webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
5,926 Commits 2 Branches 1 Tag
910193da520355d0fffd69d9727f3dbf0eda2d6d
Commit Graph

58 Commits

Author SHA1 Message Date
Michael Tremer
cfa7eab02f Revert "ipsec: Shut up strongswan logging." 
This reverts commit 43f4c938c1.

Conflicts:
	config/rootfiles/oldcore/66/update.sh
 2013-05-11 11:42:52 +02:00
Michael Tremer
0cf124ab69 ipsec: Set IKE/IPsec lifetime to strongswan defaults. 
As suggested by Tom Rymes:
https://bugzilla.ipfire.org/show_bug.cgi?id=10346
 2013-04-08 14:51:58 +02:00
Arne Fitzenreiter
4a29f8541b vpnmain: disabled address check. 
this temporary fixes bug #10294 until the check was fixed to check the
complete source and dest net.
 2013-02-02 09:40:15 +01:00
Michael Tremer
60cc2e54a7 vpnmain.cgi: Fix selection of AES-192 as ESP cipher. 2013-01-15 15:57:29 +01:00
Michael Tremer
b2531cb080 vpnmain.cgi: Allow to use PSK if public IP is '%defaultroute'. 
Openswan did not support to use PSKs on net-to-net connections,
when the public IP of the IPFire box was "%defaultroute".
However, it is required to set the public IP to "%defaultroute"
on NAT-ed devices (such as UMTS connections in Germany) to
connect to other sites as the IPFire box does not know
the real public IP address.
 2013-01-15 15:45:29 +01:00
Arne Fitzenreiter
d7a3254ace Merge remote-tracking branch 'origin/next' into thirteen 
Conflicts:
	config/rootfiles/common/stage2
	make.sh
 2012-12-06 19:29:29 +01:00
Alexander Marx
f7fc17c38a IPSEC: added checkroutine for used OpenVPN subnets/Hosts 2012-11-26 13:19:07 +01:00
Michael Tremer
43f4c938c1 ipsec: Shut up strongswan logging. 
Just log the basic stuff.
 2012-11-24 14:22:14 +01:00
Michael Tremer
01b5bc9170 vpnmain.cgi: Support more ciphers and integrity algorithms. 2012-09-26 23:05:21 +02:00
Michael Tremer
35b5392a95 vpnmain.cgi: Fix saving ENABLED status. 
The web interface ignores what has been set to the ENABLED
checkbox.

http://lists.ipfire.org/pipermail/development/2012-August/000047.html
 2012-08-07 17:04:37 +02:00
Michael Tremer
7916a3bef8 vpnmain.cgi: Reflect recent changes: vpn-watch removed. 2012-07-19 16:54:05 +02:00
Michael Tremer
ae2782ba1f Update VPN CGI scripts to work with strongswan 5.0.0. 
Pluto is not supported anymore, the following defaults have been
changed:
 * AES 256 is enabled by default for IKE and ESP.
 * DH MODP group has been set to 2048.
 * Compression is enabled.
 * IKEv2 is default.

Lots of code cleanup has been done as well.
 2012-07-15 15:34:59 +02:00
Arne Fitzenreiter
d06f6e7ccf vpnmain.cgi: add "extendedKeyUsage = serverAuth" to hostkey signing. 2011-12-04 14:36:00 +01:00
Stefan Schantl
528cb9a701 vpnmain.cgi: Allow %any as remote host/IP. 
http://forum.ipfire.org/index.php?topic=5458.0
 2011-11-13 15:10:30 +01:00
Michael Tremer
86525dfc52 IKEv2: Add roadwarrior configuration to file. 2011-08-18 14:07:55 +02:00
Christian Schmidt
2444cc9780 VPN RW IP can be empty. 2011-08-01 19:07:00 +02:00
Christian Schmidt
9d85ac3b93 Added Roadwarrior Network to the ipsec gui. 2011-08-01 19:06:07 +02:00
Arne Fitzenreiter
264c0195fb ipsec: change grep for ikev2 status display. 2011-07-04 21:41:31 +02:00
Arne Fitzenreiter
5532265c3c ipsec: add ike version connection table. 2011-06-26 23:18:32 +02:00
Arne Fitzenreiter
57ba1e9023 ipsec: change check if a ikev2 tunnel is up. 2011-06-26 23:16:41 +02:00
Arne Fitzenreiter
a3323b6fde vpnmain.cgi: fix my typo. 2011-06-26 18:56:39 +02:00
Arne Fitzenreiter
54c5f69010 ipsec: add "vpn keyexchange" to langs. 2011-06-26 15:58:07 +02:00
Arne Fitzenreiter
4b4b895946 ipsec: change status display in cgi's for charon. 2011-06-26 15:16:32 +02:00
Arne Fitzenreiter
e2e4ed017c ipsec: add ikev1/v2 selectbox to switch from pluto to charon. 2011-06-26 11:13:58 +02:00
Michael Tremer
83371d5f57 Fix ID information on IPSec configuration. 
As the documentation of strongswan says, it is allowed to enter IP
addresses as leftid or rightid without an "@" in the beginning.

Fixed that you can now enter something like "10.20.30.40".

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2011-05-09 01:18:03 +02:00
Arne Fitzenreiter
73c7eff80e Remove some httpd errorlog entries. 2011-01-19 17:47:56 +01:00
Arne Fitzenreiter
aa1b595972 vpnmain: remove charonstart=no from ipsec.conf. 2010-11-30 23:46:40 +01:00
Arne Fitzenreiter
e897bfebe7 ipsec: write networks in ipsec.conf in cidr notation. 2010-11-15 19:37:59 +01:00
Arne Fitzenreiter
126246a8ca Fix ipsec.conf for strongswan 4.5 (ikev2 was now default). 2010-11-14 18:28:10 +01:00
Jan Paul Tuecking
a2ee81406f Fixes bug #0000722 pre-shared key is now a password field. 2010-10-09 16:08:33 +02:00
Dirk Wagner
2827f4af61 Fixed typo in secrets include statement 2010-07-16 09:54:23 +02:00
Arne Fitzenreiter
63043a1b44 Add ipsec.user.conf & secrets for user defined connections (e.g. XAUTH). 2010-06-26 19:44:02 +02:00
Arne Fitzenreiter
b2d5dd6d4f IPSec: add lefthostaccess=yes to enable access to the gw itself. 2010-05-19 19:47:48 +02:00
Arne Fitzenreiter
63249c6777 Removed unsupported ipsec debug options and modp768. 2010-05-15 13:30:19 +02:00
Arne Fitzenreiter
451a2f6806 Removed ipsec aggressive mode checkbox. 2010-05-14 13:23:31 +02:00
Arne Fitzenreiter
64dc6c92f1 Remove output of "ipsecctrl R". 
:
 2010-05-10 21:33:51 +02:00
Arne Fitzenreiter
b4f6d69810 Fix server error at certificate upload. 
Enabled ipsec on local networks.
 2010-05-10 17:40:42 +02:00
Arne Fitzenreiter
6c49789edb Remove blob at IPSec local- and remote-id. 2010-04-10 10:57:11 +02:00
Arne Fitzenreiter
db073a101e Some changes for strongswan. 
Still need a replacement for ipsec auto --replace
 2010-03-27 21:15:46 +01:00
Arne Fitzenreiter
6652626c88 Add strongswan (4.3.6) for testing. 2010-03-20 22:31:43 +01:00
Arne Fitzenreiter
afcc0fcfd0 Removed not working cryptomodes from ipsec config. 2009-12-19 21:55:21 +01:00
Maniacikarus
a84c3a5a89 Added recent changes to core25 2008-12-23 12:11:07 +01:00
Maniacikarus
07400d4b2a Removed ESP Group Type no longer supported by openswan 2008-11-15 08:34:31 +01:00
ms
70df830214 Ein Paar Dateien fuer die GPLv3 angepasst. 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@853 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-08-29 13:25:32 +00:00
maniacikarus
cb5e9c6c64 Debuginformationen aus den CGIs entfernt 
Hoffentlich die letzten Config Types bereinigt
Samba und SSHd init Skripte angepasst
Pakfire CGI optisch angepasst


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@779 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-08-17 16:00:01 +00:00
maniacikarus
69addbb810 Fuer den Urlfilter ein Background Image gemacht 
MPFire erweitert
Samba Pagerefresh korrigiert
Tripwire Pagerefreh korrigiert
Backup CGI sollte jetzt fertig sein zum Testen
vpnmain die beiden SHA2 Crypts entfernt
Snort init nochmal angepasst damit die PID alleine angelegt wird


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@682 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-07-13 18:49:27 +00:00
maniacikarus
4e17adadcd Einige CGIs gefixt, SNORT wird beim Systemstart gestartet 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@629 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-06-14 18:56:04 +00:00
maniacikarus
15f635cc82 Sprachdateien gefixt 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@589 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-05-28 10:58:02 +00:00
ms
341ff36cfb Das IPSec-Modul laesst sich nun laden. 
Einige Bugs der Alpha 2 behoben.


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@571 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-05-22 14:02:38 +00:00
maniacikarus
f2fdd0c1e9 Quasi fast alle cgis von den fixen header farben befreit 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@560 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-05-17 16:54:15 +00:00