Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Contrary to some reports this is actually usable in some cases, just not | Chris Buechler | 2015-07-16 | 1 | -14/+8 |
| | | | | | | mandatory. Revert "myid_data and peerid_data fields are not relevant with asn1dn." This reverts commit b8754cc85db7e92322f605bbb4b2f90bde90bb7f. | ||||
* | myid_data and peerid_data fields are not relevant with asn1dn. | Chris Buechler | 2015-07-16 | 1 | -8/+14 |
| | |||||
* | Encode ca/cert descr in vpn_ipsec_phase1.php | jim-p | 2015-07-01 | 1 | -2/+2 |
| | |||||
* | Add support for EAP-RADIUS to IKEv2 Mobile Clients (Rel. 2.2) | Ingo Bauersachs | 2015-04-15 | 1 | -0/+5 |
| | |||||
* | Add GUI control for MOBIKE. Hide it when IKEv1 selected. Enable toggling of ↵ | Chris Buechler | 2015-02-18 | 1 | -4/+27 |
| | | | | NAT-T field display so it's on for IKEv1, off for IKEv2. Do same for reauth while here. Ticket #3979 | ||||
* | fix responder-only IPsec text | Chris Buechler | 2015-02-03 | 1 | -2/+2 |
| | |||||
* | Add input validation to prevent the use of AES > 128 where glxsb is enabled. ↵ | Chris Buechler | 2015-01-31 | 1 | -0/+7 |
| | | | | Ticket #4361 | ||||
* | Fixes #4360 allow marking a connection as responder only, the same behviour ↵ | Ermal LUÇI | 2015-01-31 | 1 | -0/+14 |
| | | | | as mobile connections | ||||
* | Add missing require for filter.inc since vpn_ipsec_configure() calls ↵ | Renato Botelho | 2015-01-19 | 1 | -0/+1 |
| | | | | filter_configure(). It should fix #4236 | ||||
* | Add EAP-MSChapv2 implementation for Windows ipsec support as reported here ↵ | Ermal LUÇI | 2015-01-15 | 1 | -0/+5 |
| | | | | https://forum.pfsense.org/index.php?topic=81657.15 | ||||
* | Actually remove rekey/reauth from config to avoid strange issues. Ticket #4208 | Ermal LUÇI | 2015-01-13 | 1 | -0/+4 |
| | |||||
* | Default IPsec to AES | Chris Buechler | 2015-01-09 | 1 | -1/+1 |
| | |||||
* | Default IPsec to main mode, unless mobile client. | Chris Buechler | 2015-01-09 | 1 | -2/+4 |
| | |||||
* | Fix lineup of copyright lines | Phil Davis | 2015-01-01 | 1 | -1/+1 |
| | | | | | and module names and other bits of formatting and typos in header comment sections. | ||||
* | Welcome 2015 | Renato Botelho | 2014-12-31 | 1 | -1/+1 |
| | |||||
* | Unset the aggressive mode settings for not IKEv1 settings | Ermal LUÇI | 2014-11-25 | 1 | -1/+4 |
| | |||||
* | fix up text | Chris Buechler | 2014-11-24 | 1 | -1/+1 |
| | |||||
* | Fixes #4015. Hide Negotiation mode when in IKEv2 since it is not required. | Ermal LUÇI | 2014-11-24 | 1 | -2/+12 |
| | |||||
* | Ticket #3987. Strongswan support autodetection of IKE version exchange. ↵ | Ermal | 2014-11-19 | 1 | -3/+3 |
| | | | | Support this by allowing an auto version in the GUI. | ||||
* | Change copyright statement to reflect reality | Jim Thompson | 2014-11-10 | 1 | -0/+1 |
| | |||||
* | strongswan only has two options for NAT-T, force or auto. | Chris Buechler | 2014-11-04 | 1 | -1/+0 |
| | |||||
* | Restore 3 values back on NAT-T settings Just Enable now its Auto as per ↵ | Ermal | 2014-11-04 | 1 | -2/+3 |
| | | | | strongswan default. and off disabled mobike. Ticket #3979 | ||||
* | Rename the options to actually make sense with strongswan | Ermal | 2014-11-04 | 1 | -2/+2 |
| | |||||
* | Remove Force options since it has not meaning for now. | Ermal | 2014-11-04 | 1 | -4/+3 |
| | |||||
* | Correct dispaly of checkboxes for ipsec | Ermal | 2014-11-02 | 1 | -2/+2 |
| | |||||
* | Fix PSK for non-ascii also here, ticket #3917 | Renato Botelho | 2014-10-14 | 1 | -0/+6 |
| | |||||
* | Correct speeling as reported by: Phil Davis via github | Ermal | 2014-09-16 | 1 | -1/+1 |
| | |||||
* | Inverse the sense of the toggles to avoid configuration upgrades | Ermal | 2014-09-12 | 1 | -6/+4 |
| | |||||
* | Provide Advanced Options for controlling rekey and reauth, might be usable ↵ | Ermal | 2014-09-12 | 1 | -0/+26 |
| | | | | with iOS devices | ||||
* | Provide a first implementation of EAP-TLS authentication with IKEv2. It is a ↵ | Ermal | 2014-09-12 | 1 | -72/+93 |
| | | | | start and might not work on all cases | ||||
* | Tidy up "vpn_ipsec_phase1.php" XHTML | Colin Fleming | 2014-05-09 | 1 | -43/+43 |
| | | | | | | | Add CDATA sections to SCRIPTS Add SUMMARY to TABLES Update HTML Boolean operators Close INPUT tags | ||||
* | Oops unbreak this | Ermal | 2014-05-09 | 1 | -2/+2 |
| | |||||
* | Remove Proposal check as a racoon thingy | Ermal | 2014-05-09 | 1 | -18/+0 |
| | |||||
* | Remove generate policy option since its not relevant with strongswan | Ermal | 2014-05-09 | 1 | -18/+0 |
| | |||||
* | Use better looking description and remove base type from negotiation. This ↵ | Ermal | 2014-05-09 | 1 | -1/+1 |
| | | | | is only IKEv1 parameter. JS will be added later | ||||
* | Allow to select IKE version to be used. | Ermal | 2014-05-09 | 1 | -0/+21 |
| | |||||
* | Check the right field here | Renato Botelho | 2014-04-29 | 1 | -1/+1 |
| | |||||
* | Move the IPsec settings from System > Advanced, Misc tab to "Advanced ↵ | jim-p | 2014-04-25 | 1 | -0/+1 |
| | | | | Settings" tab under VPN > IPsec. | ||||
* | replaced uppercase html tags with lowercase | ayvis | 2014-03-19 | 1 | -1/+1 |
| | | | | js files saved as UTF-8 / LF language="JavaScript" deprecated, replaced with type="text/javascript" | ||||
* | xhtml Compliance | ayvis | 2014-03-14 | 1 | -23/+23 |
| | | | replaced <br>, <br/> and </br> with <br /> | ||||
* | Improve checks for params 'id', 'dup' and other similar ones to make sure ↵ | Renato Botelho | 2014-03-12 | 1 | -7/+7 |
| | | | | they are numeric integer, also, pass them through htmlspecialchars() before print | ||||
* | First swing at converting from racoon to StrongSWAN. | Ermal | 2014-02-06 | 1 | -11/+0 |
| | | | | | | | | | | | | | | | | | | | | | | It allows to use existing configurations on xml to generate StrongSWAN configurations. So its only IKEv1 * Missing support for dynamic ips(hostnames) - resolver plugin of StrongSWAN needs to be configured in strongswan.conf * Authentication plugin with pfSense authentication framework - New plugin almost completed * More testing hence this being pushed now to have more broader look TODO * Integrate IKEv2 * Move dynamic IP allocation to an SQLite backend * Provide more options in authenticating as a client(initiator) * Restrict interfaces where StrongSWAN listens for incoming connections to only those configured FUTUTE * Move all configuration to SQLite backend * Integrate more authentication scenarios of IKEv2 | ||||
* | Remove call-time pass by reference for do_input_validation, helps ticket #2565 | Renato Botelho | 2013-09-12 | 1 | -1/+1 |
| | |||||
* | Make IPv4/IPv6 validation on IPSec | Renato Botelho | 2013-01-24 | 1 | -2/+23 |
| | | | | It should fix #2769 | ||||
* | Fix indent and blanks at EOL | Renato Botelho | 2013-01-24 | 1 | -30/+30 |
| | |||||
* | Update usr/local/www/vpn_ipsec_phase1.php | Ermal Luçi | 2012-11-16 | 1 | -1/+1 |
| | | | Correct missing $ | ||||
* | Standardize hypenation and capitalization of Pre-Shared Key | jim-p | 2012-10-26 | 1 | -2/+2 |
| | |||||
* | Activate new shortcuts/status in the rest of the areas that are currently setup. | jim-p | 2012-08-10 | 1 | -2/+1 |
| | |||||
* | Activate "base" exchange mode also supported by racoon. | jim-p | 2012-08-08 | 1 | -1/+1 |
| | |||||
* | Activate more Hash, DH, and PFS options that are available in racoon now. ↵ | jim-p | 2012-08-02 | 1 | -4/+2 |
| | | | | Note that SHA256-512 are RFC4868 compliant in FreeBSD, may break with other incompatible stacks. |