Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Do not store CA and CERT in config unless needed. Will allow deleting unused ↵ | Evgeny Yurchenko | 2011-06-21 | 1 | -0/+5 |
| | | | | certs. | ||||
* | Add a GUI selection for racoon's generate_policy directive since it may be ↵ | jim-p | 2011-06-03 | 1 | -0/+18 |
| | | | | useful in certain configurations, especially for mobile clients. | ||||
* | Correct variable name. This could never have deleted the static route for ↵ | smos | 2011-02-24 | 1 | -1/+1 |
| | | | | IPsec vpns on multi wan | ||||
* | Don't save CA/Cert for a PSK IPsec tunnel. | jim-p | 2011-01-31 | 1 | -0/+8 |
| | |||||
* | Ticket 1041. Fix bad commit... | Pierre POMES | 2010-12-12 | 1 | -1/+1 |
| | |||||
* | Add IPSec 'ipalias' VIP support. Ticket #1041 | Pierre POMES | 2010-12-10 | 1 | -0/+3 |
| | |||||
* | Fix vip descriptions in openvpn and ipsec screens. Ticket #1042 | Pierre POMES | 2010-12-06 | 1 | -1/+1 |
| | |||||
* | Fix XSS issues | Scott Ullrich | 2010-11-12 | 1 | -7/+7 |
| | |||||
* | Rename 'name' to 'descr' for CA, Certificates, and CRLs, to gain CDATA ↵ | jim-p | 2010-10-19 | 1 | -2/+2 |
| | | | | protection and standardize field names. Ticket #320. | ||||
* | Fixup comments a little. | jim-p | 2010-10-11 | 1 | -0/+3 |
| | |||||
* | Correct and cleanup this input validation logic for IPsec Phase 1 PSK/Cert ↵ | jim-p | 2010-10-11 | 1 | -6/+15 |
| | | | | config. In some cases the test was not being evaluated as expected. | ||||
* | CA/CERT Move | jim-p | 2010-09-01 | 1 | -2/+2 |
| | |||||
* | Let the user choose the IPsec CA instead of assuming. | jim-p | 2010-08-13 | 1 | -2/+27 |
| | |||||
* | Add a GUI selection for the proposal_check config option. Provide all the ↵ | jim-p | 2010-08-13 | 1 | -1/+18 |
| | | | | choices from racoon.conf(5) plus a "default" which will keep the old behavior. | ||||
* | Modify various (s)printf format strings to allow translations to change the ↵ | Erik Fonnesbeck | 2010-08-11 | 1 | -1/+1 |
| | | | | order of the inserted strings. | ||||
* | Fix gettext implementation on vpn_ipsec_phase1.php | Carlos Eduardo Ramos | 2010-07-30 | 1 | -1/+1 |
| | |||||
* | Implement gettext() calls on vpn_ipsec_phase1.php | Carlos Eduardo Ramos | 2010-07-27 | 1 | -68/+68 |
| | |||||
* | Remove Logs tab from OpenVPN, as it is no longer needed. | jim-p | 2010-06-01 | 1 | -1/+0 |
| | |||||
* | Add status/log icons to IPsec pages. | jim-p | 2010-06-01 | 1 | -0/+3 |
| | |||||
* | Only enforce peer ID and psk on p1 screen if we are NOT dealing with a ↵ | jim-p | 2010-05-06 | 1 | -21/+38 |
| | | | | pure-psk mobile tunnel (which is the behavior in 1.2.3). Hide irrelevant options. Part of ticket #108. | ||||
* | Reorder Auth. Method and PSK field to a more logical sequence. Part of ↵ | jim-p | 2010-05-06 | 1 | -32/+33 |
| | | | | ticket #108. | ||||
* | Move { and } to same line. | sullrich | 2009-12-02 | 1 | -6/+3 |
| | |||||
* | Rework includes/require. This saves about 4 megabytes. | Scott Ullrich | 2009-11-21 | 1 | -0/+2 |
| | | | | Simplify get_memory(). Tested on mips/i386 | ||||
* | add links to IPsec logs under IPsec status and other pages | Chris Buechler | 2009-11-07 | 1 | -0/+1 |
| | |||||
* | * Convert carp/vips code to behave the same as other interfaces. | Ermal Luçi | 2009-10-01 | 1 | -5/+3 |
| | | | | | | | | * Make optimizations around it. * Make sure when we reload teh underlying interface we reload carp too. * Some fixes around the code. Reviewed-by: scott@ and billm@ | ||||
* | Include functions.inc which will then include ipsec.inc | Scott Ullrich | 2009-08-23 | 1 | -1/+1 |
| | |||||
* | Unbreak ipsec. ipsec.inc is needed to set the various drop down box values ↵ | Scott Ullrich | 2009-08-23 | 1 | -1/+1 |
| | | | | such as 'IP Address, Encryption Algo, etc.. Someone needs a big pointy hat. | ||||
* | Fix interface list usage | Ermal Luçi | 2009-07-07 | 1 | -3/+0 |
| | | | | WARN: Please ask before introducing old code on what have changed! | ||||
* | Fix ipsec vpn phase1 post code so that we correctly try to delete the old ↵ | Seth Mos | 2009-07-06 | 1 | -3/+4 |
| | | | | static route if required. | ||||
* | * Reorganize the 'apply' button infrustructure in the GUI. | Ermal Luçi | 2009-06-30 | 1 | -1/+1 |
| | | | | | | - Present three new functions is/mark/clear_subsystem_dirty('name_of_subsystem'). This makes easier to create such things without needing to introduce new globals. - Convert all pages to the new infrustructure - This improves a lot the control on this notification | ||||
* | Move the IPsec pinghost option from phase1 to phase2. Correct some | mgrooms | 2009-03-15 | 1 | -11/+0 |
| | | | | bugs that were preventing the local address from being selected. | ||||
* | Migrate IPsec certificate management to centralized system. | mgrooms | 2009-03-12 | 1 | -52/+30 |
| | |||||
* | Cleanup ipsec interfaces a bit and make sure they are displayed in tabs for ↵ | mgrooms | 2009-03-12 | 1 | -296/+345 |
| | | | | consistency. | ||||
* | Add initial support for granular IPsec SPD changes. | Seth Mos | 2009-01-16 | 1 | -0/+16 |
| | |||||
* | Fix a few minor problems with the IPsec configuration interface. Make sure | Matthew Grooms | 2008-09-16 | 1 | -1/+4 |
| | | | | | | we don't copy the ikeid when duplicating a phase1 entry. Simplify the code that deletes all associated phase2 entries when a phase1 is deleted. I was and still am learning the finer points of php. | ||||
* | Add CSS header | Scott Ullrich | 2008-08-30 | 1 | -0/+3 |
| | |||||
* | Rework most of the OpenVPN support. The interfaces have been updated to | Matthew Grooms | 2008-08-26 | 1 | -11/+2 |
| | | | | | | | | | | not use the pkg system and the configuration has been migrated to an openvpn prefix. The centralized user and certificate manager is now used to support the openvpn configurations. Most of the files removed in this commit were not being referenced. This commit also splits out the certificate management components into a new system menu item. | ||||
* | Only read ipsec phase1 configuration values that are relvent for the | Matthew Grooms | 2008-08-24 | 1 | -4/+9 |
| | | | | | configured authentication method. This silences harmless php warnings. Reported by Scott Ullrich. | ||||
* | Rewrite the pfsense privilege system with the following goals in mind ... | Matthew Grooms | 2008-08-01 | 1 | -0/+8 |
| | | | | | | | | 1) Redefine page privileges to not use static urls 2) Accurate generation of privilege definitions from source 3) Merging the user and group privileges into a single set 4) Allow any privilege to be added to users or groups w/ inheritance 5) Cleaning up the related WebUI pages | ||||
* | Introduce a new and improved version of IPsec mobile client support. The | Matthew Grooms | 2008-07-13 | 1 | -92/+176 |
| | | | | | | | mobile client tab is now used to configure user authentication (Xauth) and client configuration (mode-cfg) options. User authentication is currently limited to system password file entries. This will be extended to support external RADIUS and LDAP account DBs in a follow up comiit. | ||||
* | Overhaul IPsec related code. Shared functions have been consolidated into | Matthew Grooms | 2008-07-11 | 1 | -0/+635 |
a new file named /etc/ipsec.inc. Tunnel definitions have been split into phase1 and phase2. This allows any number of phase2 definitions to be created for a single phase1 definition. Several facets of configuration have also been improved. The key size for variable length algorithms can now be selected and the phase1 ID options have been extended to allow for more flexible configuration. Several NAT-T related issues have also been resolved. Please note, IPsec remote access functionality has been temporarily disabled. An improved implementation will be included in a follow up commit. |