Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add leftid and rightid value between double quotes on ipsec config when type ↵ | Renato Botelho | 2015-07-16 | 2 | -3/+8 |
| | | | | is asn1dn. Ticket #4792 | ||||
* | Remove old, unused NetUtils.js | Chris Buechler | 2015-07-16 | 1 | -0/+1 |
| | |||||
* | Revert "Avoid error loading rules for numeric host name in alias" | Renato Botelho | 2015-07-15 | 1 | -1/+1 |
| | | | | This reverts commit 6605035f9d2a04d1d4b724f6e993bc3f5c6d173d. | ||||
* | Fix issue_ip_type var name spelling | Phil Davis | 2015-07-15 | 1 | -6/+6 |
| | | | Actually there was no real problem, but having a mis-spelling like this means that English speakers will waste time (like I did) double-checking to see if the mis-spelling would cause a real problem. | ||||
* | Avoid error loading rules for numeric host name in alias | Phil Davis | 2015-07-15 | 1 | -1/+1 |
| | | | | | | | | | | | Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". The webGUI reports: There were error(s) loading the rules: /tmp/rules.debug:44: syntax error - The line in question reads [44]: table { 23 } and /tmp/rules.debug has: table <Zqw> { 23 } Zqw = "<Zqw>" which pf does not cope with. It is possible to have a host name that is a number, and end up with a domain name like 23.mycompany.com - unfortunately some Wally allowed such things in standards many years ago, so it can be rather difficult to tell the difference between a number and a host name. This change improves the check when looking through alias entries and deciding if they are meant to be a name or a "bottom-level" value (address, subnet, port, port range). Anything that ends up looking like a host name gets given to filterdns to sort out. "Names" like "23" now get given to filterdns instead of being put directly into the table in pf. This makes things happier. Even if filterdns cannot resolve "23", at least it tries and nothing barfs. | ||||
* | Fix GratisDNS support, manual merge of commit ↵ | Chris Buechler | 2015-07-14 | 1 | -2/+2 |
| | | | | 3e31a7f82589d3350f111bd7d81cc83a0ab253e2 | ||||
* | fix fsync, thanks Phil Davis for noticing | Chris Buechler | 2015-07-10 | 1 | -1/+1 |
| | |||||
* | fix fsync | Chris Buechler | 2015-07-10 | 1 | -1/+1 |
| | |||||
* | fsync after fclose here, clean up some white space while here. | Chris Buechler | 2015-07-10 | 1 | -21/+27 |
| | |||||
* | fsync conf_path here too | Chris Buechler | 2015-07-10 | 1 | -0/+1 |
| | |||||
* | fix typo | Chris Buechler | 2015-07-10 | 1 | -1/+1 |
| | |||||
* | Make sure config.xml is safe on disk when restoring a backup, ticket #4803 | Renato Botelho | 2015-07-06 | 1 | -0/+1 |
| | |||||
* | Make sure temporary config file is safe on disk before rename, ticket #4803 | Renato Botelho | 2015-07-06 | 1 | -1/+1 |
| | |||||
* | Remove reference to vfs.forcesync | Renato Botelho | 2015-07-06 | 1 | -1/+0 |
| | |||||
* | Use right function pfSense_fsync to make sure config file is safe on disk, ↵ | Renato Botelho | 2015-07-06 | 1 | -4/+2 |
| | | | | ticket #4803 | ||||
* | fix includes so shellsession restartipsec works. | Chris Buechler | 2015-07-05 | 1 | -0/+2 |
| | |||||
* | remove debug.pfftpproxy, it no longer exists. | Chris Buechler | 2015-07-04 | 1 | -1/+0 |
| | |||||
* | Fix keyid identifers, and go back to using %any in ipsec.secrets as in ↵ | Chris Buechler | 2015-07-03 | 1 | -2/+4 |
| | | | | previous versions, fixing a variety of other ID issues. Latter will break some mobile IPsec circumstances, fix for that to come after more testing. Ticket #4811 | ||||
* | sync up vpn.inc with master. Mostly white space and style changes | Chris Buechler | 2015-07-02 | 1 | -280/+426 |
| | |||||
* | sync up ipsec.inc with master. Mostly whitespace and style changes. | Chris Buechler | 2015-07-02 | 1 | -174/+219 |
| | |||||
* | fix part of keyid problem. Ticket #4811 | Chris Buechler | 2015-07-01 | 1 | -1/+1 |
| | |||||
* | Remove unnecessary deletion of rc.conf. Add an empty rc.conf with a note | Chris Buechler | 2015-07-01 | 3 | -6/+1 |
| | | | | so people don't think they should be using it. | ||||
* | Improve handling of port ranges in relayd, fixes #4810 | jim-p | 2015-07-01 | 1 | -1/+5 |
| | |||||
* | Use interface-automatic for Unbound when the interfaces list is empty (same ↵ | jim-p | 2015-06-26 | 1 | -0/+2 |
| | | | | as All) otherwise it breaks with a default CARP config. | ||||
* | Bump version to 2.2.4-DEVELOPMENT | Renato Botelho | 2015-06-25 | 1 | -1/+1 |
| | |||||
* | It's time for 2.2.3-RELEASERELENG_2_2_3 | Renato Botelho | 2015-06-23 | 1 | -1/+1 |
| | |||||
* | Add D1540-XG. | Matt Smith | 2015-06-23 | 1 | -0/+3 |
| | |||||
* | Introduce Netgate RCC-DFF to the list of known platforms | Renato Botelho | 2015-06-23 | 2 | -2/+8 |
| | |||||
* | rereadall is not enough here, restore reload call to make sure everything ↵ | Renato Botelho | 2015-06-23 | 1 | -0/+1 |
| | | | | works. Ticket #4785 | ||||
* | Replace ipsec rereadsecrets + reload by single rereadall, that will re-read ↵ | Renato Botelho | 2015-06-23 | 1 | -2/+1 |
| | | | | also cert changes. Ticket #4785 | ||||
* | Instead of sending USR1, just call ipsec reload. And before it, call ipsec ↵ | Renato Botelho | 2015-06-23 | 1 | -1/+2 |
| | | | | rereadsecrets to make sure new secretes are updated. It should fix #4785 | ||||
* | Partially revert 019ee2bc8c, this workaround is not necessary. Real fix will ↵ | Renato Botelho | 2015-06-23 | 1 | -8/+0 |
| | | | | be committed after this | ||||
* | Add a workaround for ticket #4785: | Renato Botelho | 2015-06-23 | 1 | -4/+18 |
| | | | | | | There was a regression on strongswan between 5.3.0 and 5.3.2 as reported at [1]. To workaround this issue, add an extra line on ipsec.secrets with right fqdn. | ||||
* | Fix var name typo in shaper.inc | Chris Buechler | 2015-06-23 | 1 | -1/+1 |
| | |||||
* | Don't delete /var/tmp/, that was originally done to clear session data at ↵ | Chris Buechler | 2015-06-22 | 1 | -1/+0 |
| | | | | boot, but no longer applicable as session data is no longer in /var/tmp/. Credit to 'aa' on opnsense forum. | ||||
* | Use $myid in ipsec.secrets. Ticket #4785 | Chris Buechler | 2015-06-22 | 1 | -2/+2 |
| | |||||
* | This is incomplete. Leaving for 2.3. Revert "Ticket #4683 merge in brainpool ↵ | Chris Buechler | 2015-06-22 | 1 | -11/+2 |
| | | | | | | for DH parameters" This reverts commit 7dc35024af3af1d644c25b002ca9f40f1d61c05b. | ||||
* | Specify $myid rather than %any here, otherwise user manager and mobile PSKs ↵ | Chris Buechler | 2015-06-21 | 1 | -3/+4 |
| | | | | won't match. Ticket #4781 | ||||
* | Obsolete pt_BR.ISO-88591 in favor of UTF-8 | Renato Botelho | 2015-06-19 | 1 | -1/+1 |
| | |||||
* | Move pt_BR translation from ISO to UTF-8 | Renato Botelho | 2015-06-19 | 1 | -1/+1 |
| | |||||
* | Ticket #4746 Correctly set global variables to be used by hostnames cod epaths | Ermal LUÇI | 2015-06-19 | 1 | -2/+2 |
| | |||||
* | Ticket #4683 merge in brainpool for DH parameters | Ermal LUÇI | 2015-06-19 | 1 | -2/+11 |
| | |||||
* | Add a GUI field to increase the pf frag entries limit. Fixes ticket #4775 | jim-p | 2015-06-18 | 1 | -0/+5 |
| | |||||
* | chmod +x hostid | Chris Buechler | 2015-06-18 | 1 | -0/+0 |
| | |||||
* | Blacklist invalid "from" sources since they can be picked up accidentally ↵ | jim-p | 2015-06-17 | 1 | -1/+3 |
| | | | | and cause rule errors. Fixes #4772 | ||||
* | Remove load_balancer_relay_* -- They are not used, not linked, not ↵ | jim-p | 2015-06-16 | 2 | -24/+4 |
| | | | | functional, not maintained, and have potential security issues. | ||||
* | Remove the GUI for the pc-sysinstaller as well and add it to obsoletee files | Ermal LUÇI | 2015-06-15 | 1 | -0/+3 |
| | |||||
* | Add hostid script in the source to solve the issue with platforms that do ↵ | Ermal LUÇI | 2015-06-12 | 1 | -0/+137 |
| | | | | not have proper uuid or duplicate uuid which breaks carp/pfsync and other things in HA setup. | ||||
* | Make the host uuid opt-out | Ermal LUÇI | 2015-06-11 | 2 | -4/+10 |
| | |||||
* | Revert "Ticket #4442 Do not process URL aliases during bootup but trigger it ↵ | Chris Buechler | 2015-06-10 | 2 | -4/+3 |
| | | | | | | just after finished booting. This completely solves the bootup delays without lowering the timeout as before. Probably need to increase a bit the timeouts now to be friendly to other connections" This reverts commit 0d44aca64623da5a3eeef0619704a10b3cfda7a5. |