Change OpenVPN to retry client auth when it fails by default, rather than making the process exit which confuses users. Fixes #7506
Correct typo. Fixes #7802
Fix OpenVPN Auth Digest Algorithm selection so it does not use duplicate/alias names in the list, and fix existing entries on upgrade so they use the actual digest name and not an alias.
The logic for resolv-retry infinite was always setting it in client mode no matter what the GUI option wanted. Remove the GUI option and clean up the logic so it isn't duplicated. Fixes #7572
Fix OpenVPN server port validation to disallow "0". 0 is still OK for client port, which is the same meaning as blank/empty. Fixes #7565
Use is_numeric() to make sure $prefix is not 0
Merge pull request #3604 from enukane/fix/openvpn-ipv6-remote-netmask-0-treated-as-128
Add OpenVPN GUI Option for "sndbuf" and "rcvbuf", using the same value for both. Fixes #7507
Add OpenVPN GUI option for "fast-io" to clients and servers. Ticket #7507Only compatible with UDP modes, and also not compatible with "shaper".
Fix parsing "::/0" as "::/128" on OpenVPN IPv6 Tunnel Remote network
Always force compress when calling Net_IPv6
Fix #7136 Start OpenVPN on ordinary VIP
Fix #6603: Wait while interface is in 'tentative' state before try to bind OpenVPN to its address
Remove extra parenthesis and blank line
Simplify logic
Also check IPv6 when determining if we should use nobind or lport.
Merge pull request #3361 from PiBa-NL/openvpn_waitforpid_20170107
openvpn, check for valid pid using isvalidpid()
openvpn, make sure config is written and not overwritten while starting openvpn, and wait for pid of child process to be written before exiting function
Fix up OpenVPN CSC page help text, add IPv6 tunnel network. Fixes #7053
Destroy tun/tap device when delete OpenVPN tunnel
Remove unnecessary reference
Revert "Destroy tun/tap device when delete OpenVPN tunnel"
This reverts commit 0a07be0287189cda229fab27ad733e9de3dc12f5.
Add backend support to OpenVPN for NCP. Ticket #7072
Fix #7074: Fix automatic port number guessing
Rework openvpn_port_used() to take care of following conflicts afterticket #7062 was committed:
Remove this extra comma. It's not causing a syntax error but it's also not necessary.
Rework openvpn_vpnid_next() and remove duplicated code
Add some more help text to OpenVPN pages.
Replace "client-cert-not-required" with "verify-client-cert none". Fixes #7073
Add --tls-crypt support for OpenVPN servers and clients. Implements #7071
Bring compression options in line with OpenVPN 2.4. Note that the old style options are deprecated/legacy but don't remove yet, for compatibility. Implements #7064
Make sure $openvpn_dh_lengths is declared global. Ticket #7065
Fix var name cut-paste error in openvpn.inc
Add OpenVPN ECDH options. Implements #7063
Update OpenVPN protocol preferences to match the new behavior of OpenVPN 2.4. Fixes #7062
Allow OpenVPN DNS servers for clients to be IPv6 as well as IPv4. Implements #7061
Add IPv6 virtual address to SSL/TLS client output, formatting corrections/enhancement for SSL/TLS client and server. Ticket #2766
Update OpenVPN SSL/TLS server status to reflect changes in OpenVPN 2.4. Ticket #2766
Ticket #7054: Remove tun-ipv6 option, deprecated on OpenVPN 2.4.0 and related GUI knobs
Merge pull request #3236 from PiBa-NL/openvpn_startup_lock
Encode the auth server list before passing it on the CLI, to avoid issues with special characters that break when interpreted as URL parameters during OpenVPN auth. Fixes #7002
openvpn, startup locking sequence to prevent issues around pid file / process managementfixes: https://redmine.pfsense.org/issues/6940
Adjust parsing of OpenVPN ciphers to new output format. Fixes #6849
Move copyright from ESF to Netgate
Add a selection for OpenVPN to have no compression preference + comp-noadapt, which is necessary in some client edge cases. Fixes #6739
Add an option to push "block-outside-dns" to clients of an RA OpenVPN. Fixes #6719
Some small improvements to OpenVPN server handling when using CARP VIPs in Gateway Groups. Might help with issue #6607
openvpn_add_dhcpopts already sets redirect-gateway, don't add it a second time. Ticket #6633
Move to Apache License 2.0
Make a function to resync all OpenVPN CSCs and use it when saving an OpenVPN server. Fixes #6139
Review license / copyright on all files (final round)
Review license / copyright on all files (1st round)
Added and modified functions to send correct Radius attributes to the Radius authenticator.
Merge pull request #2966 from scipiojr/master
Update openvpn.inc
Add missing recommended key lengths to OpenVPN options
Add key lengths to the OpenVPN options, for asymmetric keys of size 3072 (for current use), 7680, 15360 (for long term resistance), 8192 and 16384 (common binary exponents).
These are both supported by OpenVPN anyhow, and for certain uses are currently recommended (eg long term resistance to replay/decryption). See keylength.com for citations....
Trim the OpenVPN tunnel network before use, and on save. Fixes #6198
Remove dead note from OpenVPN widget
This note is never going to display, because $DisplayNote is only set ina function and is not global.In any case, I don't think the message is true (maybe it was true in thepast?).
Only specify auth-user-pass for TLS mode. Ticket #5941
Fix OpenVPN ifconfig. Ticket #5930
Use high level functions
Internationalize etc inc i through s
Fix style issues.
Review of CARP uniqid changes.
It turns out that current CARP implementation is not much different from an IP alias.
This commit converts the IP alias to also use the CARP uniqid scheme, this simplify the code in all other places because now we have only two different cases to deal with:...
Omit topology for tap OpenVPN, as it has no meaning in that context
Remove stray }
The topology line also must be skipped if an SSL/TLS mode is used with a CIDR less than 30.
Update license on files from /etc/inc
Remove spaces at EOL as requested
redmine 5702 - change to use high level IPv4 functions where low level ip2long32() etc are used
Consolidate OpenVPN kill_client routine
After a gitsync just now I started getting "cannot redeclarekill_client" error messages. Whatever it was that caused this to starthappening, the kill_client() function in these 2 places is identical.Might as well put it in openvpn.inc
Remove all pfSense_MODULE and pfSense_BUILDER_BINARIES definitions, whatever was the reason they were added, it was never finished and it's not being used
Fixed #5602 by dynamically updating hte help text based on the cert selected.
Code style and white space in etc
Prioritize and separate server certs for OpenVPN servers to make it more clear they should be using certificates created as Server certificates for this purpose -- it's still valid to use non-server certs but it's not what most people intend to do. Ticket #5602
whitespace/style fixups
Fix PHP error on boot/resync of OpenVPN
Omit topology from the config when using shared key mode.
Nuke openvpn_cleanup_csc, the job is done better by openvpn_delete_csc
Properly omit tunnel network when it's empty in the CSC
GUI/Backend changes to move topology_subnet checkbox to a topology drop-down selection. Issue #5526
P2P is there but commented out for now.
Backend changes to OpenVPN CSC handling to allow per-server configuration. Ticket #5526Still needs GUI work and other items mentioned on https://redmine.pfsense.org/issues/5526
Tidy up Boolean operators for HTML5
Remove the XHTML standard Boolean operators (makes reading HTML muchsimpler).
Put some OpenVPN functions into include file
Forum:https://forum.pfsense.org/index.php?topic=103036.msg574854#msg574854
A few functions were in both client and server PHP already and were thesame.build_crl_list() was missing from client PHP.build_cert_list() was slightly different in server and client PHP. I...
Integrate bootstrap etc/inc with master
This applies the little changes in etc/inc master to the bootstrapbranch so that etc/inc in bootstrap will now just have the realdifferences that are due to real bootstrap changes.
Merge branch 'master' into bootstrap
Move main pfSense content to src/