summaryrefslogtreecommitdiffstats
path: root/etc/inc
Commit message (Collapse)AuthorAgeFilesLines
* Minor re-work of OpenVPN configuration. Use operational modes to determineMatthew Grooms2008-09-063-84/+231
| | | | | | | | | | | | | | | | | | | | what configuration options are appropriate. The operational mode dictates the authentication method. They are defines as follows ... Peer to Peer ( SSL/TLS ) Peer to Peer ( Shared Key ) Remote Access ( SSL/TLS ) Remote Access ( User Auth ) Remote Access ( SSL/TLS + User Auth ) Some of these modes allow for user authentication using passwords. We now use the etc/inc/openvpn.auth-user.php file to facilitate this by checking the username and password supplied by OpenVPN against our centralized user database. The Server and Client user interfaces have also been updated to support TLS packet authentication. This is an additional security option that is optional.
* Make the ftp proxy work again.Seth Mos2008-09-051-1/+1
|
* Remove the code that auto-generates an outbound NAT rule for traffic thatMatthew Grooms2008-09-051-11/+2
| | | | | | originates from a private network to a distant OpenVPN network. We don't want to unconditionally hide all traffic behind the vpn interface address. If a admin wants to do this manually, nothing is stopping them.
* Correct the path for OpenVPN client specific configuration files. When theMatthew Grooms2008-09-041-3/+3
| | | | | directory creation moved to the rc script, the path name was changed from /var/etc/openvpn_csc to /var/etc/openvpn-csc. Update the code to match.
* Revert to the previous method of referencing OpenVPN device names in theMatthew Grooms2008-09-042-25/+19
| | | | | | | filter.inc file. We now specify the openvpn device name which is actually an os managed group. OpenVPN tap instances are added or removed from this group when OpenVPN configurations are created or destroyed. Portions of this patch were written by Ermal.
* Bump the system dh-parameters file to 2048 per request on dev@.Matthew Grooms2008-09-041-4/+4
|
* Cleanup some of the authentication code. Fix the problem where you mustMatthew Grooms2008-09-031-40/+17
| | | | | | | navigate away from the initial page twice to get somewhere. Remove some of the cruft that was no longer used. Don't unconditionally redirect a user to their homepage if another url was specified pre-login. This will allow admins to create bookmarks to specific pfsense webui pages.
* Remove the page locking privileges after discussion with Scott on IRC. TheMatthew Grooms2008-09-033-98/+0
| | | | | | | feature was confusing and offered little utility that I could see. If we really need to provide serialized access to sections of the webui, IMO it should be a global lock option and enabled or disabled manually and not a privilege that is on all the time.
* Correct a regression in the privilege system where pages were not beingMatthew Grooms2008-09-031-6/+9
| | | | matched correctly. Reported by Seth.
* Fix openvpn upgrade to look for right array.Seth Mos2008-09-031-3/+3
| | | | Prevents Fatal parse error
* Correct problems with OpenVPN that prevented the lzo compression and passMatthew Grooms2008-09-031-1/+1
| | | | tos options from being set correctly in configuration files.
* Use newer php5 features, to be safer on upgrade side.Ermal Luçi2008-09-021-4/+4
|
* Now that we are delaying the creation of OpenVPN dh parameters, it appearsMatthew Grooms2008-09-021-0/+1
| | | | we need an explicit call to write_config() to ensure the data is saved.
* Make sure that convert_friendly_to_real also works for disabled interfaces.Seth Mos2008-09-021-21/+20
|
* Enclose interface in curly brackets to prevent filter errors.Seth Mos2008-09-021-5/+5
| | | | | This handles the multiple openvpn interfaces retuned from the interface list. This should probably review after the openvpn work
* Remove sleepSeth Mos2008-09-021-3/+2
| | | | | Make sure our tmp has the correct permission so we can trigger filter reloads.
* Commit forgotten change so we use the proper script for filter reloads.Seth Mos2008-09-021-3/+3
| | | | Maybe failover works now :)
* Delay writing out the dh-parameters file if the paths have not yet beenMatthew Grooms2008-09-021-0/+6
| | | | | initialized by the rc scripts. I hope this will make the initial boot process more pleasant during install. If not, I will revert this commit.
* Start proxy at 8020Scott Ullrich2008-09-021-1/+1
|
* Modify all the default configuration files to ensure the versions match.Matthew Grooms2008-09-021-36/+35
| | | | | While in globals.inc, remove the easyrsa path and do some whitespace cleanup.
* s/16/17Scott Ullrich2008-09-021-3/+3
| | | | Noticed-by: cmb
* Add icmplim when upgrading configuration from 1.2.1Scott Ullrich2008-09-011-0/+4
|
* Don't create the standard OpenVPN paths in openvpn_resync_all(). These areMatthew Grooms2008-09-011-12/+0
| | | | now created during the bootup process.
* * Do not return on CDROM platformScott Ullrich2008-08-311-28/+20
| | | | * Use @ to send error to /dev/null
* Integrate part of the patch from ticket #1807.Ermal Luçi2008-08-311-3/+3
| | | | The other part is already done on pppoe_up script in /usr/local/sbin.
* Check if items are an array before treating them as such.Ermal Luçi2008-08-312-6/+8
|
* Fix detection if an interface is part of bridge.Ermal Luçi2008-08-312-8/+10
|
* Fix detection if an interface is part of bridge up to date.Ermal Luçi2008-08-311-2/+2
|
* Bring bridge related support functions up to date with the other bridge code.Ermal Luçi2008-08-312-27/+8
| | | | NOTE: that the function link_int_to_bridge_interface needs a friendly interface as a parameter now i.e. "wan/lan/optX".
* Ensure $g is populated by reading in globals.incScott Ullrich2008-08-311-0/+1
|
* Correct a typo that could cause problems for openvpn if a client specificMatthew Grooms2008-08-301-1/+1
| | | | | override existed. A space was omitted in the listtags array which was causing the openvpn-csc tag to be merged with the following field.
* When upgrading a configuration, validate openvpn configuration entries asMatthew Grooms2008-08-301-0/+9
| | | | arrays before treating them as such.
* Ignore return text on sysctl commandsScott Ullrich2008-08-301-7/+7
|
* * Add nohaltonerror() (default is to halt on error)Scott Ullrich2008-08-301-7/+16
| | | | | * Add sethaltonerror() * Cleanup error on text handling
* Add $Id: $Scott Ullrich2008-08-301-1/+1
|
* Convert CARP interface related code to use CmdCHAIN for easier debugging.Scott Ullrich2008-08-301-41/+54
|
* Store the OpenVPN system DH parameters contents in the config.xml file soMatthew Grooms2008-08-291-6/+29
| | | | | it is not generated each time on embedded systems. Problem reported by Scott.
* Add rum wireless interface that is supported now in 7.xScott Ullrich2008-08-291-1/+1
| | | | http://forum.pfsense.org/index.php/topic,10581.0.html
* Correct some of the logic in the get_vpns_list() that was committed in theMatthew Grooms2008-08-281-5/+6
| | | | last revision.
* Do not rdr tftp to tftp-proxy for local vpns for both tcp and udp. ThisScott Ullrich2008-08-281-1/+1
| | | | fixes the long standing bug of my voip phones being broken.
* Unbreak FTP when using IPSEC VPN's.Scott Ullrich2008-08-281-6/+6
|
* Bring in relay options for inbound load balancerBill Marquette2008-08-282-20/+88
| | | | | More work pending, this seems to generate proper configs needs much more testing though
* Add support for export and import of encrypted configuration files. A setMatthew Grooms2008-08-282-0/+103
| | | | | of command line utilities for encypting and decrypting the files format is available from the tools/config-crypto directory.
* Replace the old openvpn status page with a new implementation. We now addMatthew Grooms2008-08-271-1/+4
| | | | | | | | a tcp management port option to each OpenVPN server. Instead of rooting through the OpenVPN logs once a minute for status updates, we now submit a request to the management port to obtain informaiton. We probably need to add a pf rule to prevent management ports from being accessed by unwanted processes.
* Correct some problems with the filter code where we were calling foreachMatthew Grooms2008-08-272-63/+79
| | | | | | | | | | | on data that wasn't necessarily a valid array. Modify the OpenVPN code to stop passing the array index around and then immediately obtaining a reference to the array entry. We already have a reference to the data, just pass it instead. Also add some check to make certain tap configuration steps more conditional. Make sure we remove configuration and pid files when they are no longer required. Fix a few other OpenVPN related bugs.
* Set some important default values for the new OpenVPN interface screens.Matthew Grooms2008-08-261-2/+30
| | | | | Add functions and interface code to handle local port conflict detection and resolution.
* Update the privilege definitions using the makepriv utility.Matthew Grooms2008-08-261-122/+116
|
* Dump the per-configuration dh parameters data. It make no sense to keepMatthew Grooms2008-08-262-4/+23
| | | | | | | | | | this information in the configuration as its not specific to the server. It only contains the parameters ( a safe large prime number ) that is used during a DH key exchange. Instead, we now use a system wide dh file that is generated when the /var/etc/openvpn directory is setup. This shaves 10 to 30 seconds off of the server config creation process. Also correct a bug in the hack I added to work around carp related issues that prevented filter re-configuration from working properly.
* Rework most of the OpenVPN support. The interfaces have been updated toMatthew Grooms2008-08-266-684/+564
| | | | | | | | | | not use the pkg system and the configuration has been migrated to an openvpn prefix. The centralized user and certificate manager is now used to support the openvpn configurations. Most of the files removed in this commit were not being referenced. This commit also splits out the certificate management components into a new system menu item.
* Import format_bytes() from m0n0wallScott Ullrich2008-08-231-1/+13
|
OpenPOWER on IntegriCloud