Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Remove not needed anymore function | Ermal | 2014-03-06 | 1 | -5/+0 |
| | |||||
* | First swing at converting from racoon to StrongSWAN. | Ermal | 2014-02-06 | 1 | -1/+0 |
| | | | | | | | | | | | | | | | | | | | | | | It allows to use existing configurations on xml to generate StrongSWAN configurations. So its only IKEv1 * Missing support for dynamic ips(hostnames) - resolver plugin of StrongSWAN needs to be configured in strongswan.conf * Authentication plugin with pfSense authentication framework - New plugin almost completed * More testing hence this being pushed now to have more broader look TODO * Integrate IKEv2 * Move dynamic IP allocation to an SQLite backend * Provide more options in authenticating as a client(initiator) * Restrict interfaces where StrongSWAN listens for incoming connections to only those configured FUTUTE * Move all configuration to SQLite backend * Integrate more authentication scenarios of IKEv2 | ||||
* | Change test after IPsec apply to check for any value >= 0. If a user has ↵ | jim-p | 2013-06-18 | 1 | -1/+1 |
| | | | | hostnames vpn_ipsec_configure() now returns the number of hostnames, so the previous test failed and the "apply changes" button would never go away. | ||||
* | Delete SPDs when an IPSec tunnel is deleted. | Rafael Abdo | 2013-01-09 | 1 | -3/+9 |
| | | | | | | | | - Add new function to delete SPDs (see 'remove_tunnel_spd_policy($phase1,$phase2)' on vpn.inc) - Change vpn_ipsec.php to delete SPDs on phase 2 and phase 1. - Change the method GET to delete phase 2 (needs to inform which is the phase 1) It should fix #2719. | ||||
* | Standardize hypenation and capitalization of Pre-Shared Key | jim-p | 2012-10-26 | 1 | -1/+1 |
| | |||||
* | Activate new shortcuts/status in the rest of the areas that are currently setup. | jim-p | 2012-08-10 | 1 | -2/+1 |
| | |||||
* | Add Gateway Group support to the IPsec interface drop down. | smos | 2012-06-03 | 1 | -0/+11 |
| | | | | | | Edit of gateway group correctly reflects the new IP Address. We need to make a blacklist for interface names in the gateway group edit page. Redmine ticket #1965 | ||||
* | Merge remote branch 'upstream/master' | jim-p | 2011-06-03 | 1 | -0/+3 |
|\ | | | | | | | | | Conflicts: etc/inc/openvpn.inc | ||||
| * | Allow duplicating an IPsec phase 2. The code was already on ↵ | jim-p | 2011-06-03 | 1 | -0/+3 |
| | | | | | | | | vpn_ipsec_phase2.php but unlinked. | ||||
* | | Merge remote branch 'upstream/master' | Seth Mos | 2011-04-12 | 1 | -1/+3 |
|\ \ | |/ | |||||
| * | Add a toggle under System > Advanced on the misc tab to enable/disable debug ↵ | jim-p | 2011-04-11 | 1 | -1/+3 |
| | | | | | | | | mode for racoon. | ||||
* | | Show the proper Phase entry for the IPv6 tunnels | Seth Mos | 2011-03-14 | 1 | -3/+3 |
|/ | |||||
* | Add IPSec 'ipalias' VIP support. Ticket #1041 | Pierre POMES | 2010-12-10 | 1 | -1/+4 |
| | |||||
* | Fix text for the P1 table header. | Erik Fonnesbeck | 2010-11-24 | 1 | -2/+2 |
| | |||||
* | Remove unused variable. | jim-p | 2010-10-05 | 1 | -2/+0 |
| | |||||
* | Reorder this, otherwise the function doesn't pick up on the config change. | jim-p | 2010-08-12 | 1 | -1/+2 |
| | |||||
* | Implement gettext() calls on vpn_ipsec.php | Carlos Eduardo Ramos | 2010-07-27 | 1 | -35/+35 |
| | |||||
* | Ticket #655. Call vpn_ipsec_configured in all cases it knows how to handle ↵ | Ermal | 2010-06-15 | 1 | -7/+1 |
| | | | | enabled/disabled ipsec setting. | ||||
* | Remove Logs tab from OpenVPN, as it is no longer needed. | jim-p | 2010-06-01 | 1 | -1/+0 |
| | |||||
* | Add status/log icons to IPsec pages. | jim-p | 2010-06-01 | 1 | -0/+3 |
| | |||||
* | Add PSK tab to all IPsec pages, it was missing from some. | jim-p | 2010-05-13 | 1 | -1/+2 |
| | |||||
* | Show p2 items correctly (add missing td's) | Scott Ullrich | 2010-04-19 | 1 | -0/+5 |
| | |||||
* | Remove some sort of extra space/break in ipsec screen. Ticket #211 | pierrepomes | 2009-12-13 | 1 | -1/+0 |
| | |||||
* | Remove ph2 add button. It is shown when needed | sullrich | 2009-12-07 | 1 | -3/+0 |
| | |||||
* | Pass ph1ent | sullrich | 2009-12-07 | 1 | -2/+3 |
| | |||||
* | Make g a global and pass ph1ent | sullrich | 2009-12-07 | 1 | -1/+2 |
| | |||||
* | Replace dollarsigndollarsign with dollarsign | sullrich | 2009-12-07 | 1 | -1/+1 |
| | |||||
* | fix typos | Chris Buechler | 2009-12-07 | 1 | -1/+1 |
| | |||||
* | Require filter.inc and shaper.inc | Scott Ullrich | 2009-11-21 | 1 | -1/+3 |
| | |||||
* | Rework includes/require. This saves about 4 megabytes. | Scott Ullrich | 2009-11-21 | 1 | -0/+2 |
| | | | | Simplify get_memory(). Tested on mips/i386 | ||||
* | add links to IPsec logs under IPsec status and other pages | Chris Buechler | 2009-11-07 | 1 | -0/+1 |
| | |||||
* | Kill racoon when disabling IPSEC. Restart it if re-enabled. | Scott Ullrich | 2009-11-07 | 1 | -1/+8 |
| | |||||
* | * Convert carp/vips code to behave the same as other interfaces. | Ermal Luçi | 2009-10-01 | 1 | -5/+3 |
| | | | | | | | | * Make optimizations around it. * Make sure when we reload teh underlying interface we reload carp too. * Some fixes around the code. Reviewed-by: scott@ and billm@ | ||||
* | Nuke sorting it apparently changed the ID association | Scott Ullrich | 2009-09-23 | 1 | -3/+0 |
| | |||||
* | WIP: IPSec changes | Eirik Oeverby | 2009-09-22 | 1 | -1/+1 |
| | |||||
* | WIP: fixing IPSec screens/config | Eirik Oeverby | 2009-09-22 | 1 | -1/+1 |
| | |||||
* | Sort items | Scott Ullrich | 2009-09-11 | 1 | -1/+3 |
| | |||||
* | Include functions.inc which will then include ipsec.inc | Scott Ullrich | 2009-08-23 | 1 | -1/+1 |
| | |||||
* | Unbreak ipsec! | Scott Ullrich | 2009-08-23 | 1 | -1/+1 |
| | |||||
* | Fix incorrect double click edit link for phase2 records. | Seth Mos | 2009-07-15 | 1 | -1/+1 |
| | | | | The link referred the phase2 edit page with the phase1 id which was incorrect | ||||
* | * Reorganize the 'apply' button infrustructure in the GUI. | Ermal Luçi | 2009-06-30 | 1 | -3/+3 |
| | | | | | | - Present three new functions is/mark/clear_subsystem_dirty('name_of_subsystem'). This makes easier to create such things without needing to introduce new globals. - Convert all pages to the new infrustructure - This improves a lot the control on this notification | ||||
* | Remove some unneccessary calls to filter_configure() they just give recursivity! | Ermal Luçi | 2009-06-18 | 1 | -1/+1 |
| | |||||
* | * Create two new functions lock($subsystem)/unlock() to have more reliable ↵ | Ermal Luçi | 2009-05-08 | 1 | -2/+0 |
| | | | | | | | | | | | locking using semaphores. This function can sleep till the resource is free and can help find not well behaving code. * Remove most of the config_lock/config_unlock logics on the whole scripts/pages it is an abuse of this. If any sybsytem wants to lock can do so with its own lock. * Lock the config when doing a filter reload to avoid parallell recursion on this function, since it is not reentrant. This compenstates for the removal of lock aquiring from the scripts/pages. * config_lock/config_unlock are now compate shims that do nothing. They are preserved since packages 'abuse' them too. | ||||
* | * Do not apply the settings directly from hitting the SAVE button show the ↵ | Ermal Luçi | 2009-04-22 | 1 | -14/+4 |
| | | | | apply settings option for consistency with other pages. | ||||
* | Modify IPsec code to allow for transport mode. All existing configurations are | mgrooms | 2009-03-15 | 1 | -0/+10 |
| | | | | | marked as tunnel for backwards compatibility. There are problems with the spd read code which Will likely choke on transport entries. We can fix this later. | ||||
* | Move the IPsec pinghost option from phase1 to phase2. Correct some | mgrooms | 2009-03-15 | 1 | -1/+1 |
| | | | | bugs that were preventing the local address from being selected. | ||||
* | Migrate IPsec certificate management to centralized system. | mgrooms | 2009-03-12 | 1 | -1/+0 |
| | |||||
* | Make sure the field names and description match up | Seth Mos | 2009-03-12 | 1 | -10/+10 |
| | |||||
* | Add initial support for granular IPsec SPD changes. | Seth Mos | 2009-01-16 | 1 | -0/+6 |
| | |||||
* | Make table headers reflect reality | Bill Marquette | 2008-12-07 | 1 | -6/+6 |
| |