Fix #7136 Start OpenVPN on ordinary VIP
Wait while interface is in 'tentative' state before try to bind dpinger to its address
Fix #6603: Wait while interface is in 'tentative' state before try to bind OpenVPN to its address
Remove extra parenthesis and blank line
Simplify logic
Remove redundant comment
Restart unbound after clearing logs (Bug #6915)
Handle clearing the individual log as well.
Merge pull request #3376 from phil-davis/multi_dns_servers
Also check IPv6 when determining if we should use nobind or lport.
Fix #7118 icmp-type any
When 'any' is selected as the ICMP type, do not write 'icmp-type any' in the rule, just leave it out.
Fix #6153
Initialize cached IP and Time on loop for RFC2136 items, without thisthe items used on last loop iteration will be used again and seconditem on the same interface will not be updated
Redmine #5549 Allow variable number of DNS Servers
Fix #7105: Old rules may not have ipprotocol defined, consider it icmp6-type only when ipprotocol is inet6
Fix #6712
Use system_hosts_entries to generate unbound host_entries.conf
Ticket #6712: Create system_hosts_entries()
This function will return an array all items to be added to /etc/hosts.
Ticket #6712: Create system_hosts_dhcpd_entries()
This function will return an array with dhcpd and dhcpdv6 items to be added to/etc/hosts.
Ticket #6712: Create system_hosts_override_entries()
This function will return an array with dnsmasq or unbound items to be added to/etc/hosts
Ticket #6712: Deprecate read_hosts()
Read local items from system_hosts_local_entries()
Ticket #6712: Create system_hosts_local_entries()
This function will return an array with 127.0.0.1, ::1 and LAN (orfirst interface with no gateway when LAN is not there) items to beadded to /etc/hosts
Kill dhcpleases after we are sure we can write /etc/hosts
Fix style
Make sure IP address is v4 before create /etc/hosts entry
Do not write a 'restrict' line to the NTP config if it will be empty. Fixes #7110
Only include files that ends with .inc
Merge pull request #3341 from phil-davis/sysprvwarn2
Merge pull request #3367 from derelict-pf/require_state_filter
Merge pull request #3360 from plumbeo/faster-disconnect-all
Merge pull request #3361 from PiBa-NL/openvpn_waitforpid_20170107
Add protocol selection to Radius server configuration
It should fix #7111
Submitted by @ubawurinna at https://github.com/pfsense/pfsense/pull/2687
Merge branch 'master' into sysprvwarn2
Make sure file exists before try to open it
Revert "get_pkg_info() fallback using pkg info if no local copy of repo catalog"
This reverts commit e47af756de79d4e8b0356cf22f72f62f09e9ad7d.
openvpn, check for valid pid using isvalidpid()
Merge pull request #2902 from NOYB/RAM_Disk_Management
Merge pull request #3365 from phil-davis/format_duid
format_DUID array_walk
format_DUID use str_pad
format_DUID review
RAM Disk Management - Config Upgrade
RAM Disk Management - Update II - Restore RAM Disk Soon as it is Created and Include Logs
Restoring the RAM disk as soon as it is available will make it easier to include additional content that needs to persist across reboots for packages etc.Include the logs in the RAM disk store so they will persist across reboots.
RAM Disk Management - Update I - Eliminate RRD XML Dump/Restore & Alias Tables Backup Age Logic
Eliminate rrd dump/restore to/from xlm file. Backup and restore the entire /var/db/rrd/ to/from the RAM Disk Store.Add logic to backup alias tables if the backup is older than the table.
RAM Disk Management
1) Treat the RAM disk more like a permanent storage device with content managed/restored by the system and made available at boot up, before needed by any services. a) Handle saving and restoring RAM disk content at reboot/shutdown/boot centrally in more of a system manged fashion....
Add requirestatefilter. Implements #7069.
Helper format_duid() for DUID input
Rework how IPsec log settings are stored/retreived, adjust the default values. Implements #7007
Don't allow SNMP hostres module to be selected or used with VMware VMs that have a CD/DVD Drive device. Fixes #6882
Add VMware detection to system_identify_specific_platform(). Ticket #6882
Merge pull request #3346 from scherma/reverting
openvpn, make sure config is written and not overwritten while starting openvpn, and wait for pid of child process to be written before exiting function
Allow admin to clear notices
Handle the RA Search Domain List when writing out the RADVD config. Fixes #7081
Return partial MAC address matching support to is_macaddr(). Fixes #7088
Captive portal: make captiveportal_disconnect_all() faster
captiveportal_disconnect_all() removes the users one at a time and in some cases, when many hundreds of users are connected, can take up to several dozens of seconds to complete.Instead of looping through all users, send all the accounting information, reset the user database and delete all the active rules and reinit them. Use locking to prevent new users from logging in until the function ends.
Corrected indentation style
Merge pull request #3353 from phil-davis/gw_status_umonitored
get_pkg_info() fallback using pkg info if no local copy of repo catalog
Current behaviour
At the moment, get_pkg_info() is used to get all information on packages. The parameter $local_only is set to request info directly from the local copy of the repo catalog (using -U) without requesting the remote repo catalog or updating the local copy from the remote repo catalog. If the calling code wants only installed pkgs, it filters the returned list of pkgs looking for $pkg['installed'] == true....
Correctly report unmonitored gateway status
If an alternate monitor IP has been entered and saved, then the userchecks "Disable Gateway Monitoring" and saves, the alternate monitor IPis retained in the config - that is handy for when unchecking "Disable...
Fix up OpenVPN CSC page help text, add IPv6 tunnel network. Fixes #7053
Destroy tun/tap device when delete OpenVPN tunnel
Remove unnecessary reference
Revert "Destroy tun/tap device when delete OpenVPN tunnel"
This reverts commit 0a07be0287189cda229fab27ad733e9de3dc12f5.
Add backend support to OpenVPN for NCP. Ticket #7072
Set default in 'else' of if block
Merge pull request #3315 from plumbeo/accounting-on-disable-reboot
Merge pull request #3316 from plumbeo/fix-disconnect-all
Merge pull request #3342 from PiBa-NL/dyndns.class_json_body
Merge pull request #3132 from WorldTech-Solutions/master
Fix #7074: Fix automatic port number guessing
Rework openvpn_port_used() to take care of following conflicts afterticket #7062 was committed:
Remove this extra comma. It's not causing a syntax error but it's also not necessary.
Rework openvpn_vpnid_next() and remove duplicated code
Add some more help text to OpenVPN pages.
Fix indentation
Merge branch 'master' into reverting
Override default timer if set in system config
Cache authentication for a short time
Currently there is an authentication lookup for every GET; a single page load can cause dozens of lookups and hundreds of lines of logs (and continuous logs in the case of pages with widgets). This change allows pfsense to remember authentication, but forces recheck after a short time in case of access revocations/changes.
SESSION remembers authentication instead of checking for every HTTP request
Replace "client-cert-not-required" with "verify-client-cert none". Fixes #7073
Add --tls-crypt support for OpenVPN servers and clients. Implements #7071
Break some long lines, no functional changes
Rework logic and reduce indent levels. No functional changes
Fix #6357: Validate if RFC2136 dyndns updates succeeded
Bring compression options in line with OpenVPN 2.4. Note that the old style options are deprecated/legacy but don't remove yet, for compatibility. Implements #7064
Merge pull request #3304 from marjohn56/master
Make sure $openvpn_dh_lengths is declared global. Ticket #7065
Add security notes for privilege assignment pages
Suggested solution for Redmine 2247
Merge pull request #3322 from phil-davis/pagenames
Fix var name cut-paste error in openvpn.inc
Add OpenVPN ECDH options. Implements #7063
Update OpenVPN protocol preferences to match the new behavior of OpenVPN 2.4. Fixes #7062
Allow OpenVPN DNS servers for clients to be IPv6 as well as IPv4. Implements #7061
Add IPv6 virtual address to SSL/TLS client output, formatting corrections/enhancement for SSL/TLS client and server. Ticket #2766
Update OpenVPN SSL/TLS server status to reflect changes in OpenVPN 2.4. Ticket #2766
Standardize privilege name capitalization
While looking at some privilege stuff, I noticed that variouscapitlization looked inconsistent down the list. This makes the listlook more consistent.
Ticket #7054: Remove tun-ipv6 option, deprecated on OpenVPN 2.4.0 and related GUI knobs
Merge pull request #3139 from stilez/patch-38