pfSense

Where the P1 is disabled, show the P2s as disabled since they will be, same as in previous versions.

Fix lineup of copyright lines

and module names and other bits of formatting and typos in header
comment sections.

Welcome 2015

only show aggressive/main mode for IKEv1

Change copyright statement to reflect reality

Do not collapse phase2 items every time an action occours

Replace all GET use by POST

More improvements on IPsec GUI (Ticket #3328):

• Allow to reorder P2 entries
• Allow to remove multiple P2 entries
• Add an icon to quickly toggle enable/disable status of p1 items

Remove wrong code left from copy/paste

Use array id to delete phase2, it will simplify changes I'm working on and will commit soon

Improvements on IPsec GUI (Ticket #3328):

• Allow to reorder phase1 items
• Allow to remove multiple phase1 items
• Add an icon to quickly toggle enable/disable status of p1 items
• Print P1 header only once and remove space between items
• Fix table border when P2 items are expanded

Remove uneeded variables

Remove unused variables

Fix indent and whitespace

Fix phase2 removal, p2index points to unique ide and not to array index

Do this check now that hash algos can be empty

Use a uniqid() to track phase2 entries to avoid confustion and various mistakes when modifying and editing them.

Fix alignment of + button and P2 display after addition of IKE column to IPsec tunnel list.

Update links in "vpn_ipsec.php"

Update help links in "vpn_ipsec.php" to point to the correct page.

This needs to be lower case

Merge pull request #1139 from ExolonDX/branch_master_02

Allow to select IKE version to be used.

Tidy up "vpn_ipsec" XHTML

Add CDATA section to SCRIPTS
Add SUMMARY to TABLES
Update HTML Boolean operators
Close INPUT and IMG tags and ALT to IMG tags
Move NOWRAP into CLASS statement
Deprecate ampersand in Anchor tags

Move the IPsec settings from System > Advanced, Misc tab to "Advanced Settings" tab under VPN > IPsec.

Remove unused function

replaced uppercase html tags with lowercase
js files saved as UTF-8 / LF
language="JavaScript" deprecated, replaced with type="text/javascript"

xhtml Compliance
replaced <br>, <br/> and </br> with <br />

Remove not needed anymore function

First swing at converting from racoon to StrongSWAN.
It allows to use existing configurations on xml to generate StrongSWAN configurations.
So its only IKEv1

• Missing support for dynamic ips(hostnames)
  - resolver plugin of StrongSWAN needs to be configured in strongswan.conf...

Change test after IPsec apply to check for any value >= 0. If a user has hostnames vpn_ipsec_configure() now returns the number of hostnames, so the previous test failed and the "apply changes" button would never go away.

Delete SPDs when an IPSec tunnel is deleted.

- Add new function to delete SPDs (see 'remove_tunnel_spd_policy($phase1,$phase2)' on vpn.inc)
- Change vpn_ipsec.php to delete SPDs on phase 2 and phase 1.
- Change the method GET to delete phase 2 (needs to inform which is the phase 1)...

Standardize hypenation and capitalization of Pre-Shared Key

Activate new shortcuts/status in the rest of the areas that are currently setup.

Add Gateway Group support to the IPsec interface drop down.
Edit of gateway group correctly reflects the new IP Address.
We need to make a blacklist for interface names in the gateway group edit page.
Redmine ticket #1965

Merge remote branch 'upstream/master'

Conflicts:
etc/inc/openvpn.inc

Allow duplicating an IPsec phase 2. The code was already on vpn_ipsec_phase2.php but unlinked.

Merge remote branch 'upstream/master'

Add a toggle under System > Advanced on the misc tab to enable/disable debug mode for racoon.

Show the proper Phase entry for the IPv6 tunnels

Add IPSec 'ipalias' VIP support. Ticket #1041

Fix text for the P1 table header.

Remove unused variable.

Reorder this, otherwise the function doesn't pick up on the config change.

Implement gettext() calls on vpn_ipsec.php

Ticket #655. Call vpn_ipsec_configured in all cases it knows how to handle enabled/disabled ipsec setting.

Remove Logs tab from OpenVPN, as it is no longer needed.

Add status/log icons to IPsec pages.

Add PSK tab to all IPsec pages, it was missing from some.

Show p2 items correctly (add missing td's)

Remove some sort of extra space/break in ipsec screen. Ticket #211

Remove ph2 add button. It is shown when needed

Pass ph1ent

Make g a global and pass ph1ent

Replace dollarsigndollarsign with dollarsign

fix typos

Require filter.inc and shaper.inc

Rework includes/require. This saves about 4 megabytes.
Simplify get_memory(). Tested on mips/i386

add links to IPsec logs under IPsec status and other pages

Kill racoon when disabling IPSEC. Restart it if re-enabled.

• Convert carp/vips code to behave the same as other interfaces.
• Make optimizations around it.
• Make sure when we reload teh underlying interface we reload carp too.
• Some fixes around the code.

Reviewed-by: scott@ and billm@

Nuke sorting it apparently changed the ID association

WIP: IPSec changes

WIP: fixing IPSec screens/config

Sort items

Include functions.inc which will then include ipsec.inc

Unbreak ipsec!

Fix incorrect double click edit link for phase2 records.
The link referred the phase2 edit page with the phase1 id which was incorrect

• Reorganize the 'apply' button infrustructure in the GUI.
  - Present three new functions is/mark/clear_subsystem_dirty('name_of_subsystem'). This makes easier to create such things without needing to introduce new globals.
  - Convert all pages to the new infrustructure...

Remove some unneccessary calls to filter_configure() they just give recursivity!

• Create two new functions lock($subsystem)/unlock() to have more reliable locking using semaphores.
  This function can sleep till the resource is free and can help find not well behaving code.
• Remove most of the config_lock/config_unlock logics on the whole scripts/pages it is an abuse of this....

• Do not apply the settings directly from hitting the SAVE button show the apply settings option for consistency with other pages.

Modify IPsec code to allow for transport mode. All existing configurations are
marked as tunnel for backwards compatibility. There are problems with the spd
read code which Will likely choke on transport entries. We can fix this later.

Move the IPsec pinghost option from phase1 to phase2. Correct some
bugs that were preventing the local address from being selected.

Migrate IPsec certificate management to centralized system.

Make sure the field names and description match up

Add initial support for granular IPsec SPD changes.

Make table headers reflect reality

Show header even when no records exists so the lonely + sign doe snot look
strange. This makes this page more consistent with all other pages when
no configuration records exist.

Use listbg

Fix a few minor problems with the IPsec configuration interface. Make sure
we don't copy the ikeid when duplicating a phase1 entry. Simplify the code
that deletes all associated phase2 entries when a phase1 is deleted. I was
and still am learning the finer points of php.

Correct all double click action urls in the main IPsec config screens.
Reported by Seth.

Leave $j alone

Show correct count of phase2 entries.

Show how many phase 2 entries are hidden.

Suggested-by: mgrooms

Use additional tables to improve the formatting of several IPsec checkbox
configuration options.

Minor nitpick, change - to +

Allow wrapping of phase entries.

Rename button to , we already show " Show Phase 2" behind it.

Style boxen better.

Add a Phase2 button and hide the phase 2 settings by default. Clicking the
button will unhide the phase2 block similar to our "Advacned" buttons on
various screens.

Begin reformatting IPSEC screen. Give a bit more padding, shift
over a little and turn bacgkround to grey instead of red.

Disallow the copy option for mobile phase1 entries. There can be only one.

Rewrite the pfsense privilege system with the following goals in mind ...

1) Redefine page privileges to not use static urls
2) Accurate generation of privilege definitions from source
3) Merging the user and group privileges into a single set
4) Allow any privilege to be added to users or groups w/ inheritance...

Introduce a new and improved version of IPsec mobile client support. The
mobile client tab is now used to configure user authentication (Xauth) and
client configuration (mode-cfg) options. User authentication is currently
limited to system password file entries. This will be extended to support...

Overhaul IPsec related code. Shared functions have been consolidated into
a new file named /etc/ipsec.inc. Tunnel definitions have been split into
phase1 and phase2. This allows any number of phase2 definitions to be
created for a single phase1 definition. Several facets of configuration...

Continue interface improvements

Remove static route on deletion

touch up text

Ticket #1569

Switch over to array style page titles. Obtained-from: m0n0wall

Fix missing tag.