Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Allow bin sbin and boot writing | Scott Ullrich | 2008-09-06 | 1 | -1/+10 | |
| | ||||||
* | Do not update platform on cvssync runs | Scott Ullrich | 2008-09-06 | 1 | -0/+1 | |
| | ||||||
* | It is now technically possible to cvssync livecd for testing :) | Scott Ullrich | 2008-09-06 | 1 | -2/+8 | |
| | ||||||
* | rc.cdrom already outputs its status | Scott Ullrich | 2008-09-06 | 1 | -3/+0 | |
| | ||||||
* | Minor re-work of OpenVPN configuration. Use operational modes to determine | Matthew Grooms | 2008-09-06 | 3 | -84/+231 | |
| | | | | | | | | | | | | | | | | | | | | what configuration options are appropriate. The operational mode dictates the authentication method. They are defines as follows ... Peer to Peer ( SSL/TLS ) Peer to Peer ( Shared Key ) Remote Access ( SSL/TLS ) Remote Access ( User Auth ) Remote Access ( SSL/TLS + User Auth ) Some of these modes allow for user authentication using passwords. We now use the etc/inc/openvpn.auth-user.php file to facilitate this by checking the username and password supplied by OpenVPN against our centralized user database. The Server and Client user interfaces have also been updated to support TLS packet authentication. This is an additional security option that is optional. | |||||
* | * Show operations in progress | Scott Ullrich | 2008-09-06 | 2 | -5/+8 | |
| | | | | * Increase /conf memory partition size to 6m | |||||
* | Move cvssync functions to /root/ | Scott Ullrich | 2008-09-06 | 1 | -4/+10 | |
| | ||||||
* | Use root unionfs, this saves a bit of memory. | Scott Ullrich | 2008-09-06 | 1 | -1/+1 | |
| | ||||||
* | Cleanup text | Scott Ullrich | 2008-09-06 | 1 | -1/+1 | |
| | ||||||
* | Move unionfs commands earlier | Scott Ullrich | 2008-09-06 | 1 | -12/+12 | |
| | ||||||
* | Correct CDROM check | Scott Ullrich | 2008-09-06 | 1 | -1/+1 | |
| | ||||||
* | * Mount /root unionfs writable | Scott Ullrich | 2008-09-06 | 1 | -8/+12 | |
| | | | | * Move unionfs mounting to earlier in the sequence | |||||
* | Mount /usr/ with write access using UNIONFS. | Scott Ullrich | 2008-09-06 | 1 | -0/+8 | |
| | ||||||
* | Make the ftp proxy work again. | Seth Mos | 2008-09-05 | 1 | -1/+1 | |
| | ||||||
* | Remove the code that auto-generates an outbound NAT rule for traffic that | Matthew Grooms | 2008-09-05 | 1 | -11/+2 | |
| | | | | | | originates from a private network to a distant OpenVPN network. We don't want to unconditionally hide all traffic behind the vpn interface address. If a admin wants to do this manually, nothing is stopping them. | |||||
* | Correct the path for OpenVPN client specific configuration files. When the | Matthew Grooms | 2008-09-04 | 1 | -3/+3 | |
| | | | | | directory creation moved to the rc script, the path name was changed from /var/etc/openvpn_csc to /var/etc/openvpn-csc. Update the code to match. | |||||
* | Revert to the previous method of referencing OpenVPN device names in the | Matthew Grooms | 2008-09-04 | 2 | -25/+19 | |
| | | | | | | | filter.inc file. We now specify the openvpn device name which is actually an os managed group. OpenVPN tap instances are added or removed from this group when OpenVPN configurations are created or destroyed. Portions of this patch were written by Ermal. | |||||
* | Modify the ssh toggle script so it at least runs. I suspect its broken in | Matthew Grooms | 2008-09-04 | 1 | -3/+3 | |
| | | | | a more subtle way however. Connected client don't appear to disconnect. | |||||
* | Bump the system dh-parameters file to 2048 per request on dev@. | Matthew Grooms | 2008-09-04 | 1 | -4/+4 | |
| | ||||||
* | Cleanup some of the authentication code. Fix the problem where you must | Matthew Grooms | 2008-09-03 | 1 | -40/+17 | |
| | | | | | | | navigate away from the initial page twice to get somewhere. Remove some of the cruft that was no longer used. Don't unconditionally redirect a user to their homepage if another url was specified pre-login. This will allow admins to create bookmarks to specific pfsense webui pages. | |||||
* | Remove the page locking privileges after discussion with Scott on IRC. The | Matthew Grooms | 2008-09-03 | 4 | -102/+2 | |
| | | | | | | | feature was confusing and offered little utility that I could see. If we really need to provide serialized access to sections of the webui, IMO it should be a global lock option and enabled or disabled manually and not a privilege that is on all the time. | |||||
* | Correct a regression in the privilege system where pages were not being | Matthew Grooms | 2008-09-03 | 1 | -6/+9 | |
| | | | | matched correctly. Reported by Seth. | |||||
* | Fix openvpn upgrade to look for right array. | Seth Mos | 2008-09-03 | 1 | -3/+3 | |
| | | | | Prevents Fatal parse error | |||||
* | Correct problems with OpenVPN that prevented the lzo compression and pass | Matthew Grooms | 2008-09-03 | 1 | -1/+1 | |
| | | | | tos options from being set correctly in configuration files. | |||||
* | Use newer php5 features, to be safer on upgrade side. | Ermal Luçi | 2008-09-02 | 1 | -4/+4 | |
| | ||||||
* | Now that php is being compiled with OpenSSL, remove the php.ini line that | Matthew Grooms | 2008-09-02 | 1 | -1/+1 | |
| | | | | loads the extension. It is no longer required. | |||||
* | Now that we are delaying the creation of OpenVPN dh parameters, it appears | Matthew Grooms | 2008-09-02 | 1 | -0/+1 | |
| | | | | we need an explicit call to write_config() to ensure the data is saved. | |||||
* | Make sure that convert_friendly_to_real also works for disabled interfaces. | Seth Mos | 2008-09-02 | 1 | -21/+20 | |
| | ||||||
* | Enclose interface in curly brackets to prevent filter errors. | Seth Mos | 2008-09-02 | 1 | -5/+5 | |
| | | | | | This handles the multiple openvpn interfaces retuned from the interface list. This should probably review after the openvpn work | |||||
* | Remove sleep | Seth Mos | 2008-09-02 | 1 | -3/+2 | |
| | | | | | Make sure our tmp has the correct permission so we can trigger filter reloads. | |||||
* | Commit forgotten change so we use the proper script for filter reloads. | Seth Mos | 2008-09-02 | 1 | -3/+3 | |
| | | | | Maybe failover works now :) | |||||
* | Delay writing out the dh-parameters file if the paths have not yet been | Matthew Grooms | 2008-09-02 | 1 | -0/+6 | |
| | | | | | initialized by the rc scripts. I hope this will make the initial boot process more pleasant during install. If not, I will revert this commit. | |||||
* | Convert items to long if format | Scott Ullrich | 2008-09-02 | 1 | -3/+9 | |
| | ||||||
* | Start proxy at 8020 | Scott Ullrich | 2008-09-02 | 1 | -1/+1 | |
| | ||||||
* | use long if statement, it appears the compact tests are failing. And | Scott Ullrich | 2008-09-02 | 1 | -2/+6 | |
| | | | | life is to short to worry "why". | |||||
* | Modify all the default configuration files to ensure the versions match. | Matthew Grooms | 2008-09-02 | 1 | -36/+35 | |
| | | | | | While in globals.inc, remove the easyrsa path and do some whitespace cleanup. | |||||
* | Create resolv.conf earlier in the boot process | Scott Ullrich | 2008-09-02 | 1 | -3/+3 | |
| | ||||||
* | Use apc on cli, too | Scott Ullrich | 2008-09-02 | 1 | -1/+1 | |
| | ||||||
* | s/16/17 | Scott Ullrich | 2008-09-02 | 1 | -3/+3 | |
| | | | | Noticed-by: cmb | |||||
* | Add icmplim when upgrading configuration from 1.2.1 | Scott Ullrich | 2008-09-01 | 1 | -0/+4 | |
| | ||||||
* | Don't create the standard OpenVPN paths in openvpn_resync_all(). These are | Matthew Grooms | 2008-09-01 | 1 | -12/+0 | |
| | | | | now created during the bootup process. | |||||
* | * Do not return on CDROM platform | Scott Ullrich | 2008-08-31 | 1 | -28/+20 | |
| | | | | * Use @ to send error to /dev/null | |||||
* | Create /var/etc/openvpn-csc as well | Scott Ullrich | 2008-08-31 | 1 | -0/+2 | |
| | | | | Suggested-by: mgrooms | |||||
* | Ensure /var/etc/openvpn exists | Scott Ullrich | 2008-08-31 | 1 | -0/+2 | |
| | ||||||
* | Integrate part of the patch from ticket #1807. | Ermal Luçi | 2008-08-31 | 1 | -3/+3 | |
| | | | | The other part is already done on pppoe_up script in /usr/local/sbin. | |||||
* | Check if items are an array before treating them as such. | Ermal Luçi | 2008-08-31 | 2 | -6/+8 | |
| | ||||||
* | Fix detection if an interface is part of bridge. | Ermal Luçi | 2008-08-31 | 2 | -8/+10 | |
| | ||||||
* | Fix detection if an interface is part of bridge up to date. | Ermal Luçi | 2008-08-31 | 1 | -2/+2 | |
| | ||||||
* | Bring bridge related support functions up to date with the other bridge code. | Ermal Luçi | 2008-08-31 | 2 | -27/+8 | |
| | | | | NOTE: that the function link_int_to_bridge_interface needs a friendly interface as a parameter now i.e. "wan/lan/optX". | |||||
* | Ensure $g is populated by reading in globals.inc | Scott Ullrich | 2008-08-31 | 1 | -0/+1 | |
| |