summaryrefslogtreecommitdiffstats
path: root/etc/inc/openvpn.inc
Commit message (Collapse)AuthorAgeFilesLines
* Add escapeshellarg() calls on exec parameters. While I'm here, replace some ↵Renato Botelho2014-02-041-7/+7
| | | | exec() calls by php functions like symlink, copy, unlink, mkdir
* Fix openssl pathRenato Botelho2014-01-241-3/+3
|
* Add support for local (push route) and remote (iroute) network definitions ↵jim-p2013-12-261-7/+25
| | | | in an OpenVPN client-specific override entry.
* Move also tls-verify to fcgicli to avoid forking php process. Maybe even ↵Ermal2013-12-191-9/+4
| | | | this should be done as a plugin to avoid overhead of forking.
* Migrate openvpn authentication to use fcgicli rather than forking a php ↵Ermal2013-12-191-14/+3
| | | | process. Maybe should could consider to write a short library todo this
* Use does_interface_exist rather than calling ifconfig directlyErmal2013-12-181-1/+1
|
* Use _vip as identified for CARP vip IPs to allow easier upgrade code. This ↵Ermal2013-12-061-1/+1
| | | | way only ipaliases on carp need to be upgraded.
* Make more strict checksErmal2013-12-051-1/+1
|
* Remove references to _vip interface and provide proper configuration for ↵Ermal2013-11-281-1/+1
| | | | carp on FreeBSD 10. Still some places to deal with this and certainly missing upgrade code
* Unset value should be '' and not 'none'jim-p2013-10-311-1/+1
|
* Change OpenVPN Compression settings to cover the full range of allowed ↵jim-p2013-10-311-2/+9
| | | | settings on OpenVPN (unset, off, on, adaptive) rather than a simple off/on switch that either doesn't set the value or enables it with adaptive (OpenVPN's default).
* Add an Authentication Digest Algorithm drop-down to OpenVPN server/client ↵jim-p2013-10-301-0/+17
| | | | (SHA1 is the default since that is OpenVPN's default)
* Fix #3174 Handling of gateway groups in openvpn_restart()Shahid Sheikh2013-09-021-0/+8
| | | | | If the underlying vip of a gateway group that an openvpn client is bound to is in backup mode then the client should not start.
* Remove prior CSC entry when cleaning up. Fixes #3143jim-p2013-08-141-0/+10
|
* Declare globals as global before defining them in openvpn.incjim-p2013-08-141-0/+6
|
* Add warning comment about missing IPv6 implementationErmal2013-06-171-0/+1
|
* IPv6 OpenVPN TAP mode typoPhil Davis2013-05-141-2/+2
|
* OpenVPN w/ IPv6 fails to set ifconfig-ipv6 value in conf #2991Phil Davis2013-05-141-2/+2
|
* Remember which interface was used by each OpenVPN confPhil Davis2013-05-071-0/+3
| | | When interfaces go down and up we need to know which interface (vr1, vr2 etc) each OpenVPN instance is using so we can optimize our decision about which instances to resync. That data is not in the conf file (the conf file contains the IP address the instance binds to). This change puts the interface name into a little file in /var/etc/openvpn for later use.
* Merge pull request #499 from phil-davis/masterErmal Luçi2013-04-031-0/+29
|\ | | | | Resync relevant OpenVPN instances when gateway group settings are modified
| * Provide openvpn_resync_gwgroup functionPhil Davis2013-03-291-0/+29
| | | | | | Allows all OpenVPN servers and clients that use a particular gateway group to be resynced in one easy call.
* | Clarify notes when there is an error reaching the openvpn management daemon ↵jim-p2013-04-011-13/+10
|/ | | | for service status. Also, add service controls to the openvpn status page.
* Better check for the right bits being set.jim-p2013-02-251-2/+2
|
* Always clear the OpenVPN route when using shared key, no matter what the ↵jim-p2013-02-251-6/+13
| | | | tunnel network "CIDR" is set to, it still needs it.
* Use the actual openvpn restart routine when starting/stopping from services ↵jim-p2013-02-111-0/+31
| | | | rather than killing/restarting manually.
* Permit openvpn to use same port on different interfaces. It should fix #814Renato Botelho2013-01-291-11/+29
|
* is_subnet() will fail here if using comma-separated lists of networks. Use ↵jim-p2013-01-281-2/+2
| | | | openvpn_validate_cidr() instead.
* is_subnet() will fail here if using comma-separated lists of networks. Use ↵jim-p2013-01-281-2/+2
| | | | openvpn_validate_cidr() instead.
* Display a list of ciphers accelerated by a specific engine. Also, skip ↵jim-p2013-01-271-4/+23
| | | | engines that are listed but unavailable for direct use.
* Fixup paths when executing OpenSSL.jim-p2013-01-271-3/+3
|
* Allow specifying multiple local/remote networks for OpenVPN separated by ↵jim-p2013-01-241-18/+78
| | | | commas. While I'm here, fix up the IPv6 tunnel/remote/local network input validation. Simplify some code using functions.
* Add GUI option to use "topology subnet" for OpenVPN, since the OpenVPN ↵jim-p2013-01-221-0/+4
| | | | Connect iOS client requires it for IPv6
* Add routing table display for each OpenVPN ssl/tls server instance, ↵jim-p2013-01-211-0/+10
| | | | collapsed by default. Part of feature #2766
* Needs more thought - might route something an unintended path. Perhaps a ↵jim-p2012-12-171-2/+0
| | | | | | checkbox. Revert "Exclude the VPN peer from routes so as to not break connectivity to the actual VPN peer if a route includes its IP." This reverts commit 5d8e8c9d25b55c6d3260e69fcf4620f76488d173.
* Update etc/inc/openvpn.incbcyrill2012-12-161-1/+1
| | | Mute error when interface does not exist, e.g. after reboot.
* Exclude the VPN peer from routes so as to not break connectivity to the ↵jim-p2012-12-131-0/+2
| | | | actual VPN peer if a route includes its IP.
* Use functions to reduce code duplication; Add function to clear route to the ↵jim-p2012-12-051-18/+40
| | | | interface IP before starting openvpn, otherwise the process cannot start. Ticket #2712
* Activate choices for UDP6 and TCP6 for OpenVPN. Make sure interface IP ↵jim-p2012-12-041-6/+9
| | | | selection chooses the proper IP and sets the proper protocol string. May need some GUI input validation to prevent someone from selecting a *6 proto with an IPv4 VIP and vice versa.
* Use the IPv6 tunnel network for peer to peer OpenVPN modes.jim-p2012-12-031-0/+28
|
* Wrap dir creation for openvpn in a function to reduce duplication, and use ↵jim-p2012-11-211-13/+14
| | | | the function before places that could potentially write in the dir.
* Create directory if it does not existsErmal2012-11-211-2/+4
|
* Presence of a directory does not mean anthing. Just continue up. Pointy-hat: ↵Ermal2012-11-211-5/+4
| | | | myself
* Unbreak the openvpn reading of configs. A dir needs to be executable to be ↵Ermal2012-11-211-2/+2
| | | | searchable and readble inside. Reported-by: http://forum.pfsense.org/index.php/topic,55934.0/topicseen.html
* Create necessary dir and unset conf string after writing to fileErmal2012-11-201-1/+6
|
* Merge pull request #244 from bcyrill/ovpn-aliasChris Buechler2012-11-191-3/+2
|\ | | | | Fix: Use specified IP if available
| * Fix: Use specified IP if availablebcyrill2012-11-031-3/+2
| |
* | Remove unused/unuseful tags anymoreErmal2012-11-141-3/+1
|/
* Allow for changing OpenVPN TUN to TAP device mode without reboot.PiBa-NL2012-10-011-1/+6
|
* Revert "Allow for changing OpenVPN TUN to TAP device mode without reboot." ↵jim-p2012-09-301-6/+1
| | | | | | -- Adds blank OpenVPN servers, see ticket #2643 This reverts commit c8bb7f1527a99c69784ab6c01d9050adcde6a8a0.
* Allow for changing OpenVPN TUN to TAP device mode without reboot.PiBa-NL2012-09-221-1/+6
|
OpenPOWER on IntegriCloud