summaryrefslogtreecommitdiffstats
path: root/etc/inc/vpn.inc
Commit message (Collapse)AuthorAgeFilesLines
* Add missing fields for l2tp to define dns and wins serverssmos2011-04-131-2/+5
|
* Add a toggle under System > Advanced on the misc tab to enable/disable debug ↵jim-p2011-04-111-1/+2
| | | | mode for racoon.
* Fix the IPsec ping hosts file generation. This only worked for the lastsmos2011-03-161-1/+1
| | | | tunnel
* Use racoonctl now that ipsec-0.8 is back to reload the config.Ermal2011-03-071-3/+1
|
* Always write out the filterdns-ipsec.hosts file, otherwise deleted tunnels ↵smos2011-03-021-15/+15
| | | | | | will never get removed from the filterdns-ipsec.hosts
* Add a check that should prevent configuration of racoon with duplicate phase ↵smos2011-03-021-1/+4
| | | | 1 IP entries.
* Add more safeguards and IP address checkssmos2011-02-211-4/+4
|
* Do not resolve the hostname during boot, also make really sure we have a IP ↵smos2011-02-211-2/+3
| | | | address here.
* Prevent a empty remote gateway IP from ending up in the configsmos2011-02-211-0/+2
|
* Make sure to initialize the remote gateway IP variable so that it does not ↵smos2011-02-211-0/+1
| | | | end up with a broken config
* Do not resolve the dyndns hostnames during boot. With many tunnels that have ↵smos2011-02-111-2/+6
| | | | | | | | a hostname this can cause huge boot issues if the DNS server is slow or not responding at all. By skipping those but adding them to the DNS watchlist it should reload these later. This should allow the box to start up and forward packets.
* Fix typo (swapped parameters)jim-p2011-01-311-1/+1
|
* Fix typojim-p2011-01-311-1/+1
|
* Correct configuration file name.Ermal2011-01-291-1/+1
|
* Use filterdns instead of dnswatch which will be retired.Ermal2011-01-261-13/+14
|
* Actually use sigkillbypid.Ermal2011-01-051-1/+1
|
* Send a HUP to racoon which is equivalent to the reload-config racoonctl ↵Ermal2011-01-051-1/+3
| | | | command which seems to not work in 0.7.3 of ipsec-tools.
* Add radius port and radius accounting port to config if supplied.Ermal2010-12-281-1/+7
|
* Ticket #1116: anonymous sainfo may be used only for single phase2 ipsec VPN'sPierre POMES2010-12-281-2/+3
|
* Prevent other types of interface for being added to ng_ether(4). It might be ↵Ermal2010-12-221-2/+4
| | | | the cause of panics reported here http://forum.pfsense.org/index.php/topic,31404.0.html
* nuke trailing carriage returnsScott Ullrich2010-12-221-1/+1
|
* Do not attach ng_etther(4) to every system interface. Instead do a search if ↵Ermal2010-12-171-0/+15
| | | | netgraph is needed on single/every interface during interface configuration. Also enable netgraph support for interface as needed when enabling pptp/l2tp/pppoe/... . This should prevent the netgraph queue to slow down network performance on fast links.
* Some IPsec mobile changes to inch a little closer to working L2TP+IPsec. ↵jim-p2010-12-101-13/+20
| | | | Ticket #475
* Only print "sainfo anonymous" also for xauth-psk setups. See ↵jim-p2010-12-081-2/+5
| | | | http://forum.pfsense.org/index.php/topic,29164.msg157864.html#msg157864
* Do the setting earlier to not miss any code and make ipsec not work.Ermal2010-12-061-2/+2
|
* Remove trailing carriage returnScott Ullrich2010-11-101-1/+2
|
* Activate code to allow ipsec to work normally.Ermal2010-11-031-2/+2
|
* More VPN log fixes, for consistency. Ticket #912jim-p2010-11-021-6/+6
|
* Fix typo (standart -> standard)jim-p2010-11-021-2/+2
|
* Switch to a unified vpn-linkup and vpn-linkdown.jim-p2010-11-021-6/+6
|
* Fix l2tp interface naming. Fixes #985jim-p2010-11-021-1/+1
|
* Use individual linkdown scripts.jim-p2010-11-011-3/+3
|
* Rename 'name' to 'descr' for CA, Certificates, and CRLs, to gain CDATA ↵jim-p2010-10-191-3/+3
| | | | protection and standardize field names. Ticket #320.
* Fix racoon.conf generation for localid_type=address. Ticket #936pierrepomes2010-10-051-4/+6
|
* Add contributed patch to allow certain IPsec mobile clients to save Xauth ↵jim-p2010-10-051-0/+3
| | | | passwords. Fixes #933.
* DNSWatch core dumps when it encounters white spaces.Warren Baker2010-09-231-1/+1
|
* Properly check and set "Prefer older IPsec SAs" setting in the config and ↵jim-p2010-09-221-4/+8
| | | | its associated sysctl. Move setting the sysctl to its own function to avoid code duplication.
* Actually decode before writing to mpd.secret. Alos correct variable names. ↵Ermal2010-09-031-1/+1
| | | | Discovered-by: Efonne(IRC)
* Make possible to run multiple instances of pppoe server. Not yet switched to ↵Ermal2010-09-021-40/+43
| | | | mpd4.
* CA/CERT Movejim-p2010-09-011-2/+2
|
* also include split_dns, as Cisco VPN clients won't query across the VPN ↵Chris Buechler2010-09-011-2/+4
| | | | without it.
* Fix spelling error. Thanks-to: wagnoza (IRC)Ermal2010-08-311-1/+1
|
* Do proper checking on the interval used for dnswatch. Otherwise might pass ↵Ermal2010-08-311-1/+1
| | | | wrong parameters to dnswatch.
* Fix some PPPoE server radius variable references. Fixes #853.jim-p2010-08-271-3/+3
|
* Let the user choose the IPsec CA instead of assuming.jim-p2010-08-131-1/+1
|
* Only write out the CA if one exists.jim-p2010-08-131-9/+11
|
* Flip this checkjim-p2010-08-131-2/+2
|
* When using a certificate for IPsec, also write out and reference the ↵jim-p2010-08-131-0/+15
| | | | certificate's CA.
* Honor a phase 1 proposal_check if one is set, otherwise use the default.jim-p2010-08-131-2/+2
|
* Resolves #815. Do not add protection rules if lan interface has no ip.Ermal2010-08-101-5/+7
|
OpenPOWER on IntegriCloud