Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Hide FreeBSD version from sshd banner. It fixes #3840 | Renato Botelho | 2014-08-29 | 1 | -0/+2 |
| | |||||
* | Merge pull request #1258 from yarick123/master | Renato Botelho | 2014-08-29 | 2 | -0/+41 |
|\ | |||||
| * | cherry pic from 'hotfix/3347-Certificate_Authority_SAN_names_not_working': | yarick123 | 2014-08-14 | 2 | -0/+41 |
| | | | | | | | | | | | | | | | | bugfix #3347: Certificate Authority SAN names not working in 2.1 subjectAltName can be set _only_ via configuration file - created three extra sections in openssl.cnf to use in case of existing subjectAltName. Unfortunately it is not possible to assign empty value to subjectAltName in openssl.cnf | ||||
* | | Fix match for help pages privileges, it fixes #3777 | Renato Botelho | 2014-08-28 | 1 | -1/+1 |
| | | |||||
* | | Do not use regex to check filetype to avoid being wrong since . is a regex ↵ | Renato Botelho | 2014-08-27 | 1 | -0/+1 |
| | | | | | | | | metachar. It fixes #3817 | ||||
* | | Merge pull request #1255 from leleobhz/master | Renato Botelho | 2014-08-26 | 1 | -1/+1 |
|\ \ | |||||
| * | | * Fix a typo mismatch in /etc/inc/dyndns.class for CloudFlare URL entry. | Leonardo Amaral | 2014-08-12 | 1 | -1/+1 |
| | | | |||||
* | | | Take virtual IPs into consideration for automatic outbound NAT rules, it ↵ | Renato Botelho | 2014-08-22 | 1 | -0/+18 |
| | | | | | | | | | | | | should now fix #983 | ||||
* | | | pgrep parameters are out of order and it also needs -a to find sshd. While ↵ | Renato Botelho | 2014-08-22 | 1 | -2/+1 |
| | | | | | | | | | | | | I'm here, simplify sh syntax and prevent noise to be printed if pid file doesn't exist | ||||
* | | | delete the dhcpd.pid file before starting dhcpd. Fixes bug where on rare ↵ | Chris Buechler | 2014-08-22 | 1 | -0/+8 |
| | | | | | | | | | | | | occasions a stale PID file could prevent dhcpd from starting until it's manually deleted. | ||||
* | | | use pgrep here instead, previous way could wrongly show SSH as enabled where ↵ | Chris Buechler | 2014-08-22 | 1 | -3/+3 |
| | | | | | | | | | | | | it isn't. | ||||
* | | | Remove extra noise from rc.shutdown | Renato Botelho | 2014-08-20 | 1 | -1/+1 |
| | | | |||||
* | | | Move the fetching of a package's config file and additional files to ↵ | jim-p | 2014-08-19 | 1 | -63/+116 |
| | | | | | | | | | | | | separate functions, and then have the "xml" package button perform these so that it is not only a redundant copy of the "pkg" reinstall button. This can help ensure a package files are in a known-good state before other actions are performed, in case the deinstall would fail or behave erratically due to other files being missing. | ||||
* | | | Correct the ipsec status pages to show proper information as needed. | Ermal | 2014-08-18 | 1 | -6/+2 |
| | | | |||||
* | | | Correct processing and assignment on ikeid variable so it does the right thing | Ermal | 2014-08-18 | 1 | -5/+5 |
| | | | |||||
* | | | Use proper path to setkey now that ipsec-tools are not used anymore | Ermal | 2014-08-18 | 1 | -3/+3 |
| | | | |||||
* | | | Correct the functions for returning tunnel status to use strongswan status ↵ | Ermal | 2014-08-18 | 1 | -25/+14 |
| | | | | | | | | | | | | reports | ||||
* | | | Allow HASH algorithms to be empty for phase2 in case the encryption one is ↵ | Ermal | 2014-08-18 | 1 | -9/+27 |
| | | | | | | | | | | | | AES-GCM | ||||
* | | | Add filter.so to list of extensions loaded for 2.2 | Matt Smith | 2014-08-18 | 1 | -0/+2 |
| | | | |||||
* | | | Do not allow duplicate subnet entries on left|rightsubnet specification ↵ | Ermal | 2014-08-18 | 1 | -6/+14 |
| | | | | | | | | | | | | since it will blackhole all traffic to that subnet when connection is setup as route | ||||
* | | | Do not accept proposal out of that configured even for IKEv2 even though ↵ | Ermal | 2014-08-18 | 1 | -2/+1 |
| | | | | | | | | | | | | there is no possibility in the GUI to set more than one proposal for Phase1 so far. | ||||
* | | | Restore behaviour as with racoon to trigger tunnel startup from traffic that ↵ | Ermal | 2014-08-18 | 1 | -1/+2 |
| | | | | | | | | | | | | needs to go into the tunnel. Even related to Ticket #3806. | ||||
* | | | Do not show errors from trying to delete a socket or similar | Ermal | 2014-08-15 | 1 | -1/+1 |
| | | | |||||
* | | | rightsourceip must be used with PSK+Xauth. | Chris Buechler | 2014-08-14 | 1 | -2/+3 |
| | | | |||||
* | | | This is required for PSK+Xauth. I'll commit that clarification in a bit. | Chris Buechler | 2014-08-13 | 1 | -1/+6 |
| |/ |/| | | | | | | | | | Revert "Revert "Fix assignment of tunnel IPs to mobile clients."" This reverts commit 23ba08fc940b711f3b44551199890dc8e28a63b6. | ||||
* | | Revert "Fix assignment of tunnel IPs to mobile clients." | Ermal | 2014-08-13 | 1 | -6/+1 |
| | | | | | | | | | | | | This normally is not needed since the attr plugin deals with all this. This reverts commit 00311d6a841c0f6fc162ea11da06569f10220f5e. | ||||
* | | Actually disable this plugin for now. It was not really needed for solving ↵ | Ermal | 2014-08-12 | 1 | -3/+0 |
|/ | | | | the issues with IKEv1 | ||||
* | Move dhcp6c log to dhcpd.log, it fixes #3799 | Renato Botelho | 2014-08-11 | 1 | -2/+2 |
| | |||||
* | Remove double defined 'localhost' on the list of networks to create outbound ↵ | Renato Botelho | 2014-08-11 | 1 | -1/+1 |
| | | | | NAT rules. It should fix #3800 | ||||
* | Do not create automatic outbound NAT rule for disabled openvpn servers and ↵ | Renato Botelho | 2014-08-11 | 1 | -2/+2 |
| | | | | clients | ||||
* | Fix assignment of tunnel IPs to mobile clients. | Chris Buechler | 2014-08-11 | 1 | -1/+6 |
| | |||||
* | Fix #3798 - 'IPsec phase 2 pinghost is not used if the source IP should be a ↵ | Matt Smith | 2014-08-08 | 1 | -5/+17 |
| | | | | virtual IP address' | ||||
* | Avoid a "Cannot use string offset as an array" error if the packages section ↵ | jim-p | 2014-08-08 | 1 | -4/+7 |
| | | | | of the config is missing. | ||||
* | Correct this so the dpdaction is created properly as restart | Ermal | 2014-08-08 | 1 | -1/+1 |
| | |||||
* | Do a reload on the cofniguration which is better than update. Also let the ↵ | Ermal | 2014-08-07 | 1 | -2/+1 |
| | | | | keyingtries to 3 rather than forever to avoid problems on recovery. | ||||
* | Change the logic of the vpn config generation to make connectivity more ↵ | Ermal | 2014-08-07 | 1 | -161/+166 |
| | | | | stable especially ipsec. Also for IKEv1 just generate the policies and only on traffic start them. | ||||
* | Move the rekey to yes always to avoid issues. | Ermal | 2014-08-07 | 1 | -1/+1 |
| | |||||
* | Per the dhcpd.conf man page and other documentation from ISC, mclt must not ↵ | Chris Buechler | 2014-08-06 | 1 | -3/+2 |
| | | | | be defined on the secondary. | ||||
* | Escape the individual dnsmasq advanced/custom options | jim-p | 2014-08-06 | 1 | -1/+1 |
| | |||||
* | Do not try to rekey for IKEv1. | Ermal | 2014-08-01 | 1 | -1/+6 |
| | |||||
* | Use a uniqid() to track phase2 entries to avoid confustion and various ↵ | Ermal | 2014-08-01 | 3 | -3/+17 |
| | | | | mistakes when modifying and editing them. | ||||
* | Fix for #3785 - 'strongswan config being generated with ike SA lifetime set ↵ | Matt Smith | 2014-07-30 | 1 | -4/+6 |
| | | | | to value of ipsec SA lifetime' | ||||
* | Remove even the config.cache from /tmp to avoid issues while here | Ermal | 2014-07-30 | 1 | -0/+1 |
| | |||||
* | Fix #3781 - 'strongswan dpdtimeout value not generated correctly' | Matt Smith | 2014-07-29 | 1 | -1/+2 |
| | |||||
* | Fix for bug 3769 | Matt Smith | 2014-07-23 | 1 | -2/+2 |
| | |||||
* | Fix #983 - Add IP aliases subnets to interface subnet macro on GUI, since ↵ | Renato Botelho | 2014-07-22 | 1 | -6/+52 |
| | | | | I'm here also fix not rules for PPTP clients macro. | ||||
* | Concat var before call escapeshellarg | Renato Botelho | 2014-07-21 | 1 | -1/+1 |
| | |||||
* | Make dhcpleases use unbound pid when it's configured | Renato Botelho | 2014-07-21 | 1 | -1/+5 |
| | |||||
* | Fix shell script syntax, it should fix #3361 | Renato Botelho | 2014-07-21 | 1 | -3/+3 |
| | |||||
* | Detect when protocol changes and invalidate session to get a new cookie with ↵ | Renato Botelho | 2014-07-18 | 1 | -0/+5 |
| | | | | secure flag set according. It fixes #3714 |