summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
...
* Allow bin sbin and boot writingScott Ullrich2008-09-061-1/+10
|
* Do not update platform on cvssync runsScott Ullrich2008-09-061-0/+1
|
* It is now technically possible to cvssync livecd for testing :)Scott Ullrich2008-09-061-2/+8
|
* rc.cdrom already outputs its statusScott Ullrich2008-09-061-3/+0
|
* Minor re-work of OpenVPN configuration. Use operational modes to determineMatthew Grooms2008-09-063-84/+231
| | | | | | | | | | | | | | | | | | | | what configuration options are appropriate. The operational mode dictates the authentication method. They are defines as follows ... Peer to Peer ( SSL/TLS ) Peer to Peer ( Shared Key ) Remote Access ( SSL/TLS ) Remote Access ( User Auth ) Remote Access ( SSL/TLS + User Auth ) Some of these modes allow for user authentication using passwords. We now use the etc/inc/openvpn.auth-user.php file to facilitate this by checking the username and password supplied by OpenVPN against our centralized user database. The Server and Client user interfaces have also been updated to support TLS packet authentication. This is an additional security option that is optional.
* * Show operations in progressScott Ullrich2008-09-062-5/+8
| | | | * Increase /conf memory partition size to 6m
* Move cvssync functions to /root/Scott Ullrich2008-09-061-4/+10
|
* Use root unionfs, this saves a bit of memory.Scott Ullrich2008-09-061-1/+1
|
* Cleanup textScott Ullrich2008-09-061-1/+1
|
* Move unionfs commands earlierScott Ullrich2008-09-061-12/+12
|
* Correct CDROM checkScott Ullrich2008-09-061-1/+1
|
* * Mount /root unionfs writableScott Ullrich2008-09-061-8/+12
| | | | * Move unionfs mounting to earlier in the sequence
* Mount /usr/ with write access using UNIONFS.Scott Ullrich2008-09-061-0/+8
|
* Make the ftp proxy work again.Seth Mos2008-09-051-1/+1
|
* Remove the code that auto-generates an outbound NAT rule for traffic thatMatthew Grooms2008-09-051-11/+2
| | | | | | originates from a private network to a distant OpenVPN network. We don't want to unconditionally hide all traffic behind the vpn interface address. If a admin wants to do this manually, nothing is stopping them.
* Correct the path for OpenVPN client specific configuration files. When theMatthew Grooms2008-09-041-3/+3
| | | | | directory creation moved to the rc script, the path name was changed from /var/etc/openvpn_csc to /var/etc/openvpn-csc. Update the code to match.
* Revert to the previous method of referencing OpenVPN device names in theMatthew Grooms2008-09-042-25/+19
| | | | | | | filter.inc file. We now specify the openvpn device name which is actually an os managed group. OpenVPN tap instances are added or removed from this group when OpenVPN configurations are created or destroyed. Portions of this patch were written by Ermal.
* Modify the ssh toggle script so it at least runs. I suspect its broken inMatthew Grooms2008-09-041-3/+3
| | | | a more subtle way however. Connected client don't appear to disconnect.
* Bump the system dh-parameters file to 2048 per request on dev@.Matthew Grooms2008-09-041-4/+4
|
* Cleanup some of the authentication code. Fix the problem where you mustMatthew Grooms2008-09-031-40/+17
| | | | | | | navigate away from the initial page twice to get somewhere. Remove some of the cruft that was no longer used. Don't unconditionally redirect a user to their homepage if another url was specified pre-login. This will allow admins to create bookmarks to specific pfsense webui pages.
* Remove the page locking privileges after discussion with Scott on IRC. TheMatthew Grooms2008-09-034-102/+2
| | | | | | | feature was confusing and offered little utility that I could see. If we really need to provide serialized access to sections of the webui, IMO it should be a global lock option and enabled or disabled manually and not a privilege that is on all the time.
* Correct a regression in the privilege system where pages were not beingMatthew Grooms2008-09-031-6/+9
| | | | matched correctly. Reported by Seth.
* Fix openvpn upgrade to look for right array.Seth Mos2008-09-031-3/+3
| | | | Prevents Fatal parse error
* Correct problems with OpenVPN that prevented the lzo compression and passMatthew Grooms2008-09-031-1/+1
| | | | tos options from being set correctly in configuration files.
* Use newer php5 features, to be safer on upgrade side.Ermal Luçi2008-09-021-4/+4
|
* Now that php is being compiled with OpenSSL, remove the php.ini line thatMatthew Grooms2008-09-021-1/+1
| | | | loads the extension. It is no longer required.
* Now that we are delaying the creation of OpenVPN dh parameters, it appearsMatthew Grooms2008-09-021-0/+1
| | | | we need an explicit call to write_config() to ensure the data is saved.
* Make sure that convert_friendly_to_real also works for disabled interfaces.Seth Mos2008-09-021-21/+20
|
* Enclose interface in curly brackets to prevent filter errors.Seth Mos2008-09-021-5/+5
| | | | | This handles the multiple openvpn interfaces retuned from the interface list. This should probably review after the openvpn work
* Remove sleepSeth Mos2008-09-021-3/+2
| | | | | Make sure our tmp has the correct permission so we can trigger filter reloads.
* Commit forgotten change so we use the proper script for filter reloads.Seth Mos2008-09-021-3/+3
| | | | Maybe failover works now :)
* Delay writing out the dh-parameters file if the paths have not yet beenMatthew Grooms2008-09-021-0/+6
| | | | | initialized by the rc scripts. I hope this will make the initial boot process more pleasant during install. If not, I will revert this commit.
* Convert items to long if formatScott Ullrich2008-09-021-3/+9
|
* Start proxy at 8020Scott Ullrich2008-09-021-1/+1
|
* use long if statement, it appears the compact tests are failing. AndScott Ullrich2008-09-021-2/+6
| | | | life is to short to worry "why".
* Modify all the default configuration files to ensure the versions match.Matthew Grooms2008-09-021-36/+35
| | | | | While in globals.inc, remove the easyrsa path and do some whitespace cleanup.
* Create resolv.conf earlier in the boot processScott Ullrich2008-09-021-3/+3
|
* Use apc on cli, tooScott Ullrich2008-09-021-1/+1
|
* s/16/17Scott Ullrich2008-09-021-3/+3
| | | | Noticed-by: cmb
* Add icmplim when upgrading configuration from 1.2.1Scott Ullrich2008-09-011-0/+4
|
* Don't create the standard OpenVPN paths in openvpn_resync_all(). These areMatthew Grooms2008-09-011-12/+0
| | | | now created during the bootup process.
* * Do not return on CDROM platformScott Ullrich2008-08-311-28/+20
| | | | * Use @ to send error to /dev/null
* Create /var/etc/openvpn-csc as wellScott Ullrich2008-08-311-0/+2
| | | | Suggested-by: mgrooms
* Ensure /var/etc/openvpn existsScott Ullrich2008-08-311-0/+2
|
* Integrate part of the patch from ticket #1807.Ermal Luçi2008-08-311-3/+3
| | | | The other part is already done on pppoe_up script in /usr/local/sbin.
* Check if items are an array before treating them as such.Ermal Luçi2008-08-312-6/+8
|
* Fix detection if an interface is part of bridge.Ermal Luçi2008-08-312-8/+10
|
* Fix detection if an interface is part of bridge up to date.Ermal Luçi2008-08-311-2/+2
|
* Bring bridge related support functions up to date with the other bridge code.Ermal Luçi2008-08-312-27/+8
| | | | NOTE: that the function link_int_to_bridge_interface needs a friendly interface as a parameter now i.e. "wan/lan/optX".
* Ensure $g is populated by reading in globals.incScott Ullrich2008-08-311-0/+1
|
OpenPOWER on IntegriCloud