summaryrefslogtreecommitdiffstats
path: root/src/etc/inc/vpn.inc
Commit message (Collapse)AuthorAgeFilesLines
...
* The net.inet.ip.fastforward sysctl is retired now.Luiz Otavio O Souza2015-10-311-3/+0
| | | | | | Tryforward instead, is always on and is compatible with IPSEC. TAG: tryforward
* Set leftsendcert=always for IKEv2 configurations with certificates to better ↵jim-p2015-10-281-0/+5
| | | | accommodate OS X and iOS manual configurations. Fixes #5353
* Make setting charon.plugins.attr.subnet conditional on net_list being set. SetMatt Smith2015-10-211-3/+1
| | | | it's value to list of subnets configured as P2's for mobile IPsec. Fixes #5327.
* Disable strongswan logging under auth since it's all logged under daemon,Chris Buechler2015-10-201-0/+5
| | | | so nothing is duplicated. Ticket #5242
* Limit strongswan trusted CA certificates to those required for authentication ofMatt Smith2015-10-161-22/+46
| | | | the configured IPsec SA's instead of trusting all known CA's. Fixes #5243.
* only use daemon and not auth for strongswan logging. As it was, all logs ↵Chris Buechler2015-10-151-6/+0
| | | | were duplicated. Ticket #5242
* Set rightca for IPsec phase 1 using Mutual RSA, Mutual RSA + xauth, or ↵Matt Smith2015-10-151-0/+24
| | | | EAP-TLS. Fixes #5241.
* Merge pull request #1689 from jlduran/l2tp-mschapv2Matt Smith2015-10-141-4/+10
|\
| * Add MS-CHAPv2 option to L2TP ConfigurationJose Luis Duran2015-09-221-4/+10
| | | | | | | | See [#4732](https://redmine.pfsense.org/issues/4732)
* | Remove strongswan's cert directories and repopulate them, to ensure no ↵Chris Buechler2015-10-121-0/+5
| | | | | | | | removed CAs, certs, or CRLs remain. Ticket #5238
* | Fix up strongswan logging levels. Remove charondebug since strongswan.conf ↵Chris Buechler2015-10-121-7/+11
| | | | | | | | settings take precedence. Set logging levels in strongswan.conf to match what's set on a running system via 'ipsec stroke loglevel', and remove log levels that were hard coded in strongswan.conf. Ticket #5242
* | https://redmine.pfsense.org/issues/5207Matt Smith2015-10-071-2/+1
| | | | | | | | change auth methods for both peers when using hybrid RSA + xauth with IKEv1
* | Add support for an IPv6 pool for mobile clients.Matt Smith2015-10-071-3/+11
| |
* | Specify PSK for mobile configurations without the leading ID selectors. ↵Chris Buechler2015-10-021-0/+3
| | | | | | | | Fixes PSK mismatches from iOS clients.
* | When using eap-radius, if the virtual address pool is left blank, pull the ↵jim-p2015-10-011-2/+6
| | | | | | | | | | | | IP addresses from RADIUS instead. (Will need an IP address defined for each account.) Doesn't seem to be possible to pull from either RADIUS *or* a local pool that I can see from experimenting and looking at strongSwan's docs.
* | Specify %any where identifier is "any", so the note on these pagesChris Buechler2015-10-011-0/+3
|/ | | | actually works.
* Merge pull request #1750 from TarasSavchuk/patch-1Renato Botelho2015-09-211-0/+7
|
* Merge pull request #1808 from miken32/masterRenato Botelho2015-09-211-0/+9
|
* White space and minor bits in etcPhil Davis2015-09-161-5/+5
| | | | Cleaner version of https://github.com/pfsense/pfsense/pull/1846
* Retire PPTP server, fixes #4226:Renato Botelho2015-09-151-235/+0
| | | | | | | - Remove PPTP server and all related code - Bump config version 12.2 - Write upgrade config code to remove pptpd section and also cleanup firewall and NAT rules using PPTP interface or src/des
* Move main pfSense content to src/Renato Botelho2015-08-251-0/+2056
OpenPOWER on IntegriCloud