pfSense

Remove diag_ipsec_xml.php, not being used

Make IPsec status page retrieve status with VICI instead of SMP

Fix up descriptive text for logging levels. Ticket #5340

Default log level where none is selected should be 3 here. Ticket #5340

Correct available log levels. Ticket #5340

Logging fixes. Ticket #5340

Merge pull request #1986 from phil-davis/patch-6

Merge pull request #1984 from phil-davis/patch-4

Use 1-6 rather than 0-5 for IPsec logging levels, to stay away from complications of 0 due to PHP stupidity. Upgrade config to add 1 to any configured log levels. Default to 1 as log level where none is configured by the user. Ticket #5340

Fix Command Prompt Download and Upload when not in English - Redmine #5343 for RELENG_2_2

Fix multi-lingual save of NAT mode Redmine # for RELENG_2_2

and forum https://forum.pfsense.org/index.php?topic=101276.0

interfaces_assign tab_array numbering

This was fixed in master for 2.3 by https://github.com/pfsense/pfsense/commit/50e6c063e6ec148917ff0bcb0bce8b0a08df5792 - in master all of these $tab_array entries, in each file that they appear in, had been modified to just use the $tab_array[] = form....

Merge pull request #1971 from doktornotor/patch-5

Limit the auth methods where "My Certificate Authority" is displayed/saved for
mobile clients. Fixes #5323.

Point people to 'Clear Package Lock' if the reinstall of packages got stuck (RELENG_2_2)

Validate that the Mobile Client settings have a valid RADIUS server selected
as the source for user authentication when EAP-RADIUS is selected as the phase
1 authentication method for mobile IPsec. Fixes #5219.

Auto-add firewall rules for DHCP Relay, same as is done for DHCP Server. Add filter reload to DHCP Relay config so rules are immediately added/removed. Ticket #4558

set enabled/disabled status accordingly on initial page load. Ticket #5284

clean up empty lines

Add all remaining log types to status.php. Ticket #5304

Merge pull request #1958 from phil-davis/patch-11

Redmine #5294 Do not delete a system group

This code checks if the user has somehow posted a group deletion for a group that has "system" scope. If so, then the delete is not done and an input error is displayed.
Note that in normal use the group manager page does not display a delete button for "system" groups, so normally this does not happen - only if the user manually messes with the $POST variables.

Redmine #5294 Do not delete a system user

This code checks if the user has somehow posted a user deletion for a user that has "system" scope. If so, then the delete iscnot done and an input error is displayed.
Note that in normal use the user manager page does not display a delete button for "system" users, so normally this does not happen - only if the user manually messes with the $POST variables.

Merge pull request #1953 from phil-davis/patch-10

correct htmlentities unintentionally removed by earlier commit

Wording of alias_info_popup tip

I noticed this while comparing alias popup behavior between 2.2.5-DEVELOPMENT and 2.3
Might as well fix the grammar here for 2.2.5
This tip does not exist in 2.3 because the popup works more nicely there and so this text is not needed....

Add support for an IPv6 pool for mobile clients.

Don't enforce the use of only IPv4 or IPv6 when using IKEv2 since it works fine with IKEv2

Specify %any where identifier is "any", so the note on these pages
actually works.

Fix up IKE auto mode

Correctly show v1/v2/auto on vpn_ipsec.php

Bring this back, I'll fix issues afterwards. Revert "Remove "auto", it's just a synonym for IKEv2. Ticket #4873"

This reverts commit 47f802694a1e1dfbbd011d7ec431c0948358b5c3.

Do a service reload of dyndns when changing gateways in case something has
changed. Ticket #5214

Ensure this only contains a partial name, not a path, before attempting to craft a full name and read the file. Fixes #5203.

Reset the value of a package field before this test in case it has no default. Fixes #5199

Redmine #5196 Remove incorrect text about DNS servers - RELENG_2_2

The correct text is already displayed under the DNS server boxes at line 892.
This should also be done to master once the conversion of services_dhcp.php to bootstrap is stable.

Redmine #4568 Preserve MLPPP settings when saving interface settings RELENG_2_2 Vagain

with errors fixed.
Supersedes https://github.com/pfsense/pfsense/pull/1781

Merge pull request #1907 from doktornotor/patch-5

Merge pull request #1921 from doktornotor/patch-20

Redmine #5162 do not allow alias rename to an existing name - RELENG_2_2

show openvpn interfaces while reassigning the interfaces for a restored config backup - RELENG_2_2

pkg_edit.php - fix issue where default value was not being populated for newly added fields

Backport from PR #1906 / PR #1787 for RELENG_2_2.

Check if the actual $fieldname element is present in the $a_pkg[$id] array before trying to assign its value. Do same with default_value. Fixes issue where default value was not being populated for newly added fields.

Merge pull request #1842 from phil-davis/GW-Widget-Monitor-IP-2-2

Merge pull request #1888 from phil-davis/TGdesc22

allow port ranges for natport. Ticket #5156

Merge pull request #1811 from phil-davis/patch-10

Work around a chicken-and-egg problem in user syncing. See #5152
See also: 5372d26d9d25d751d16865ed9d46869d3b0ec5e1

Misc encoding/display issues in the Load Balancer code

Encode server name in OpenVPN widget

Add description as a display option on Traffic Graph RELENG_2_2

Backport from master

Encode auth server name before display.

Encode alias description details before attempting to display them.

Encode the rule description before displaying back to the user in an error when attempting to delete an in-use alias.

Encode OpenVPN descriptions before display on OpenVPN status

Encode the OpenVPN server description before display on OpenVPN status

Ensure the current RRD graph category is encoded before display

Fix titles in status.php, filename can't have a slash.

• Include "ipsec statusall" output
• Include the last 100 lines of the IPsec log
• Increase system log to 500 lines
• Fix captive portal rule display to include the zone name not ID number

Fix source address selection on Test Port to handle VIPs properly.

Fix a potential XSS in voucher testing.

Add support for LDAP RFC2307 style group membership. Implements #4923

To activate, check the box for RFC2307 in the LDAP server settings and fill in the group object class (typically posixGroup).

Provide an LDAP server timeout field. Default to 25 seconds. Part of ticket #3383

Previous default was ~1m20sec.

Fix GUI auth from RADIUS to grab group names from the Class attribute. Implements #935

The RADIUS server must populate the Class attribute with a string, semicolon-separated, of user groups. Similar to LDAP, local groups must exist with matching names, and privileges are determined by the local matching groups.

Compare package version strings with compare_pkg_versions

This fixes redmine #4924

remove more old, unused platform stuff

Fix killing of individual states for IPv6. Ticket #4906

fix whitespace

Use the appropriate source and dest IPs for all state types. Ticket #4907

Add "sockstat" output to status.php

Add 'any' option for peer ID, for mobile IPsec scenarios where you can't or don't want to check peer ID.

Display monitor IP on Gateways widget

This version is for system patches to 2.2.4 systems

Remove "auto", it's just a synonym for IKEv2. Ticket #4873

include vpn.inc so IPsec CRL reload works. require_once filter.inc in
vpn.inc for callers there that haven't already included it.

Most of the flowtable bits were removed some time ago, take out the last of them too.

When a CRL is updated, refresh strongswan's CRLs.

Merge pull request #1775 from phil-davis/Interfaces-Widget-2-2

Add isset check for strictcrlpolicy

To be consistent with the checks in the rest of this code.

Add IPsec advanced option for strict CRL checking

fix typo

Handle IPsec Advanced Settings save before IPsec is enabled

If the Advanced Settings are saved before any other IPsec is set up then $config['ipsec'] can be just the empty string. As a result you can get:
a) If you select some debug settings then those are not saved. The code to save those settings was only executed when $config['ipsec'] was already an array. Actually the code already did the necessary "if isset() then unset()" stuuf. So I just took the the "if is_array()" away from the code block....

Interfaces widget use more obscure separator RELENG_2_2

Redmine #4859 fix for RELENG_2_2

Add "netstat -ni" to status.php

Allow pre-filling (but no automatic action) of the download filename on exec.php. Setup a link to download the status output.tgz in status.php

Bug #4551 - consistent usage of Forwarder/Resolver across the WebGUI

Clarify that this applies to DNS Resolver as well.

Bug #4551 - consistent usage of Forwarder/Resolver across the WebGUI

Clarify that this applies to DNS Resolver as well.

Merge pull request #1756 from phil-davis/traffic-graph-widget-2-2

Fix Firewall - Aliases GUI inconsistencies for URL Table type aliases

The GUI should show descriptions according to what's selected from the dropdown, but currently does not for URL Table (IPs) and URL Table (Ports) type of aliases.

This is for RELENG_2_2 branch.

Contrary to some reports this is actually usable in some cases, just not
mandatory. Revert "myid_data and peerid_data fields are not relevant with asn1dn."

This reverts commit b8754cc85db7e92322f605bbb4b2f90bde90bb7f.

myid_data and peerid_data fields are not relevant with asn1dn.

Restrict serial ports glob to cua followed by alpha

Improve this a little more to match only alpha after /dev/cua (/dev/cuau for example)

Make serial ports glob cope with many more possibilities

It originally coped with things like cuau1 cuau1.1
Then I made it cope with things like cuau1 cuau11 but it stopped working for cuau1.1
This one copes with:
cuau1
cuau1.1
cuau1.11
cuau11
cuau11.1
cuau11.11...

Remove old, unused NetUtils.js

Display any advanced DHCP server settings RELENG_2_2

Cherry pick of https://github.com/pfsense/pfsense/commit/90ad3a76edae543bcc63252b14660ac4baee291e

Merge pull request #1754 from phil-davis/cr_2_2

Cancel button after input error for RELENG_2_2

Firewall Aliases Import display error message for invalid alias name

If you open firewall_aliases_import and enter just an invalid Alias Name (e.g. a$b) and press save or press save with all fields empty, then the screen redraws but the input error(s) is not displayed....

Firewall Aliases Edit ensure input_addresses array exists

If you click "+" to add an alias, then press Save without entering anything, you get:
Warning: Invalid argument supplied for foreach() in /usr/local/www/firewall_aliases_edit.php on line 402
as well as the various messages related to $input_errors....

Interfaces GIF Edit fix do_input_validation

Make the required fields be correct and match thier text names, which should each have their own gettext() cal so as to build a proper array at line 81. Basically it was all broken and the errors displayed when field/s were left empty were rubbish.

Interfaces GRE Edit fix required fields text

The reqdfields had only 4 entries but reqdfieldsn has 5 entries and the field names to text descriptions did not match up.
Fixed it.

Interfaces PPPs edit avoid foreach() warning

If you go to Interfaces, assign, PPPs, press "+" to add an entry, then press Save without entering anything then you get a warning about the foreach() here.
The is_array() check fixes it.