Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add an option to verify peers_identifier when it's ASN.1 distinguished name. ↵ | Renato Botelho | 2014-02-28 | 1 | -0/+4 |
| | | | | It should fix #2904 | ||||
* | Remove SPD when disable phase2, it fixes #2719 | Renato Botelho | 2013-09-03 | 1 | -1/+1 |
| | |||||
* | Delete old route for remote gateway when its IP changes. It fixes #3155 | Renato Botelho | 2013-08-22 | 1 | -0/+3 |
| | |||||
* | Don't print this message for a mobile IPsec setup. It's normal for it to not ↵ | jim-p | 2013-08-06 | 1 | -1/+4 |
| | | | | have an endpoint, and not worth spamming the log about. | ||||
* | Also consider 0.0.0.0/0 here since it fails on is_subnet() but is a ↵ | Renato Botelho | 2013-06-04 | 1 | -1/+1 |
| | | | | valid/special config. Fixes #3016 | ||||
* | vpn.inc calls functions from ipsec.inc but doesn't actually include it in ↵ | jim-p | 2013-06-03 | 1 | -0/+2 |
| | | | | all cases where it's needed. | ||||
* | Remove unecessary if | Renato Botelho | 2013-05-22 | 1 | -14/+12 |
| | |||||
* | This didn't fix anything, made another syntax error. Revert "Seems to be ↵ | jim-p | 2013-05-16 | 1 | -1/+1 |
| | | | | | | missing a semicolon here." This reverts commit 47a24491e2ea07a19d360d29325c1780652026a4. | ||||
* | Seems to be missing a semicolon here. | jim-p | 2013-05-16 | 1 | -1/+1 |
| | |||||
* | Fix indent and whitespace | Renato Botelho | 2013-05-15 | 1 | -41/+40 |
| | |||||
* | Make return value of vpn_ipsec_configure() have a meaning when ipsec is ↵ | Ermal | 2013-04-22 | 1 | -3/+3 |
| | | | | enabled. This can be used to detect if there are dynamic hostnames on ipsec policies | ||||
* | Only reload racoon when there is at least one tunnel enabled on the ↵ | Renato Botelho | 2013-04-04 | 1 | -3/+16 |
| | | | | interface used to call rc.newwanip(v6). It fixes #2922 | ||||
* | Fix #2818. Last change didn't work, it needs to be one more step out of the ↵ | Renato Botelho | 2013-02-16 | 1 | -2/+2 |
| | | | | loop. | ||||
* | Fix #2818. Save information about all phase1 on ipsecpinghosts instead of ↵ | Renato Botelho | 2013-02-15 | 1 | -2/+2 |
| | | | | only the last one | ||||
* | Remove redundant variable | bcyrill | 2013-02-12 | 1 | -1/+0 |
| | |||||
* | Properly generate all address data based on configuration selected | Ermal | 2013-02-11 | 1 | -23/+18 |
| | |||||
* | Kill filterdns when not being used | bcyrill | 2013-02-02 | 1 | -1/+3 |
| | |||||
* | Update etc/inc/vpn.inc | bcyrill | 2013-01-22 | 1 | -28/+33 |
| | | | | | There's no need to create a spd.conf.reload file if it's empty. Phase 1 entries for mobile clients are not handled by this function, thus exclude them. Their SPD have a limited lifetime anyway. | ||||
* | Delete SPDs when an IPSec tunnel is deleted. | Rafael Abdo | 2013-01-09 | 1 | -0/+51 |
| | | | | | | | | - Add new function to delete SPDs (see 'remove_tunnel_spd_policy($phase1,$phase2)' on vpn.inc) - Change vpn_ipsec.php to delete SPDs on phase 2 and phase 1. - Change the method GET to delete phase 2 (needs to inform which is the phase 1) It should fix #2719. | ||||
* | Tell filterdns to reload the config rather than restart if its running | Ermal | 2013-01-02 | 1 | -3/+6 |
| | |||||
* | Also consider 0.0.0.0/0 here since it fails both these tests but is still a ↵ | jim-p | 2012-12-07 | 1 | -1/+1 |
| | | | | valid/special config. | ||||
* | If the old configuration is present there use the new one for local users | Ermal | 2012-12-06 | 1 | -0/+2 |
| | |||||
* | Fix location of banner file for ipsec and also sprinkle some unset to avoid ↵ | Ermal | 2012-11-21 | 1 | -6/+22 |
| | | | | php keeping data in memory | ||||
* | Correct path even for generated certs for ipsec | Ermal | 2012-11-20 | 1 | -3/+3 |
| | |||||
* | Correct path to certificates as well | Ermal | 2012-11-17 | 1 | -1/+1 |
| | |||||
* | Corrected racoon path to psk.txt. | caseyr232 | 2012-11-17 | 1 | -2/+2 |
| | | | "path pre_shared_key \"{$g['varetc_path']}/psk.txt\";\n\n"; is incorrected, ammended to "path pre_shared_key \"{$g['varetc_path']}/ipsec/psk.txt\";\n\n"; | ||||
* | Remove none per Jim since it is confusing | Ermal | 2012-11-15 | 1 | -1/+1 |
| | |||||
* | Allow other system authentication types to be used with ipsec. ↵ | Ermal | 2012-11-14 | 1 | -126/+75 |
| | | | | LDAP/RADIUS/local acc | ||||
* | Fixes #2394. If an entry of 0.0.0.0/0 is configured than use the first ↵ | Ermal | 2012-10-30 | 1 | -2/+4 |
| | | | | interface ip matching. Also do a microptimization to not retrieve the interface list every ping host entry | ||||
* | Fixes #2300. Take into consideration ip aliases on carp | Ermal | 2012-10-30 | 1 | -5/+8 |
| | |||||
* | Fixes #2300. Add static route even for ip aliases selected to avoid issues. | Ermal | 2012-10-30 | 1 | -1/+4 |
| | |||||
* | Use a proposal check value of obey for all mobile, not just pure-PSK. (The ↵ | jim-p | 2012-10-22 | 1 | -1/+1 |
| | | | | docs recommend setting this, may as well make it the default) | ||||
* | Correct the config generation | Ermal | 2012-10-05 | 1 | -3/+2 |
| | |||||
* | config.xml might have some elusive data so do not fail sainfo section for ↵ | Ermal | 2012-10-05 | 1 | -8/+6 |
| | | | | localside if there is an empty nat address. Just do not put the nat side in there | ||||
* | Correctly build the sainfo to avoid errors | Ermal | 2012-10-05 | 1 | -5/+5 |
| | |||||
* | Use .= for strings rather than += | jim-p | 2012-10-05 | 1 | -4/+4 |
| | |||||
* | Add a NAT entry for configuring NAT on ipsec phase2. It will add nat rules ↵ | Ermal | 2012-10-04 | 1 | -3/+29 |
| | | | | on enc interface | ||||
* | Add forgotten part of the IPsec split dns fix from yesterday | jim-p | 2012-09-27 | 1 | -1/+8 |
| | |||||
* | Ticket #2635: during ipsec reload, do not generate spd for disabled ph1 | Pierre POMES | 2012-09-25 | 1 | -8/+10 |
| | |||||
* | Don't add ldapcfg to racoon.conf since we're not using racoon's built-in ↵ | jim-p | 2012-09-06 | 1 | -24/+27 |
| | | | | LDAP support now. Moving to external script-based auth, see ticket #1112 | ||||
* | Restructure these IP/subnet tests so they don't break transport mode. | jim-p | 2012-08-27 | 1 | -5/+5 |
| | |||||
* | Fixes #2364. On busy pppoe servers it might take some time before mpd exits. ↵ | Ermal | 2012-05-23 | 1 | -0/+4 |
| | | | | Check for this before trying to restart | ||||
* | Make sure that we match multiple characters. | smos | 2012-05-22 | 1 | -1/+1 |
| | | | | Ticket #2415 | ||||
* | First round of CARP vip renaming changes | smos | 2012-05-22 | 1 | -1/+1 |
| | | | | Ticket #2415 | ||||
* | routes should not be skipped when IPsec is on WAN, as WAN may not be the ↵ | Chris Buechler | 2012-04-23 | 1 | -3/+2 |
| | | | | default gateway. | ||||
* | this is only valid in mpd5 (really?...) Revert "RADIUS accounting updates ↵ | Chris Buechler | 2012-04-11 | 1 | -2/+0 |
| | | | | | | are needed for PPPoE and L2TP too" This reverts commit 02b14dcb49da8dc278e87785bb3f811336bf1fd0. | ||||
* | RADIUS accounting updates are needed for PPPoE and L2TP too | Chris Buechler | 2012-04-11 | 1 | -0/+2 |
| | |||||
* | Don't let an empty subnet into racoon.conf, it can cause parse errors. ↵ | jim-p | 2012-02-14 | 1 | -0/+9 |
| | | | | Ticket #2201 | ||||
* | Fix reference to PPTP secondary RADIUS server shared secret. | jim-p | 2012-02-13 | 1 | -1/+1 |
| | | | | See http://forum.pfsense.org/index.php/topic,46103.0/topicseen.html | ||||
* | Only do foreach on the p2's if it's actually an array. | jim-p | 2012-01-31 | 1 | -40/+39 |
| |