Add GeoIP and rDNS information to DNS nameserver list at netexternal.cgi
Use newly implemented GeoIP function in /var/ipfire/geoip-functions.pl
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The page description (title and headline) should print
"hardware graphs" instead of only mentioning HDDs.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
There was a function with different name but essentially
same functionality which is already existant in &show_clients().
Therefore this patch drops the old function without any functional
changes.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is the new design of the access page of the captive
portal. It is based on the Bootstrap 4 grid system and
reboot but does not use anything else from it.
It is responsive and customisable.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch adds some status information so that we know what
authentication an access point is using.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is helpful when debugging on-demand connections
when you can see if strongswan tries to connect or is
still idle.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Since we somehow have to support these algorithms this patch
adds some information for the user that it is very strongly
discouraged to use them in production.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This will create IPsec VPN connections with auto=route set
instead of auto=start which will cause the connection being
created, but not brought up yet.
As soon as the first packet is received, the connection will
be established and data will be passed through it.
This allows IPFire to handle more VPN connections on weaker
systems and avoids negotiating many connections which are
rarely used.
Suggested-by: Tom Rymes <tomvend@rymes.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fixes: #10733
This patch always enables asynchronous logging which slows
down the system a lot on slow storage and some virtual environments.
It also removes the configuration options in the web
user interface, since this is not configurable any more.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Some peers that are behind a NAT router that fails
to properly forward IKE packets on UDP port 500 cannot
establish an IPsec connection. MOBIKE tries to solve that
by sending these packets to UDP port 4500 instead.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Some clients may not support NTLMv2. Basic authentication can
now be activated. This is dangerous as it sends the credentials
in cleartext to the proxy server.
