-111-1/+2
|/ / / / | | | | | | | | | | | | test
* | | | Don't forget to include $g, otherwise the check will fail and still perform ↵smos2011-02-211-0/+1
| | | | | | | | | | | | | | | | a DNS resolve
* | | | Hold off on resolve_retry during boot. The rest of the IPsec config is ↵smos2011-02-211-3/+4
| |_|/ |/| | | | | | | | already delayed during boot for tunnels with hostnames
* | | Ticket #1116: anonymous sainfo may be used only for single phase2 ipsec VPN'sPierre POMES2010-12-281-1/+18
| |/ |/|
* | Add IPSec 'ipalias' VIP support. Ticket #1041Pierre POMES2010-12-101-5/+11
| |
* | Remove trailing carriage returnScott Ullrich2010-11-101-1/+1
|/
* Bring back IPsec PSK Tab/Edit. Part of ticket #108. Still needs backend code ↵jim-p2010-05-061-0/+10
| | | | to use the resulting keys.
* Ticket #430. Give a none option to allow for roadwarriors configs.Ermal Luçi2010-03-161-3/+7
|
* Revert "Turn off xauth by default. Ticket #108"sullrich2009-12-021-2/+2
| | | | This reverts commit 7998c3f280370991beca62c6a99ae6dd6051228a.
* Turn off xauth by default. Ticket #108sullrich2009-12-021-2/+2
|
* Add pfSense_BUILDER_BINARIES: and pfSense_MODULE: additionsScott Ullrich2009-09-121-0/+4
|
* * Make the carp ip fix for ipsec more general so other services that use the ↵Ermal Luçi2009-04-221-4/+1
| | | | | | | | same methodology work. - Basically get_interface_ip() now knows how to handle carp(4). * Move interface related function from pfsense-utils.inc to interfaces.inc that is their place. - More will come after the schedules fixes.
* * Fix ipsec over carp handling.Ermal Luçi2009-04-221-3/+5
| | | | | * do not useinterface in Upper case when working on the backends. * Do not print Configuring IPSec during bootup if there is nothing configured.
* * Hide interfaces internals to other code and use the propper interfaces.Ermal Luçi2009-03-301-5/+5
| | | | | | | Basically use get_interface*() functions instead of accessing fields like 'ipaddr'/'descr' etc... * Make get_interfaces_with_gateway less heavyweight by getting information from the configuration stored in config.xml * Some other missed custom interface list building and substituing with propper get_configured_interface*() NOTE: This should give indipendce on dynamic interfaces on some services that before could not be used on top of this type of interfaces.
* Modify IPsec code to allow for transport mode. All existing configurations aremgrooms2009-03-151-0/+4
| | | | | marked as tunnel for backwards compatibility. There are problems with the spd read code which Will likely choke on transport entries. We can fix this later.
OpenPOWER on IntegriCloud