Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix CARP plugin call for packages, interface was coming through as NULL ↵ | jim-p | 2015-06-05 | 2 | -2/+2 |
| | | | | during CARP events. | ||||
* | Add INIT event for CARP as an alternate for 'backup', otherwise scripts ↵ | jim-p | 2015-06-05 | 1 | -0/+6 |
| | | | | would not take down services during a MASTER->INIT transition. | ||||
* | Setup Wizard can result in invalid LAN DHCP pool calculation | Phil Davis | 2015-06-04 | 1 | -4/+4 |
| | | | | | | | | | | | | 1) consider where the LAN IP is in the subnet range and then put the DHCP pool in the biggest remaining segment, either above or below. 2) Check the size of the available segment. If it is reasonably big then leave some space at either end of the segment, like the old code was doing. Otherwise give all the space to the pool. 3) Do not allow subnet mask 32 - I can't think of a use case for LAN to have a /32 subnet mask, it kind of breaks the whole concept of LAN. 4) Provide more detailed separate messages if the user tries to use the network address or broadcast address as the LAN IP. | ||||
* | A number of things block waiting for file download timeouts, sometimes ↵ | Chris Buechler | 2015-06-03 | 1 | -2/+2 |
| | | | | multiple times across multiple files (many URL Table aliases, for instance). The long timeout causes very long boot times (10-20+ minutes) on many configs with pfblocker if booted disconnected from the Internet. This is strictly the timeout for the HTTP/HTTPS connection attempt. Once connected, it can run past that. 5 seconds should be more than enough for any properly-functioning network. Part of Ticket #4442. | ||||
* | device_type isn't used here | Chris Buechler | 2015-06-02 | 1 | -2/+2 |
| | |||||
* | Don't call growl if the configured address isn't an IP or resolvable | Chris Buechler | 2015-06-02 | 1 | -1/+1 |
| | | | | | hostname. Avoids 1 minute timeout delay in fsockopen in growl.class. Cuts that down to about a 20 second timeout. Ticket #4739 | ||||
* | trigger a reboot after restoration of full backup. Ticket #4107 | Chris Buechler | 2015-06-02 | 1 | -1/+2 |
| | |||||
* | Deprecate /usr/local/bin/3gstat | Renato Botelho | 2015-06-02 | 1 | -0/+1 |
| | |||||
* | Use CARP IPs that are configured. Ticket #4370 | Chris Buechler | 2015-06-02 | 1 | -0/+3 |
| | |||||
* | set the serial port appropriately for RCC-VE platforms. sync from factory | Chris Buechler | 2015-06-01 | 1 | -2/+11 |
| | | | | repo. Ticket #4720 | ||||
* | Return IP correctly in get_interface_ip for gateway groups specifying a | Chris Buechler | 2015-06-01 | 1 | -0/+4 |
| | | | | VIP. Ticket #4661 | ||||
* | Use 'host!' flag when setting CURLOPT_INTERFACE, as recommended by CURL docs | Renato Botelho | 2015-06-01 | 2 | -2/+2 |
| | |||||
* | Pass interface to CURLOPT_INTERFACE instead of IP addres, also use 'if!' ↵ | Renato Botelho | 2015-06-01 | 1 | -1/+1 |
| | | | | flag to avoid CURL trying to resolve the interface name | ||||
* | Allow option to specify just 1 of user and pass in OpenVPN .up file | Phil Davis | 2015-05-30 | 1 | -3/+13 |
| | | | | | | | | | | | | | | As per comment in https://redmine.pfsense.org/issues/3633 sometimes the server end only requires a password, no username. Usually 1 long string that serves as the hard-to-guess authentication. OpenVPN expects something to be on the first line of the ".up" file - traditionally called the username. It also insists on the second line being present, but is happy with it being empty - this is the authentication information traditionally called "password". Let the user put the single piece of authentication information in either the Username or Password field on the web GUI - whichever they feel comfortable calling it. In the ".up" file it has to always be the first line to keep OpenVPN happy. | ||||
* | Replae backtickes by mwexec() | Renato Botelho | 2015-05-30 | 1 | -2/+2 |
| | |||||
* | We need to at least setup the serial port before we try to blast | Robert Noland | 2015-05-30 | 1 | -20/+24 |
| | | | | | config data to it. My system was hanging during boot because cat was couldn't output gps.init to the port. | ||||
* | Return link-local address when we are only requesting IPv6 prefix only if ↵ | k-paulius | 2015-05-30 | 1 | -11/+13 |
| | | | | there is no global IPv6 address. In some cases global SLAAC IPv6 address might be present when using DHCPv6. Fixes #4483 | ||||
* | Adding the Appropriate RA Flags for "Stateless DHCP" | aqueeb | 2015-05-28 | 1 | -0/+5 |
| | |||||
* | Revert "Disable this tunable for now. Ticket #4523" | Ermal LUÇI | 2015-05-27 | 1 | -1/+1 |
| | | | | This reverts commit 85a37985b15c7a7c935d0028aa7a520110c2e649. | ||||
* | Ticket #4523 Major changes to how fsck is done. | Ermal LUÇI | 2015-05-27 | 2 | -12/+33 |
| | | | | | | | | | | | | | | | Follow best practice of using fsck from FreeBSD rc.d/fsck script. This means run preen mode first and later on try forcefully to fix issues. Try to give as much information during boot on the status of the filesystem. Follow best practice of using fsck from FreeBSD rc.d/fsck script. This means run preen mode first and later on try forcefully to fix issues. Try to give as much information during boot on the status of the filesystem. Conflicts: etc/inc/services.inc | ||||
* | Ticket #4523 Run fsck with -C flag and alway in foreground during bootup to ↵ | Ermal LUÇI | 2015-05-27 | 1 | -73/+36 |
| | | | | prevent any issues that might schedule background mode. | ||||
* | Disable this tunable for now. Ticket #4523 | Ermal LUÇI | 2015-05-25 | 1 | -1/+1 |
| | |||||
* | create /var/spool/lock on nano so tip works without hassles. Ticket #4532 | Chris Buechler | 2015-05-15 | 1 | -1/+2 |
| | |||||
* | Disable defering in pfsync which is used for active-active deployments not ↵ | Ermal LUÇI | 2015-05-15 | 1 | -0/+1 |
| | | | | useble in FreeBSD. This should fix hangs reported on some machines wiht pfsync | ||||
* | Add some error checking to avoid warning during boot | Ermal LUÇI | 2015-05-14 | 1 | -1/+6 |
| | |||||
* | Ticket #4652 actually return value as expected! | Ermal LUÇI | 2015-05-01 | 1 | -2/+2 |
| | |||||
* | Ticket #4235 put reply-to/route-to rules even for mobile-ipsec. | Ermal LUÇI | 2015-05-01 | 1 | -7/+6 |
| | |||||
* | Ticket #4651 Oops correct name of var | Ermal LUÇI | 2015-05-01 | 1 | -1/+1 |
| | |||||
* | Fixes #4651 Assign a proper tracker for NEGATE rules | Ermal LUÇI | 2015-05-01 | 1 | -1/+9 |
| | |||||
* | Fixes #4652 put workaround for bogus timestamp until real data are cosnumed. | Ermal LUÇI | 2015-05-01 | 1 | -1/+6 |
| | |||||
* | Seems strongswan 5.3.0 has improved the situation on putting multiple phase2 ↵ | Ermal LUÇI | 2015-04-30 | 1 | -4/+4 |
| | | | | on IKEv1 behaviour and it behaves even better with reqid not defined in config. | ||||
* | Revert "Use a dirty hack to make IKEv1 with multiple phase2 to work ↵ | Ermal LUÇI | 2015-04-30 | 1 | -3/+0 |
| | | | | | | correctly with one IKE SA for each subnet" This reverts commit 7d5add01e48bab8d82d5a5699325fa7b6aeb4e5c. | ||||
* | Revert "Provide a description for the dirty hack to not come back ↵ | Ermal LUÇI | 2015-04-30 | 1 | -5/+0 |
| | | | | | | scratching.... on it" This reverts commit 6d7e7c0c5cd8ec613235cd9f2a01f60bb7c32c79. | ||||
* | Fall back to getting local user pages and groups | Phil Davis | 2015-04-27 | 1 | -5/+7 |
| | | | | if the groups could not be found from LDAP and there is a local user. | ||||
* | Provide a description for the dirty hack to not come back scratching.... on it | Ermal LUÇI | 2015-04-24 | 1 | -0/+5 |
| | |||||
* | Use a dirty hack to make IKEv1 with multiple phase2 to work correctly with ↵ | Ermal LUÇI | 2015-04-24 | 1 | -0/+3 |
| | | | | one IKE SA for each subnet | ||||
* | Is better to send the signal to starter rather than to charon directly. ↵ | Ermal LUÇI | 2015-04-24 | 1 | -4/+3 |
| | | | | Starter manager charon properly. This should fix a lot of issues with configuration reloading that before sometimes did not work especially when changing phase2 entries | ||||
* | This was meant to remove duplicates here, even though charon will do by ↵ | Ermal LUÇI | 2015-04-23 | 1 | -1/+1 |
| | | | | itself but better do it since it was meant to. | ||||
* | Merge manually pull request #1626 to this branch | Ermal LUÇI | 2015-04-21 | 1 | -3/+2 |
| | |||||
* | s/;/:/ | Ermal LUÇI | 2015-04-21 | 1 | -5/+5 |
| | |||||
* | Revert "Revert "Move to specifically specifying the ID type apart when an ip ↵ | Ermal LUÇI | 2015-04-21 | 2 | -32/+34 |
| | | | | | | | | | address to have strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own."" This reverts commit 4e8eacfd7c0f1909c15d85b4cae2302b0ba3f0fc. Conflicts: etc/inc/ipsec.inc | ||||
* | Add new bios product id string | Jeremy Porter | 2015-04-20 | 1 | -0/+1 |
| | |||||
* | Allow to configure new modes for phase1 according to RFC 5903 by manually ↵ | Ermal LUÇI | 2015-04-20 | 2 | -0/+12 |
| | | | | merging pull request #1501 partially. While here preserve style. | ||||
* | Fixes #4625, manual merge of pull request #1617 for RELENG_2_2 branch on ↵ | Ermal LUÇI | 2015-04-20 | 1 | -1/+2 |
| | | | | fixing voucher disconnection. | ||||
* | Implement make bofre break feature avaliable on strongswan 5.3.0 useful for ↵ | Ermal LUÇI | 2015-04-18 | 1 | -1/+7 |
| | | | | IKEv2. Fixes #4626 | ||||
* | Make auth_get_authserver_list available to vpn.inc | Ingo Bauersachs | 2015-04-17 | 1 | -0/+1 |
| | | | This is a follow-up to PR #1613 and avoids a crash in this script at random times. | ||||
* | Fixes #4625 correct disconnection of users especially when called from ↵ | Ermal LUÇI | 2015-04-16 | 1 | -1/+3 |
| | | | | xmlrpc code. | ||||
* | Merge pull request #1613 from ibauersachs/ipsec-mobile-eap-radius_2-2 | Ermal LUÇI | 2015-04-16 | 2 | -1/+36 |
|\ | |||||
| * | Add support for EAP-RADIUS to IKEv2 Mobile Clients (Rel. 2.2) | Ingo Bauersachs | 2015-04-15 | 2 | -1/+36 |
| | | |||||
* | | Always do a filter reload in vpn_ipsec_configure to ensure the ruleset is | Chris Buechler | 2015-04-16 | 1 | -2/+3 |
| | | | | | | | | updated where necessary in every IPsec change scenario. |