webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 11:05:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
8,015 Commits 2 Branches 1 Tag
4e9a2b57320fc17a2eaee06b60ee508ec79e59b0
Commit Graph

81 Commits

Author SHA1 Message Date
Michael Tremer
7e7788ea0b Merge remote-tracking branch 'amarx/BETA3' into next 2014-03-13 15:32:00 +01:00
Alexander Marx
03b08c08f0 VPN Checksubnets: Buttons are now Language Strings 2014-03-13 15:27:01 +01:00
Alexander Marx
4d81e0f381 VPN Checksubnets: Now the remote subnets (OpenVPN/IPSec) are checked. If they are defined elsewhere, there's a warningmessage displayed 2014-03-13 15:09:01 +01:00
Alexander Marx
c6df357fd4 Firewall: When delting an OpenVPN or IPSec connection, the rules are only colored yellow and the firewallrules are reloaded automatically 2014-03-13 14:51:28 +01:00
Alexander Marx
b3c53248d9 Firewall: When delting an OpenVPN or IPSec connection, the rules are only colored yellow and the firewallrules are reloaded automatically 2014-03-13 13:53:39 +01:00
Michael Tremer
cbb88df154 vpnmain.cgi: Remove left-over </td> tag. 2014-03-10 16:11:50 +01:00
Alexander Marx
7d44bfeef1 changes pagetitle in vpnmain.cgi 2014-01-11 12:15:11 +01:00
Alexander Marx
0afd84931e Layout changes vpnmain.cgi 2014-01-09 14:59:10 +01:00
Alexander Marx
e9850821d4 fifteen-theme: made vpnmain.cgi tables themeable 2014-01-08 15:05:42 +01:00
Stefan Schantl
e602416f94 Fix inpossible download of hostcert on french language. 
The french tranlsation string for download host certificate contains a single quote
character which breaks the used HTML code. As a result of this it wasn't possibe to
download the host certificate via the WUI with selected french language.

Fixes #10405.
 2014-01-07 21:13:56 +01:00
Michael Tremer
d2d87f2ca0 IPsec: Make connection configuration more pleasant for the eye. 2014-01-07 17:50:44 +01:00
Michael Tremer
4ad0b5b680 IPsec: Move IKE protocol option to advanced settings page. 2014-01-07 17:08:35 +01:00
Michael Tremer
afd5d8f76e IPsec: Allow to disable DPD. 2014-01-07 17:00:30 +01:00
Michael Tremer
cbb3a8f91e IPsec: Fix and enhance DPD configuration. 
Also the action option has now moved to the advanced settings
page and the design has been improved.
 2014-01-07 01:37:00 +01:00
Alexander Marx
4e156911cc IPsec: Add DPD configuration options to advanced settings. 2014-01-07 00:38:36 +01:00
Michael Tremer
63e3da5935 vpnmain.cgi: Re-design algorithm selection. 2014-01-05 02:19:06 +01:00
Michael Tremer
22fc183e08 IPsec: Add MODP-2048 subgroups. 2014-01-05 01:34:40 +01:00
Michael Tremer
651d442ecf IPsec: Add Brainpool elliptic curves. 2014-01-05 01:27:53 +01:00
Michael Tremer
d72a820484 IPsec: Add Camellia cipher for IKE and ESP. 2014-01-05 01:11:10 +01:00
Michael Tremer
095cbf430f Multiple CGI files: Check if BLUE or ORANGE are actually configured. 2013-09-07 16:40:59 +02:00
Alexander Marx
eff2dbf833 Forward Firewall: changed sort-order to Sort::Naturally. This Perl Module will be available since core 68. 2013-08-09 14:13:11 +02:00
Michael Tremer
aea35c5aca vpnmain.cgi: Use MODP groups with smaller key lengths by default. 
https://bugzilla.ipfire.org/show_bug.cgi?id=10396
 2013-07-25 16:46:54 +02:00
Michael Tremer
26dfc86a7b ipsec: Add ECP cryptography. 
Allow selecting ECDH for IPsec VPN connections.
 2013-07-20 18:46:32 +02:00
Michael Tremer
cfa7eab02f Revert "ipsec: Shut up strongswan logging." 
This reverts commit 43f4c938c1.

Conflicts:
	config/rootfiles/oldcore/66/update.sh
 2013-05-11 11:42:52 +02:00
Michael Tremer
0cf124ab69 ipsec: Set IKE/IPsec lifetime to strongswan defaults. 
As suggested by Tom Rymes:
https://bugzilla.ipfire.org/show_bug.cgi?id=10346
 2013-04-08 14:51:58 +02:00
Arne Fitzenreiter
4a29f8541b vpnmain: disabled address check. 
this temporary fixes bug #10294 until the check was fixed to check the
complete source and dest net.
 2013-02-02 09:40:15 +01:00
Michael Tremer
60cc2e54a7 vpnmain.cgi: Fix selection of AES-192 as ESP cipher. 2013-01-15 15:57:29 +01:00
Michael Tremer
b2531cb080 vpnmain.cgi: Allow to use PSK if public IP is '%defaultroute'. 
Openswan did not support to use PSKs on net-to-net connections,
when the public IP of the IPFire box was "%defaultroute".
However, it is required to set the public IP to "%defaultroute"
on NAT-ed devices (such as UMTS connections in Germany) to
connect to other sites as the IPFire box does not know
the real public IP address.
 2013-01-15 15:45:29 +01:00
Arne Fitzenreiter
d7a3254ace Merge remote-tracking branch 'origin/next' into thirteen 
Conflicts:
	config/rootfiles/common/stage2
	make.sh
 2012-12-06 19:29:29 +01:00
Alexander Marx
f7fc17c38a IPSEC: added checkroutine for used OpenVPN subnets/Hosts 2012-11-26 13:19:07 +01:00
Michael Tremer
43f4c938c1 ipsec: Shut up strongswan logging. 
Just log the basic stuff.
 2012-11-24 14:22:14 +01:00
Michael Tremer
01b5bc9170 vpnmain.cgi: Support more ciphers and integrity algorithms. 2012-09-26 23:05:21 +02:00
Michael Tremer
35b5392a95 vpnmain.cgi: Fix saving ENABLED status. 
The web interface ignores what has been set to the ENABLED
checkbox.

http://lists.ipfire.org/pipermail/development/2012-August/000047.html
 2012-08-07 17:04:37 +02:00
Michael Tremer
7916a3bef8 vpnmain.cgi: Reflect recent changes: vpn-watch removed. 2012-07-19 16:54:05 +02:00
Michael Tremer
ae2782ba1f Update VPN CGI scripts to work with strongswan 5.0.0. 
Pluto is not supported anymore, the following defaults have been
changed:
 * AES 256 is enabled by default for IKE and ESP.
 * DH MODP group has been set to 2048.
 * Compression is enabled.
 * IKEv2 is default.

Lots of code cleanup has been done as well.
 2012-07-15 15:34:59 +02:00
Arne Fitzenreiter
d06f6e7ccf vpnmain.cgi: add "extendedKeyUsage = serverAuth" to hostkey signing. 2011-12-04 14:36:00 +01:00
Stefan Schantl
528cb9a701 vpnmain.cgi: Allow %any as remote host/IP. 
http://forum.ipfire.org/index.php?topic=5458.0
 2011-11-13 15:10:30 +01:00
Michael Tremer
86525dfc52 IKEv2: Add roadwarrior configuration to file. 2011-08-18 14:07:55 +02:00
Christian Schmidt
2444cc9780 VPN RW IP can be empty. 2011-08-01 19:07:00 +02:00
Christian Schmidt
9d85ac3b93 Added Roadwarrior Network to the ipsec gui. 2011-08-01 19:06:07 +02:00
Arne Fitzenreiter
264c0195fb ipsec: change grep for ikev2 status display. 2011-07-04 21:41:31 +02:00
Arne Fitzenreiter
5532265c3c ipsec: add ike version connection table. 2011-06-26 23:18:32 +02:00
Arne Fitzenreiter
57ba1e9023 ipsec: change check if a ikev2 tunnel is up. 2011-06-26 23:16:41 +02:00
Arne Fitzenreiter
a3323b6fde vpnmain.cgi: fix my typo. 2011-06-26 18:56:39 +02:00
Arne Fitzenreiter
54c5f69010 ipsec: add "vpn keyexchange" to langs. 2011-06-26 15:58:07 +02:00
Arne Fitzenreiter
4b4b895946 ipsec: change status display in cgi's for charon. 2011-06-26 15:16:32 +02:00
Arne Fitzenreiter
e2e4ed017c ipsec: add ikev1/v2 selectbox to switch from pluto to charon. 2011-06-26 11:13:58 +02:00
Michael Tremer
83371d5f57 Fix ID information on IPSec configuration. 
As the documentation of strongswan says, it is allowed to enter IP
addresses as leftid or rightid without an "@" in the beginning.

Fixed that you can now enter something like "10.20.30.40".

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2011-05-09 01:18:03 +02:00
Arne Fitzenreiter
73c7eff80e Remove some httpd errorlog entries. 2011-01-19 17:47:56 +01:00
Arne Fitzenreiter
aa1b595972 vpnmain: remove charonstart=no from ipsec.conf. 2010-11-30 23:46:40 +01:00