Load if_stf module if has not been done
Add missing parameter to interface_track6_configure() call
Fix a typo
Do delayed handling of track6 interfaces a bit earlier. More thoughts need to be done on the track6 configuration
Correct name as reported by phil-davis@github
Destroy the stf interface to avoid issues with ipv6 interface assignment. Also delete any previous address on track6 interfaces before assigning a new one.
Do not do any operation if its not necessary
Create link_interface_to_track6 to make code more readble and easily trackble. Also improve the generation of rules to avoid creating problems during filter reload and some optimizations with it
is_ipaddr_configured() now returns VIPS
Fix indent
Fix whitespaces and indent
Merge pull request #362 from bcyrill/patch-4
Adapt regex pattern for new stp interface naming
Do more strict checks. Also silence some more log_error under debug. Also do some sanity checks on rc.newwanipv6 before doing any operation
Update etc/inc/interfaces.inc
With the new support for multiple stf interfaces their names have changed. Adapt the regex pattern.
Put more checks here
Oops correct interface name
Correct fetching ipv4 gateway by passing correct parameter
Silence error. Maybe the command should be removed completely!
Ticket #2412. Also allow ipv6 traffic to flow on the stf interface
Ticket #2412 6to4 can come from any source. Also tighten rule that reply comes only to the dedicated interface for this rather than any other interface
Fixes #2674. Use the interface mtu rather than hardcoded 1280. Needs to be seen if issues with fragmentation can come from this on 6rd/6to4 tunnels
pfctl -b is gone just use std tools of pfctl
Make this regular expression a little more specific so it does not kill the wrong wpa_supplicant if there are double-digit interface numbers.
Corrected cmd line for hostapd
Revert "Use pid even for hostapd rather then trying to guess with regex"
This reverts commit b73a96b68d1d4e919a268d2e8e3a6ec902709e6d.
Use correct key. Be more strict while checking by suing v4 version for ipv4. Fixes: http://forum.pfsense.org/index.php/topic,58122.msg312024.html#msg312024
Merge pull request #358 from miken32/hp_bandwidth
support HP RADIUS attributes for bandwidth limits and redirection URLs
support HP RADIUS attributes for bandwidth, url, data quotas
Use pfSense function where possible and rename stf0 to interface_stf to allow multiple instances of iot
I am not sure why this is needed but for sure its not needed during bootup
Permit openvpn to use same port on different interfaces. It should fix #814
Fix wrong unset calls
Do not do so much work during boot since all interfaces will be called for configuration no need to go and find those. Also delay tracking interfaces during config to give a chance their parents to come up
Use pid even for hostapd rather then trying to guess with regex
If the interface is not enabled do not try to configure it
Make check more strong and readble. Also make dhcp6c use its pid file to make things easy
is_subnet() will fail here if using comma-separated lists of networks. Use openvpn_validate_cidr() instead.
Move the definition of negate_networks/vpn_networks to its place and re-include ipsec vpns in this tables since scrub for mss clamping need this.
Fix rrd databases upgrade. Helps ticket #2651
- Replace find that was being called with wrong parameters atupgrade_054_to_055() and upgrade_080_to_081() by return_dir_as_array()call.
Add option filter to return_dir_as_array()
- Add a 2nd parameter, default empty, that allows to pass a regex to filter files it'll return- While I'm here, simplify code removinf $canadd var
Display a list of ciphers accelerated by a specific engine. Also, skip engines that are listed but unavailable for direct use.
Fixup paths when executing OpenSSL.
Configure pipe directly in php until ipfw binary is fixed to correctly configure pipes even that context is specified
Correct displaying of ipsec status for natted networks.
Catch up with code change. Pointy-hat: myself
Remove missed line and also improve code for bridge cases
Fix ipfw config generation for allowed IPs
Merge pull request #349 from bcyrill/bridge_patch2
Use unescaped variable in if condition
Correct real interface assignment
Remove return value of interface_bridge_configure
Correct another parameter passed to pfsense functions
Fix holdcount/holdcnt parameter confusion
No need for escaping here since this is php internal functions
Do not use array_keys uselessly
Correctly generate dhcpleases file to avoid issues with dhcpleases. Also while here correct code and make some optiomizations and corrections
Maintain the previous order of creating wireless interfaces at boot so additional virtual APs get the same generated MAC as before.
Try a little harder to find the protocol rather than giving up. Fixes #2751
Actually even earlier since lagg can have wireless ifaces as member or vlan can reside on top of them
To avoid issues reported during bootup with wireless create clones early on bootup. Wireless can only have base interfaces and not clonable one so this should had been done since beggining.
Merge pull request #320 from bcyrill/patch2
Allow empty RADIUS secrets
Put outgoing policy routes even for the vips to correct sourced traffic from them. Fixes #1823
Return the full list of vips to help with #1823
Fix concurrent username logins
Allow specifying multiple local/remote networks for OpenVPN separated by commas. While I'm here, fix up the IPv6 tunnel/remote/local network input validation. Simplify some code using functions.
Move is_inrange() to util.inc and rename it to is_inrange_v6()
Move is_inrange() to util.inc and rename it to is_inrange_v4()
Merge #237 manually whitout the GUI option for specifying interim interval. It will read now this attribute if present in a reply and use it. Fixes #1492
Read Acct-Interim-Interval from an access-accept reply
Mostly for testing name relation in github. No functional change
Put for now the code here in preparation of properly cleaning a recofnigured interface
Teach interface_bring_down to read a cofniguration passed in. Will be useful for Ticket #2758
Do not be so verbose by default this is just needed by a developer at best
Allow set DHCP options per reservation
Resolves #2482. Remove an ipv6 alias from a vip eevn though the pfsense module does not have support for that
Convert all captiveportal code to not use ipfw_set_context since its not needed anymore. Also add code to validate cpzone on webgui pages before being used
Fix some DHCP per pool options that will never be considered because of a wrong check
Escape some variables used in mwexec() calls
Update etc/inc/vpn.inc
There's no need to create a spd.conf.reload file if it's empty.Phase 1 entries for mobile clients are not handled by this function, thus exclude them. Their SPD have a limited lifetime anyway.
Add GUI option to use "topology subnet" for OpenVPN, since the OpenVPN Connect iOS client requires it for IPv6
Validate QinQ interface to be sure it's valid
Use symlink rather than forked commands. Also simplify a bit code
Correct error/alert displaying. Also remove redundant log_errror since file_notice does that by its own
Just the first line is interesting here
Unset some vars to free space and also gather the error from pfctl since the first run of the command no need to run again. Also merge 3 exec() into one to avoid forking to much
Unser some vars to free space
Default to using sha256 digest for GUI cert.
Allow selecting the digest algorithm when creating a CA or Cert. Implements #2765
Remove remenant of file based days
Fix indent and remove trailing tabs and whitespaces
Enable cgi for the webgui since some ports like lightsquid need it
Add routing table display for each OpenVPN ssl/tls server instance, collapsed by default. Part of feature #2766
Add IPv6 privacy settings tunables. Keep the default FreeBSD value for them, that is disabled. This implements feature request #2587
Previous attempt to fix #1995 allow to set more than one default queues, prevent it with this change. It should fix #1995
Update /etc/inc/voucher.inc