lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-18 02:25:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,524 Commits 1 Branch 0 Tags
Commit Graph

482 Commits

Author SHA1 Message Date
Mark Plomer
acdf14e636 implemented wildcard includes for ipsec/strongswan 2019-03-11 10:09:03 +01:00
Ad Schellevis
2c2eca7e2f OpenVPN server, support static-challenge formatted password, closes https://github.com/opnsense/core/issues/3290 2019-03-06 10:20:02 +01:00
Ad Schellevis
139ef623dc IPSec / routed (VTI), fix previous, https://github.com/opnsense/core/issues/2332 2019-03-05 15:59:17 +01:00
Ad Schellevis
77743cfc09 IPSec / routed (VTI), create virtual terminal interfaces for https://github.com/opnsense/core/issues/2332 
- ipsec_configure_vti() synchronizes local configuration with current ipsec% interfaces
- ipsec_interfaces() automatically adds these interfaces to the interfaces list, so the user can add a gateway and routes
 2019-03-05 15:27:54 +01:00
Ad Schellevis
858f68d7b9 IPsec, while working on https://github.com/opnsense/core/issues/2332 found some weirdness around ipsec_get_phase1_src() 
both get_interface_ipv6() and get_interface_ip() call get_failover_interface() which obscures the used parameters a lot (wan,lan,opt1 vs emX,emY,igbX)
 2019-03-05 11:38:42 +01:00
Ad Schellevis
d9dbcaf052 IPSec / routed (VTI). add tunnel settings to phase2, https://github.com/opnsense/core/issues/2332 2019-03-04 19:41:44 +01:00
Ad Schellevis
a045d3e9f6 IPSec / routed (VTI), when auto_routes_disable is set, set auto = start in stead of route, for https://github.com/opnsense/core/issues/2332 2019-03-04 16:10:09 +01:00
Ad Schellevis
4c3d069ca4 IPSec / routed (VTI), make sure all connections use predefined reqid, for https://github.com/opnsense/core/issues/2332 
it would be good to refactor this code at some point, maybe wrap some of its logic in a class.
There's just too much logic in ipsec_configure_do at the moment
 2019-03-04 15:43:08 +01:00
Ad Schellevis
9ccabe68a6 IPsec / routed (VTI), make installpolicy optional, for https://github.com/opnsense/core/issues/2332 2019-03-04 14:10:05 +01:00
Franco Fichtner
80feeafa46 unbound: remove debug output #3260 2019-03-04 07:29:32 +01:00
Franco Fichtner
0242bac1f9 src: style sweep 2019-03-01 19:02:32 +01:00
Franco Fichtner
81438578db unbound: add alias support for #3260 
Break the rules of the Dnsmasq implementation while at it:

An alias can consist of a host and/or domain and/or description.
At least a host name or a domain need to be set, the rest will be
taken from the original entry.

Missing GUI parts in the override section...
 2019-03-01 08:55:50 +01:00
Ad Schellevis
21f1580348 IPsec, switch to PAM, closes https://github.com/opnsense/core/issues/3265 2019-02-28 15:32:03 +01:00
Ad Schellevis
02fd4f4c7f Web proxy, switch to PAM, closes https://github.com/opnsense/core/issues/3261 2019-02-28 09:57:54 +01:00
Franco Fichtner
63ed46dcea system: small cleanups in session file handling 2019-02-25 07:06:05 +01:00
Franco Fichtner
96683647f5 openvpn: try to "solve" get_failover_interface() issues 
This seems to be a cosmetic cleanup.  get_failover_interface()
is used incorrectly but then merely seems to be used to look
up IPv4 connectivity to make a "smart" decision about resync
duties.

A few annoying and disabled line removals while here.
 2019-02-25 05:42:21 +01:00
Franco Fichtner
6a4fa40e72 interfaces: small audit of get_failover_interface() 2019-02-24 20:58:36 +01:00
Ad Schellevis
a22e5a7690 php session, fix previous 2019-02-18 14:46:47 +01:00
Ad Schellevis
426b0e1ea6 Revert "php session path, 3eba9a739e" 
This reverts commit 545f29a7d2a883696f4923286bbb21dd9e5618d6.
 2019-02-18 14:43:42 +01:00
Ad Schellevis
545f29a7d2 php session path, 3eba9a739e 2019-02-18 14:03:55 +01:00
Ad Schellevis
3eba9a739e php, move session files into it's own directory 2019-02-17 18:37:51 +01:00
Franco Fichtner
156d6f7287 openvpn: daemon is already in the config #3223 2019-02-14 18:58:59 +01:00
Franco Fichtner
c217bee6f2 openvpn: proper daemonize instead of background job #3223 2019-02-14 18:37:36 +01:00
Franco Fichtner
f10b710a58 openvpn: remove stale PID file as well 
PR: https://github.com/opnsense/core/issues/3223
Suggested by: @marjohn56
 2019-02-14 18:22:18 +01:00
Franco Fichtner
5bc3ed8ccf src: style sweep 2019-02-14 18:08:59 +01:00
Ad Schellevis
67f4948670 OpenVPN, extract ca chain for https://github.com/opnsense/core/issues/1487 2019-02-13 11:19:13 +01:00
Franco Fichtner
e4393e0dec openssh: no hay /var/log/lastlog 2019-02-06 16:20:45 +01:00
Ad Schellevis
8f45e0d862 ipsec, nat before ipsec. if peer identifier isn't an address, spdadd can't add a tunnel. switch to remote-gateway if that is a valid ip address. 
It's not a complete fix, for https://github.com/opnsense/core/issues/1773 but improves error logging and adds functionality when peer identifier is currently broken.
 2019-02-05 11:23:14 +01:00
Ad Schellevis
f201d02b6c missed a spot in previous 2019-01-16 13:36:23 +01:00
Ad Schellevis
ac99876358 IPsec, add interface when phase1 is enabled, simplify logic. (from irc) 2019-01-16 13:21:54 +01:00
Max Weller
8464cfc31e Generate correct config for "Hybrid-RSA + XAuth" IPSec (#3117) 2019-01-10 14:44:17 +00:00
Franco Fichtner
53024b5c15 unbound: prefer-ip6 is defaulting to 'no' for unbound 
which makes this precaution a complication as unbound disables
IPv6 responses with it as well and we shouldn't set prefer-ip6
to 'yes' to avoid further breakage.

PR: https://forum.opnsense.org/index.php?topic=10810.0
 2019-01-06 20:48:17 +01:00
Michael Steenbeek
2c61e068a2 Small fixes (#3096) 2019-01-04 09:26:16 +01:00
Franco Fichtner
fada24d7c3 unbound: don't stop unbound_dhcpd twice, small refactor 
Also see: https://www.reddit.com/r/OPNsenseFirewall/comments/aac7xj/does_this_pfsense_dns_bug_with_dhcp_and_multiple/
 2019-01-04 07:43:50 +01:00
Franco Fichtner
0c751d732a unbound: calculation is still suboptimal #3092 
On the far side of the interval up to the next power of two
the lock contention increases drastically, meaning 31 threads
will only get 32 slabs etc.
 2019-01-03 13:06:48 +00:00
Franco Fichtner
c6de22b584 unbound: optimize optimization calculation #3092 2019-01-03 13:52:08 +01:00
Franco Fichtner
2bcc8f8a91 unbound: whitespace nit 2018-12-29 10:41:47 +01:00
Franco Fichtner
2c83768395 unbound: small error in previous #3051 2018-12-29 10:36:26 +01:00
Franco Fichtner
6cbae54033 unbound: since we support OpenVPN officially now... 
fix the subnet of the tunnel network given via OpenVPN.

PR: https://github.com/opnsense/core/issues/3051
 2018-12-29 10:32:45 +01:00
Franco Fichtner
333dc0fce8 unbound: exclude OpenVPN from IP registration for #2828 2018-12-28 17:46:16 +01:00
Michael Steenbeek
d27cc83642 Change foreach loops that don't use values to use array_keys() 2018-12-18 14:37:11 +01:00
Franco Fichtner
60f9ffea93 openvpn: make remote network optional 
PR: https://twitter.com/simonszu/status/1074927719006306304
 2018-12-18 12:30:41 +01:00
Franco Fichtner
d9f7574147 ipsec: mark descriptions "$unused" where appropriate 2018-12-16 21:17:43 +01:00
Michael Steenbeek
b36c30825c Clean up IPsec log levels 2018-12-12 15:23:21 +01:00
Franco Fichtner
0023784905 ipsec: avoid if return, else return 2018-12-08 16:20:46 +01:00
Franco Fichtner
3d8fd0088a unbound: restart if already down for #2894 2018-12-08 11:07:35 +01:00
Franco Fichtner
f72797d269 unbound: cleanup 2018-12-07 17:36:04 +01:00
Franco Fichtner
5cf8b4f2e2 unbound: probable fix for #3020 2018-12-07 12:29:58 +00:00
Michael Steenbeek
aed23a9ecb Clean up ipsec_convert_to_modp() 2018-12-05 16:14:22 +01:00
Franco Fichtner
536543be11 ipsec: already changed vs. stable/18.7, might as well do this 2018-12-05 08:25:42 +01:00