webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 19:55:52 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,832 Commits 2 Branches 1 Tag
5ea26096ca2a34bc41af03b40e2332db4d949da1
Commit Graph

2065 Commits

Author SHA1 Message Date
Michael Tremer
beac548962 Update list of contributors 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-11 15:58:45 +00:00
Michael Tremer
56947acb12 Merge remote-tracking branch 'ms/dns-forwarding' into next 2019-03-11 15:57:15 +00:00
Michael Tremer
8288c0394b Merge remote-tracking branch 'ms/dhcp' into next 2019-03-11 09:53:56 +00:00
Peter Müller
04f9321955 Tor WebUI: drop relay bandwith options < 1 MBit/s 
Tor requires at least 1 MBit/s in order to participate.

Fixes #12001

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-11 09:52:54 +00:00
Michael Tremer
025d8e6318 DNS Forwarding: Add UI to Allow to disable DNSSEC for a zone 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-05 16:10:17 +00:00
Michael Tremer
71a355c3a2 Merge branch 'ipsec-on-demand' into next 2019-03-05 15:25:36 +00:00
Michael Tremer
b15b70bc6b vpnmain.cgi: Make on-demand mode default for IPsec VPNs 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-05 15:24:19 +00:00
Michael Tremer
eb09c90ef4 vpnmain.cgi: Carry over START_ACTION attribute correctly 
This setting was not carried correctly and therefore the default was ignored.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-05 15:23:33 +00:00
Matthias Fischer
d50a78220d Bug 12008 - Typo in 'proxy.cgi' leads to wrong path for 'basic_ldap_auth' 
Hi,

This should fix https://bugzilla.ipfire.org/show_bug.cgi?id=12008

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:13:17 +00:00
Michael Tremer
31672dc8bd DHCP: Fix error when editing a newly added fixed lease 
They key was remembered but then the array was sorted which resulted
the key showing a wrong line.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-26 16:33:46 +00:00
Michael Tremer
4eb23a9198 DHCP: Restart server in background 
This allows for the CGI to return quicker.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-26 10:18:33 +00:00
Michael Tremer
820ab96c69 DHCP: Escape slashes in filename 
Fixes: #12006
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-26 10:16:21 +00:00
Michael Tremer
f6a1d9e929 Update list of contributors 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-25 02:30:56 +00:00
Peter Müller
0675a66d83 update metrics links in Tor WebUI 
https://atlas.torproject.org/ is deprecated in favour of
https://metrics.torproject.org/ by now.

Fixes #11781.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-25 01:02:59 +00:00
Michael Tremer
1e2b257789 Add routed IPsec connections to traffic graphs section 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
38f6bdb740 ipsec: Drop delayed restart setting 
This is a very bad race-condition situation and is not solved by
an unintuitive setting.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
517683eeb1 ipsec: Drop VPN_IP setting 
This is now a per-connection setting

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
ae0d069827 ipsec: Allow to select local IP address used for peer on UI 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
455fdcb17a ipsec: Re-arrange inputs for peer addresses, subnets, etc. 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
7e25093d42 ipsec: Don't allow to select VTI in transport mode 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
605c391aaf vpnmain.cgi: Don't populate GREEN subnet when green doesn't exist 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
216bd9b389 vpnmain.cgi: Move advanced IPsec settings to connection page 
This is required to make the initial setup easier for GRE/VTI connections

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
f2d45a45ab IPsec: Do not allow 0.0.0.0/0 as remote subnet 
This renders the whole machine inaccessible

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
90aa4f1083 IPsec: Use left/rightprotoport in GRE mode 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
b01c17e9d0 IPsec: Update ipsec.conf for GRE/VTI changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
55842dda69 IPsec: Add UI for set interface MTU 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
7464131706 IPsec: Add option to configure IP address for tunnel interface 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
8ebe725416 IPsec: Set default inactivity timeout to half an hour 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
1e9457ac6f IPsec: New connections should defatul to on-demand mode 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
cae1f4a7a8 IPsec: Add dropdown to select tunnel interface mode 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
5e6fa03e1e vpnmain.cgi: Correctly carry over INACTIVITY_TIMEOUT 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
326728d53d IPsec: Write tunnel/transport mode to strongSwan configuration 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
29f5e0e2b9 IPsec: Add selection for transport/tunnel mode 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
7ec83993e5 proxy: Show error messages in English by default 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-23 06:21:53 +00:00
Matthias Fischer
e26a5c4885 Fix typo in 'html/cgi-bin/logs.cgi/log.dat' 
Translation string uses capital letter: 'Captive' => 'Captive Portal',

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-06 07:02:54 +00:00
Michael Tremer
ce1f04ee40 proxy: Allow selecting throttled bandwidth in MBit/s 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 16:10:59 +01:00
Michael Tremer
c2f1b8183c proxy: Suggest modern defaults for cache memory and disk 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 16:02:05 +01:00
Michael Tremer
cdd4cf4094 proxy: Drop support for throttling only certain mime types 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 16:00:05 +01:00
Michael Tremer
d68e150e86 proxy: Drop web browser check 
This is neither reliable nor up to date and is therefore removed

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 15:54:56 +01:00
Michael Tremer
a1018d86ae proxy: Set authentication TTL for NTLM authentication also 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 15:49:18 +01:00
Michael Tremer
6df2d52887 proxy: Use correct authentication cache TTL for AD 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 15:48:32 +01:00
Michael Tremer
fa286b1330 proxy: Use entered setting for auth children for AD 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 15:46:20 +01:00
Michael Tremer
5c2a76f7b3 proxy: Use correct realm for AD authentication 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 15:44:19 +01:00
Michael Tremer
dc637f087f proxy: Remove AUTH_IPCACHE_TTL 
This is potentially dangerous to set larger than zero.

Authentication is perfomed on basis of IP addresses which is
not a good idea at all.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 15:39:36 +01:00
Michael Tremer
ea72700a3b proxy: Drop NTLM authentication 
This is the authentication againt NT 4.0 style domain controllers.

squid has dropped support for this in the 4.5 release and nobody
should be using these old domain controllers any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 15:28:46 +01:00
Michael Tremer
eedca6e36c squid: Run as many redirectors as we have CPU cores 
This makes sure that we use the optimal ratio of memory and
CPU usage.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Tested-by: Matthias Fischer <matthias.fischer@ipfire.org>
 2019-01-08 03:33:37 +01:00
Daniel Weismüller
1a3323f2e6 BUG 11786 - squid: Remove setting for filter processes the number of Squid processes 
I added a function to determine the number of cores.
Now the number of squid processes will be equal to the number of logical cores.
Further I removed the possibility of changing the number
of squid processes in the proxy.cgi

Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: root <root@ipfire.test>
 2019-01-08 02:02:05 +01:00
Matthias Fischer
d01b31914a snort: Update to 2.9.12 
For details see:

Release notes:
https://snort.org/downloads/snort/release_notes_2.9.12.txt

Changelog:
https://snort.org/downloads/snort/changelog_2.9.12.txt

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-05 15:42:34 +00:00
Matthias Fischer
0a12cd7039 dnsforward.cgi: fix for language string 
Hi,

In https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=1a26564e95b5694337e51860544e7775d35055f3
the language string 'dnsforward forward_server' => 'DNS-Server', was deleted and replaced
by 'dnsforward forward_servers' => 'DNS-Server',

IMHO this leads to an empty string in 'dnsforward.cgi', line 223:

...
<td width='20%' class='base'>$Lang::tr{'dnsforward forward_server'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
...

I changed this line...

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-03 14:58:26 +00:00
Erik Kapfer
e6f7f8e7ba database_attribute: Deliver/create index.txt.attr 
Fixes #11904

Since OpenSSL-1.1.0x the database attribute file for IPSec and OpenVPN wasn´t created while initial PKI generation.
OpenVPN delivered an error message but IPSec did crashed within the first attempt.
This problem persists also after X509 deletion and new generation.

index.txt.attr will now be delivered by the system but also deleted and recreated while setting up a new x509.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-03 14:52:53 +00:00