summaryrefslogtreecommitdiffstats
path: root/etc/inc/openvpn.inc
Commit message (Collapse)AuthorAgeFilesLines
* Add escapeshellarg() calls on exec parameters. While I'm here, replace some ↵Renato Botelho2014-02-041-7/+7
| | | | | | | | | | exec() calls by php functions like symlink, copy, unlink, mkdir Conflicts: etc/inc/filter_log.inc etc/inc/interfaces.inc etc/inc/pfsense-utils.inc etc/inc/pkg-utils.inc
* #3174 Handling of gateway groups in openvpn_restart()Shahid Sheikh2013-09-021-7/+7
| | | If the underlying vip of a gateway group that an openvpn client is bound to is in backup mode then the client should not start.
* #3174 Added handling of gateway groups in openvpn_restartShahid Sheikh2013-09-021-0/+8
|
* Remove prior CSC entry when cleaning up. Fixes #3143jim-p2013-08-141-0/+10
|
* Declare globals as global before defining them in openvpn.incjim-p2013-08-141-0/+6
|
* IPv6 OpenVPN TAP mode typoPhil Davis2013-05-141-2/+2
|
* OpenVPN w/ IPv6 fails to set ifconfig-ipv6 value in conf #2991Phil Davis2013-05-141-2/+2
|
* Remember which interface was used by each OpenVPN confPhil Davis2013-05-071-0/+3
| | | When interfaces go down and up we need to know which interface (vr1, vr2 etc) each OpenVPN instance is using so we can optimize our decision about which instances to resync. That data is not in the conf file (the conf file contains the IP address the instance binds to). This change puts the interface name into a little file in /var/etc/openvpn for later use.
* Merge pull request #499 from phil-davis/masterErmal Luçi2013-04-031-0/+29
|\ | | | | Resync relevant OpenVPN instances when gateway group settings are modified
| * Provide openvpn_resync_gwgroup functionPhil Davis2013-03-291-0/+29
| | | | | | Allows all OpenVPN servers and clients that use a particular gateway group to be resynced in one easy call.
* | Clarify notes when there is an error reaching the openvpn management daemon ↵jim-p2013-04-011-13/+10
|/ | | | for service status. Also, add service controls to the openvpn status page.
* Better check for the right bits being set.jim-p2013-02-251-2/+2
|
* Always clear the OpenVPN route when using shared key, no matter what the ↵jim-p2013-02-251-6/+13
| | | | tunnel network "CIDR" is set to, it still needs it.
* Use the actual openvpn restart routine when starting/stopping from services ↵jim-p2013-02-111-0/+31
| | | | rather than killing/restarting manually.
* Permit openvpn to use same port on different interfaces. It should fix #814Renato Botelho2013-01-291-11/+29
|
* is_subnet() will fail here if using comma-separated lists of networks. Use ↵jim-p2013-01-281-2/+2
| | | | openvpn_validate_cidr() instead.
* is_subnet() will fail here if using comma-separated lists of networks. Use ↵jim-p2013-01-281-2/+2
| | | | openvpn_validate_cidr() instead.
* Display a list of ciphers accelerated by a specific engine. Also, skip ↵jim-p2013-01-271-4/+23
| | | | engines that are listed but unavailable for direct use.
* Fixup paths when executing OpenSSL.jim-p2013-01-271-3/+3
|
* Allow specifying multiple local/remote networks for OpenVPN separated by ↵jim-p2013-01-241-18/+78
| | | | commas. While I'm here, fix up the IPv6 tunnel/remote/local network input validation. Simplify some code using functions.
* Add GUI option to use "topology subnet" for OpenVPN, since the OpenVPN ↵jim-p2013-01-221-0/+4
| | | | Connect iOS client requires it for IPv6
* Add routing table display for each OpenVPN ssl/tls server instance, ↵jim-p2013-01-211-0/+10
| | | | collapsed by default. Part of feature #2766
* Needs more thought - might route something an unintended path. Perhaps a ↵jim-p2012-12-171-2/+0
| | | | | | checkbox. Revert "Exclude the VPN peer from routes so as to not break connectivity to the actual VPN peer if a route includes its IP." This reverts commit 5d8e8c9d25b55c6d3260e69fcf4620f76488d173.
* Update etc/inc/openvpn.incbcyrill2012-12-161-1/+1
| | | Mute error when interface does not exist, e.g. after reboot.
* Exclude the VPN peer from routes so as to not break connectivity to the ↵jim-p2012-12-131-0/+2
| | | | actual VPN peer if a route includes its IP.
* Use functions to reduce code duplication; Add function to clear route to the ↵jim-p2012-12-051-18/+40
| | | | interface IP before starting openvpn, otherwise the process cannot start. Ticket #2712
* Activate choices for UDP6 and TCP6 for OpenVPN. Make sure interface IP ↵jim-p2012-12-041-6/+9
| | | | selection chooses the proper IP and sets the proper protocol string. May need some GUI input validation to prevent someone from selecting a *6 proto with an IPv4 VIP and vice versa.
* Use the IPv6 tunnel network for peer to peer OpenVPN modes.jim-p2012-12-031-0/+28
|
* Wrap dir creation for openvpn in a function to reduce duplication, and use ↵jim-p2012-11-211-13/+14
| | | | the function before places that could potentially write in the dir.
* Create directory if it does not existsErmal2012-11-211-2/+4
|
* Presence of a directory does not mean anthing. Just continue up. Pointy-hat: ↵Ermal2012-11-211-5/+4
| | | | myself
* Unbreak the openvpn reading of configs. A dir needs to be executable to be ↵Ermal2012-11-211-2/+2
| | | | searchable and readble inside. Reported-by: http://forum.pfsense.org/index.php/topic,55934.0/topicseen.html
* Create necessary dir and unset conf string after writing to fileErmal2012-11-201-1/+6
|
* Merge pull request #244 from bcyrill/ovpn-aliasChris Buechler2012-11-191-3/+2
|\ | | | | Fix: Use specified IP if available
| * Fix: Use specified IP if availablebcyrill2012-11-031-3/+2
| |
* | Remove unused/unuseful tags anymoreErmal2012-11-141-3/+1
|/
* Allow for changing OpenVPN TUN to TAP device mode without reboot.PiBa-NL2012-10-011-1/+6
|
* Revert "Allow for changing OpenVPN TUN to TAP device mode without reboot." ↵jim-p2012-09-301-6/+1
| | | | | | -- Adds blank OpenVPN servers, see ticket #2643 This reverts commit c8bb7f1527a99c69784ab6c01d9050adcde6a8a0.
* Allow for changing OpenVPN TUN to TAP device mode without reboot.PiBa-NL2012-09-221-1/+6
|
* Add forgotten "ipv6 remote network", clean up a couple bits, make sure local ↵jim-p2012-08-091-0/+9
| | | | network box is hidden for shared key servers.
* OpenVPN _servers_ can start on carp vips, just not _clients_.jim-p2012-06-291-2/+2
|
* If we only have a IPv6 interface we'll use that, otherwise a IPv4 address ↵smos2012-06-281-5/+5
| | | | always has preference. Revisit this for OpenVPN 2.3
* Check in code that allows for using a gateway group as the interface on the ↵smos2012-06-251-3/+5
| | | | | | | | OpenVPN server page. Only allow IPv4 gateway groups for now. We'll need to add IPv6 suppport here later when we import OpenVPN 2.3. Unbreak the gateway group function on broken configurations like a missing 3G stick. Unbreak the interface IP/IPv6 code in openvpn.inc, we can listen on IPv4 or IPv6, not both. That path is now seperate which should cause less grief down the line. Adds to Redmine ticket #1965 which was for the IPsec failover.
* Only add openvpn acl script lines if it's a server mode that does user authjim-p2012-06-061-2/+7
|
* Import OpenVPN cisco style radius attributes applying policy to logged in ↵Ermal2012-06-051-0/+4
| | | | users. Feature #2100
* Whoops, don't flip these since I negated the test.jim-p2012-05-141-2/+2
|
* Flip this test around since it's safer to assume the dev mode is tun. Ticket ↵jim-p2012-05-141-3/+3
| | | | #2432
* Unbreak openvpnErmal2012-04-051-1/+1
|
* Make vips vhid be unique per parent interface!Ermal2012-04-051-1/+1
|
* Be more intelligent when managing OpenVPN client connections bound to CARP ↵jim-p2012-03-061-0/+4
| | | | | | VIPs. If the interface is in BACKUP status, do not start the client. Add a section to rc.carpmaster and rc.carpbackup to trigger this start/stop. If an OpenVPN client is active on both the master and backup system, they will cause conflicting connections to the server. Servers do not care as they only accept, not initiate.
OpenPOWER on IntegriCloud