Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add input validation to prevent the use of AES > 128 where glxsb is enabled. ↵ | Chris Buechler | 2015-01-31 | 1 | -3/+9 |
| | | | | Ticket #4361 | ||||
* | Do not reuse reqid on copy of phase2 Fixes #4349 | Ermal LUÇI | 2015-01-30 | 1 | -0/+1 |
| | |||||
* | To avoid issues with clashing SAIDs go back to specifying the reqid in ↵ | Ermal LUÇI | 2015-01-13 | 1 | -0/+8 |
| | | | | | | | | | strongswan config. To be able to manage this first upgrade the config to assign each phase2 an reqid Second use that during config generation Ticket #4208 | ||||
* | Default to only AES and SHA1 for new P2s. | Chris Buechler | 2015-01-09 | 1 | -2/+2 |
| | |||||
* | split is deprecated move to explode | Ermal LUÇI | 2015-01-07 | 1 | -2/+2 |
| | |||||
* | Fix lineup of copyright lines | Phil Davis | 2015-01-01 | 1 | -1/+1 |
| | | | | | and module names and other bits of formatting and typos in header comment sections. | ||||
* | Welcome 2015 | Renato Botelho | 2014-12-31 | 1 | -1/+1 |
| | |||||
* | Change copyright statement to reflect reality | Jim Thompson | 2014-11-10 | 1 | -1/+2 |
| | |||||
* | remove unnecessary is_array check, thanks Renato | Chris Buechler | 2014-11-06 | 1 | -37/+35 |
| | |||||
* | Don't allow P2 local+remote network combinations that overlap with | Chris Buechler | 2014-11-06 | 1 | -0/+44 |
| | | | | interface+remote-gateway of the P1. Fixes #3812 | ||||
* | Add missing s to solve the issue reported on ↵ | Ermal | 2014-08-20 | 1 | -1/+1 |
| | | | | https://forum.pfsense.org/index.php?topic=80722.new#new | ||||
* | Allow HASH algorithms to be empty for phase2 in case the encryption one is ↵ | Ermal | 2014-08-18 | 1 | -3/+16 |
| | | | | AES-GCM | ||||
* | Use a uniqid() to track phase2 entries to avoid confustion and various ↵ | Ermal | 2014-08-01 | 1 | -73/+60 |
| | | | | mistakes when modifying and editing them. | ||||
* | This is not true any longer (and required for L2TP+IPsec) | jim-p | 2014-05-20 | 1 | -2/+0 |
| | |||||
* | Tidy up "vpn_ipsec_phase2.php" XHTML | Colin Fleming | 2014-05-08 | 1 | -52/+51 |
| | | | | | | | | Move script after the FBEGIN.INC include Add CDATA sections to SCRIPTS Add SUMMARY to TABLES Close INPUT tags Update HTML Boolean operators | ||||
* | Check the right field here | Renato Botelho | 2014-04-29 | 1 | -1/+1 |
| | |||||
* | Move the IPsec settings from System > Advanced, Misc tab to "Advanced ↵ | jim-p | 2014-04-25 | 1 | -0/+1 |
| | | | | Settings" tab under VPN > IPsec. | ||||
* | replaced uppercase html tags with lowercase | ayvis | 2014-03-19 | 1 | -1/+1 |
| | | | | js files saved as UTF-8 / LF language="JavaScript" deprecated, replaced with type="text/javascript" | ||||
* | xhtml Compliance | ayvis | 2014-03-14 | 1 | -8/+8 |
| | | | replaced <br>, <br/> and </br> with <br /> | ||||
* | Improve checks for params 'id', 'dup' and other similar ones to make sure ↵ | Renato Botelho | 2014-03-12 | 1 | -5/+6 |
| | | | | they are numeric integer, also, pass them through htmlspecialchars() before print | ||||
* | First swing at converting from racoon to StrongSWAN. | Ermal | 2014-02-06 | 1 | -1/+0 |
| | | | | | | | | | | | | | | | | | | | | | | It allows to use existing configurations on xml to generate StrongSWAN configurations. So its only IKEv1 * Missing support for dynamic ips(hostnames) - resolver plugin of StrongSWAN needs to be configured in strongswan.conf * Authentication plugin with pfSense authentication framework - New plugin almost completed * More testing hence this being pushed now to have more broader look TODO * Integrate IKEv2 * Move dynamic IP allocation to an SQLite backend * Provide more options in authenticating as a client(initiator) * Restrict interfaces where StrongSWAN listens for incoming connections to only those configured FUTUTE * Move all configuration to SQLite backend * Integrate more authentication scenarios of IKEv2 | ||||
* | Remove call-time pass by reference for do_input_validation, helps ticket #2565 | Renato Botelho | 2013-09-12 | 1 | -1/+1 |
| | |||||
* | touch up text, s/nat/NAT/ | Chris Buechler | 2013-09-03 | 1 | -4/+4 |
| | |||||
* | Remove invallid option 'none' for IPSec Phase 2. Fixes #2816 | Renato Botelho | 2013-02-15 | 1 | -1/+0 |
| | |||||
* | Properly generate all address data based on configuration selected | Ermal | 2013-02-11 | 1 | -6/+6 |
| | |||||
* | Make IPv4/IPv6 validation on IPSec | Renato Botelho | 2013-01-24 | 1 | -0/+20 |
| | | | | It should fix #2769 | ||||
* | Don't allow transport mode to be selected for mobile clients. Fixes #2713 | jim-p | 2012-12-07 | 1 | -0/+2 |
| | |||||
* | Commit a revised version of ↵ | Ermal | 2012-11-19 | 1 | -1/+1 |
| | | | | https://github.com/bsdperimeter/pfsense/pull/264.diff | ||||
* | Standardize hypenation and capitalization of Pre-Shared Key | jim-p | 2012-10-26 | 1 | -1/+1 |
| | |||||
* | Throw an error when invalid configuration is posted(address->network). | Ermal | 2012-10-23 | 1 | -0/+2 |
| | |||||
* | Check against _address since that is the field inputed _type is always there. | Ermal | 2012-10-05 | 1 | -2/+2 |
| | |||||
* | Properly set address type selection | Ermal | 2012-10-05 | 1 | -2/+2 |
| | |||||
* | Do not make natlocalid required | Ermal | 2012-10-05 | 1 | -16/+19 |
| | |||||
* | This field isn't required, so only check it if there is a value | jim-p | 2012-10-05 | 1 | -1/+1 |
| | |||||
* | Add a NAT entry for configuring NAT on ipsec phase2. It will add nat rules ↵ | Ermal | 2012-10-04 | 1 | -0/+99 |
| | | | | on enc interface | ||||
* | Activate new shortcuts/status in the rest of the areas that are currently setup. | jim-p | 2012-08-10 | 1 | -2/+1 |
| | |||||
* | Activate more Hash, DH, and PFS options that are available in racoon now. ↵ | jim-p | 2012-08-02 | 1 | -6/+0 |
| | | | | Note that SHA256-512 are RFC4868 compliant in FreeBSD, may break with other incompatible stacks. | ||||
* | Ticket #2455: do not check encryption algo for AH protocol | Pierre POMES | 2012-05-26 | 1 | -12/+17 |
| | |||||
* | restore default dropdown values of 24/64 bits | Darren Embry | 2012-04-05 | 1 | -0/+38 |
| | | | | | now that feature #2320 behavor is a bit different regarding change of existing set value when switching between ipv4 and ipv6 | ||||
* | add feature #2320 to vpn_ipsec_phase2.php. | Darren Embry | 2012-04-05 | 1 | -32/+7 |
| | | | | | | | note: had to disable existing behavior that modified the value of the behavior. existing behavior that disables/enables the dropdowns is still active. | ||||
* | Reject an interface without a subnet as a network source in the IPsec Phase ↵ | jim-p | 2012-02-14 | 1 | -0/+10 |
| | | | | 2 GUI. Fixes ticket #2201 | ||||
* | Merge remote branch 'upstream/master' | jim-p | 2011-06-03 | 1 | -49/+38 |
|\ | | | | | | | | | Conflicts: etc/inc/openvpn.inc | ||||
| * | Bug #1560.IPsec GUI needs to reject duplicate subnets in phase 2s for a ↵ | Evgeny Yurchenko | 2011-06-02 | 1 | -7/+21 |
| | | | | | | | | given phase 1 (fixing p2 edit) | ||||
| * | Bug #1560.IPsec GUI needs to reject duplicate subnets in phase 2s for a ↵ | Evgeny Yurchenko | 2011-06-01 | 1 | -49/+24 |
| | | | | | | | | given phase 1 (improvement of previous patch) | ||||
* | | Merge remote branch 'upstream/master' | jim-p | 2011-06-01 | 1 | -2/+68 |
|\ \ | |/ | | | | | | | | | | | | | | | | | Conflicts: conf.default/config.xml etc/inc/filter.inc etc/inc/globals.inc etc/inc/pfsense-utils.inc etc/inc/upgrade_config.inc usr/local/www/interfaces.php | ||||
| * | Bug #1560. IPsec GUI needs to reject duplicate subnets in phase 2s for a ↵ | Evgeny Yurchenko | 2011-05-31 | 1 | -2/+41 |
| | | | | | | | | given phase 1(site-to-site). | ||||
| * | Bug #1560. IPsec GUI needs to reject duplicate subnets in phase 2s for a ↵ | Evgeny Yurchenko | 2011-05-31 | 1 | -1/+28 |
| | | | | | | | | given phase 1(mobile clients). | ||||
* | | enlarge various address fields for IPv6 addresses | Seth Mos | 2011-03-17 | 1 | -3/+3 |
| | | |||||
* | | Add the ability to differentiate between v4 and v6 tunnels. Bill says he can ↵ | Seth Mos | 2011-03-11 | 1 | -9/+21 |
|/ | | | | test | ||||
* | Make sure to resolve the gateway name before passing it off to the IPsec ↵ | smos | 2011-02-24 | 1 | -1/+2 |
| | | | | reload function |