summaryrefslogtreecommitdiffstats
path: root/etc/inc/openvpn.inc
Commit message (Collapse)AuthorAgeFilesLines
* Better check for the right bits being set.jim-p2013-02-251-2/+2
|
* Always clear the OpenVPN route when using shared key, no matter what the ↵jim-p2013-02-251-6/+13
| | | | tunnel network "CIDR" is set to, it still needs it.
* Use the actual openvpn restart routine when starting/stopping from services ↵jim-p2013-02-111-0/+31
| | | | rather than killing/restarting manually.
* Use functions to reduce code duplication; Add function to clear route to the ↵jim-p2013-01-151-6/+28
| | | | interface IP before starting openvpn, otherwise the process cannot start. Ticket #2712
* OpenVPN _servers_ can start on carp vips, just not _clients_.jim-p2012-06-291-2/+2
|
* Wrong branchErmal2012-06-051-4/+0
| | | | | | Revert "Import OpenVPN cisco style radius attributes applying policy to logged in users. Feature #2100" This reverts commit 477cc2bc24b4b0a36b2bc765c1bb4d79a2eacaed.
* Import OpenVPN cisco style radius attributes applying policy to logged in ↵Ermal2012-06-051-0/+4
| | | | users. Feature #2100
* Revert "Make vips vhid be unique per parent interface!" - per cmb, this ↵jim-p2012-05-081-1/+1
| | | | | | | | | | | | should not have been on RELENG_2_0 see ticket #2415 This reverts commit 4d0c032c528b10221a2ef894b5eca34f6fda39a7. Conflicts: etc/inc/openvpn.inc etc/inc/upgrade_config.inc etc/rc.filter_synchronize
* Unbreak openvpnErmal2012-04-051-1/+1
|
* Make vips vhid be unique per parent interface!Ermal2012-04-051-2/+2
|
* Be more intelligent when managing OpenVPN client connections bound to CARP ↵jim-p2012-03-061-0/+4
| | | | | | VIPs. If the interface is in BACKUP status, do not start the client. Add a section to rc.carpmaster and rc.carpbackup to trigger this start/stop. If an OpenVPN client is active on both the master and backup system, they will cause conflicting connections to the server. Servers do not care as they only accept, not initiate.
* Fix order of client/server IPs and add a note, and clarify variable names. ↵jim-p2011-11-101-3/+4
| | | | Fixes #2004.
* Assume a default value of 1 for cert_depth to disallow chaining.jim-p2011-10-271-0/+2
|
* Add GUI option to limit the certificate depth allowed when OpenVPN clients ↵jim-p2011-10-271-0/+18
| | | | are connecting.
* Fixup OpenVPN status a bit to properly handle SSL servers using a /30 (no ↵jim-p2011-08-301-3/+23
| | | | server directive) and also be a little more verbose about what is happening, if we can tell.
* Revert "Make initial changes to allow pfSense to work in a jail."Andrew Thompson2011-08-171-3/+1
| | | | This reverts commit a26d95383a6146734f67c9db21cd83534052843a.
* Make initial changes to allow pfSense to work in a jail.Andrew Thompson2011-08-171-1/+3
| | | | | | This mostly avoids starting things that will not work and gets the initial config. Most of the pfSense functionality will not work (pf rules, routing, etc) but it can be used for testing.
* Rework OpenVPN status, show status for shared key servers.jim-p2011-07-271-136/+140
|
* Resolves #1719. Prevent disabled client/servers from being displayed on the ↵Ermal2011-07-261-1/+7
| | | | widget.
* Only apply remote_network setting for p2p modes, since it is not valid for ↵jim-p2011-07-221-2/+2
| | | | remote access modes. Fixes #1707
* CRL fixes for empty CRLs (so they don't kill OpenVPN)jim-p2011-07-131-0/+1
|
* Don't check OpenVPN ports in use against disabled clients or serversChris Buechler2011-07-041-3/+3
|
* No need to use nohup when using mwexec_bg since it calls nohup itself. Also ↵Ermal2011-06-241-2/+2
| | | | use fullpath to executables.
* When making a P2P SSL/TLS OpenVPN server, if the given CIDR for the tunnel ↵jim-p2011-06-031-4/+9
| | | | network is a /30, don't use the OpenVPN server directive. See ticket #1417
* Various CRL fixes, handle empty internal CRLs better.jim-p2011-05-111-0/+1
|
* Confirmed working fix for ticket #1417 - with this change I have two-way ↵jim-p2011-04-211-0/+2
| | | | connectivity on Site-to-Site (SSL/TLS) with iroutes.
* Backing out changes from ticket #1417, it was not a valid openvpn config ↵jim-p2011-04-191-1/+0
| | | | that the user was trying to make.
* Slightly different fix for #1417 that doesn't mess up other parameters ↵jim-p2011-04-181-1/+2
| | | | needed by p2p_tls
* Putting client-config-dir in the config is valid also for p2p_tls servers. ↵jim-p2011-04-081-1/+1
| | | | Fixes #1417.
* Switch back to dev_mode so existing configs aren't broken by the other changes.jim-p2011-04-011-5/+5
|
* Added option to select the type of device for use in the tunnel openvpnlgcosta2011-03-211-4/+5
|
* fix NTP server IPs in openvpn configChris Buechler2011-02-061-2/+2
|
* Don't pass these by reference. Might be related to ticket #1231jim-p2011-01-271-3/+3
|
* Add drop-down to select OpenVPN hardware crypto (finds usable devices from ↵jim-p2011-01-201-0/+20
| | | | "openssl engine" list) for clients and servers.
* Add a checkbox for duplicate-cn on OpenVPN servers.jim-p2011-01-201-0/+2
|
* Ticket #1198. Fix code when checking client or serverPierre POMES2011-01-151-2/+2
|
* fix textChris Buechler2010-12-281-2/+2
|
* nuke trailing carriage returnsScott Ullrich2010-12-221-1/+1
|
* Do not spam filter reload at boot.Ermal2010-12-061-1/+3
|
* Add suggested fix from ticket #1037jim-p2010-11-291-1/+1
|
* Ticket #1037. Move environment manipulation to the authentication script ↵Ermal2010-11-261-3/+2
| | | | since escaping slashes is not so easz on dynamic built paths.
* Ticket #1037. Add suggestion in the ticket for using the CA supplied to ↵Ermal2010-11-251-2/+4
| | | | openvpn for authenticating to SSL LDAP.
* Reorder some code and combine the nobind test with the lport code to ensure ↵jim-p2010-11-191-9/+9
| | | | only the needed options are used in any given combination.
* When the local port is left blank on an OpenVPN client, use 'lport 0' to ↵jim-p2010-11-191-3/+3
| | | | direct the client to use a random source port. Fixes #1025
* The way this option is currently defined, the configuration variable is ↵Erik Fonnesbeck2010-11-171-1/+1
| | | | always set; for this case, isset is not the correct condition. Reported at http://forum.pfsense.org/index.php/topic,30153.0.html
* Remove trailing carriage returnScott Ullrich2010-11-101-1/+1
|
* Refresh OpenVPN CRL files when a CRL has a cert added/removed. Ticket #555jim-p2010-10-211-0/+31
|
* Add backend code to verify username against cn on login if set by user. ↵jim-p2010-10-121-1/+3
| | | | Needs GUI code to set the option yet. Ticket #887
* Allow selecting an OpenVPN Server CRL if we are in an SSL mode.jim-p2010-09-211-2/+4
|
* Send a log entry when openvpn resync is called.Ermal2010-09-151-2/+6
|
OpenPOWER on IntegriCloud