If vouchers are disabled do not allow users to authenticate thorugh existing(active/in use) vouchers. Reported-by: http://forum.pfsense.org/index.php/topic,38342.0.html
Launch running script as well
Don't check OpenVPN ports in use against disabled clients or servers
Add rc.local.running if rc.local is running so it can reattach after a console logout
Fix copy and pasto
Launch rc.local into &
Feature#1603. URL table aliases should be usable within network type aliases.
Remove $id. Bump (C) date
If rc.local exists launch it
Regenerate permissions
Use error log and log errors to /tmp/PHP_errors.log
Use empty() so we don't use it if it's defined but blank.
If available, also track the IP used by a user making a config change.
Correct pid filename so the instance of lighty for SSL is running.
Move interfaces_staticarp_configure() to interfaces.inc where it really belongs.
Instead of deleting arp entries, reconfigure static arp. For interfaces without static arp enabled, the net effect is the same (arp entries are already deleted as part of that function). Fixes #1628
Check if an item is an array before treating it as such in the upgrade code.
Put resolvconf generation first since gif tunnels can use hostanmes
Add recovery code for gif/gre the same as in interface_configure. This helps gif/gre tunnels. Needed for capr? Suggested-by: jim-p
Do not show the root interface queue on the queue list availble since it is not allowed to choose it. Ticket #636
Add proper checks in auth code for testing if the section has been set in the config. Also do the same in the ugprade code
Adding patch for pfearly hook from Andrew Thompson
Bail out of ipsec_get_phase1_dst if there is no remote gateway, else it falls into running resolve_retry() with invalid parameters causing a long delay in returning.
In upgrade code for server load balancing, set redirect_mode. Also in the backend code, assume redirect_mode as the default if it's not set.
send lighttpd a KILL in restart_webgui, once I've seen the former way result in a never ending stream of .... never killing it, and others have reported the same. a killall -9 sufficed in those instances to kill it, so this should resolve.
Fix off-by-one in OpenVPN "local" to "ipaddr" conversion.
No need to use nohup when using mwexec_bg since it calls nohup itself. Also use fullpath to executables.
Remove nohup from the calling for check_reload_status since it may cause issues to the processes that get forked from it.
Add LB monitor types to config during upgrade, or they will be missing from boxes upgraded from 1.2.3.
Import error handling to avoid errors.
Internal cert and CSR creation error handling added.
Internal CA creation error handling added.
Intermediate CAs and openssl_xxx() error checking in CA management.
Add small comment about rrd binaries
Loosen grep for rrd
Backup rrdtool binaries during package reinstallation. Currently that is the onlyp package that can be clobbered by others. We will rework this completely in a future version when we adopt PBIs.
The fix of Ticket #1341 broke the FQDN aliases with only one hostname entry, reported-by: http://forum.pfsense.org/index.php/topic,38051.0.html. Fix this regression by properly handling this cases.
Properly generate a subnet based on the range of IPs for PPTP clients. Bonus: fix off-by-one math error in the NAT code that does the same thing. Fixes #1614
New line missing after pkg is extracted.
Set extension name correctly.. Duh!
Add extension directory
More whitespace fixes.
If no event_address in globals.inc specified assume the default. Also fixed whitespaces.
Add custom boot early hook
Use correct directory
Kill olsrd if it is not enabled. Reported-by: http://forum.pfsense.org/index.php/topic,37931.0.html
mkdir zend modules
Add 'dynamodules' for zend_extension and zend_extension_ts. /etc/php_dynamodules_zend and /etc/php_dynamodules_zend_ts directories
Remove ioncube
bump to RC3
Do not check dynamic and special interfaces for a complete interface mismatch error
Do not create blank domain lines if domain is gone from config.xml. It breaks tools such as dig when troubleshooting, etc.
Simplify message that wraps off screen
Fix formatting of fastcgi params in lighty config.
Add a GUI field to adjust the max number of processes for lighttpd.
Bug #1437. Dropdown list for country codes (CA manager)
Do a more thorough check for platform on the ro call, or factory reset blows up.
Faster/more efficient xmlrpc sync for users/groups. Seems to work fine for me. Coded-By: Ermal
PHP says that arrays cannot be used as keys, protect against this case as reported that some keys are arrays!
Restore this back to allow both users and vouchers enabled at same time.
Add carp.xml to obsolete file list.
Use the new username field from the GUI or default to admin.
Up config number for username sync upgrade.
Upgrade sync username to latest config version.
Actually correct check so it throws some errors during the second try.
Correct functiong does_vip_exist() to actually work. Fixes #1598
Ooops fix the function. Spotted-by: wagnosa(IRC)
NEw functiong does_vip_exist() which works for carp and ipalias type vips to help in carp sync issues. Fixes #1598
Porvide information for the filter reload status screen.
Do not call time() uselessly every time for each entry. Instead just snapshot it and use it in calculations. This helps performance and useless paranoic time fetching since every 60 seconds the code will be executed again.
Do not test for availbility of voucher session_timeout in the database it is mandatory for vouchers. This will make sure that if ever a corrupted db happens a user will be required to relogin and correct the db. Possibly related to: http://forum.pfsense.org/index.php/topic,37636.0.html
Fixes #1327. Trigger synching of vouchers to config through check_reload_status. Retire the saveinterval option since it is not useful anymore. Use the prune process of captiveportal to sync vouchers as well to fix issues as reported-by: http://forum.pfsense.org/index.php/topic,37636.0.html
Ticket #1545. Ooops pass parameter so the dyndns works correctly. Pointy-hat: Copy/pasto
Allow OpenNTPD to listen on Virtual IPs, not just interfaces. Fixes #342
Fixes #1341. If a table has not entries it is marked as persist and pf(4) does not clear its contents. Schedule a table flush for these tables after filter reload to make sure an entry is not forgotten.
Actually correct vip check to be correct for all vip types.
Send correct event for reloading packages.
Do not destroy and create the vip during interface [re]configuration since it causes unecessary work and most importantly issues.
Disconnect any voucher forced to expire if there are active sessions with it.
Allow a second optional argument to captiveportal_read_db to be able to index the read db by the field in the db.
Correct variable name so voucher disconnect on synchronized vouchers works properly.
Adding ioncube
Include ssh2 module if available
Correct event calling during bootup for rc.newipsecdns and also convert the command executed during an ipsec even to go through check_reload_status which will prevent races on calling rc.newipsecdns. Which might lead to many filterdns processes.
Switch this to check_reload_status event to see if it solves any possible issues of nohup blocking signals to be delivered to filterdns proces.
Suppress keyboard device errors on bootup
Fix pppoe server user rule generation. Fixes #1577
Correct possible lock leak.
Fix whitespace.
Ticket #1412. Fixing the access login to the user manager presented another problem since now users cannot change their passwords anymore. Allow this through another page and an extra priviledge needed to be added to the user for allowing them to change the password.
Ticket #1545. Take into account curl errors during dyndns service checks otherwise will just mark some updates as successful even though they are not.
Merge branch 'master' of github.com:bsdperimeter/pfsense
Typoes
If a mode_cfg subnet is defined for IPsec, also add it to outbound NAT.
Add a GUI selection for racoon's generate_policy directive since it may be useful in certain configurations, especially for mobile clients.
When making a P2P SSL/TLS OpenVPN server, if the given CIDR for the tunnel network is a /30, don't use the OpenVPN server directive. See ticket #1417
fixed for use pfsense API
Better management for reload lighttpd
Show how much data has passed on an SAD entry.