pfSense

Add option to set IPsec filtering mode. Implements #11395

User can choose between filtering enc (tunnel+VTI) or filtering on
assigned VTI interface tabs (VTI only, drops all tunnel mode traffic).
See https://redmine.pfsense.org/issues/11395 for details.

Typo

Add registered trdemark symbol where appropriate

Retire VXLAN support

VXLAN support is not enterprise ready and after internal discussion we
decided we are not able to support it. We are committed to release
features only when they are ready.

Fixes the saving of peers settings in GUI.

The previous commits had a few mistakes which were fixed in here.

Fixes the WG configuration path and creation.

The GUI is now working as expected to add, edit and save the WG tunnel entries.

Outlines config.xml => wireguard config files utility

IPsec P1/P2 expiration and replacement refresh. Implements #11219

Update the Copyright year.

A subsequent commit will deal with .po's.

Add product_label global variable

Introduce product_label global variable, by default with same value of
product_name. The idea is to make it easier for rebranded products to
change the name on all visual texts while internal structures are
preserved.

While here, remove deprecated $g['platform'] and also replace places...

Remove use of deprecated $g['platform']

Unbound custom TLS port fix. Issue #11051

OpenVPN data cipher negotiation updates. Fixes #10919

• Rename "NCP Algorithms" to "Data Encryption Algorithms" to reflect the change in OpenVPN (frontend and backend, e.g. "ncp-ciphers" changes to "data_ciphers")
• Change "Encryption Algorithm" to "Fallback Data Encryption Algorithm" and move it below "Data Encryption Algorithms"...

Set correct cat command path. Fixes #11032

Create key and zone section for static DHCP mappings. Issue #10224

System DNS Server changes. Implements #10931

There are significant changes here, but ultimately should be a smooth
transition. See https://redmine.pfsense.org/issues/10931 for more
details.

Backup/restore DHCP v4/v6 leases. Implements #10910

Remove extra 00 padding of VTI interface names. Issue #9592

Upgrade PHP to 7.4.x

Add a system option to handle the queue API usage in hn NICs.

A single queue is used in order to enable the ALTQ support, but some people may
prefer performance over the ALTQ features.

Ticket: #9647

Fix #9647.

Instead of forcing the defaults in the OS driver (introducing yet another
change), set the default to enable ALTQ support for hnX NICs in loader.conf.

Ticket: #9647

Merge pull request #4362 from vktg/pf25rtwnregexp

Bump up config version to 20.6.

Create an upgrade function to run console_configure() and force an update
of the boot loader settings.

This is intended to force the Switch settings update (in factory).

pfSense 2.5 rtwn(4) wireless regexp. Fixes #10677

Fix duplicate upgrade function. Fixes #10652

Use close_action=trap, not hold. Fixes #10632

Feature #10392: Improved/unified wording, removed link3, fixed empty() vs !== bug, fixed upgrade code. Increased config to 20.3.

Fix #10525: Handle Chinese (Hong Kong / Taiwan) locale rename

Update SSL refs to SSL/TLS. Fixes #10172

Remove some outdated references. Issue #10156

This is 2020. Issue #9245

Rework IPsec P1 Lifetime GUI options. Fixes #9983

Move syslog format var to syslog.inc. Issue #9808

In some cases, PHP is unhappy with calls to gettext() in globals.inc

Add option for RFC5424 syslog format. Implements #9808

Lower default_cert_expiredays warning threshold to 27 days

Even at 28, ACME still sometimes warns unnecessarily just before renewal.

Merge pull request #4098 from vktg/delzombiealiases

Restructure OpenVPN settings directory layout

• Changed from /var/etc/openvpn[-csc]/<mode><id>.<file> to
  /var/etc/openvpn/<mode><id>/<x>
• This keeps all settings for each client and server in a clean
  structure
• Move to CApath style CA structure for OpenVPN, which implements #9915...

Rename IPsec "RSA" options to "Certificate". Implements #9903

Lower default cert expire days to 28.

At 30 days, an ACME cert may not have triggered automatic renewal yet,
so it would warn unnecessarily.

Update globals.inc

Update globals.inc

Add periodic framework to allow for daily/weekly/monthly tasks. Issue #7332

Add settings to control certificate expiration notifications. Issue #7332

Note that the notices themselves do not yet exist. Those are still a
work in progress.

When resetting all logs, also reset non-syslog logs. Fixes #9802

Add dedicated auth log. Implements #9754

Ensure log cat programs do not emit error messages.

Log setting/size review. Fixes #9734

• Move default GUI line limit and log size defaults to $g rather than
  hardcoding.
• Set default GUI line limit to 500 (up from 50)
• Set max GUI line limit to 200000 (up from 2000)
• Set default log size to 512000 (500 KiB, previous clog default was 511488)...

Relocate newsyslog cron install task. Fixes #9730

Add log compression type option. Issue #9711

Change logging to plain text, deprecate clog. Issue #8350

Fix copyright message years to reflect BSDP -> ESF -> Netgate

Add athp to wireless regex list. Fixes #9600

Merge pull request #4035 from emmtbot/ddns-linode

bump config
Implement redmine #5644

Fix #8821: Deprecate Growl Notifications

Growl appears to be abandoned upstream. No updates in ~5 years, and few if
any users on pfSense

Deprecate the built-in relayd Load Balancer. Closes #9386

It is not available on FreeBSD 12 with OpenSSL 1.1.x.

Users can migrate to the HAProxy package.

Remove unnecessary expiretable cron jobs for ssh/gui lockout. Issue #9223

Move PHP to 7.3.x

Add Dynamic DNS support for Linode #9268

Update copyright notices to 2019. Happy New Year

Ensure IPsec P1 entries have a 'protocol' value. Fixes #9207

ssh settings alignment. Fixes #8974

Remove redundant settings stored in the wrong place
Store all ssh settings in the same place
Initialize this array before use

Fix #7694: Replace sshlockout_pf by sshguard

Add the GUI support to set the VLAN Priority for the DHCP requests.

Ticket #7425

on arm and arm64 machines, set kern.shutdown.secure_halt = 1

the arm systems leave enough running after halt to forward packets.
this is a bad thing. on arm systems, set this sysctl so that when
a halt command is issued, it is severely stopped and no packet...

Upgrade config : Move captiveportal authentication to use user manager

Revise page footer text and centralize footer output for consistency

FEC LAGG is deprecated, remove from GUI and change on upgrade. Fixes #8734

Preliminary footer revisions. Pending link targets

Integrate ACB into core. Add config migration.

routing, add option 'automatic' for gateway selection, and allow manual ordering of gateways

Make GUI/config values for gateway groups match what the backend code expects. Fixes #8586

Merge pull request #3781 from PiBa-NL/20170712-defaultgateway-group

Enable support for php72 variant

Add a global to keep valid meta package suffixes

Gateways, allow for configuring a gatewaygroup as the default gateway.
-Avoid changing routes by just visiting a webgui page.
-Avoid change some unneeded events when nothing changed.

Replace incomplete list of pf reserved words with a list of pf tokens pulled from the pf source. Fixes #8445

Also, move the list to a central location so it does not need to be duplicated.

Captive portal: add option to choose whether to use the bandwidth limits retrieved from RADIUS or not

Automatically upgrade config to preserve old RADIUS bandwidth limits behaviour on existing installations.

Fix #8417

- Changed default value for Maximum Table Entries to 400000 in order to
make bogonsv6 to work
- Added code to upgrade config and set default value on systems where
it's not defined
- Changed default config to match new default and version 18.0...

Bump up the XML config version.

Revise picture widget to store image on file system, not in XML config

Revise picture widget to store inamge on file system, not in XML config

igmp, Add option to disable the igmp service, bump global.inc version

Fix config version # arrising from merging older PR

Update the Copyright notice for pfSense.

Remove old dnssec-keygen style files during upgrade

Feature #8123: Add GoDaddy as a Dynamic DNS provider

Update the system sysctls to not harvest data from interrupts, point-to-point interfaces and ethernet devices.

The sysctl names changed in FreeBSD 11.

Allow the use of mbuf tags to set the VLAN pcp on output packets.

This is necessary for use with the pf 'set prio'.

Ticket #7973

Merge pull request #3811 from trunet/add-cloudns-to-dynamicdns

Fix #7981: Convert PPP ports interface names to new VLAN notation using dots

Fix the QinQ support.

Bring the QinQ support to the VLAN dotted format.

To avoid breaks third party software (such as dhcpd), we silently ignore the interfaces with names bigger than the maximum size in FreeBSD.

Ticket #7942

Change the VLAN inteface names to use the 'dotted' format of FreeBSD, which is shorter and helps to keep the interface name smaller than the limit (16).

This fixes the 4 digit VLAN issues when the NIC name is 6 bytes long.

Ticket #294

dyndns: Adding support for ClouDNS (https://www.cloudns.net)

Bump config revision, fix comment. Ticket #7809

Refresh cache every 2h when using GUI

Use cache file to show pfSense version information

Make sure pkg metadata is updated at least once daily. It will be used to speedup GUI parts related to pkg update

Update config version

Force the support widget to show when a user upgrades to this version

Fix OpenVPN Auth Digest Algorithm selection so it does not use duplicate/alias names in the list, and fix existing entries on upgrade so they use the actual digest name and not an alias.