webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,795 Commits 2 Branches 1 Tag
e4ee36fa170d08bccbbd32fe0d56e53f072a2f97
Commit Graph

1959 Commits

Author SHA1 Message Date
Michael Tremer
71a355c3a2 Merge branch 'ipsec-on-demand' into next 2019-03-05 15:25:36 +00:00
Michael Tremer
b15b70bc6b vpnmain.cgi: Make on-demand mode default for IPsec VPNs 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-05 15:24:19 +00:00
Michael Tremer
eb09c90ef4 vpnmain.cgi: Carry over START_ACTION attribute correctly 
This setting was not carried correctly and therefore the default was ignored.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-05 15:23:33 +00:00
Matthias Fischer
d50a78220d Bug 12008 - Typo in 'proxy.cgi' leads to wrong path for 'basic_ldap_auth' 
Hi,

This should fix https://bugzilla.ipfire.org/show_bug.cgi?id=12008

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:13:17 +00:00
Michael Tremer
f6a1d9e929 Update list of contributors 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-25 02:30:56 +00:00
Peter Müller
0675a66d83 update metrics links in Tor WebUI 
https://atlas.torproject.org/ is deprecated in favour of
https://metrics.torproject.org/ by now.

Fixes #11781.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-25 01:02:59 +00:00
Michael Tremer
1e2b257789 Add routed IPsec connections to traffic graphs section 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
38f6bdb740 ipsec: Drop delayed restart setting 
This is a very bad race-condition situation and is not solved by
an unintuitive setting.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
517683eeb1 ipsec: Drop VPN_IP setting 
This is now a per-connection setting

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
ae0d069827 ipsec: Allow to select local IP address used for peer on UI 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
455fdcb17a ipsec: Re-arrange inputs for peer addresses, subnets, etc. 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
7e25093d42 ipsec: Don't allow to select VTI in transport mode 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
605c391aaf vpnmain.cgi: Don't populate GREEN subnet when green doesn't exist 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
216bd9b389 vpnmain.cgi: Move advanced IPsec settings to connection page 
This is required to make the initial setup easier for GRE/VTI connections

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
f2d45a45ab IPsec: Do not allow 0.0.0.0/0 as remote subnet 
This renders the whole machine inaccessible

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
90aa4f1083 IPsec: Use left/rightprotoport in GRE mode 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
b01c17e9d0 IPsec: Update ipsec.conf for GRE/VTI changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
55842dda69 IPsec: Add UI for set interface MTU 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
7464131706 IPsec: Add option to configure IP address for tunnel interface 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
8ebe725416 IPsec: Set default inactivity timeout to half an hour 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
1e9457ac6f IPsec: New connections should defatul to on-demand mode 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
cae1f4a7a8 IPsec: Add dropdown to select tunnel interface mode 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
5e6fa03e1e vpnmain.cgi: Correctly carry over INACTIVITY_TIMEOUT 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
326728d53d IPsec: Write tunnel/transport mode to strongSwan configuration 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
29f5e0e2b9 IPsec: Add selection for transport/tunnel mode 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
7ec83993e5 proxy: Show error messages in English by default 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-23 06:21:53 +00:00
Matthias Fischer
e26a5c4885 Fix typo in 'html/cgi-bin/logs.cgi/log.dat' 
Translation string uses capital letter: 'Captive' => 'Captive Portal',

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-06 07:02:54 +00:00
Michael Tremer
ce1f04ee40 proxy: Allow selecting throttled bandwidth in MBit/s 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 16:10:59 +01:00
Michael Tremer
c2f1b8183c proxy: Suggest modern defaults for cache memory and disk 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 16:02:05 +01:00
Michael Tremer
cdd4cf4094 proxy: Drop support for throttling only certain mime types 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 16:00:05 +01:00
Michael Tremer
d68e150e86 proxy: Drop web browser check 
This is neither reliable nor up to date and is therefore removed

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 15:54:56 +01:00
Michael Tremer
a1018d86ae proxy: Set authentication TTL for NTLM authentication also 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 15:49:18 +01:00
Michael Tremer
6df2d52887 proxy: Use correct authentication cache TTL for AD 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 15:48:32 +01:00
Michael Tremer
fa286b1330 proxy: Use entered setting for auth children for AD 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 15:46:20 +01:00
Michael Tremer
5c2a76f7b3 proxy: Use correct realm for AD authentication 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 15:44:19 +01:00
Michael Tremer
dc637f087f proxy: Remove AUTH_IPCACHE_TTL 
This is potentially dangerous to set larger than zero.

Authentication is perfomed on basis of IP addresses which is
not a good idea at all.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 15:39:36 +01:00
Michael Tremer
ea72700a3b proxy: Drop NTLM authentication 
This is the authentication againt NT 4.0 style domain controllers.

squid has dropped support for this in the 4.5 release and nobody
should be using these old domain controllers any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 15:28:46 +01:00
Michael Tremer
eedca6e36c squid: Run as many redirectors as we have CPU cores 
This makes sure that we use the optimal ratio of memory and
CPU usage.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Tested-by: Matthias Fischer <matthias.fischer@ipfire.org>
 2019-01-08 03:33:37 +01:00
Daniel Weismüller
1a3323f2e6 BUG 11786 - squid: Remove setting for filter processes the number of Squid processes 
I added a function to determine the number of cores.
Now the number of squid processes will be equal to the number of logical cores.
Further I removed the possibility of changing the number
of squid processes in the proxy.cgi

Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: root <root@ipfire.test>
 2019-01-08 02:02:05 +01:00
Matthias Fischer
d01b31914a snort: Update to 2.9.12 
For details see:

Release notes:
https://snort.org/downloads/snort/release_notes_2.9.12.txt

Changelog:
https://snort.org/downloads/snort/changelog_2.9.12.txt

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-05 15:42:34 +00:00
Matthias Fischer
0a12cd7039 dnsforward.cgi: fix for language string 
Hi,

In https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=1a26564e95b5694337e51860544e7775d35055f3
the language string 'dnsforward forward_server' => 'DNS-Server', was deleted and replaced
by 'dnsforward forward_servers' => 'DNS-Server',

IMHO this leads to an empty string in 'dnsforward.cgi', line 223:

...
<td width='20%' class='base'>$Lang::tr{'dnsforward forward_server'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
...

I changed this line...

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-03 14:58:26 +00:00
Erik Kapfer
e6f7f8e7ba database_attribute: Deliver/create index.txt.attr 
Fixes #11904

Since OpenSSL-1.1.0x the database attribute file for IPSec and OpenVPN wasn´t created while initial PKI generation.
OpenVPN delivered an error message but IPSec did crashed within the first attempt.
This problem persists also after X509 deletion and new generation.

index.txt.attr will now be delivered by the system but also deleted and recreated while setting up a new x509.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-03 14:52:53 +00:00
Michael Tremer
cb8a25e5ec DNS Forwarding: Let UI accept hostnames, too 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-19 20:47:41 +01:00
Michael Tremer
1a26564e95 DNS Forwarding: Allow passing multiple name servers (separated by comma) 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-19 20:42:46 +01:00
Michael Tremer
1ee8c6732f Update maintainers 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-11-27 10:24:29 +00:00
Michael Tremer
9bdc8f854c credits.cgi: Remove old dev section 
I do not know why I forgot this. Now it is how it was intended
in the first place.

This commit removes all email addresses because people keep
emailing me for private support. Use the forum guys!

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-11-27 10:20:09 +00:00
Michael Tremer
4b4b29b314 Update list of contributors 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-11-26 16:01:29 +00:00
Michael Tremer
f9e4f4dcdf Update list of contributors 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-11-08 16:42:37 +00:00
Peter Müller
0c451a4a32 fix downloading Snort rules if behind upstream proxy 
Currently, the wget call only uses proxy information for HTTP.
Since rulesets are downloaded via HTTPS now, the same information
also needs to be applied for HTTPS.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-11-01 10:30:08 +00:00
Michael Tremer
02776a0dc2 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next 2018-10-29 10:51:44 +00:00