Make OpenVPN username-as-common-name options. Implements #8289
(cherry picked from commit e5c4f2a7d977fb1fd6c7b4446e187486b72285be)
Do not restart L2TP server after adding/modifying users. Issue #4866
(cherry picked from commit 810923482479d09c4987f7f29b12299be15ac352)
Do not include disabled IPSec P2 entries to <vpn_networks>. Issue #7622
(cherry picked from commit 12f9467e207e07bee4b93673b17b836e77216f6e)
Add ipsec_reload_package_hook() to apply function. Fixes Bug #10351
Adapted From 4aebc4ba84aefa0be7084960cb1387352e6a3792
DHCP6 client discard REQUEST messages. Issue #9634
(cherry picked from commit 8788b0613a66e48ff4da45f4228bda481c37f7a9)
Compare compressed IPv6 CARP VIP. Issue #6579
(cherry picked from commit 84052eb74b7c470ebf8fd0bb1b56ce475725b1a6)
Firewall rule states link and Require State Filter option fix. Issue #10359
(cherry picked from commit afb4cdcd2a96138b70b888c6750f8b1140ab8c2a)
Fix OpenVPN status.php output for 2.4.5 Implements #10350
Factor existing RAM disk usage into kmem calculation. Fixes #10420
(cherry picked from commit 355aa65e684431fe435dcf51c92f17659b5b000d)
Remove CA prv key fix. Issue #10509
(Based on 0447f01b1eb02354f5658d535bd33bfa022d6083, Adjusted for RELENG_2_4_5)
Avoid very slow GUI loads when ews.netgate.com can't be resolved #8987
(cherry picked from commit 3c07f4986e6dfdd552ba8c68bb6ae866dff91dd9)
Skip all RRD data on backup. Issue #10508
(cherry picked from commit 6c1b20af47553b6e95669b9ccc2d4109364c0d4c)
EDNS buffer size configuration. Issue #10293
(cherry picked from commit 09d529a6b3888479b015edba166d31cd214387cc)
DHCP Domain trailing dot validation. Issue #8054
(cherry picked from commit 8ee5aa03950902e8de301dedaa1fddda4a74e709)
Same gateway naming convention for the console and the WebGUI. Issue #10264
(cherry picked from commit b504ede55d68d82e84a5c48ff75ddc805b6ce391)
Add OpenVPN config files to status output. Implements #10350
This form will only work on 2.5.0 since the directory layout changed.
(cherry picked from commit edc7e81f621805af8174fd7cf7299eb6afe1969c)
Port forward dst port Any fix. Issue #7704
(cherry picked from commit da7f67b8f0b1d55b3b0ebfb99b198abc9e47ff53)
requested changes
(cherry picked from commit b1c85ec0fc263a0b237bd3364b249eb5f85e35dc)
Outbound NAT and multiple IPSEC IPs for mobile warriors
(cherry picked from commit 8897cbce7fc410029ac367eeee7c12261fec896f)
status.php: Add upgrade_log.latest.txt. Issue #10455
(cherry picked from commit 6c773de2544d267b8834c09beb40f83d9a1c32d4)
OpenVPN/IPsec IPv6 prefix in DNS Resolver access list. Issue #10460
(cherry picked from commit 79eef195a77d7c05628adaa7418d748c05d862a8)
IPsec VTI enable netmask. Issue #10418
(cherry picked from commit 0bb934e9d7dd8c852bae4b221501b90e8dc1569b)
IPsec VTI /30 netmask. Issue #10418
(cherry picked from commit 92ab21bb3f74413654fefd7b7a451641cf7c02a7)
Check IPv6 interface aliases for firewall rules. Issue #8256
(cherry picked from commit 453c3b38407cd5f804d40f0a9946a05297dd3655)
DHCPv6 update-static-leases. Issue #10412
(cherry picked from commit 1a618dc0d1977120810bfd8454fd4deda0a4ed55)
DHCPv6 service Dynamic DNS fix. Issue #10346
(cherry picked from commit 9fbd8f713449b2315daac91e219e711c8954ce7c)
pfSense copynotice.inc copyright 2020. Issue #10373
(cherry picked from commit 501c65dfb00cbfb737a659c6be0fd3113045980e)
Floating rules tab fix. Issue #4629
(cherry picked from commit 65d935bfddb2d4d0e4816d344573d03e2b73b464)
Add Interfaces column to Floating Rules. Issue #4629
(cherry picked from commit bf83fb9ab93435e605d28b67e0352d32ce63ba2d)
fix #10499 dark theme autocomplete popup not readable
(cherry picked from commit 1d06b51d92483b70be11dcb4ca1d78e2f2b5dd15)
Ignore user-config-readonly for admin/admins. Fixes #10492
(cherry picked from commit fa0ed29ef58fe6758f2cdc96f5bf68da32241faf)
More safety belts for upgrade_174_to_175(). Fixes #10458
(cherry picked from commit ca676aa35482c4e4fd64bfdcee9afe6d33b6c5fe)
DigitalOcean IPv6 DDNS Client to find IPv6 entries when updating. Issue #10390
-[] Redmine Issue: https://redmine.pfsense.org/issues/10390
-[] Ready for review
(cherry picked from commit 08939cfbc054fcaed03a3128b673b2db592cc2ad)
status.php updates
(cherry picked from commit b943d20dcd9a580c18ce804b47f512855272f1dd)
Ticket #9267: Fix dhclient-script to handle error properly
Update translation files
Regenerate pot
The time has come for 2.4.5-RELEASE
Validation and encoding for Ping and Traceroute. Fixes #10355
(cherry picked from commit cc3990a334059018b004c91eeb66c147d8afe83d)
Fix #10331: Fix sprintf() placeholder
Encode user descr before output. Fixes #103241
(cherry picked from commit 3c1e53dabe966f27c9097a5a923e77f49ae5fffa)
Fix potential PHP error in service-utils.inc. Fixes #10308
Correct 'default' behavior of OpenVPN TLS key dir. Fixes #10287
(cherry picked from commit d2011b0addd27766e6b402270c79d06c6c485f04)
L2TP and PPPoE user password validation. Fixes #10275
(cherry picked from commit 48dae98cf7837af3071521bdabb788af6d3e0f41)
Auto GUI/OpenVPN wizard cert lifetime reduced to 398. Fixes #9825
Fix PHP syntax error in traffic_shaper_wizard_multi_all.inc
Fix PHP errors in traffic_shaper_wizard_dedicated.inc
(cherry picked from commit 9d141b4de6a5760b88b94100aa216e0559a102fc)
Update loader.conf when maximumtableentries changes
On Firewall -> Advanced -> Firewall, when maximumtableentries itemchanges, make sure /boot/loader.conf is changed accordingly. If thevalue is bigger than sysctl net.pf.request_maxcount, then warn user that...
Add net.pf.request_maxcount to loader.conf
On FreeBSD 12 and newer pf uses this sysctl to define maximum number ofitems supported by its allocations. Make sure it's always present in/boot/loader.conf and set it to the same value of config item forsystem -> maximumtableentries...
get_service_with_port(): Validate port contents. Fixes #10255
Point to a checkip doc URL that exists now.
(cherry picked from commit b2bfc3399c802760f25cdc02611b5e79fa3afcd6)
Fix braces. Issue #10246
(cherry picked from commit c03557a25af6a41cb84078416e4f7023449305b2)
NAT rule dst port reference corrections. Fixes #10246
When negating, the number of elements in $dstaddr_port is different. Donot hardcode the index of the assumed last value, but calculate itinstead.
Otherwise the ruleset can have invalid entries like "port port" in...
IPsec VTI IPv6 address correction. Fixes #9801
When setting up IPv6 VTI, assume /64 -- Previous code was assuming /32which wasn't correct, and it can't be /128 either since the IPv6addresses are not point-to-point like IPv4.
(cherry picked from commit c519b62f8fc3ed094952c6289d21c429df139c51)
Ensure ALTQ bw is treated as int when factoring RRD values. Fixes #10248
(cherry picked from commit 3c95346d32bf4b243b242b73f91c5204ebf16d86)
Revert "Fix #10235"
This reverts commit 64e656556369fe61fe4315fac4c1b78e4763e35f.
cherry-pick e8a1e9e1288e5a3a2bd9ca5479ac19c8fcfb4c2d
Fix #10235
Add a missing break to case statement. Without it, $compression wasbeing filled with a bad value and also if push compress was being used,it added the option breaking connection.
Reported by: Vinicius Dell'Aglio on Telegram pfSense group
Partial/future work-around for #10216 - When checking to see if the copyright notice has changed (and should be displayed) only check the first HTML <DIV>. This will avoid the notice popping up if the survey text is changed.
Correct typo
(cherry picked from commit 108a640d66f5666feca530e038831155bfd4577b)
Re-add jquery-ui themes. Fixes #10233
(cherry picked from commit b6063aa7cbb6c7f9c1e365097685a84e97516b49)
RAM Disk robustness improvements. Fixes NG 3173
Fix PHP error in ipsec_reload_package_hook(). Fixes #10217
Welcome 2.4.5-RC
Sync translations with 2.5.0
CF DDNS wants int for TTL. Issue #10196
(cherry picked from commit e9869c5abc70dc4aa7cd27d2a139696a1970903f)
Add TTL for CloudFlare DDNS. Fixes #10196
(cherry picked from commit 9404b54a44a820b9c0332149a6ea794eed54bdac)
fix incorrect encrypted backup restore error handling. Issue #10179
(cherry picked from commit 153f78af168e81e89792a92dc81ed719ce86296b)
XMLRPC: fix last shaper/limiter removing. Issue #9468-9469
(cherry picked from commit c9a96f16a4cb582884c8a09d42dd1a61c206b97d)
Update help.php
update crash_reporter.php to a more useful resource
(cherry picked from commit eb10e3293ec967161b2dbb71bba3023e5f812d9b)
Revert "add fe80::1:1 as an alias. Issue #9998"
It's a 2.5.x only
This reverts commit a69c0e4e0f2337b956aa6dd2d0668d3c2b1a92b7.
add fe80::1:1 as an alias. Issue #9998
(cherry picked from commit 24da61c68c91ea1d1cb7214aeeddd6c9ae741ce5)
Update repository info before checking for updates
(cherry picked from commit ff90ae73c35f293f370104c18d386c08e9e813c7)
Link to the book, not old OpenBSD docs. Fixes #10184
(cherry picked from commit 1bcc6e56e51b8ac1e329c9c0dd2bfc0f40983ead)
diag_packet_capture.php: Input and error checks. Fixes #10183
Sync diag_packet_capture.php with master
Mount devfs for unbound when python is enabled. Fixes #9251
Update SSL refs to SSL/TLS. Fixes #10172
switch to resolve_host_addresses() func
(cherry picked from commit 6e658d8dd1a3e05b2b0153651a5060ff9225e415)
urltable can return >1 IPs
(cherry picked from commit 477d5b5f4d83ec01266d8db3a592192ca45efb5a)
Use central download function
Reduce duplicated/inconsistent code by using the new download function.
(cherry picked from commit ecb594d094ce0e11cacd9062ebd0aa0ba190444a)
Add central file download function for use throughout the GUI.
(cherry picked from commit 1342f80fb512cf2f6a5925f03e61930ac41445af)
change http to https for redirect link
(cherry picked from commit a3d92f1b47ca82707b5ba760bb31a8f21f9e4e28)
cosmetic
(cherry picked from commit 81157e5c9872594afd8238445299fb5a1ffc2030)
export aliases to txt file
(cherry picked from commit 0cdb5e9569f4be2aa5a42cb7f986b3c218ab3bf2)
update redirect to issue tracker
(cherry picked from commit 01e88604e991901dbd56fa4ed33ae9687d153d6c)
Fixed 10156Fixed 10157
New redirects.netgate.com/whatever links set up and incorporated in menu system
(cherry picked from commit f07e6d64f0f94fe7f58fc7ada12d42bcf705dc88)
Revise survey wording
(cherry picked from commit ed6f2195b282008e7d84a087759dbc6b4fc23eed)
Fixed #10154 by revising wizard text
(cherry picked from commit 3ac4b218bc493e004aaf60abdc4a39bdafada07a)
Remove redundant DNSimple instructions
(cherry picked from commit 01a6ef7b28907021533df2b3a17ed05451bbbd31)
check ntp acl only for localhost block
(cherry picked from commit 7faeec0727528d27afbcd1462d5f726985e951e7)
Wait 0.2 seconds after stopping Nginx.Redmine #10159
(cherry picked from commit 4ddcc5caa393c6478b62b76d7213c2af0c1dde7b)
Merge pull request #4155 from BBcan177/RELENG_2_4_5
Do not allow 'invert match' and 'any' on firewall rules. Fixes #10168
The backend code ignores the invert in this case, and it makes the GUIrender confusingly (!* which could never match anything)
(cherry picked from commit 40baab141eb30b11b57efa0cf14521021aa7b4c7)
Ticket #9612: Reboot early when needed
When fsck -z doesn't work on first attempt due to old binary, rebootbefore configure the system to make it faster
Ticket #9612: Prevent infinite loop and skip zfs
Add a few more common ports to list. Fixes #10166
(cherry picked from commit d2c6e89c40b1bff2deb1f0a8847a5199b317ba0f)
Fix #9612: Reboot twice if needed and run fsck -z
After changing pfSense-rc to create /.fix_for_SA-19-10.ufs file to flagsystem to run fsck -z during pre-install stage it started failingbecause fsck binary, at that point while only kernel was upgraded, still...
Unbound python integration