Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | It's time for 2.2.3-RELEASERELENG_2_2_3 | Renato Botelho | 2015-06-23 | 1 | -1/+1 |
| | |||||
* | Add D1540-XG. | Matt Smith | 2015-06-23 | 1 | -0/+3 |
| | |||||
* | Introduce Netgate RCC-DFF to the list of known platforms | Renato Botelho | 2015-06-23 | 2 | -2/+8 |
| | |||||
* | rereadall is not enough here, restore reload call to make sure everything ↵ | Renato Botelho | 2015-06-23 | 1 | -0/+1 |
| | | | | works. Ticket #4785 | ||||
* | Replace ipsec rereadsecrets + reload by single rereadall, that will re-read ↵ | Renato Botelho | 2015-06-23 | 1 | -2/+1 |
| | | | | also cert changes. Ticket #4785 | ||||
* | Instead of sending USR1, just call ipsec reload. And before it, call ipsec ↵ | Renato Botelho | 2015-06-23 | 1 | -1/+2 |
| | | | | rereadsecrets to make sure new secretes are updated. It should fix #4785 | ||||
* | Partially revert 019ee2bc8c, this workaround is not necessary. Real fix will ↵ | Renato Botelho | 2015-06-23 | 1 | -8/+0 |
| | | | | be committed after this | ||||
* | Add a workaround for ticket #4785: | Renato Botelho | 2015-06-23 | 1 | -4/+18 |
| | | | | | | There was a regression on strongswan between 5.3.0 and 5.3.2 as reported at [1]. To workaround this issue, add an extra line on ipsec.secrets with right fqdn. | ||||
* | Fix var name typo in shaper.inc | Chris Buechler | 2015-06-23 | 1 | -1/+1 |
| | |||||
* | Don't delete /var/tmp/, that was originally done to clear session data at ↵ | Chris Buechler | 2015-06-22 | 1 | -1/+0 |
| | | | | boot, but no longer applicable as session data is no longer in /var/tmp/. Credit to 'aa' on opnsense forum. | ||||
* | Use $myid in ipsec.secrets. Ticket #4785 | Chris Buechler | 2015-06-22 | 1 | -2/+2 |
| | |||||
* | This is incomplete. Leaving for 2.3. Revert "Ticket #4683 merge in brainpool ↵ | Chris Buechler | 2015-06-22 | 1 | -11/+2 |
| | | | | | | for DH parameters" This reverts commit 7dc35024af3af1d644c25b002ca9f40f1d61c05b. | ||||
* | Specify $myid rather than %any here, otherwise user manager and mobile PSKs ↵ | Chris Buechler | 2015-06-21 | 1 | -3/+4 |
| | | | | won't match. Ticket #4781 | ||||
* | Obsolete pt_BR.ISO-88591 in favor of UTF-8 | Renato Botelho | 2015-06-19 | 1 | -1/+1 |
| | |||||
* | Move pt_BR translation from ISO to UTF-8 | Renato Botelho | 2015-06-19 | 1 | -1/+1 |
| | |||||
* | Ticket #4746 Correctly set global variables to be used by hostnames cod epaths | Ermal LUÇI | 2015-06-19 | 1 | -2/+2 |
| | |||||
* | Ticket #4683 merge in brainpool for DH parameters | Ermal LUÇI | 2015-06-19 | 1 | -2/+11 |
| | |||||
* | Add a GUI field to increase the pf frag entries limit. Fixes ticket #4775 | jim-p | 2015-06-18 | 1 | -0/+5 |
| | |||||
* | chmod +x hostid | Chris Buechler | 2015-06-18 | 1 | -0/+0 |
| | |||||
* | Blacklist invalid "from" sources since they can be picked up accidentally ↵ | jim-p | 2015-06-17 | 1 | -1/+3 |
| | | | | and cause rule errors. Fixes #4772 | ||||
* | Remove load_balancer_relay_* -- They are not used, not linked, not ↵ | jim-p | 2015-06-16 | 2 | -24/+4 |
| | | | | functional, not maintained, and have potential security issues. | ||||
* | Remove the GUI for the pc-sysinstaller as well and add it to obsoletee files | Ermal LUÇI | 2015-06-15 | 1 | -0/+3 |
| | |||||
* | Add hostid script in the source to solve the issue with platforms that do ↵ | Ermal LUÇI | 2015-06-12 | 1 | -0/+137 |
| | | | | not have proper uuid or duplicate uuid which breaks carp/pfsync and other things in HA setup. | ||||
* | Make the host uuid opt-out | Ermal LUÇI | 2015-06-11 | 2 | -4/+10 |
| | |||||
* | Revert "Ticket #4442 Do not process URL aliases during bootup but trigger it ↵ | Chris Buechler | 2015-06-10 | 2 | -4/+3 |
| | | | | | | just after finished booting. This completely solves the bootup delays without lowering the timeout as before. Probably need to increase a bit the timeouts now to be friendly to other connections" This reverts commit 0d44aca64623da5a3eeef0619704a10b3cfda7a5. | ||||
* | Send the machine uuid with the headers requesting the version file | Ermal LUÇI | 2015-06-10 | 1 | -2/+2 |
| | |||||
* | Send the host uuid with the request for package | Ermal LUÇI | 2015-06-10 | 1 | -0/+1 |
| | |||||
* | Fixes #4537 On 32bit platform do not enable direct dispatch on IPsec since ↵ | Ermal LUÇI | 2015-06-10 | 1 | -0/+3 |
| | | | | it crashes the system | ||||
* | No need to do the same exercise twice. | Ermal LUÇI | 2015-06-09 | 1 | -6/+0 |
| | |||||
* | Do not disable APc here | Ermal LUÇI | 2015-06-09 | 1 | -3/+0 |
| | |||||
* | Restore the file system in R/W mode during most of rc script seems required ↵ | Ermal LUÇI | 2015-06-09 | 1 | -0/+15 |
| | | | | on nano. Should unbreak nanobsd | ||||
* | Add a space to the script to avoid that appended parameters seem the same as ↵ | Ermal LUÇI | 2015-06-09 | 1 | -1/+1 |
| | | | | existing one | ||||
* | Use skel as the source of new user files rather than copying from root. | jim-p | 2015-06-08 | 5 | -1/+28 |
| | | | | Reported-By: https://twitter.com/fitchitis/status/607850849172373504 | ||||
* | Ticket #4442 Do not process URL aliases during bootup but trigger it just ↵ | Ermal LUÇI | 2015-06-07 | 2 | -3/+4 |
| | | | | after finished booting. This completely solves the bootup delays without lowering the timeout as before. Probably need to increase a bit the timeouts now to be friendly to other connections | ||||
* | Fixes #4651 use proper var name on global to have the correct id put on the rule | Ermal LUÇI | 2015-06-07 | 1 | -1/+1 |
| | |||||
* | Fix CARP plugin call for packages, interface was coming through as NULL ↵ | jim-p | 2015-06-05 | 2 | -2/+2 |
| | | | | during CARP events. | ||||
* | Add INIT event for CARP as an alternate for 'backup', otherwise scripts ↵ | jim-p | 2015-06-05 | 1 | -0/+6 |
| | | | | would not take down services during a MASTER->INIT transition. | ||||
* | Setup Wizard can result in invalid LAN DHCP pool calculation | Phil Davis | 2015-06-04 | 1 | -4/+4 |
| | | | | | | | | | | | | 1) consider where the LAN IP is in the subnet range and then put the DHCP pool in the biggest remaining segment, either above or below. 2) Check the size of the available segment. If it is reasonably big then leave some space at either end of the segment, like the old code was doing. Otherwise give all the space to the pool. 3) Do not allow subnet mask 32 - I can't think of a use case for LAN to have a /32 subnet mask, it kind of breaks the whole concept of LAN. 4) Provide more detailed separate messages if the user tries to use the network address or broadcast address as the LAN IP. | ||||
* | A number of things block waiting for file download timeouts, sometimes ↵ | Chris Buechler | 2015-06-03 | 1 | -2/+2 |
| | | | | multiple times across multiple files (many URL Table aliases, for instance). The long timeout causes very long boot times (10-20+ minutes) on many configs with pfblocker if booted disconnected from the Internet. This is strictly the timeout for the HTTP/HTTPS connection attempt. Once connected, it can run past that. 5 seconds should be more than enough for any properly-functioning network. Part of Ticket #4442. | ||||
* | device_type isn't used here | Chris Buechler | 2015-06-02 | 1 | -2/+2 |
| | |||||
* | Don't call growl if the configured address isn't an IP or resolvable | Chris Buechler | 2015-06-02 | 1 | -1/+1 |
| | | | | | hostname. Avoids 1 minute timeout delay in fsockopen in growl.class. Cuts that down to about a 20 second timeout. Ticket #4739 | ||||
* | trigger a reboot after restoration of full backup. Ticket #4107 | Chris Buechler | 2015-06-02 | 1 | -1/+2 |
| | |||||
* | Deprecate /usr/local/bin/3gstat | Renato Botelho | 2015-06-02 | 1 | -0/+1 |
| | |||||
* | Use CARP IPs that are configured. Ticket #4370 | Chris Buechler | 2015-06-02 | 1 | -0/+3 |
| | |||||
* | set the serial port appropriately for RCC-VE platforms. sync from factory | Chris Buechler | 2015-06-01 | 1 | -2/+11 |
| | | | | repo. Ticket #4720 | ||||
* | Return IP correctly in get_interface_ip for gateway groups specifying a | Chris Buechler | 2015-06-01 | 1 | -0/+4 |
| | | | | VIP. Ticket #4661 | ||||
* | Use 'host!' flag when setting CURLOPT_INTERFACE, as recommended by CURL docs | Renato Botelho | 2015-06-01 | 2 | -2/+2 |
| | |||||
* | Pass interface to CURLOPT_INTERFACE instead of IP addres, also use 'if!' ↵ | Renato Botelho | 2015-06-01 | 1 | -1/+1 |
| | | | | flag to avoid CURL trying to resolve the interface name | ||||
* | Allow option to specify just 1 of user and pass in OpenVPN .up file | Phil Davis | 2015-05-30 | 1 | -3/+13 |
| | | | | | | | | | | | | | | As per comment in https://redmine.pfsense.org/issues/3633 sometimes the server end only requires a password, no username. Usually 1 long string that serves as the hard-to-guess authentication. OpenVPN expects something to be on the first line of the ".up" file - traditionally called the username. It also insists on the second line being present, but is happy with it being empty - this is the authentication information traditionally called "password". Let the user put the single piece of authentication information in either the Username or Password field on the web GUI - whichever they feel comfortable calling it. In the ".up" file it has to always be the first line to keep OpenVPN happy. | ||||
* | Replae backtickes by mwexec() | Renato Botelho | 2015-05-30 | 1 | -2/+2 |
| |