summaryrefslogtreecommitdiffstats
path: root/etc/inc/vpn.inc
Commit message (Collapse)AuthorAgeFilesLines
* Oops this should be 0s rather than 00. Linked with Ticket #4158Ermal2014-12-301-4/+4
|
* Check for fqdn peerid/myids and prepend @ so strongswan does not try to be ↵Ermal LUÇI2014-12-301-5/+13
| | | | smart. Also use %any for myid instead of risking of putting the wrong value in the secrets file for traffic selector
* Use base64 encoded secrets which Fixes #4158Ermal LUÇI2014-12-301-4/+4
|
* Correct dashboard with new ipsec generationErmal LUÇI2014-12-221-1/+1
|
* Create a separate connection for IKEv1 with multiple phase2 definitions.Ermal LUÇI2014-12-221-40/+64
|
* Correct the leftsubnet specification for transport mode.Ermal LUÇI2014-12-191-1/+1
|
* Heh remove debugging codeErmal LUÇI2014-12-191-1/+0
|
* Ooops fix this identation on final configErmal LUÇI2014-12-191-13/+13
|
* Just whitespace save from removing a useless else { branchErmal LUÇI2014-12-191-597/+599
|
* include $myid in these PSK lines. Ticket #4126Chris Buechler2014-12-181-3/+3
|
* Give the proper value for the logging level since even 0 is the correct ↵Ermal LUÇI2014-12-171-1/+1
| | | | value coming from GUI.
* Make sure this message is only displayed on consoleRenato Botelho2014-12-101-1/+2
|
* Proper fix was put on f658bacErmal LUÇI2014-12-041-1/+2
| | | | | | Revert "Can't skip this if booting, ends up breaking config. Ticket #4071" This reverts commit effb3a3cfe4e57b781f35ba8a145eb627014d8ce.
* Can't skip this if booting, ends up breaking config. Ticket #4071Chris Buechler2014-12-031-2/+1
|
* Only set i_dont_care_about_security_and_use_aggressive_mode_psk=yes where ↵Chris Buechler2014-11-291-4/+10
| | | | there is a P1 with aggressive+PSK enabled. Log a warning when such a configuration is in use.
* Rather than set the g['booting'] on globals provide a function to test for ↵Ermal LUÇI2014-11-261-9/+9
| | | | that doing the right checks
* Ooops do the right things for a correct config and php syntaxErmal LUÇI2014-11-251-1/+1
|
* Put the aggressive line only during ikev1 configsErmal LUÇI2014-11-251-1/+2
|
* clean up tabs in strongswan.confChris Buechler2014-11-211-15/+15
|
* Matching bracket in vpn.incPhil Davis2014-11-191-1/+1
| | | Reported forum https://forum.pfsense.org/index.php?topic=84322.0
* Ticket #3987. Strongswan support autodetection of IKE version exchange. ↵Ermal2014-11-191-3/+6
| | | | Support this by allowing an auto version in the GUI.
* Ticket #3809 use the setting with number rather than string since the parser ↵Ermal2014-11-191-1/+1
| | | | of attr plugin understands only numbers. Reported on: https://forum.pfsense.org/index.php?topic=84304.0
* Fix the generation of certificates for rsa type. strpos returns the pos as 0 ↵Ermal2014-11-171-1/+1
| | | | for rsasig but it php considers that as false anyhow
* Oops wrong choice the checkbox is only for javascriptErmal2014-11-121-1/+1
|
* Remove redundant code and check for dpd_enable checkbox to be setErmal2014-11-121-3/+2
|
* Use leftcert for more options on IPsec authenticationErmal2014-11-111-0/+6
|
* Fixes #3995. Do not set rightsourceip on site-to-site VPNs but only on ↵Ermal2014-11-071-1/+1
| | | | mobile users ones otherwise nothing works.
* Reload also the configuration not only the secrets before trying to apply ↵Ermal2014-11-071-0/+1
| | | | existing configuration. Ticket #3981
* fix text, PPPoE Server, not VPNChris Buechler2014-11-061-1/+1
|
* set install_routes=no for charon to avoid the issues noted in ticketChris Buechler2014-11-061-1/+2
|
* use tabs rather than spaces, as most of this already did.Chris Buechler2014-11-041-8/+6
|
* fix invalid ipsec.confChris Buechler2014-11-041-1/+1
|
* Restore 3 values back on NAT-T settings Just Enable now its Auto as per ↵Ermal2014-11-041-3/+5
| | | | strongswan default. and off disabled mobike. Ticket #3979
* Properly configure NAT Tranversal setting.Ermal2014-11-011-21/+28
|
* Remove debugging codeErmal2014-11-011-3/+1
|
* Allow accept_unencrypted_mainmode_messages to be enabled if neededErmal2014-10-301-0/+5
|
* Enable unity plugin as per request from ↵Ermal2014-10-241-3/+2
| | | | https://forum.pfsense.org/index.php?topic=79737.msg452808#msg452808
* This really does not need the =Ermal2014-09-121-1/+1
|
* Ooops restore thisErmal2014-09-121-1/+1
|
* Inverse the sense of the toggles to avoid configuration upgradesErmal2014-09-121-4/+4
|
* Actually use the new togglesErmal2014-09-121-2/+11
|
* Provide a first implementation of EAP-TLS authentication with IKEv2. It is a ↵Ermal2014-09-121-42/+40
| | | | start and might not work on all cases
* Make this work properly and not throw out errors.Ermal2014-09-121-1/+1
|
* Put some tuning on number of half open connection possible in one time.Ermal2014-09-101-0/+1
|
* Provide some parallellizm on the IKESA lookups for heavy loaded boxes.Ermal2014-09-101-0/+2
|
* Actually roll this back since it was a testing glitchErmal2014-09-101-3/+3
|
* Correct generating loglevels for startup through ipsec.confErmal2014-09-091-2/+2
|
* Blah unconditionally set rightsourceip per ↵Ermal2014-09-091-3/+4
| | | | https://forum.pfsense.org/index.php?topic=80300.0 Until pools can be supported properly.
* Correct processing and assignment on ikeid variable so it does the right thingErmal2014-08-181-5/+5
|
* Allow HASH algorithms to be empty for phase2 in case the encryption one is ↵Ermal2014-08-181-9/+27
| | | | AES-GCM
OpenPOWER on IntegriCloud