webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 19:55:52 +02:00
Code Issues Packages Projects Releases Wiki Activity
9,110 Commits 2 Branches 1 Tag
086eb9b58233ec19e555a9ded97d00a863fef404
Commit Graph

94 Commits

Author SHA1 Message Date
Michael Tremer
2c531c2132 vpnmain.cgi: Fix ECP regex again for Brainpool curves 
The regular expression did not take into account that
there could be characters like "bp" in case of the Brainpool
curves (ecp512bp).
 2015-05-01 16:57:13 +02:00
Michael Tremer
3bcb59ab21 vpnmain.cgi: Fix prefix for elliptic curve algorithms 2015-04-28 13:22:00 +02:00
Jochen Kauz
a24062d12b vpnmain.cgi: dpd_delay/dpd_timeout wrong entry in ipsec.conf 
Fixes #10636
 2015-04-28 11:30:05 +02:00
Michael Tremer
a4d24f9052 vpnmain.cgi: Order ciphers by strength 
strongSwan uses them in the defined order. Hence it makes
much more sense to present them to the user as well in that
order.
 2015-04-22 14:45:10 +02:00
Michael Tremer
78039c1585 vpnmain.cgi: Use integrity functions as PRF for AEAD 2015-04-22 14:44:16 +02:00
Michael Tremer
e8b3bb0edc vpnmain.cgi: Rewrite algorithm generation code 2015-04-22 14:08:41 +02:00
Michael Tremer
a47376207f ipsec: Always enable support for IKE fragmentation 2015-04-21 19:36:40 +02:00
Wolfgang Apolinarski
ab2d15486b Added clientAuth to EKU of client certificate. Fixed the comment. 2015-04-18 23:32:14 +02:00
Wolfgang Apolinarski
3847730c17 Applied patches for not using md5. Additionally, the root CA is no 4096 bits, host/clients are 2048 bits (both RSA). Openssl is now choosing the random seed automatically, removed the '-rand' parameter. 2015-03-17 20:42:41 +01:00
Michael Tremer
dfea4f86c2 strongswan: Allow using AES-GCM in various configurations 2015-03-11 18:13:25 +01:00
Michael Tremer
274ebe1d9d Merge remote-tracking branch 'origin/master' into next 
Conflicts:
	config/rootfiles/packages/clamav
	lfs/clamav
 2015-03-04 23:58:47 +01:00
Christoph Anderegg
165b25b2dc vpnmain.cgi: Added inclusion of ipsec.user-post.conf to the end of ipsec.conf in order to allow connection parameters to be overwritten in ipsec.user.conf. 2015-03-03 11:16:47 +01:00
Michael Tremer
f57a228c4b ipsec: Allow IKE lifetime of up to 24 hours 
Requested in #10722

The recommended time has not been changed, but it is often
stated that 24 hours is a common lifetime for IKE.
 2015-01-19 17:04:37 +01:00
Michael Tremer
7e7788ea0b Merge remote-tracking branch 'amarx/BETA3' into next 2014-03-13 15:32:00 +01:00
Alexander Marx
03b08c08f0 VPN Checksubnets: Buttons are now Language Strings 2014-03-13 15:27:01 +01:00
Alexander Marx
4d81e0f381 VPN Checksubnets: Now the remote subnets (OpenVPN/IPSec) are checked. If they are defined elsewhere, there's a warningmessage displayed 2014-03-13 15:09:01 +01:00
Alexander Marx
c6df357fd4 Firewall: When delting an OpenVPN or IPSec connection, the rules are only colored yellow and the firewallrules are reloaded automatically 2014-03-13 14:51:28 +01:00
Alexander Marx
b3c53248d9 Firewall: When delting an OpenVPN or IPSec connection, the rules are only colored yellow and the firewallrules are reloaded automatically 2014-03-13 13:53:39 +01:00
Michael Tremer
cbb88df154 vpnmain.cgi: Remove left-over </td> tag. 2014-03-10 16:11:50 +01:00
Alexander Marx
7d44bfeef1 changes pagetitle in vpnmain.cgi 2014-01-11 12:15:11 +01:00
Alexander Marx
0afd84931e Layout changes vpnmain.cgi 2014-01-09 14:59:10 +01:00
Alexander Marx
e9850821d4 fifteen-theme: made vpnmain.cgi tables themeable 2014-01-08 15:05:42 +01:00
Stefan Schantl
e602416f94 Fix inpossible download of hostcert on french language. 
The french tranlsation string for download host certificate contains a single quote
character which breaks the used HTML code. As a result of this it wasn't possibe to
download the host certificate via the WUI with selected french language.

Fixes #10405.
 2014-01-07 21:13:56 +01:00
Michael Tremer
d2d87f2ca0 IPsec: Make connection configuration more pleasant for the eye. 2014-01-07 17:50:44 +01:00
Michael Tremer
4ad0b5b680 IPsec: Move IKE protocol option to advanced settings page. 2014-01-07 17:08:35 +01:00
Michael Tremer
afd5d8f76e IPsec: Allow to disable DPD. 2014-01-07 17:00:30 +01:00
Michael Tremer
cbb3a8f91e IPsec: Fix and enhance DPD configuration. 
Also the action option has now moved to the advanced settings
page and the design has been improved.
 2014-01-07 01:37:00 +01:00
Alexander Marx
4e156911cc IPsec: Add DPD configuration options to advanced settings. 2014-01-07 00:38:36 +01:00
Michael Tremer
63e3da5935 vpnmain.cgi: Re-design algorithm selection. 2014-01-05 02:19:06 +01:00
Michael Tremer
22fc183e08 IPsec: Add MODP-2048 subgroups. 2014-01-05 01:34:40 +01:00
Michael Tremer
651d442ecf IPsec: Add Brainpool elliptic curves. 2014-01-05 01:27:53 +01:00
Michael Tremer
d72a820484 IPsec: Add Camellia cipher for IKE and ESP. 2014-01-05 01:11:10 +01:00
Michael Tremer
095cbf430f Multiple CGI files: Check if BLUE or ORANGE are actually configured. 2013-09-07 16:40:59 +02:00
Alexander Marx
eff2dbf833 Forward Firewall: changed sort-order to Sort::Naturally. This Perl Module will be available since core 68. 2013-08-09 14:13:11 +02:00
Michael Tremer
aea35c5aca vpnmain.cgi: Use MODP groups with smaller key lengths by default. 
https://bugzilla.ipfire.org/show_bug.cgi?id=10396
 2013-07-25 16:46:54 +02:00
Michael Tremer
26dfc86a7b ipsec: Add ECP cryptography. 
Allow selecting ECDH for IPsec VPN connections.
 2013-07-20 18:46:32 +02:00
Michael Tremer
cfa7eab02f Revert "ipsec: Shut up strongswan logging." 
This reverts commit 43f4c938c1.

Conflicts:
	config/rootfiles/oldcore/66/update.sh
 2013-05-11 11:42:52 +02:00
Michael Tremer
0cf124ab69 ipsec: Set IKE/IPsec lifetime to strongswan defaults. 
As suggested by Tom Rymes:
https://bugzilla.ipfire.org/show_bug.cgi?id=10346
 2013-04-08 14:51:58 +02:00
Arne Fitzenreiter
4a29f8541b vpnmain: disabled address check. 
this temporary fixes bug #10294 until the check was fixed to check the
complete source and dest net.
 2013-02-02 09:40:15 +01:00
Michael Tremer
60cc2e54a7 vpnmain.cgi: Fix selection of AES-192 as ESP cipher. 2013-01-15 15:57:29 +01:00
Michael Tremer
b2531cb080 vpnmain.cgi: Allow to use PSK if public IP is '%defaultroute'. 
Openswan did not support to use PSKs on net-to-net connections,
when the public IP of the IPFire box was "%defaultroute".
However, it is required to set the public IP to "%defaultroute"
on NAT-ed devices (such as UMTS connections in Germany) to
connect to other sites as the IPFire box does not know
the real public IP address.
 2013-01-15 15:45:29 +01:00
Arne Fitzenreiter
d7a3254ace Merge remote-tracking branch 'origin/next' into thirteen 
Conflicts:
	config/rootfiles/common/stage2
	make.sh
 2012-12-06 19:29:29 +01:00
Alexander Marx
f7fc17c38a IPSEC: added checkroutine for used OpenVPN subnets/Hosts 2012-11-26 13:19:07 +01:00
Michael Tremer
43f4c938c1 ipsec: Shut up strongswan logging. 
Just log the basic stuff.
 2012-11-24 14:22:14 +01:00
Michael Tremer
01b5bc9170 vpnmain.cgi: Support more ciphers and integrity algorithms. 2012-09-26 23:05:21 +02:00
Michael Tremer
35b5392a95 vpnmain.cgi: Fix saving ENABLED status. 
The web interface ignores what has been set to the ENABLED
checkbox.

http://lists.ipfire.org/pipermail/development/2012-August/000047.html
 2012-08-07 17:04:37 +02:00
Michael Tremer
7916a3bef8 vpnmain.cgi: Reflect recent changes: vpn-watch removed. 2012-07-19 16:54:05 +02:00
Michael Tremer
ae2782ba1f Update VPN CGI scripts to work with strongswan 5.0.0. 
Pluto is not supported anymore, the following defaults have been
changed:
 * AES 256 is enabled by default for IKE and ESP.
 * DH MODP group has been set to 2048.
 * Compression is enabled.
 * IKEv2 is default.

Lots of code cleanup has been done as well.
 2012-07-15 15:34:59 +02:00
Arne Fitzenreiter
d06f6e7ccf vpnmain.cgi: add "extendedKeyUsage = serverAuth" to hostkey signing. 2011-12-04 14:36:00 +01:00
Stefan Schantl
528cb9a701 vpnmain.cgi: Allow %any as remote host/IP. 
http://forum.ipfire.org/index.php?topic=5458.0
 2011-11-13 15:10:30 +01:00