Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Improve checks for params 'id', 'dup' and other similar ones to make sure ↵ | Renato Botelho | 2014-03-12 | 1 | -5/+6 |
| | | | | they are numeric integer, also, pass them through htmlspecialchars() before print | ||||
* | First swing at converting from racoon to StrongSWAN. | Ermal | 2014-02-06 | 1 | -1/+0 |
| | | | | | | | | | | | | | | | | | | | | | | It allows to use existing configurations on xml to generate StrongSWAN configurations. So its only IKEv1 * Missing support for dynamic ips(hostnames) - resolver plugin of StrongSWAN needs to be configured in strongswan.conf * Authentication plugin with pfSense authentication framework - New plugin almost completed * More testing hence this being pushed now to have more broader look TODO * Integrate IKEv2 * Move dynamic IP allocation to an SQLite backend * Provide more options in authenticating as a client(initiator) * Restrict interfaces where StrongSWAN listens for incoming connections to only those configured FUTUTE * Move all configuration to SQLite backend * Integrate more authentication scenarios of IKEv2 | ||||
* | Remove call-time pass by reference for do_input_validation, helps ticket #2565 | Renato Botelho | 2013-09-12 | 1 | -1/+1 |
| | |||||
* | touch up text, s/nat/NAT/ | Chris Buechler | 2013-09-03 | 1 | -4/+4 |
| | |||||
* | Remove invallid option 'none' for IPSec Phase 2. Fixes #2816 | Renato Botelho | 2013-02-15 | 1 | -1/+0 |
| | |||||
* | Properly generate all address data based on configuration selected | Ermal | 2013-02-11 | 1 | -6/+6 |
| | |||||
* | Make IPv4/IPv6 validation on IPSec | Renato Botelho | 2013-01-24 | 1 | -0/+20 |
| | | | | It should fix #2769 | ||||
* | Don't allow transport mode to be selected for mobile clients. Fixes #2713 | jim-p | 2012-12-07 | 1 | -0/+2 |
| | |||||
* | Commit a revised version of ↵ | Ermal | 2012-11-19 | 1 | -1/+1 |
| | | | | https://github.com/bsdperimeter/pfsense/pull/264.diff | ||||
* | Standardize hypenation and capitalization of Pre-Shared Key | jim-p | 2012-10-26 | 1 | -1/+1 |
| | |||||
* | Throw an error when invalid configuration is posted(address->network). | Ermal | 2012-10-23 | 1 | -0/+2 |
| | |||||
* | Check against _address since that is the field inputed _type is always there. | Ermal | 2012-10-05 | 1 | -2/+2 |
| | |||||
* | Properly set address type selection | Ermal | 2012-10-05 | 1 | -2/+2 |
| | |||||
* | Do not make natlocalid required | Ermal | 2012-10-05 | 1 | -16/+19 |
| | |||||
* | This field isn't required, so only check it if there is a value | jim-p | 2012-10-05 | 1 | -1/+1 |
| | |||||
* | Add a NAT entry for configuring NAT on ipsec phase2. It will add nat rules ↵ | Ermal | 2012-10-04 | 1 | -0/+99 |
| | | | | on enc interface | ||||
* | Activate new shortcuts/status in the rest of the areas that are currently setup. | jim-p | 2012-08-10 | 1 | -2/+1 |
| | |||||
* | Activate more Hash, DH, and PFS options that are available in racoon now. ↵ | jim-p | 2012-08-02 | 1 | -6/+0 |
| | | | | Note that SHA256-512 are RFC4868 compliant in FreeBSD, may break with other incompatible stacks. | ||||
* | Ticket #2455: do not check encryption algo for AH protocol | Pierre POMES | 2012-05-26 | 1 | -12/+17 |
| | |||||
* | restore default dropdown values of 24/64 bits | Darren Embry | 2012-04-05 | 1 | -0/+38 |
| | | | | | now that feature #2320 behavor is a bit different regarding change of existing set value when switching between ipv4 and ipv6 | ||||
* | add feature #2320 to vpn_ipsec_phase2.php. | Darren Embry | 2012-04-05 | 1 | -32/+7 |
| | | | | | | | note: had to disable existing behavior that modified the value of the behavior. existing behavior that disables/enables the dropdowns is still active. | ||||
* | Reject an interface without a subnet as a network source in the IPsec Phase ↵ | jim-p | 2012-02-14 | 1 | -0/+10 |
| | | | | 2 GUI. Fixes ticket #2201 | ||||
* | Merge remote branch 'upstream/master' | jim-p | 2011-06-03 | 1 | -49/+38 |
|\ | | | | | | | | | Conflicts: etc/inc/openvpn.inc | ||||
| * | Bug #1560.IPsec GUI needs to reject duplicate subnets in phase 2s for a ↵ | Evgeny Yurchenko | 2011-06-02 | 1 | -7/+21 |
| | | | | | | | | given phase 1 (fixing p2 edit) | ||||
| * | Bug #1560.IPsec GUI needs to reject duplicate subnets in phase 2s for a ↵ | Evgeny Yurchenko | 2011-06-01 | 1 | -49/+24 |
| | | | | | | | | given phase 1 (improvement of previous patch) | ||||
* | | Merge remote branch 'upstream/master' | jim-p | 2011-06-01 | 1 | -2/+68 |
|\ \ | |/ | | | | | | | | | | | | | | | | | Conflicts: conf.default/config.xml etc/inc/filter.inc etc/inc/globals.inc etc/inc/pfsense-utils.inc etc/inc/upgrade_config.inc usr/local/www/interfaces.php | ||||
| * | Bug #1560. IPsec GUI needs to reject duplicate subnets in phase 2s for a ↵ | Evgeny Yurchenko | 2011-05-31 | 1 | -2/+41 |
| | | | | | | | | given phase 1(site-to-site). | ||||
| * | Bug #1560. IPsec GUI needs to reject duplicate subnets in phase 2s for a ↵ | Evgeny Yurchenko | 2011-05-31 | 1 | -1/+28 |
| | | | | | | | | given phase 1(mobile clients). | ||||
* | | enlarge various address fields for IPv6 addresses | Seth Mos | 2011-03-17 | 1 | -3/+3 |
| | | |||||
* | | Add the ability to differentiate between v4 and v6 tunnels. Bill says he can ↵ | Seth Mos | 2011-03-11 | 1 | -9/+21 |
|/ | | | | test | ||||
* | Make sure to resolve the gateway name before passing it off to the IPsec ↵ | smos | 2011-02-24 | 1 | -1/+2 |
| | | | | reload function | ||||
* | Add other interfaces to local network selection and show proper names. Fixes ↵ | Erik Fonnesbeck | 2010-11-22 | 1 | -1/+6 |
| | | | | #965 | ||||
* | Fix XSS issues | Scott Ullrich | 2010-11-12 | 1 | -10/+10 |
| | |||||
* | Do not include 'remoteid' javascript functions for mobile ipsec. Ticket #797 | pierrepomes | 2010-10-17 | 1 | -9/+7 |
| | |||||
* | Corrections gettext() calls on vpn_ipsec_phase2.php | Rafael Lucas | 2010-07-30 | 1 | -1/+1 |
| | |||||
* | Implement gettext() calls on vpn_ipsec_phase2.php | Carlos Eduardo Ramos | 2010-07-27 | 1 | -52/+52 |
| | |||||
* | Remove Logs tab from OpenVPN, as it is no longer needed. | jim-p | 2010-06-01 | 1 | -1/+0 |
| | |||||
* | Add status/log icons to IPsec pages. | jim-p | 2010-06-01 | 1 | -0/+3 |
| | |||||
* | Add PSK tab to all IPsec pages, it was missing from some. | jim-p | 2010-05-13 | 1 | -1/+2 |
| | |||||
* | Ticket #430. Give a none option to allow for roadwarriors configs. | Ermal Luçi | 2010-03-16 | 1 | -0/+5 |
| | |||||
* | When editing a P2: reset netmask to 24 only when it is not specified, in ↵ | pierrepomes | 2010-02-23 | 1 | -2/+2 |
| | | | | case of a new P2. Ticket #352 | ||||
* | Ticket #352. Allow 0 mask in remote network bits. | Ermal Luçi | 2010-02-12 | 1 | -7/+8 |
| | |||||
* | fix text | Chris Buechler | 2010-02-11 | 1 | -2/+2 |
| | |||||
* | Rework includes/require. This saves about 4 megabytes. | Scott Ullrich | 2009-11-21 | 1 | -0/+2 |
| | | | | Simplify get_memory(). Tested on mips/i386 | ||||
* | add links to IPsec logs under IPsec status and other pages | Chris Buechler | 2009-11-07 | 1 | -0/+1 |
| | |||||
* | Include functions.inc which will then include ipsec.inc | Scott Ullrich | 2009-08-23 | 1 | -1/+1 |
| | |||||
* | Fix interface list usage | Ermal Luçi | 2009-07-07 | 1 | -3/+0 |
| | | | | WARN: Please ask before introducing old code on what have changed! | ||||
* | * Reorganize the 'apply' button infrustructure in the GUI. | Ermal Luçi | 2009-06-30 | 1 | -1/+1 |
| | | | | | | - Present three new functions is/mark/clear_subsystem_dirty('name_of_subsystem'). This makes easier to create such things without needing to introduce new globals. - Convert all pages to the new infrustructure - This improves a lot the control on this notification | ||||
* | Modify IPsec code to allow for transport mode. All existing configurations are | mgrooms | 2009-03-15 | 1 | -26/+59 |
| | | | | | marked as tunnel for backwards compatibility. There are problems with the spd read code which Will likely choke on transport entries. We can fix this later. | ||||
* | Move the IPsec pinghost option from phase1 to phase2. Correct some | mgrooms | 2009-03-15 | 1 | -2/+26 |
| | | | | bugs that were preventing the local address from being selected. |