Fix the IPsec ping hosts file generation. This only worked for the lasttunnel
Use racoonctl now that ipsec-0.8 is back to reload the config.
Always write out the filterdns-ipsec.hosts file, otherwise deleted tunnels will never get removed from thefilterdns-ipsec.hosts
Add a check that should prevent configuration of racoon with duplicate phase 1 IP entries.
Add more safeguards and IP address checks
Do not resolve the hostname during boot, also make really sure we have a IP address here.
Prevent a empty remote gateway IP from ending up in the config
Make sure to initialize the remote gateway IP variable so that it does not end up with a broken config
Do not resolve the dyndns hostnames during boot. With many tunnels that have a hostname this cancause huge boot issues if the DNS server is slow or not responding at all. By skipping those butadding them to the DNS watchlist it should reload these later. This should allow the box to start...
Fix typo (swapped parameters)
Fix typo
Correct configuration file name.
Use filterdns instead of dnswatch which will be retired.
Actually use sigkillbypid.
Send a HUP to racoon which is equivalent to the reload-config racoonctl command which seems to not work in 0.7.3 of ipsec-tools.
Add radius port and radius accounting port to config if supplied.
Ticket #1116: anonymous sainfo may be used only for single phase2 ipsec VPN's
Prevent other types of interface for being added to ng_ether(4). It might be the cause of panics reported here http://forum.pfsense.org/index.php/topic,31404.0.html
nuke trailing carriage returns
Do not attach ng_etther(4) to every system interface. Instead do a search if netgraph is needed on single/every interface during interface configuration. Also enable netgraph support for interface as needed when enabling pptp/l2tp/pppoe/... . This should prevent the netgraph queue to slow down network performance on fast links.
Some IPsec mobile changes to inch a little closer to working L2TP+IPsec. Ticket #475
Only print "sainfo anonymous" also for xauth-psk setups. See http://forum.pfsense.org/index.php/topic,29164.msg157864.html#msg157864
Do the setting earlier to not miss any code and make ipsec not work.
Remove trailing carriage return
Activate code to allow ipsec to work normally.
More VPN log fixes, for consistency. Ticket #912
Fix typo (standart -> standard)
Switch to a unified vpn-linkup and vpn-linkdown.
Fix l2tp interface naming. Fixes #985
Use individual linkdown scripts.
Rename 'name' to 'descr' for CA, Certificates, and CRLs, to gain CDATA protection and standardize field names. Ticket #320.
Fix racoon.conf generation for localid_type=address. Ticket #936
Add contributed patch to allow certain IPsec mobile clients to save Xauth passwords. Fixes #933.
DNSWatch core dumps when it encounters white spaces.
Properly check and set "Prefer older IPsec SAs" setting in the config and its associated sysctl. Move setting the sysctl to its own function to avoid code duplication.
Actually decode before writing to mpd.secret. Alos correct variable names. Discovered-by: Efonne(IRC)
Make possible to run multiple instances of pppoe server. Not yet switched to mpd4.
CA/CERT Move
also include split_dns, as Cisco VPN clients won't query across the VPN without it.
Fix spelling error. Thanks-to: wagnoza (IRC)
Do proper checking on the interval used for dnswatch. Otherwise might pass wrong parameters to dnswatch.
Fix some PPPoE server radius variable references. Fixes #853.
Let the user choose the IPsec CA instead of assuming.
Only write out the CA if one exists.
Flip this check
When using a certificate for IPsec, also write out and reference the certificate's CA.
Honor a phase 1 proposal_check if one is set, otherwise use the default.
Resolves #815. Do not add protection rules if lan interface has no ip.
Fix test of preferoldsa to check the proper variable name.
Ticket #655. Another try at this.
Fixes #755. Workaround bug on dnswatch and properties_read by actually creating a correct file for properties_read API.
Remove gif creation/deletion in ipsec code it seems unlikely and unused for a long time. This also removes the risk of doing damages on gifs configured through the GUI.
Honor GUI configured DNS settings for PPTP/PPPoE/L2TP if present.
Add per-user PSKs to racoon.
Various fixes to usage of ip2long, long2ip, and negated subnet masks, mostly affecting 64-bit. Ticket #459
Add a few comments. This should be ready for testing/feedback. Ticket #108
Add missing ;
Set proposal check and passive as needed for this scenario also. Ticket #108
Ensure initial_contact is 'on' in this case to behave as 1.2.3 did. Ticket #108
Set generate_policy to "on" to behave as 1.2.3 does in this case. Ticket #108
Only specify peer ID if we are not dealing with a mobile PSK-only tunnel. Ticket #108.
Do not specify subnet in sainfo if we are dealing with a mobile PSK-only tunnel. Ticket #108
Write out IPsec PSKs for mobile clients. Part of ticket #108.
Use the -s ident option of mpd to send the logs for the PPPoE/PPTP/L2TP servers to syslogs appropriate files. Create the files for these vpn's as for the others. Logs can be viewed in the VPN tab of the system log.
Ticket #430. Give a none option to allow for roadwarriors configs.
Only fetch inet family routes.
Prevent errors when running without a lan defined interface. Also remove some dead code.
Three fixes:- ipsec-tools 0.8 ignores 'adminsock' directive, so until upstream is fixed, we need to use the default /var/db/racoon/racoon.sock- Fix spd files reloading in /tmp- Revert initial patch from ScottTicket #137
Ticket #332. Simplify creating the ipsecpinghosts file.
ping_hosts.sh is no more in /etc. Remove some unneeded lines.
Use global variable.
Use global variable and do not loop all entries undefinitely.
Do propper checking on sasyncd to not try to start this damon uselessly.
Do not fail to create racoon.conf if there is no ip on wan. this might be a valid config.
Use better interface names.
Fix racoon file gneration when selected type is dyn_dns. Reported-by: http://forum.pfsense.org/index.php/board,49.0.html.
Check to see if processes are running before killing
Reload tunnel policies Ticket #137
Restore lost code. Noticed-by: Ermal
Combine PPTP Server subnet and clients. Code imported from m0n0wall. Ticket #139
Remove ipsec_in_use sysctl
Add newline after set radius server Resolves #184
Rework includes/require. This saves about 4 megabytes.Simplify get_memory(). Tested on mips/i386
Turn off IPSEC net.inet.ip.ipsec_in_use when IPSEC is disabled
Set sysctl net.inet.ip.ipsec_in_use=1 when starting racoon
More IPSec, filter.inc changes
Here we go again .. IPSec stuff
Add neccessary include.
Add pfSense_BUILDER_BINARIES: and pfSense_MODULE: additions
Fix typo in variable name which resulted in a incorrect format for the /var/db/ipsecpinghosts file.Fixes half of #61
Unbreak ipsec on my firewall. For some reason p2_ealgos is not being defined and requires a 'require' to bring it in. Not sure why this is happening but this fix unbreaks my case at least.
remove debugging echo
Check correct variables
Do not enter for loop if all variables are 0. Apparently we have some include ordering issues that are preventing these variables from being set.
Ipsec.inc is in functions.inc
Unbreak IPSEC!
Do not send a HUP to racoon as that causes issue with initialconfiguration loading.
Switch over the dns list from arguments to dnswatch to a file which holds them which dnswatch will use.
Make the dnswatch_list array unique before processing it
Silence route delete, this will also match on local network connectedvpn endpoints, those routes can not be deleted and throw a error.