pfSense

Rector direct global g accesses

Rector some direct config gets with complex paths.

Rector some config unsets with complex paths.

Rector some direct config gets with pure scalar paths.

Rector some more direct config unsets with pure scalar paths

Spelling fixes. Fix #13357

• Incorrect input validation for `dhcp6c` `keyinfo expire` `forever` keyword in `interfaces.inc`.
• Incorrect input validation for associated rule's `Source Port` in `firewall_rules_edit.php`.
• Incorrect `voucher*.` file lock reference in `status_captiveportal_voucher_rolls.php`....

Refine IPsec deprecation behavior. Issue #13648

P1 and P2 entries are only disabled if they have no remaining valid combinations of options. This way tunnels that just had one bad entry selected can continue working.

ipsec: disable any tunnels using 3des, blowfish, cast128 or md5 during upgrades

Redmine: #9247

Replace multilevel array accesses regarding v4 and v6 gateways

store dnsmasq custom_options as base64

Update config 215 to 216 fix. Issue #13097

CLI history option optimization. Fixes #12675

There is no longer a need to use the ~/.keephistory flag file. Scripts
can check the config.xml value for a user directly.

New methods for killing states. Implements #12092

Multiple DHCP6 WAN connections. Fixes #6880

Allow the selection of "any" interface in floating rules. Implements #12392

Keep command line history WebGUI option. Implements #12675

Update the Copyright year of the files owned by Rubicon/Netgate.

Bump up the config version to match a change in plus.

Fix disk widget upgrade script assuming widgets always have an index

• Removes disk usage from system information widget
• Adds Pfsense\Services\Filesystem\ library
• Adds new disk widget

Ensure ACB config section exists

Install ACB cron job on upgrade

IPsec updates to address multiple issues

• Configure/apply code changes. * Vast performance increase. Fixes #12026 * Changed connection naming to be easier to interpret. Issue #11910
• VTI interface numbering changes. * Name is now "ipsec<reqid>" since reqid is unique per P2 and a low number....

IPsec PKCS#11 support as an optional feature. Issue #11933

Add IPsec GUI control for Child SA Start Action. Implements #11576

Fix PHP error in upgrade code. Fixes #11801

Change upgrade_212_to_213() so it unsets variables individually after
first testing if they are set. This avoids an error if a tunnel entry
does not contain a value or has a deeper config issue which renders it...

VTI: Fix interface number limit

Code introduced by commit 3b85b43bb4b tried to keep the old way used to
decided VTI interface number using reqid and index but it was wrong and
allowed numbers bigger than limit (32767) to be used.

This commit removes this logic completely and use incremental numbers...

WireGuard removal: Fix config

Keep `wgpeer` item defined as an array on xmlparse.inc to prevent errors
on config files while they already have WG config items. It can be
safely removed in the next major version.

Created a new config upgrade code to remove wireguard items from config...

Retire VXLAN support

VXLAN support is not enterprise ready and after internal discussion we
decided we are not able to support it. We are committed to release
features only when they are ready.

IPsec P1/P2 expiration and replacement refresh. Implements #11219

Update the Copyright year.

A subsequent commit will deal with .po's.

Add product_label global variable

Introduce product_label global variable, by default with same value of
product_name. The idea is to make it easier for rebranded products to
change the name on all visual texts while internal structures are
preserved.

While here, remove deprecated $g['platform'] and also replace places...

Unbound custom TLS port fix. Issue #11051

OpenVPN data cipher negotiation updates. Fixes #10919

• Rename "NCP Algorithms" to "Data Encryption Algorithms" to reflect the change in OpenVPN (frontend and backend, e.g. "ncp-ciphers" changes to "data_ciphers")
• Change "Encryption Algorithm" to "Fallback Data Encryption Algorithm" and move it below "Data Encryption Algorithms"...

System DNS Server changes. Implements #10931

There are significant changes here, but ultimately should be a smooth
transition. See https://redmine.pfsense.org/issues/10931 for more
details.

Style changes

Fix indent

Remove extra 00 padding of VTI interface names. Issue #9592

Add a system option to handle the queue API usage in hn NICs.

A single queue is used in order to enable the ALTQ support, but some people may
prefer performance over the ALTQ features.

Ticket: #9647

Fix syntax error.

Fix #9647.

Instead of forcing the defaults in the OS driver (introducing yet another
change), set the default to enable ALTQ support for hnX NICs in loader.conf.

Ticket: #9647

Bump up config version to 20.6.

Create an upgrade function to run console_configure() and force an update
of the boot loader settings.

This is intended to force the Switch settings update (in factory).

More complete IPsec close_action conversion. Fixes #10632

Fix duplicate upgrade function. Fixes #10652

Merge pull request #4150 from Augustin-FL/captiveportal-db-sync

Use close_action=trap, not hold. Fixes #10632

Improve handling of an empty IPsec phase1 tag. Fixes #10580

Also fixes another PHP error after config upgrade which behaved in a
similar way.

Create a new page dedicated to backward sync
Implement Redmine #97

Feature #10392: Improved/unified wording, removed link3, fixed empty() vs !== bug, fixed upgrade code. Increased config to 20.3.

Feature #10392: Removed IPv4/IPv6 selection. Added code for configuration migration on upgrade.

Fix #10525: Handle Chinese (Hong Kong / Taiwan) locale rename

More safety belts for upgrade_174_to_175(). Fixes #10458

Update SSL refs to SSL/TLS. Fixes #10172

This is 2020. Issue #9245

Rework IPsec P1 Lifetime GUI options. Fixes #9983

Rename IPsec "RSA" options to "Certificate". Implements #9903

Add periodic framework to allow for daily/weekly/monthly tasks. Issue #7332

Initialize array to avoid a PHP error in upgrade_144_to_145(). Fixes #9840

Fix random typos

Relocate newsyslog cron install task. Fixes #9730

Don't add .log to filename twice. Issue #8350

Change logging to plain text, deprecate clog. Issue #8350

Fix copyright message years to reflect BSDP -> ESF -> Netgate

bump config
Implement redmine #5644

Fix #8821: Deprecate Growl Notifications

Growl appears to be abandoned upstream. No updates in ~5 years, and few if
any users on pfSense

Deprecate the built-in relayd Load Balancer. Closes #9386

It is not available on FreeBSD 12 with OpenSSL 1.1.x.

Users can migrate to the HAProxy package.

Remove unnecessary expiretable cron jobs for ssh/gui lockout. Issue #9223

Update copyright notices to 2019. Happy New Year

Ensure IPsec P1 entries have a 'protocol' value. Fixes #9207

Fix #9121: Initialize arrays to prevent PHP 7 errors

Skip empty IPsec P1 during upgrade to 17.5. Fixes #9083

ssh settings upgrade fixes

ssh settings alignment. Fixes #8974

Remove redundant settings stored in the wrong place
Store all ssh settings in the same place
Initialize this array before use

Fix a PHP error when upgrading gateways

Fix #7694: Replace sshlockout_pf by sshguard

Upgrade config : Move captiveportal authentication to use user manager

FEC LAGG is deprecated, remove from GUI and change on upgrade. Fixes #8734

Create cron array if it doesn't exist on upgrade.

(cherry picked from commit aabd093849d61eacdf7bdcb584c812638b3732a0)

Integrate ACB into core. Add config migration.

routing, add option 'automatic' for gateway selection, and allow manual ordering of gateways

Make GUI/config values for gateway groups match what the backend code expects. Fixes #8586

Improve default gateway upgrade code. Ticket #8504

Gateways, allow for configuring a gatewaygroup as the default gateway.
-Avoid changing routes by just visiting a webgui page.
-Avoid change some unneeded events when nothing changed.

Captive portal: add option to choose whether to use the bandwidth limits retrieved from RADIUS or not

Automatically upgrade config to preserve old RADIUS bandwidth limits behaviour on existing installations.

Fix #8417

- Changed default value for Maximum Table Entries to 400000 in order to
make bogonsv6 to work
- Added code to upgrade config and set default value on systems where
it's not defined
- Changed default config to match new default and version 18.0...

Bump up the XML config version.

Revise picture widget to store image on file system, not in XML config

Add a placeholder for a factory update.

Correct variable reference for IGMP proxy enable in upgrade code. Fixes #8356

igmp, Add option to disable the igmp service

Fix #7469

• Rename local_sync_accounts() to local_reset_accounts() and keep it
  only being used /etc/rc.bootup
• Reimplement local_sync_accounts() receiving a list of users and
  groups to be added and/or deleted
• Remove call to filter_configure xmlrpc method from...

Fix config version # arrising from merging older PR

Merge pull request #3711 from PiBa-NL/20170427-ipsec-multiple-P1-algo

upgrade_config.inc: Remove all restore_rrd() calls

Commit 0869605131ba3e5d7e502af7a799e54f27d2e7f6 removed the
restore_rrd() function. To avoid errors when restoring older configs
remove all callers to it.

Bug: https://redmine.pfsense.org/issues/8231
Signed-off-by: Alistair Francis <alistair@alistair23.me>

Fix foreach error on hosts that have no dyndns entries.

Update the Copyright notice for pfSense.

Delete keytype field from config, remove unnecessary file cleanup.

Remove old dnssec-keygen style files during upgrade

ipsec, allow configuration of multiple ike phase1 encryption ciphers (algo/bits/hash/dh)
this is useful for mobile users that need to connect with different operating systems. This way there is no need to find a single commonly supported weaker cipher.

Fix #7981: Convert PPP ports interface names to new VLAN notation using dots