removes variables concatenation on gettext strings
Merge remote-tracking branch 'upstream/master'
Conflicts: etc/inc/easyrule.inc etc/inc/filter.inc etc/inc/interfaces.inc etc/inc/services.inc etc/inc/xmlrpc_client.inc usr/local/www/fbegin.inc usr/local/www/services_dhcp.php
Merge remote branch 'upstream/master'
Merge remote-tracking branch 'mainline/master' into inc
Conflicts: etc/inc/voucher.inc usr/local/www/fbegin.inc
Correct event calling during bootup for rc.newipsecdns and also convert the command executed during an ipsec even to go through check_reload_status which will prevent races on calling rc.newipsecdns. Which might lead to many filterdns processes.
Conflicts: etc/inc/openvpn.inc
Add a GUI selection for racoon's generate_policy directive since it may be useful in certain configurations, especially for mobile clients.
Conflicts: conf.default/config.xml etc/inc/filter.inc etc/inc/globals.inc etc/inc/pfsense-utils.inc etc/inc/upgrade_config.inc usr/local/www/interfaces.php
Silence the route changing since it fills the logs with not needed info.
Conflicts: etc/inc/interfaces.inc etc/inc/upgrade_config.inc etc/inc/vpn.inc
Don't put an empty PSK into the file, and try to avoid extra whitespace to be safe.
Conflicts: etc/inc/vslb.inc etc/version
passive should always be on for mobile clients per racoon man page
Disable this log message, as it can be extremely spammy in the logs.
Remove stray debugging lines in VPN
Conflicts: usr/local/www/status_rrd_graph_img.php
Give time to filterdns to exit gracefully and after that start a new process.
Conflicts: etc/inc/gwlb.inc
Add missing fields for l2tp to define dns and wins servers
Add a toggle under System > Advanced on the misc tab to enable/disable debug mode for racoon.
Conflicts: etc/inc/interfaces.inc etc/inc/priv.defs.inc etc/inc/shaper.inc etc/inc/system.inc
Conflicts: etc/inc/auth.inc etc/inc/config.lib.inc etc/inc/filter.inc etc/inc/pfsense-utils.inc etc/inc/pkg-utils.inc etc/inc/priv.defs.inc etc/inc/services.inc...
Fix merge conflict
Swap if statement, add fields into ipsecpinghosts file
Correct ping hosts functionality for > 1 tunnel. Add v6 functionality
Fix the IPsec ping hosts file generation. This only worked for the lasttunnel
Try to make IPv6 feature complete for IPv6 support. Looks like ipsec-tools was built without v6 support, make sure you have a newer build
Commit the backend function that writes out the racoon.conf
Make sure to note the limitations to gethostbyname, it does not work for Quad A records. Fix resolve_retry in the process, use that.
Use racoonctl now that ipsec-0.8 is back to reload the config.
Always write out the filterdns-ipsec.hosts file, otherwise deleted tunnels will never get removed from thefilterdns-ipsec.hosts
Add a check that should prevent configuration of racoon with duplicate phase 1 IP entries.
Add more safeguards and IP address checks
Do not resolve the hostname during boot, also make really sure we have a IP address here.
Prevent a empty remote gateway IP from ending up in the config
Make sure to initialize the remote gateway IP variable so that it does not end up with a broken config
Do not resolve the dyndns hostnames during boot. With many tunnels that have a hostname this cancause huge boot issues if the DNS server is slow or not responding at all. By skipping those butadding them to the DNS watchlist it should reload these later. This should allow the box to start...
Fix typo (swapped parameters)
Fix typo
Correct configuration file name.
Merge branch 'master' into inc
Conflicts: etc/inc/captiveportal.inc etc/inc/config.console.inc etc/inc/config.lib.inc etc/inc/easyrule.inc etc/inc/filter.inc etc/inc/ipsec.inc etc/inc/pkg-utils.inc etc/inc/shaper.inc...
Use filterdns instead of dnswatch which will be retired.
Actually use sigkillbypid.
Send a HUP to racoon which is equivalent to the reload-config racoonctl command which seems to not work in 0.7.3 of ipsec-tools.
Add radius port and radius accounting port to config if supplied.
Ticket #1116: anonymous sainfo may be used only for single phase2 ipsec VPN's
Prevent other types of interface for being added to ng_ether(4). It might be the cause of panics reported here http://forum.pfsense.org/index.php/topic,31404.0.html
nuke trailing carriage returns
Do not attach ng_etther(4) to every system interface. Instead do a search if netgraph is needed on single/every interface during interface configuration. Also enable netgraph support for interface as needed when enabling pptp/l2tp/pppoe/... . This should prevent the netgraph queue to slow down network performance on fast links.
Merge remote branch 'mainline/master' into inc
Conflicts: etc/inc/auth.inc etc/inc/config.lib.inc etc/inc/filter.inc etc/inc/gwlb.inc etc/inc/interfaces.inc etc/inc/pfsense-utils.inc etc/inc/pkg-utils.inc...
Some IPsec mobile changes to inch a little closer to working L2TP+IPsec. Ticket #475
Only print "sainfo anonymous" also for xauth-psk setups. See http://forum.pfsense.org/index.php/topic,29164.msg157864.html#msg157864
Do the setting earlier to not miss any code and make ipsec not work.
Conflicts: etc/inc/PEAR.inc etc/inc/filter.inc
Remove trailing carriage return
Conflicts: etc/inc/pkg-utils.inc etc/inc/system.inc
Activate code to allow ipsec to work normally.
Conflicts: etc/inc/auth.inc etc/inc/config.lib.inc etc/inc/priv.defs.inc etc/inc/system.inc etc/inc/upgrade_config.inc etc/inc/vpn.inc
More VPN log fixes, for consistency. Ticket #912
Fix typo (standart -> standard)
Switch to a unified vpn-linkup and vpn-linkdown.
Fix l2tp interface naming. Fixes #985
Use individual linkdown scripts.
Rename 'name' to 'descr' for CA, Certificates, and CRLs, to gain CDATA protection and standardize field names. Ticket #320.
Conflicts: etc/inc/authgui.inc
Fix racoon.conf generation for localid_type=address. Ticket #936
Add contributed patch to allow certain IPsec mobile clients to save Xauth passwords. Fixes #933.
Fix quotes to use %N$X on gettext calls
DNSWatch core dumps when it encounters white spaces.
Properly check and set "Prefer older IPsec SAs" setting in the config and its associated sysctl. Move setting the sysctl to its own function to avoid code duplication.
Conflicts: etc/inc/filter.inc etc/inc/pkg-utils.inc etc/inc/service-utils.inc etc/inc/system.inc etc/inc/vpn.inc
Actually decode before writing to mpd.secret. Alos correct variable names. Discovered-by: Efonne(IRC)
Make possible to run multiple instances of pppoe server. Not yet switched to mpd4.
CA/CERT Move
also include split_dns, as Cisco VPN clients won't query across the VPN without it.
Fix spelling error. Thanks-to: wagnoza (IRC)
Do proper checking on the interval used for dnswatch. Otherwise might pass wrong parameters to dnswatch.
Fix gettext calls with printf to permit change strings order
Conflicts: etc/inc/interfaces.inc
Fix some PPPoE server radius variable references. Fixes #853.
Fix gettext on vpn.inc
Implement gettext() calls on vpn.inc
Let the user choose the IPsec CA instead of assuming.
Only write out the CA if one exists.
Flip this check
When using a certificate for IPsec, also write out and reference the certificate's CA.
Honor a phase 1 proposal_check if one is set, otherwise use the default.
Resolves #815. Do not add protection rules if lan interface has no ip.
Fix test of preferoldsa to check the proper variable name.
Ticket #655. Another try at this.
Fixes #755. Workaround bug on dnswatch and properties_read by actually creating a correct file for properties_read API.
Remove gif creation/deletion in ipsec code it seems unlikely and unused for a long time. This also removes the risk of doing damages on gifs configured through the GUI.
Honor GUI configured DNS settings for PPTP/PPPoE/L2TP if present.
Add per-user PSKs to racoon.
Various fixes to usage of ip2long, long2ip, and negated subnet masks, mostly affecting 64-bit. Ticket #459