URL/URL Table alias with IDN hostnames. Issue #10321
Fix IPsec mobile user and pool references. Fixes #10296 Fixes #10314
For mobile IPsec pools, use separate pool for v4 and v6. Fixes #10296
NTP: do not add noserve to restrict source. Issue #9830
Correct 'default' behavior of OpenVPN TLS key dir. Fixes #10287
L2TP and PPPoE user password validation. Fixes #10275
Merge pull request #4198 from vktg/ipsecstripgcmhash
Server cert lifetime reduced to 398. Fixes #9825
New requirements coming this fall will require new certs to be valid for at most398 days. Setup this new requirement now, rather than waiting.
While here, reduce usage of hardcoded value where possible.
Strip IPsec PH2 hash for AEAD ciphers. Issue #9726
Merge pull request #4194 from vktg/ipsecmultipools
Merge pull request #4195 from netpok/feature/cloudflare-token
Add spaces to concatenation
Fix formatting and remove empty strings
Broke long lines to improve readability
Followed rbgarga's suggestions.
Accomodate both RADIUS and pool IP addresses in IPsec. Issue #8160
Implement Cloudflare DDNS with API token
Feature #10256
Merge pull request #4187 from zeroxx1986/master
Merge pull request #4186 from vktg/slaacusev4iface
Merge pull request #4189 from vktg/supressdnserror
Merge pull request #4192 from vktg/openvpnacl
OpenVPN radius ACL enhancements. Issue #9206
get_service_with_port(): Validate port contents. Fixes #10255
Extra parameter SLAACuseIPv4iface. Issue #9324
Suppress dns_get_record() errors. Issue #9405
Fix braces. Issue #10246
NAT rule dst port reference corrections. Fixes #10246
When negating, the number of elements in $dstaddr_port is different. Donot hardcode the index of the assumed last value, but calculate itinstead.
Otherwise the ruleset can have invalid entries like "port port" in...
Merge pull request #4177 from vktg/gremtu
Merge pull request #4184 from vktg/dhcpmaclimit
IPsec VTI IPv6 address correction. Fixes #9801
When setting up IPv6 VTI, assume /64 -- Previous code was assuming /32which wasn't correct, and it can't be /128 either since the IPv6addresses are not point-to-point like IPv4.
Ensure ALTQ bw is treated as int when factoring RRD values. Fixes #10248
Revert "Fix #10235"
This reverts commit 32218e9e1e69a0e2b91bcd829fcba04ec8586bdc.
Merge pull request #4188 from vktg/ipsecph2nohash
Fix IPsec issue if no PH2 hashes selected. Issue #9309
Set correct default MTU for GRE,GIF and GRE/IPsec. Issue #10222
DHCP group known clients by interface. Issue #1605
fixing bug https://redmine.pfsense.org/issues/10241
Merge pull request #4116 from Augustin-FL/ldap
PHP: array and string access with curly braces is deprecated
Merge pull request #4049 from Hobby-Student/master
Merge pull request #4171 from apollo13/patch-1
Merge pull request #4165 from vktg/resolve46
Merge pull request #4172 from vktg/compare6vip
Merge pull request #4180 from vktg/qinqppp
Merge pull request #4181 from vktg/iftopstatus
Merge pull request #4106 from vktg/prfipsec
Fix #10235
Add a missing break to case statement. Without it, $compression wasbeing filled with a bad value and also if push compress was being used,it added the option breaking connection.
Reported by: Vinicius Dell'Aglio on Telegram pfSense group
Add iftop support to status_graph.php. Issue #3334
Partial/future work-around for #10216 - When checking to see if the copyright notice has changed (and should be displayed) only check the first HTML <DIV>. This will avoid the notice popping up if the survey text is changed.
RAM Disk robustness improvements. Fixes NG 3173
Allow to select QinQ interfaces for PPP interface. Issue #9472
Compare compressed IPv6 CARP VIP. Issue #6579
IPsec IPv6 dynamic FQDN Remote Gateways, resolve_retry() IPv6 support. Issue #9405
Allow manual selection of IPsec IKE Pseudo-Random Function (PRF). Issue #9309
Fixed dhcpdv6 config generation for domain-list option. Fixes #10200
CF DDNS wants int for TTL. Issue #10196
Add TTL for CloudFlare DDNS. Fixes #10196
allow to disable IPsec P1 when P2 is disabled VTI. Issue #10190
Merge pull request #4164 from vktg/nottagged
inverse matching of tags. Issue #10186
add fe80::1:1 as an alias. Issue #9998
Link to the book, not old OpenBSD docs. Fixes #10184
Mount devfs for unbound when python is enabled. Fixes #9251
(cherry picked from commit 741892ee23a9085b71fa94fcfb8375044fec6ee2)
Use correct md value in crypt_data(). Fixes #10178
openvpn.tls-verify.php syntax fixes. Issue #7767
Fix openvpn.tls-verify.php whitespace. Issue #7767
Update SSL refs to SSL/TLS. Fixes #10172
Merge pull request #4151 from vktg/urltablefeature
Merge pull request #4145 from vktg/ovpnocsp
squashed commit
switch to resolve_host_addresses() func
Merge pull request #4149 from Augustin-FL/nginx
urltable can return >1 IPs
Wait 0.2 seconds after stopping Nginx.Redmine #10159
Remove vestiges of legacy ACB system
Remove some outdated references. Issue #10156
Fix typo
Fix sshguard config/command. Fixes #9971
Also requires sshguard patch
This is 2020. Issue #9245
Revert "strip hash algo if ealgo == *gcm"
This reverts commit 1f8e92a30c1db4f96625b4591a65902492084eb3.
Fix syntax error
Move igmpproxy logs to routing.log. Fixes #10139
Merge pull request #4132 from vktg/hidenoprvcerts
Merge pull request #4142 from vktg/routedelete
fixes
parenthesis fix
Merge pull request #4143 from vktg/ipsecgcmnoah
Merge pull request #4129 from luckman212/dns-v6-options-patch-2
cosmetic
strip hash algo if ealgo == *gcm
fix route delete code
Rework IPsec P1 Lifetime GUI options. Fixes #9983
fix
Remove superfluous ( )'s
3rd try - change config names
Merge pull request #4109 from vktg/p11ipsec
Merge pull request #4122 from vktg/ecdsarenew
do not show certs without prv by default
2nd trychange config option to avoid positive checkbox = negative option