Use config accessors in certificate functions
Move to is_platform_booting()
The function platform_booting() is deprecated.
Fix typos and copy/paste issues
Issues found by the PHP linter mostly include typos and usage ofunassigned variables. To address these, traverse the commit historyto determine the intent.
Fix IPsec Dual Stack w/any remote. Fixes #15147
Show interface subnet details for IPsec Phase 2. Implement #15245
While there, prevent interface subnet selections fromshowing for the NAT/BINAT field.
Sync generated gateways to config. Fix #12920
Fix RA IPsec EAP-RADIUS accounting. Fixes #15176
Set the flag which only activates accounting for connections with VIPswhich will restrict accounting to only mobile IPsec connections.
IPsec P1/P2 delete corrections. Fixes #15171
Update the years in the Copyright notice.
Fix IPsec log value handling. Fixes #14990
Refactor use of return_gateways_array() with get_gateways(). Fix #14893
Most calls to return_gateways_array() do not need the gateway list to berecreated. get_gateways() can filter the gateway list, and indexing ismoved from return_gateways_array() to get_gateways() to avoid using...
Don't split fontawesome icon names
This makes it easier to update fontawesome versions. While here, fix amissing closing quote, and use the correct fontawesome prefix.
Update fontawesome. Implement #13537
Mobile IPsec settings PHP refactor corrections. Fixes #14713
Cast to string before ctype_digit() testing. Fixes #14702
Fix var name in ipsec_ikeid_next(). Fixes #14690
ipsec: refactor config access
Fix ipsec_ikeid_next() copy/paste errors
The content of ipsec_ikeid_next() had some references to undefined variablesstemming from a change of nomenclature between 'ike', 'req', and 'key'. Thisseems to stem from content in ipsec_ikeid_next() originating as a copy/paste...
Handle IPsec P1 w/o valid proposals better. Fixes #14009
Update copyright years to include 2023
Rector some direct config gets with complex paths.
Rector some direct config gets with pure scalar paths.
Restore unintentionally removed line. Issue NG 9247
Spelling fixes. Fix #13357
Remove invalid quotes from charon attr plugin attributes. Fixes #13579
ipsec: remove obsolete algorithms
These are no longer supported in FreeBSD main. Ensure they can no longer be configured.
Redmine: #9247
ipsec: allow CHACHA20-POLY1305 to be configured
Redmine: #9246
Correct required param after optional param syntax errors
Revert "Destroy deleted/disabled IPsec SA. Fixes #13102"
This appears to be causing a pileup of swanctl processes on systems witha significant number of disabled tunnels.
This reverts commit d90552c59e51fb13c712b6a96a51ca2462424156.
Destroy deleted/disabled IPsec SA. Fixes #13102
Do not restart IPv4 IPsec on IPv6 gateway events and vice versa. Issue #3132
WebGUI option for IPsec <dns-interval> option. Feature #13057
Skip IPsec VTI interface if remote FQDN gateway is not resolved. Issue #12763
IPSec IKEv2 Mobile INTERNAL_DNS_DOMAIN (value 25) attribute. Fixes #12975
Remove unused add_hostname_to_watch() from ipsec_setup_gwifs(). Issue #12645
Update the Copyright year of the files owned by Rubicon/Netgate.
IPsec IKEv2 Retransmission options. Implements #12184
IPsec on backup CARP group validation. Fixes #12566
IPsec SPD status updates. Implements #12397
Elliptic Curve 25519, 448 bit -> Elliptic Curve 448, 448 bit PH2 rename. Fixes #12350
Elliptic Curve 25519, 448 bit -> Elliptic Curve 448, 448 bit rename. Fixes #12350
IPsec Widget none/disabled tunnels fixes. Issue #12337
IPsec PH2 AH proposals order fix. Issue #12323
Consider GWG in ipsec_force_reload. Fixes #12315
Don't wait on manual IPsec actions. Fixes #12298
Use a timeout with swanctl --initiate, and use --force for swanctl--terminate. This will allow the commands to succeed and return withoutwaiting on the remote to respond. The negotiation continues in the...
Move IPsec Mobile additional configuration attributes to strongswan.conf. Fixes #11447
Do not create disabled IPsec VTI interfaces. Fixes #12212
Write CRL files only if certificate authentication is used in IPsec. Fixes #12195
IPsec identifier type updates. Implements #12044
Correct names to reflect what the actual types are (e.g. Distinguishedname is really FQDN)
Add an explicit "auto" type which passes the user input through as-is.Previously some users took advantage of ASN.1 DN behaving this way to...
IPsec updates to address multiple issues
IPsec PKCS#11 support as an optional feature. Issue #11933
Always apply IPsec changes on HA secondary. Fixes #12075
ipsec: Simplify logic
ipsec: Use correct variable name
ipsec: Remove unneeded references on parameters
ipsec: Normalize ipsec_lookup_phase1()
- $ph2ent doesn't need to be a pointer- Return true when $ph1ent is found since $ph1ent is a pointer and is filled with proper content in this case
Back out recent changes in mobile IPsec
These changes led to the pool failing to load and thus clients could notconnect. Will revisit for future releases. Affects:
ipsec_vti() skipdisabled fix. Issue #11832
Ensure mobile IPsec pools are always in config. Issue #11891
Add IPsec GUI control for Child SA Start Action. Implements #11576
Correct source IP for IPsec on 6RD/6to4 interfaces. Fixes #11643
IPsec Mobile users swanctl.conf fix. Issue #11564
IPsec peer ID Any fix. Issue #11555
Correct location and config for Strict CRLs in IPsec. Fixes #11526
IPsec Mobile EAP-RADIUS additional configuration fix. Issue #11447
Don't add empty pools line. Fixes #11488
Fix child SA name generation. Fixes #11487
RADIUS Advanced parameters. Feature #11211
Do not prefix FQDN IPsec IDs with @. Fixes #11442
IPsec P1/P2 expiration and replacement refresh. Implements #11219
Update the Copyright year.
A subsequent commit will deal with .po's.
Correct DPD syntax and values. Fixes #11196
IPsec P2 life_time changes. May help with issue #10176
Correct IPsec secrets section ID type handling. Fixes #11193
IPsec PH2 proposals order fix. Issue #11078
IPsec PH1 creation fix. Issue #9592
Merge pull request #4176 from vktg/maxikev1exchanges
Merge pull request #4436 from f-bor/ipsec_custom_port
add custom ipsec ports
Merge pull request #4190 from vktg/remove00vti
Rework route functions
- Created route_table() that returns an array containing all items from route table. It uses --libxo to get a json object- Created route_get() that return an array with route items to desired target- Created route_get_default() to get current default route for inet or...
Remove extra 00 padding of VTI interface names. Issue #9592
Add option to increase parallel IKEv1 Phase 2 rekeys. Issue #9331
Style: Break a couple of long lines
Combine nested conditionals into a single one
Remove commented out lines
Merge pull request #4230 from vktg/ipsecp2shunt
IPsec Mobile RADIUS Group authentication. Implements #10748
More complete IPsec close_action conversion. Fixes #10632
Use close_action=trap, not hold. Fixes #10632
Improve handling of an empty IPsec phase1 tag. Fixes #10580
Also fixes another PHP error after config upgrade which behaved in asimilar way.
Use correct prefix for IPsec user keys. Fixes #10505
IPsec VTI /30 netmask. Issue #10418
IPsec PH2 bypass mode. Issue #3329
Merge pull request #4173 from f-bor/gw_duplicates
Fix IPsec mobile user and pool references. Fixes #10296 Fixes #10314
For mobile IPsec pools, use separate pool for v4 and v6. Fixes #10296
Strip IPsec PH2 hash for AEAD ciphers. Issue #9726
Accomodate both RADIUS and pool IP addresses in IPsec. Issue #8160