Remove accidentally added debug code
Revert dhclient timeout to the default of 60 seconds. Setting it to 20 minutesis a bit insane (if you haven't gotten a reply in 60 seconds, you aren'tgetting one), and causes systems to hang 20 minutes during"Configuring WAN" at boot when there is no DHCP server available...
attempt loading SPD entries 4 times
Somehow sending a SIGHUP before flushing and reloading works better thenafter. Technically a SIGHUP to racoon should not do anything.
Flush both SA and SPD entries
Fix copy and pasto.
Add sipproxd hooks.
Make 3 passes at loading the SPD entries as this will fail on large configurations > 250 tunnelsTested by smos@ 399 tunnels 239 active, ok by sullrich@
remove DynDNS cache in services_dyndns_reset()
Ticket #1589
add vr(4) VLAN support
Ticket #1561
Reapply patches from ticket #1532
Correctly remove freebsd package upon package deletion.
text cleanup
Use list of VLAN long frame and native capable interfaces from globals.inc, and remove duplicate (and incomplete) list in interfaces.inc. Update list in globals.inc.
Only iterate items if it is an array.
Revert broken OPT interface removal commit. This breaks configurations entirely, worse than just improperly shifting configuration items.
Ticket #1532
change label to more accurately portray purpose of rule
The original code did a mixed work: the part in interfaces_assign.php first renamed the interfaces, and then called cleanup_opt_interfaces_after_removal(). The latter didn't do anything at all: it never entered the loop, it didn't save the result of str_replace, it didn't save the resulting config after the processing. And if it had worked, it would have renamed the interfaces a second time as a side effect, completely messing-up the config....
globals.inc is required so that we use the correct lock file!
If /etc/pwd.db.tmp exists when we are syncing the password database then remove the temporary file prior to attempting to sync.
Don't forget line breaks!
Correctly remove old clients correctly.
Submitted to m0n0wall list by R?nnblom Jan?ke /Teknous
Define lanip
Set server.max-request-size to 384 for captive portal.
Limit captive portal uploads to /tmp/captiveportal which has no access to write files.
Allow pfsync and carp traffic on captive portal.
MFC from HEAD
Set dhclient timeout to 1200.Set retry value to 1.Set select-timeout to 0.Set initial-interval to 1.
Sometimes when the user enters the hostname of the HTTPs captive portal server it resolves the IP address to $LANIP. Allow access to $LANIP in addition to the $CPIP so that we can speedup captive portal by 10000* in these cases.
Move update bogons script to 3am.
Discussed on pfSense-support@
Log when we change the bogons frequency hour.
Move special case fixes before we return so that it can be processed.
Change bogons update script frequency to 2am.
Failover in 10 seconds as opposed to 60 seconds on DHCP Server failover mode.
IPSEC keep alive pinger using the wrong source IP address
Ticket #1482
fix setting of sysctls to remove error at bootup
multiple vlans + spoofmac result in unexpected behaviour
Ticket #1514
IntroductionI have an acceptable workaround, so the problem is not urgent, but before i fiogured out the workaround, is was severely impacting performance (3 interfaces not operating). I am a network specialist and I am available to assist wherever possible. If the issue si considered seriousenough for a fix, I can assist in more detailed pinpointing using tcpdumps on test-platforms....
Adding keep alive host to IPsec causes warning in webGUI
Ticket #1509
MFCTicket 1709: fixed typo in OpenVPN cfg-page
Ticket #1482 - set the source to an interface that is inside the subnet definition
Remove blank c/r
Allow the interface assignment code to exit from its strict checking. This allows Netboot installation services to work correctly.
MFC of [19631] for Ticket #1456drop one level of verbosity in tcpdump. Some protocols will still decode to multi-line message - not an easy fix. Doesn't appear to break non-raw log display
Add VRRP as a protocol type in the decode
Correctly set reflection timeout for all protocols.
MFC RELENG_1. Make it possible to disable RRD graphs. Bump config so it's on by default if it wasn't already.
Sync NATT support from m0n0wall
-move upnp_action to services.inc-make sure to clear rules when stopping miniupnpd-fix status_upnp and status_services pages so they use upnp_action and not the rcfile
Correct average times, otherwise the grap stops after 8 months.
Oops, correct path to binaries
CAPS kills. Literally. Do not set the description to upper case LAN when we are looking for lower case.
Kill off old pftpx processes correctly
MFC IPSEC fixes from seth, this should properly reload and handle largeconfigs > 300 tunnels.
Use $lanif for lan anti-lockout rule
Missed commmit
Escape $lan correctly
Do not use $iface as source or destination as it may be a member of a bridge without an ip address and pfctl will complain.
Since we are matching traffic on incoming interface, do not link wan or lan to bridgeX
Only pass anti-lockout traffic on $lan
Cleanup IPSEC rules. We where blocking port = 500 UDP on CARP interfaces, for one.
Be more verbose on logging so that we can correctly deterimine protocol, etc.
Ticket #1348
$config needs to be global
unbreak policy routing rules network access to LAN IP
Ticket #1320
Correctly move upnp to base since LiveCD cannot write files to /usr/local/etc or /usr/local/etc/rc.d/
Ticket #1342
Remove openvpn csc file when option is disabled.
Ticket #1339
Do not antispoof on wan when it is bridged.
Ticket #1352
Move CARP and PFSYNC allow traffic before USER_RULES section. If a person has a restrictive ruleset then it is possible to disallow traffic.
Default to nat-reflection inactivity of 2000 which is roughtly 33 minutes.
Correct location of use_rrd_gateway.
Make sure we are writable for /etc/crontab
Unbreak captive portal images.
Restore previous PPTP changes.
With the tweaks that have occured today fastcgi can now run again on 64 megabyte machines.
Close STDIN ($fp) handle before returning back to shell. Major doh's.
use killall
Correct ps location
Kill trailing space
Instead of skipping DHCP server on LAN in a bridged environment, simply log an error letting the operator know that DHCP Server is enabled on LAN in a bridging environment.
Use keep state instead of modulate state
Really only allow adavanced tunables when some kind of state tracking is enabled.
Only allow adavanced tunables when some kind of state tracking is enabled.
Pass gre in any direction.
Update static routes on filter reload
Ticket #1330
Unbreak local queries that where broken in Ticket #1190 until we hear back from author of the patch.
Don't check carp settings, check if vip addresses exist.
usleep(1000); between down and delete. this appears to fix the carp issues.
Do not destroy carp interface which can lead to a panic. This has been tested and works just fine after deleting and adding new carp interfaces.
Commit forgotten vpn_ipsec_force_reload()
Work around a FreeBSD where 2 carp interfaces exist and you delete 1. This ends up panicing the kernel. This is fixed in 7 so this will not be needed much longer.
prepare for widget package
Use pfSync SYNCPEER directive if defined.
Ticket #1317
Scrub the absolute minimum amount for PPPoE
when pppoe aliases on pppoe server are made they make aliases for ng0 to whatever. but ng1 should be the start for pppoe-server ng0 should be reserved for pppoe client this problem could effect pptp server as well.
Ticket #1308
Do not flush SPA and SPD before starting. It upsets racoon.
$config needs to be a global item
Honor sticky-address setting from system->advanced for outgoing load balancing items if it is enabled.