pfSense

Reload IPsec and OpenVPN on gateway IP or force_down option change. Issue #13076

NPT manual prefix fix. Issue #13070

Restart L2TP VPN on interface IP change. Fixes #13066

Allow auto prefix with manual prefix-length in NPT. Implements #13070

Do not restart IPv4 OpenVPN on IPv6 gateway events and vice versa. Fixes #13061

Reject multiple IPv6 compressions. Fixes #13069

Having :: in an IPv6 address more than once is not valid, even if it
expands to an unambiguous result.

Do not restart IPv4 IPsec on IPv6 gateway events and vice versa. Issue #3132

WebGUI option for IPsec <dns-interval> option. Feature #13057

Skip IPsec VTI interface if remote FQDN gateway is not resolved. Issue #12763

Reload filter on OpenVPN instance delete. Fixes #13055

Restart services on interface configuration changes. Todo #12619

Do not create negate rules if <negate_networks> is empty. Fixes #13049

IPSec IKEv2 Mobile INTERNAL_DNS_DOMAIN (value 25) attribute. Fixes #12975

Option to keep serial f/renew cert Fixes #13010

Defaults to keep serial for CA but not for certs.

Unbound option to keep probing when servers are down. Implements #13023

Do not generate duplicate ``no nat on`` rules for port forwards with a destination of ``Any``. Fixes #13015

Regenerate link-local address on MAC change. Fixes #12794

Do not generate duplicate NAT Reflection rules. Fixes #13012

write_rcfile() restart fix. Issue #13025

CLI history option optimization. Fixes #12675

There is no longer a need to use the ~/.keephistory flag file. Scripts
can check the config.xml value for a user directly.

Fix syntax error

write_rcfile() restart support. Issue #13004

Improve unbound DNSSEC option check. Issue #12985

OpenVPN unbound restart fixes. Issue #12991

Add option to limit concurrent connections per OpenVPN user. Implements #12267

Use OpenVPN deferred client-connect. Implements #12407

Duplicate wireless interfaces fix. Issue #12999

OpenVPN shared key warning. Implements #12981.

Adds a warning to the OpenVPN client and server list and edit pages
warning the user about shared key mode being deprecated by OpenVPN.

Warning only displays on the instance lists if there is an existing
shared key instance. Warning only displays when editing an instance...

Restart unbound to update ACL on OpenVPN change. Issue #12991

Convert IPv6 with IPv4 mapping to hex on prefix merge. Fixes #12440

Unset $filename variable. Fixes #12986

Do not sync root.key file if DNSSEC is not enabled. Issue #12985

Skip unresolved OpenVPN alias DNS entries. Fixes #12984

Fix syntax errors. Issue #12940

Always change .ssh directory permission. Issue #12940

Delete user home directory on user delete XMLRPC sync. Fixes #12940

OpenVPN FQDN in alias netmask fix. Issue #12925

pf host ID support. Issue #12702

Add user opt to keep history. Implements #12675

Remember dyn GW when if is down. Issue #12931

• When a dynamic interface goes down, retain its old gateway address in
  a place we can read if if necessary
• When a dynamic interface comes up, remove the file with the old gw
• Add a function to fetch the old gateway...

Revert "Skip gateway if interface is down. Fixes #12920"

This breaks some gateway operations because the gateways disappear
entirely when the interface loses link.

This reverts commit c07c5cf5f2387cb2b9efdf25545bafebfa414f00.

New methods for killing states. Implements #12092

OpenVPN FQDN in alias support. Fixes #12925

DHCPD: deny MAC Deny entries instead of ignore. Fixes #12923

Do not add HTTPClient entries if netboot is disabled. Issue #12892

Skip gateway if interface is down. Fixes #12920

OpenVPN status TAP mode double entries fix. Issue #12884

Restart gateways monitor on dynamic interface down. Fixes #12920

Status Interfaces SPF details fix. Feature #8861

Encrypt/Decrypt Robustness & Testing. Issue #12897

• Move cleanup to separate function.
• Be more aggressive with cleanup when performing multiple crypto
  attempts.
• Only fall back to old iterations or legacy when decrypting as
  there is no need to attempt these when encrypting new content....

OpenVPN status incorrect TAP mode RA server+empty tunnel. Fixes #12884

Define dnsmasq upstream DNS via --server option. Fixes #12902

Show SFP module details on status_interfaces.php. Implements #8861

Fix infinite CPU loop on failed restore

When restoring a backup with wrong password or a user custom iterations count different than 10k or 500k, GUI timed out in an infinite CPU loop

Revert "captiveportal: fix ipfw rules"

This reverts commit 9dac41af43a5b977a604098688776987c4f76722.

DHCPD HTTPClient option for static mappings. Fixes #12896

Merge pull request #4551 from luckman212/dpinger_dont_add_static_routes

adds option to not auto-create static routes for dpinger (squashed)

DHCPD HTTPClient custom option. Fixes #12892

Increase OpenSSL iterations. Issue #12556

When encrypting and decrypting content such as config.xml backups,
increase the default number of iterations used by OpenSSL when deriving
the key material. Fall back to previous default and also retain the old
legacy behavior.

syslog: Update filters now that the rule format has changed

We no longer have '@1(0)' but '@1' at the start of rules. This used to
be where we kept the trackerid, but that's now supplanted by the
ridentifier, so the field isn't useful any more, and has been removed...

Remove default gateway if Mark Gateway is set. Fixes #12536

Do not remove net.link.ifqmaxlen from /boot/loader.conf.local. Fixes #12862

Add option for pw hash algo. Implements #12855

Namecheap DDNS response parse change. Fixes #12816

If the first attempt to parse the response fails, try again without the
XML declaration. The server may not be sending an accurate XML
declaration.

Fix dynamic IPv6 gateway address resolution. Issue #12847

Fix php syntax. Fixes #12831

LAGG hashing option. Implements #12819

Dynamic NPT support. Implements #4881

Multiple DHCP6 WAN connections. Fixes #6880

Use random_bytes() to generate salt for SHA512 password hashing. Fixes #12801

Merge pull request #4555 from zacwest/dnsimple-v6

Merge pull request #4554 from lmcquade/master

Merge pull request #4549 from hpeters/master

Remove quotes from TOS values. Fixes #12803

The quotes are no longer required by pf.

See also: #4302

Fallback to package \"name\" during package reinstall on restore. Fixes #12766

Allow the selection of "any" interface in floating rules. Implements #12392

SNMP service restart improvements. Fixes #12611

IGMP Proxy service improvements. Fixes #12609

Always restart gateway monitoring and services on interface UP/START event. Fixes #11570

Clear aliases,filter,shaper and natconf flags on filter_configure(). Fixes #12678

DNS Resolver restart improvements. Fixes #12612

Remove unused add_hostname_to_watch() from ipsec_setup_gwifs(). Issue #12645

Fix full path to executable files. Issue #11941

Keep command line history WebGUI option. Implements #12675

Optimize openvpn_resync_all(). Fixes #12628

Delete static default route if default gateway is NONE. Fixes #12536 #11692

CARP status check for RADVD with link-local address. Fixes #12582

Remove link-local scope from IPv6 addresses in filter_nat_rules_generate_if(). Fixes #11984

GleSYS DDNS return code check fix. Issue #12672

Add IPv6 scope to DHCP6 link-local routes. Fixes #11764

Skip out-of-range entries on DHCP6 service start. Fixes #12527

Generate unbound ACLs for OpenVPN CSO. Fixes #12636

Initialize $cmp with an empty array. Fixes #12749

Static IPv6 route delete fix. Issue #12728

Update Static Route and OpenVPN alias name when the alias is renamed. Fixes #12727

Only request copyright file is ews.netgate.com is resolvable. Issue #12141

Use http_build_query() for Google Domains DDNS post data. Fixes #12754

Convert OpenVPN Tunnel Network to correct format on save. Issue #11416

Display interface interrupts. Fixes #12735