Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fixes #4625 correct disconnection of users especially when called from ↵ | Ermal LUÇI | 2015-04-16 | 1 | -1/+3 |
| | | | | xmlrpc code. | ||||
* | Merge pull request #1612 from ibauersachs/ipsec-mobile-eap-radius | Ermal LUÇI | 2015-04-16 | 2 | -1/+37 |
|\ | |||||
| * | Add support for EAP-RADIUS to IKEv2 Mobile Clients | Ingo Bauersachs | 2015-04-15 | 2 | -1/+37 |
| | | |||||
* | | Always do a filter reload in vpn_ipsec_configure to ensure the ruleset is | Chris Buechler | 2015-04-16 | 1 | -2/+3 |
| | | | | | | | | updated where necessary in every IPsec change scenario. | ||||
* | | Remove boot_serial='yes' from loader.conf when serial is disabled, error ↵ | Renato Botelho | 2015-04-16 | 1 | -1/+2 |
| | | | | | | | | introduced by me on commit 986e77a2eab | ||||
* | | Fix unbound warning when dnsallowoverride off and forwarding on | Phil Davis | 2015-04-16 | 1 | -0/+2 |
| | | | | | | | | | | Reported in forum: https://forum.pfsense.org/index.php?topic=92437.0 The $ns array was being used further down, but if dnsallowoverride was off, the array never got created. | ||||
* | | Define var_path global key since it is being used in interfaces.inc, but it ↵ | Renato Botelho | 2015-04-15 | 1 | -0/+1 |
|/ | | | | was not being declared anywhere | ||||
* | Merge pull request #1601 from phil-davis/check-overlapping-subnets | Renato Botelho | 2015-04-15 | 1 | -18/+76 |
|\ | |||||
| * | Check for overlapping subnets when saving interface addresses | Phil Davis | 2015-04-10 | 1 | -18/+76 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This checks if a static IP address entered for an interface has a subnet that overlaps with any other configured subnet. e.g.: LAN is IPv4 10.10.12.1/24 Then try to set OPT1 to 10.10.13.1/23 - it overlaps with LAN because "/23" covers the "12" and "13" together. In the input errors message, display to the user the other interfaces and subnets that overlap/conflict. Then the user has some idea what it is that conflicts and can easily go looking in the right place for the problem. Do the same thing for IPv6 address/CIDR. Note: I have not enhanced any of the checks for conflicts with static routes - there could be cases where a user has a static route like 10.0.0.0/8 pointing to some internal router that has the rest of 10.0.0.0/8 behind it, but the user has some direct-attached subnet inside that - e.g. 10.1.2.0/24 - the routing table should cope with this, delivering directly to 10.1.2.0/24 and routing for the rest of 10.0.0.0/8. So we cannot invalidate all overlaps with static routes. I think this validation will not invalidate any exotic-but-valid use cases. I can't think of when the interface subnets on 2 interfaces can overlap and still be a valid/useful configuration. This should stop people setting up dumb mixes of LAN/OPT1/OPT2... with random addresses and CIDR prefix that overlap each other. | ||||
* | | Re-enable verification for selfhost since their chain issue is resolved. ↵ | Chris Buechler | 2015-04-14 | 1 | -1/+0 |
| | | | | | | | | Ticket #4545 | ||||
* | | set forcesync to 1 by default for now, testing potential impact for Ticket ↵ | Chris Buechler | 2015-04-14 | 1 | -1/+1 |
| | | | | | | | | #4523. | ||||
* | | Revert "Make forcesync default to the same behavior as freebsd rather than ↵ | Chris Buechler | 2015-04-14 | 1 | -2/+1 |
| | | | | | | | | | | | | as intended for cf cards. People with issues on CF can enable the tunable" This reverts commit 34dced26198480d7b02e80578df40336fef89043. | ||||
* | | Make forcesync default to the same behavior as freebsd rather than as ↵ | Ermal LUÇI | 2015-04-14 | 1 | -1/+2 |
| | | | | | | | | intended for cf cards. People with issues on CF can enable the tunable | ||||
* | | Remove redundant/unused call to kldstat | Renato Botelho | 2015-04-14 | 1 | -1/+0 |
| | | |||||
* | | Fix operator | Renato Botelho | 2015-04-14 | 1 | -5/+5 |
| | | |||||
* | | Fix typo in variable name | Renato Botelho | 2015-04-14 | 1 | -1/+1 |
| | | |||||
* | | Merge pull request #1603 from phil-davis/patch-1 | Renato Botelho | 2015-04-14 | 1 | -3/+3 |
|\ \ | |||||
| * | | Fix OpenVPN server listening on associated IPv6 address | Phil Davis | 2015-04-11 | 1 | -3/+3 |
| | | | | | | | | | | | | | | | | | | | | | As reported in forum https://forum.pfsense.org/index.php?topic=92174.0 If the ordinary interface is selected for an OpenVPN server and an IPV6 protocol is selected (e.g. UDP6) then al is good, the "local" line in the server1.conf is written with the primary IPv6 address of the interface. If the interface has other associated VIPs (e.g. a CARP VIP) and the related IPv6 entry is selected as the OpenVPN server interface, then the "local" line was being omitted from server1.conf Regardless of the IP address family, vpn_openvpn_server.php always writes the associated IP address into the settings key 'ipaddr' - which looks like a good and reasonable thing - we only want 1 IP address of some flavor to be remembered here. This changes fixes openvpn.inc so it understands that $settings['ipaddr'] can be IPv4 or IPv6 as does the appropriate stuff with it. | ||||
* | | | Don't remove all of /usr/local/libdata as obsolete files. User-installed | Chris Buechler | 2015-04-13 | 1 | -1/+0 |
| | | | | | | | | | | | | package contents may live there, factory default configs live there. | ||||
* | | | Merge pull request #1605 from Robert-Nelson/issue-4603 | Renato Botelho | 2015-04-13 | 1 | -1/+2 |
|\ \ \ | |||||
| * | | | Only initialize package's log if it doesn't exist | Robert Nelson | 2015-04-12 | 1 | -1/+2 |
| |/ / | |||||
* | | | Merge pull request #1600 from Robert-Nelson/remove-obsolete-logging | Renato Botelho | 2015-04-13 | 1 | -4/+0 |
|\ \ \ | |/ / |/| | | |||||
| * | | Remove obsolete logging code which is duplicated in system_syslogd_start() | Robert Nelson | 2015-04-09 | 1 | -4/+0 |
| |/ | |||||
* | | Setup ADI boards to boot only using serial to avoid duplicated output when ↵ | Renato Botelho | 2015-04-10 | 1 | -4/+14 |
|/ | | | | VGA redirection is enabled | ||||
* | Merge pull request #1467 from PiBa-NL/php_errorlog | Renato Botelho | 2015-04-09 | 1 | -1/+6 |
|\ | |||||
| * | php error logging should 're-fix' with less side effects for now.. ↵ | PiBa-NL | 2015-04-05 | 1 | -1/+6 |
| | | | | | | | | https://redmine.pfsense.org/issues/4143 | ||||
* | | Skip reflection rdrs where the interface doesn't have an IP. Ticket #4564 | Chris Buechler | 2015-04-09 | 1 | -1/+8 |
| | | |||||
* | | Allow disabling the APIPA block via hidden config option. Very rarely ↵ | Chris Buechler | 2015-04-08 | 1 | -2/+8 |
| | | | | | | | | necessary or desirable, but Amazon VPC VPNs use that as their tunnel subnet with BGP setups. | ||||
* | | Only restore rrd.tgz where platform is appropriate, or RAM disk being | Chris Buechler | 2015-04-08 | 1 | -1/+1 |
| | | | | | | | | used, otherwise you're restoring a probably old backup file. Ticket #4531 | ||||
* | | Add Super Micro C2758 to the list of known platforms | Renato Botelho | 2015-04-06 | 1 | -1/+4 |
| | | |||||
* | | Merge pull request #1595 from dneuhaeuser/patch-1 | Renato Botelho | 2015-04-06 | 1 | -3/+3 |
|\ \ | |||||
| * | | small correction of relative paths to icons | dneuhaeuser | 2015-04-03 | 1 | -3/+3 |
| | | | |||||
* | | | Merge pull request #1597 from phil-davis/Common-typos | Renato Botelho | 2015-04-06 | 1 | -2/+2 |
|\ \ \ | |||||
| * | | | Few minor text typos | Phil Davis | 2015-04-04 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | | Note that advertise is spelt with an "s" in other places in the GUI, so making it consistent in services_ntpd - but maybe Americans do spell it "advertize" these days? | ||||
* | | | | Code style | Phil Davis | 2015-04-05 | 1 | -2/+2 |
| |_|/ |/| | | | | | Couple of spaces for new code merged from an old repo/branch | ||||
* | | | Un-screw-up merge | Chris Buechler | 2015-04-04 | 1 | -5/+0 |
| | | | |||||
* | | | Include additional subnets for RAs in radvd.conf. Ticket #4468 | Chris Buechler | 2015-04-04 | 1 | -0/+40 |
| | | | | | | | | | | | | | | | Conflicts: etc/inc/services.inc | ||||
* | | | Fix up Ticket #4504 implementation. Match config style with other areas. Use ↵ | Chris Buechler | 2015-04-04 | 2 | -9/+6 |
| | | | | | | | | | | | | a config setting to disable, rather than enable, this functionality since it's enabled by default so the tag isn't necessary in the default config. Remove now unnecessary config upgrade code. | ||||
* | | | fix type. Ticket #4504 | Chris Buechler | 2015-04-04 | 1 | -1/+1 |
|/ / | |||||
* | | add etc/inc/array_intersect_key.inc to obsoletedfiles | Chris Buechler | 2015-04-04 | 1 | -0/+1 |
| | | |||||
* | | shouldn't need this as its own inc anymore, but only changing in master ↵ | Chris Buechler | 2015-04-04 | 1 | -67/+0 |
| | | | | | | | | since 2_2 nearing release | ||||
* | | uploadbar dir no longer needed | Chris Buechler | 2015-04-04 | 1 | -4/+0 |
| | | |||||
* | | verify certs by default here | Chris Buechler | 2015-04-03 | 1 | -3/+1 |
| | | |||||
* | | Prevent empty addresses for being put in the ruleset. Ticket #4564 | Ermal LUÇI | 2015-04-03 | 1 | -0/+3 |
| | | |||||
* | | Ticket #4504 actually make it correct | Ermal LUÇI | 2015-04-03 | 1 | -1/+3 |
| | | |||||
* | | Upgraded configurations should keep the default configuration of bypassing ↵ | Ermal LUÇI | 2015-04-03 | 1 | -0/+2 |
| | | | | | | | | lan from ipsec. Ticket #4504 | ||||
* | | Fixes #4504 Provide a newline to generate proper config | Ermal LUÇI | 2015-04-03 | 1 | -0/+1 |
| | | |||||
* | | Fixes #4504 Allow the bypass policy for LAN to be enabled and prevent ↵ | Ermal LUÇI | 2015-04-03 | 1 | -0/+19 |
|/ | | | | traffic sent to lan ip to go to the ipsec tunnel | ||||
* | Only use mobile clients PFS config with mobile ph2ent. Ticket #4538 | Chris Buechler | 2015-04-03 | 1 | -1/+1 |
| | | | | | Conflicts: etc/inc/vpn.inc | ||||
* | disable SSL validation for selfhost since it fails. Ticket #4545 | Chris Buechler | 2015-04-03 | 1 | -0/+1 |
| |