| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
|
|
|
|
| |
authenticator.
|
|\ |
|
| | |
|
| | |
|
| | |
|
|/
|
|
|
|
|
| |
Add key lengths to the OpenVPN options, for asymmetric keys of size 3072 (for current use), 7680, 15360 (for long term resistance), 8192 and 16384 (common binary exponents).
These are both supported by OpenVPN anyhow, and for certain uses are currently recommended (eg long term resistance to replay/decryption). See keylength.com for citations.
This PR would only affect OpenVPN, and OpenVPN supports these key sizes, so should not cause any issue.
|
| |
|
|
|
|
|
|
|
| |
This note is never going to display, because $DisplayNote is only set in
a function and is not global.
In any case, I don't think the message is true (maybe it was true in the
past?).
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out that current CARP implementation is not much different from an IP alias.
This commit converts the IP alias to also use the CARP uniqid scheme, this simplify the code in all other places because now we have only two different cases to deal with:
- A friendly interface name (lan, wan, opt1, etc.);
- A Virtual IP - VIP alias (_vip{$uniqid}) - CARP or IP Alias.
The parent of a CARP is always a friendly interface. The parent of an IP alias can be a friendly interface or a CARP (this is the only case of recursion of a VIP).
This commit removes a few cases where CARP were still considered a interface (the old CARP implementation), fixes all the wrong cases of strpos() being used to detect a VIP address (wont work as it returns '0' which fails when tested as 'TRUE'), review the usage of CARP and IP alias as services bind addresses, fixes general issues of adding and editing VIP addresses.
The following subsystems were affected by this changes:
- IPSEC;
- OpenVPN;
- dnsmasq;
- NTP;
- gateways and gateway groups;
- IPv6 RA;
- GRE interfaces;
- CARP status;
- Referrer authentication.
Fixes (and/or revisit) the following tickets:
- Ticket #3257
- Ticket #3716
- Ticket #4450
- Ticket #4858
- Ticket #5441
- Ticket #5442
- Ticket #5500
- Ticket #5783
- Ticket #5844
|
| |
|
| |
|
|
|
|
| |
CIDR less than 30.
|
| |
|
| |
|
|
|
|
| |
ip2long32() etc are used
|
|
|
|
|
|
|
| |
After a gitsync just now I started getting "cannot redeclare
kill_client" error messages. Whatever it was that caused this to start
happening, the kill_client() function in these 2 places is identical.
Might as well put it in openvpn.inc
|
|
|
|
| |
was the reason they were added, it was never finished and it's not being used
|
| |
|
| |
|
|
|
|
| |
clear they should be using certificates created as Server certificates for this purpose -- it's still valid to use non-server certs but it's not what most people intend to do. Ticket #5602
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
selection. Issue #5526
P2P is there but commented out for now.
|
|
|
|
|
|
| |
Ticket #5526
Still needs GUI work and other items mentioned on https://redmine.pfsense.org/issues/5526
|
|
|
|
|
| |
Remove the XHTML standard Boolean operators (makes reading HTML much
simpler).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Forum:
https://forum.pfsense.org/index.php?topic=103036.msg574854#msg574854
A few functions were in both client and server PHP already and were the
same.
build_crl_list() was missing from client PHP.
build_cert_list() was slightly different in server and client PHP. I
made a common one that takes a parameter. Maybe actually they should
both be the same? or? Anyway for the first iteration I went for
consolidation with no change of code behavior.
Some functions were only in server PHP and only used by server PHP. I
moved them to openvpn.inc anyway - seems more logical for the future.
But say if you prefer them back in just server PHP.
|
|
|
|
|
|
| |
This applies the little changes in etc/inc master to the bootstrap
branch so that etc/inc in bootstrap will now just have the real
differences that are due to real bootstrap changes.
|
| |
|
|
|