pfSense

Silence warnings about missing global key 'booting'

store dnsmasq custom_options as base64

Captive Portal ipfw->pf transition. Todo #13100

New methods for killing states. Implements #12092

LAGG hashing option. Implements #12819

Multiple DHCP6 WAN connections. Fixes #6880

Allow the selection of "any" interface in floating rules. Implements #12392

Keep command line history WebGUI option. Implements #12675

Update the Copyright year of the files owned by Rubicon/Netgate.

Backup and Restore SSH Host Key(s). Feature #11118

Bump up the config version to match a change in plus.

• Removes disk usage from system information widget
• Adds Pfsense\Services\Filesystem\ library
• Adds new disk widget

Update IPsec Filter Mode text. Implements #12289

VTI mode also works for transport mode (e.g. GRE), so note that as well.

Install ACB cron job on upgrade

Prototype cron script to upload ACB backups per #12193

IPsec updates to address multiple issues

• Configure/apply code changes. * Vast performance increase. Fixes #12026 * Changed connection naming to be easier to interpret. Issue #11910
• VTI interface numbering changes. * Name is now "ipsec<reqid>" since reqid is unique per P2 and a low number....

IPsec PKCS#11 support as an optional feature. Issue #11933

1:1 NAT IPsec/OpenVPN/L2TP/PPPoE and interface groups input validation fix. Issue #11751

Add IPsec GUI control for Child SA Start Action. Implements #11576

VTI: Fix interface number limit

Code introduced by commit 3b85b43bb4b tried to keep the old way used to
decided VTI interface number using reqid and index but it was wrong and
allowed numbers bigger than limit (32767) to be used.

This commit removes this logic completely and use incremental numbers...

WireGuard removal: Fix config

Keep `wgpeer` item defined as an array on xmlparse.inc to prevent errors
on config files while they already have WG config items. It can be
safely removed in the next major version.

Created a new config upgrade code to remove wireguard items from config...

Remove WireGuard support

Out of an abundance of caution while we investigate the claims about
WireGuard in public, we need to remove it from pfSense Plus and CE in
order to shield customers from potential risk.

Add option to set IPsec filtering mode. Implements #11395

User can choose between filtering enc (tunnel+VTI) or filtering on
assigned VTI interface tabs (VTI only, drops all tunnel mode traffic).
See https://redmine.pfsense.org/issues/11395 for details.

Typo

Add registered trdemark symbol where appropriate

Retire VXLAN support

VXLAN support is not enterprise ready and after internal discussion we
decided we are not able to support it. We are committed to release
features only when they are ready.

Fixes the saving of peers settings in GUI.

The previous commits had a few mistakes which were fixed in here.

Fixes the WG configuration path and creation.

The GUI is now working as expected to add, edit and save the WG tunnel entries.

Outlines config.xml => wireguard config files utility

IPsec P1/P2 expiration and replacement refresh. Implements #11219

Update the Copyright year.

A subsequent commit will deal with .po's.

Add product_label global variable

Introduce product_label global variable, by default with same value of
product_name. The idea is to make it easier for rebranded products to
change the name on all visual texts while internal structures are
preserved.

While here, remove deprecated $g['platform'] and also replace places...

Remove use of deprecated $g['platform']

Unbound custom TLS port fix. Issue #11051

OpenVPN data cipher negotiation updates. Fixes #10919

• Rename "NCP Algorithms" to "Data Encryption Algorithms" to reflect the change in OpenVPN (frontend and backend, e.g. "ncp-ciphers" changes to "data_ciphers")
• Change "Encryption Algorithm" to "Fallback Data Encryption Algorithm" and move it below "Data Encryption Algorithms"...

Set correct cat command path. Fixes #11032

Create key and zone section for static DHCP mappings. Issue #10224

System DNS Server changes. Implements #10931

There are significant changes here, but ultimately should be a smooth
transition. See https://redmine.pfsense.org/issues/10931 for more
details.

Backup/restore DHCP v4/v6 leases. Implements #10910

Remove extra 00 padding of VTI interface names. Issue #9592

Upgrade PHP to 7.4.x

Add a system option to handle the queue API usage in hn NICs.

A single queue is used in order to enable the ALTQ support, but some people may
prefer performance over the ALTQ features.

Ticket: #9647

Fix #9647.

Instead of forcing the defaults in the OS driver (introducing yet another
change), set the default to enable ALTQ support for hnX NICs in loader.conf.

Ticket: #9647

Merge pull request #4362 from vktg/pf25rtwnregexp

Bump up config version to 20.6.

Create an upgrade function to run console_configure() and force an update
of the boot loader settings.

This is intended to force the Switch settings update (in factory).

pfSense 2.5 rtwn(4) wireless regexp. Fixes #10677

Fix duplicate upgrade function. Fixes #10652

Use close_action=trap, not hold. Fixes #10632

Feature #10392: Improved/unified wording, removed link3, fixed empty() vs !== bug, fixed upgrade code. Increased config to 20.3.

Fix #10525: Handle Chinese (Hong Kong / Taiwan) locale rename

Update SSL refs to SSL/TLS. Fixes #10172

Remove some outdated references. Issue #10156

This is 2020. Issue #9245

Rework IPsec P1 Lifetime GUI options. Fixes #9983

Move syslog format var to syslog.inc. Issue #9808

In some cases, PHP is unhappy with calls to gettext() in globals.inc

Add option for RFC5424 syslog format. Implements #9808

Lower default_cert_expiredays warning threshold to 27 days

Even at 28, ACME still sometimes warns unnecessarily just before renewal.

Merge pull request #4098 from vktg/delzombiealiases

Restructure OpenVPN settings directory layout

• Changed from /var/etc/openvpn[-csc]/<mode><id>.<file> to
  /var/etc/openvpn/<mode><id>/<x>
• This keeps all settings for each client and server in a clean
  structure
• Move to CApath style CA structure for OpenVPN, which implements #9915...

Rename IPsec "RSA" options to "Certificate". Implements #9903

Lower default cert expire days to 28.

At 30 days, an ACME cert may not have triggered automatic renewal yet,
so it would warn unnecessarily.

Update globals.inc

Update globals.inc

Add periodic framework to allow for daily/weekly/monthly tasks. Issue #7332

Add settings to control certificate expiration notifications. Issue #7332

Note that the notices themselves do not yet exist. Those are still a
work in progress.

When resetting all logs, also reset non-syslog logs. Fixes #9802

Add dedicated auth log. Implements #9754

Ensure log cat programs do not emit error messages.

Log setting/size review. Fixes #9734

• Move default GUI line limit and log size defaults to $g rather than
  hardcoding.
• Set default GUI line limit to 500 (up from 50)
• Set max GUI line limit to 200000 (up from 2000)
• Set default log size to 512000 (500 KiB, previous clog default was 511488)...

Relocate newsyslog cron install task. Fixes #9730

Add log compression type option. Issue #9711

Change logging to plain text, deprecate clog. Issue #8350

Fix copyright message years to reflect BSDP -> ESF -> Netgate

Add athp to wireless regex list. Fixes #9600

Merge pull request #4035 from emmtbot/ddns-linode

bump config
Implement redmine #5644

Fix #8821: Deprecate Growl Notifications

Growl appears to be abandoned upstream. No updates in ~5 years, and few if
any users on pfSense

Deprecate the built-in relayd Load Balancer. Closes #9386

It is not available on FreeBSD 12 with OpenSSL 1.1.x.

Users can migrate to the HAProxy package.

Remove unnecessary expiretable cron jobs for ssh/gui lockout. Issue #9223

Move PHP to 7.3.x

Add Dynamic DNS support for Linode #9268

Update copyright notices to 2019. Happy New Year

Ensure IPsec P1 entries have a 'protocol' value. Fixes #9207

ssh settings alignment. Fixes #8974

Remove redundant settings stored in the wrong place
Store all ssh settings in the same place
Initialize this array before use

Fix #7694: Replace sshlockout_pf by sshguard

Add the GUI support to set the VLAN Priority for the DHCP requests.

Ticket #7425

on arm and arm64 machines, set kern.shutdown.secure_halt = 1

the arm systems leave enough running after halt to forward packets.
this is a bad thing. on arm systems, set this sysctl so that when
a halt command is issued, it is severely stopped and no packet...

Upgrade config : Move captiveportal authentication to use user manager

Revise page footer text and centralize footer output for consistency

FEC LAGG is deprecated, remove from GUI and change on upgrade. Fixes #8734

Preliminary footer revisions. Pending link targets

Integrate ACB into core. Add config migration.

routing, add option 'automatic' for gateway selection, and allow manual ordering of gateways

Make GUI/config values for gateway groups match what the backend code expects. Fixes #8586

Merge pull request #3781 from PiBa-NL/20170712-defaultgateway-group

Enable support for php72 variant

Add a global to keep valid meta package suffixes

Gateways, allow for configuring a gatewaygroup as the default gateway.
-Avoid changing routes by just visiting a webgui page.
-Avoid change some unneeded events when nothing changed.

Replace incomplete list of pf reserved words with a list of pf tokens pulled from the pf source. Fixes #8445

Also, move the list to a central location so it does not need to be duplicated.

Captive portal: add option to choose whether to use the bandwidth limits retrieved from RADIUS or not

Automatically upgrade config to preserve old RADIUS bandwidth limits behaviour on existing installations.

Fix #8417

- Changed default value for Maximum Table Entries to 400000 in order to
make bogonsv6 to work
- Added code to upgrade config and set default value on systems where
it's not defined
- Changed default config to match new default and version 18.0...