Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Use subnet address in OPT net rules | Phil Davis | 2015-03-16 | 1 | -9/+11 |
| | | | | | | | | | Example: LAN IP 10.0.1.1/24 OPT1 IP 10.0.2.1/24 Rules with SRC or DST LANnet correctly have 10.0.0.0/24 (the subnet base address) in /tmp/rules.debug Rules with SRC or DST OPT1net have 10.0.2.1/24 (the OPT1 IP address with OPT1 net mask) in /tmp/rules.debug It still works (I think) because actually 10.0.2.1/24 and 10.0.2.0/24 interpreted as a subnet still describes the same set of IP addresses, but it looks odd, as reported by: https://forum.pfsense.org/index.php?topic=90096.msg498474#msg498474 Same issue with IPv6 for OPT1net rules. This fixes the rule generation to that OPT1net uses the base subnet address in the rule, in the same way that LANnet and WANnet does. | ||||
* | It's time for 2.2.1-RELEASERELENG_2_2_1 | Renato Botelho | 2015-03-13 | 1 | -1/+1 |
| | |||||
* | txpower was disabled for good reason it would appear, it triggers syntax ↵ | Chris Buechler | 2015-03-13 | 1 | -1/+3 |
| | | | | errors in some configurations. Disable it again since it's been disabled for years, and comment out the user-facing config portion for now since it doesn't do anything. Ticket #4516 | ||||
* | add missing double == in ipsec.inc | Chris Buechler | 2015-03-12 | 1 | -1/+1 |
| | |||||
* | Missin double equals in captiveportal.inc | Phil Davis | 2015-03-12 | 1 | -1/+1 |
| | | | | | | Looking at where this is nested inside various if statements, I do not think this error did too much harm - only to the $mac['descr'] - in this particular code flow $username is not used for important stuff after this point. Conflicts: etc/inc/captiveportal.inc | ||||
* | Set txpower since that seems to work fine now. Explicitly set authmode wpa ↵ | Chris Buechler | 2015-03-12 | 1 | -2/+5 |
| | | | | here, though it's also handled by the supplicant/authenticator. Ticket #4516 | ||||
* | Do not start filterdns during boot until a proper fix is done. Ticket #4296 | Renato Botelho | 2015-03-12 | 2 | -18/+22 |
| | |||||
* | If we bail not being able to find the P1 source, log an error. | Chris Buechler | 2015-03-12 | 1 | -1/+3 |
| | |||||
* | White space in ipsec.inc | Phil Davis | 2015-03-12 | 1 | -10/+10 |
| | |||||
* | White space in filter.inc | Phil Davis | 2015-03-12 | 1 | -44/+44 |
| | | | | | Conflicts: etc/inc/filter.inc | ||||
* | use-compression is no longer a valid config option in lighttpd, it can't be ↵ | Chris Buechler | 2015-03-12 | 1 | -3/+0 |
| | | | | enabled. This just throws an error in the log, remove it. | ||||
* | Fix IPsec on CARP IPs, broken when fixing IPsec with gateway groups and VIPs. | Chris Buechler | 2015-03-12 | 1 | -5/+9 |
| | |||||
* | Move libstrongswan-unity.so when Unity plugin is disabled so it can't modify ↵ | Chris Buechler | 2015-03-11 | 1 | -3/+13 |
| | | | | | | | the P2. Workaround for Ticket #4178 Conflicts: etc/inc/vpn.inc | ||||
* | Remove -U from mtree call used to restore files permissions, this is ↵ | Renato Botelho | 2015-03-11 | 1 | -1/+1 |
| | | | | replacing symlink targets by the old values. Ticket #4328 | ||||
* | add granular control of state timeouts. Ticket #4509 | Chris Buechler | 2015-03-11 | 1 | -1/+50 |
| | |||||
* | Explicit disable ssl.use-compression on lighty config. It should fix #4230 | Renato Botelho | 2015-03-11 | 1 | -0/+3 |
| | |||||
* | Remove BEAST protection option since default cipher is now good and works ↵ | Renato Botelho | 2015-03-11 | 1 | -20/+2 |
| | | | | with hifn cards | ||||
* | Add a log message when hostres SNMP module is ignored on APU boards | Renato Botelho | 2015-03-11 | 1 | -5/+9 |
| | |||||
* | Disable SNMP hostres module on APU boards until we figure out why it's ↵ | Renato Botelho | 2015-03-11 | 1 | -1/+5 |
| | | | | crashing on this specific board. Ticket #4403 | ||||
* | Leave adaptive.start and end at their defaults (60% and 120% of the state ↵ | Chris Buechler | 2015-03-11 | 1 | -2/+0 |
| | | | | limit, respectively) if not user-overridden. | ||||
* | Update cipher-list in web interface to prefer PFS. Ticket #4230 | Chris Buechler | 2015-03-11 | 1 | -2/+4 |
| | |||||
* | Check for not up, rather than down, as there are a variety of potential | Chris Buechler | 2015-03-10 | 1 | -3/+3 |
| | | | | statuses that are not up. Ticket #4502 | ||||
* | Need global $ipsec_idhandling here. | Chris Buechler | 2015-03-10 | 1 | -2/+2 |
| | |||||
* | Don't enable interfaces_use by default. Add checkbox to enable on Advanced | Chris Buechler | 2015-03-10 | 1 | -3/+8 |
| | | | | | | | tab, in case there are scenarios where it's desirable. Ticket #4341 Conflicts: etc/inc/vpn.inc | ||||
* | Check if it's an array before call foreach(). Ticket | Renato Botelho | 2015-03-06 | 1 | -1/+1 |
| | |||||
* | Stop trying to fix dns_split during strongswan config generation, we have an ↵ | Renato Botelho | 2015-03-06 | 1 | -8/+0 |
| | | | | upgrade code in place for that, it should fix #4418 | ||||
* | dns_split was a comma separated list and moved to use space as separator, ↵ | Renato Botelho | 2015-03-06 | 2 | -1/+14 |
| | | | | provide upgrade code to make sure old configs are converted. Since there was a config upgrade version 11.7 only on master, I pushed it to 11.8 and used dns_split one as 11.7 to be able to backport it to RELENG_2_2. Ticket #4418 | ||||
* | Use get_failover_interface here to find appropriate interface. Ticket #4482 | Chris Buechler | 2015-03-06 | 1 | -3/+4 |
| | | | | | Conflicts: etc/inc/ipsec.inc | ||||
* | same change as previous commit, for IPv6. Ticket #4482 | Chris Buechler | 2015-03-06 | 1 | -1/+7 |
| | |||||
* | Use the parent interface, not the _vip for interfaces_use. Part of Ticket #4482 | Chris Buechler | 2015-03-06 | 1 | -2/+11 |
| | |||||
* | Destroy stf interface when 6rd or 6to4 tunnel is disabled. Fixes #4471 | Chris Buechler | 2015-03-05 | 1 | -45/+59 |
| | | | | | Conflicts: etc/inc/interfaces.inc | ||||
* | Be nicer when checking if alias is numeric | Phil Davis | 2015-03-05 | 1 | -6/+6 |
| | | | | | | | Because an ordinary port can be numeric here. Forum https://forum.pfsense.org/index.php?topic=89906.0 Conflicts: etc/inc/util.inc | ||||
* | Remove the harden-glue option entirely and hard code it to yes. Ticket #4402 | Chris Buechler | 2015-03-05 | 1 | -2/+1 |
| | |||||
* | Skip any numeric-only aliases in the ruleset to prevent errors from those | Chris Buechler | 2015-03-04 | 2 | -0/+9 |
| | | | | who configured them on previous versions where that was allowed. Ticket | ||||
* | Add missing comma. Fixes #4485 | jim-p | 2015-03-04 | 1 | -1/+1 |
| | |||||
* | Enable UnicastOnly in radvd for ovpn* interfaces. Ticket #4455 | Chris Buechler | 2015-03-03 | 1 | -0/+3 |
| | |||||
* | Tweak the carp demotion factors slightly to avoid CARP transitions that are ↵ | jim-p | 2015-03-03 | 1 | -0/+2 |
| | | | | most likely unnecessary. | ||||
* | Be safe use require_once in zeromq | Phil Davis | 2015-03-03 | 1 | -1/+1 |
| | | | | | | | | | I was testing code and just doing stuff like: require_once("zeromq.inc"); in Diagnostics->Command Prompt, PHP Execute That brings an error because underneath that PHP Execute code it has already included auth.inc I guess zeromq.inc is used quite separately to the rest of the system, and must be OK just having a "require" here. But it seems safer to always use require_once, just in case it gets called in a new way/sequence. Comments welcome. | ||||
* | Remove "Prefer old SA" option, and ignore it in all existing configurations. ↵ | Chris Buechler | 2015-03-03 | 1 | -10/+0 |
| | | | | Breaks things in many cases with strongSwan. For the very rare circumstances where this is actually desirable, it's just a sysctl that can be set in tunables. | ||||
* | Ancient bug on upgrade_014_to_015 | Phil Davis | 2015-03-02 | 1 | -1/+1 |
| | | | | | | | | | | | This code looked silly the way it was, with the construct: $var = $var; unset($var); Seems it was accidentally changed to this way many years ago by https://github.com/pfsense/pfsense/commit/588a183b0e58f09932ffef35cc0003cca2313aba IMHO we want to do the conversion to $config['system']['gateway'] here so that later config conversion will then process it as expected. Note that in a current (2.2) config there is not $config['system']['gateway'] but that is switched over later in upgrade_021_to_022 - which switches back to $config['interfaces']['wan']['gateway'] and then later config conversions do their thing with that. I guess this will only effect people who upgrade from some really old config (or monowall?) | ||||
* | Fix type (trime->trim) | jim-p | 2015-02-26 | 1 | -1/+1 |
| | |||||
* | interface_netgraph_needed can miss setting found equals true | Phil Davis | 2015-02-26 | 1 | -1/+2 |
| | | | | | | | This routine seems to go looking to see if the passed-in interface is PPP-style. At the end, if it is not PPP-style then it calls pfsense_ngctl_detach. This foreach loop in its current state will always exit after the first iteration that is not mode "server". But it looks like it should look through all the 'pppoe' entries until it finds the interface or gets to the end. In theory the code will sometimes miss setting $found = true when it should have. And thus pfsense_ngctl_detach would get called later for a PPP-style interface. I noticed this while reviewing for code style guide - it is an example where the indenting shows the intention but there are no curlies to implement it. | ||||
* | remove unused legacy code | Chris Buechler | 2015-02-26 | 1 | -6/+0 |
| | |||||
* | Log ifconfig commands used to setup wireless interfaces | Chris Buechler | 2015-02-26 | 1 | -0/+7 |
| | |||||
* | Put the bits to use the new reset utility | Ermal LUÇI | 2015-02-25 | 1 | -0/+4 |
| | |||||
* | Ticket #4418 Actually make each entry a clear token to strongswan parser for ↵ | Ermal LUÇI | 2015-02-25 | 1 | -2/+3 |
| | | | | dns_split | ||||
* | Ticket #4418 make sure the dns_split is separated with spaces rather than ↵ | Ermal LUÇI | 2015-02-25 | 1 | -7/+0 |
| | | | | space or comma to comply with strongswan requirements. | ||||
* | Ticket #4418 Make the DNS names attr 28675 space separated as identified by ↵ | Ermal LUÇI | 2015-02-25 | 1 | -1/+16 |
| | | | | Jeffrey Dvornek | ||||
* | remove old, unused code | Chris Buechler | 2015-02-25 | 1 | -2/+0 |
| | |||||
* | Initialize var and move unset outside the loop | Renato Botelho | 2015-02-24 | 1 | -1/+3 |
| |