| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
accommodate OS X and iOS manual configurations. Fixes #5353
|
| |
|
| |
|
|
|
|
| |
complications of 0 due to PHP stupidity. Upgrade config to add 1 to any configured log levels. Default to 1 as log level where none is configured by the user. Ticket #5340
|
| |
|
|
|
|
| |
unbound-anchor runs otherwise it will fail and unbound will fail to start. fsync the file after writing to prevent the problem. Ticket #5334
|
|
|
|
| |
it's value to list of subnets configured as P2's for mobile IPsec. Fixes #5327.
|
|
|
|
| |
so nothing is duplicated. Ticket #5242
|
|
|
|
| |
rules. Ticket #5320
|
|
|
|
|
|
|
|
|
| |
This was a no-op before my changes (so this was never really enabled) and
now it is known to cause issues with tcpdump and hostapd.
Disable this until we fix all the raised issues.
Issue: #5257
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes #4150. Move to tables to accomodate unlimited number of interfaces.
Cherry-pick 52fe0465b463dd8b8f4b2099d562254da320e704:
Fix the captive portal rules after 98bf4991dc31f97fc7315a6b8aba433de9d39cea.
The malformed rules breaks the parsing of initialisation rules.
Issue: #4746
|
|
|
|
| |
relationship to the signing CA can be maintained. Fixes #5313.
|
|
|
|
| |
the configured IPsec SA's instead of trusting all known CA's. Fixes #5243.
|
|
|
|
| |
were duplicated. Ticket #5242
|
| |
|
|
|
|
| |
EAP-TLS. Fixes #5241.
|
| |
|
|
|
|
|
|
| |
server's interface(s) from dhcrelay"
This reverts commit 97613114b5b74c334609d7fcd79c94741b111793.
|
|
|
|
| |
filter reload to DHCP Relay config so rules are immediately added/removed. Ticket #4558
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
removed CAs, certs, or CRLs remain. Ticket #5238
|
|
|
|
| |
settings take precedence. Set logging levels in strongswan.conf to match what's set on a running system via 'ipsec stroke loglevel', and remove log levels that were hard coded in strongswan.conf. Ticket #5242
|
|
|
| |
Because it breaks traffic graphs for people.https://forum.pfsense.org/index.php?topic=87390.0
|
|
|
|
| |
it applies to all types.
|
|
|
|
| |
change auth methods for both peers when using hybrid RSA + xauth with IKEv1
|
| |
|
|
|
|
| |
Ticket #3858
|
| |
|
|
|
|
| |
Fixes PSK mismatches from iOS clients.
|
|
|
|
| |
IP addresses from RADIUS instead. (Will need an IP address defined for each account.) Doesn't seem to be possible to pull from either RADIUS *or* a local pool that I can see from experimenting and looking at strongSwan's docs.
|
|
|
|
| |
actually works.
|
| |
|
|
|
|
|
| |
"ipfw zone" command, breaking CP for any system that doesn't have VIPs
defined.
|
|
|
|
|
|
| |
just a synonym for IKEv2. Ticket #4873"
This reverts commit 47f802694a1e1dfbbd011d7ec431c0948358b5c3.
|
|
|
|
| |
Ticket #4990
|
|
|
|
|
|
|
| |
fixing is more complex than just fixing the variable screw up and
disabling cert validation for their SSLLabs F-graded site. Updates made on
their site even take quite some time to be reflected, seems to be a largely
abandoned service.
|
|
|
|
| |
over-matching. Ticket #5211
|
|\ |
|
| |
| |
| |
| |
| | |
This one will log_error() the DHCP pool message when it detects the inconsistency at the end of the setup wizard during reload all.
That way it can still be seen in the system log that this happened, and one day someone might chase down all the steps in the "reload all" process.
Compare this with https://github.com/pfsense/pfsense/pull/1935 and choose which way you would like to go.
|
| | |
|
|/
|
| |
The remove_text_from_file() is not needed at all. However, system_syslogd_start() must be run after the package entries are gone from config.xml, otherwise system_syslogd_start() just re-adds the (now almost removed) package logging configuration from there.
|
|
|
|
| |
gateway groups this way, and cache doesn't really matter here. Partial fix for Ticket #4990
|
|
|
|
|
|
|
| |
are too short to be a valid voucher.
Discussed with: Jim P
Issue: #4985
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes Redmine #4884
1) Line 778-780 - If the fetch of any of the package additional files
fails then bail out. This prevents half-installed packages that look
like they had a successful install.
2) Line 1458 - use the return boolean value from
download_file_with_progress_bar() to determine success or failure here,
like is done in the other places in this file. I had a case of
installing a package with an error (timeout) and the download (I presume
it was the download code) had left an empty file
/usr/local/pkg/autoconfigbackup.xml - it passed the file_exists() check
and the rest of the code went on to happily install the "nothing" in the
package and then claim the package was successfully installed :(
After the above 2 changes I could get reliable indication of
success/failure of the package install and the code would abort nicely
if a download went wrong.
3) Package installs happen either:
i) On the end of a boot after upgrade or config restore, or;
ii) Online while the main system is running (happily)
Therefore there is no need to rush to abort if the download of a package
file is taking some time to get started. It seems better to me to wait a
decent amount of time rather than abort.
Thus I have increased the connect timeout for this from the default (5)
to 30 seconds.
This makes my crap sites load packages much better :)
|
| |
| |
| |
| | |
Resubmit of #1793
|
| |
| |
| |
| |
| | |
https://redmine.pfsense.org/issues/4830
https://forum.pfsense.org/index.php?topic=95908.0
|