Propperly fix openvpn parameter parsing.
Fix correction of openvpn parameters.
Modify the OpenVPN server configuration to allow the DH parameter lengthto be specified. Upgraded 1.2.x configurations will default to 1024 bits.
Comment out the code that creates a dh-parameters file at boot time andadd three new static parameters files to the /etc directory. In the nearterm OpenVPN configurations will use the 2048 bit file.
Correct a bug where we attempt to kill an OpenVPN process even though itspid file does not exist.
Revert the dh parameters generation back to 1024 bits. There were severalcomplaints that 2048 bit parameters took too long to generate.
Log why we're writing a new config out
When restarting an OpenVPN process, don't send a term signal and expect itto exit within a fixed time frame of two seconds. The old process may takelonger to exit and cause the new process creation to fail. Instead, checkthe process status every 1/4 seconds and only continue once it terminates.
Minor re-work of OpenVPN configuration. Use operational modes to determinewhat configuration options are appropriate. The operational mode dictatesthe authentication method. They are defines as follows ...
Peer to Peer ( SSL/TLS )Peer to Peer ( Shared Key )...
Correct the path for OpenVPN client specific configuration files. When thedirectory creation moved to the rc script, the path name was changed from/var/etc/openvpn_csc to /var/etc/openvpn-csc. Update the code to match.
Revert to the previous method of referencing OpenVPN device names in thefilter.inc file. We now specify the openvpn device name which is actuallyan os managed group. OpenVPN tap instances are added or removed from thisgroup when OpenVPN configurations are created or destroyed. Portions of...
Bump the system dh-parameters file to 2048 per request on dev@.
Correct problems with OpenVPN that prevented the lzo compression and passtos options from being set correctly in configuration files.
Now that we are delaying the creation of OpenVPN dh parameters, it appearswe need an explicit call to write_config() to ensure the data is saved.
Delay writing out the dh-parameters file if the paths have not yet beeninitialized by the rc scripts. I hope this will make the initial bootprocess more pleasant during install. If not, I will revert this commit.
Don't create the standard OpenVPN paths in openvpn_resync_all(). These arenow created during the bootup process.
Ensure $g is populated by reading in globals.inc
Store the OpenVPN system DH parameters contents in the config.xml file soit is not generated each time on embedded systems. Problem reported byScott.
Replace the old openvpn status page with a new implementation. We now adda tcp management port option to each OpenVPN server. Instead of rootingthrough the OpenVPN logs once a minute for status updates, we now submit arequest to the management port to obtain informaiton. We probably need to...
Correct some problems with the filter code where we were calling foreachon data that wasn't necessarily a valid array.
Modify the OpenVPN code to stop passing the array index around and thenimmediately obtaining a reference to the array entry. We already have a...
Set some important default values for the new OpenVPN interface screens.Add functions and interface code to handle local port conflict detectionand resolution.
Dump the per-configuration dh parameters data. It make no sense to keepthis information in the configuration as its not specific to the server.It only contains the parameters ( a safe large prime number ) that isused during a DH key exchange. Instead, we now use a system wide dh file...
Rework most of the OpenVPN support. The interfaces have been updated tonot use the pkg system and the configuration has been migrated to anopenvpn prefix. The centralized user and certificate manager is now usedto support the openvpn configurations. Most of the files removed in this...
This check is needed to prevent php oddities with arrays and strange behaviour of count and empty! As commit fixes errors with not configured openvpn.
Try to do better sanity checks.
Correctly name clients and server interfaces otherwise we have clashes.
Reformat file.
Pass mode
Just handle server instances for now.
Escape \$2
Shutdown deleted process
Move assignment
Define interface correctly
Use unique name
move variable assignment more near to the code it is used in
Use array name for .crt|.key
Set keysize correctly
Use $int$port$proto for unique server name
Check for descr
Add missing #!
Add a shell interpriter
Make multi-user friendly and lock config.xml during cert creation.
Make script executable.
Add me as a (C) holder add blurb about file being reritten by Fernando.
Correct log text and move to end of function.
Seperate server cert creation routines out to its own function for readability.
Note in logs when the server cert creation started.
Creatae server certificate if needed.
use description
touch up text
Change the renaming of openvpn tun devices to ovpnX so netstat copes with the names.Better do this than patch netstat to allow space for IFNAMSIZ in the interface column.
correct logic.
Differentiate between shared key and pki on the GUI.Fix some errors with the javascript
Fix some typos.
Destroy the interface before creating a new one.
ticket#1700: comment out the fix, it does not work for editing existing entries. $_GET['act'] is not passed from pkg_edit to openvpn.inc... else the check would be easy...
fix ticket#1700 and also check for protocol
fix ticket#1700
Change back to the interface naming for tun(4) devices to openvpnX.Openvpn allows this with the --dev-type and --dev-node arguments.Better read the manual page throughly next time thugh i would like it to be handled automaticallybut is not possible in Openvpn and FreeBSD devfs(5) currently.
Propperly fix certificate file creation for openvpn in client mode.
Fix a double '/' in the pathname for which openvpn seems to error out.
Comment out for now the renaming of tun interfaces to openvpn.Seems like openvpn code has "tun"/"tap" hardcoded and FreeBSD devfs does not keep track of such interface renaming thus you cannot get a file descriptor to renamed device as openvpn like application do....
OpenVPN: remove keepalive, its already hardcoded
OpenVPN: added keepalive and infinite resolver options
OpenVPN: redirect-gateway: override instead of overwrite
OpenVPN: my fault... now its correct... the server pushes the commands...
OpenVPN: redirect-gateway added [for CSC]
OpenVPN: redirect-gateway added: missed the "push"-command
OpenVPN: redirect-gateway added
unbreak openvpn client config file generation
Revert previous commit and remove only the unneeded parts.
This javascript is not needed anymore.
Do not recreate the ciphers repeatedly.
Remove ugly hacks and use propper method for dispalying generated ciphers.
Do not generate certificate directives if no certificate is selected.
Switch to using generated certificates for server mode.
Check that the item exists before using.
OpenVPN: tidy up source...
OpenVPN: permit TLS for TCP
OpenVPN-multi-interface-patches by Fernando Tarl? Cardoso Lemos
Ticket 1709: fixed typo in OpenVPN cfg-page
Kill trailing space
Remove openvpn csc file when option is disabled.
Ticket #1339
Add Type-Of-Service-passthru for server and client
correct code formatting
Add OpenVPN CSC-DHCP Options (override per Client), add TLS-Authentication, add connection-limit for server
Remove trailing space / cr
Patch from Martin to fix http://forum.pfsense.org/index.php/topic,4773.0.html
Add openvpn server tos and dhcp server options.
Submitted-by: Martin Fuchs
OpenVPN bandwidth fix from Martin Fuchs
Apply OpenVPN patch from Martin Fuchs which adds outgoing tunnel bandwidthg control.
Remove openvpn-csc when needed.
Submitted-By: Fernando Lemos
After openvpn resync all function, sleep for 5 seconds and trigger a filter reload
Fix ticket #1265
Multiple openvpn clients all attempt to bind to same local port
Allow multiple client tunnels via OpenVPN
Ticket #1265
Ok: fernando lemos
Start OpenVPN with nohup
Start OpenVPN in the background.
Suggested-by: Fernando
MFC openvpn fixes by Fernando