Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Various fixes to usage of ip2long, long2ip, and negated subnet masks, mostly ↵ | Erik Fonnesbeck | 2010-05-20 | 1 | -9/+9 |
| | | | | affecting 64-bit. Ticket #459 | ||||
* | Revert "Allow the user to override OpenVPN interface name in custom options ↵ | jim-p | 2010-05-17 | 1 | -37/+21 |
| | | | | | | (e.g. dev tap99 or dev tun99) and set related options appropriately. ticket #482 Item 2a/2b." - Revert for now, may cause more issues than it fixes. This reverts commit be58c36ded298a1cb7a0eac40cd2edd62908d882. | ||||
* | Allow the user to override OpenVPN interface name in custom options (e.g. ↵ | jim-p | 2010-05-17 | 1 | -21/+37 |
| | | | | dev tap99 or dev tun99) and set related options appropriately. ticket #482 Item 2a/2b. | ||||
* | Add scpecific scripts for when ovpn goes up and down so we get neccessary ↵ | Ermal | 2010-05-07 | 1 | -2/+2 |
| | | | | values for used in varius areas of pfSense. TODO is find out how to get DNS info form openvpn. | ||||
* | Add client-to-client to OpenVPN server config if the option is checked. ↵ | jim-p | 2010-05-06 | 1 | -0/+3 |
| | | | | Resolves #572. | ||||
* | Use nobind for OVPN client when no local port and/or no local interface is ↵ | pierrepomes | 2010-04-29 | 1 | -3/+5 |
| | | | | requested. Ticket #282 | ||||
* | Fix typo in comment | pierrepomes | 2010-04-27 | 1 | -1/+1 |
| | |||||
* | Move these functions to a more central location. Part of ticket #496 | jim-p | 2010-04-27 | 1 | -0/+163 |
| | |||||
* | Ticket #474. Properly check for disabled openvpn configs. | Ermal | 2010-04-27 | 1 | -3/+3 |
| | |||||
* | Ticket #449. Teach OpenVPN to reload only tunnels for the specified ↵ | Ermal | 2010-03-29 | 1 | -5/+13 |
| | | | | interface. Use this is rc.newwanip script to reload only these tunnels. | ||||
* | Fix local and nobind for client settings | Ermal | 2010-03-12 | 1 | -1/+2 |
| | |||||
* | Ticket #413. Hanlde cases when no authentication is specified. | Ermal Luçi | 2010-03-10 | 1 | -12/+14 |
| | |||||
* | Ignore chmod errors for files that do not exist. | Ermal Luçi | 2010-03-04 | 1 | -5/+5 |
| | |||||
* | Add tls-auth to server even when authenticating in user/pass mode. | Ermal Luçi | 2010-03-03 | 1 | -12/+3 |
| | |||||
* | Do not include tls-auth on authentication based only on user/pass. | Ermal Luçi | 2010-03-03 | 1 | -5/+20 |
| | |||||
* | Allow openvpn server to authenticate only based on username/password ↵ | Ermal Luçi | 2010-03-02 | 1 | -2/+2 |
| | | | | credentials. | ||||
* | Allow the GUI auth API to be used for doing authentication against ↵ | Ermal Luçi | 2010-03-02 | 1 | -9/+13 |
| | | | | authentication servers specified. Teach Openvpn to use this API. Allow openvpn to authenticate against multiple servers that can be selected on the server configuration page. | ||||
* | Allow the authentication scripts to detect configuration changes. Allow ↵ | Ermal Luçi | 2010-03-02 | 1 | -21/+1 |
| | | | | multiple OUs to be specified on basedn. | ||||
* | Use 0 when configuring tls-auth in server. | Ermal Luçi | 2010-03-01 | 1 | -2/+7 |
| | |||||
* | Correct script used for OpenVPN authentication to actually work. | Ermal Luçi | 2010-03-01 | 1 | -4/+11 |
| | |||||
* | Include missing quotes. | Ermal Luçi | 2010-02-25 | 1 | -7/+7 |
| | |||||
* | Add support for authenticating users against server specified in the ↵ | Ermal Luçi | 2010-02-24 | 1 | -1/+23 |
| | | | | system->user manager->servers for openvpn. While there propperly fill the shared secret field for raidus in the servers page. | ||||
* | Add proxy authentication capabilities to OpenVPN client. | Ermal Luçi | 2010-02-23 | 1 | -2/+10 |
| | |||||
* | Add statistics for OpenVPN client instances | pierrepomes | 2010-02-16 | 1 | -1/+4 |
| | |||||
* | Feature #248. Ticket #248. Merge patch from Antonio No to add tap device ↵ | Ermal Luçi | 2010-02-05 | 1 | -5/+13 |
| | | | | type to OpenVPN. | ||||
* | fix openvpn user auth. thanks to thompsa@ for finding fix | Chris Buechler | 2009-12-30 | 1 | -1/+1 |
| | |||||
* | Apparently OpenVPN 2.1 requires setting "script-security 2" to run given the ↵ | jim-p | 2009-12-29 | 1 | -0/+1 |
| | | | | other options we currently employ. | ||||
* | Use get_interface_ip instead of a manual shell_exec(ifconfig). Ticket #69 | pierrepomes | 2009-12-10 | 1 | -5/+1 |
| | |||||
* | Add IP alias and 'any' support to OpenVPN. Feedback #69 | pierrepomes | 2009-12-10 | 1 | -11/+17 |
| | |||||
* | Add carp support for OpenVPN. Ticket #69 | pierrepomes | 2009-12-02 | 1 | -1/+7 |
| | |||||
* | Add pfSense_BUILDER_BINARIES: and pfSense_MODULE: additions | Scott Ullrich | 2009-09-12 | 1 | -2/+6 |
| | |||||
* | Include certs.inc is needed by lookup_certs. | Ermal Luçi | 2009-06-20 | 1 | -2/+1 |
| | |||||
* | Remove filter_configure from openvpn.inc it just ends up in recursive calls. | Ermal Luçi | 2009-06-18 | 1 | -5/+0 |
| | |||||
* | Propperly fix openvpn parameter parsing. | Ermal Luçi | 2009-05-07 | 1 | -2/+2 |
| | |||||
* | Fix correction of openvpn parameters. | Ermal Luçi | 2009-05-07 | 1 | -2/+2 |
| | |||||
* | Modify the OpenVPN server configuration to allow the DH parameter length | Matthew Grooms | 2008-09-09 | 1 | -1/+4 |
| | | | | to be specified. Upgraded 1.2.x configurations will default to 1024 bits. | ||||
* | Comment out the code that creates a dh-parameters file at boot time and | Matthew Grooms | 2008-09-09 | 1 | -1/+3 |
| | | | | | add three new static parameters files to the /etc directory. In the near term OpenVPN configurations will use the 2048 bit file. | ||||
* | Correct a bug where we attempt to kill an OpenVPN process even though its | Matthew Grooms | 2008-09-08 | 1 | -13/+21 |
| | | | | pid file does not exist. | ||||
* | Revert the dh parameters generation back to 1024 bits. There were several | Matthew Grooms | 2008-09-08 | 1 | -1/+1 |
| | | | | complaints that 2048 bit parameters took too long to generate. | ||||
* | Log why we're writing a new config out | Bill Marquette | 2008-09-08 | 1 | -1/+1 |
| | |||||
* | When restarting an OpenVPN process, don't send a term signal and expect it | Matthew Grooms | 2008-09-07 | 1 | -5/+17 |
| | | | | | | to exit within a fixed time frame of two seconds. The old process may take longer to exit and cause the new process creation to fail. Instead, check the process status every 1/4 seconds and only continue once it terminates. | ||||
* | Minor re-work of OpenVPN configuration. Use operational modes to determine | Matthew Grooms | 2008-09-06 | 1 | -84/+135 |
| | | | | | | | | | | | | | | | | | | | | what configuration options are appropriate. The operational mode dictates the authentication method. They are defines as follows ... Peer to Peer ( SSL/TLS ) Peer to Peer ( Shared Key ) Remote Access ( SSL/TLS ) Remote Access ( User Auth ) Remote Access ( SSL/TLS + User Auth ) Some of these modes allow for user authentication using passwords. We now use the etc/inc/openvpn.auth-user.php file to facilitate this by checking the username and password supplied by OpenVPN against our centralized user database. The Server and Client user interfaces have also been updated to support TLS packet authentication. This is an additional security option that is optional. | ||||
* | Correct the path for OpenVPN client specific configuration files. When the | Matthew Grooms | 2008-09-04 | 1 | -3/+3 |
| | | | | | directory creation moved to the rc script, the path name was changed from /var/etc/openvpn_csc to /var/etc/openvpn-csc. Update the code to match. | ||||
* | Revert to the previous method of referencing OpenVPN device names in the | Matthew Grooms | 2008-09-04 | 1 | -8/+14 |
| | | | | | | | filter.inc file. We now specify the openvpn device name which is actually an os managed group. OpenVPN tap instances are added or removed from this group when OpenVPN configurations are created or destroyed. Portions of this patch were written by Ermal. | ||||
* | Bump the system dh-parameters file to 2048 per request on dev@. | Matthew Grooms | 2008-09-04 | 1 | -4/+4 |
| | |||||
* | Correct problems with OpenVPN that prevented the lzo compression and pass | Matthew Grooms | 2008-09-03 | 1 | -1/+1 |
| | | | | tos options from being set correctly in configuration files. | ||||
* | Now that we are delaying the creation of OpenVPN dh parameters, it appears | Matthew Grooms | 2008-09-02 | 1 | -0/+1 |
| | | | | we need an explicit call to write_config() to ensure the data is saved. | ||||
* | Delay writing out the dh-parameters file if the paths have not yet been | Matthew Grooms | 2008-09-02 | 1 | -0/+6 |
| | | | | | initialized by the rc scripts. I hope this will make the initial boot process more pleasant during install. If not, I will revert this commit. | ||||
* | Don't create the standard OpenVPN paths in openvpn_resync_all(). These are | Matthew Grooms | 2008-09-01 | 1 | -12/+0 |
| | | | | now created during the bootup process. | ||||
* | Ensure $g is populated by reading in globals.inc | Scott Ullrich | 2008-08-31 | 1 | -0/+1 |
| |