summaryrefslogtreecommitdiffstats
path: root/usr/local/www/vpn_ipsec_phase1.php
Commit message (Collapse)AuthorAgeFilesLines
* Do not store CA and CERT in config unless needed. Will allow deleting unused ↵Evgeny Yurchenko2011-06-211-0/+5
| | | | certs.
* Add a GUI selection for racoon's generate_policy directive since it may be ↵jim-p2011-06-031-0/+18
| | | | useful in certain configurations, especially for mobile clients.
* Correct variable name. This could never have deleted the static route for ↵smos2011-02-241-1/+1
| | | | IPsec vpns on multi wan
* Don't save CA/Cert for a PSK IPsec tunnel.jim-p2011-01-311-0/+8
|
* Ticket 1041. Fix bad commit...Pierre POMES2010-12-121-1/+1
|
* Add IPSec 'ipalias' VIP support. Ticket #1041Pierre POMES2010-12-101-0/+3
|
* Fix vip descriptions in openvpn and ipsec screens. Ticket #1042Pierre POMES2010-12-061-1/+1
|
* Fix XSS issuesScott Ullrich2010-11-121-7/+7
|
* Rename 'name' to 'descr' for CA, Certificates, and CRLs, to gain CDATA ↵jim-p2010-10-191-2/+2
| | | | protection and standardize field names. Ticket #320.
* Fixup comments a little.jim-p2010-10-111-0/+3
|
* Correct and cleanup this input validation logic for IPsec Phase 1 PSK/Cert ↵jim-p2010-10-111-6/+15
| | | | config. In some cases the test was not being evaluated as expected.
* CA/CERT Movejim-p2010-09-011-2/+2
|
* Let the user choose the IPsec CA instead of assuming.jim-p2010-08-131-2/+27
|
* Add a GUI selection for the proposal_check config option. Provide all the ↵jim-p2010-08-131-1/+18
| | | | choices from racoon.conf(5) plus a "default" which will keep the old behavior.
* Modify various (s)printf format strings to allow translations to change the ↵Erik Fonnesbeck2010-08-111-1/+1
| | | | order of the inserted strings.
* Fix gettext implementation on vpn_ipsec_phase1.phpCarlos Eduardo Ramos2010-07-301-1/+1
|
* Implement gettext() calls on vpn_ipsec_phase1.phpCarlos Eduardo Ramos2010-07-271-68/+68
|
* Remove Logs tab from OpenVPN, as it is no longer needed.jim-p2010-06-011-1/+0
|
* Add status/log icons to IPsec pages.jim-p2010-06-011-0/+3
|
* Only enforce peer ID and psk on p1 screen if we are NOT dealing with a ↵jim-p2010-05-061-21/+38
| | | | pure-psk mobile tunnel (which is the behavior in 1.2.3). Hide irrelevant options. Part of ticket #108.
* Reorder Auth. Method and PSK field to a more logical sequence. Part of ↵jim-p2010-05-061-32/+33
| | | | ticket #108.
* Move { and } to same line.sullrich2009-12-021-6/+3
|
* Rework includes/require. This saves about 4 megabytes.Scott Ullrich2009-11-211-0/+2
| | | | Simplify get_memory(). Tested on mips/i386
* add links to IPsec logs under IPsec status and other pagesChris Buechler2009-11-071-0/+1
|
* * Convert carp/vips code to behave the same as other interfaces.Ermal Luçi2009-10-011-5/+3
| | | | | | | | * Make optimizations around it. * Make sure when we reload teh underlying interface we reload carp too. * Some fixes around the code. Reviewed-by: scott@ and billm@
* Include functions.inc which will then include ipsec.incScott Ullrich2009-08-231-1/+1
|
* Unbreak ipsec. ipsec.inc is needed to set the various drop down box values ↵Scott Ullrich2009-08-231-1/+1
| | | | such as 'IP Address, Encryption Algo, etc.. Someone needs a big pointy hat.
* Fix interface list usageErmal Luçi2009-07-071-3/+0
| | | | WARN: Please ask before introducing old code on what have changed!
* Fix ipsec vpn phase1 post code so that we correctly try to delete the old ↵Seth Mos2009-07-061-3/+4
| | | | static route if required.
* * Reorganize the 'apply' button infrustructure in the GUI.Ermal Luçi2009-06-301-1/+1
| | | | | | - Present three new functions is/mark/clear_subsystem_dirty('name_of_subsystem'). This makes easier to create such things without needing to introduce new globals. - Convert all pages to the new infrustructure - This improves a lot the control on this notification
* Move the IPsec pinghost option from phase1 to phase2. Correct somemgrooms2009-03-151-11/+0
| | | | bugs that were preventing the local address from being selected.
* Migrate IPsec certificate management to centralized system.mgrooms2009-03-121-52/+30
|
* Cleanup ipsec interfaces a bit and make sure they are displayed in tabs for ↵mgrooms2009-03-121-296/+345
| | | | consistency.
* Add initial support for granular IPsec SPD changes.Seth Mos2009-01-161-0/+16
|
* Fix a few minor problems with the IPsec configuration interface. Make sureMatthew Grooms2008-09-161-1/+4
| | | | | | we don't copy the ikeid when duplicating a phase1 entry. Simplify the code that deletes all associated phase2 entries when a phase1 is deleted. I was and still am learning the finer points of php.
* Add CSS headerScott Ullrich2008-08-301-0/+3
|
* Rework most of the OpenVPN support. The interfaces have been updated toMatthew Grooms2008-08-261-11/+2
| | | | | | | | | | not use the pkg system and the configuration has been migrated to an openvpn prefix. The centralized user and certificate manager is now used to support the openvpn configurations. Most of the files removed in this commit were not being referenced. This commit also splits out the certificate management components into a new system menu item.
* Only read ipsec phase1 configuration values that are relvent for theMatthew Grooms2008-08-241-4/+9
| | | | | configured authentication method. This silences harmless php warnings. Reported by Scott Ullrich.
* Rewrite the pfsense privilege system with the following goals in mind ...Matthew Grooms2008-08-011-0/+8
| | | | | | | | 1) Redefine page privileges to not use static urls 2) Accurate generation of privilege definitions from source 3) Merging the user and group privileges into a single set 4) Allow any privilege to be added to users or groups w/ inheritance 5) Cleaning up the related WebUI pages
* Introduce a new and improved version of IPsec mobile client support. TheMatthew Grooms2008-07-131-92/+176
| | | | | | | mobile client tab is now used to configure user authentication (Xauth) and client configuration (mode-cfg) options. User authentication is currently limited to system password file entries. This will be extended to support external RADIUS and LDAP account DBs in a follow up comiit.
* Overhaul IPsec related code. Shared functions have been consolidated intoMatthew Grooms2008-07-111-0/+635
a new file named /etc/ipsec.inc. Tunnel definitions have been split into phase1 and phase2. This allows any number of phase2 definitions to be created for a single phase1 definition. Several facets of configuration have also been improved. The key size for variable length algorithms can now be selected and the phase1 ID options have been extended to allow for more flexible configuration. Several NAT-T related issues have also been resolved. Please note, IPsec remote access functionality has been temporarily disabled. An improved implementation will be included in a follow up commit.
OpenPOWER on IntegriCloud