Commit Graph

12523 Commits

Author SHA1 Message Date
Ermal LUÇI
a4cd8f03a8 Properly handle large passthrough entries even here. 2015-01-12 12:30:45 +01:00
Ermal LUÇI
907cc718d1 Put the value of password under double quotes(") to avoid issues with special characters in passwords. Ticket #4177 2015-01-12 11:49:20 +01:00
Ermal LUÇI
5cd24cf110 Prevent echo to insert a newline(\n) at the secret string. Fixes #4177 2015-01-12 11:40:55 +01:00
Ermal LUÇI
f3f885aa91 Fix typos and set needed variable 2015-01-12 09:33:30 +01:00
Ermal LUÇI
330591f5f5 properly apply the passthrough entries when apply is hitr. 2015-01-12 09:30:46 +01:00
Ermal LUÇI
384deecb5c Fix inherent issues with isset and empty values set as true by our parser. This made the piep configuration to be wrong at least for passthrough entries. Ticket #3932 2015-01-12 09:27:17 +01:00
Chris Buechler
1aecc4daf8 Bring back showing of default value like previous versions. 2015-01-11 19:34:09 -06:00
Ermal LUÇI
619aa26f71 Remove debug code 2015-01-11 16:37:50 +01:00
Phil Davis
3f6930f7e2 Fix POST typo in interfaces_assign.php
Obviously a typo. But this section is inside:
if (isset($_POST['add_x']) && isset($_POST['if_add'])) {
and I cannot find where 'add_x' is ever sent here, so I do not see how this whole code section is ever executed (and that will be why this typo bug has no symptoms). What is the history here? Can the whole block of code be removed?
The code normally executed is the section for 'Submit' lower down.
2015-01-11 18:40:09 +05:45
Ermal LUÇI
e821f30e7d Fixes #4177 convert password to base64 to be submitted to avoid issues with special chars in shell and HTTP GET parameter passing. Probably should add POST support to fcgicli. 2015-01-10 22:17:28 +01:00
Ermal LUÇI
60370eb98f Properly rename the var Ticket #4164 2015-01-10 21:52:46 +01:00
Chris Buechler
c39feb71c3 Default to only AES and SHA1 for new P2s. 2015-01-09 22:08:27 -06:00
Chris Buechler
c5ddb6ad4a Default IPsec to AES 2015-01-09 22:01:12 -06:00
Chris Buechler
460719c819 Default IPsec to main mode, unless mobile client. 2015-01-09 21:59:00 -06:00
Ermal LUÇI
9c0ec56ea8 Do not count twice the phase2 entries 2015-01-09 23:12:21 +01:00
Ermal LUÇI
7f48765aab Just some reshufling and cleanup 2015-01-09 22:47:52 +01:00
Chris Buechler
23ca569527 This broke a variety of things. Revert "Deprecated and non-static method messages"
This reverts commit 91b9a02fb1.
2015-01-09 00:40:01 -06:00
Ermal LUÇI
74fe0ef919 Make this code less memory hungry and fix route command generation 2015-01-08 23:57:47 +01:00
Phil Davis
91b9a02fb1 Deprecated and non-static method messages
Fix various files that can emit messages like:
PHP Strict Standards:  Non-static method SimplePie_Misc::array_unique()
should not be called statically, assuming $this from incompatible
context in /etc/inc/simplepie/simplepie.inc on line 5508
php-fpm[16262]: /rc.newipsecdns: PHP ERROR: Type: 8192, File:
/etc/inc/shaper.inc, Line: 4365, Message: Assigning the return value of
new by reference is deprecated

Some of these style messages have been reported on the forum, e.g.
https://forum.pfsense.org/index.php?topic=86448.0

I had RSS widget on, and simplepie sent the system beserk telling about
all this stuff.
2015-01-09 01:20:05 +05:45
Renato Botelho
6d1907a3d2 Improve URL and URL ports alias update data:
- Move redundant code to a function parse_aliases_file(). Before the max
number of items was not being respected when URL content is updated,
only when alias was saved. Same was happening with ip/subnet/port
validation and user could end up with a bad pf.conf
- Remove unused variables

These changes were based on Pull Request #1264. It should fix #4189

Submitted by:▸  PiBa-NL
2015-01-08 16:16:47 -02:00
Chris Buechler
2727e3fc28 Also include /127 for IPv6, it works fine. Ticket #3657 2015-01-07 23:48:02 -06:00
Chris Buechler
aac1c1db06 Allow for configuring /31 masks on interfaces.php. The rest of the code was updated accordingly some time ago, and an employee with Cox Communications has confirmed this allows things to work on their circuits deployed with /31s. Ticket #4190 2015-01-07 23:39:09 -06:00
Chris Buechler
b25ccd048e fix up text 2015-01-07 23:04:20 -06:00
Ermal LUÇI
4a076e36d3 Provide an advanced setting to be able to disable Unity Plugin(Cisco extensions) 2015-01-07 22:07:00 +01:00
Ermal LUÇI
f99f51a9f0 split is deprecated move to explode 2015-01-07 20:22:06 +01:00
Ermal LUÇI
ba0bc25810 split is deprecated move to explode 2015-01-07 20:20:43 +01:00
Ermal LUÇI
9643058d99 split is deprecated move to explode 2015-01-07 20:16:02 +01:00
Chris Buechler
3add5b2d95 fix text 2015-01-07 12:49:00 -06:00
Chris Buechler
e57a3e4087 fix spelling of compression 2015-01-07 12:47:26 -06:00
Ermal LUÇI
40cc36d165 Fixes #4182 by properly managing IPcomp on ipsec tunnels.
Also retires IPsec force reloading advanced sysctl since its useless nowdays with strongswan and remove its call on rc.newipsecdns.
2015-01-07 16:35:04 +01:00
Phil Davis
91454850ad OpenVPN backend authentication fix key and translation
The array returned by auth_get_authserver_list() has key as the fixed name of each available authentication mode - e.g. "Local Database".
The array value ["name"] has the name string translated into the selected GUI language.
Use the key do determine which items are selected, and as the value that ends up being stored in the config.
Use ["name"] for display.
Forum report: https://forum.pfsense.org/index.php?topic=86326.0
Redmine Bug #4180
2015-01-06 07:27:36 +05:45
Renato Botelho
cfb5073f83 Fix #4090:
- Unbound advanced options may contain double quotes and it breaks the
syntax when a backup is restored because newlines are trimmed. Save it
in base64 format is a safe way to prevent it
- Bump config version to 11.5
- Provide upgrade code to encode current config or the one that came
from unbound package on 2.1.5
2015-01-05 15:44:29 -02:00
Renato Botelho
fb13033515 Make it possible to backup/restore 'DNS Resolver' section individually 2015-01-05 12:57:26 -02:00
Renato Botelho
eef5aeeb49 Fix track6 prefix id range check, reported by jimp 2015-01-02 13:07:02 -02:00
Phil Davis
a3c9510c68 Allow blank source port in diag_testport
Reported by forum https://forum.pfsense.org/index.php?topic=86146.0
Also, if there are input validation errors, save the user-entered data and re-display it, making it easier for the user to just correct the data in error and press Test again. It was blanking out all the entered data.
2015-01-02 16:34:30 +05:45
Renato Botelho
0e25a6b967 Merge pull request #1416 from phil-davis/Copyright-format 2015-01-01 10:12:44 -02:00
Phil Davis
ce77a9c4bd Fix lineup of copyright lines
and module names and other bits of formatting and typos in header
comment sections.
2015-01-01 15:11:15 +05:45
Phil Davis
7f696ba0e0 Remove duplicate copyright
Noticed these had the copyright twice
2015-01-01 08:55:00 +05:45
Renato Botelho
ed2d13436a Welcome 2015 2014-12-31 16:22:00 -02:00
Chris Buechler
7b43825e78 Merge pull request #1412 from phil-davis/patch-2 2014-12-30 20:42:55 -06:00
Phil Davis
43531ed73a Allow for old settings that have no iketype
This bit of code looks like it could do with the same test as https://github.com/pfsense/pfsense/pull/1412
This is executed when the "Connect" button is pressed from Status->IPsec
Somebody with these problematic old IPsec entries could test this - with current code I suspect that disconnect followed by connect - it will not connect. With this change it will (might?) connect again.
2014-12-30 23:24:31 +05:45
Phil Davis
86b429b345 IPsec Widget allow for old settings that have no iketype
as mentioned in https://forum.pfsense.org/index.php?topic=84527.msg471919#msg471919
This change makes it work like similar if tests in /usr/local/wwwvpn_ipsec.php, and code in /etc/inc/vpn.inc that effectively defaults to ikev1 when iketype is not specified.
This should make the code here be executed and make $ikeid get the correct value to be used in later code.
2014-12-30 22:20:20 +05:45
Phil Davis
e0273f4426 Captive portal spelling 2014-12-30 17:20:23 +05:45
Renato Botelho
d9feefb118 Merge pull request #1408 from ExolonDX/master 2014-12-29 11:40:31 -02:00
Colin Fleming
40930f75db Backout pull request #1391
https://forum.pfsense.org/index.php?topic=85944.0

Backout pull request #13191
2014-12-29 11:51:44 +00:00
Phil Davis
db88a3a261 Fix unbound shortcut links
Fixes redmine #4151
1) Make the naming in shortcuts.inc more clear - forwarder=dnsmasq
resolver=unbound
2) Make the value of $shortcuts_section correct in each dnsmasq and
unbound php code
3) Make diag_logs_resolver.php smarter, so if dnsmasq is enabled, then
show shortcuts for dnsmasq, otherwise show shortcuts for unbound.
4) Fix some references to forwarder in unbound code - should be
resolver.
2014-12-28 16:36:53 +05:45
Chris Buechler
cccee75584 clarify message here after customer feedback, it wasn't meant to imply "only a reboot will re-enable" but that's how some people have read it. 2014-12-26 16:49:18 -06:00
Renato Botelho
d0bf02bdbd Move this check before full sync to disable dnsmasq/unbound in the first time it's sync'd 2014-12-26 12:21:33 -02:00
Renato Botelho
f29fd4d08d Add dnsmasq and unbound config sections to full sync, it fixes #4076 that is caused because boolean config fields are not disabled on secondary 2014-12-26 12:20:57 -02:00
Phil Davis
5525974bd1 Display tunnel description on IPsec widget
There was not even code to attempt to display the description.
Also, when I first created a phase1 and there were no phase2 yet, the widget spat out the warning for the line:
foreach ($config['ipsec']['phase2'] as $ph2ent){ ...
So I enclosed that in a block:
if (isset($config['ipsec']['phase2'])) { ... }
Tabbing that block in makes the diff look big when there really is little change - a diff ignoring spacing will look much nicer!
2014-12-26 13:48:06 +05:45