Improving aesthetics.
Make title color more consistent with other pages.Improving aesthetics.
OpenVPN backend authentication fix key and translation
The array returned by auth_get_authserver_list() has key as the fixed name of each available authentication mode - e.g. "Local Database".The array value ["name"] has the name string translated into the selected GUI language....
Fix lineup of copyright lines
and module names and other bits of formatting and typos in headercomment sections.
Welcome 2015
Change copyright statement to reflect reality
Add a note clarifying the usage of OpenVPN's Auth Digest setting.
fix #3515
Update vpn_openvpn_server.php
removed comments
Default values for verb if it is not set when edit
a bit of refactoring
forgot to sync _server.php with _client.php naming style
patchpack1
-Fix #3401 (Added tun option "Disable IPv6" -Added new options: route-nopull, route-noexec, verb;
remove extra .
Tidy up "vpn_openvpn_server.php" XHTML
Add CDATA section to SCRIPTSAdd SUMMARY to TABLESRemove unordered list for tabsClose INPUT and IMG tags and add ALT to IMGUpdate HTML Boolean operatorsMove TFOOT between THEAD and TBODY (quirk of HTML!)Add dummy row to end of TBODY but don't display it...
replaced uppercase html tags with lowercasejs files saved as UTF-8 / LFlanguage="JavaScript" deprecated, replaced with type="text/javascript"
xhtml Compliancereplaced <br>, <br/> and </br> with <br />
Improve checks for params 'id', 'dup' and other similar ones to make sure they are numeric integer, also, pass them through htmlspecialchars() before print
Change OpenVPN Compression settings to cover the full range of allowed settings on OpenVPN (unset, off, on, adaptive) rather than a simple off/on switch that either doesn't set the value or enables it with adaptive (OpenVPN's default).
Add an Authentication Digest Algorithm drop-down to OpenVPN server/client (SHA1 is the default since that is OpenVPN's default)
Remove call-time pass by reference for do_input_validation, helps ticket #2565
Add option to specify client management port for OpenVPN client export use
See forum http://forum.pfsense.org/index.php/topic,63668.0.html and OpenVPN Manager GitHub discussion https://github.com/jochenwierum/openvpn-manager/issues/17This allows a different client management port to be specified for use by OpenVPN client export when generating a client config for use with OpenVPN manager. Typically a company could have multiple offices with OpenVPN "road-warrior" access. Some users might need to connect to different offices at different times, so they would have multiple OpenVPN client configs installed on their laptop. For this to work with OpenVPN Manager, each client config needs to have a different management channel - only 1 can use the default of "166". The company can chooose a different number in the road-warrior server "client parameters" section at each office. Then the generated client config from each office will have a unique management channel port number.
Fix a couple JS errors/problems with OpenVPN server code.
Permit openvpn to use same port on different interfaces. It should fix #814
Document local remote network lists in OpenVPN GUI
The local and remote network fields can now have lists of CIDRs, so document this in the GUI.
Allow specifying multiple local/remote networks for OpenVPN separated by commas. While I'm here, fix up the IPv6 tunnel/remote/local network input validation. Simplify some code using functions.
Correct reference to OpenVPN connect so it doesn't only refer to iOS.
Add GUI option to use "topology subnet" for OpenVPN, since the OpenVPN Connect iOS client requires it for IPv6
While I'm here, allow selecting "Localhost" as an OpenVPN interface.
Unbreak selecting "any" for OpenVPN client/server interface.
Add input validation to reject invalid combinations of IPv4/IPv6 openvpn protocols and interface/VIPs.
Removing unnecessary gettext function calls
Allow for changing OpenVPN TUN to TAP device mode without reboot.
Revert "Allow for changing OpenVPN TUN to TAP device mode without reboot." -- Adds blank OpenVPN servers, see ticket #2643
This reverts commit c8bb7f1527a99c69784ab6c01d9050adcde6a8a0.
Refine OpenVPN client/server deletion to allow for removing invalid empty entries. Fixes #2643
Update usr/local/www/vpn_openvpn_server.php
Fix javascript of GW redirection adding IPv4 and IPv6 fields
Fixup openvpn shortcut bar status/control
Activate new shortcuts/status in the rest of the areas that are currently setup.
Split references here so they apply correctly
Add forgotten "ipv6 remote network", clean up a couple bits, make sure local network box is hidden for shared key servers.
OpenVPN Server config page - a couple of minor text tidy ups
Check in code that allows for using a gateway group as the interface on the OpenVPN server page. Only allow IPv4 gateway groups for now. We'll need to add IPv6 suppport here later when we import OpenVPN 2.3.Unbreak the gateway group function on broken configurations like a missing 3G stick....
Correct wording "Server Bridge DHCP Start" is shown instead of "Server Bridge DHCP End"
Rework this a little since using tap+tunnel network is valid, but using tap+tunnel network+bridging is not (will not do what the user expects/wants)
Fix up OpenVPN server tap modes, support various options for providing or passing through DHCP. (Work in progress)
Assume a default value of 1 for cert_depth to disallow chaining.
Add GUI option to limit the certificate depth allowed when OpenVPN clients are connecting.
Merge remote branch 'upstream/master'
Conflicts: etc/inc/openvpn.inc
Instead of showing an emtpy drop-down for CA/Cert/CRL, show an error that there are none defined, and link to the page to create one.
Remove the warning message that a user doesn't have any CA/Certs when viewing OpenVPN connections. This is just confusing people, and isn't relevant to people using only shared key tunnels.
Conflicts: etc/inc/vslb.inc etc/version
Misc OpenVPN CRL selection fixes.
Conflicts: etc/inc/pfsense-utils.inc
Allow users to select SSL/TLS+User Auth with external authentication sources.
Add ipv6 tunnel remote subnets
Don't test if a cert is in use here, you could in theory use a cert for a user and a server.
Fix link; use same message for missing certs.
Make the default openvpn cert authority message a bit relaxed and let user know about the wizard option as well
Switch back to dev_mode so existing configs aren't broken by the other changes.
Select the device mode to tun if variable device_mode not exist in the configuration
Added option to select the type of device for use in the tunnel openvpn
Add drop-down to select OpenVPN hardware crypto (finds usable devices from "openssl engine" list) for clients and servers.
Add a checkbox for duplicate-cn on OpenVPN servers.
Fix vip descriptions in openvpn and ipsec screens. Ticket #1042
Disable redirect gateway checkbox when using shared key (you can't push with shared key). Also re-run the code to hide the local network box if the gw redirect is checked when switching server modes, since there is no need to push a specific local network when pushing the default gateway.
Fix XSS issues
Various CRL fixes.
Warn a user when entering the OpenVPN client/server screens that they need a CA/Cert if none exist.
Replace \r from custom options otherwise it breaks config.
Fix formatting
Fix this logic.
Indicate in various places if a certificate is revoked.
Rename 'name' to 'descr' for CA, Certificates, and CRLs, to gain CDATA protection and standardize field names. Ticket #320.
Add GUI checkbox to enable strict username/common name matching for SSL/TLS+User Auth mode. Fixes #887
Allow selecting an OpenVPN Server CRL if we are in an SSL mode.
Properly segment the OpenVPN server list table so it will sort properly.
CA/CERT Move
Require an authentication backend if the user chooses an OpenVPN server mode that needs user auth. Failing to do so can result in a configuration error.
Fix typo
Use
Fix gettext implementation on vpn_openvpn_server.php
Implement gettext() calls on vpn_openvpn_server.php
Fix typo that prevented these two checkboxes from displaying the proper state when editing OpenVPN server settings.
Hide the inter-client comm. option for peer-to-peer openvpn connections.
Remove logs tab from OpenVPN, since it is now replaced by the Log icon.
Add status and log urls to OpenVPN pages.
Hide "Local Network" field when creating/editing an OpenVPN shared key server, because you can't push routes with shared key.
Fix OpenVPN server validation logic. It was failing if you tried to save a shared key server instance with an existing shared key.
add Logs tab
Fix description
Add back Dynamic IP checkbox for OpenVPN Servers.
Revert "Fix finding next OpenVPN port. Protocol should be lowercase." - This was wrong in the wizard, apparently, and not the main page.
This reverts commit a48613a65d8d04dfec2aeefdb37440bdd399cdab.
Fix finding next OpenVPN port. Protocol should be lowercase.
show port and proto
Show wizard tab for openvpn.
Ticket #413. Hanlde cases when no authentication is specified.
Check against proper value. Spotted-by: cmb
Overhaul the user login system to use the Servers tab as its base.
Fix quite a few problems down the way.
Allow openvpn server to authenticate only based on username/password credentials.
Allow the GUI auth API to be used for doing authentication against authentication servers specified. Teach Openvpn to use this API. Allow openvpn to authenticate against multiple servers that can be selected on the server configuration page.