point to new github repo
Use the process name rather to avoid the infamous file not found error
Fix variable name reference, fixes port display after lan IP reset.
Better check for the right bits being set.
Always clear the OpenVPN route when using shared key, no matter what the tunnel network "CIDR" is set to, it still needs it.
fix typo
Use our own git package and not the really old one from FreeBSD's ftp archive for 8.1
Use the actual openvpn restart routine when starting/stopping from services rather than killing/restarting manually.
If more than 2 minutes have passed from the prunning process ignore the lock
Test that timeout value is bigger than 0
Fix fallback pool monitor selection.
Restart ntpd a little differently, seems to stabilize it when restarted from rc.newwanip
Actually let xmlrpc construct the url internally from the passed info it is doing same checks
Correct url creation for xmlrpc. Fix lock order with voucher expire. Bring from master fixes for exec_php xmlrpc code generation
When going through the xmlrpc calls do not hold the lock since deadlock might occur.
Unlink pid file before starting a new process
Bring in the RCFILEPREFIX as constant fixes from HEAD, since otherwise rc.stop_packages was globbing in the wrong dir and executing the wrong scripts. Also seems to have fixed the "bad fd" error.
No need for escaping here since this is php internal functions
Enable cgi for the webgui since some ports like lightsquid need it
Previous attempt to fix #1995 allow to set more than one default queues, prevent it with this change. It should fix #1995
Allow to edit default queue. Should fix #1995
Use functions to reduce code duplication; Add function to clear route to the interface IP before starting openvpn, otherwise the process cannot start. Ticket #2712
Better test if we're running at the cli or in lighty. Also suppress output for the session start if it fails.
Something in the LDAP libraries has changed and it no longer likes spaces in the CA filename. Use the refid for the CA filename since it will always be unqiue, and it will never contain any spaces, unlike authname or the CA's descr.
Put syslogd into secure mode so no remote log messages are accepted. Sending to a remote syslog server still works with this option.
Update etc/inc/voucher.inc
Apply to branch 2.0 as well.Fix array initialization as noted by 'elratt0r' in http://forum.pfsense.org/index.php/topic,49799.0.html
Interface assignment wrongly changing:
When WAN is set to PPPoE and user set other interfaces IP address usingconsole, it wrongly change the interface assignment to use the samedevice of wan. It was caused by a hard coded "wan" onconsole_get_interface_from_ppp() call, when it should use $interface...
Make option 11 kill php and lighty like it does on HEAD
Since php_sapi_name() is useless in pfSense test if argc has been registered or not to avoid warnings on bootup
Sync rc.php_init_setup with master
Add to obsolete files as well
Merge: Just check the file_exists let pkill decide if its a vaild file or not.
Merge improvements to filterdns daemon
Remove cmd_chain.inc leftover
Another fix for issues reported on 2.0.2 with php processes dying. Do not use same path for system webGUI and CP webGUI of the php unix socket. This will cause the later started one, usually CP to exit when it attempts to bind/listen on the same path as previous process! Strange this has not been an issue beforegit diff!
Use proper var here for calculation
Remove to parameters from system_generate_lighty_config that are unused and do a better job at tuning started php processes to not use less/more than needed. This also avoids DoS the system with php processes
Always use fastcgi since the requirement is the same anyhow
Obsolete /etc/inc/cmd_chain.inc
GC cmd_chain.inc it never found uses since pfSense module got used more. Also fix the problem with pfsync on bootup waiting 30 seconds since cmd chain was executed after and pfsync was never brought up to compleete the sync.
Add exec_raw.php to obsolete files.
Remove preload.php even here now that is possible to avoid issues during startup of lighty
Always commit the session fast to allow other consumers to proceed to their requests. This unbreaks now the lock up the GUI had allowing only one action from same source per time. Now even if you run a command that blocks indefinitely for example the GUI want lock anymore but allow you to proceed to other actions. Manual cherry-pick of 4111fcf5307829b19b95fbb499addddff46264af
Welcoming in 2013
Fix out packet count reporting
This is a little tiny fix, for the similar issue that was fixed in 2.1 a month ago (the 2.1 fix had a mix of v4 and v6 packet counting fixUPS). The 2.0 IPv4-only code just had this 1 little error.The 2.1 commit was at https://github.com/bsdperimeter/pfsense/commit/4bdfa5dde01c9fe7f84db252ed654d326b8b30f2
Always make sure php has its own process manager to make lighty happy
Pass -S to tcpdump to avoid an increase in memory consumption over time.
Merge pull request #305 from phil-davis/RELENG_2_0
Minimise rewriting of /etc/gettytab
Bump this, since it seems inevitable at this point.
See forum http://forum.pfsense.org/index.php/topic,57325.0.htmlAvoid possible problems with having a partial /etc/gettytab file by not rewriting it at every boot.This version is for RELENG_2_0 branch.Tested on Alix nanobsd system running 2.0.2
Make mod_fastcgi last to have url.rewrite work properly
Make is_pid_running function return more conisten results by using isvalidpid
Enable mod_evasive if needed for CP
Simpligy lighty config and send all lighty logs to syslog rather to a file not readble by anything
Make sure a device actually exists before trying to act on it. Fixes #2739
Also consider 0.0.0.0/0 here since it fails both these tests but is still a valid/special config.
Fix special build_commit tag that was broken from previous change to how it read the file with the commit ID.
Backport of c578fb0fc6e768739013df8d7aa19f2616272f18
Fixup kernel detection during upgrade process to ensure someone can't end up with a kernel that doesn't exist any more.
No need to do this here - we have a System > Advanced option that already controls this. Revert "Do not allow autocomplete of the password field to avoid security issues:"
This reverts commit 6a68440b8a4fec4b6a5689553e27519e540f2643.
Do not process ip options by default this is 2012
Do not allow autocomplete of the password field to avoid security issues:
Make a function to get the current theme and use it everywhere rather than duplicating code or missing functions. (Fixes forced themes using the wrong theme for login screen)
Conflicts:
etc/inc/util.inc usr/local/www/head.inc
Fix reference to limitrules
Make sure that the limits are included in the normal ruleset, otherwise pf will use the defaults.
Don't die silently if the time is too far off. Fix from: dhatz
Simplify schedules code and some styly nits
Be consistent on formatting to easy reading
Restructure these IP/subnet tests so they don't break transport mode
It's time...
Remove extra curly to allow checking braces closure easily in vi[m]
Ensure this gets a set default value or things can break
Move to RC4... almost there.
Silence tar command to not garble console
Try to keep existing files rather than unlinking/replacing when restoring the package libraries during a package removal. Needs some testing, but for NanoBSD it fixes #1049
Supress the error message if the ldap bind doesnt happen
99./8 is not private IP space
Expand cipher list and remove a cipher that Safari on iOS does not like after recent lighttpd changes. Fixes #2553
Correctly handle getopt so notifications are sent
Make sure one_pass i selected when CP is active
OpenVPN servers can start on carp vips, just not clients.
CP Radius accounting wants bcmod() so we need to activate bcmath.
Bump 2.0.2 to RC3
Add missing global
Put configured limits on rules.limits file and load them before loading the ruleset. To avoid any issues with large rulests and options being loaded not first
Actually do not try to reload everything during bootup since it will be done by bootup code
Do not blindly startup check_reload_status check first
Make lock files availble to all users for usage from php process
Wrong branch
Revert "Import OpenVPN cisco style radius attributes applying policy to logged in users. Feature #2100"
This reverts commit 477cc2bc24b4b0a36b2bc765c1bb4d79a2eacaed.
Import OpenVPN cisco style radius attributes applying policy to logged in users. Feature #2100
Do not allow empty passwords since this might cause problems for some authentication servers like ldap. Fixes #2326
Fix input validation and import test.
Switch to ntpd from ports, add Services > NTP to select interfaces for binding. Respect old ntp settings in the process.
etc/inc/system.inc usr/local/www/fbegin.inc
Don't display a "mobile" user without a username.
Bump to 2.0.2-RC2 after FreeBSD-SA-12:01 v1.1 and FreeBSD-SA-12:02
Up the default for tables to 3000
Add a knob to tune the maximum number of tables that can be defined, the pf default of 1000 is too low for systems with >500 aliases.
List logged-in IPsec xauth users and provide a mechanism to disconnect them. Implements #1986
usr/local/www/diag_ipsec.php
Switch to a common function to determine anti-lockout ports, and fix a bug that was getting the ports wrong with custom https+redirect on.
Don't resolve on ipsec_get_phase1_dst() results, because ipsec_get_phase1_dst() already does that before returning output.
etc/inc/ipsec.inc
Test for empty here, rather than !, so a blank value (as from mobile clients) doesn't fall to the other tests.