summaryrefslogtreecommitdiffstats
path: root/usr/local/www/vpn_ipsec_phase1.php
Commit message (Collapse)AuthorAgeFilesLines
* Limit the auth methods where "My Certificate Authority" is displayed/saved forMatt Smith2015-10-201-12/+7
| | | | mobile clients. Fixes #5323.
* Validate that the Mobile Client settings have a valid RADIUS server selectedMatt Smith2015-10-191-0/+11
| | | | | as the source for user authentication when EAP-RADIUS is selected as the phase 1 authentication method for mobile IPsec. Fixes #5219.
* Don't enforce the use of only IPv4 or IPv6 when using IKEv2 since it works ↵jim-p2015-10-071-1/+1
| | | | fine with IKEv2
* Fix up IKE auto modeChris Buechler2015-09-291-2/+2
|
* Bring this back, I'll fix issues afterwards. Revert "Remove "auto", it's ↵Chris Buechler2015-09-291-3/+3
| | | | | | just a synonym for IKEv2. Ticket #4873" This reverts commit 47f802694a1e1dfbbd011d7ec431c0948358b5c3.
* Add 'any' option for peer ID, for mobile IPsec scenarios where you can't or ↵Chris Buechler2015-07-251-4/+7
| | | | don't want to check peer ID.
* Remove "auto", it's just a synonym for IKEv2. Ticket #4873Chris Buechler2015-07-231-3/+3
|
* Contrary to some reports this is actually usable in some cases, just notChris Buechler2015-07-161-14/+8
| | | | | | mandatory. Revert "myid_data and peerid_data fields are not relevant with asn1dn." This reverts commit b8754cc85db7e92322f605bbb4b2f90bde90bb7f.
* myid_data and peerid_data fields are not relevant with asn1dn.Chris Buechler2015-07-161-8/+14
|
* Encode ca/cert descr in vpn_ipsec_phase1.phpjim-p2015-07-011-2/+2
|
* Add support for EAP-RADIUS to IKEv2 Mobile Clients (Rel. 2.2)Ingo Bauersachs2015-04-151-0/+5
|
* Add GUI control for MOBIKE. Hide it when IKEv1 selected. Enable toggling of ↵Chris Buechler2015-02-181-4/+27
| | | | NAT-T field display so it's on for IKEv1, off for IKEv2. Do same for reauth while here. Ticket #3979
* fix responder-only IPsec textChris Buechler2015-02-031-2/+2
|
* Add input validation to prevent the use of AES > 128 where glxsb is enabled. ↵Chris Buechler2015-01-311-0/+7
| | | | Ticket #4361
* Fixes #4360 allow marking a connection as responder only, the same behviour ↵Ermal LUÇI2015-01-311-0/+14
| | | | as mobile connections
* Add missing require for filter.inc since vpn_ipsec_configure() calls ↵Renato Botelho2015-01-191-0/+1
| | | | filter_configure(). It should fix #4236
* Add EAP-MSChapv2 implementation for Windows ipsec support as reported here ↵Ermal LUÇI2015-01-151-0/+5
| | | | https://forum.pfsense.org/index.php?topic=81657.15
* Actually remove rekey/reauth from config to avoid strange issues. Ticket #4208Ermal LUÇI2015-01-131-0/+4
|
* Default IPsec to AESChris Buechler2015-01-091-1/+1
|
* Default IPsec to main mode, unless mobile client.Chris Buechler2015-01-091-2/+4
|
* Fix lineup of copyright linesPhil Davis2015-01-011-1/+1
| | | | | and module names and other bits of formatting and typos in header comment sections.
* Welcome 2015Renato Botelho2014-12-311-1/+1
|
* Unset the aggressive mode settings for not IKEv1 settingsErmal LUÇI2014-11-251-1/+4
|
* fix up textChris Buechler2014-11-241-1/+1
|
* Fixes #4015. Hide Negotiation mode when in IKEv2 since it is not required.Ermal LUÇI2014-11-241-2/+12
|
* Ticket #3987. Strongswan support autodetection of IKE version exchange. ↵Ermal2014-11-191-3/+3
| | | | Support this by allowing an auto version in the GUI.
* Change copyright statement to reflect realityJim Thompson2014-11-101-0/+1
|
* strongswan only has two options for NAT-T, force or auto.Chris Buechler2014-11-041-1/+0
|
* Restore 3 values back on NAT-T settings Just Enable now its Auto as per ↵Ermal2014-11-041-2/+3
| | | | strongswan default. and off disabled mobike. Ticket #3979
* Rename the options to actually make sense with strongswanErmal2014-11-041-2/+2
|
* Remove Force options since it has not meaning for now.Ermal2014-11-041-4/+3
|
* Correct dispaly of checkboxes for ipsecErmal2014-11-021-2/+2
|
* Fix PSK for non-ascii also here, ticket #3917Renato Botelho2014-10-141-0/+6
|
* Correct speeling as reported by: Phil Davis via githubErmal2014-09-161-1/+1
|
* Inverse the sense of the toggles to avoid configuration upgradesErmal2014-09-121-6/+4
|
* Provide Advanced Options for controlling rekey and reauth, might be usable ↵Ermal2014-09-121-0/+26
| | | | with iOS devices
* Provide a first implementation of EAP-TLS authentication with IKEv2. It is a ↵Ermal2014-09-121-72/+93
| | | | start and might not work on all cases
* Tidy up "vpn_ipsec_phase1.php" XHTMLColin Fleming2014-05-091-43/+43
| | | | | | | Add CDATA sections to SCRIPTS Add SUMMARY to TABLES Update HTML Boolean operators Close INPUT tags
* Oops unbreak thisErmal2014-05-091-2/+2
|
* Remove Proposal check as a racoon thingyErmal2014-05-091-18/+0
|
* Remove generate policy option since its not relevant with strongswanErmal2014-05-091-18/+0
|
* Use better looking description and remove base type from negotiation. This ↵Ermal2014-05-091-1/+1
| | | | is only IKEv1 parameter. JS will be added later
* Allow to select IKE version to be used.Ermal2014-05-091-0/+21
|
* Check the right field hereRenato Botelho2014-04-291-1/+1
|
* Move the IPsec settings from System > Advanced, Misc tab to "Advanced ↵jim-p2014-04-251-0/+1
| | | | Settings" tab under VPN > IPsec.
* replaced uppercase html tags with lowercaseayvis2014-03-191-1/+1
| | | | js files saved as UTF-8 / LF language="JavaScript" deprecated, replaced with type="text/javascript"
* xhtml Complianceayvis2014-03-141-23/+23
| | | replaced <br>, <br/> and </br> with <br />
* Improve checks for params 'id', 'dup' and other similar ones to make sure ↵Renato Botelho2014-03-121-7/+7
| | | | they are numeric integer, also, pass them through htmlspecialchars() before print
* First swing at converting from racoon to StrongSWAN.Ermal2014-02-061-11/+0
| | | | | | | | | | | | | | | | | | | | | | It allows to use existing configurations on xml to generate StrongSWAN configurations. So its only IKEv1 * Missing support for dynamic ips(hostnames) - resolver plugin of StrongSWAN needs to be configured in strongswan.conf * Authentication plugin with pfSense authentication framework - New plugin almost completed * More testing hence this being pushed now to have more broader look TODO * Integrate IKEv2 * Move dynamic IP allocation to an SQLite backend * Provide more options in authenticating as a client(initiator) * Restrict interfaces where StrongSWAN listens for incoming connections to only those configured FUTUTE * Move all configuration to SQLite backend * Integrate more authentication scenarios of IKEv2
* Remove call-time pass by reference for do_input_validation, helps ticket #2565Renato Botelho2013-09-121-1/+1
|
OpenPOWER on IntegriCloud