pfSense

Put OpenVPN route-nopull option after custom options. Fixes #11448

(cherry picked from commit 969574b6dbb124e98595ca537c0d176d908707d0)

Use set_curlproxy() function for cURL proxy configuration. Issue #11476

(cherry picked from commit 8b424bca02372246210fba3cf36045a704c11ae3)

Fixed #11464 by adding proxy configuration to web service calls

(cherry picked from commit 2cb3c56db2366c9cadb04757bd3143ea0d7e7378)

Fix openssl digest algorithm param in openvpn.inc

At least in OpenSSL 1.1.1i-freebsd, used by pfsense 2.5, there is no longer a "list-message-digest-algorithms" parameter. It has been replaced by "list -digest-algorithms".
The old parameter results in an error 'Invalid command 'list-message-digest-algorithms'; type "help" for a list' and may even cause an endless loop on startup/migration....

Set correct DHCP failover peer IP on XMLRPC sync. Fixes #11519

(cherry picked from commit 490b5b480f1b46a6f93e0ba99fff578a61f3293c)

Restart unbound on interface recover. Fixes #11547

(cherry picked from commit a1fe814421904ca00b6a04431d62ba18dcebf607)

IPsec peer ID Any fix. Issue #11555

(cherry picked from commit 4a51b9cd8fd58b26c5c30784b0736cc5757e86fc)

Cisco AVPair parse {clientip}. Fixes #11561

(cherry picked from commit f4d883dadee6e339997b29f5b4623a88b190b840)

Fixed bug parsing netmask cisco acl

(cherry picked from commit 321fbbdb5bffe5d331aea5330241d42b0ab8d250)

Use correct parameters when adding WG IPv6 tunnel addr. Fixes #11618

(cherry picked from commit 8579d26bfb0dea0386c61008ade222c0ea29aa98)

Correct rsort_log_filename() behavior. Fixes #11639

(cherry picked from commit b9c1679dae94fb2d406cfc386f667eed2378b6d2)

Fix handling of renewing cert w/o SAN. Fixes #11652

(cherry picked from commit 09d3fe621a56292817a85a54916e8b99e2b26c00)

Welcome pfSense CE 2.5.1-RELEASE

Report full product version, including -pN

(cherry picked from commit feefcc31b78c1ef99ffd9deb509b05ccdb1e61ef)

Fix typo

(cherry picked from commit 361ad87b85fdc0f97a2d7f3dcb6ec439e105e320)

Add missing break

(cherry picked from commit f26a816b7080f0ef45a8cb3938cfd878dbaef71e)

Correct location and config for Strict CRLs in IPsec. Fixes #11526

(cherry picked from commit 9a5bde87ce9fd0fad3a7f41750782b2dccce38d8)

Improve CA/Self-Signed serial handling. Fixes #11514

(cherry picked from commit 4aa7c7aefc273464b8e66e6176a860b0246f8ee9)

Try parsing four digit years in cert timestamps. Fixes #11504

(cherry picked from commit bdaa35dcf31def521ba8c60c0aa9c41bf5005311)

Improve handling of broken/invalid certs. Fixes #11489

(cherry picked from commit 29804b9e6ff07d0224d9396b063f88f486f0d231)

Non local gateways fix. Issue #11433

(cherry picked from commit 087d28fa3f5cfebfd4af7f4a4479b0fac053e062)

Don't add empty pools line. Fixes #11488

(cherry picked from commit bb3a6eb44958841df4257ae7936e6714d1ed99a8)

Fix child SA name generation. Fixes #11487

(cherry picked from commit eb5bd64face47422285cb883ad44fc5d77c361fa)

Fix alias renaming issue

Do not prefix FQDN IPsec IDs with @. Fixes #11442

(cherry picked from commit c09137ab4726dc492c658c27b6c46e25f0fbb55b)

Fix custom XMLRPC port for Captive Portal. Fixes #11425

(cherry picked from commit fef846ce7ec4158a140f359b0fb35182f6ae9db9)

Welcome pfSense 2.5.0-RELEASE

Fix WireGuard add/next name behavior. Fixes #11407

• No need to set index when creating a new entry
• WireGuard interface name label was assuming array index=wg if name
  which was incorrect

(cherry picked from commit 11fd7da72502c991b1f1c0e886ea212235f4a505)

Handle case where copyright file is downloaded but has a size of zero

Fix Microsoft's idea of an apostropphe

Increment requested copyright version

Revise copyright modal to accommodate larger content

Use Netgate domain for bogons. Issue NG 5446

(cherry picked from commit 4a30c608aacdcb8a467e97d9ccda514e412731bf)

Detect Plus by product label

Rename Factory -> Plus

This file moved, remove old copy. Fixes #11389

(cherry picked from commit 860391bfcb5d273daef32780003014cfdd557a6d)

Revert "Refactor system_advanced_misc for MVC"

This reverts commit c33b0ab6c2fcd4c9786d1b5e7903c01fa1fafa7d.

Refactor system_advanced_misc for MVC

Typo

Add registered trdemark symbol where appropriate

Nested alias checking fix. Issue #11372

Return correct Track IPv6 address if >1 VIP on interface. Issue #5999

Welcome 2.5.0-RC

Remove what I suspect is a debug leftover

OpenVPN rmdir fix. Issue #11254

Style fixes

Captive Portal custom logo fix. Issue #11360

Refactored system_advanced_* pages for MVC

Issue #11340
Hide WireGuard interfaces on DHCP/DHCPv6 Relay pages,
Hide mediaopt field for WireGuard interfaces on interfaces.php page

Add brackets around IPv6 endpoint address. Issue #11338

Gateway Group Policy rule creation fix. Issue #11298

Delete all OpenVPN related files on instance deletion. Issue #11254

Mute console before load crypto modules

Fix WireGuard interface name assignment. Fixes #11323

Only set the name when it's empty/unset (e.g. when first created),
automatically determine the next available wg interface number.

WireGuard: Always derive public key. Issue #11322

If the user enters a different private key, using the supplied public
key would lead to a mismatch. So always derive the public key when saving.

WireGuard: Make pubkey read only, populate automatically. Fixes #11322

While here, add a link to copy the public key to the clipboard.

Improve WireGuard port validation. Fixes #11311

Suppress errors when opening router file. Fixes #11314

Attempt to use peer wg address if possible for gateway. Implements #11300

Refine Unbound auto ACL generation. Implements #11309

Rework WireGuard tonatsubnets/unbound ACL entries. Fixes #11304

Init var before use. Fixes #11307

Allowe peer port < 512

Allowe listen port < 512

Use correct default MTU for WireGuard. Fixes #11291

Add WireGuard to easyrule

Exclude wg(4) from auto outbound NAT. Fixes #11289

Assume default WG port if empty. Fixes #11286

Revert "Add wg to ALTQ list. Implements #11280"

Unstable. See #11285

This reverts commit 4a49b0d9b182c76f658201124c43278a65542c98.

Fix WireGuard case

Ticket #5186: Enable Wireguard firewall rules tab

Add wg to ALTQ list. Implements #11280

Show WireGuard interface description during assignment. Issue #11277

WireGuard assignment/disable behavior improvements. NG 5518

• Do not allow a WireGuard instance to be removed while assigned
• Do not allow a WireGuard instance to be disabled while assigned
• Destroy the WireGuard interface when disabled

Add ^wg to list of interface mimatch types

Add OS routes using WireGuard Peer AllowedIPs. Part of NG 5437

Remove WireGuard peernwks field which is not needed. Part of NG 5437

Fix some bad WireGuard capitalization

Automatic WireGuard interface gateways. Part of NG 5437

Retire VXLAN support

VXLAN support is not enterprise ready and after internal discussion we
decided we are not able to support it. We are committed to release
features only when they are ready.

Change XML listtag entry for peer to wgpeer for issue #5186

Fix copyright notices

Remove commented out code

Spell WireGuard properly

Add igc to ALTQ list. Issue NG 5185

Preserve wireguard address after interface assign

Improve code readability

Fixed #5486 by making peer endpoint and port optional

Added new Wireguard config fields peernwks and peerwgaddr per #5437

wg: Configure static routes

When configuring a wg tunnel, update static routes associated with that
interface

Update copyright year

Ticket #5186: Re-create config files during boot

Ticket #5186: Implement is_wg_enabled()

Ticket #5186: Fix comment

#5186 - Revised peer configuration to use 'wgpeer' rather than 'peer'

wg: Do not check assigned interface (Ticket #5186)

When saving changes on wireguard, do not check address conflict on
interface assigned to that tunnel, otherwise, it will not allow user to
save any modification

wg: Use a more generic function to detect IP address

wg: Remove extra spaces

wg: isset() just before is_array() is redundant

wg: unlink_if_exists() can deal with glob matches