Certs: Fix CA subject assumptions. Fixes #8801
Several areas made assumptions about the number and order of CA subjectfields that were no longer correct after issue #8381 was corrected.
While here, also remove some outdated references to fields that are no...
on arm and arm64 machines, set kern.shutdown.secure_halt = 1
the arm systems leave enough running after halt to forward packets.this is a bad thing. on arm systems, set this sysctl so that whena halt command is issued, it is severely stopped and no packet...
User login source & proxy fwd addr to user data. Fixes #8813 Fixes #8816
While here, use this info more consistently across log messages andplaces where user info is recorded when making changes.
Revise T&C text area height
Fix syntax
Merge pull request #3972 from Augustin-FL/patch-passthrough
Add interface_is_lagg(), improve interface_is_vlan() and make get_parent_interface() work with laggs.
Added PORTAL_MESSAGE to template, fixed some wording and styling
Readded second authentication type to default captiveportal login
Disconnect and remove previous Pass-Through MAC address when both Disable concurrent logins and passthrough MAC addition are enabled
Merge branch 'master' of gitlab.netgate.com:pfSense/pfSense
Updated captive portal to use a template with customizable image uploads
Co-authored-by: Felix Häberle <felixhaeberle@users.noreply.github.com>
Add default ICMPv6 rule for unspecified src per RFC4861. Fixes #8791
Disable OpenVPN compression for new instances by default. Fixes #8788
Also add warning text that cautions against enabling compression.
While here, also add missing "stub-v2" compression mode.
Merge pull request #3970 from Grapsus/master
Fix #8785: Add CDATA to auth_prompt field
Fixed #8745 by trimming nulls from bridgeif
Merge pull request #3640 from Augustin-FL/master
Fix custom dyndns issue: username and password was not sent with curl flag AUTH_ANY
Upgrade config : Move captiveportal authentication to use user manager
Obsolete old captiveportal radius files
Update captiveportal RADIUS Accounting
Make captiveportal use user manager as auth source
Merge pull request #3946 from martinisoft/martinisoft/dnsimple_v2_api
Merge pull request #3934 from PiBa-NL/20180406-outboundnat-ipv6-mixedaddresses
Normalize RADIUS accounting
Normalize RADIUS authentication
Add GUI control for IPsec async crypto. Implements #8772
include IPv6 in $tonathosts so nat rules can be expanded properly when IPv6 rules are made
PHP7 related, cast bandwitdh to int to make sure it is a numeric value Fixes #8757
Fix #7604: Rework pkg reinstall on config restore
- Remove old code needed to upgrade fom < 2.3 to 2.3- Simplify logic using a single file /conf/needs_package_sync- Create /etc/rc.package_reinstall_all, a script used to reinstall all packages present in config but not on pkg database...
Do not remove needs_package_sync file when it's not needed
Use packagelock flag for checking
Do not run rc.start_packages when restoring a config backup
Add missing -f to make pfSense-upgrade to remove all packages when restore factory default
Start packages after pfSense-upgrade finished
Improve readability on booting message
Remove code used to upgrade from < 2.3 to 2.3
Do not rely on internet connection when running 2nd/3rd upgrade stages
Add IPv6 version of IPv4 private nets to DNS Rebinding list. Fixes #8750
Fix #8595
Implement MTU override option that allow client to force a bigger MTUvalue than the one negotiated on LCP that is known to work.
Merge pull request #3969 from luckman212/2y-prefix-is-ok
Add config function init_config_arr()
This function initializes a set of nested keys under $config to avoid multiple levels of manual is_array() checks and creations.
Pass it an array of keys to test and create, for example:
init_config_arr(array('virtualip', 'vip'));...
Merge pull request #3967 from PiBa-NL/20180729-alias-with-carp-parent
Removes some legacy code in auth.inc
There was a compat issue between PHP's $2y$ bcrypt hashes andolder versions of FreeBSD. However, this compat issue was fixedlong ago and appeared in FreeBSD 11.0-RELEASEhttps://reviews.freebsd.org/D2742
Fix #8737: Add option to use multilink over single link for PPPoE
Revise page footer text and centralize footer output for consistency
FEC LAGG is deprecated, remove from GUI and change on upgrade. Fixes #8734
outbound-nat, make sure rules generated wont have required missing options that might make the rules fail to load
outbound-nat, make sure rules generated with outbound-nat rules are valid also on interfaces with mixed ipv4/ipv6 address environments
Preliminary footer revisions. Pending link targets
Validation for GUI custom settings. Fixes #8726
Add validation for customizable GUI setting fields and test submittedvalues before allowing them to be stored.Also ensure that dashboardcolumns is an integer before using it in theGUI.
Create cron array if it doesn't exist on upgrade.
(cherry picked from commit aabd093849d61eacdf7bdcb584c812638b3732a0)
Merge pull request #3962 from PiBa-NL/20180708-routing-default-gateway
Fix a potential PHP error from a pf filter reload error.
Make whitespace more obvious in a user/cn mismatch
Skip repo check for base packages
Revert "Parameter must be an array or 'all'"
Fix #8715 respecting get_pkg_info parameter when it doesn't start withpfSense-pkg
This reverts commit 70a7c029fbe61935da7474358e7359bb9dc1bcc3.
interfaces, ipalias fix initializing ipaliases that have a carp parent after interface down / up
Make sure additional packages are provided by official pkg repo
Fix style
Parameter must be an array or 'all'
Merge pull request #3908 from pdemonaco/master
Add a mechanism to blacklist interfaces from filtering. Fixes #8685
Only entry at the moment is ipsec for if_ipsec interfaces which havesome issues interacting with pf currently.
PHP7 syntax fix
VTI input validation. Fixes #8674
Add input validation to prevent switching away from VTI or deleting aVTI P1/P2 which belongs to an assigned interface, since this would breakthe interface assignment and cause an interface mismatch at the nextboot.
Remove unneeded VTIs in IPsec sync. Issue #8674
Still needs input validation to prevent changes that would remove anassigned interface.
Fixed to be accurate when converting from us to ms
Change us to ms for gateway alarm.
Fixes #8477 looking to be more consitent changed to use ms for gateway alarm.Thanks to Luke Hamburg for helping with this and the code idea.Keeping it as 0.xxxms for under 1 millisecond responses.Just to stay ms as much as possible.
Fix PHP error when adding a gateway from interfaces.php. Fixes #8680
routing, when a new pppoe connection is made the gatewaymonitor should be started before decisions about default route can be properly made. also for 'automatic' provide a fallback to the first enabled gateway thats configured, just in case..
Fix PHP7 error due to lack of int casting for gateway weight when making rules.
Fix PHP7 array issue in array_merge_recursive_unique()
Changed ms to us Fixes #8477
Teach DynDNS to use custom IP check services. Fixes #8664
Fixes #8661 PHP7 illegal string offset
PHP7 fixed illegal argument supplied foreach()
Revert "Add fields for DNS server hostnames for TLS verification. Implements #8602"
Per https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=658 the verificationrequires OpenSSL 1.1.x, and FreeBSD 11.2 base OpenSSL is 1.0.x.
This reverts commit ad08a8242ca45907e0486712d218a5f8f34c7332.
Fixed #8654Fixed PHP7 issue causing separators not to work at all
Integrate ACB into core. Add config migration.
Escape LDAP username when searching. Fixes #8626
Fix PHP7 errors in the Dynamic DNS widget. Fixes #8648
Fix #8646
Fix shaper "non-numeric value" errors
Fixed #8640 PHP7 initialize variable as array instead of string
PHP7 initialize as array instead of string
Removed debug statement
Make sure /var/etc/openvpn-csc directory is created
Changed it to just use the variable name
Fixed #8633 PHP7 issue use of undefined constant, Should work as it did before.
Fixed a warning on status > dhcpv6 leases parameter 2 expected to be a string.
Fix 8553: When creating a new user, make sure it's added to desired groups
Add fields for DNS server hostnames for TLS verification. Implements #8602
Merge pull request #3951 from whislock/dh-rfc
Merge pull request #3958 from PiBa-NL/20180702-gateway-none
Add missing global $g declaration
Create pkg_conf_setup() to setup pkg.conf
It will be necessary in near future for thoth setup
Fix #7024: Fix Radius include extension
Add gettext() and other cosmetic changes
Fixed #8048 now properly removes dhcpv6 for lan if lan is not configured