pfSense

IPsec updates to address multiple issues

• Configure/apply code changes. * Vast performance increase. Fixes #12026 * Changed connection naming to be easier to interpret. Issue #11910
• VTI interface numbering changes. * Name is now "ipsec<reqid>" since reqid is unique per P2 and a low number....

Allow to disable IPsec PH1 when related P2s are in VTI mode and enabled. Fixes #11792

Update the Copyright year.

A subsequent commit will deal with .po's.

Merge pull request #4190 from vktg/remove00vti

Rework route functions

- Created route_table() that returns an array containing all items from
route table. It uses --libxo to get a json object
- Created route_get() that return an array with route items to desired
target
- Created route_get_default() to get current default route for inet or...

Remove extra 00 padding of VTI interface names. Issue #9592

Update vpn_ipsec.php

Add ipsec_reload_package_hook() to apply function.

Fixes Bug #10351

Allow manual selection of IPsec IKE Pseudo-Random Function (PRF). Issue #9309

allow to disable IPsec P1 when P2 is disabled VTI. Issue #10190

This is 2020. Issue #9245

Fix syntax error

fixes

fix route delete code

IPsec swanctl conversion. Implements #9603

• Converted IPsec configuration code from ipsec.conf ipsec/stroke style
  to swanctl.conf swanctl/vici style. Issue #9603
• Split up much of the single large IPsec configuration function into
  multiple functions as appropriate....

Only prevent deleting IPsec VTI P2 when set to VTI. Fixes #9258

Fix copyright message years to reflect BSDP -> ESF -> Netgate

Update copyright notices to 2019. Happy New Year

Fix #9121: Initialize arrays to prevent PHP 7 errors

Prevent disabling IPsec P1 with assigned VTI P2. Fixes #8674

VTI input validation. Fixes #8674

Add input validation to prevent switching away from VTI or deleting a
VTI P1/P2 which belongs to an assigned interface, since this would break
the interface assignment and cause an interface mismatch at the next
boot.

Please welcome routed IPsec using if_ipsec VTI interfaces. Implements #8544

To use, create a P1/P2 and set P2 to VTI using local/remote network as tunnel endpoint addresses, then assign the interface (enable, but IP type = none), and use like any other interface for routing.

Added a check to make sure ['ipsec'] was an array, Part of PHP 7.2 Migration

Remove Whitespace

I'm aware this is a very large commit. Let me know if you'd rather have it broken down by file type (ie: PHP/shell scripts) so it would be easier to review.

-RJ

Merge pull request #3711 from PiBa-NL/20170427-ipsec-multiple-P1-algo

Update the Copyright notice for pfSense.

ipsec, multiple phase1 ciphers, make use of 'repeatable' group

ipsec, allow configuration of multiple ike phase1 encryption ciphers (algo/bits/hash/dh)
this is useful for mobile users that need to connect with different operating systems. This way there is no need to find a single commonly supported weaker cipher.

ipsec overview, check label exists for interface including disabled ones, tell what was configured if not found.

ipsec webgui, move building the $iflabels array outside if the loop

Add reason to write_config() calls

Revisions to GET/POST conversion limiting POSTs to save, apply, and delete functions - VPN

GET/POST conversion vpn_ipsec*

Code with multiple %s in usr/local/www

Merge pull request #3369 from phil-davis/breadcrumbs_detail

Breadcrumb links

Report problems applying changes

1) Strictly keep track of the accumulating $retval from calls to various
functions that apply changes.
2) Use new function print_apply_result_box() to print a suitable message
in a suitable severity based on $retval

Move copyright from ESF to Netgate

Move to Apache License 2.0

Review license / copyright on all files (final round)

Always use require_once

The usage of require() and require_once() throughout the system is
inconsistent, and "bugs" come up now and then when the order of
"requires" is a bit different and some require() happens after the
include file is already included/required....

Handle mode correctly with Auto IKE. Ticket #6360

Fixed #6092

Miscellaneous II - Remove Personalizations

Remove "you" personalizations.

VPN / IPsec - Remove Personalizations

Remove "you" personalizations.

Fix up the "Show Phase 2 Entries" button for IPsec. Ticket #5965

Anchot icon requires icon-pointer class

Bring some consistency to the way most buttons are displayed (color, icons, etc). Ticket #5965

Still need to review Advanced buttons and Repeatable block buttons.

Bring all calls of print_info_box to same standard

The call itself to print_info_box already echoes the content. There is no need of additionally using the short-open-echo tag on those calls to echo return value. The previous implementation shouldn't yell any visible issues as return is 'NULL' (undefined) which casts to an empty string when printing. But, just for the sake of conformity, this changes are advisable in my opinion.

Review alert wording. End sentence with period, remove redundant 'Warning', 'Error', etc. prefixes, since alerts are now color coded. Remove <b> tags.

Merge pull request #2616 from k-paulius/captions

Fix IKE version "auto". Ticket #5880

Convert section titles to title case

Cleanup

Remove closing tag followed by opening tag. Change short_open_tag to full tag and put small instructions on same line.

Fix style issues.

Review of CARP uniqid changes.

It turns out that current CARP implementation is not much different from an IP alias.

This commit converts the IP alias to also use the CARP uniqid scheme, this simplify the code in all other places because now we have only two different cases to deal with:...

Internationalize vpn*.php

Standardize print_apply_box usage

1) For the translators, it should be better to do it consistently. Then
they only need to have 1 translation of "You must apply the changes in
order for them to take effect" and can translate each of the other
custom sentences individually....

Fixed #5805

Fix #5794 remove print_info_box_np chackes for gettext("apply")

1) Get rid of the stristr() checks to "guess" if an apply button should
be used.
2) Change print_info_box() so it can take a button name of "close"
, "apply" or none to decide which button to show....

Remove reference to obsoleted row_toggle.js. Noted in Ticket #5724

Allow thee use of multiple infoblock on a page

Change the automatic information block to look for <div class="infoblock" instrad of <div id="infoblock"
Just makes more sense to use a class for this

Adjust more calls to print_info_box with unquoted strings

Fixed #5724

Tidy up columns in "ipsec"

status_ipsec.php
- remove unused column

vpn_ipsec.php
- reduce COLPSAN to seven

Code style v w

Rename of files to better match their position in the memory structure

Standardize VPN IPsec breadcrumbs

keep consistency with RFC-defined capitalization, IPsec.

Calling all of these "Page" in the privilege name is redundant since they are all pages and the "WebCfg" prefix implies they are pages.

Remove the last usage cases of $config['ipsec']['enable'].

IPSEC is always on in 2.3, where necessary (IPSEC rules, IPSEC daemon), we check the existence of phase 1 entries.

Fixed #5465

Fixed #5393 by reverting to "Move to here" icon/control

Move "Add P2" button to left side to facilitate use of smaller screens
Fix HTML indenting

Copyright updates Batch 2 of 3

Delete confirmation vi fa-trash automated via pfSense.js

Moved action-buttons in-line styling to pfSense.css

replace and find for icon-embed-btn

Buttons updated

Completed #5357

Partial fix for #5181
P2 entries now drag/dropable

Fixed #5155

Fixed #5103
Added back enable control
Tidied up the page display by adding a panel surronding the tables

fix text

Merge branch 'master' into bootstrap

Move main pfSense content to src/