summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* It's time for 2.2.3-RELEASERELENG_2_2_3Renato Botelho2015-06-231-1/+1
|
* Add D1540-XG.Matt Smith2015-06-231-0/+3
|
* Introduce Netgate RCC-DFF to the list of known platformsRenato Botelho2015-06-232-2/+8
|
* rereadall is not enough here, restore reload call to make sure everything ↵Renato Botelho2015-06-231-0/+1
| | | | works. Ticket #4785
* Replace ipsec rereadsecrets + reload by single rereadall, that will re-read ↵Renato Botelho2015-06-231-2/+1
| | | | also cert changes. Ticket #4785
* Instead of sending USR1, just call ipsec reload. And before it, call ipsec ↵Renato Botelho2015-06-231-1/+2
| | | | rereadsecrets to make sure new secretes are updated. It should fix #4785
* Partially revert 019ee2bc8c, this workaround is not necessary. Real fix will ↵Renato Botelho2015-06-231-8/+0
| | | | be committed after this
* Add a workaround for ticket #4785:Renato Botelho2015-06-231-4/+18
| | | | | | There was a regression on strongswan between 5.3.0 and 5.3.2 as reported at [1]. To workaround this issue, add an extra line on ipsec.secrets with right fqdn.
* Fix var name typo in shaper.incChris Buechler2015-06-231-1/+1
|
* Don't delete /var/tmp/, that was originally done to clear session data at ↵Chris Buechler2015-06-221-1/+0
| | | | boot, but no longer applicable as session data is no longer in /var/tmp/. Credit to 'aa' on opnsense forum.
* Use $myid in ipsec.secrets. Ticket #4785Chris Buechler2015-06-221-2/+2
|
* This is incomplete. Leaving for 2.3. Revert "Ticket #4683 merge in brainpool ↵Chris Buechler2015-06-221-11/+2
| | | | | | for DH parameters" This reverts commit 7dc35024af3af1d644c25b002ca9f40f1d61c05b.
* Specify $myid rather than %any here, otherwise user manager and mobile PSKs ↵Chris Buechler2015-06-211-3/+4
| | | | won't match. Ticket #4781
* Obsolete pt_BR.ISO-88591 in favor of UTF-8Renato Botelho2015-06-191-1/+1
|
* Move pt_BR translation from ISO to UTF-8Renato Botelho2015-06-191-1/+1
|
* Ticket #4746 Correctly set global variables to be used by hostnames cod epathsErmal LUÇI2015-06-191-2/+2
|
* Ticket #4683 merge in brainpool for DH parametersErmal LUÇI2015-06-191-2/+11
|
* Add a GUI field to increase the pf frag entries limit. Fixes ticket #4775jim-p2015-06-181-0/+5
|
* chmod +x hostidChris Buechler2015-06-181-0/+0
|
* Blacklist invalid "from" sources since they can be picked up accidentally ↵jim-p2015-06-171-1/+3
| | | | and cause rule errors. Fixes #4772
* Remove load_balancer_relay_* -- They are not used, not linked, not ↵jim-p2015-06-162-24/+4
| | | | functional, not maintained, and have potential security issues.
* Remove the GUI for the pc-sysinstaller as well and add it to obsoletee filesErmal LUÇI2015-06-151-0/+3
|
* Add hostid script in the source to solve the issue with platforms that do ↵Ermal LUÇI2015-06-121-0/+137
| | | | not have proper uuid or duplicate uuid which breaks carp/pfsync and other things in HA setup.
* Make the host uuid opt-outErmal LUÇI2015-06-112-4/+10
|
* Revert "Ticket #4442 Do not process URL aliases during bootup but trigger it ↵Chris Buechler2015-06-102-4/+3
| | | | | | just after finished booting. This completely solves the bootup delays without lowering the timeout as before. Probably need to increase a bit the timeouts now to be friendly to other connections" This reverts commit 0d44aca64623da5a3eeef0619704a10b3cfda7a5.
* Send the machine uuid with the headers requesting the version fileErmal LUÇI2015-06-101-2/+2
|
* Send the host uuid with the request for packageErmal LUÇI2015-06-101-0/+1
|
* Fixes #4537 On 32bit platform do not enable direct dispatch on IPsec since ↵Ermal LUÇI2015-06-101-0/+3
| | | | it crashes the system
* No need to do the same exercise twice.Ermal LUÇI2015-06-091-6/+0
|
* Do not disable APc hereErmal LUÇI2015-06-091-3/+0
|
* Restore the file system in R/W mode during most of rc script seems required ↵Ermal LUÇI2015-06-091-0/+15
| | | | on nano. Should unbreak nanobsd
* Add a space to the script to avoid that appended parameters seem the same as ↵Ermal LUÇI2015-06-091-1/+1
| | | | existing one
* Use skel as the source of new user files rather than copying from root.jim-p2015-06-085-1/+28
| | | | Reported-By: https://twitter.com/fitchitis/status/607850849172373504
* Ticket #4442 Do not process URL aliases during bootup but trigger it just ↵Ermal LUÇI2015-06-072-3/+4
| | | | after finished booting. This completely solves the bootup delays without lowering the timeout as before. Probably need to increase a bit the timeouts now to be friendly to other connections
* Fixes #4651 use proper var name on global to have the correct id put on the ruleErmal LUÇI2015-06-071-1/+1
|
* Fix CARP plugin call for packages, interface was coming through as NULL ↵jim-p2015-06-052-2/+2
| | | | during CARP events.
* Add INIT event for CARP as an alternate for 'backup', otherwise scripts ↵jim-p2015-06-051-0/+6
| | | | would not take down services during a MASTER->INIT transition.
* Setup Wizard can result in invalid LAN DHCP pool calculationPhil Davis2015-06-041-4/+4
| | | | | | | | | | | | 1) consider where the LAN IP is in the subnet range and then put the DHCP pool in the biggest remaining segment, either above or below. 2) Check the size of the available segment. If it is reasonably big then leave some space at either end of the segment, like the old code was doing. Otherwise give all the space to the pool. 3) Do not allow subnet mask 32 - I can't think of a use case for LAN to have a /32 subnet mask, it kind of breaks the whole concept of LAN. 4) Provide more detailed separate messages if the user tries to use the network address or broadcast address as the LAN IP.
* A number of things block waiting for file download timeouts, sometimes ↵Chris Buechler2015-06-031-2/+2
| | | | multiple times across multiple files (many URL Table aliases, for instance). The long timeout causes very long boot times (10-20+ minutes) on many configs with pfblocker if booted disconnected from the Internet. This is strictly the timeout for the HTTP/HTTPS connection attempt. Once connected, it can run past that. 5 seconds should be more than enough for any properly-functioning network. Part of Ticket #4442.
* device_type isn't used hereChris Buechler2015-06-021-2/+2
|
* Don't call growl if the configured address isn't an IP or resolvableChris Buechler2015-06-021-1/+1
| | | | | hostname. Avoids 1 minute timeout delay in fsockopen in growl.class. Cuts that down to about a 20 second timeout. Ticket #4739
* trigger a reboot after restoration of full backup. Ticket #4107Chris Buechler2015-06-021-1/+2
|
* Deprecate /usr/local/bin/3gstatRenato Botelho2015-06-021-0/+1
|
* Use CARP IPs that are configured. Ticket #4370Chris Buechler2015-06-021-0/+3
|
* set the serial port appropriately for RCC-VE platforms. sync from factoryChris Buechler2015-06-011-2/+11
| | | | repo. Ticket #4720
* Return IP correctly in get_interface_ip for gateway groups specifying aChris Buechler2015-06-011-0/+4
| | | | VIP. Ticket #4661
* Use 'host!' flag when setting CURLOPT_INTERFACE, as recommended by CURL docsRenato Botelho2015-06-012-2/+2
|
* Pass interface to CURLOPT_INTERFACE instead of IP addres, also use 'if!' ↵Renato Botelho2015-06-011-1/+1
| | | | flag to avoid CURL trying to resolve the interface name
* Allow option to specify just 1 of user and pass in OpenVPN .up filePhil Davis2015-05-301-3/+13
| | | | | | | | | | | | | | As per comment in https://redmine.pfsense.org/issues/3633 sometimes the server end only requires a password, no username. Usually 1 long string that serves as the hard-to-guess authentication. OpenVPN expects something to be on the first line of the ".up" file - traditionally called the username. It also insists on the second line being present, but is happy with it being empty - this is the authentication information traditionally called "password". Let the user put the single piece of authentication information in either the Username or Password field on the web GUI - whichever they feel comfortable calling it. In the ".up" file it has to always be the first line to keep OpenVPN happy.
* Replae backtickes by mwexec()Renato Botelho2015-05-301-2/+2
|
OpenPOWER on IntegriCloud