145eb9907cFixes #4257 With the platform_booting() fixes a regression was done on openvpn tap interfaces or dynamic ones that are part of a bridge.
RELENG_2_2_0
Ermal LUÇI
2015-01-22 20:52:29 +0100
8e24d1dacdMake sure radvd is reconfigured when CARP is enabled/disabled. It should fix #4252
Renato Botelho
2015-01-22 10:01:19 -0200
b711bfac32Save the tradition and point to used binaries here
Ermal LUÇI
2015-01-21 22:05:56 +0100
150d479bc5When configuring radvd, check if carp is enabled. Ticket #4252
Renato Botelho
2015-01-22 09:00:54 -0200
42cc62a2e7Do not translate function return string
Renato Botelho
2015-01-22 09:00:29 -0200
44763e5823Fix typo in function name
Renato Botelho
2015-01-22 08:59:29 -0200
7684d66fadStrict comparison not necessary here, and makes this fail to work as intended. Fixes #4258
Chris Buechler
2015-01-21 18:02:54 -0600
005fd63af3Ticket #4254 do not put duplicate interface names
Ermal LUÇI
2015-01-21 21:45:51 +0100
44085a6555Ticket #4254 Actually use proper variables allover to have correct route added
Ermal LUÇI
2015-01-21 21:40:13 +0100
3ad33c0e25Ticket #4254 Actually use proper interface to check if gateway exists
Ermal LUÇI
2015-01-21 21:33:56 +0100
cde88d5ed1Ticket #4254 Use proper variable
Ermal LUÇI
2015-01-21 21:25:45 +0100
39e3b27b78Ticket #4254 actually use the info on the protocol of the vpn sepcification to be more sure on the family to use
Ermal LUÇI
2015-01-21 21:09:35 +0100
4e1fd3b6f0Ticket #4254 Handle even hosts specified throguh dns name
Ermal LUÇI
2015-01-21 21:04:49 +0100
c7edf1f8e8Ticket #4524 Bring back static routes on ipsec to make sure charon does not send traffic through wrong iface. This handles properly ipv6
Ermal LUÇI
2015-01-21 21:00:25 +0100
260c6a7eebBe compliant with gatway groups specified on ipsec. Ticket #4254
Ermal LUÇI
2015-01-21 20:31:16 +0100
083ec796a8Ticket #4254 Actually fix this on 2.2 branch since vips are not handled by get_real_interface apparently!
Ermal LUÇI
2015-01-21 19:32:03 +0100
a693440176When radvd is configured on a CARP interface, enable it when it is MASTER and disable when go to BACKUP. It should fix #4252
Renato Botelho
2015-01-21 14:36:38 -0200
89ac17e338Ticket #4254 specify the list of interfaces to be used by charon. This is a workaround for now. Being investigated the fix.
Ermal LUÇI
2015-01-21 09:31:54 +0100
94efc59dffUse the parent NIC rather than the VIP. Fixes part of Ticket #4252
Chris Buechler
2015-01-21 00:35:57 -0600
de16863d9eThe reset button check should happen on all platforms, not only NanoBSD
jim-p
2015-01-20 16:53:59 -0500
ca276264eeAdd missing require for filter.inc since vpn_ipsec_configure() calls filter_configure(). It should fix #4236
Renato Botelho
2015-01-19 09:25:36 -0200
7f3601524dAdd reset button support for APU and FW7541
Renato Botelho
2015-01-19 09:08:37 -0200
ef9ef75fe1add detection for 7541, APU
Chris Buechler
2015-01-16 23:15:21 -0600
1195a12d3bmove jquery ui css to theme folders
Jared Dillard
2015-01-16 18:01:34 -0600
b1fef27fcfSet $arch accordingly to release
Renato Botelho
2015-01-16 17:42:30 -0200
6aac31ef76change update URLs for release
Chris Buechler
2015-01-16 13:40:48 -0600
6434d5be0cBump to 2.2-RELEASE
Chris Buechler
2015-01-16 13:36:09 -0600
17c982555aValidate if both IP address and subnet are valid and the same version. Fixes #4223
Renato Botelho
2015-01-16 11:50:23 -0200
5b7c33fc7eFirewall Rules Apply be friendly to other languages
Phil Davis
2015-01-16 00:00:42 +0545
8d4e768a27Time to let these go
Ermal LUÇI
2015-01-15 21:42:00 +0100
05071b6541Just do an update since it will handle itself properly.
Ermal LUÇI
2015-01-15 20:18:24 +0100
202e2f2c04Merge branch 'RELENG_2_1' into UNIVNAUTES_2_1Thomas NOËL2015-01-15 16:34:41 +0100
4e8eacfd7cRevert "Move to specifically specifying the ID type apart when an ip address to have strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own."
Ermal LUÇI
2015-01-15 10:13:57 +0100
23de1f0decRevert "Fix typos introduced by chaning to explicit id specification when necessary. Fixes #4202"
Ermal LUÇI
2015-01-15 10:13:46 +0100
bc62f818e9Add RSA keys even for eap-mschapv2
Ermal LUÇI
2015-01-15 08:45:53 +0100
eb26d3102dAlso take care of ph1 mobile settings for eap-tls
Ermal LUÇI
2015-01-14 17:02:19 +0100
6e0a0ab347Obsolete libpng15 in favour of libpng16
Renato Botelho
2015-01-14 12:09:58 -0200
9eec3be339Correctly handle number of cores and power of 2. Merged from the package already had this. Fixes #4212
Warren Baker
2015-01-14 13:09:31 +0200
3a56c14663Actually remove rekey/reauth from config to avoid strange issues. Ticket #4208
Ermal LUÇI
2015-01-13 20:43:59 +0100
656fd270f0Add some saftey belts here to be safe
Ermal LUÇI
2015-01-13 20:21:19 +0100
a2feea3744Heh bump the config version
Ermal LUÇI
2015-01-13 20:19:25 +0100
b40137258eTo avoid issues with clashing SAIDs go back to specifying the reqid in strongswan config.
Ermal LUÇI
2015-01-13 16:38:12 +0100
156938a87eWhere the P1 is disabled, show the P2s as disabled since they will be, same as in previous versions.
Chris Buechler
2015-01-12 19:25:15 -0600
d71f979475Fix IPsec widget for multiple P2, it fixes #4164
Renato Botelho
2015-01-12 21:50:26 -0200
324a2387d0Unbound is compiled with libevent so setting this to always be 4096.
Warren Baker
2015-01-09 10:51:27 +0200
3243110433Fix typos introduced by chaning to explicit id specification when necessary. Fixes #4202
Ermal LUÇI
2015-01-12 15:14:08 +0100
0c5e61b155Fix cut paste brain fade
Phil Davis
2015-01-11 21:00:59 +0545
3fbfbe902eRestart PHP-FPM allow to setup ini file
Phil Davis
2015-01-10 21:38:50 +0545
2ea976b71cProperly handle large passthrough entries even here.
Ermal LUÇI
2015-01-12 12:30:45 +0100
9b255a367dUse this generation now of committing pipes directly and only rules to put on ruleset to avoid memory pressure and the timelimit will than be enforced by the caller
Ermal LUÇI
2015-01-12 12:27:41 +0100
124299a347Revert "Ticket #3932 Use array_map to get more parallelism when there are many entries. This makes it not reach the execution timeout with large entries."
Ermal LUÇI
2015-01-12 12:26:00 +0100
0fc3c465cdActually improve the previous resource leak commit since the function is there but it was not being used during init_rules process.
Ermal LUÇI
2015-01-12 12:20:57 +0100
339e2fe5e6* Try to autodetect if the execution limit needs to be raised on big number of passthrough entries. Set the time limit to 0 and restore it back to default value when this is detected.
Ermal LUÇI
2015-01-12 12:17:00 +0100
6a752ca21aPut the value of password under double quotes(") to avoid issues with special characters in passwords. Ticket #4177
Ermal LUÇI
2015-01-12 11:49:12 +0100
545c4435efDo not override the passwd string. First it prevents the md5 working if the crypt() check fails and also is useless to override it since the parameter is passed by value and not by reference.
Ermal LUÇI
2015-01-12 11:43:21 +0100
21165e6455Prevent echo to insert a newline(\n) at the secret string. Fixes #4177
Ermal LUÇI
2015-01-12 11:40:46 +0100
aa685f7a6dTicket #3932 Use array_map to get more parallelism when there are many entries. This makes it not reach the execution timeout with large entries.
Ermal LUÇI
2015-01-12 10:38:17 +0100
7001542e3eFix typos and set needed variable
Ermal LUÇI
2015-01-12 09:33:20 +0100
c9f04cd055properly apply the passthrough entries when apply is hitr.
Ermal LUÇI
2015-01-12 09:30:46 +0100
64ed3e60f5Fix inherent issues with isset and empty values set as true by our parser. This made the piep configuration to be wrong at least for passthrough entries. Ticket #3932
Ermal LUÇI
2015-01-12 09:27:09 +0100
ab54ec9f8dBring back showing of default value like previous versions.
Chris Buechler
2015-01-11 19:33:46 -0600
4fc1c68f14Do not return disabled dynamic gateways
Phil Davis
2015-01-11 20:54:31 +0545
30656f6640Fixes #4177 convert password to base64 to be submitted to avoid issues with special chars in shell and HTTP GET parameter passing. Probably should add POST support to fcgicli.
Ermal LUÇI
2015-01-10 22:17:28 +0100
fc03ca0112Fix POST typo in interfaces_assign.php
Phil Davis
2015-01-11 18:40:09 +0545
31cf5a9315Fixes #3281 do not undo any changes already done for gif/gre interface.
Ermal LUÇI
2015-01-10 22:34:47 +0100
83b0a21ac4Properly rename the var Ticket #4164
Ermal LUÇI
2015-01-10 21:49:19 +0100
ed5c6e894eDefault to only AES and SHA1 for new P2s.
Chris Buechler
2015-01-09 22:08:27 -0600
6f7960c3a0Default IPsec to AES
Chris Buechler
2015-01-09 22:00:53 -0600
c182616905Default IPsec to main mode, unless mobile client.
Chris Buechler
2015-01-09 21:59:00 -0600
422a2007d5Do not count twice the phase2 entries
Ermal LUÇI
2015-01-09 23:12:21 +0100
832ec9fee9Just some reshufling and cleanup
Ermal LUÇI
2015-01-09 22:47:38 +0100
9218ecb6e7Let the kernel handle REQID rather than handling it manually. The connection name is the one needed here.
Ermal LUÇI
2015-01-09 22:32:07 +0100
57963e4bafAdd tracker and label to IPv4 Link-Local block rules.
jim-p
2015-01-09 16:06:57 -0500
557c21dae0After the other set of changes had unexpected complications, let's back this out too. Revert "PEAR static method call warning"
Chris Buechler
2015-01-09 01:14:14 -0600
0515117ed7This broke a variety of things. Revert "Deprecated and non-static method messages"
Chris Buechler
2015-01-09 00:40:18 -0600
0391b39b90PEAR static method call warning
Phil Davis
2015-01-09 10:04:28 +0545
ecefba29ecdisable this PHP error logging, errors that are really significant end up with a crash report, this is more noise than useful at this stage in 2.2.
Chris Buechler
2015-01-09 00:17:10 -0600
d97dd42437Make this code less memory hungry and fix route command generation
Ermal LUÇI
2015-01-08 23:57:47 +0100
ac8f75f1e0Catch packets on all iunterfaces and send them out the correct one. Fixes #4174
Ermal LUÇI
2015-01-08 22:49:19 +0100
bad9dec5e6Deprecated and non-static method messages
Phil Davis
2015-01-09 01:20:05 +0545
7c1c70d5eaImprove URL and URL ports alias update data:
Renato Botelho
2015-01-08 16:15:46 -0200
1776d19e58Change OpenVPN CARP VIP test to be more accurate. The client should also not be run if the VIP is in the INIT state.
jim-p
2015-01-08 10:40:44 -0500