summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* It's time for 2.2.1-RELEASERELENG_2_2_1Renato Botelho2015-03-131-1/+1
|
* txpower was disabled for good reason it would appear, it triggers syntax ↵Chris Buechler2015-03-131-1/+3
| | | | errors in some configurations. Disable it again since it's been disabled for years, and comment out the user-facing config portion for now since it doesn't do anything. Ticket #4516
* add missing double == in ipsec.incChris Buechler2015-03-121-1/+1
|
* Missin double equals in captiveportal.incPhil Davis2015-03-121-1/+1
| | | | | | Looking at where this is nested inside various if statements, I do not think this error did too much harm - only to the $mac['descr'] - in this particular code flow $username is not used for important stuff after this point. Conflicts: etc/inc/captiveportal.inc
* Set txpower since that seems to work fine now. Explicitly set authmode wpa ↵Chris Buechler2015-03-121-2/+5
| | | | here, though it's also handled by the supplicant/authenticator. Ticket #4516
* Do not start filterdns during boot until a proper fix is done. Ticket #4296Renato Botelho2015-03-122-18/+22
|
* If we bail not being able to find the P1 source, log an error.Chris Buechler2015-03-121-1/+3
|
* White space in ipsec.incPhil Davis2015-03-121-10/+10
|
* White space in filter.incPhil Davis2015-03-121-44/+44
| | | | | Conflicts: etc/inc/filter.inc
* use-compression is no longer a valid config option in lighttpd, it can't be ↵Chris Buechler2015-03-121-3/+0
| | | | enabled. This just throws an error in the log, remove it.
* Fix IPsec on CARP IPs, broken when fixing IPsec with gateway groups and VIPs.Chris Buechler2015-03-121-5/+9
|
* Move libstrongswan-unity.so when Unity plugin is disabled so it can't modify ↵Chris Buechler2015-03-111-3/+13
| | | | | | | the P2. Workaround for Ticket #4178 Conflicts: etc/inc/vpn.inc
* Remove -U from mtree call used to restore files permissions, this is ↵Renato Botelho2015-03-111-1/+1
| | | | replacing symlink targets by the old values. Ticket #4328
* add granular control of state timeouts. Ticket #4509Chris Buechler2015-03-111-1/+50
|
* Explicit disable ssl.use-compression on lighty config. It should fix #4230Renato Botelho2015-03-111-0/+3
|
* Remove BEAST protection option since default cipher is now good and works ↵Renato Botelho2015-03-111-20/+2
| | | | with hifn cards
* Add a log message when hostres SNMP module is ignored on APU boardsRenato Botelho2015-03-111-5/+9
|
* Disable SNMP hostres module on APU boards until we figure out why it's ↵Renato Botelho2015-03-111-1/+5
| | | | crashing on this specific board. Ticket #4403
* Leave adaptive.start and end at their defaults (60% and 120% of the state ↵Chris Buechler2015-03-111-2/+0
| | | | limit, respectively) if not user-overridden.
* Update cipher-list in web interface to prefer PFS. Ticket #4230Chris Buechler2015-03-111-2/+4
|
* Check for not up, rather than down, as there are a variety of potentialChris Buechler2015-03-101-3/+3
| | | | statuses that are not up. Ticket #4502
* Need global $ipsec_idhandling here.Chris Buechler2015-03-101-2/+2
|
* Don't enable interfaces_use by default. Add checkbox to enable on AdvancedChris Buechler2015-03-101-3/+8
| | | | | | | tab, in case there are scenarios where it's desirable. Ticket #4341 Conflicts: etc/inc/vpn.inc
* Check if it's an array before call foreach(). TicketRenato Botelho2015-03-061-1/+1
|
* Stop trying to fix dns_split during strongswan config generation, we have an ↵Renato Botelho2015-03-061-8/+0
| | | | upgrade code in place for that, it should fix #4418
* dns_split was a comma separated list and moved to use space as separator, ↵Renato Botelho2015-03-062-1/+14
| | | | provide upgrade code to make sure old configs are converted. Since there was a config upgrade version 11.7 only on master, I pushed it to 11.8 and used dns_split one as 11.7 to be able to backport it to RELENG_2_2. Ticket #4418
* Use get_failover_interface here to find appropriate interface. Ticket #4482Chris Buechler2015-03-061-3/+4
| | | | | Conflicts: etc/inc/ipsec.inc
* same change as previous commit, for IPv6. Ticket #4482Chris Buechler2015-03-061-1/+7
|
* Use the parent interface, not the _vip for interfaces_use. Part of Ticket #4482Chris Buechler2015-03-061-2/+11
|
* Destroy stf interface when 6rd or 6to4 tunnel is disabled. Fixes #4471Chris Buechler2015-03-051-45/+59
| | | | | Conflicts: etc/inc/interfaces.inc
* Be nicer when checking if alias is numericPhil Davis2015-03-051-6/+6
| | | | | | | Because an ordinary port can be numeric here. Forum https://forum.pfsense.org/index.php?topic=89906.0 Conflicts: etc/inc/util.inc
* Remove the harden-glue option entirely and hard code it to yes. Ticket #4402Chris Buechler2015-03-051-2/+1
|
* Skip any numeric-only aliases in the ruleset to prevent errors from thoseChris Buechler2015-03-042-0/+9
| | | | who configured them on previous versions where that was allowed. Ticket
* Add missing comma. Fixes #4485jim-p2015-03-041-1/+1
|
* Enable UnicastOnly in radvd for ovpn* interfaces. Ticket #4455Chris Buechler2015-03-031-0/+3
|
* Tweak the carp demotion factors slightly to avoid CARP transitions that are ↵jim-p2015-03-031-0/+2
| | | | most likely unnecessary.
* Be safe use require_once in zeromqPhil Davis2015-03-031-1/+1
| | | | | | | | | I was testing code and just doing stuff like: require_once("zeromq.inc"); in Diagnostics->Command Prompt, PHP Execute That brings an error because underneath that PHP Execute code it has already included auth.inc I guess zeromq.inc is used quite separately to the rest of the system, and must be OK just having a "require" here. But it seems safer to always use require_once, just in case it gets called in a new way/sequence. Comments welcome.
* Remove "Prefer old SA" option, and ignore it in all existing configurations. ↵Chris Buechler2015-03-031-10/+0
| | | | Breaks things in many cases with strongSwan. For the very rare circumstances where this is actually desirable, it's just a sysctl that can be set in tunables.
* Ancient bug on upgrade_014_to_015Phil Davis2015-03-021-1/+1
| | | | | | | | | | | This code looked silly the way it was, with the construct: $var = $var; unset($var); Seems it was accidentally changed to this way many years ago by https://github.com/pfsense/pfsense/commit/588a183b0e58f09932ffef35cc0003cca2313aba IMHO we want to do the conversion to $config['system']['gateway'] here so that later config conversion will then process it as expected. Note that in a current (2.2) config there is not $config['system']['gateway'] but that is switched over later in upgrade_021_to_022 - which switches back to $config['interfaces']['wan']['gateway'] and then later config conversions do their thing with that. I guess this will only effect people who upgrade from some really old config (or monowall?)
* Fix type (trime->trim)jim-p2015-02-261-1/+1
|
* interface_netgraph_needed can miss setting found equals truePhil Davis2015-02-261-1/+2
| | | | | | | This routine seems to go looking to see if the passed-in interface is PPP-style. At the end, if it is not PPP-style then it calls pfsense_ngctl_detach. This foreach loop in its current state will always exit after the first iteration that is not mode "server". But it looks like it should look through all the 'pppoe' entries until it finds the interface or gets to the end. In theory the code will sometimes miss setting $found = true when it should have. And thus pfsense_ngctl_detach would get called later for a PPP-style interface. I noticed this while reviewing for code style guide - it is an example where the indenting shows the intention but there are no curlies to implement it.
* remove unused legacy codeChris Buechler2015-02-261-6/+0
|
* Log ifconfig commands used to setup wireless interfacesChris Buechler2015-02-261-0/+7
|
* Put the bits to use the new reset utilityErmal LUÇI2015-02-251-0/+4
|
* Ticket #4418 Actually make each entry a clear token to strongswan parser for ↵Ermal LUÇI2015-02-251-2/+3
| | | | dns_split
* Ticket #4418 make sure the dns_split is separated with spaces rather than ↵Ermal LUÇI2015-02-251-7/+0
| | | | space or comma to comply with strongswan requirements.
* Ticket #4418 Make the DNS names attr 28675 space separated as identified by ↵Ermal LUÇI2015-02-251-1/+16
| | | | Jeffrey Dvornek
* remove old, unused codeChris Buechler2015-02-251-2/+0
|
* Initialize var and move unset outside the loopRenato Botelho2015-02-241-1/+3
|
* Do not request prefix delegation if no tracking interfaces are setup tok-paulius2015-02-241-14/+17
| | | | use it. Ticket #4436
OpenPOWER on IntegriCloud