Allow HASH algorithms to be empty for phase2 in case the encryption one is AES-GCM
Use a uniqid() to track phase2 entries to avoid confustion and various mistakes when modifying and editing them.
This is not true any longer (and required for L2TP+IPsec)
Tidy up "vpn_ipsec_phase2.php" XHTML
Move script after the FBEGIN.INC includeAdd CDATA sections to SCRIPTSAdd SUMMARY to TABLESClose INPUT tagsUpdate HTML Boolean operators
Check the right field here
Move the IPsec settings from System > Advanced, Misc tab to "Advanced Settings" tab under VPN > IPsec.
replaced uppercase html tags with lowercasejs files saved as UTF-8 / LFlanguage="JavaScript" deprecated, replaced with type="text/javascript"
xhtml Compliancereplaced <br>, <br/> and </br> with <br />
Improve checks for params 'id', 'dup' and other similar ones to make sure they are numeric integer, also, pass them through htmlspecialchars() before print
First swing at converting from racoon to StrongSWAN.It allows to use existing configurations on xml to generate StrongSWAN configurations.So its only IKEv1
Remove call-time pass by reference for do_input_validation, helps ticket #2565
touch up text, s/nat/NAT/
Remove invallid option 'none' for IPSec Phase 2. Fixes #2816
Properly generate all address data based on configuration selected
Make IPv4/IPv6 validation on IPSec
It should fix #2769
Don't allow transport mode to be selected for mobile clients. Fixes #2713
Commit a revised version of https://github.com/bsdperimeter/pfsense/pull/264.diff
Standardize hypenation and capitalization of Pre-Shared Key
Throw an error when invalid configuration is posted(address->network).
Check against _address since that is the field inputed _type is always there.
Properly set address type selection
Do not make natlocalid required
This field isn't required, so only check it if there is a value
Add a NAT entry for configuring NAT on ipsec phase2. It will add nat rules on enc interface
Activate new shortcuts/status in the rest of the areas that are currently setup.
Activate more Hash, DH, and PFS options that are available in racoon now. Note that SHA256-512 are RFC4868 compliant in FreeBSD, may break with other incompatible stacks.
Ticket #2455: do not check encryption algo for AH protocol
restore default dropdown values of 24/64 bits
now that feature #2320 behavor is a bit different regarding change ofexisting set value when switching between ipv4 and ipv6
add feature #2320 to vpn_ipsec_phase2.php.
note: had to disable existing behavior that modified the value of thebehavior.
existing behavior that disables/enables the dropdowns is still active.
Reject an interface without a subnet as a network source in the IPsec Phase 2 GUI. Fixes ticket #2201
Merge remote branch 'upstream/master'
Conflicts: etc/inc/openvpn.inc
Bug #1560.IPsec GUI needs to reject duplicate subnets in phase 2s for a given phase 1 (fixing p2 edit)
Bug #1560.IPsec GUI needs to reject duplicate subnets in phase 2s for a given phase 1 (improvement of previous patch)
Conflicts: conf.default/config.xml etc/inc/filter.inc etc/inc/globals.inc etc/inc/pfsense-utils.inc etc/inc/upgrade_config.inc usr/local/www/interfaces.php
Bug #1560. IPsec GUI needs to reject duplicate subnets in phase 2s for a given phase 1(site-to-site).
Bug #1560. IPsec GUI needs to reject duplicate subnets in phase 2s for a given phase 1(mobile clients).
enlarge various address fields for IPv6 addresses
Add the ability to differentiate between v4 and v6 tunnels. Bill says he can test
Make sure to resolve the gateway name before passing it off to the IPsec reload function
Add other interfaces to local network selection and show proper names. Fixes #965
Fix XSS issues
Do not include 'remoteid' javascript functions for mobile ipsec. Ticket #797
Corrections gettext() calls on vpn_ipsec_phase2.php
Implement gettext() calls on vpn_ipsec_phase2.php
Remove Logs tab from OpenVPN, as it is no longer needed.
Add status/log icons to IPsec pages.
Add PSK tab to all IPsec pages, it was missing from some.
Ticket #430. Give a none option to allow for roadwarriors configs.
When editing a P2: reset netmask to 24 only when it is not specified, in case of a new P2. Ticket #352
Ticket #352. Allow 0 mask in remote network bits.
fix text
Rework includes/require. This saves about 4 megabytes.Simplify get_memory(). Tested on mips/i386
add links to IPsec logs under IPsec status and other pages
Include functions.inc which will then include ipsec.inc
Fix interface list usage
WARN: Please ask before introducing old code on what have changed!
Modify IPsec code to allow for transport mode. All existing configurations aremarked as tunnel for backwards compatibility. There are problems with the spdread code which Will likely choke on transport entries. We can fix this later.
Move the IPsec pinghost option from phase1 to phase2. Correct somebugs that were preventing the local address from being selected.
Reload phase2 tunnel items when adding, remoing or editing a phase 2 entry.
Migrate IPsec certificate management to centralized system.
Cleanup ipsec interfaces a bit and make sure they are displayed in tabs for consistency.
Rewrite the pfsense privilege system with the following goals in mind ...
1) Redefine page privileges to not use static urls2) Accurate generation of privilege definitions from source3) Merging the user and group privileges into a single set4) Allow any privilege to be added to users or groups w/ inheritance...
Fix a few bugs in the IPsec pages HTML output that were causing problemswith IE.
Introduce a new and improved version of IPsec mobile client support. Themobile client tab is now used to configure user authentication (Xauth) andclient configuration (mode-cfg) options. User authentication is currentlylimited to system password file entries. This will be extended to support...
Overhaul IPsec related code. Shared functions have been consolidated intoa new file named /etc/ipsec.inc. Tunnel definitions have been split intophase1 and phase2. This allows any number of phase2 definitions to becreated for a single phase1 definition. Several facets of configuration...