Skip interface subnets for IPv4 here, this is best handled via the NAT networks list. Ticket #4023
Use the subnets automatic outbound NAT uses for tonatsubnets for Unbound's access-control config, as this is a good source of what networks are internal. Ticket #4023
correct logic here to omit 127.0.0.1 from resolv.conf when no DNS resolver bound there.
fix typo
Ooops do the right things for a correct config and php syntax
Put the aggressive line only during ikev1 configs
Ignore linkup/down events on disabled interfaces.
Remove var_dump from production code
Remove AES-GCM from phase1 settings algos since its not recommended
Show Mtu on status interfaces.
Use proper function now that this call is not needed anymore
Ticket #2786 handle the mtu on bridge same as on lagg. Cleanup some not needed code while here
Remove the mac address propagation to vlans since FreeBSD 10 handles this itself
s/Unbound DNS Forwarder/Unbound DNS Resolver/ to be consistent with other wording in the GUI
Remove gmirror_status.inc from obsolete files list as it exists again in our repository.
remove unused function referencing racoon
Fixes #2786, properly handle the chain of interfaces during lagg configuration for mtu. For most interfaces this works, bridge will be added in a separate commit
Actually to not change all scripts running both versions of console and gui just detect that the caller is through fpm-cgi and make it include config.gui.inc to avoid having issues in general from being called from wrong places.
Set the timezone even during config.gui.inc to please the timezone selection
Provision for inclusion from different places.
Remove useless check
Do not let the config.inc to be included from GUI scripts.
Merge pull request #1347 from phil-davis/patch-3
Correct logic for lagg mtu. Also optimize and cleanup dead code
The net.inet6.ip6.rfc6204w3 needs to be 1 for dhcpv6 to work correctly. Fixes #3361
Fix issue of previous commit on adding bridge memebers.
DHCP6 might start after bootup
Revert "Gather DNS information and return on bootup"
This reverts commit c2847e0faa781712f6419c8f305c97df66d9d233.
Use the same strategy as on CP by putting a file to detect running instances and if older than 90seconds continue otherwise just let the previous one continue.
Gather DNS information and return on bootup
Put the booting signal in globals.inc since it makes all the other scripts detect we are booting. Otherwise separate php instances will not detect that. rc.bootup clears this flag so all should work correctly
Ignore empty interfaces and ovpn ones on linkup since they should not trigger this script actions
Be friendly to large interface systems
Fixes #1047, overhaul handling of flags for hardware offloading and make it work correctly for system_advanced page settings. Lagg is still a special case that needs a reboot.
Process unbound start from status services
This was missing, so nothing happened when the user tried to start Unbound from Status->Services
Merge branch 'master' of https://github.com/wagonza/pfsense into wagonza
add a usleep here to prevent killing twice. Ticket #3894
In some circumstances, OpenVPN doesn't exit on SIGTERM. SIGKILL it when that happens. Ticket #3894
MSS clamping on VPNs is necessary in both directions where it's needed. Rather than requiring setting on both ends, especially since the remote side can be some third party device where MSS clamping may not be available or not work, set in both directions here.
clean up tabs in strongswan.conf
touch up text
d DHCPLeases starting before Unbound/DNSMasq and returning a pid not found message. Add missing reload feature
Fix misspelling
Fix syntax
Properly remove IPv6 carp vips as reported from https://forum.pfsense.org/index.php?topic=84392.0
Fixes #3198, check that subnet masks are equal when choosing binat type for IPSec to avoid errors on ruleset.
Make this a bit more clean to read
Fixes #1047, Actually the code is trying to set flags on the parent. so allow it even for vlans since they will follow the parent. At least so seems on FreeBSD 10.
Be a bit more smart here to not check openvpn side if it is already found. Ticket #1681
Ticket #1681, Renato seems to have done the right thing here, just be a bit more smart on the information that is already there.
Log in system log the result of install_package to be able to troubleshoot later on.
Force installation even here.
Sprinkle some static definitions to avoid warnings from PHP
Split the various calls here to avoid php warnings with new versions.
Make this code do proper checks in all cases
Ticket #4007, properly pass the table number here to retrieve the status.
Only skip tap-type OpenVPN servers, not all. Fixes #3713
also check port of dnsmasq/unbound and skip 127.0.0.1 in resolv.conf ifnot port 53. Ticket #4022
don't blow away previous contents of this variable. fixes #4022
Do the tests check properly related to Ticket #2786
Actually use all hex values on the gateway of 6rd to please route command
Correct gateway for Ticket #2882 to the proper value as reported by: cmb
Matching bracket in vpn.inc
Reported forum https://forum.pfsense.org/index.php?topic=84322.0
Make sure system_hosts_generate() is called by services_unbound_configure(). It should fix #4027
Fixes #3894, --resolv-retry is infinite by default. To avoid the issues of locking the persistnet tun device by this just retry two times by default. People can enable resolv-retry infinite themselves for previous behaviour
Ticket #3987. Strongswan support autodetection of IKE version exchange. Support this by allowing an auto version in the GUI.
Ticket #3809 use the setting with number rather than string since the parser of attr plugin understands only numbers. Reported on: https://forum.pfsense.org/index.php?topic=84304.0
Shorten up the MAC pass-through descr. It was redundant, and for those with huge numbers of auto-added MAC passthrough entries, it adds up to a significant amount of config space (adding to delays when launching CP). helps Ticket #3932
update error log in accordance with change in input validation. thanks Phil Davis for pointer
Actually trim if the user put any : on the prefix of the ISP to be able to properly set the gateway
Properly generate the default gw for 6rd set it to prefix:BR and also the prefixlen of the interface set it to the ISP prefix and on LAN set it to the delegated one.
Revert "Revert "Use unbound from ports, it should fix #4020""
This reverts commit cd7b929ac0ee324b96baabcd216cf303be937db7.
Revert "Revert "Obsolete unbound from FreeBSD base files, ticket #4020""
This reverts commit d56dc72a43405ef7276f2b22ce4dc204ac1469fe.
Blah fix typo
Actually issue stfv4net even for /0|/32 subnet since its required
Revert "Obsolete unbound from FreeBSD base files, ticket #4020"
This reverts commit 8fde4ae8be00bfe7f9cfec107f6566413f41b5f7.
Revert "Use unbound from ports, it should fix #4020"
This reverts commit f13df0e3f1bf45d8dab01805f757e623165c044f.
Use unbound from ports, it should fix #4020
Obsolete unbound from FreeBSD base files, ticket #4020
Merge pull request #1332 from phil-davis/patch-3
Static gateways weren't being added to the routing table after configuring at the console, fix that.
check for IPs here also to avoid invalid config entries. change my last fix to v4/v6-specific
Verify IP address before putting into unbound config. some "Array" entries were ending up there.
192.254.0.0/16 isn't private, remove
add vmx to list of ALTQ capable interfaces
correctly specify arrays here. Fixes last of issue with Ticket #3955, andprobably a variety of other bugs.
Fix pw syntax when local_group_set() is called with reset == true, -M always require a parameter
Merge pull request #1339 from dembeck/master
Merge pull request #1340 from phil-davis/patch-5
Unbound improvements and fixes, ticket #4011:
- Create dhcpleases_entries.conf, feed by dhcpleases- Do not read lines created by dhcpleases from /etc/hosts to populatehost_entries.conf- Simplify logic for host_entries.conf creation
Take unbound into consideration when creating /etc/hosts, also use new unbound parameters for dhcpleases when it's necessary, helps ticket #4011
Use the name entry now that there is a definition for it
Improve test in unbound_add_domain_overrides
Actually the test condition happened to work OK! But this change makes it easier to understand what is really intended.
Fix the generation of certificates for rsa type. strpos returns the pos as 0 for rsasig but it php considers that as false anyhow
add the last few missed files to obsoletedfiles list. Ticket #3970
Properly handle CARP IP binding in dnsmasq post-changes for FreeBSD 10.x CARP. Ticket #4012
show tunnelv4 on v4 the same way tunnelv6 is shown on v6
Sorted the provider names alphabetically
Handle reverse-lookup zones for unbound
By default unbound returns nothing for private reverse lookups. Here is some information about that from https://www.unbound.net/documentation/unbound.conf.html-------- The default zones are localhost, reverse 127.0.0.1 and ::1, and the...
Don't try to clear states to gateway, all that does is wipe the entire state table unnecessarily. rc.newwanip takes care of killing states appropriately as needed when an IP changes.