pfSense

Start PPTPD.

Start MPD correctly on newer mpd

Fix mpd startup

Unbreak racoon

Do not quote an empty string when the DN identifier is blank.

Obtained-from: m0n0wall

Bump dpd from 20 to 120

Use DPD and frag support we already have

Send extra sighup after starting

Pass -c along to mpd

With the current Racoon we need to inform that we are reloading our SPD
entries with a SIGHUP

Update to racoon-0.7-cvs with Timo Teras patches.
Use setkey -f because spd loading works normally now.

attempt loading SPD entries 4 times

Somehow sending a SIGHUP before flushing and reloading works better then
after. Technically a SIGHUP to racoon should not do anything.

Flush both SA and SPD entries

repair logic I think. Can we please use more curlies?

Make 3 passes at loading the SPD entries as this will fail on large configurations > 250 tunnels.
Tested by smos@ 399 tunnels, 239 active, ok by sullrich@

touch up text

Ticket #1569

freeradius and pptp changes by forum-user 'cybrsrfr'

Adding dnswatch support.

Obtained-from: m0n0wall

IPSEC keep alive pinger using the wrong source IP address

Ticket #1482

Adding keep alive host to IPsec causes warning in webGUI

Ticket #1509

Ticket #1482 - set the source to an interface that is inside the subnet definition

Sync NATT support from m0n0wall

Unbreak IPSEC, correct pathnames

Fix loading and reloading config for IPSEC.
MFC: Possible candidate, works for seth. Needs test.

Add ASN1DN identities support to IPSEC.

Subbmitted-by: Nic Bernstein <nic_AT_onlight.com>

use killall

• Flush SPD's on reload
• Kilall -HUP racoon if its already running since racoonctl is brokie brokie

• Remove path from racoon grep
• Remove [r] from racoon and simply grep for racoon

Correct ps location

Remove trailing space / cr

Commit forgotten vpn_ipsec_force_reload()

Do not flush SPA and SPD before starting. It upsets racoon.

Rework stop and start logic. If we are already alive, reload instead of stop and start.
Tested by Seth.

further changes to 1.3 for pppoe server and pptp server. added to gui add radius acct and auth ports add acct update in seconds option for external radius servers add backup radius server changes

rearranges xml for better use moved radius specific features inside tags added options for additional server above 2 miner bug fixes

Ticket #1306

Switch over to mpd4

Code-submitted-by: alan_AT_radiowave.ie

PPPoE server fixes

Ticket #1283

Add link_carp_interface_to_parent() function

Allow CARP addresses to be the IPSEC endpoint.

This cleans up the code GREATLY and removes the FAILOVER IPSEC hack.

Make tabs consistent

Use a comma to seperate multiple hosts instead of a carriage return which is being stripped by the package manager

Allow multiple racoon listen ips so that racoon can live on two different wan carp ips (multiple isps)

Only install listen directive when value is filled in.

Backport IPSEC filtering to 1.0.1.

Requested and will be tested by Seth

Add back missing WINS statement that was accidently chopped in commit #9051

Ticket #1209

Do not destroy previous items, whiping out the listen directive.

Disable sasyncd. Sniff sniff. I gave it all I could, cap'n.

Maybe 1.1.

We're in 2006 now, toto

Ticket #854 fixes

• Compute the correct amount of ng interface for pptp and pppoe
• Restart mpd processes in one function so that duplicates do not end up in mpd.conf file

• Sleep a little longer after killing mpd to allow it to cleanup
• If there was a problem killing mpd, try killing once more and log the attempt

Add c/r

MFC vpn ping code

Remove trailing newline

Use correct variable for radius issued ips

Correct warnings and errors found eclipse

Set: set link mru 1492 in addition to set link mtu 1492

Do not apply option when radius is disabled

Allow issuing of PPOE ips from RADIUS server

Ticket #709

Import m0n0wall 1.21 PPTP Server

Remove auto establish. It's never worked.

Alert that we are auto establishing tunnel

Back off a little bit on the insane debugging levels. This brings the debugging levels back similar to m0n0wall.

Move setkey to /sbin/setkey from /usr/sbin/setkey due to FreeBSD changing the location.

• Use 0.0.0.0/0 so radius can allocate ips
• Do not set link mtu twice

• Turn of ACE. It doesn't work at all.
• Killall racoon. IPSEC Tools racoon seems to work a bit diff

Enable padlock support

Move )

Pointy-hat-to: Me

Missing )

Pointy-hat-to: Me

Forced commit to note that failover ipsec should be enabled as well (even if your not using failover, it simply sets the racoon listen ip address)

Add NATT support. Currently this option is disabled. To enable simply set the <developer/> tag inside <system> in config.xml

Use correct mtu for pptp when wan is pppoe.

Have I mentioned how much I HATE pptp lately?

Set /sbin/sysctl net.inet.ipsec.crypto_support=1 if Padlock

Detect ACE in CPU line

Do not set net.inet.ipsec.crypto_support

Only run padlock functions if <developer> bit is set

Query Features line for ACE

Echo out when enabling padlock

Clear out setkey after enabling as instructions show.

Only enable Padlock if we find ACE in the dmesg

Spello in comments

Enable hardware IPSEC

Padlock -> ACE

Minor style cleanups

Only setup via padlock on bootup.

Alert on bootup if we are enabling padlock

Add via padlock support

Check to see if item is dynamic dns a little better

Detect DNS names and correctly set

dir_exist() -> dir_exists()

Allow PPPoE server subnet to be defined by user.

Ticket #282

Make sure /var/etc/mpd-vpn exists

Set pppoe interface

Use unique variable name for interface

Do not accept encryption

Kill sasyncd before restarting

Assign a unique pppoe id

Set mtu to 1492

Translate interface

Do not set 10.* dns address

Add PPPoE server interface field