Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | bump to 2.2.6-RELEASE | Chris Buechler | 2015-12-18 | 1 | -1/+1 |
| | |||||
* | Flush zone's tables if its db must be reset to avoid leaving behind any ↵ | Chris Buechler | 2015-12-17 | 1 | -1/+14 |
| | | | | table entries. Ticket #5622 | ||||
* | Add busytimeout of 60 seconds for CP database access. This matches the ↵ | Chris Buechler | 2015-12-17 | 1 | -0/+4 |
| | | | | default value PHP uses with sqlite 2.x versions (pfSense 2.1.x and earlier) and prevents the issues noted in Ticket #5622 | ||||
* | add these three strongswan libs to the obsoletedfiles list. They haven't ↵ | Chris Buechler | 2015-12-16 | 1 | -0/+3 |
| | | | | been included in any releases, but were briefly included in snapshots in mid April 2015. | ||||
* | Fix handling of 0-byte files uploaded to the CP file manager. | jim-p | 2015-12-15 | 1 | -2/+7 |
| | |||||
* | Merge pull request #2213 from PiBa-NL/pferrormessage-22 | Renato Botelho | 2015-12-14 | 1 | -13/+15 |
|\ | |||||
| * | fix showing when a error happens parsing pf rules | PiBa-NL | 2015-12-12 | 1 | -13/+15 |
| | | | | | | | | | | | | For example a queue interface speed mismatch could go unnoticed. backport from 2.3 of #2165 | ||||
* | | Fix typo, gateway entry in config has a field called monitor, not monitorip | Renato Botelho | 2015-12-11 | 1 | -4/+4 |
|/ | |||||
* | Merge pull request #2162 from phil-davis/patch-1 | Renato Botelho | 2015-12-07 | 1 | -11/+3 |
|\ | |||||
| * | Fix duplicate syslog messages - Redmine #5606 for RELENG_2_2 | Phil Davis | 2015-12-06 | 1 | -11/+3 |
| | | | | | | | | | | | | | | | | The generated syslog.conf needs to have the system.log selections combined into a single line in 2 places. The OP on redmine 5606 just showed 1 place in the diff there. On my system, this gets rid of the duplicated message on login: php-fpm[11074]: /index.php: Successful login for user 'my.name' from: 10.11.12.13 Note: for some reason old line 848 includes local4.none - but local4.none does not appear in old line 864. What is that about? Is that another different bug? I did not mess with that, but I noticed that the OPs diff listing did also add in local4.none where it seems to be missing. | ||||
* | | Redmine #4279 Package reinstall displayed when shutting down before upgrade | Phil Davis | 2015-12-07 | 2 | -1/+7 |
|/ | | | | | | | | | | | | Use a different flag file to indicate that a package reinstall is required after a reboot is done first. This avoids the possibility that the user navigates in the webGUI during the time while the shutdown is in progress and is accidentally presented with the reinstall all packages GUI button. Early in rc.bootup switch the flag file to use its ordinary name, so that all subsequent code in boot scripts and webGUI will work as it already does to handle the package reinstall and notifying the user that a package reinstall is about to be done or in progress... | ||||
* | Include ipsec.inc here otherwise the global is undefined when called when ↵ | jim-p | 2015-12-04 | 1 | -0/+1 |
| | | | | restoring a config in the GUI. | ||||
* | Sanitize the session_id/logout_id in captive portal. | Chris Buechler | 2015-12-02 | 1 | -0/+1 |
| | |||||
* | Backport #5512 RADIUS secret | Phil Davis | 2015-11-23 | 1 | -1/+1 |
| | | | Another little easy thing to backport just in case. | ||||
* | Merge pull request #2014 from phil-davis/patch-1 | Renato Botelho | 2015-11-19 | 1 | -2/+2 |
|\ | |||||
| * | Fix firewall log dynamic rule lookup | Phil Davis | 2015-11-02 | 1 | -2/+2 |
| | | | | | | for rows that are dynamically added as time goes by. | ||||
* | | Merge pull request #2069 from jean-m-cyr/RELENG_2_2 | Renato Botelho | 2015-11-19 | 1 | -0/+4 |
|\ \ | |||||
| * | | Add missing stratum parameter | Jean Cyr | 2015-11-15 | 1 | -0/+4 |
| | | | | | | | | | | | | | | | Add missing stratum parameter in ntpd.conf when specified on Serial GPS page. | ||||
* | | | Ticket #5451 for RELENG_2_2 | Phil Davis | 2015-11-15 | 1 | -1/+1 |
|/ / | | | | | | | | | Actually this can be fixed by adding just a space after "from any". The code here builds up $tmprule and each time it adds a new clause it puts a space at the end, ready for if there is another clause to come. The "from any" here was the only offender in this scheme. It seems good to me to still backport little easy fixes to RELENG_2_2. That way production users can get them easily if they like (with system patches or...). | ||||
* | | Change version to 2.2.6-DEVELOPMENT | Renato Botelho | 2015-11-06 | 1 | -1/+1 |
| | | |||||
* | | A new fix for #4130:RELENG_2_2_5 | Renato Botelho | 2015-11-03 | 1 | -2/+10 |
| | | | | | | | | | | | | | | | | | | | | | | | | The fix added for this bug, that check xml file size is < 200 to decide if file must or not be read created a new issue, single entry is not showed. Instead of doing this, check parse_xml_config() return and return empty array when it's -1 While here, prevent errors saying parse_xml_config() doesn't exist and make sure xmlparse.inc is required | ||||
* | | Only call pfSense_ipsec_list_sa() when IPsec is enabled | Renato Botelho | 2015-11-03 | 1 | -0/+13 |
| | | |||||
* | | bump to 2.2.5-RELEASE | Chris Buechler | 2015-11-02 | 1 | -1/+1 |
| | | |||||
* | | fix whitespace | Chris Buechler | 2015-11-02 | 1 | -5/+5 |
|/ | |||||
* | Deprecate strongswan smp components | Renato Botelho | 2015-10-30 | 1 | -0/+4 |
| | |||||
* | Remove ipsec_smp_dump_status(), last dependency of strongswan XMP module | Renato Botelho | 2015-10-30 | 1 | -47/+0 |
| | |||||
* | Set leftsendcert=always for IKEv2 configurations with certificates to better ↵ | jim-p | 2015-10-28 | 1 | -0/+5 |
| | | | | accommodate OS X and iOS manual configurations. Fixes #5353 | ||||
* | fix logging config upgrade. Ticket #5340 | Chris Buechler | 2015-10-26 | 1 | -2/+2 |
| | |||||
* | terminate argument parsing before giving the log level. Ticket #5340 | Chris Buechler | 2015-10-26 | 1 | -1/+1 |
| | |||||
* | Use 1-6 rather than 0-5 for IPsec logging levels, to stay away from ↵ | Chris Buechler | 2015-10-26 | 3 | -5/+22 |
| | | | | complications of 0 due to PHP stupidity. Upgrade config to add 1 to any configured log levels. Default to 1 as log level where none is configured by the user. Ticket #5340 | ||||
* | IKE auto mode is back, remove this config upgrade code unsetting it. | Chris Buechler | 2015-10-24 | 1 | -4/+0 |
| | |||||
* | Check unbound root.key file contents, and remove it if invalid, before ↵ | Chris Buechler | 2015-10-21 | 1 | -0/+9 |
| | | | | unbound-anchor runs otherwise it will fail and unbound will fail to start. fsync the file after writing to prevent the problem. Ticket #5334 | ||||
* | Make setting charon.plugins.attr.subnet conditional on net_list being set. Set | Matt Smith | 2015-10-21 | 1 | -3/+1 |
| | | | | it's value to list of subnets configured as P2's for mobile IPsec. Fixes #5327. | ||||
* | Disable strongswan logging under auth since it's all logged under daemon, | Chris Buechler | 2015-10-20 | 1 | -0/+5 |
| | | | | so nothing is duplicated. Ticket #5242 | ||||
* | Check whether the P2 or its associated P1 are disabled before adding NAT | Chris Buechler | 2015-10-20 | 1 | -1/+8 |
| | | | | rules. Ticket #5320 | ||||
* | Disable zero copy buffers in bpf. | Luiz Otavio O Souza | 2015-10-19 | 1 | -1/+0 |
| | | | | | | | | | This was a no-op before my changes (so this was never really enabled) and now it is known to cause issues with tcpdump and hostapd. Disable this until we fix all the raised issues. Issue: #5257 | ||||
* | Cherry-pick 98bf4991dc31f97fc7315a6b8aba433de9d39cea: | Luiz Otavio O Souza | 2015-10-19 | 1 | -20/+14 |
| | | | | | | | | | | | | Fixes #4150. Move to tables to accomodate unlimited number of interfaces. Cherry-pick 52fe0465b463dd8b8f4b2099d562254da320e704: Fix the captive portal rules after 98bf4991dc31f97fc7315a6b8aba433de9d39cea. The malformed rules breaks the parsing of initialisation rules. Issue: #4746 | ||||
* | Add 'caref' attribute to the ca object passed into ca_inter_create so a | Matt Smith | 2015-10-16 | 1 | -0/+1 |
| | | | | relationship to the signing CA can be maintained. Fixes #5313. | ||||
* | Limit strongswan trusted CA certificates to those required for authentication of | Matt Smith | 2015-10-16 | 1 | -22/+46 |
| | | | | the configured IPsec SA's instead of trusting all known CA's. Fixes #5243. | ||||
* | only use daemon and not auth for strongswan logging. As it was, all logs ↵ | Chris Buechler | 2015-10-15 | 1 | -6/+0 |
| | | | | were duplicated. Ticket #5242 | ||||
* | fix comparison here. Ticket #4558 | Chris Buechler | 2015-10-15 | 1 | -1/+1 |
| | |||||
* | Set rightca for IPsec phase 1 using Mutual RSA, Mutual RSA + xauth, or ↵ | Matt Smith | 2015-10-15 | 1 | -0/+24 |
| | | | | EAP-TLS. Fixes #5241. | ||||
* | s/ip/IP/ it got lost on revert. Spotted by @phil-davis | Renato Botelho | 2015-10-14 | 1 | -1/+1 |
| | |||||
* | This is necessary for dhcrelay to function. Revert "remove the destination ↵ | Chris Buechler | 2015-10-14 | 1 | -6/+132 |
| | | | | | | server's interface(s) from dhcrelay" This reverts commit 97613114b5b74c334609d7fcd79c94741b111793. | ||||
* | Auto-add firewall rules for DHCP Relay, same as is done for DHCP Server. Add ↵ | Chris Buechler | 2015-10-14 | 1 | -0/+13 |
| | | | | filter reload to DHCP Relay config so rules are immediately added/removed. Ticket #4558 | ||||
* | Remove original rightsourceip. Ticket #5284 | Chris Buechler | 2015-10-13 | 1 | -1/+0 |
| | |||||
* | PHP chmod() doesn't like 1777, gives it 01777 then | Renato Botelho | 2015-10-13 | 1 | -1/+1 |
| | |||||
* | Add missing ; and also mute chmod | Renato Botelho | 2015-10-13 | 1 | -1/+1 |
| | |||||
* | Preserve /tmp permission, it fixes #5298 | Renato Botelho | 2015-10-13 | 1 | -0/+1 |
| | |||||
* | Remove strongswan's cert directories and repopulate them, to ensure no ↵ | Chris Buechler | 2015-10-12 | 1 | -0/+5 |
| | | | | removed CAs, certs, or CRLs remain. Ticket #5238 |