Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Use binat, not nat, where IPsec NAT is configured with an address for local ↵ | Chris Buechler | 2014-12-31 | 1 | -10/+6 |
| | | | | and NAT. Ticket #4169 | ||||
* | Welcome 2015 | Renato Botelho | 2014-12-31 | 7 | -7/+7 |
| | |||||
* | Add config upgrade code to make sure iketype is set, bump config version to ↵ | Renato Botelho | 2014-12-31 | 2 | -1/+13 |
| | | | | 11.4. It fixes #4163 | ||||
* | libreadline.so.6 is not supposed to be obsoleted, fixes #4159 | Renato Botelho | 2014-12-31 | 1 | -1/+0 |
| | |||||
* | Allow IPv6 on loopback even where IPv6 is otherwise disabled. The intent of ↵ | Chris Buechler | 2014-12-31 | 1 | -0/+3 |
| | | | | that feature is to prevent IPv6 from communicating on the network. Blocking it on localhost can result in issues and is unnecessary. Ticket #4074 | ||||
* | Reload Unbound after IP changes, to fix issues noted in Ticket #4095. Do so ↵ | Chris Buechler | 2014-12-30 | 2 | -0/+7 |
| | | | | before Dynamic DNS updates occur to ensure the host has functioning DNS. | ||||
* | Only set route-to and reply-to on ESP and ISAKMP rules if the remote ↵ | Chris Buechler | 2014-12-30 | 1 | -12/+18 |
| | | | | endpoint is not within the parent interface's subnet. Ticket #4157 | ||||
* | Oops this should be 0s rather than 00. Linked with Ticket #4158 | Ermal | 2014-12-30 | 1 | -4/+4 |
| | |||||
* | Merge pull request #1411 from phil-davis/patch-1 | Ermal | 2014-12-30 | 1 | -0/+7 |
|\ | |||||
| * | ipsec_smp_dump_status get out of loop if error | Phil Davis | 2014-12-30 | 1 | -0/+7 |
| | | | | | | | | | | | | | | when reading response from socket. Otherwise it would be in a loop and end up like: https://forum.pfsense.org/index.php?topic=86039.msg471848#msg471848 PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/ipsec.inc on line 383 This code runs on my system, but I do not know how to induce the possible loop condition to actually test if it would really break out and return nicely. | ||||
* | | Unbreak IPsec rules generation for IPsec over CARP. Should help even Ticket ↵ | Ermal LUÇI | 2014-12-30 | 1 | -1/+1 |
| | | | | | | | | #4157 | ||||
* | | Check for fqdn peerid/myids and prepend @ so strongswan does not try to be ↵ | Ermal LUÇI | 2014-12-30 | 1 | -5/+13 |
| | | | | | | | | smart. Also use %any for myid instead of risking of putting the wrong value in the secrets file for traffic selector | ||||
* | | Use base64 encoded secrets which Fixes #4158 | Ermal LUÇI | 2014-12-30 | 1 | -4/+4 |
|/ | |||||
* | Standardise text in priv list | Phil Davis | 2014-12-30 | 1 | -5/+5 |
| | |||||
* | Simplify cron array comparison | Phil Davis | 2014-12-29 | 1 | -7/+1 |
| | | | | This works fine - I had not thought about how arrays are compared. Using "==" checks that the key/value pairs match in both arrays, regardless of the order the arrays happen to be in, which is what we want here. Using "===" would insist that the key/value pairs are also in the same order in the array and that the types and everything match identically, which we do not require. | ||||
* | Minimise config updates when checking cron jobs | Phil Davis | 2014-12-29 | 1 | -3/+17 |
| | |||||
* | Update /etc/ttys from new partition when upgrading nanobsd, and in this case ↵ | Renato Botelho | 2014-12-26 | 1 | -3/+5 |
| | | | | do not call reload_ttys(). It should fix #4140 | ||||
* | Remove unused variable | Renato Botelho | 2014-12-26 | 1 | -3/+0 |
| | |||||
* | Correctly call function for retrieving stats from ipfw. Fixes #4131 | Ermal LUÇI | 2014-12-24 | 1 | -2/+2 |
| | |||||
* | Fixes #4130 Check for a certain size of file to start showing data on ↵ | Ermal LUÇI | 2014-12-24 | 1 | -0/+4 |
| | | | | dashboard and avoiding xml parser errors | ||||
* | Fix displaying description for IKEv1 connected tunnels | Ermal LUÇI | 2014-12-24 | 1 | -8/+4 |
| | |||||
* | Make this function readble | Ermal LUÇI | 2014-12-24 | 1 | -5/+4 |
| | |||||
* | Remove option that has now been merged into infra-host-ttl. | Warren Baker | 2014-12-24 | 1 | -2/+0 |
| | |||||
* | Merge pull request #1394 from phil-davis/patch-13 | Chris Buechler | 2014-12-22 | 1 | -2/+7 |
|\ | |||||
| * | Allow dot at end of FQDN for a host | Phil Davis | 2014-12-18 | 1 | -2/+7 |
| | | | | | | Redmine #4124 has discussion of this. | ||||
* | | Merge pull request #1400 from phil-davis/patch-17 | Chris Buechler | 2014-12-22 | 1 | -1/+1 |
|\ \ | |||||
| * | | Pass src dst IP port through to firewall log | Phil Davis | 2014-12-21 | 1 | -1/+1 |
| | | | | | | | | | and IP version. So that the receiving code can easily have each pat of the IP addresses and ports, and display them as it wishes. | ||||
* | | | Merge pull request #1398 from wagonza/patch-2 | Chris Buechler | 2014-12-22 | 2 | -0/+14 |
|\ \ \ | |||||
| * | | | Prevent resolvconf(8) from stomping all over our newly generated | Warren Baker | 2014-12-20 | 2 | -0/+14 |
| |/ / | | | | | | | | | | resolv.conf and subsequent updates. | ||||
* | | | Add config upgrade code to validate changes made on c2fe67eb and d269747b. ↵ | Renato Botelho | 2014-12-22 | 2 | -1/+17 |
| | | | | | | | | | | | | It fixes #4134 | ||||
* | | | Correct ipsec status page to make connect button work | Ermal LUÇI | 2014-12-22 | 1 | -0/+16 |
| | | | |||||
* | | | Correct dashboard with new ipsec generation | Ermal LUÇI | 2014-12-22 | 1 | -1/+1 |
| | | | |||||
* | | | Create a separate connection for IKEv1 with multiple phase2 definitions. | Ermal LUÇI | 2014-12-22 | 1 | -40/+64 |
| | | | |||||
* | | | Correct issue with not reloading CP properly on calling interface configure. | Ermal LUÇI | 2014-12-22 | 2 | -2/+20 |
| | | | |||||
* | | | Fix issue reported on https://forum.pfsense.org/index.php?topic=85737.0 | Ermal LUÇI | 2014-12-22 | 1 | -1/+1 |
| | | | |||||
* | | | Do not apply bw limits if the setting is not enabled in CP. Though still ↵ | Ermal LUÇI | 2014-12-22 | 1 | -4/+10 |
|/ / | | | | | | | respect radius attributes for now with this setting. Resolves #4127 | ||||
* | | Correct the leftsubnet specification for transport mode. | Ermal LUÇI | 2014-12-19 | 1 | -1/+1 |
| | | |||||
* | | Heh remove debugging code | Ermal LUÇI | 2014-12-19 | 1 | -1/+0 |
| | | |||||
* | | Ooops fix this identation on final config | Ermal LUÇI | 2014-12-19 | 1 | -13/+13 |
| | | |||||
* | | Just whitespace save from removing a useless else { branch | Ermal LUÇI | 2014-12-19 | 1 | -597/+599 |
| | | |||||
* | | Remove unused function | Ermal LUÇI | 2014-12-19 | 1 | -83/+0 |
| | | |||||
* | | Enforce some more checking to avoid ↵ | Ermal LUÇI | 2014-12-19 | 1 | -4/+4 |
| | | | | | | | | https://forum.pfsense.org/index.php?topic=85580.0 | ||||
* | | include $myid in these PSK lines. Ticket #4126 | Chris Buechler | 2014-12-18 | 1 | -3/+3 |
| | | |||||
* | | Simplify logic using a proper function as spotted by Ermal | Renato Botelho | 2014-12-18 | 1 | -8/+5 |
| | | |||||
* | | Replace ; by newlines when upgrading custom_options from unbound packages, ↵ | Renato Botelho | 2014-12-18 | 1 | -0/+3 |
| | | | | | | | | it's related to ticket #4090 | ||||
* | | Do not restart unneeded services. Also triger configuration for the proper ↵ | Ermal LUÇI | 2014-12-18 | 1 | -1/+3 |
| | | | | | | | | interface. | ||||
* | | Add openvpn interfaces to group when they are created, it should fix #4110 | Renato Botelho | 2014-12-18 | 1 | -0/+9 |
| | | |||||
* | | Check if interface exist before try to add it to group | Renato Botelho | 2014-12-18 | 1 | -2/+3 |
|/ | |||||
* | Bump latest_config version that I forgot on previous commit. Spotted by Jim ↵ | Renato Botelho | 2014-12-17 | 1 | -1/+1 |
| | | | | Pingle | ||||
* | syslogd can't just be HUPed to pick up its new config, as many of those | Chris Buechler | 2014-12-17 | 1 | -3/+3 |
| | | | | | are command line arguments. Go back to 2.1x and prior behavior of TERM and restart. Fixes source IP use with syslog among other config changes. |