pfSense

working

some progress

small fixes

conflicts resolved, needs testing

Merge pull request #4126 from vktg/ovpnwiz825

OpenVPN server cert default lifetime 825 days

IPsec swanctl conversion. Implements #9603

• Converted IPsec configuration code from ipsec.conf ipsec/stroke style
  to swanctl.conf swanctl/vici style. Issue #9603
• Split up much of the single large IPsec configuration function into
  multiple functions as appropriate....

Allow revoking serial '0' by number. Fixes #9869

Merge pull request #4098 from vktg/delzombiealiases

Merge pull request #4105 from vktg/guirebootarmcheck

cosmetic

Merge branch 'master' into p11ipsec

rebase

more

first steps

merge with upstream

php_uname func

Make hostname optional for for DNS-O-Matic.
This resolves ticket #7601.

Merge pull request #4114 from vktg/ospfpcap

Merge pull request #4107 from Godwottery/Godwottery-ping-wait

Add OpenVPN Keepalive/Ping/Inactive input validation. Fixes #3473

Make OpenVPN username-as-common-name options. Implements #8289

Add exit notify to OpenVPN servers/clients. Implements #9078

Prevent OpenVPN tunnel network reuse. Fixes #3244

Ensures that a submitted tunnel network is not already in use on other
OpenVPN client or server instances, to avoid conflicts.

Hide OpenVPN 'interface' when multihome is selected. Fixes #7840

OpenVPN ECDH/ECDSA filtering. Fixes #9744

Can be revisited in the future if the corresponding OpenVPN bug is
resolved.

OpenVPN status page sent/recv bytes sorting changes. Fixes #7359

OpenVPN page sorting tweaks

Add copy action to OpenVPN pages. Implements #5851

Added to Server, Client, and Client-Specific Override pages

arm check fix with get_single_sysctl()

Move CA random serial option to upper section. Issue #9883

This allows it to be set when creating a new CA, so it doesn't have to
be edited in later.

Also show the next serial/random status in the CA info block
Hide trust store line from non-CA entries since it's not relevant to...

Rename IPsec "RSA" options to "Certificate". Implements #9903

fix

more pretty func

Change interface disconnect/release button to 'danger'. Fixes #9911

While here, add the interface name to the button text.

Net effect is a confirmation box to ensure the user wants to take that
action, which could be disruptive.

extra switch case for !ospf

fixes

pcap ospf/ospfv3 support

Test DNS Hostnames separtely from GWs when storing new values. Fixes #9898

GUI improvements for ECDSA certificate handling

• Make central functions to check and test ECDSA compatibility. Issue #9843
• Filter incompatible certificates from being offered for the GUI or Captive Portal. Implements #9897
• Do the same for IPsec, which implements #4991...

Change default ECSDA curve to prime256v1. Issue #9843

Previous default was brainpool, but brainpool curves are not (widely?)
supported by browsers and were deprecated by IETF for TLS v1.3

Show DNS server help when server list is empty

Add edit screen for Certificate entries.

• Allows editing the name/descr. Implements #7861
• Adds a (not stored) password field and buttons for exporting encrypted private
  keys and PKCS#12 archives. Implements #1192
• More code optimization

CA/Cert optimizations

• Actions are now by refid rather than array index, which is more
  accurate and not as prone to being affected by parallel changes.
• Improved save & config write messages

Use central download function

Reduce duplicated/inconsistent code by using the new download function.

CA/Cert/CRL code optimizations

While here, use the new download function when exporting items

Validate CA/CRL serial input. Issue #9883 Issue #9869

Update privilege definitions

Enforce a max lifetime for CA/Cert/CRL. Issue #3956

Add support for randomized cert serial numbers. Implements #9883

CRL Fixes

• Correct a PHP error in non-edit CRL actions. Fixes #9879
• Correct display of revoke by serial options when the CRL CA contains no certificates. Issue #9869
• Wording/text changes

Update guiconfig.inc

more

first steps

CRL management overhaul

• Allow revoking by serial number or cert. Implements #9869
• Allow revoking multiple entries at a time. Implements #3258
• Declutter the main CRL list screen
• Move the create control to the bottom under the list
• Various other efficiency/style improvements

Also refresh trust store when renewing. Issue #4068

Add option to trust local CA entries. Implements #4068

Similar to closed PR #3558 from overhacked, but with a number of
changes.

Make value of cert notify setting consistent with others. Issue #7332

Allow packet capture to match IPv4+IPv6 CARP. Fixes #9867

CA validity checks. Fixes #3956

Add clientAuth EKU to Server type certificates. Fixes #9868

Certificate strength improvements. Fixes #9825

• Change default GUI cert lifetime to 825 days
• Add notes on CA/Cert pages about using potentially insecure parameter
  chocies
• Add visible warnings on CA/Cert pages if paramers are insecure/not
  recommended.

Fix whitespace

Fix Cert expire threshold input validation to allow empty values.

Set autocomplete=new-password for auth forms around the GUI. Implements #9864

Update diag_ping.php

Update diag_ping.php

Update diag_ping.php

As per comment. Hint left for sake of consistency.

Cert expire threshold input validation

Update diag_ping.php

Update diag_ping.php

Fix missing '$'

Update diag_ping.php

Update diag_ping.php

Update diag_ping.php

Add support for setting wait period between pings

Add settings to control certificate expiration notifications. Issue #7332

Note that the notices themselves do not yet exist. Those are still a
work in progress.

Add certificate lifetime to infoblock. Issue #7332

• Adds the total lifetime and lifetime remaining before expiration to
  the info block
• Adds a visual indication to the infoblock and end date when the
  certificate will be expiring soon, or if it has already expired.

Show detailed infoblock on CA and Cert pages. Implements #9856

• Moved info block to common function
• Used that function on CA and Cert pages
• Added more information to the info block

renamed click to select

upstream upd

fix

fix

fix

Add GUI code and more backend for CA/Cert Renewal. Issue #9842

Merge pull request #4104 from vktg/geneckey

show the key type and related info in the per-cert info block

spaces to tabs

spaces to tabs

ARM checks

fixes

Merge pull request #4103 from vktg/csreckey

Merge pull request #4101 from vktg/pcapstart

initial version

cosmetic

spaces

touch() if action == Start

Update diag_packet_capture.php

fixes

additions

initial

if spaces fixes

touch() fixes