pfSense

Correct the interface alias generation. Wrong copy-pasto before.

Correct the interface alias generation.

Correct the interface alias generation.

Use remoteips here.

Resolves #1243. Properly handle pppoe new format of config so correct rulesets are generated.

Fix automatic and manual outbound NAT for PPTP. Fixes #954

Fix syntax error/typo. Fixes #1372

Fixes #1444. Implements the same fix that issue ermal made in #1522 to the console menu

Fixes #1386. Correct unlooping nested port aliases.

Correct code to use correct refernces for proxy settings set in Advanced->misc. Reported-by: http://forum.pfsense.org/index.php/topic,36939.0.html

Correct curl setting for setting a proxy username and password. Reported-by: http://forum.pfsense.org/index.php/topic,36939.0.html

Reject alias names that are too long. Fixes #1510

When uninstalling packages try to remove even any rc files created by packages.

When converting 1.2.3 LB pools to 2.0 gateway groups, strip invalid characters from the group names and update any rules referencing the old name. Fixes #1515

Correct default code disabling! Ponty-hat: myself

Disable the default route switching code since its causing more issues than solving. It needs more work to get re-enabled.

Fix PPTP server radius settings upgrade from 1.2.3. Fixes #1292

When uninstalling a service actually stop it first.

Test for null names passed to these functions as a safety precaution.

Test for null names passed to these functions as a safety precaution.

Ticket #1534. Check if a rc file exists before trying to run it. Also return if we execute a stop command through rc file to be consistent with the start_service function.

Don't put an empty PSK into the file, and try to avoid extra whitespace to be safe.

Remove Total users graph this has become redundant and replaced with a cumulative result.

Fix small typo

MAC prefix to vendor resolution at Status->Interfaces, Status->DHCP leases, Diagnostics->ARP table

Merge branch 'axscode-pfs'

Merge branch 'master' into yakatz-ssl

Merge branch 'drcookie-he.net'

Added HE.net (dns.he.net) to the list of available dyndns services.

Resolves #1529. Check if the file exists before opening it.

Resolves #1524. USe the correct field from netstat parsed output.

Test for array before using variable as one.

This function takes two parameters, fix PHP error. Reported at http://forum.pfsense.org/index.php/topic,36648.0.html

Make autocomplete on the login form optional.

Fix IPsec descr trimming for rule labels. Ticket #1426

Test for array/size before foreach

Various CRL fixes, handle empty internal CRLs better.

passive should always be on for mobile clients per racoon man page

Reorder where inetd gets started to after where the package rules are generated, so that a package can add a line to inetd.conf using that process.

If we have deleted the last cert from the CRL, blank out the text.

Ticket #CZH-831780. If gif(4) is part of a bridge and its mtu is smaller than 1500(ethernet standard) do not consider it in finding the smaller mtu because we have a patch to allow gif(4) be member of a bridge with smaller mtu. See https://rcs.pfsense.org/projects/pfsense-tools/repos/mainline/commits/67d3135722db4a3c911761ead5c881ccaef02c65 for details.

Timeout is either a global option and/or a table stanza option. For now made it a global option.
For the future each pool should probably have a configurable timeout.

Fixes #1394. Create a function get_itnerface_default_mtu and use it for resetting the mtu of a interface to default when needed. This adds the overhead of fetching the interface mtu and comparing with the default one every interface configuration run.

Disable this log message, as it can be extremely spammy in the logs.

Some more whitespace fixes.

Use correct config variable and fix some whitespaces.

Give time to filterdns to exit gracefully and after that start a new process.

Resolves #1486. When sticky option is selected under advanced->misc honor it even in the relayd.conf setting.

Bring back the optimization on max-packets at pf(4) level now that the issues with daemon have been identified.

Bring back the optimization on max-packets at pf(4) level now that the issues with daemon have been identified.

Now that layer7 daemon issues are resolved bring back this optimization.

Revert "Do not write ont rules anymore max-packets. This apparently was done by me in a previous commit, it helps with Ticket #636."

This reverts commit c8703797e5c24e6619ad14819fc62b3cb8a6ae3d.

Add a newline to the igmpproxy config to resolve issues of it not parsing correctly the file. Reported-by: http://forum.pfsense.org/index.php/topic,36279.0.html

Correct saving of qinq specified members and also correctly destroy parent vlan when deleteing the interfaces. Also take care of attaching to netgraph now that we detach by default.

Remove rndtest sysctl since the kernel module is not anymore part of our kernels. Leftover noticed by: Jim

Remove rndtest sysctl since the kernel module is not anymore part of our kernels.

Make sure that openvpn tunnels are not impacted by hitting 'Save' on the Interface->Configuration page when assigned.

Use the needed variable here so hitting 'Save' from Interface->Configuration section does not leave the assigned gif interfaces without tunnel addresses.

Some configurations might have gre/gif on top of carp. Make sure to handle this configurations and to bring the tunnel correctly up.

Don't just blindly echo to the ntpd.log, it's a clog file and that will break it.

Actually call interfaces_carp_setup after the carp interfaces are created so carp traffic can only flow after we have all vips up and running. This prevents premption more early than necessary. Ticket #1432.

If the bandwidth value is coming from radius scale it up to the requested Kbit/s unit.

Merge branch 'master' of http://gitweb.pfsense.org/pfsense/mainline.git

checking moduli of ssl csr request and response

Fix PPPoE upgrade, the <pppoe> tag is considered an array these days and the upgrade code wasn't treating it properly, accessing it directly instead of using the first entry ([0]). Fixes #1439 - PPPoE credentials upgrade properly now.

Confirmed working fix for ticket #1417 - with this change I have two-way connectivity on Site-to-Site (SSL/TLS) with iroutes.

Backing out changes from ticket #1417, it was not a valid openvpn config that the user was trying to make.

Harden SSL settings a bit. Verified OK with Chris Buechler and Bill Marquette

Slightly different fix for #1417 that doesn't mess up other parameters needed by p2p_tls

Block instead of allowing proto carp/pfsync during bootup since this may cause issues. Ticket #1432

Add an option under advanced->misc to specify a proxy for retreiving pfsense package info or downloading packages.

Save a little space on the interface list for console assignment.

Add missing fields for l2tp to define dns and wins servers

Do not send growl notices twice

Remove blank trailing c/r.

Notify via smtp as well as growl

Drop the ntpdate sync in favor of using ntpd -s, which should have the same net effect without needing the shell script that has been prone to hanging.

Add a toggle under System > Advanced on the misc tab to enable/disable debug mode for racoon.

Add an IPsec xauth permission. Try to use the nologin shell first (just unlock the account). Ticket #1202

Putting client-config-dir in the config is valid also for p2p_tls servers. Fixes #1417.

Resolves #1391. Bring back VPN auto rule disable advanced setting.

CRL is read in as an array now, so even in the imported config it will appear to be an array even though it can only have one value. Fixes #1358

Fixup text.

Actually re-parse the config if a valid config was not written. (Should help stop installs from blowing up on failed config upgrades). Save the bad config for inspection, and print a message to the console about what was done.

Correct error message for gateways to report down when the gateway is down and not high latency.

Another sweep at keeping the default route always present when the default setup route is marked as down. This now adds checks for configuration where a defaultgw is not specified by the user but deduced automatically.

Unbreak inetd.conf generation to avoid entries containing Array entries. This gixes nat reflection and a spamming of the system with nc processes with wrong parameters.

Fix variable name

Try to always keep pfSense with a default gateway to avoid errors for service running from pfSense itself. Previously PBR should be configured for such services. While PBR is a better fix this at least keeps users from complaining in simple setups. Reported by many.

On interface ip change reload even igmpproxy. Reported-by: http://forum.pfsense.org/index.php/topic,34372.0.html

Add -a to include all updaterrd.sh scripts running and also remove top killing since its not used anymore in stat gathering.

Fix indent.

Switch back to dev_mode so existing configs aren't broken by the other changes.

Correct the conditional testing.

Do not show the default queue selection for a queue that has child queues

Prevent non-numeric chars from being inputed on bandwidth field.

Use a different loop counter variable to avoid a name collision

Test for value present before using.

Test for value present before using.

Unset xmlrpcauth and not the first member of the array.

Check for function existence before calling it.