pfSense

Update translation files

Regenerate pot

Revert "Default VTI remote to Address but allow it to change. Fixes #8859"

This reverts commit da54e84ae79328a87b4a319239bb1b14d7ed2ce6.

Prevent a user from selecting VTI for mobile IPsec. Fixes #8877

(cherry picked from commit 885cf6a751f076f43fa89167ba2a79f779244f1b)

Changes on the parent interfaces will create new interfaces and the existing VLANs needs to be redone.

Ticket #8527

(cherry picked from commit 6fd6b8536b80316caf0f3b9221ed6af0b3453571)

IPsec VTI requires a manually specified network/address. Issue #8877

Prevent a user from selecting an interface macro like "LAN Network"
which cannot be used with VTI since it does not work like traditional
IPsec Phase 2 definitions.

(cherry picked from commit 02af14942872567362f1761f06a1d754080da074)

Fix a PHP error when upgrading gateways

(cherry picked from commit bd670efef4c642ebb03b844ef0c38258740a37a1)

Init gateway group array before use. Fixes #8876

(cherry picked from commit b54a1af45c5add4e57253bfa0b562dadf3ae10f7)

Welcome pfSense 2.4.4-RC

Fix #8806: Configure captive portal on secondary identical as master HA node

Fix #8721: Call proper filter_configure function from this class

Change status.php to use "ifconfig -v". Implements #8860

Default VTI remote to Address but allow it to change. Fixes #8859

Make async_crypto explicit enabled/disabled rather than current isset

Move IPsec VTI interface cleanup list. Fixes #8858

Generate the cleanup list before the P1 loop but after the initial
interface configuration.

Use safe_mkdir() for IPsec dirs. Fixes #8856

Simplifies the process of making IPsec dirs, though it may not correct
the original reported issue since that appears to be a disk problem,
it's still better/safer than what was done here before.

Initialize IPsec logging array before use. Fixes #8857

Fix #7694: Replace sshlockout_pf by sshguard

Missing line to fix #8850

Set default new CA/Cert action to Create Internal. Implements #8851

Allow packages to opt out of a forced start. Fixes #8850

If a package performs its own service start during its sync process,
then add <starts_on_sync/> to its service definition in the package XML
file. Then when rc.start_packages is called, the forced start will not...

Fixes #8767 PHP7 syntax error

Update translation files

Regenerate pot

Fix Minnowboard Turbot model names. SG-2320 -> MBT-2220, SG-2340 -> MBT-4220

fixes #8837 part 2, initialize as array instead of string for PHP7

Bug was fixed in pfsense module and this code is no longer needed so removing.

$wancfg is not a reference to $config. Set $random_mac properly on config and break long lines while here

Revert ticket #1337

FreeBSD is not happy with simple set VLAN to use a different MAC
address. Revert it for now and prevent users to change VLAN interface
MAC address.

Fix some integer assumptions with calculate_ipv6_delegation_length()

Escape arguments when relinquishing a DHCP lease. Fixes #8843

Fix extra braces

Fixed #8838

Fixed #8837

Add missing break in IpAddress form class. Fixes #8834

Fixed #8812

Perople were misunderstanding "hint" so changed it to "identifier"

PHP7 fixes: Use of undefined constants

Implement #1335:

Let VLANs to have a different MAC address than its parent.

While here also fixes #8138 and do not ignore <spoofmac> for interfaces
without hwaddr field

Do not let users change QinQ mac address

Remove not used 'Copy my MAC' button code

Merge pull request #3974 from Augustin-FL/patch-passthrough

Update translation files

Regenerate pot

Merge pull request #3973 from PiBa-NL/20180821-getarraybyref

Fix syntax and use unlink_if_exists()

Merge pull request #3965 from Hobby-Student/master

Fixed #8823

Use ctype_xdigit() instead of is_numeric() to validate hex. Issue #8824

Add the GUI support to set the VLAN Priority for the DHCP requests.

Ticket #7425

Automatically store username of the MAC created pass-through

Fixes #8800 Interfaces will show up in the group edit page even if disabled so they can be removed

Handle HTTP_REFERER better when changing IP addr. Fixes #8822

Fall back to probing active interface addresses rather than config.xml to allow changed addresses that have not yet been applied.

Redact lightsquid pw in status output. Fixes #8819

Add a missed case for auth source detection. Fixes #8817

Add "select all" control to remaining NAT pages

Make config_array_from_str() function more general

Fixed #8803

add getarraybyref() utility function for general use (used also to avoid php7 'Cannot create references to/from string offsets' messages)

Fixed #8803
Don't attempt to access $config elements that don't exist. PHP7 doesn't like it

Only show the DHCP6 VLAN Priority settings for VLAN interfaces.

Certs: Fix CA subject assumptions. Fixes #8801

Several areas made assumptions about the number and order of CA subject
fields that were no longer correct after issue #8381 was corrected.

While here, also remove some outdated references to fields that are no...

Declare variable out of loop

Try to run upgrade script 3 times

Fix #8519

- Remove possible leftover sockfile before call pfSense-upgrade
- Wait until sockfile exists while process is still running
- Make sure to start polling only if process is running and sockfile
exists

Remove leftover

Make sure to use string starting at __RC= position

on arm and arm64 machines, set kern.shutdown.secure_halt = 1

the arm systems leave enough running after halt to forward packets.
this is a bad thing. on arm systems, set this sysctl so that when
a halt command is issued, it is severely stopped and no packet...

Do not use gettext() on default LAN interface name

Add logged in user to Dashboard sysinfo widget. Implements #8817

User login source & proxy fwd addr to user data. Fixes #8813 Fixes #8816

While here, use this info more consistently across log messages and
places where user info is recorded when making changes.

Fixes #8805 Refresh captive portal zone when vouchers are changed to regenerate captive portal login page

Revise T&C text area height

Fix syntax

Added "select all" control
Fixed #8812

Merge pull request #3972 from Augustin-FL/patch-passthrough

Add interface_is_lagg(), improve interface_is_vlan() and make get_parent_interface() work with laggs.

Added PORTAL_MESSAGE to template, fixed some wording and styling

Readded second authentication type to default captiveportal login

Disconnect and remove previous Pass-Through MAC address when both Disable concurrent logins and passthrough MAC addition are enabled

Merge branch 'master' of gitlab.netgate.com:pfSense/pfSense

Updated captive portal to use a template with customizable image uploads

Co-authored-by: Felix Häberle <felixhaeberle@users.noreply.github.com>

Do not blindly unset values that may not exist in OpenVPN wizard. Fixes #8792

Add default ICMPv6 rule for unspecified src per RFC4861. Fixes #8791

Merge pull request #3971 from Augustin-FL/captiveportal

fix failed implode when auth_server2 is empty

Disable OpenVPN compression for new instances by default. Fixes #8788

Also add warning text that cautions against enabling compression.

While here, also add missing "stub-v2" compression mode.

Merge pull request #3970 from Grapsus/master

Fix #8785: Add CDATA to auth_prompt field

Update translation files

Regenerate pot

Revise setup wizard link

Fixed #8745 by trimming nulls from bridgeif

Merge pull request #3640 from Augustin-FL/master

Rework pkg_mgr_install.php

There were many reports from users that in some specific cases GUI was
losing track of pfSense-upgrade instance and showing messages saying
upgrade process aborted while it was still running in background.

Keep track of pfSense-upgrade wrapper process started by GUI and...

Fix custom dyndns issue: username and password was not sent with curl flag AUTH_ANY

Revise Netgate product links

Upgrade config : Move captiveportal authentication to use user manager

Update and clarify captiveportal GUI settings

Obsolete old captiveportal radius files