Helper format_duid() for DUID input
Merge pull request #3346 from scherma/reverting
Allow admin to clear notices
Handle the RA Search Domain List when writing out the RADVD config. Fixes #7081
Return partial MAC address matching support to is_macaddr(). Fixes #7088
Corrected indentation style
Merge pull request #3353 from phil-davis/gw_status_umonitored
get_pkg_info() fallback using pkg info if no local copy of repo catalog
Current behaviour
At the moment, get_pkg_info() is used to get all information on packages. The parameter $local_only is set to request info directly from the local copy of the repo catalog (using -U) without requesting the remote repo catalog or updating the local copy from the remote repo catalog. If the calling code wants only installed pkgs, it filters the returned list of pkgs looking for $pkg['installed'] == true....
Correctly report unmonitored gateway status
If an alternate monitor IP has been entered and saved, then the userchecks "Disable Gateway Monitoring" and saves, the alternate monitor IPis retained in the config - that is handy for when unchecking "Disable...
Fix up OpenVPN CSC page help text, add IPv6 tunnel network. Fixes #7053
Destroy tun/tap device when delete OpenVPN tunnel
Remove unnecessary reference
Revert "Destroy tun/tap device when delete OpenVPN tunnel"
This reverts commit 0a07be0287189cda229fab27ad733e9de3dc12f5.
Add backend support to OpenVPN for NCP. Ticket #7072
Set default in 'else' of if block
Merge pull request #3315 from plumbeo/accounting-on-disable-reboot
Merge pull request #3316 from plumbeo/fix-disconnect-all
Merge pull request #3342 from PiBa-NL/dyndns.class_json_body
Merge pull request #3132 from WorldTech-Solutions/master
Fix #7074: Fix automatic port number guessing
Rework openvpn_port_used() to take care of following conflicts afterticket #7062 was committed:
Remove this extra comma. It's not causing a syntax error but it's also not necessary.
Rework openvpn_vpnid_next() and remove duplicated code
Add some more help text to OpenVPN pages.
Fix indentation
Merge branch 'master' into reverting
Override default timer if set in system config
Cache authentication for a short time
Currently there is an authentication lookup for every GET; a single page load can cause dozens of lookups and hundreds of lines of logs (and continuous logs in the case of pages with widgets). This change allows pfsense to remember authentication, but forces recheck after a short time in case of access revocations/changes.
SESSION remembers authentication instead of checking for every HTTP request
Replace "client-cert-not-required" with "verify-client-cert none". Fixes #7073
Add --tls-crypt support for OpenVPN servers and clients. Implements #7071
Make sure ZFS partiion is mounted read-write before try to change items in filesystem
Break some long lines, no functional changes
Rework logic and reduce indent levels. No functional changes
Fix #6357: Validate if RFC2136 dyndns updates succeeded
Bring compression options in line with OpenVPN 2.4. Note that the old style options are deprecated/legacy but don't remove yet, for compatibility. Implements #7064
Ticket #6096: Add PKG_DBDIR and PKG_CACHEDIR to user environment
Ticket #6096: Remove target before try to move, also use mv -f to avoid human interaction
Pass specific filename to tar and rm during rrd backup
Merge pull request #3304 from marjohn56/master
Make sure $openvpn_dh_lengths is declared global. Ticket #7065
Merge pull request #3322 from phil-davis/pagenames
Fix var name cut-paste error in openvpn.inc
Add OpenVPN ECDH options. Implements #7063
Update OpenVPN protocol preferences to match the new behavior of OpenVPN 2.4. Fixes #7062
Allow OpenVPN DNS servers for clients to be IPv6 as well as IPv4. Implements #7061
Add IPv6 virtual address to SSL/TLS client output, formatting corrections/enhancement for SSL/TLS client and server. Ticket #2766
Update OpenVPN SSL/TLS server status to reflect changes in OpenVPN 2.4. Ticket #2766
Standardize privilege name capitalization
While looking at some privilege stuff, I noticed that variouscapitlization looked inconsistent down the list. This makes the listlook more consistent.
Ticket #7054: Remove tun-ipv6 option, deprecated on OpenVPN 2.4.0 and related GUI knobs
Merge pull request #3139 from stilez/patch-38
Merge pull request #3322 from phil-davis/viewclearnotices
Fix #6982: Remove wrong global definition of use_filterdns and pass it as reference
Implement a different method to obtain the 'main' IP (v4) for the interface.
The last interface IP is always saved in /var/db/${interface}_ip. Use that file, if it exist, to find the main interface IP.
The file is created by the same process and function that call 'ifconfig setfirst', so the presence of that file should produce a very similar behavior....
Ticket #6920: Use filter_rule_function tag to detect function name
Fix #6920: Do not include stale .inc files
Packages can declare a function called $pkgname_generate_rules() and itwill be executed during filter reload process and add the hability topackage insert necessary firewall rules. Code was listing all files/usr/local/pkg/*.inc and processing all of them without any kind of...
Captive portal: rework logging and RADIUS accounting when disabling a zone or rebooting
Make captiveportal_radius_stop_all() log the disconnections in the system log and fix it so that it works with the zone id parameter and sends complete RADIUS accounting packets....
Remove obsolete console menu option that was a remnant of the livecd which was removed some time ago.
Add reroot support to system_reboot_sync() and to the /etc/rc.initial.reboot menu. Ticket #6045
Teach /etc/rc.reboot to reroot when -r parameter is specified
Remove old hacks used to upgrade from 2.1 to 2.2
Captive portal: use locking to avoid race conditions between rc.prunecaptiveportal and captiveportal_disconnect_all()
Convert rc.prunecaptiveportal to lock()/unlock()/try_lock() and use the lock to ensure that there aren't race conditions between it and captiveportal_disconnect_all().
Captive portal: work around race condition between captiveportal_disconnect_all() and captiveportal_prune_old()
Captiveportal_disconnect_all() loops through the active users and disconnects them immediately but doesn't remove them from the user database, only adding them to a list that is processed after the end of the loop....
dyndns.class, fix json curl body parsing for Cloudflare by not including headers
Add playback scripts to drill into pf tables and anchors to list their contents.
Fix license for gatewaystatus playback script
Add a pfSense php shell playback script to show the gateway status. Ticket #7046
Add a function to format and return plain text output showing the gateway status, for use by a shell script and status.php. Ticket #7046
Add privs to control display of notices
This is a suggested way to allow control of the display and clearing ofnotices. The use case is:1) A user with minimal page privs (e.g. can just change their password,or access a few status pages or...) should not be automatically able to...
Merge pull request #3317 from phil-davis/patch-1
Remove unused print_noices and print_notice_box
When looking into how the notices features work these days, I found that these functions are no longer used anywhere.Maybe they should be deleted?
Refactor to use notify_all_remote
While looking at notices.inc I noticed (pardon the pun) that notify_all_remote did exactly the same as these 2 lines of code. notify_all_remote() might as well be used here, to save having the same code repeated.
Changes as requested
Merge pull request #3300 from plumbeo/disconnect-all
Merge pull request #3307 from blkeller/ignore-client-uids
Merge pull request #3266 from PiBa-NL/IPv6-prefixdelegation-size59
Merge pull request #3312 from phil-davis/staticroutes
Fix nested aliases with FQDN (Fixes #6982)
Make $use_filterdns a parameter. It needs to be persistent acrossrecursive calls otherwise it ends up not adding necessary items tofilterdns depending of how items are sorted
Remove unused variable
Fix #3560 correctly handle disabled static routes
1) util.inc - add parameter to get_staticroutes() so the caller canchoose to see all static routes or only the ones that are currentlyenabled.2) filter.inc - just process enabled static routes when making direct...
Exclude /var/empty from tar extract and make sure its permissions are respected when it's created
Captive portal: add button to disconnect all users
Add a function to disconnect all logged in users and a button to call it in the captive portal status page.
Save the igmpproxy configuration in /var/etc and not on /tmp.
tidy
Added get_duid_from_file() function
Used in System->Advanced->Networking to display the current DUID in the placeholder for setting the DUID.
Merge pull request #3306 from phil-davis/ovpndhcp
Add new "Ignore client identifiers" DHCP feature
Exposes the underlying dhcpd configuration option "ignore-client-uids" in the pfSense "Services / DHCP Server" GUI by adding an "Ignore clientidentifiers" checkbox.
As of ISC dhcpd version 4.3.0+, there is a new configuration statement...
Refactor interface_has_dhcp
to reduce nesting
Update obsoleted files list for 2.4
Fix #7031 Allow interfaces that use DHCP for OpenVPN
even though the interface (or gateway group) has not yet actuallyreceived an IP address.This is useful when setting up a new system that is currently offline.
Silence realpath errors when /dev/dumpdev does not exist.
Fix the download of files over https when the server uses a self signed certificate.
Submitted by: Marcelo Matos
Ticket #4766
Fix missed reference to the pfSense-dhclient-script move.
User Defined DUID
User may define a DUID to use in System->Advanced->Networking. Theentered DUID is validated for composition and length, if valid it isstored in the config.xml. On call of wan_dhcp6_configure() the DUID iswritten to file to be read by dhcp6c on launch.
Merge pull request #3298 from phil-davis/patch-7
validateipaddr update return value comments
Fix #7021: Deprecate device polling
validateipaddr use constants from globals.inc