summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* Fixes #4625 correct disconnection of users especially when called from ↵Ermal LUÇI2015-04-161-1/+3
| | | | xmlrpc code.
* Merge pull request #1612 from ibauersachs/ipsec-mobile-eap-radiusErmal LUÇI2015-04-162-1/+37
|\
| * Add support for EAP-RADIUS to IKEv2 Mobile ClientsIngo Bauersachs2015-04-152-1/+37
| |
* | Always do a filter reload in vpn_ipsec_configure to ensure the ruleset isChris Buechler2015-04-161-2/+3
| | | | | | | | updated where necessary in every IPsec change scenario.
* | Remove boot_serial='yes' from loader.conf when serial is disabled, error ↵Renato Botelho2015-04-161-1/+2
| | | | | | | | introduced by me on commit 986e77a2eab
* | Fix unbound warning when dnsallowoverride off and forwarding onPhil Davis2015-04-161-0/+2
| | | | | | | | | | Reported in forum: https://forum.pfsense.org/index.php?topic=92437.0 The $ns array was being used further down, but if dnsallowoverride was off, the array never got created.
* | Define var_path global key since it is being used in interfaces.inc, but it ↵Renato Botelho2015-04-151-0/+1
|/ | | | was not being declared anywhere
* Merge pull request #1601 from phil-davis/check-overlapping-subnetsRenato Botelho2015-04-151-18/+76
|\
| * Check for overlapping subnets when saving interface addressesPhil Davis2015-04-101-18/+76
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This checks if a static IP address entered for an interface has a subnet that overlaps with any other configured subnet. e.g.: LAN is IPv4 10.10.12.1/24 Then try to set OPT1 to 10.10.13.1/23 - it overlaps with LAN because "/23" covers the "12" and "13" together. In the input errors message, display to the user the other interfaces and subnets that overlap/conflict. Then the user has some idea what it is that conflicts and can easily go looking in the right place for the problem. Do the same thing for IPv6 address/CIDR. Note: I have not enhanced any of the checks for conflicts with static routes - there could be cases where a user has a static route like 10.0.0.0/8 pointing to some internal router that has the rest of 10.0.0.0/8 behind it, but the user has some direct-attached subnet inside that - e.g. 10.1.2.0/24 - the routing table should cope with this, delivering directly to 10.1.2.0/24 and routing for the rest of 10.0.0.0/8. So we cannot invalidate all overlaps with static routes. I think this validation will not invalidate any exotic-but-valid use cases. I can't think of when the interface subnets on 2 interfaces can overlap and still be a valid/useful configuration. This should stop people setting up dumb mixes of LAN/OPT1/OPT2... with random addresses and CIDR prefix that overlap each other.
* | Re-enable verification for selfhost since their chain issue is resolved. ↵Chris Buechler2015-04-141-1/+0
| | | | | | | | Ticket #4545
* | set forcesync to 1 by default for now, testing potential impact for Ticket ↵Chris Buechler2015-04-141-1/+1
| | | | | | | | #4523.
* | Revert "Make forcesync default to the same behavior as freebsd rather than ↵Chris Buechler2015-04-141-2/+1
| | | | | | | | | | | | as intended for cf cards. People with issues on CF can enable the tunable" This reverts commit 34dced26198480d7b02e80578df40336fef89043.
* | Make forcesync default to the same behavior as freebsd rather than as ↵Ermal LUÇI2015-04-141-1/+2
| | | | | | | | intended for cf cards. People with issues on CF can enable the tunable
* | Remove redundant/unused call to kldstatRenato Botelho2015-04-141-1/+0
| |
* | Fix operatorRenato Botelho2015-04-141-5/+5
| |
* | Fix typo in variable nameRenato Botelho2015-04-141-1/+1
| |
* | Merge pull request #1603 from phil-davis/patch-1Renato Botelho2015-04-141-3/+3
|\ \
| * | Fix OpenVPN server listening on associated IPv6 addressPhil Davis2015-04-111-3/+3
| | | | | | | | | | | | | | | | | | | | | As reported in forum https://forum.pfsense.org/index.php?topic=92174.0 If the ordinary interface is selected for an OpenVPN server and an IPV6 protocol is selected (e.g. UDP6) then al is good, the "local" line in the server1.conf is written with the primary IPv6 address of the interface. If the interface has other associated VIPs (e.g. a CARP VIP) and the related IPv6 entry is selected as the OpenVPN server interface, then the "local" line was being omitted from server1.conf Regardless of the IP address family, vpn_openvpn_server.php always writes the associated IP address into the settings key 'ipaddr' - which looks like a good and reasonable thing - we only want 1 IP address of some flavor to be remembered here. This changes fixes openvpn.inc so it understands that $settings['ipaddr'] can be IPv4 or IPv6 as does the appropriate stuff with it.
* | | Don't remove all of /usr/local/libdata as obsolete files. User-installedChris Buechler2015-04-131-1/+0
| | | | | | | | | | | | package contents may live there, factory default configs live there.
* | | Merge pull request #1605 from Robert-Nelson/issue-4603Renato Botelho2015-04-131-1/+2
|\ \ \
| * | | Only initialize package's log if it doesn't existRobert Nelson2015-04-121-1/+2
| |/ /
* | | Merge pull request #1600 from Robert-Nelson/remove-obsolete-loggingRenato Botelho2015-04-131-4/+0
|\ \ \ | |/ / |/| |
| * | Remove obsolete logging code which is duplicated in system_syslogd_start()Robert Nelson2015-04-091-4/+0
| |/
* | Setup ADI boards to boot only using serial to avoid duplicated output when ↵Renato Botelho2015-04-101-4/+14
|/ | | | VGA redirection is enabled
* Merge pull request #1467 from PiBa-NL/php_errorlogRenato Botelho2015-04-091-1/+6
|\
| * php error logging should 're-fix' with less side effects for now.. ↵PiBa-NL2015-04-051-1/+6
| | | | | | | | https://redmine.pfsense.org/issues/4143
* | Skip reflection rdrs where the interface doesn't have an IP. Ticket #4564Chris Buechler2015-04-091-1/+8
| |
* | Allow disabling the APIPA block via hidden config option. Very rarely ↵Chris Buechler2015-04-081-2/+8
| | | | | | | | necessary or desirable, but Amazon VPC VPNs use that as their tunnel subnet with BGP setups.
* | Only restore rrd.tgz where platform is appropriate, or RAM disk beingChris Buechler2015-04-081-1/+1
| | | | | | | | used, otherwise you're restoring a probably old backup file. Ticket #4531
* | Add Super Micro C2758 to the list of known platformsRenato Botelho2015-04-061-1/+4
| |
* | Merge pull request #1595 from dneuhaeuser/patch-1Renato Botelho2015-04-061-3/+3
|\ \
| * | small correction of relative paths to iconsdneuhaeuser2015-04-031-3/+3
| | |
* | | Merge pull request #1597 from phil-davis/Common-typosRenato Botelho2015-04-061-2/+2
|\ \ \
| * | | Few minor text typosPhil Davis2015-04-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Note that advertise is spelt with an "s" in other places in the GUI, so making it consistent in services_ntpd - but maybe Americans do spell it "advertize" these days?
* | | | Code stylePhil Davis2015-04-051-2/+2
| |_|/ |/| | | | | Couple of spaces for new code merged from an old repo/branch
* | | Un-screw-up mergeChris Buechler2015-04-041-5/+0
| | |
* | | Include additional subnets for RAs in radvd.conf. Ticket #4468Chris Buechler2015-04-041-0/+40
| | | | | | | | | | | | | | | Conflicts: etc/inc/services.inc
* | | Fix up Ticket #4504 implementation. Match config style with other areas. Use ↵Chris Buechler2015-04-042-9/+6
| | | | | | | | | | | | a config setting to disable, rather than enable, this functionality since it's enabled by default so the tag isn't necessary in the default config. Remove now unnecessary config upgrade code.
* | | fix type. Ticket #4504Chris Buechler2015-04-041-1/+1
|/ /
* | add etc/inc/array_intersect_key.inc to obsoletedfilesChris Buechler2015-04-041-0/+1
| |
* | shouldn't need this as its own inc anymore, but only changing in master ↵Chris Buechler2015-04-041-67/+0
| | | | | | | | since 2_2 nearing release
* | uploadbar dir no longer neededChris Buechler2015-04-041-4/+0
| |
* | verify certs by default hereChris Buechler2015-04-031-3/+1
| |
* | Prevent empty addresses for being put in the ruleset. Ticket #4564Ermal LUÇI2015-04-031-0/+3
| |
* | Ticket #4504 actually make it correctErmal LUÇI2015-04-031-1/+3
| |
* | Upgraded configurations should keep the default configuration of bypassing ↵Ermal LUÇI2015-04-031-0/+2
| | | | | | | | lan from ipsec. Ticket #4504
* | Fixes #4504 Provide a newline to generate proper configErmal LUÇI2015-04-031-0/+1
| |
* | Fixes #4504 Allow the bypass policy for LAN to be enabled and prevent ↵Ermal LUÇI2015-04-031-0/+19
|/ | | | traffic sent to lan ip to go to the ipsec tunnel
* Only use mobile clients PFS config with mobile ph2ent. Ticket #4538Chris Buechler2015-04-031-1/+1
| | | | | Conflicts: etc/inc/vpn.inc
* disable SSL validation for selfhost since it fails. Ticket #4545Chris Buechler2015-04-031-0/+1
|
OpenPOWER on IntegriCloud