pfSense

Ticket #655. Call vpn_ipsec_configured in all cases it knows how to handle enabled/disabled ipsec setting.

Remove Logs tab from OpenVPN, as it is no longer needed.

Add status/log icons to IPsec pages.

Add PSK tab to all IPsec pages, it was missing from some.

Show p2 items correctly (add missing td's)

Remove some sort of extra space/break in ipsec screen. Ticket #211

Remove ph2 add button. It is shown when needed

Pass ph1ent

Make g a global and pass ph1ent

Replace dollarsigndollarsign with dollarsign

fix typos

Require filter.inc and shaper.inc

Rework includes/require. This saves about 4 megabytes.
Simplify get_memory(). Tested on mips/i386

add links to IPsec logs under IPsec status and other pages

Kill racoon when disabling IPSEC. Restart it if re-enabled.

• Convert carp/vips code to behave the same as other interfaces.
• Make optimizations around it.
• Make sure when we reload teh underlying interface we reload carp too.
• Some fixes around the code.

Reviewed-by: scott@ and billm@

Nuke sorting it apparently changed the ID association

WIP: IPSec changes

WIP: fixing IPSec screens/config

Sort items

Include functions.inc which will then include ipsec.inc

Unbreak ipsec!

Fix incorrect double click edit link for phase2 records.
The link referred the phase2 edit page with the phase1 id which was incorrect

• Reorganize the 'apply' button infrustructure in the GUI.
  - Present three new functions is/mark/clear_subsystem_dirty('name_of_subsystem'). This makes easier to create such things without needing to introduce new globals.
  - Convert all pages to the new infrustructure...

Remove some unneccessary calls to filter_configure() they just give recursivity!

• Create two new functions lock($subsystem)/unlock() to have more reliable locking using semaphores.
  This function can sleep till the resource is free and can help find not well behaving code.
• Remove most of the config_lock/config_unlock logics on the whole scripts/pages it is an abuse of this....

• Do not apply the settings directly from hitting the SAVE button show the apply settings option for consistency with other pages.

Modify IPsec code to allow for transport mode. All existing configurations are
marked as tunnel for backwards compatibility. There are problems with the spd
read code which Will likely choke on transport entries. We can fix this later.

Move the IPsec pinghost option from phase1 to phase2. Correct some
bugs that were preventing the local address from being selected.

Migrate IPsec certificate management to centralized system.

Make sure the field names and description match up

Add initial support for granular IPsec SPD changes.

Make table headers reflect reality

Show header even when no records exists so the lonely + sign doe snot look
strange. This makes this page more consistent with all other pages when
no configuration records exist.

Use listbg

Fix a few minor problems with the IPsec configuration interface. Make sure
we don't copy the ikeid when duplicating a phase1 entry. Simplify the code
that deletes all associated phase2 entries when a phase1 is deleted. I was
and still am learning the finer points of php.

Correct all double click action urls in the main IPsec config screens.
Reported by Seth.

Leave $j alone

Show correct count of phase2 entries.

Show how many phase 2 entries are hidden.

Suggested-by: mgrooms

Use additional tables to improve the formatting of several IPsec checkbox
configuration options.

Minor nitpick, change - to +

Allow wrapping of phase entries.

Rename button to , we already show " Show Phase 2" behind it.

Style boxen better.

Add a Phase2 button and hide the phase 2 settings by default. Clicking the
button will unhide the phase2 block similar to our "Advacned" buttons on
various screens.

Begin reformatting IPSEC screen. Give a bit more padding, shift
over a little and turn bacgkround to grey instead of red.

Disallow the copy option for mobile phase1 entries. There can be only one.

Rewrite the pfsense privilege system with the following goals in mind ...

1) Redefine page privileges to not use static urls
2) Accurate generation of privilege definitions from source
3) Merging the user and group privileges into a single set
4) Allow any privilege to be added to users or groups w/ inheritance...

Introduce a new and improved version of IPsec mobile client support. The
mobile client tab is now used to configure user authentication (Xauth) and
client configuration (mode-cfg) options. User authentication is currently
limited to system password file entries. This will be extended to support...

Overhaul IPsec related code. Shared functions have been consolidated into
a new file named /etc/ipsec.inc. Tunnel definitions have been split into
phase1 and phase2. This allows any number of phase2 definitions to be
created for a single phase1 definition. Several facets of configuration...

Continue interface improvements

Remove static route on deletion

touch up text

Ticket #1569

Switch over to array style page titles. Obtained-from: m0n0wall

Fix missing tag.

Do not show Apply button if IPSEC is disabled.

Ticket #1467

Revert previous commits now that IPSEC is reloading correctly.

Call vpn_ipsec_force_reload() when user clicks "Save"

add closing tr tag

Add missing closing td tag.

Add a plus button on the top header of these pages.
This to make it easier on large configurations.

Remove IP Compression box. A lot of further refactoring is going to be required to make this work and we do not have enough time to do so before 1.2 beta.

Both -HEAD and -RELENG_1 have had a hidden feature to allow IPSEC compression. Add a checkbox to the screen to allow this hidden value to be toggled.

Show CARP IP in brackets () instead of a - which could be confusing

RIP confusing Failover IPSEC tab. We now allow CARP interfaces per VPN

Unbreak IPSEC editing

Allow CARP addresses to be the IPSEC endpoint.

This cleans up the code GREATLY and removes the FAILOVER IPSEC hack.

Call filter_configure() instead of /etc/rc.filter_configure from shell (extra exec call)

Remove #!/usr/local/bin/php

Sync filter after deleting a tunnel

MFC 6957
Specify 'id' to the edit screen!

Allow for doubleclick editing

some crosslinking to "fly" from corrosponding setting to logs, diags and back

• Drop kick reboots bye bye

updating files to use theme images
removing images from /usr/local/www
adding specific images into the correct theme directories

Move failver vpn settings to ipsec area in a tab

Suggested-by: hoba

After applying the settings, reload the filter in the background to trigger sync operations, etc.

Last of the bottom round fixes
Turn top rounding back on now that those are all fixed

Use $pgtitle

Consolidate Apply changes button into the info box on the right hand side

• Fix diagnostics logging tab menus
• Curve bottom of grey areas if needed
• Curve tabs
• Cleanup

include head.inc and round corners on tabs

Set page title

Use white found color

Don't use an array for page titles.

Switch back to pfSense style

Add back header

Import m0n0wall ipsec cert code

doubleclick to edit

icon placement

Add $Id$ tag

unused wan variable

Backout this commit until I can further control the outgoing ip.

Racoon interface listen selection

Add IPCOMP (IP Compression) support to IPSEC VPN's

Add Copyright to each file that we have touched so far and re attribute the file to Manuel Kasper such as:

Copyright (C) 2004 Scott Ullrich
        All rights reserved.

originally part of m0n0wall (http://m0n0.ch/wall)
        Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>....

Prefer older IPSEC SA's option.

add support for net.key.preferred_oldsa and add a checkbox on IPSec screen

Convert description font color to white

Initial revision