summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* Use binat, not nat, where IPsec NAT is configured with an address for local ↵Chris Buechler2014-12-311-10/+6
| | | | and NAT. Ticket #4169
* Welcome 2015Renato Botelho2014-12-317-7/+7
|
* Add config upgrade code to make sure iketype is set, bump config version to ↵Renato Botelho2014-12-312-1/+13
| | | | 11.4. It fixes #4163
* libreadline.so.6 is not supposed to be obsoleted, fixes #4159Renato Botelho2014-12-311-1/+0
|
* Allow IPv6 on loopback even where IPv6 is otherwise disabled. The intent of ↵Chris Buechler2014-12-311-0/+3
| | | | that feature is to prevent IPv6 from communicating on the network. Blocking it on localhost can result in issues and is unnecessary. Ticket #4074
* Reload Unbound after IP changes, to fix issues noted in Ticket #4095. Do so ↵Chris Buechler2014-12-302-0/+7
| | | | before Dynamic DNS updates occur to ensure the host has functioning DNS.
* Only set route-to and reply-to on ESP and ISAKMP rules if the remote ↵Chris Buechler2014-12-301-12/+18
| | | | endpoint is not within the parent interface's subnet. Ticket #4157
* Oops this should be 0s rather than 00. Linked with Ticket #4158Ermal2014-12-301-4/+4
|
* Merge pull request #1411 from phil-davis/patch-1Ermal2014-12-301-0/+7
|\
| * ipsec_smp_dump_status get out of loop if errorPhil Davis2014-12-301-0/+7
| | | | | | | | | | | | | | when reading response from socket. Otherwise it would be in a loop and end up like: https://forum.pfsense.org/index.php?topic=86039.msg471848#msg471848 PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/ipsec.inc on line 383 This code runs on my system, but I do not know how to induce the possible loop condition to actually test if it would really break out and return nicely.
* | Unbreak IPsec rules generation for IPsec over CARP. Should help even Ticket ↵Ermal LUÇI2014-12-301-1/+1
| | | | | | | | #4157
* | Check for fqdn peerid/myids and prepend @ so strongswan does not try to be ↵Ermal LUÇI2014-12-301-5/+13
| | | | | | | | smart. Also use %any for myid instead of risking of putting the wrong value in the secrets file for traffic selector
* | Use base64 encoded secrets which Fixes #4158Ermal LUÇI2014-12-301-4/+4
|/
* Standardise text in priv listPhil Davis2014-12-301-5/+5
|
* Simplify cron array comparisonPhil Davis2014-12-291-7/+1
| | | | This works fine - I had not thought about how arrays are compared. Using "==" checks that the key/value pairs match in both arrays, regardless of the order the arrays happen to be in, which is what we want here. Using "===" would insist that the key/value pairs are also in the same order in the array and that the types and everything match identically, which we do not require.
* Minimise config updates when checking cron jobsPhil Davis2014-12-291-3/+17
|
* Update /etc/ttys from new partition when upgrading nanobsd, and in this case ↵Renato Botelho2014-12-261-3/+5
| | | | do not call reload_ttys(). It should fix #4140
* Remove unused variableRenato Botelho2014-12-261-3/+0
|
* Correctly call function for retrieving stats from ipfw. Fixes #4131Ermal LUÇI2014-12-241-2/+2
|
* Fixes #4130 Check for a certain size of file to start showing data on ↵Ermal LUÇI2014-12-241-0/+4
| | | | dashboard and avoiding xml parser errors
* Fix displaying description for IKEv1 connected tunnelsErmal LUÇI2014-12-241-8/+4
|
* Make this function readbleErmal LUÇI2014-12-241-5/+4
|
* Remove option that has now been merged into infra-host-ttl.Warren Baker2014-12-241-2/+0
|
* Merge pull request #1394 from phil-davis/patch-13Chris Buechler2014-12-221-2/+7
|\
| * Allow dot at end of FQDN for a hostPhil Davis2014-12-181-2/+7
| | | | | | Redmine #4124 has discussion of this.
* | Merge pull request #1400 from phil-davis/patch-17Chris Buechler2014-12-221-1/+1
|\ \
| * | Pass src dst IP port through to firewall logPhil Davis2014-12-211-1/+1
| | | | | | | | | and IP version. So that the receiving code can easily have each pat of the IP addresses and ports, and display them as it wishes.
* | | Merge pull request #1398 from wagonza/patch-2Chris Buechler2014-12-222-0/+14
|\ \ \
| * | | Prevent resolvconf(8) from stomping all over our newly generatedWarren Baker2014-12-202-0/+14
| |/ / | | | | | | | | | resolv.conf and subsequent updates.
* | | Add config upgrade code to validate changes made on c2fe67eb and d269747b. ↵Renato Botelho2014-12-222-1/+17
| | | | | | | | | | | | It fixes #4134
* | | Correct ipsec status page to make connect button workErmal LUÇI2014-12-221-0/+16
| | |
* | | Correct dashboard with new ipsec generationErmal LUÇI2014-12-221-1/+1
| | |
* | | Create a separate connection for IKEv1 with multiple phase2 definitions.Ermal LUÇI2014-12-221-40/+64
| | |
* | | Correct issue with not reloading CP properly on calling interface configure.Ermal LUÇI2014-12-222-2/+20
| | |
* | | Fix issue reported on https://forum.pfsense.org/index.php?topic=85737.0Ermal LUÇI2014-12-221-1/+1
| | |
* | | Do not apply bw limits if the setting is not enabled in CP. Though still ↵Ermal LUÇI2014-12-221-4/+10
|/ / | | | | | | respect radius attributes for now with this setting. Resolves #4127
* | Correct the leftsubnet specification for transport mode.Ermal LUÇI2014-12-191-1/+1
| |
* | Heh remove debugging codeErmal LUÇI2014-12-191-1/+0
| |
* | Ooops fix this identation on final configErmal LUÇI2014-12-191-13/+13
| |
* | Just whitespace save from removing a useless else { branchErmal LUÇI2014-12-191-597/+599
| |
* | Remove unused functionErmal LUÇI2014-12-191-83/+0
| |
* | Enforce some more checking to avoid ↵Ermal LUÇI2014-12-191-4/+4
| | | | | | | | https://forum.pfsense.org/index.php?topic=85580.0
* | include $myid in these PSK lines. Ticket #4126Chris Buechler2014-12-181-3/+3
| |
* | Simplify logic using a proper function as spotted by ErmalRenato Botelho2014-12-181-8/+5
| |
* | Replace ; by newlines when upgrading custom_options from unbound packages, ↵Renato Botelho2014-12-181-0/+3
| | | | | | | | it's related to ticket #4090
* | Do not restart unneeded services. Also triger configuration for the proper ↵Ermal LUÇI2014-12-181-1/+3
| | | | | | | | interface.
* | Add openvpn interfaces to group when they are created, it should fix #4110Renato Botelho2014-12-181-0/+9
| |
* | Check if interface exist before try to add it to groupRenato Botelho2014-12-181-2/+3
|/
* Bump latest_config version that I forgot on previous commit. Spotted by Jim ↵Renato Botelho2014-12-171-1/+1
| | | | Pingle
* syslogd can't just be HUPed to pick up its new config, as many of thoseChris Buechler2014-12-171-3/+3
| | | | | are command line arguments. Go back to 2.1x and prior behavior of TERM and restart. Fixes source IP use with syslog among other config changes.
OpenPOWER on IntegriCloud