Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Remove packages from cache after install, also add debug messages | Renato Botelho | 2015-07-01 | 1 | -2/+6 |
| | |||||
* | Mute call to 'pkg info -e' used to check if pkg is installed | Renato Botelho | 2015-07-01 | 1 | -1/+1 |
| | |||||
* | Re-implement pkg_call() using proc_open() and stream_select() and also ↵ | Renato Botelho | 2015-07-01 | 1 | -4/+124 |
| | | | | implement pkg_exec() | ||||
* | pfsense-utils.inc is being required, there is no chance of update_status() ↵ | Renato Botelho | 2015-07-01 | 1 | -11/+2 |
| | | | | and update_output_window() don't exist | ||||
* | Use interface-automatic for Unbound when the interfaces list is empty (same ↵ | jim-p | 2015-06-26 | 1 | -0/+2 |
| | | | | as All) otherwise it breaks with a default CARP config. | ||||
* | Add D1540-XG. | Matt Smith | 2015-06-23 | 1 | -0/+3 |
| | |||||
* | Introduce Netgate RCC-DFF to the list of known platforms | Renato Botelho | 2015-06-23 | 2 | -2/+8 |
| | |||||
* | rereadall is not enough here, restore reload call to make sure everything ↵ | Renato Botelho | 2015-06-23 | 1 | -0/+1 |
| | | | | works. Ticket #4785 | ||||
* | Replace ipsec rereadsecrets + reload by single rereadall, that will re-read ↵ | Renato Botelho | 2015-06-23 | 1 | -2/+1 |
| | | | | also cert changes. Ticket #4785 | ||||
* | Instead of sending USR1, just call ipsec reload. And before it, call ipsec ↵ | Renato Botelho | 2015-06-23 | 1 | -1/+2 |
| | | | | rereadsecrets to make sure new secretes are updated. It should fix #4785 | ||||
* | Partially revert 019ee2bc8c, this workaround is not necessary. Real fix will ↵ | Renato Botelho | 2015-06-23 | 1 | -8/+0 |
| | | | | be committed after this | ||||
* | Add a workaround for ticket #4785: | Renato Botelho | 2015-06-23 | 1 | -4/+17 |
| | | | | | | There was a regression on strongswan between 5.3.0 and 5.3.2 as reported at [1]. To workaround this issue, add an extra line on ipsec.secrets with right fqdn. | ||||
* | Merge pull request #1728 from devnullity/patch-1 | Chris Buechler | 2015-06-23 | 1 | -1/+1 |
|\ | |||||
| * | Fix var name typo in shaper.inc | Ben Cook | 2015-06-21 | 1 | -1/+1 |
| | | | | | | Fix typo so get_bandwidthtype_scale can do more than default to "1". | ||||
* | | Use $myid in ipsec.secrets. Ticket #4785 | Chris Buechler | 2015-06-22 | 1 | -2/+2 |
|/ | | | | | Conflicts: etc/inc/vpn.inc | ||||
* | Specify $myid rather than %any here, otherwise user manager and mobile PSKs ↵ | Chris Buechler | 2015-06-21 | 1 | -3/+4 |
| | | | | | | | won't match. Ticket #4781 Conflicts: etc/inc/vpn.inc | ||||
* | Ticket #4746 Correctly set global variables to be used by hostnames cod epaths | Ermal LUÇI | 2015-06-19 | 1 | -2/+2 |
| | |||||
* | Add a GUI field to increase the pf frag entries limit. Fixes ticket #4775 | jim-p | 2015-06-18 | 1 | -0/+5 |
| | |||||
* | Blacklist invalid "from" sources since they can be picked up accidentally ↵ | jim-p | 2015-06-17 | 1 | -1/+3 |
| | | | | and cause rule errors. Fixes #4772 | ||||
* | Code spacing | Phil Davis | 2015-06-15 | 27 | -232/+236 |
| | | | | | | | and other random stuff I noticed. I think this finishes messing with code style. The codebase should match the developer style guide closely enough that 99.9% of changes will not feel the need to also massage the formatting. | ||||
* | Merge pull request #1710 from stilez/patch-4 | Renato Botelho | 2015-06-11 | 1 | -10/+2 |
|\ | |||||
| * | simplify is_ipaddrv4() and fix zero-padding issue | stilez | 2015-06-07 | 1 | -10/+2 |
| | | | | | | | | | | | | | | Fixes these two issues: 1) The historical workaround of testing IPv4 for validity by (a) converting to long (b) converting back again, then (c) comparing to see if it's the same as the original, is redundant. The old issue with ip2long() was fixed in PHP 5.2.10 and invalid IPv4 can now be tested simply by ip2long() === FALSE. 2) The workaround didn't really work optimally anyway as it mis-reported otherwise valid IPs as invalid if any octet or the IP as a whole was zero padded. Some IP lists or IP data sources users might use could be zero padded - an avoidable headache. | ||||
* | | Make the host uuid opt-out | Ermal LUÇI | 2015-06-11 | 1 | -3/+10 |
| | | |||||
* | | Revert "Ticket #4442 Do not process URL aliases during bootup but trigger it ↵ | Chris Buechler | 2015-06-10 | 1 | -3/+0 |
| | | | | | | | | | | | | just after finished booting. This completely solves the bootup delays without lowering the timeout as before. Probably need to increase a bit the timeouts now to be friendly to other connections" This reverts commit ec9eb7891780e5f142838c03203ad8ce267ed89e. | ||||
* | | Send the machine uuid with the headers requesting the version file | Ermal LUÇI | 2015-06-10 | 1 | -1/+1 |
| | | |||||
* | | Send the machine uuid with the headers requesting the version file | Ermal LUÇI | 2015-06-10 | 1 | -1/+1 |
| | | |||||
* | | Fixes #4537 On 32bit platform do not enable direct dispatch on IPsec since ↵ | Ermal LUÇI | 2015-06-10 | 1 | -0/+3 |
| | | | | | | | | it crashes the system | ||||
* | | Do not call fsck just out of nowhere here since it cannot be the problem or ↵ | Ermal LUÇI | 2015-06-09 | 1 | -6/+4 |
| | | | | | | | | fix. | ||||
* | | Add a space to the script to avoid that appended parameters seem the same as ↵ | Ermal LUÇI | 2015-06-09 | 1 | -1/+1 |
| | | | | | | | | existing one | ||||
* | | Use skel as the source of new user files rather than copying from root. | jim-p | 2015-06-08 | 2 | -1/+0 |
| | | | | | | | | Reported-By: https://twitter.com/fitchitis/status/607850849172373504 | ||||
* | | Do not synchronize alias url during filter reload rather trigger one if needed | Ermal LUÇI | 2015-06-08 | 1 | -2/+3 |
| | | |||||
* | | Ticket #4442 Do not process URL aliases during bootup but trigger it just ↵ | Ermal LUÇI | 2015-06-07 | 1 | -0/+3 |
| | | | | | | | | after finished booting. This completely solves the bootup delays without lowering the timeout as before. Probably need to increase a bit the timeouts now to be friendly to other connections | ||||
* | | Fixes #4651 use proper var name on global to have the correct id put on the rule | Ermal LUÇI | 2015-06-07 | 1 | -1/+1 |
|/ | |||||
* | Merge pull request #1706 from phil-davis/setupwizardlan | Renato Botelho | 2015-06-04 | 1 | -4/+4 |
|\ | |||||
| * | Setup Wizard can result in invalid LAN DHCP pool calculation | Phil Davis | 2015-06-02 | 1 | -4/+4 |
| | | | | | | | | | | | | | | | | | | | | | | | | 1) consider where the LAN IP is in the subnet range and then put the DHCP pool in the biggest remaining segment, either above or below. 2) Check the size of the available segment. If it is reasonably big then leave some space at either end of the segment, like the old code was doing. Otherwise give all the space to the pool. 3) Do not allow subnet mask 32 - I can't think of a use case for LAN to have a /32 subnet mask, it kind of breaks the whole concept of LAN. 4) Provide more detailed separate messages if the user tries to use the network address or broadcast address as the LAN IP. | ||||
* | | A number of things block waiting for file download timeouts, sometimes ↵ | Chris Buechler | 2015-06-03 | 1 | -2/+2 |
| | | | | | | | | | | | | | | multiple times across multiple files (many URL Table aliases, for instance). The long timeout causes very long boot times (10-20+ minutes) on many configs with pfblocker if booted disconnected from the Internet. This is strictly the timeout for the HTTP/HTTPS connection attempt. Once connected, it can run past that. 5 seconds should be more than enough for any properly-functioning network. Part of Ticket #4442. Conflicts: etc/inc/pfsense-utils.inc | ||||
* | | device_type isn't used here | Chris Buechler | 2015-06-02 | 1 | -2/+2 |
| | | |||||
* | | Don't call growl if the configured address isn't an IP or resolvable | Chris Buechler | 2015-06-02 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | hostname. Avoids 1 minute timeout delay in fsockopen in growl.class. Cuts that down to about a 20 second timeout. Ticket #4739 Conflicts: etc/inc/notices.inc | ||||
* | | Use CARP IPs that are configured. Ticket #4370 | Chris Buechler | 2015-06-02 | 1 | -0/+3 |
|/ | |||||
* | really fix botched manual merge request. Ticket #4720 | Chris Buechler | 2015-06-01 | 1 | -2/+2 |
| | |||||
* | fix manual merge mistake. Ticket #4720 | Chris Buechler | 2015-06-01 | 1 | -1/+1 |
| | |||||
* | set the serial port appropriately for RCC-VE platforms. sync from factory | Chris Buechler | 2015-06-01 | 1 | -4/+15 |
| | | | | | | | repo. Ticket #4720 Conflicts: etc/inc/pfsense-utils.inc | ||||
* | Return IP correctly in get_interface_ip for gateway groups specifying a | Chris Buechler | 2015-06-01 | 1 | -0/+4 |
| | | | | VIP. Ticket #4661 | ||||
* | Use 'host!' flag when setting CURLOPT_INTERFACE, as recommended by CURL docs | Renato Botelho | 2015-06-01 | 2 | -2/+2 |
| | |||||
* | Pass interface to CURLOPT_INTERFACE instead of IP addres, also use 'if!' ↵ | Renato Botelho | 2015-06-01 | 1 | -1/+1 |
| | | | | flag to avoid CURL trying to resolve the interface name | ||||
* | Code style bits and pieces from etc | Phil Davis | 2015-05-31 | 35 | -330/+328 |
| | |||||
* | Allow option to specify just 1 of user and pass in OpenVPN .up file | Phil Davis | 2015-05-30 | 1 | -3/+13 |
| | | | | | | | | | | | | | | As per comment in https://redmine.pfsense.org/issues/3633 sometimes the server end only requires a password, no username. Usually 1 long string that serves as the hard-to-guess authentication. OpenVPN expects something to be on the first line of the ".up" file - traditionally called the username. It also insists on the second line being present, but is happy with it being empty - this is the authentication information traditionally called "password". Let the user put the single piece of authentication information in either the Username or Password field on the web GUI - whichever they feel comfortable calling it. In the ".up" file it has to always be the first line to keep OpenVPN happy. | ||||
* | Replae backtickes by mwexec() | Renato Botelho | 2015-05-30 | 1 | -2/+2 |
| | |||||
* | Merge pull request #1551 from rnoland/master | Renato Botelho | 2015-05-30 | 1 | -20/+24 |
|\ | |||||
| * | We need to at least setup the serial port before we try to blast | Robert Noland | 2015-03-10 | 1 | -20/+24 |
| | | | | | | | | | | config data to it. My system was hanging during boot because cat was couldn't output gps.init to the port. |