webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 11:35:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
9,600 Commits 2 Branches 1 Tag
28bee14eccbc3e2cada73cbbe84634e070c8c8bc
Commit Graph

104 Commits

Author SHA1 Message Date
Larsen
2158e11ba9 IPSec VPN: Add "required" marker for "organization name" 
IPSec VPN: Add "required" marker for "organization name"

Fixes https://bugzilla.ipfire.org/show_bug.cgi?id=10846

Signed-off-by: Lars Schuhmacher <larsen007@web.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-10-15 15:44:56 +01:00
Michael Tremer
b1881251d6 Merge remote-tracking branch 'ms/ipsec-subnets' into next 2015-09-28 14:21:18 +01:00
Lars Schuhmacher
624615ee07 vpnmain.cgi - Replace spaces with tab characters and fix indentation 
Replaced spaces with tab characters. Fixed indentation.

This is based on http://patchwork.ipfire.org/patch/88/ so that patch must be applied before.

Signed-off-by: Lars Schuhmacher <larsen007@web.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-28 14:05:06 +01:00
Lars Schuhmacher
ed1d0fbdbe IPsec: Remove GUI option for "Roadwarrior virtual IP" 
This setting stems from IPCop (and probably Openswan) and causes a problem.

Fixes bug #10496.

Signed-off-by: Lars Schuhmacher <larsen007@web.de>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-28 14:04:40 +01:00
Lars Schuhmacher
e3edceeb7a Mark required input fields with a star 
Mark required input fields with a star as nowadays this is
the de-facto default. Before, it was the other way around and
optional fields were marked.

Signed-off-by: Lars Schumacher <larsen007@web.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-21 16:40:41 +01:00
Michael Tremer
f6529a04a3 IPsec: Add option to force using MOBIKE 
Some peers that are behind a NAT router that fails
to properly forward IKE packets on UDP port 500 cannot
establish an IPsec connection. MOBIKE tries to solve that
by sending these packets to UDP port 4500 instead.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-10 13:35:24 +01:00
Michael Tremer
8792caad90 ipsec: Support using multiple subnets per tunnel 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-25 21:52:11 +01:00
Michael Tremer
4b02b4045b ipsec: Allow selection of ESP group type 
If a connection is edited, the IKE group types will be used instead.

Fixes #10860

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Wolfgang Apolinarski <wolfgang.apolinarski@web.de>
 2015-06-15 22:33:28 +02:00
Lars Schuhmacher
bd767b27c8 ipsec.conf: Include ipsec.user.conf and ipsec.user-post.conf 
Fix bug 10869 as the code has been removed by mistake by the
previous commit dfea4f86c2.
It also includes ipsec.user.conf only when it exists.

Signed-off-by: Lars Schuhmacher <larsen007@web.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-06-04 17:50:51 +02:00
Michael Tremer
5f0a2ba104 vpnmain.cgi: Do not use an other DH key exchange in ESP 2015-05-11 12:57:29 +02:00
Michael Tremer
2c531c2132 vpnmain.cgi: Fix ECP regex again for Brainpool curves 
The regular expression did not take into account that
there could be characters like "bp" in case of the Brainpool
curves (ecp512bp).
 2015-05-01 16:57:13 +02:00
Michael Tremer
3bcb59ab21 vpnmain.cgi: Fix prefix for elliptic curve algorithms 2015-04-28 13:22:00 +02:00
Jochen Kauz
a24062d12b vpnmain.cgi: dpd_delay/dpd_timeout wrong entry in ipsec.conf 
Fixes #10636
 2015-04-28 11:30:05 +02:00
Michael Tremer
a4d24f9052 vpnmain.cgi: Order ciphers by strength 
strongSwan uses them in the defined order. Hence it makes
much more sense to present them to the user as well in that
order.
 2015-04-22 14:45:10 +02:00
Michael Tremer
78039c1585 vpnmain.cgi: Use integrity functions as PRF for AEAD 2015-04-22 14:44:16 +02:00
Michael Tremer
e8b3bb0edc vpnmain.cgi: Rewrite algorithm generation code 2015-04-22 14:08:41 +02:00
Michael Tremer
a47376207f ipsec: Always enable support for IKE fragmentation 2015-04-21 19:36:40 +02:00
Wolfgang Apolinarski
ab2d15486b Added clientAuth to EKU of client certificate. Fixed the comment. 2015-04-18 23:32:14 +02:00
Wolfgang Apolinarski
3847730c17 Applied patches for not using md5. Additionally, the root CA is no 4096 bits, host/clients are 2048 bits (both RSA). Openssl is now choosing the random seed automatically, removed the '-rand' parameter. 2015-03-17 20:42:41 +01:00
Michael Tremer
dfea4f86c2 strongswan: Allow using AES-GCM in various configurations 2015-03-11 18:13:25 +01:00
Michael Tremer
274ebe1d9d Merge remote-tracking branch 'origin/master' into next 
Conflicts:
	config/rootfiles/packages/clamav
	lfs/clamav
 2015-03-04 23:58:47 +01:00
Christoph Anderegg
165b25b2dc vpnmain.cgi: Added inclusion of ipsec.user-post.conf to the end of ipsec.conf in order to allow connection parameters to be overwritten in ipsec.user.conf. 2015-03-03 11:16:47 +01:00
Michael Tremer
f57a228c4b ipsec: Allow IKE lifetime of up to 24 hours 
Requested in #10722

The recommended time has not been changed, but it is often
stated that 24 hours is a common lifetime for IKE.
 2015-01-19 17:04:37 +01:00
Michael Tremer
7e7788ea0b Merge remote-tracking branch 'amarx/BETA3' into next 2014-03-13 15:32:00 +01:00
Alexander Marx
03b08c08f0 VPN Checksubnets: Buttons are now Language Strings 2014-03-13 15:27:01 +01:00
Alexander Marx
4d81e0f381 VPN Checksubnets: Now the remote subnets (OpenVPN/IPSec) are checked. If they are defined elsewhere, there's a warningmessage displayed 2014-03-13 15:09:01 +01:00
Alexander Marx
c6df357fd4 Firewall: When delting an OpenVPN or IPSec connection, the rules are only colored yellow and the firewallrules are reloaded automatically 2014-03-13 14:51:28 +01:00
Alexander Marx
b3c53248d9 Firewall: When delting an OpenVPN or IPSec connection, the rules are only colored yellow and the firewallrules are reloaded automatically 2014-03-13 13:53:39 +01:00
Michael Tremer
cbb88df154 vpnmain.cgi: Remove left-over </td> tag. 2014-03-10 16:11:50 +01:00
Alexander Marx
7d44bfeef1 changes pagetitle in vpnmain.cgi 2014-01-11 12:15:11 +01:00
Alexander Marx
0afd84931e Layout changes vpnmain.cgi 2014-01-09 14:59:10 +01:00
Alexander Marx
e9850821d4 fifteen-theme: made vpnmain.cgi tables themeable 2014-01-08 15:05:42 +01:00
Stefan Schantl
e602416f94 Fix inpossible download of hostcert on french language. 
The french tranlsation string for download host certificate contains a single quote
character which breaks the used HTML code. As a result of this it wasn't possibe to
download the host certificate via the WUI with selected french language.

Fixes #10405.
 2014-01-07 21:13:56 +01:00
Michael Tremer
d2d87f2ca0 IPsec: Make connection configuration more pleasant for the eye. 2014-01-07 17:50:44 +01:00
Michael Tremer
4ad0b5b680 IPsec: Move IKE protocol option to advanced settings page. 2014-01-07 17:08:35 +01:00
Michael Tremer
afd5d8f76e IPsec: Allow to disable DPD. 2014-01-07 17:00:30 +01:00
Michael Tremer
cbb3a8f91e IPsec: Fix and enhance DPD configuration. 
Also the action option has now moved to the advanced settings
page and the design has been improved.
 2014-01-07 01:37:00 +01:00
Alexander Marx
4e156911cc IPsec: Add DPD configuration options to advanced settings. 2014-01-07 00:38:36 +01:00
Michael Tremer
63e3da5935 vpnmain.cgi: Re-design algorithm selection. 2014-01-05 02:19:06 +01:00
Michael Tremer
22fc183e08 IPsec: Add MODP-2048 subgroups. 2014-01-05 01:34:40 +01:00
Michael Tremer
651d442ecf IPsec: Add Brainpool elliptic curves. 2014-01-05 01:27:53 +01:00
Michael Tremer
d72a820484 IPsec: Add Camellia cipher for IKE and ESP. 2014-01-05 01:11:10 +01:00
Michael Tremer
095cbf430f Multiple CGI files: Check if BLUE or ORANGE are actually configured. 2013-09-07 16:40:59 +02:00
Alexander Marx
eff2dbf833 Forward Firewall: changed sort-order to Sort::Naturally. This Perl Module will be available since core 68. 2013-08-09 14:13:11 +02:00
Michael Tremer
aea35c5aca vpnmain.cgi: Use MODP groups with smaller key lengths by default. 
https://bugzilla.ipfire.org/show_bug.cgi?id=10396
 2013-07-25 16:46:54 +02:00
Michael Tremer
26dfc86a7b ipsec: Add ECP cryptography. 
Allow selecting ECDH for IPsec VPN connections.
 2013-07-20 18:46:32 +02:00
Michael Tremer
cfa7eab02f Revert "ipsec: Shut up strongswan logging." 
This reverts commit 43f4c938c1.

Conflicts:
	config/rootfiles/oldcore/66/update.sh
 2013-05-11 11:42:52 +02:00
Michael Tremer
0cf124ab69 ipsec: Set IKE/IPsec lifetime to strongswan defaults. 
As suggested by Tom Rymes:
https://bugzilla.ipfire.org/show_bug.cgi?id=10346
 2013-04-08 14:51:58 +02:00
Arne Fitzenreiter
4a29f8541b vpnmain: disabled address check. 
this temporary fixes bug #10294 until the check was fixed to check the
complete source and dest net.
 2013-02-02 09:40:15 +01:00
Michael Tremer
60cc2e54a7 vpnmain.cgi: Fix selection of AES-192 as ESP cipher. 2013-01-15 15:57:29 +01:00