Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | A new fix for #4130:RELENG_2_2_5 | Renato Botelho | 2015-11-03 | 1 | -2/+10 |
| | | | | | | | | | | | | The fix added for this bug, that check xml file size is < 200 to decide if file must or not be read created a new issue, single entry is not showed. Instead of doing this, check parse_xml_config() return and return empty array when it's -1 While here, prevent errors saying parse_xml_config() doesn't exist and make sure xmlparse.inc is required | ||||
* | Only call pfSense_ipsec_list_sa() when IPsec is enabled | Renato Botelho | 2015-11-03 | 1 | -0/+13 |
| | |||||
* | bump to 2.2.5-RELEASE | Chris Buechler | 2015-11-02 | 1 | -1/+1 |
| | |||||
* | fix whitespace | Chris Buechler | 2015-11-02 | 1 | -5/+5 |
| | |||||
* | Deprecate strongswan smp components | Renato Botelho | 2015-10-30 | 1 | -0/+4 |
| | |||||
* | Remove ipsec_smp_dump_status(), last dependency of strongswan XMP module | Renato Botelho | 2015-10-30 | 1 | -47/+0 |
| | |||||
* | Set leftsendcert=always for IKEv2 configurations with certificates to better ↵ | jim-p | 2015-10-28 | 1 | -0/+5 |
| | | | | accommodate OS X and iOS manual configurations. Fixes #5353 | ||||
* | fix logging config upgrade. Ticket #5340 | Chris Buechler | 2015-10-26 | 1 | -2/+2 |
| | |||||
* | terminate argument parsing before giving the log level. Ticket #5340 | Chris Buechler | 2015-10-26 | 1 | -1/+1 |
| | |||||
* | Use 1-6 rather than 0-5 for IPsec logging levels, to stay away from ↵ | Chris Buechler | 2015-10-26 | 3 | -5/+22 |
| | | | | complications of 0 due to PHP stupidity. Upgrade config to add 1 to any configured log levels. Default to 1 as log level where none is configured by the user. Ticket #5340 | ||||
* | IKE auto mode is back, remove this config upgrade code unsetting it. | Chris Buechler | 2015-10-24 | 1 | -4/+0 |
| | |||||
* | Check unbound root.key file contents, and remove it if invalid, before ↵ | Chris Buechler | 2015-10-21 | 1 | -0/+9 |
| | | | | unbound-anchor runs otherwise it will fail and unbound will fail to start. fsync the file after writing to prevent the problem. Ticket #5334 | ||||
* | Make setting charon.plugins.attr.subnet conditional on net_list being set. Set | Matt Smith | 2015-10-21 | 1 | -3/+1 |
| | | | | it's value to list of subnets configured as P2's for mobile IPsec. Fixes #5327. | ||||
* | Disable strongswan logging under auth since it's all logged under daemon, | Chris Buechler | 2015-10-20 | 1 | -0/+5 |
| | | | | so nothing is duplicated. Ticket #5242 | ||||
* | Check whether the P2 or its associated P1 are disabled before adding NAT | Chris Buechler | 2015-10-20 | 1 | -1/+8 |
| | | | | rules. Ticket #5320 | ||||
* | Disable zero copy buffers in bpf. | Luiz Otavio O Souza | 2015-10-19 | 1 | -1/+0 |
| | | | | | | | | | This was a no-op before my changes (so this was never really enabled) and now it is known to cause issues with tcpdump and hostapd. Disable this until we fix all the raised issues. Issue: #5257 | ||||
* | Cherry-pick 98bf4991dc31f97fc7315a6b8aba433de9d39cea: | Luiz Otavio O Souza | 2015-10-19 | 1 | -20/+14 |
| | | | | | | | | | | | | Fixes #4150. Move to tables to accomodate unlimited number of interfaces. Cherry-pick 52fe0465b463dd8b8f4b2099d562254da320e704: Fix the captive portal rules after 98bf4991dc31f97fc7315a6b8aba433de9d39cea. The malformed rules breaks the parsing of initialisation rules. Issue: #4746 | ||||
* | Add 'caref' attribute to the ca object passed into ca_inter_create so a | Matt Smith | 2015-10-16 | 1 | -0/+1 |
| | | | | relationship to the signing CA can be maintained. Fixes #5313. | ||||
* | Limit strongswan trusted CA certificates to those required for authentication of | Matt Smith | 2015-10-16 | 1 | -22/+46 |
| | | | | the configured IPsec SA's instead of trusting all known CA's. Fixes #5243. | ||||
* | only use daemon and not auth for strongswan logging. As it was, all logs ↵ | Chris Buechler | 2015-10-15 | 1 | -6/+0 |
| | | | | were duplicated. Ticket #5242 | ||||
* | fix comparison here. Ticket #4558 | Chris Buechler | 2015-10-15 | 1 | -1/+1 |
| | |||||
* | Set rightca for IPsec phase 1 using Mutual RSA, Mutual RSA + xauth, or ↵ | Matt Smith | 2015-10-15 | 1 | -0/+24 |
| | | | | EAP-TLS. Fixes #5241. | ||||
* | s/ip/IP/ it got lost on revert. Spotted by @phil-davis | Renato Botelho | 2015-10-14 | 1 | -1/+1 |
| | |||||
* | This is necessary for dhcrelay to function. Revert "remove the destination ↵ | Chris Buechler | 2015-10-14 | 1 | -6/+132 |
| | | | | | | server's interface(s) from dhcrelay" This reverts commit 97613114b5b74c334609d7fcd79c94741b111793. | ||||
* | Auto-add firewall rules for DHCP Relay, same as is done for DHCP Server. Add ↵ | Chris Buechler | 2015-10-14 | 1 | -0/+13 |
| | | | | filter reload to DHCP Relay config so rules are immediately added/removed. Ticket #4558 | ||||
* | Remove original rightsourceip. Ticket #5284 | Chris Buechler | 2015-10-13 | 1 | -1/+0 |
| | |||||
* | PHP chmod() doesn't like 1777, gives it 01777 then | Renato Botelho | 2015-10-13 | 1 | -1/+1 |
| | |||||
* | Add missing ; and also mute chmod | Renato Botelho | 2015-10-13 | 1 | -1/+1 |
| | |||||
* | Preserve /tmp permission, it fixes #5298 | Renato Botelho | 2015-10-13 | 1 | -0/+1 |
| | |||||
* | Remove strongswan's cert directories and repopulate them, to ensure no ↵ | Chris Buechler | 2015-10-12 | 1 | -0/+5 |
| | | | | removed CAs, certs, or CRLs remain. Ticket #5238 | ||||
* | Fix up strongswan logging levels. Remove charondebug since strongswan.conf ↵ | Chris Buechler | 2015-10-12 | 1 | -7/+11 |
| | | | | settings take precedence. Set logging levels in strongswan.conf to match what's set on a running system via 'ipsec stroke loglevel', and remove log levels that were hard coded in strongswan.conf. Ticket #5242 | ||||
* | Add SVG MIME type - RELENG_2_2 | doktornotor | 2015-10-09 | 1 | -0/+1 |
| | | | Because it breaks traffic graphs for people.https://forum.pfsense.org/index.php?topic=87390.0 | ||||
* | Do curl_init above any curl_setopt, and take it out of that if block since ↵ | Chris Buechler | 2015-10-08 | 1 | -1/+2 |
| | | | | it applies to all types. | ||||
* | https://redmine.pfsense.org/issues/5207 | Matt Smith | 2015-10-07 | 1 | -2/+1 |
| | | | | change auth methods for both peers when using hybrid RSA + xauth with IKEv1 | ||||
* | Add support for an IPv6 pool for mobile clients. | Matt Smith | 2015-10-07 | 1 | -4/+13 |
| | |||||
* | Where doing a dynamic DNS update on IPv4, force curl to resolve IPv4 IPs. ↵ | Chris Buechler | 2015-10-03 | 1 | -0/+4 |
| | | | | Ticket #3858 | ||||
* | Fix typo | Chris Buechler | 2015-10-02 | 1 | -1/+1 |
| | |||||
* | Specify PSK for mobile configurations without the leading ID selectors. ↵ | Chris Buechler | 2015-10-02 | 1 | -0/+3 |
| | | | | Fixes PSK mismatches from iOS clients. | ||||
* | When using eap-radius, if the virtual address pool is left blank, pull the ↵ | jim-p | 2015-10-01 | 1 | -2/+6 |
| | | | | IP addresses from RADIUS instead. (Will need an IP address defined for each account.) Doesn't seem to be possible to pull from either RADIUS *or* a local pool that I can see from experimenting and looking at strongSwan's docs. | ||||
* | Specify %any where identifier is "any", so the note on these pages | Chris Buechler | 2015-10-01 | 1 | -0/+3 |
| | | | | actually works. | ||||
* | Only need to check 'vip' here. | Chris Buechler | 2015-09-30 | 1 | -1/+1 |
| | |||||
* | Can't use continue here as it continues the foreach, which skips the | Chris Buechler | 2015-09-30 | 1 | -6/+5 |
| | | | | | "ipfw zone" command, breaking CP for any system that doesn't have VIPs defined. | ||||
* | Bring this back, I'll fix issues afterwards. Revert "Remove "auto", it's ↵ | Chris Buechler | 2015-09-29 | 1 | -1/+3 |
| | | | | | | just a synonym for IKEv2. Ticket #4873" This reverts commit 47f802694a1e1dfbbd011d7ec431c0948358b5c3. | ||||
* | Use the appropriate parent interface with gateway groups using CARP VIPs. | Chris Buechler | 2015-09-29 | 1 | -2/+9 |
| | | | | Ticket #4990 | ||||
* | Disable DHS as a dynamic DNS provider option. It's never worked, and | Chris Buechler | 2015-09-29 | 2 | -5/+6 |
| | | | | | | | fixing is more complex than just fixing the variable screw up and disabling cert validation for their SSLLabs F-graded site. Updates made on their site even take quite some time to be reflected, seems to be a largely abandoned service. | ||||
* | Use self rather than any in auto-added IPsec rules to prevent | Chris Buechler | 2015-09-28 | 1 | -8/+8 |
| | | | | over-matching. Ticket #5211 | ||||
* | Merge pull request #1938 from phil-davis/patch-5 | Renato Botelho | 2015-09-28 | 1 | -2/+21 |
|\ | |||||
| * | Redmine #5200 be less aggressive about DHCP Pool Notice V2 | Phil Davis | 2015-09-26 | 1 | -2/+21 |
| | | | | | | | | | | This one will log_error() the DHCP pool message when it detects the inconsistency at the end of the setup wizard during reload all. That way it can still be seen in the system log that this happened, and one day someone might chase down all the steps in the "reload all" process. Compare this with https://github.com/pfsense/pfsense/pull/1935 and choose which way you would like to go. | ||||
* | | Fix comment language | doktornotor | 2015-09-28 | 1 | -1/+1 |
| | | |||||
* | | Remove syslog.conf entries on package uninstall (Bug #5210) - RELENG_2_2 | doktornotor | 2015-09-27 | 1 | -3/+10 |
|/ | | | The remove_text_from_file() is not needed at all. However, system_syslogd_start() must be run after the package entries are gone from config.xml, otherwise system_syslogd_start() just re-adds the (now almost removed) package logging configuration from there. |