summaryrefslogtreecommitdiffstats
path: root/etc/inc/ipsec.inc
Commit message (Collapse)AuthorAgeFilesLines
* Bring back IPsec PSK Tab/Edit. Part of ticket #108. Still needs backend code ↵jim-p2010-05-061-0/+10
| | | | to use the resulting keys.
* Ticket #430. Give a none option to allow for roadwarriors configs.Ermal Luçi2010-03-161-3/+7
|
* Revert "Turn off xauth by default. Ticket #108"sullrich2009-12-021-2/+2
| | | | This reverts commit 7998c3f280370991beca62c6a99ae6dd6051228a.
* Turn off xauth by default. Ticket #108sullrich2009-12-021-2/+2
|
* Add pfSense_BUILDER_BINARIES: and pfSense_MODULE: additionsScott Ullrich2009-09-121-0/+4
|
* * Make the carp ip fix for ipsec more general so other services that use the ↵Ermal Luçi2009-04-221-4/+1
| | | | | | | | same methodology work. - Basically get_interface_ip() now knows how to handle carp(4). * Move interface related function from pfsense-utils.inc to interfaces.inc that is their place. - More will come after the schedules fixes.
* * Fix ipsec over carp handling.Ermal Luçi2009-04-221-3/+5
| | | | | * do not useinterface in Upper case when working on the backends. * Do not print Configuring IPSec during bootup if there is nothing configured.
* * Hide interfaces internals to other code and use the propper interfaces.Ermal Luçi2009-03-301-5/+5
| | | | | | | Basically use get_interface*() functions instead of accessing fields like 'ipaddr'/'descr' etc... * Make get_interfaces_with_gateway less heavyweight by getting information from the configuration stored in config.xml * Some other missed custom interface list building and substituing with propper get_configured_interface*() NOTE: This should give indipendce on dynamic interfaces on some services that before could not be used on top of this type of interfaces.
* Modify IPsec code to allow for transport mode. All existing configurations aremgrooms2009-03-151-0/+4
| | | | | marked as tunnel for backwards compatibility. There are problems with the spd read code which Will likely choke on transport entries. We can fix this later.
* fix display of ipsec tunnel status when using DNS entries for the endpointsBill Marquette2009-02-271-1/+1
|
* Correctly return phase2 status for tunnels with hostnamesSeth Mos2009-01-161-1/+1
|
* Rework most of the OpenVPN support. The interfaces have been updated toMatthew Grooms2008-08-261-0/+23
| | | | | | | | | | not use the pkg system and the configuration has been migrated to an openvpn prefix. The centralized user and certificate manager is now used to support the openvpn configurations. Most of the files removed in this commit were not being referenced. This commit also splits out the certificate management components into a new system menu item.
* Remove the vpn_endpoint_determine function. It did not work properly whenMatthew Grooms2008-08-021-0/+3
| | | | CARP devices were in use. Use the newer ipsec_get_phase1_src instead.
* Introduce a new and improved version of IPsec mobile client support. TheMatthew Grooms2008-07-131-0/+75
| | | | | | | mobile client tab is now used to configure user authentication (Xauth) and client configuration (mode-cfg) options. User authentication is currently limited to system password file entries. This will be extended to support external RADIUS and LDAP account DBs in a follow up comiit.
* Overhaul IPsec related code. Shared functions have been consolidated intoMatthew Grooms2008-07-111-0/+344
a new file named /etc/ipsec.inc. Tunnel definitions have been split into phase1 and phase2. This allows any number of phase2 definitions to be created for a single phase1 definition. Several facets of configuration have also been improved. The key size for variable length algorithms can now be selected and the phase1 ID options have been extended to allow for more flexible configuration. Several NAT-T related issues have also been resolved. Please note, IPsec remote access functionality has been temporarily disabled. An improved implementation will be included in a follow up commit.
OpenPOWER on IntegriCloud