Alexander Marx [Tue, 10 Nov 2015 09:59:12 +0000 (10:59 +0100)]
BUG10964: When entering wrong data in dma setup, the fields are blanked
When entring wrong values in the fields and saving the site, there comes
an errormessage and all fields except mailserver and port are blanked.
Now the fileds are preserved and all data is displayed even after an
errormessage
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Mon, 9 Nov 2015 11:42:47 +0000 (12:42 +0100)]
BUG10940: remove leading zeros in ip address
in firewallgroups (hosts) an error was created when using ip adresses
like 192.168.000.008. Now all leading zeros are deleted in
firewallgroups and in the firewall itself when using single ip addresses
as source or target.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Sat, 31 Oct 2015 06:34:56 +0000 (07:34 +0100)]
BUG10965: only write auth.conf if username/password are set
auth.conf was always written, even if no username/password provided.
In this case only the ip or Hostname of the mailserver was written into
auth.conf. Now the file is only filled if username/password are filled.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Tested-by: Timo Eissler <timo.eissler@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 30 Oct 2015 15:47:21 +0000 (15:47 +0000)]
openvpn: Add option to download a client package with PEM files
This patch adds the option to download a client package
that comes with a regular PEM and key file instead of a
PKCS12 file which is easier to use with clients that
don't support PKCS12 (like iOS) opposed to converting
the file manually.
This requires that the connection is created without
using a password for the certificate. Then the certificate
is already stored in an insecure way.
This patch also adds this to the Core Update 95 updater.
Fixes: #10966 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> CC: Alexander Marx <alexander.marx@ipfire.org>
Previous we had not configured it so the ssh default order was used.
Now we define it to disable dsa so we had to give the correct order but
in the example cfg rsa is prefered.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Alexander Marx [Sat, 17 Oct 2015 17:27:03 +0000 (19:27 +0200)]
BUG10941: fix single ip-addresses when no subnet given
Some functions when adding a new route where senseless.
Now the ip address is checked and in case of a missing / wrong
subnetmask an errormessage is raised. The ip address is preserved.
ELSE
we convert the subnetmask to cidr notation and calculate the network ip
correctly.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Sat, 17 Oct 2015 16:32:10 +0000 (18:32 +0200)]
BUG10806: fix wrong customhostgroupcheck
The function to check for valid hostgroup entries not only
checked the target hostgroup but also the source hostgroup if any.
This lead to the error.
Now the check only affects target hostgroups because it does not matter if a sourcegroup contains mac addresses.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Sun, 18 Oct 2015 11:23:32 +0000 (13:23 +0200)]
firewalllogcountry.dat: Do not show 'Details' button for unkonw location.
The CGI offers the posibility to get more details for a certain locations
by clicking on a button.
This feature cannot be used for the category "unknown". To prevent users
from beeing confused about non show-able details, I added some code to hide
this button for this category.
Fixes #10726.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Sun, 18 Oct 2015 12:25:50 +0000 (14:25 +0200)]
pppsetup.cgi: Fix site layout when no TYPE is specified
There was an issue with false generated HTML code, in case
of an empty or unset $pppsettings{'TYPE'} variable which results
in a missplaced website footer.
This patch moves the code for closeing the table and the call of the
closebox() function to the correct place to prevent this display issue.
Fixes #10565.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 3 Oct 2015 21:31:53 +0000 (22:31 +0100)]
ipsec: Add block rules to avoid conntrack entries
If an IPsec VPN connections is not established, there are
rare cases when packets are supposed to be sent through
that said tunnel and incorrectly handled.
Those packets are sent to the default gateway an entry
for this connection is created in the connection tracking
table (usually only happens to UDP). All following packets
are sent the same route even after the tunnel has been
brought up. That leads to SIP phones not being able to
register among other things.
This patch adds firewall rules that these packets are
rejected. That will sent a notification to the client
that the tunnel is not up and avoid the connection to
be added to the connection tracking table.
Apart from a small performance penalty there should
be no other side-effects.
Fixes: #10908 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Cc: tomvend@rymes.com Cc: daniel.weismueller@ipfire.org Cc: morlix@morlix.de Reviewed-by: Timo Eissler <timo.eissler@ipfire.org>
Stefan Schantl [Sat, 10 Oct 2015 16:07:38 +0000 (18:07 +0200)]
tor.cgi: Fix missing country flag icons.
The CGI now is using the GeoIP::get_flag_icon function provided by the
geoip-functions.pl, which takes care of the changed flag icons shipped
by core update 90.
Fixes #10919.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Tested-by: Jan Paul Tuecking <jan.paul.tuecking@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Lars Schuhmacher [Thu, 24 Sep 2015 22:04:08 +0000 (00:04 +0200)]
IPsec: Remove GUI option for "Roadwarrior virtual IP"
This setting stems from IPCop (and probably Openswan) and causes a problem.
Fixes bug #10496.
Signed-off-by: Lars Schuhmacher <larsen007@web.de> Acked-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>