summaryrefslogtreecommitdiffstats
path: root/etc/inc/openvpn.inc
Commit message (Collapse)AuthorAgeFilesLines
* Fix OpenVPN server listening on associated IPv6 addressPhil Davis2015-04-111-3/+3
| | | | | | | As reported in forum https://forum.pfsense.org/index.php?topic=92174.0 If the ordinary interface is selected for an OpenVPN server and an IPV6 protocol is selected (e.g. UDP6) then al is good, the "local" line in the server1.conf is written with the primary IPv6 address of the interface. If the interface has other associated VIPs (e.g. a CARP VIP) and the related IPv6 entry is selected as the OpenVPN server interface, then the "local" line was being omitted from server1.conf Regardless of the IP address family, vpn_openvpn_server.php always writes the associated IP address into the settings key 'ipaddr' - which looks like a good and reasonable thing - we only want 1 IP address of some flavor to be remembered here. This changes fixes openvpn.inc so it understands that $settings['ipaddr'] can be IPv4 or IPv6 as does the appropriate stuff with it.
* Code style openvpn.incPhil Davis2015-02-281-165/+286
|
* Change OpenVPN CARP VIP test to be more accurate. The client should also not ↵jim-p2015-01-081-2/+2
| | | | be run if the VIP is in the INIT state.
* Fix #4146:Renato Botelho2015-01-071-2/+2
| | | | | | | | | | | | | OpenVPN create the tun/tap interface and, when set an IP address to it, mark it as UP. In some scenarios, when TAP is set as bridge and doesn't have an IP address set on it, it never goes up and tunnel doesn't work. If rc.newwanip is called for this TAP interface, UP flag is set, but, rc.newwanip is not executed when system is booting. Since it's always rename the interface and add it the group, make sure it's up here.
* Simplify logic using a proper function as spotted by ErmalRenato Botelho2014-12-181-8/+5
|
* Add openvpn interfaces to group when they are created, it should fix #4110Renato Botelho2014-12-181-0/+9
|
* Change our default resolv-retry back to OpenVPN's default. Changing thisChris Buechler2014-12-031-1/+1
| | | | | | didn't help the ticket where it was intended to help, which was later fixed differently. This change in defaults is problematic in a lot of scenarios, go back to the way things were before. Ticket #3894
* Rather than set the g['booting'] on globals provide a function to test for ↵Ermal LUÇI2014-11-261-1/+1
| | | | that doing the right checks
* add a usleep here to prevent killing twice. Ticket #3894Chris Buechler2014-11-221-0/+1
|
* In some circumstances, OpenVPN doesn't exit on SIGTERM. SIGKILL it when that ↵Chris Buechler2014-11-221-2/+9
| | | | happens. Ticket #3894
* Fixes #3894, --resolv-retry is infinite by default. To avoid the issues of ↵Ermal2014-11-191-0/+2
| | | | locking the persistnet tun device by this just retry two times by default. People can enable resolv-retry infinite themselves for previous behaviour
* remove old DISABLE_PHP_LINT_CHECKING, which dates way back to the CVS days ↵Chris Buechler2014-11-041-1/+0
| | | | and hasn't been relevant in years.
* fix #3515Dmitriy K.2014-08-201-0/+3
|
* Do not show errors from trying to delete a socket or similarErmal2014-08-151-1/+1
|
* Remove extra spaces and tabsRenato Botelho2014-07-071-26/+26
|
* Update openvpn.incDmitriy K.2014-06-241-4/+3
|
* Update openvpn.incDmitriy K.2014-06-201-1/+6
| | | Added verbosity check in case when verbosity_level is absent in config.xml
* Update openvpn.incDmitriy K.2014-06-201-2/+0
| | | Removed unnecessary "else {";
* patchpack1Dmitriy K.2014-06-171-2/+36
| | | | | -Fix #3401 (Added tun option "Disable IPv6" -Added new options: route-nopull, route-noexec, verb;
* Allow the user to select "None" for OpenVPN client certificate, so long as ↵jim-p2014-06-041-7/+14
| | | | they supply and auth user/pass. Ticket #3633
* client-config-dir is also useful when using OpenVPN's internal DHCP while ↵jim-p2014-05-301-0/+1
| | | | bridging.
* This doesn't need via-envjim-p2014-04-231-1/+1
|
* Correct the sense of the check to allow openvpn to workErmal2014-04-141-1/+1
|
* Correct auth-user-pass-verify to include parameters properly so openvpn can ↵Ermal2014-04-141-1/+1
| | | | start
* tls-verify requires quotes around the command to be executed. Ticket #3596Chris Buechler2014-04-141-1/+1
|
* openvpn, allow for entering client user credentials in the WebGUIPiBa-NL2014-02-091-0/+8
|
* Add escapeshellarg() calls on exec parameters. While I'm here, replace some ↵Renato Botelho2014-02-041-7/+7
| | | | exec() calls by php functions like symlink, copy, unlink, mkdir
* Fix openssl pathRenato Botelho2014-01-241-3/+3
|
* Add support for local (push route) and remote (iroute) network definitions ↵jim-p2013-12-261-7/+25
| | | | in an OpenVPN client-specific override entry.
* Move also tls-verify to fcgicli to avoid forking php process. Maybe even ↵Ermal2013-12-191-9/+4
| | | | this should be done as a plugin to avoid overhead of forking.
* Migrate openvpn authentication to use fcgicli rather than forking a php ↵Ermal2013-12-191-14/+3
| | | | process. Maybe should could consider to write a short library todo this
* Use does_interface_exist rather than calling ifconfig directlyErmal2013-12-181-1/+1
|
* Use _vip as identified for CARP vip IPs to allow easier upgrade code. This ↵Ermal2013-12-061-1/+1
| | | | way only ipaliases on carp need to be upgraded.
* Make more strict checksErmal2013-12-051-1/+1
|
* Remove references to _vip interface and provide proper configuration for ↵Ermal2013-11-281-1/+1
| | | | carp on FreeBSD 10. Still some places to deal with this and certainly missing upgrade code
* Unset value should be '' and not 'none'jim-p2013-10-311-1/+1
|
* Change OpenVPN Compression settings to cover the full range of allowed ↵jim-p2013-10-311-2/+9
| | | | settings on OpenVPN (unset, off, on, adaptive) rather than a simple off/on switch that either doesn't set the value or enables it with adaptive (OpenVPN's default).
* Add an Authentication Digest Algorithm drop-down to OpenVPN server/client ↵jim-p2013-10-301-0/+17
| | | | (SHA1 is the default since that is OpenVPN's default)
* Fix #3174 Handling of gateway groups in openvpn_restart()Shahid Sheikh2013-09-021-0/+8
| | | | | If the underlying vip of a gateway group that an openvpn client is bound to is in backup mode then the client should not start.
* Remove prior CSC entry when cleaning up. Fixes #3143jim-p2013-08-141-0/+10
|
* Declare globals as global before defining them in openvpn.incjim-p2013-08-141-0/+6
|
* Add warning comment about missing IPv6 implementationErmal2013-06-171-0/+1
|
* IPv6 OpenVPN TAP mode typoPhil Davis2013-05-141-2/+2
|
* OpenVPN w/ IPv6 fails to set ifconfig-ipv6 value in conf #2991Phil Davis2013-05-141-2/+2
|
* Remember which interface was used by each OpenVPN confPhil Davis2013-05-071-0/+3
| | | When interfaces go down and up we need to know which interface (vr1, vr2 etc) each OpenVPN instance is using so we can optimize our decision about which instances to resync. That data is not in the conf file (the conf file contains the IP address the instance binds to). This change puts the interface name into a little file in /var/etc/openvpn for later use.
* Merge pull request #499 from phil-davis/masterErmal Luçi2013-04-031-0/+29
|\ | | | | Resync relevant OpenVPN instances when gateway group settings are modified
| * Provide openvpn_resync_gwgroup functionPhil Davis2013-03-291-0/+29
| | | | | | Allows all OpenVPN servers and clients that use a particular gateway group to be resynced in one easy call.
* | Clarify notes when there is an error reaching the openvpn management daemon ↵jim-p2013-04-011-13/+10
|/ | | | for service status. Also, add service controls to the openvpn status page.
* Better check for the right bits being set.jim-p2013-02-251-2/+2
|
* Always clear the OpenVPN route when using shared key, no matter what the ↵jim-p2013-02-251-6/+13
| | | | tunnel network "CIDR" is set to, it still needs it.
OpenPOWER on IntegriCloud