From 2e88102db07966b24dabb559e300ba88ed849da3 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Wed, 1 Jun 2011 17:39:27 -0400
Subject: Disable this until it can be properly fixed.

---
 etc/inc/system.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'etc')

diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index 72b2e0d..7e105ab 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -1256,7 +1256,7 @@ function system_reboot_cleanup() {
 	captiveportal_radius_stop_all();
 	require_once("voucher.inc");
 	voucher_save_db_to_config();
-	mwexec("/etc/rc.stop_packages");
+	// mwexec("/etc/rc.stop_packages");
 }
 
 function system_do_shell_commands($early = 0) {
-- 
cgit v1.1


From f451ea09a29a7ba21bd67bdfbc8c66f89245f0a9 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Thu, 2 Jun 2011 12:47:53 -0400
Subject: Show how much data has passed on an SAD entry.

---
 etc/inc/ipsec.inc | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'etc')

diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc
index e15a14c..7371702 100644
--- a/etc/inc/ipsec.inc
+++ b/etc/inc/ipsec.inc
@@ -449,6 +449,10 @@ function ipsec_dump_sad()
 					case 3:
 						$cursa['aalgo'] = $linea[1];
 						break;
+					case 8:
+						$sadata = explode("(", $linea[1]);
+						$cursa['data'] = $sadata[0] . " B";
+						break;
 				}
 			}
 			$i++;
-- 
cgit v1.1


From 8c0199ea8bcf4cebb4218c28da7f0039d1ff07d6 Mon Sep 17 00:00:00 2001
From: lgcosta <lgcosta@pfsense.org>
Date: Fri, 3 Jun 2011 04:14:13 -0300
Subject: Better management for reload lighttpd

---
 etc/rc.restart_webgui | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'etc')

diff --git a/etc/rc.restart_webgui b/etc/rc.restart_webgui
index 463f934..d1fbc21 100755
--- a/etc/rc.restart_webgui
+++ b/etc/rc.restart_webgui
@@ -8,10 +8,15 @@ require("shaper.inc");
 require("captiveportal.inc");
 require("rrd.inc");
 
-mwexec("killall -9 lighttpd");
-
 echo "Restarting webConfigurator...";
 
+mwexec("killall -INT lighttpd");
+
+while (exec("ps ax | grep lighttpd | grep -v grep")) {
+        echo '.';
+        sleep(1);
+}
+
 system_webgui_start();
 
 captiveportal_init_webgui();
-- 
cgit v1.1


From 327d958a5db136c51e28992201bf4100980869de Mon Sep 17 00:00:00 2001
From: lgcosta <lgcosta@pfsense.org>
Date: Fri, 3 Jun 2011 04:25:46 -0300
Subject: fixed for use pfsense API

---
 etc/rc.restart_webgui | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'etc')

diff --git a/etc/rc.restart_webgui b/etc/rc.restart_webgui
index d1fbc21..e74f201 100755
--- a/etc/rc.restart_webgui
+++ b/etc/rc.restart_webgui
@@ -10,9 +10,9 @@ require("rrd.inc");
 
 echo "Restarting webConfigurator...";
 
-mwexec("killall -INT lighttpd");
+sigkillbyname("lighttpd", "INT");
 
-while (exec("ps ax | grep lighttpd | grep -v grep")) {
+while (is_process_running("lighttpd")) {
         echo '.';
         sleep(1);
 }
-- 
cgit v1.1


From 5dc6c9102cdc2f9fc464da75bbaef594eebec10a Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 3 Jun 2011 09:20:58 -0400
Subject: When making a P2P SSL/TLS OpenVPN server, if the given CIDR for the
 tunnel network is a /30, don't use the OpenVPN server directive. See ticket
 #1417

---
 etc/inc/openvpn.inc | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'etc')

diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index 7f82975..edd22be 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -367,8 +367,8 @@ function openvpn_reconfigure($mode, $settings) {
 	// server specific settings
 	if ($mode == 'server') {
 
-		list($ip, $mask) = explode('/', $settings['tunnel_network']);
-		$mask = gen_subnet_mask($mask);
+		list($ip, $cidr) = explode('/', $settings['tunnel_network']);
+		$mask = gen_subnet_mask($cidr);
 
 		// configure tls modes
 		switch($settings['mode']) {
@@ -383,8 +383,13 @@ function openvpn_reconfigure($mode, $settings) {
 		// configure p2p/server modes
 		switch($settings['mode']) {
 			case 'p2p_tls':
-				$conf .= "server {$ip} {$mask}\n";
-				$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
+				// If the CIDR is less than a /30, OpenVPN will complain if you try to
+				//  use the server directive. It works for a single client without it.
+				//  See ticket #1417
+				if ($cidr < 30) {
+					$conf .= "server {$ip} {$mask}\n";
+					$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
+				}
 			case 'p2p_shared_key':
 				$baselong = ip2long32($ip) & ip2long($mask);
 				$ip1 = long2ip32($baselong + 1);
-- 
cgit v1.1


From 5cd9e96a426fa1d62928d93a2539376912033349 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 3 Jun 2011 09:50:53 -0400
Subject: Add a GUI selection for racoon's generate_policy directive since it
 may be useful in certain configurations, especially for mobile clients.

---
 etc/inc/vpn.inc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'etc')

diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 2411caf..5e014fd 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -481,7 +481,7 @@ function vpn_ipsec_configure($ipchg = false)
 						$natt = $ph1ent['nat_traversal'];
 
 					$init = "on";
-					$genp = "off";
+					$genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "off";
 					$pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "claim";
 					$passive = "";
 					if (isset($ph1ent['mobile'])) {
@@ -490,10 +490,10 @@ function vpn_ipsec_configure($ipchg = false)
 						/* Mimic 1.2.3's behavior for pure-psk mobile tunnels */
 						if ($ph1ent['authentication_method'] == "pre_shared_key") {
 							$pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "obey";
-							$genp = "on";
+							$genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "on";
 						} else {
 							$init = "off";
-							$genp = "unique";
+							$genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "unique";
 						}
 					}
 
-- 
cgit v1.1


From bd4b09826c4f0a6ecae94c99a9fdfa8bf7bc4a95 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 3 Jun 2011 14:53:07 -0400
Subject: If a mode_cfg subnet is defined for IPsec, also add it to outbound
 NAT.

---
 etc/inc/filter.inc | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'etc')

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index e5e173c..0988093 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1384,6 +1384,12 @@ function filter_nat_rules_generate() {
 				}
 			}
 		}
+		/* IPsec mode_cfg subnet */
+		if (isset($config['ipsec']['client']['enable']) &&
+			!empty($config['ipsec']['client']['pool_address']) &&
+			!empty($config['ipsec']['client']['pool_netbits'])) {
+			$tonathosts .= "{$config['ipsec']['client']['pool_address']}/{$config['ipsec']['client']['pool_netbits']} ";
+		}
 		$natrules .= "\n# Subnets to NAT \n";
 		$tonathosts .= "127.0.0.0/8 ";
 		if($numberofnathosts > 4) {
-- 
cgit v1.1