Ticket #655. Call vpn_ipsec_configured in all cases it knows how to handle enabled/disabled ipsec setting.
Remove Logs tab from OpenVPN, as it is no longer needed.
Add status/log icons to IPsec pages.
Add PSK tab to all IPsec pages, it was missing from some.
Show p2 items correctly (add missing td's)
Remove some sort of extra space/break in ipsec screen. Ticket #211
Remove ph2 add button. It is shown when needed
Pass ph1ent
Make g a global and pass ph1ent
Replace dollarsigndollarsign with dollarsign
fix typos
Require filter.inc and shaper.inc
Rework includes/require. This saves about 4 megabytes.Simplify get_memory(). Tested on mips/i386
add links to IPsec logs under IPsec status and other pages
Kill racoon when disabling IPSEC. Restart it if re-enabled.
Reviewed-by: scott@ and billm@
Nuke sorting it apparently changed the ID association
WIP: IPSec changes
WIP: fixing IPSec screens/config
Sort items
Include functions.inc which will then include ipsec.inc
Unbreak ipsec!
Fix incorrect double click edit link for phase2 records.The link referred the phase2 edit page with the phase1 id which was incorrect
Remove some unneccessary calls to filter_configure() they just give recursivity!
Modify IPsec code to allow for transport mode. All existing configurations aremarked as tunnel for backwards compatibility. There are problems with the spdread code which Will likely choke on transport entries. We can fix this later.
Move the IPsec pinghost option from phase1 to phase2. Correct somebugs that were preventing the local address from being selected.
Migrate IPsec certificate management to centralized system.
Make sure the field names and description match up
Add initial support for granular IPsec SPD changes.
Make table headers reflect reality
Show header even when no records exists so the lonely + sign doe snot lookstrange. This makes this page more consistent with all other pages whenno configuration records exist.
Use listbg
Fix a few minor problems with the IPsec configuration interface. Make surewe don't copy the ikeid when duplicating a phase1 entry. Simplify the codethat deletes all associated phase2 entries when a phase1 is deleted. I wasand still am learning the finer points of php.
Correct all double click action urls in the main IPsec config screens.Reported by Seth.
Leave $j alone
Show correct count of phase2 entries.
Show how many phase 2 entries are hidden.
Suggested-by: mgrooms
Use additional tables to improve the formatting of several IPsec checkboxconfiguration options.
Minor nitpick, change - to +
Allow wrapping of phase entries.
Rename button to , we already show " Show Phase 2" behind it.
Style boxen better.
Add a Phase2 button and hide the phase 2 settings by default. Clicking thebutton will unhide the phase2 block similar to our "Advacned" buttons onvarious screens.
Begin reformatting IPSEC screen. Give a bit more padding, shiftover a little and turn bacgkround to grey instead of red.
Disallow the copy option for mobile phase1 entries. There can be only one.
Rewrite the pfsense privilege system with the following goals in mind ...
1) Redefine page privileges to not use static urls2) Accurate generation of privilege definitions from source3) Merging the user and group privileges into a single set4) Allow any privilege to be added to users or groups w/ inheritance...
Introduce a new and improved version of IPsec mobile client support. Themobile client tab is now used to configure user authentication (Xauth) andclient configuration (mode-cfg) options. User authentication is currentlylimited to system password file entries. This will be extended to support...
Overhaul IPsec related code. Shared functions have been consolidated intoa new file named /etc/ipsec.inc. Tunnel definitions have been split intophase1 and phase2. This allows any number of phase2 definitions to becreated for a single phase1 definition. Several facets of configuration...
Continue interface improvements
Remove static route on deletion
touch up text
Ticket #1569
Switch over to array style page titles. Obtained-from: m0n0wall
Fix missing tag.
Do not show Apply button if IPSEC is disabled.
Ticket #1467
Revert previous commits now that IPSEC is reloading correctly.
Call vpn_ipsec_force_reload() when user clicks "Save"
add closing tr tag
Add missing closing td tag.
Add a plus button on the top header of these pages.This to make it easier on large configurations.
Remove IP Compression box. A lot of further refactoring is going to be required to make this work and we do not have enough time to do so before 1.2 beta.
Both -HEAD and -RELENG_1 have had a hidden feature to allow IPSEC compression. Add a checkbox to the screen to allow this hidden value to be toggled.
Show CARP IP in brackets () instead of a - which could be confusing
RIP confusing Failover IPSEC tab. We now allow CARP interfaces per VPN
Unbreak IPSEC editing
Allow CARP addresses to be the IPSEC endpoint.
This cleans up the code GREATLY and removes the FAILOVER IPSEC hack.
Call filter_configure() instead of /etc/rc.filter_configure from shell (extra exec call)
Remove #!/usr/local/bin/php
Sync filter after deleting a tunnel
MFC 6957Specify 'id' to the edit screen!
Allow for doubleclick editing
some crosslinking to "fly" from corrosponding setting to logs, diags and back
updating files to use theme imagesremoving images from /usr/local/wwwadding specific images into the correct theme directories
Move failver vpn settings to ipsec area in a tab
Suggested-by: hoba
After applying the settings, reload the filter in the background to trigger sync operations, etc.
Last of the bottom round fixesTurn top rounding back on now that those are all fixed
Use $pgtitle
Consolidate Apply changes button into the info box on the right hand side
include head.inc and round corners on tabs
Set page title
Use white found color
Don't use an array for page titles.
Switch back to pfSense style
Add back header
Import m0n0wall ipsec cert code
doubleclick to edit
icon placement
Add $Id$ tag
unused wan variable
Backout this commit until I can further control the outgoing ip.
Racoon interface listen selection
Add IPCOMP (IP Compression) support to IPSEC VPN's
Add Copyright to each file that we have touched so far and re attribute the file to Manuel Kasper such as:
Copyright (C) 2004 Scott Ullrich All rights reserved.
originally part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>....
Prefer older IPSEC SA's option.
add support for net.key.preferred_oldsa and add a checkbox on IPSec screen
Convert description font color to white
Initial revision