pfSense

IPsec can use both RSA and ECDSA certificates, so we need to rename any IPsec Certificate-based authentication methods using "RSA" to something more generic, to reflect that they are certificate-based and not necessarily RSA.

For example, changing this:

$p1_authentication_methods = array(
    'hybrid_rsa_server' => array('name' => gettext('Hybrid RSA + Xauth'), 'mobile' => true),
    'xauth_rsa_server' => array('name' => gettext('Mutual RSA + Xauth'), 'mobile' => true),
    'xauth_psk_server' => array('name' => gettext('Mutual PSK + Xauth'), 'mobile' => true),
    'eap-tls' => array('name' => gettext('EAP-TLS'), 'mobile' => true),
    'eap-radius' => array('name' => gettext('EAP-RADIUS'), 'mobile' => true),
    'eap-mschapv2' => array('name' => gettext('EAP-MSChapv2'), 'mobile' => true),
    'rsasig' => array('name' => gettext('Mutual RSA'), 'mobile' => false),
    'pre_shared_key' => array('name' => gettext('Mutual PSK'), 'mobile' => false)
);

Into this:

$p1_authentication_methods = array(
    'hybrid_cert_server' => array('name' => gettext('Hybrid Certificate + Xauth'), 'mobile' => true),
    'xauth_cert_server' => array('name' => gettext('Mutual Certificate + Xauth'), 'mobile' => true),
    'xauth_psk_server' => array('name' => gettext('Mutual PSK + Xauth'), 'mobile' => true),
    'eap-tls' => array('name' => gettext('EAP-TLS'), 'mobile' => true),
    'eap-radius' => array('name' => gettext('EAP-RADIUS'), 'mobile' => true),
    'eap-mschapv2' => array('name' => gettext('EAP-MSChapv2'), 'mobile' => true),
    'cert' => array('name' => gettext('Mutual Certificate'), 'mobile' => false),
    'pre_shared_key' => array('name' => gettext('Mutual PSK'), 'mobile' => false)
);

Needs upgrade code to adjust existing settings to match new values. There are references to "rsa" throughout the IPsec backend code as well that check for these options that need adjusted to match as well.

This was split off from #4991 since it's a separate task.