OpenVPN Wizard: Enable exit_notify by default
Follow up with fix for ticket #11684 and also enable it on servertunnels created using wizard
(cherry picked from commit e6389f634a25f6c391531d779e147883568a3e83)
Simplify logic: no functional changes
(cherry picked from commit a314c6c846406115c426ed20b102daf6e206b420)
Outbound NAT: Fix rule duplication - #11981
- firewall_nat_out.inc: Declare $after as a global variable otherwise duplicate rule will always end up at the bottom- Do not set $id and $after with dup parameter value when save button was pressed or it will replace rule instead of duplicate it...
AutoConfigBackup schedule custom hour value fix. Issue #11946
(cherry picked from commit 806d5c497497476e92568e168c302275e576e25c)
Duplicating Outbound NAT rule fix. Issue #11981
(cherry picked from commit 68be10e63195d399089092149e119de30ae6a639)
Create Outbound NAT automatic equivalent rules when switching from Automatic to Manual mode. Fixes #11982
(cherry picked from commit ec8adb56d59a293516d1a0a3fb4eb45aad299f5b)
FRR help links. Fixes #11943
(cherry picked from commit be659aff5a3a52c1e08481a00eb697ecd86a9899)
Allow to use numeric with decimal point for RADIUS Advanced Parameters. Feature #11211
(cherry picked from commit f5ab9736059e616e4a037591ef6f89d1c14e23ed)
Welcome pfSense CE 2.5.2-BETA
Observe 'after' value when creating a new rule
Make VLAN table sortable. Implements #11968
Move globals to include file
Validate input depends on flag
Toggle-rule rename var for consistency
Toggle-rule returns new ruke status
ipsec: Normalize ipsec_lookup_phase1()
- $ph2ent doesn't need to be a pointer- Return true when $ph1ent is found since $ph1ent is a pointer and is filled with proper content in this case
Add missing vars to applyVIP(). Fixes #11723
Fix PHP error when changing Sys Info Widget. Fixes #11939
Avoid attempting to use $crypto when it's empty/undefined.
1:1 NAT IPsec/OpenVPN/L2TP/PPPoE and interface groups input validation extra 2.6 fix. Issue #11751
NAT 1:1 destination alias validation. Fixes #11923
Refactor firewall_nat_out for MVC
Refactor firewall_nat_npt for MVC
Refactor firewall_nat_1to1_edit for MVC
Refactor 1 to 1 NAT for MVC
One.com, NIC.RU, Yandex DynDNS support. Implements #11293 #11294 #11358
Set explicit-exit-notify to 1 for new OpenVPN Server instances. Issue #11684
NTP status widget fix. Issue #11495
Set default OpenVPN inactive timeout to 300. Issue #11699
Set default_socket_timeout on XMLRPC sync. Fixes #11718
saveVIP() fix. Issue #11723
Include Chelsio temperature values.
https://redmine.pfsense.org/issues/11787
Merge pull request #4518 from bauerstefan/master
Refactor hide logic for fields on DynDNS edit page. Fixes #11840
The page included hide/show logic for username field only for fewproviders, which meant that if a provider with the hide logic wasselected, then the field was lost for all others too. This commit...
Merge pull request #4517 from vajonam/fix_address_clone
IPsec Dashboard widget improvement. Fixes #11893
Change firmware update message text. Issue #11897
Merge branch 'viktor/pfSense-nat11ipsecfix'
Merge branch 'viktor/pfSense-ng6255fix'
Merge branch 'viktor/pfSense-11850fix'
Merge branch 'viktor/pfSense-ipsecvtidisable'
Merge branch 'viktor/pfSense-sanitize_pass_radmac_secret'
Merge branch 'viktor/pfSense-noticeshtmlencfix'
Merge branch 'viktor/pfSense-tcpflagsinputvalidation'
Merge branch 'danilo/pfSense-bug11754fix'
Show Export P12 icon if certificate is not locally renewable. Fixes #11884
Radvd config page reload/logs buttons. Fixes NG #6255
NTP Authentication key input validation fix. Issue #11850
1:1 NAT IPsec/OpenVPN/L2TP/PPPoE and interface groups input validation fix. Issue #11751
Firewall Rule TCP flags input validation. Fixes #11762
Notices modal window HTML encoding fix. Issue #11765
Sanitize pass and radmac_secret. Fixes #11767 and #11769
Allow to disable IPsec PH1 when related P2s are in VTI mode and enabled. Fixes #11792
IPsec multiple identical P1 tunnels input validation improvement. Fixes NG #6010
Kill IPv6 client states on OpenVPN disconnect. Implements #11700
Do not try to display too large PHP_errors.log file. Fixes #11685
Remove unused killall qstats command. Issue #11229
Reroot is safe on ZFS now, so allow it. Fixes NG 6304
Update services_dyndns_edit.php
Fix additional typo in description.
Allow group authentication for NoIP dyndns service.Extend information for service NoIP to replace ':' in username by '#'.Allow '#' in username.
Correct IPsec P1 Child SA Start Action validation. Fixes #11576
Add spinning icon to IPsec status wait message
fix for missing 0 subnet when clone address entry, needed for vpn's that need two 0 subnets one for ipv4 and ipv6
Add IPsec GUI control for Child SA Start Action. Implements #11576
Skip expired DHCP leases for ARP table content. Fixes #11510
Improve Captive Portal redirect URL handling.
Load MAC OEM list when preparing ARP table. Fixes #11819
Moved web include files from /etc/inc/web to /usr/local/pfSense/include/www
Show Unbound used certificate on the Certificate Manager page. Fixes #11678
Note says that gateway or failover gatewaygroup are valid options #11164
OpenVPN Cisco AVPair {clientipv6} template. Implements #11596
Fix #11760: Make sure log file exist
Prevent PHP complaining about log file not found and create an emptyfile when it doesn't exist. In this case return code will not be readand it will not break the loop, trying one more time.
Updates the help text for DigitalOcean client setup. Issue #11754
Firewall Schedules edit fix. Issue #11747
Upgrade: Improve information when it fails
Since first version after pfSense-upgrade, pkg_mgr_install.php waits forpkg socket to start presenting information to users. This socket isresponsible for providing needed data to make progress bar to work.
When socket never shows up, usually because pfSense-upgrade aborted...
Display a suitable message in the textarea if the update process aborts for any reason. Tighten up timing so that update attempts that complete very quickly are not missed.
Find IPsec IKEv1 SAs widget fix. Issue #11435
Update translation files
Regenerate pot
Remove WireGuard support
Out of an abundance of caution while we investigate the claims aboutWireGuard in public, we need to remove it from pfSense Plus and CE inorder to shield customers from potential risk.
Fix user cert parameters when creating user+cert. Fixes #11705
Fixed #11702 by revising ramdisk code
Merge pull request #4503 from nraven777/patch-1
set_curlproxy() fixes. Issue #11476
Finish refactoring firewall_NAT* for MVC
Reject IPv4-mapped IPv6 addresses on Mobile IPsec DNS server input validation. Fixes #11446
Change OpenVPN auth to php-cgi for the time being. Fixes #4521
Refine help/error text for system domain. Fixes #11658
IPsec IKEv1 mixed Phase 2 IP protocols support. Issue #11643
OpenVPN auth sources strlen validation. Issue #11104
route_del() optimization. Issue #11475
Reverse x509 escape cert subjects on renewal page. Fixes #11654
Revise firewall_nat_edit for MVC
Remove obsolete vars for MVC
Revise firewall_nat.php for MVC
Typo fix. Issue #11624
Rework WOL page a bit. Fixes #11616
Move custom IPSEC NAT-T port settings to Advanced Options. Todo #11518
Set explicit-exit-notify to 1 for new OpenVPN Client instances. Implements #11521