Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Introduce a new and improved version of IPsec mobile client support. The | Matthew Grooms | 2008-07-13 | 1 | -62/+161 |
| | | | | | | | mobile client tab is now used to configure user authentication (Xauth) and client configuration (mode-cfg) options. User authentication is currently limited to system password file entries. This will be extended to support external RADIUS and LDAP account DBs in a follow up comiit. | ||||
* | Overhaul IPsec related code. Shared functions have been consolidated into | Matthew Grooms | 2008-07-11 | 1 | -411/+453 |
| | | | | | | | | | | | | | | a new file named /etc/ipsec.inc. Tunnel definitions have been split into phase1 and phase2. This allows any number of phase2 definitions to be created for a single phase1 definition. Several facets of configuration have also been improved. The key size for variable length algorithms can now be selected and the phase1 ID options have been extended to allow for more flexible configuration. Several NAT-T related issues have also been resolved. Please note, IPsec remote access functionality has been temporarily disabled. An improved implementation will be included in a follow up commit. | ||||
* | Correct setkey path to correct usr local sbin location. | Seth Mos | 2008-07-04 | 1 | -10/+10 |
| | |||||
* | PPPoE server fixes. Patch submitted by Ermal. | Scott Ullrich | 2008-06-30 | 1 | -9/+8 |
| | |||||
* | Update binary to use mpd4 | Scott Ullrich | 2008-06-20 | 1 | -3/+3 |
| | |||||
* | Get correct interface list. | Ermal Luçi | 2008-06-19 | 1 | -2/+2 |
| | |||||
* | Interface list improvements. | Ermal Luçi | 2008-06-18 | 1 | -2/+3 |
| | |||||
* | The physical interface must be passed to find_interface_ip() | Chris Buechler | 2008-06-07 | 1 | -1/+2 |
| | | | | this was breaking the racoon.conf for OPT WAN IPsec when interface is not statically addressed | ||||
* | Correctly process non carp interfaces | Seth Mos | 2008-06-06 | 1 | -1/+5 |
| | |||||
* | Correctly update static routes on change | Seth Mos | 2008-06-06 | 1 | -9/+16 |
| | |||||
* | Make the vpn configuration add static routes on interfaces other then WAN. | Seth Mos | 2008-06-05 | 1 | -0/+15 |
| | | | | link_carp_interface_to_parent() now correctly returns parent interface instead of always WAN. | ||||
* | Start PPTPD. | Scott Ullrich | 2008-05-19 | 1 | -1/+1 |
| | |||||
* | Start MPD correctly on newer mpd | Scott Ullrich | 2008-05-19 | 1 | -1/+1 |
| | |||||
* | Fix mpd startup | Scott Ullrich | 2008-05-19 | 1 | -1/+1 |
| | |||||
* | Unbreak racoon | Scott Ullrich | 2008-05-19 | 1 | -6/+2 |
| | |||||
* | Do not quote an empty string when the DN identifier is blank. | Scott Ullrich | 2008-05-17 | 1 | -2/+10 |
| | | | | Obtained-from: m0n0wall | ||||
* | Bump dpd from 20 to 120 | Seth Mos | 2008-04-10 | 1 | -2/+2 |
| | |||||
* | Use DPD and frag support we already have | Seth Mos | 2008-04-05 | 1 | -0/+4 |
| | |||||
* | Send extra sighup after starting | Seth Mos | 2008-04-01 | 1 | -0/+6 |
| | |||||
* | Pass -c along to mpd | Scott Ullrich | 2008-03-22 | 1 | -1/+1 |
| | |||||
* | With the current Racoon we need to inform that we are reloading our SPD | Seth Mos | 2008-02-05 | 1 | -0/+4 |
| | | | | entries with a SIGHUP | ||||
* | Update to racoon-0.7-cvs with Timo Teras patches. | Seth Mos | 2008-02-01 | 1 | -14/+4 |
| | | | | Use setkey -f because spd loading works normally now. | ||||
* | attempt loading SPD entries 4 times | Seth Mos | 2008-01-15 | 1 | -2/+2 |
| | |||||
* | Somehow sending a SIGHUP before flushing and reloading works better then | Seth Mos | 2008-01-15 | 1 | -4/+6 |
| | | | | after. Technically a SIGHUP to racoon should not do anything. | ||||
* | Flush both SA and SPD entries | Seth Mos | 2008-01-15 | 1 | -0/+1 |
| | |||||
* | repair logic I think. Can we please use more curlies? | Seth Mos | 2008-01-14 | 1 | -4/+4 |
| | |||||
* | Make 3 passes at loading the SPD entries as this will fail on large ↵ | Seth Mos | 2008-01-14 | 1 | -27/+31 |
| | | | | | | configurations > 250 tunnels. Tested by smos@ 399 tunnels, 239 active, ok by sullrich@ | ||||
* | touch up text | Chris Buechler | 2008-01-08 | 1 | -2/+2 |
| | | | | Ticket #1569 | ||||
* | freeradius and pptp changes by forum-user 'cybrsrfr' | Martin Fuchs | 2007-12-21 | 1 | -1/+8 |
| | |||||
* | Adding dnswatch support. | Scott Ullrich | 2007-12-17 | 1 | -367/+557 |
| | | | | Obtained-from: m0n0wall | ||||
* | IPSEC keep alive pinger using the wrong source IP address | Scott Ullrich | 2007-11-05 | 1 | -8/+8 |
| | | | | Ticket #1482 | ||||
* | Adding keep alive host to IPsec causes warning in webGUI | Scott Ullrich | 2007-11-01 | 1 | -1/+1 |
| | | | | Ticket #1509 | ||||
* | Ticket #1482 - set the source to an interface that is inside the subnet ↵ | Bill Marquette | 2007-10-19 | 1 | -3/+10 |
| | | | | definition | ||||
* | Sync NATT support from m0n0wall | Scott Ullrich | 2007-08-04 | 1 | -0/+6 |
| | |||||
* | Unbreak IPSEC, correct pathnames | Seth Mos | 2007-07-08 | 1 | -6/+6 |
| | |||||
* | Fix loading and reloading config for IPSEC. | Seth Mos | 2007-07-04 | 1 | -16/+18 |
| | | | | MFC: Possible candidate, works for seth. Needs test. | ||||
* | Add ASN1DN identities support to IPSEC. Subbmitted-by: Nic Bernstein ↵ | Scott Ullrich | 2007-06-30 | 1 | -1/+10 |
| | | | | <nic_AT_onlight.com> | ||||
* | use killall | Scott Ullrich | 2007-06-02 | 1 | -1/+1 |
| | |||||
* | * Flush SPD's on reload * Kilall -HUP racoon if its already running since ↵ | Scott Ullrich | 2007-06-02 | 1 | -6/+4 |
| | | | | racoonctl is brokie brokie | ||||
* | * Remove path from racoon grep * Remove [r] from racoon and simply grep for ↵ | Scott Ullrich | 2007-06-02 | 1 | -1/+1 |
| | | | | racoon | ||||
* | Correct ps location | Scott Ullrich | 2007-06-02 | 1 | -1/+1 |
| | |||||
* | Remove trailing space / cr | Scott Ullrich | 2007-05-27 | 1 | -1/+1 |
| | |||||
* | Commit forgotten vpn_ipsec_force_reload() | Seth Mos | 2007-05-20 | 1 | -0/+35 |
| | |||||
* | Do not flush SPA and SPD before starting. It upsets racoon. | Seth Mos | 2007-05-11 | 1 | -4/+5 |
| | |||||
* | Rework stop and start logic. If we are already alive, reload instead of stop ↵ | Seth Mos | 2007-05-10 | 1 | -11/+27 |
| | | | | | | and start. Tested by Seth. | ||||
* | further changes to 1.3 for pppoe server and pptp server. added to gui add ↵ | Scott Ullrich | 2007-05-04 | 1 | -20/+34 |
| | | | | radius acct and auth ports add acct update in seconds option for external radius servers add backup radius server changes rearranges xml for better use moved radius specific features inside tags added options for additional server above 2 miner bug fixes Ticket #1306 | ||||
* | Switch over to mpd4 Code-submitted-by: alan_AT_radiowave.ie | Scott Ullrich | 2007-04-29 | 1 | -64/+125 |
| | |||||
* | PPPoE server fixes | Scott Ullrich | 2007-04-27 | 1 | -1/+1 |
| | | | | Ticket #1283 | ||||
* | Add link_carp_interface_to_parent() function | Scott Ullrich | 2007-03-20 | 1 | -0/+7 |
| | |||||
* | Allow CARP addresses to be the IPSEC endpoint. This cleans up the code ↵ | Scott Ullrich | 2007-03-18 | 1 | -41/+9 |
| | | | | GREATLY and removes the FAILOVER IPSEC hack. |