summaryrefslogtreecommitdiffstats
path: root/etc/inc/openvpn.inc
Commit message (Collapse)AuthorAgeFilesLines
* Various fixes to usage of ip2long, long2ip, and negated subnet masks, mostly ↵Erik Fonnesbeck2010-05-201-9/+9
| | | | affecting 64-bit. Ticket #459
* Revert "Allow the user to override OpenVPN interface name in custom options ↵jim-p2010-05-171-37/+21
| | | | | | (e.g. dev tap99 or dev tun99) and set related options appropriately. ticket #482 Item 2a/2b." - Revert for now, may cause more issues than it fixes. This reverts commit be58c36ded298a1cb7a0eac40cd2edd62908d882.
* Allow the user to override OpenVPN interface name in custom options (e.g. ↵jim-p2010-05-171-21/+37
| | | | dev tap99 or dev tun99) and set related options appropriately. ticket #482 Item 2a/2b.
* Add scpecific scripts for when ovpn goes up and down so we get neccessary ↵Ermal2010-05-071-2/+2
| | | | values for used in varius areas of pfSense. TODO is find out how to get DNS info form openvpn.
* Add client-to-client to OpenVPN server config if the option is checked. ↵jim-p2010-05-061-0/+3
| | | | Resolves #572.
* Use nobind for OVPN client when no local port and/or no local interface is ↵pierrepomes2010-04-291-3/+5
| | | | requested. Ticket #282
* Fix typo in commentpierrepomes2010-04-271-1/+1
|
* Move these functions to a more central location. Part of ticket #496jim-p2010-04-271-0/+163
|
* Ticket #474. Properly check for disabled openvpn configs.Ermal2010-04-271-3/+3
|
* Ticket #449. Teach OpenVPN to reload only tunnels for the specified ↵Ermal2010-03-291-5/+13
| | | | interface. Use this is rc.newwanip script to reload only these tunnels.
* Fix local and nobind for client settingsErmal2010-03-121-1/+2
|
* Ticket #413. Hanlde cases when no authentication is specified.Ermal Luçi2010-03-101-12/+14
|
* Ignore chmod errors for files that do not exist.Ermal Luçi2010-03-041-5/+5
|
* Add tls-auth to server even when authenticating in user/pass mode.Ermal Luçi2010-03-031-12/+3
|
* Do not include tls-auth on authentication based only on user/pass.Ermal Luçi2010-03-031-5/+20
|
* Allow openvpn server to authenticate only based on username/password ↵Ermal Luçi2010-03-021-2/+2
| | | | credentials.
* Allow the GUI auth API to be used for doing authentication against ↵Ermal Luçi2010-03-021-9/+13
| | | | authentication servers specified. Teach Openvpn to use this API. Allow openvpn to authenticate against multiple servers that can be selected on the server configuration page.
* Allow the authentication scripts to detect configuration changes. Allow ↵Ermal Luçi2010-03-021-21/+1
| | | | multiple OUs to be specified on basedn.
* Use 0 when configuring tls-auth in server.Ermal Luçi2010-03-011-2/+7
|
* Correct script used for OpenVPN authentication to actually work.Ermal Luçi2010-03-011-4/+11
|
* Include missing quotes.Ermal Luçi2010-02-251-7/+7
|
* Add support for authenticating users against server specified in the ↵Ermal Luçi2010-02-241-1/+23
| | | | system->user manager->servers for openvpn. While there propperly fill the shared secret field for raidus in the servers page.
* Add proxy authentication capabilities to OpenVPN client.Ermal Luçi2010-02-231-2/+10
|
* Add statistics for OpenVPN client instancespierrepomes2010-02-161-1/+4
|
* Feature #248. Ticket #248. Merge patch from Antonio No to add tap device ↵Ermal Luçi2010-02-051-5/+13
| | | | type to OpenVPN.
* fix openvpn user auth. thanks to thompsa@ for finding fixChris Buechler2009-12-301-1/+1
|
* Apparently OpenVPN 2.1 requires setting "script-security 2" to run given the ↵jim-p2009-12-291-0/+1
| | | | other options we currently employ.
* Use get_interface_ip instead of a manual shell_exec(ifconfig). Ticket #69pierrepomes2009-12-101-5/+1
|
* Add IP alias and 'any' support to OpenVPN. Feedback #69pierrepomes2009-12-101-11/+17
|
* Add carp support for OpenVPN. Ticket #69pierrepomes2009-12-021-1/+7
|
* Add pfSense_BUILDER_BINARIES: and pfSense_MODULE: additionsScott Ullrich2009-09-121-2/+6
|
* Include certs.inc is needed by lookup_certs.Ermal Luçi2009-06-201-2/+1
|
* Remove filter_configure from openvpn.inc it just ends up in recursive calls.Ermal Luçi2009-06-181-5/+0
|
* Propperly fix openvpn parameter parsing.Ermal Luçi2009-05-071-2/+2
|
* Fix correction of openvpn parameters.Ermal Luçi2009-05-071-2/+2
|
* Modify the OpenVPN server configuration to allow the DH parameter lengthMatthew Grooms2008-09-091-1/+4
| | | | to be specified. Upgraded 1.2.x configurations will default to 1024 bits.
* Comment out the code that creates a dh-parameters file at boot time andMatthew Grooms2008-09-091-1/+3
| | | | | add three new static parameters files to the /etc directory. In the near term OpenVPN configurations will use the 2048 bit file.
* Correct a bug where we attempt to kill an OpenVPN process even though itsMatthew Grooms2008-09-081-13/+21
| | | | pid file does not exist.
* Revert the dh parameters generation back to 1024 bits. There were severalMatthew Grooms2008-09-081-1/+1
| | | | complaints that 2048 bit parameters took too long to generate.
* Log why we're writing a new config outBill Marquette2008-09-081-1/+1
|
* When restarting an OpenVPN process, don't send a term signal and expect itMatthew Grooms2008-09-071-5/+17
| | | | | | to exit within a fixed time frame of two seconds. The old process may take longer to exit and cause the new process creation to fail. Instead, check the process status every 1/4 seconds and only continue once it terminates.
* Minor re-work of OpenVPN configuration. Use operational modes to determineMatthew Grooms2008-09-061-84/+135
| | | | | | | | | | | | | | | | | | | | what configuration options are appropriate. The operational mode dictates the authentication method. They are defines as follows ... Peer to Peer ( SSL/TLS ) Peer to Peer ( Shared Key ) Remote Access ( SSL/TLS ) Remote Access ( User Auth ) Remote Access ( SSL/TLS + User Auth ) Some of these modes allow for user authentication using passwords. We now use the etc/inc/openvpn.auth-user.php file to facilitate this by checking the username and password supplied by OpenVPN against our centralized user database. The Server and Client user interfaces have also been updated to support TLS packet authentication. This is an additional security option that is optional.
* Correct the path for OpenVPN client specific configuration files. When theMatthew Grooms2008-09-041-3/+3
| | | | | directory creation moved to the rc script, the path name was changed from /var/etc/openvpn_csc to /var/etc/openvpn-csc. Update the code to match.
* Revert to the previous method of referencing OpenVPN device names in theMatthew Grooms2008-09-041-8/+14
| | | | | | | filter.inc file. We now specify the openvpn device name which is actually an os managed group. OpenVPN tap instances are added or removed from this group when OpenVPN configurations are created or destroyed. Portions of this patch were written by Ermal.
* Bump the system dh-parameters file to 2048 per request on dev@.Matthew Grooms2008-09-041-4/+4
|
* Correct problems with OpenVPN that prevented the lzo compression and passMatthew Grooms2008-09-031-1/+1
| | | | tos options from being set correctly in configuration files.
* Now that we are delaying the creation of OpenVPN dh parameters, it appearsMatthew Grooms2008-09-021-0/+1
| | | | we need an explicit call to write_config() to ensure the data is saved.
* Delay writing out the dh-parameters file if the paths have not yet beenMatthew Grooms2008-09-021-0/+6
| | | | | initialized by the rc scripts. I hope this will make the initial boot process more pleasant during install. If not, I will revert this commit.
* Don't create the standard OpenVPN paths in openvpn_resync_all(). These areMatthew Grooms2008-09-011-12/+0
| | | | now created during the bootup process.
* Ensure $g is populated by reading in globals.incScott Ullrich2008-08-311-0/+1
|
OpenPOWER on IntegriCloud