summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* Fix CARP plugin call for packages, interface was coming through as NULL ↵jim-p2015-06-052-2/+2
| | | | during CARP events.
* Add INIT event for CARP as an alternate for 'backup', otherwise scripts ↵jim-p2015-06-051-0/+6
| | | | would not take down services during a MASTER->INIT transition.
* Setup Wizard can result in invalid LAN DHCP pool calculationPhil Davis2015-06-041-4/+4
| | | | | | | | | | | | 1) consider where the LAN IP is in the subnet range and then put the DHCP pool in the biggest remaining segment, either above or below. 2) Check the size of the available segment. If it is reasonably big then leave some space at either end of the segment, like the old code was doing. Otherwise give all the space to the pool. 3) Do not allow subnet mask 32 - I can't think of a use case for LAN to have a /32 subnet mask, it kind of breaks the whole concept of LAN. 4) Provide more detailed separate messages if the user tries to use the network address or broadcast address as the LAN IP.
* A number of things block waiting for file download timeouts, sometimes ↵Chris Buechler2015-06-031-2/+2
| | | | multiple times across multiple files (many URL Table aliases, for instance). The long timeout causes very long boot times (10-20+ minutes) on many configs with pfblocker if booted disconnected from the Internet. This is strictly the timeout for the HTTP/HTTPS connection attempt. Once connected, it can run past that. 5 seconds should be more than enough for any properly-functioning network. Part of Ticket #4442.
* device_type isn't used hereChris Buechler2015-06-021-2/+2
|
* Don't call growl if the configured address isn't an IP or resolvableChris Buechler2015-06-021-1/+1
| | | | | hostname. Avoids 1 minute timeout delay in fsockopen in growl.class. Cuts that down to about a 20 second timeout. Ticket #4739
* trigger a reboot after restoration of full backup. Ticket #4107Chris Buechler2015-06-021-1/+2
|
* Deprecate /usr/local/bin/3gstatRenato Botelho2015-06-021-0/+1
|
* Use CARP IPs that are configured. Ticket #4370Chris Buechler2015-06-021-0/+3
|
* set the serial port appropriately for RCC-VE platforms. sync from factoryChris Buechler2015-06-011-2/+11
| | | | repo. Ticket #4720
* Return IP correctly in get_interface_ip for gateway groups specifying aChris Buechler2015-06-011-0/+4
| | | | VIP. Ticket #4661
* Use 'host!' flag when setting CURLOPT_INTERFACE, as recommended by CURL docsRenato Botelho2015-06-012-2/+2
|
* Pass interface to CURLOPT_INTERFACE instead of IP addres, also use 'if!' ↵Renato Botelho2015-06-011-1/+1
| | | | flag to avoid CURL trying to resolve the interface name
* Allow option to specify just 1 of user and pass in OpenVPN .up filePhil Davis2015-05-301-3/+13
| | | | | | | | | | | | | | As per comment in https://redmine.pfsense.org/issues/3633 sometimes the server end only requires a password, no username. Usually 1 long string that serves as the hard-to-guess authentication. OpenVPN expects something to be on the first line of the ".up" file - traditionally called the username. It also insists on the second line being present, but is happy with it being empty - this is the authentication information traditionally called "password". Let the user put the single piece of authentication information in either the Username or Password field on the web GUI - whichever they feel comfortable calling it. In the ".up" file it has to always be the first line to keep OpenVPN happy.
* Replae backtickes by mwexec()Renato Botelho2015-05-301-2/+2
|
* We need to at least setup the serial port before we try to blastRobert Noland2015-05-301-20/+24
| | | | | config data to it. My system was hanging during boot because cat was couldn't output gps.init to the port.
* Return link-local address when we are only requesting IPv6 prefix only if ↵k-paulius2015-05-301-11/+13
| | | | there is no global IPv6 address. In some cases global SLAAC IPv6 address might be present when using DHCPv6. Fixes #4483
* Adding the Appropriate RA Flags for "Stateless DHCP"aqueeb2015-05-281-0/+5
|
* Revert "Disable this tunable for now. Ticket #4523"Ermal LUÇI2015-05-271-1/+1
| | | | This reverts commit 85a37985b15c7a7c935d0028aa7a520110c2e649.
* Ticket #4523 Major changes to how fsck is done.Ermal LUÇI2015-05-272-12/+33
| | | | | | | | | | | | | | | Follow best practice of using fsck from FreeBSD rc.d/fsck script. This means run preen mode first and later on try forcefully to fix issues. Try to give as much information during boot on the status of the filesystem. Follow best practice of using fsck from FreeBSD rc.d/fsck script. This means run preen mode first and later on try forcefully to fix issues. Try to give as much information during boot on the status of the filesystem. Conflicts: etc/inc/services.inc
* Ticket #4523 Run fsck with -C flag and alway in foreground during bootup to ↵Ermal LUÇI2015-05-271-73/+36
| | | | prevent any issues that might schedule background mode.
* Disable this tunable for now. Ticket #4523Ermal LUÇI2015-05-251-1/+1
|
* create /var/spool/lock on nano so tip works without hassles. Ticket #4532Chris Buechler2015-05-151-1/+2
|
* Disable defering in pfsync which is used for active-active deployments not ↵Ermal LUÇI2015-05-151-0/+1
| | | | useble in FreeBSD. This should fix hangs reported on some machines wiht pfsync
* Add some error checking to avoid warning during bootErmal LUÇI2015-05-141-1/+6
|
* Ticket #4652 actually return value as expected!Ermal LUÇI2015-05-011-2/+2
|
* Ticket #4235 put reply-to/route-to rules even for mobile-ipsec.Ermal LUÇI2015-05-011-7/+6
|
* Ticket #4651 Oops correct name of varErmal LUÇI2015-05-011-1/+1
|
* Fixes #4651 Assign a proper tracker for NEGATE rulesErmal LUÇI2015-05-011-1/+9
|
* Fixes #4652 put workaround for bogus timestamp until real data are cosnumed.Ermal LUÇI2015-05-011-1/+6
|
* Seems strongswan 5.3.0 has improved the situation on putting multiple phase2 ↵Ermal LUÇI2015-04-301-4/+4
| | | | on IKEv1 behaviour and it behaves even better with reqid not defined in config.
* Revert "Use a dirty hack to make IKEv1 with multiple phase2 to work ↵Ermal LUÇI2015-04-301-3/+0
| | | | | | correctly with one IKE SA for each subnet" This reverts commit 7d5add01e48bab8d82d5a5699325fa7b6aeb4e5c.
* Revert "Provide a description for the dirty hack to not come back ↵Ermal LUÇI2015-04-301-5/+0
| | | | | | scratching.... on it" This reverts commit 6d7e7c0c5cd8ec613235cd9f2a01f60bb7c32c79.
* Fall back to getting local user pages and groupsPhil Davis2015-04-271-5/+7
| | | | if the groups could not be found from LDAP and there is a local user.
* Provide a description for the dirty hack to not come back scratching.... on itErmal LUÇI2015-04-241-0/+5
|
* Use a dirty hack to make IKEv1 with multiple phase2 to work correctly with ↵Ermal LUÇI2015-04-241-0/+3
| | | | one IKE SA for each subnet
* Is better to send the signal to starter rather than to charon directly. ↵Ermal LUÇI2015-04-241-4/+3
| | | | Starter manager charon properly. This should fix a lot of issues with configuration reloading that before sometimes did not work especially when changing phase2 entries
* This was meant to remove duplicates here, even though charon will do by ↵Ermal LUÇI2015-04-231-1/+1
| | | | itself but better do it since it was meant to.
* Merge manually pull request #1626 to this branchErmal LUÇI2015-04-211-3/+2
|
* s/;/:/Ermal LUÇI2015-04-211-5/+5
|
* Revert "Revert "Move to specifically specifying the ID type apart when an ip ↵Ermal LUÇI2015-04-212-32/+34
| | | | | | | | | address to have strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own."" This reverts commit 4e8eacfd7c0f1909c15d85b4cae2302b0ba3f0fc. Conflicts: etc/inc/ipsec.inc
* Add new bios product id stringJeremy Porter2015-04-201-0/+1
|
* Allow to configure new modes for phase1 according to RFC 5903 by manually ↵Ermal LUÇI2015-04-202-0/+12
| | | | merging pull request #1501 partially. While here preserve style.
* Fixes #4625, manual merge of pull request #1617 for RELENG_2_2 branch on ↵Ermal LUÇI2015-04-201-1/+2
| | | | fixing voucher disconnection.
* Implement make bofre break feature avaliable on strongswan 5.3.0 useful for ↵Ermal LUÇI2015-04-181-1/+7
| | | | IKEv2. Fixes #4626
* Make auth_get_authserver_list available to vpn.incIngo Bauersachs2015-04-171-0/+1
| | | This is a follow-up to PR #1613 and avoids a crash in this script at random times.
* Fixes #4625 correct disconnection of users especially when called from ↵Ermal LUÇI2015-04-161-1/+3
| | | | xmlrpc code.
* Merge pull request #1613 from ibauersachs/ipsec-mobile-eap-radius_2-2Ermal LUÇI2015-04-162-1/+36
|\
| * Add support for EAP-RADIUS to IKEv2 Mobile Clients (Rel. 2.2)Ingo Bauersachs2015-04-152-1/+36
| |
* | Always do a filter reload in vpn_ipsec_configure to ensure the ruleset isChris Buechler2015-04-161-2/+3
| | | | | | | | updated where necessary in every IPsec change scenario.
OpenPOWER on IntegriCloud