summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* Hide FreeBSD version from sshd banner. It fixes #3840Renato Botelho2014-08-291-0/+2
|
* Merge pull request #1258 from yarick123/masterRenato Botelho2014-08-292-0/+41
|\
| * cherry pic from 'hotfix/3347-Certificate_Authority_SAN_names_not_working':yarick1232014-08-142-0/+41
| | | | | | | | | | | | | | | | bugfix #3347: Certificate Authority SAN names not working in 2.1 subjectAltName can be set _only_ via configuration file - created three extra sections in openssl.cnf to use in case of existing subjectAltName. Unfortunately it is not possible to assign empty value to subjectAltName in openssl.cnf
* | Fix match for help pages privileges, it fixes #3777Renato Botelho2014-08-281-1/+1
| |
* | Do not use regex to check filetype to avoid being wrong since . is a regex ↵Renato Botelho2014-08-271-0/+1
| | | | | | | | metachar. It fixes #3817
* | Merge pull request #1255 from leleobhz/masterRenato Botelho2014-08-261-1/+1
|\ \
| * | * Fix a typo mismatch in /etc/inc/dyndns.class for CloudFlare URL entry.Leonardo Amaral2014-08-121-1/+1
| | |
* | | Take virtual IPs into consideration for automatic outbound NAT rules, it ↵Renato Botelho2014-08-221-0/+18
| | | | | | | | | | | | should now fix #983
* | | pgrep parameters are out of order and it also needs -a to find sshd. While ↵Renato Botelho2014-08-221-2/+1
| | | | | | | | | | | | I'm here, simplify sh syntax and prevent noise to be printed if pid file doesn't exist
* | | delete the dhcpd.pid file before starting dhcpd. Fixes bug where on rare ↵Chris Buechler2014-08-221-0/+8
| | | | | | | | | | | | occasions a stale PID file could prevent dhcpd from starting until it's manually deleted.
* | | use pgrep here instead, previous way could wrongly show SSH as enabled where ↵Chris Buechler2014-08-221-3/+3
| | | | | | | | | | | | it isn't.
* | | Remove extra noise from rc.shutdownRenato Botelho2014-08-201-1/+1
| | |
* | | Move the fetching of a package's config file and additional files to ↵jim-p2014-08-191-63/+116
| | | | | | | | | | | | separate functions, and then have the "xml" package button perform these so that it is not only a redundant copy of the "pkg" reinstall button. This can help ensure a package files are in a known-good state before other actions are performed, in case the deinstall would fail or behave erratically due to other files being missing.
* | | Correct the ipsec status pages to show proper information as needed.Ermal2014-08-181-6/+2
| | |
* | | Correct processing and assignment on ikeid variable so it does the right thingErmal2014-08-181-5/+5
| | |
* | | Use proper path to setkey now that ipsec-tools are not used anymoreErmal2014-08-181-3/+3
| | |
* | | Correct the functions for returning tunnel status to use strongswan status ↵Ermal2014-08-181-25/+14
| | | | | | | | | | | | reports
* | | Allow HASH algorithms to be empty for phase2 in case the encryption one is ↵Ermal2014-08-181-9/+27
| | | | | | | | | | | | AES-GCM
* | | Add filter.so to list of extensions loaded for 2.2Matt Smith2014-08-181-0/+2
| | |
* | | Do not allow duplicate subnet entries on left|rightsubnet specification ↵Ermal2014-08-181-6/+14
| | | | | | | | | | | | since it will blackhole all traffic to that subnet when connection is setup as route
* | | Do not accept proposal out of that configured even for IKEv2 even though ↵Ermal2014-08-181-2/+1
| | | | | | | | | | | | there is no possibility in the GUI to set more than one proposal for Phase1 so far.
* | | Restore behaviour as with racoon to trigger tunnel startup from traffic that ↵Ermal2014-08-181-1/+2
| | | | | | | | | | | | needs to go into the tunnel. Even related to Ticket #3806.
* | | Do not show errors from trying to delete a socket or similarErmal2014-08-151-1/+1
| | |
* | | rightsourceip must be used with PSK+Xauth.Chris Buechler2014-08-141-2/+3
| | |
* | | This is required for PSK+Xauth. I'll commit that clarification in a bit.Chris Buechler2014-08-131-1/+6
| |/ |/| | | | | | | | | Revert "Revert "Fix assignment of tunnel IPs to mobile clients."" This reverts commit 23ba08fc940b711f3b44551199890dc8e28a63b6.
* | Revert "Fix assignment of tunnel IPs to mobile clients."Ermal2014-08-131-6/+1
| | | | | | | | | | | | This normally is not needed since the attr plugin deals with all this. This reverts commit 00311d6a841c0f6fc162ea11da06569f10220f5e.
* | Actually disable this plugin for now. It was not really needed for solving ↵Ermal2014-08-121-3/+0
|/ | | | the issues with IKEv1
* Move dhcp6c log to dhcpd.log, it fixes #3799Renato Botelho2014-08-111-2/+2
|
* Remove double defined 'localhost' on the list of networks to create outbound ↵Renato Botelho2014-08-111-1/+1
| | | | NAT rules. It should fix #3800
* Do not create automatic outbound NAT rule for disabled openvpn servers and ↵Renato Botelho2014-08-111-2/+2
| | | | clients
* Fix assignment of tunnel IPs to mobile clients.Chris Buechler2014-08-111-1/+6
|
* Fix #3798 - 'IPsec phase 2 pinghost is not used if the source IP should be a ↵Matt Smith2014-08-081-5/+17
| | | | virtual IP address'
* Avoid a "Cannot use string offset as an array" error if the packages section ↵jim-p2014-08-081-4/+7
| | | | of the config is missing.
* Correct this so the dpdaction is created properly as restartErmal2014-08-081-1/+1
|
* Do a reload on the cofniguration which is better than update. Also let the ↵Ermal2014-08-071-2/+1
| | | | keyingtries to 3 rather than forever to avoid problems on recovery.
* Change the logic of the vpn config generation to make connectivity more ↵Ermal2014-08-071-161/+166
| | | | stable especially ipsec. Also for IKEv1 just generate the policies and only on traffic start them.
* Move the rekey to yes always to avoid issues.Ermal2014-08-071-1/+1
|
* Per the dhcpd.conf man page and other documentation from ISC, mclt must not ↵Chris Buechler2014-08-061-3/+2
| | | | be defined on the secondary.
* Escape the individual dnsmasq advanced/custom optionsjim-p2014-08-061-1/+1
|
* Do not try to rekey for IKEv1.Ermal2014-08-011-1/+6
|
* Use a uniqid() to track phase2 entries to avoid confustion and various ↵Ermal2014-08-013-3/+17
| | | | mistakes when modifying and editing them.
* Fix for #3785 - 'strongswan config being generated with ike SA lifetime set ↵Matt Smith2014-07-301-4/+6
| | | | to value of ipsec SA lifetime'
* Remove even the config.cache from /tmp to avoid issues while hereErmal2014-07-301-0/+1
|
* Fix #3781 - 'strongswan dpdtimeout value not generated correctly'Matt Smith2014-07-291-1/+2
|
* Fix for bug 3769Matt Smith2014-07-231-2/+2
|
* Fix #983 - Add IP aliases subnets to interface subnet macro on GUI, since ↵Renato Botelho2014-07-221-6/+52
| | | | I'm here also fix not rules for PPTP clients macro.
* Concat var before call escapeshellargRenato Botelho2014-07-211-1/+1
|
* Make dhcpleases use unbound pid when it's configuredRenato Botelho2014-07-211-1/+5
|
* Fix shell script syntax, it should fix #3361Renato Botelho2014-07-211-3/+3
|
* Detect when protocol changes and invalidate session to get a new cookie with ↵Renato Botelho2014-07-181-0/+5
| | | | secure flag set according. It fixes #3714
OpenPOWER on IntegriCloud