| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
and other random stuff I noticed.
I think this finishes messing with code style. The codebase should match
the developer style guide closely enough that 99.9% of changes will not
feel the need to also massage the formatting.
|
|
|
|
| |
existing one
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per comment in https://redmine.pfsense.org/issues/3633 sometimes the
server end only requires a password, no username. Usually 1 long string
that serves as the hard-to-guess authentication. OpenVPN expects
something to be on the first line of the ".up" file - traditionally
called the username. It also insists on the second line being present,
but is happy with it being empty - this is the authentication
information traditionally called "password".
Let the user put the single piece of authentication information in
either the Username or Password field on the web GUI - whichever they
feel comfortable calling it. In the ".up" file it has to always be the
first line to keep OpenVPN happy.
|
|
|
|
|
|
|
| |
As reported in forum https://forum.pfsense.org/index.php?topic=92174.0
If the ordinary interface is selected for an OpenVPN server and an IPV6 protocol is selected (e.g. UDP6) then al is good, the "local" line in the server1.conf is written with the primary IPv6 address of the interface.
If the interface has other associated VIPs (e.g. a CARP VIP) and the related IPv6 entry is selected as the OpenVPN server interface, then the "local" line was being omitted from server1.conf
Regardless of the IP address family, vpn_openvpn_server.php always writes the associated IP address into the settings key 'ipaddr' - which looks like a good and reasonable thing - we only want 1 IP address of some flavor to be remembered here.
This changes fixes openvpn.inc so it understands that $settings['ipaddr'] can be IPv4 or IPv6 as does the appropriate stuff with it.
|
| |
|
|
|
|
| |
be run if the VIP is in the INIT state.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenVPN create the tun/tap interface and, when set an IP address to
it, mark it as UP. In some scenarios, when TAP is set as bridge and
doesn't have an IP address set on it, it never goes up and tunnel
doesn't work.
If rc.newwanip is called for this TAP interface, UP flag is set, but,
rc.newwanip is not executed when system is booting.
Since it's always rename the interface and add it the group, make sure
it's up here.
|
| |
|
| |
|
|
|
|
|
|
| |
didn't help the ticket where it was intended to help, which was later
fixed differently. This change in defaults is problematic in a lot of
scenarios, go back to the way things were before. Ticket #3894
|
|
|
|
| |
that doing the right checks
|
| |
|
|
|
|
| |
happens. Ticket #3894
|
|
|
|
| |
locking the persistnet tun device by this just retry two times by default. People can enable resolv-retry infinite themselves for previous behaviour
|
|
|
|
| |
and hasn't been relevant in years.
|
| |
|
| |
|
| |
|
| |
|
|
|
| |
Added verbosity check in case when verbosity_level is absent in config.xml
|
|
|
| |
Removed unnecessary "else {";
|
|
|
|
|
| |
-Fix #3401 (Added tun option "Disable IPv6"
-Added new options: route-nopull, route-noexec, verb;
|
|
|
|
| |
they supply and auth user/pass. Ticket #3633
|
|
|
|
| |
bridging.
|
| |
|
| |
|
|
|
|
| |
start
|
| |
|
| |
|
|
|
|
| |
exec() calls by php functions like symlink, copy, unlink, mkdir
|
| |
|
|
|
|
| |
in an OpenVPN client-specific override entry.
|
|
|
|
| |
this should be done as a plugin to avoid overhead of forking.
|
|
|
|
| |
process. Maybe should could consider to write a short library todo this
|
| |
|
|
|
|
| |
way only ipaliases on carp need to be upgraded.
|
| |
|
|
|
|
| |
carp on FreeBSD 10. Still some places to deal with this and certainly missing upgrade code
|
| |
|
|
|
|
| |
settings on OpenVPN (unset, off, on, adaptive) rather than a simple off/on switch that either doesn't set the value or enables it with adaptive (OpenVPN's default).
|
|
|
|
| |
(SHA1 is the default since that is OpenVPN's default)
|
|
|
|
|
| |
If the underlying vip of a gateway group that an openvpn client is bound
to is in backup mode then the client should not start.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
| |
When interfaces go down and up we need to know which interface (vr1, vr2 etc) each OpenVPN instance is using so we can optimize our decision about which instances to resync. That data is not in the conf file (the conf file contains the IP address the instance binds to). This change puts the interface name into a little file in /var/etc/openvpn for later use.
|
|\
| |
| | |
Resync relevant OpenVPN instances when gateway group settings are modified
|