pfSense

Actually remove rekey/reauth from config to avoid strange issues. Ticket #4208

To avoid issues with clashing SAIDs go back to specifying the reqid in strongswan config.

To be able to manage this first upgrade the config to assign each phase2 an reqid
Second use that during config generation

Ticket #4208

Improving aesthetics.

Make title color more consistent with other pages.
Improving aesthetics.

Where the P1 is disabled, show the P2s as disabled since they will be, same as in previous versions.

Fix IPsec widget for multiple P2, it fixes #4164

Properly handle large passthrough entries even here.

Put the value of password under double quotes(") to avoid issues with special characters in passwords. Ticket #4177

Prevent echo to insert a newline(\n) at the secret string. Fixes #4177

Fix typos and set needed variable

properly apply the passthrough entries when apply is hitr.

Fix inherent issues with isset and empty values set as true by our parser. This made the piep configuration to be wrong at least for passthrough entries. Ticket #3932

Bring back showing of default value like previous versions.

Remove debug code

Fixes #4177 convert password to base64 to be submitted to avoid issues with special chars in shell and HTTP GET parameter passing. Probably should add POST support to fcgicli.

Fix POST typo in interfaces_assign.php

Obviously a typo. But this section is inside:
if (isset($_POST['add_x']) && isset($_POST['if_add'])) {
and I cannot find where 'add_x' is ever sent here, so I do not see how this whole code section is ever executed (and that will be why this typo bug has no symptoms). What is the history here? Can the whole block of code be removed?...

Properly rename the var Ticket #4164

Default to only AES and SHA1 for new P2s.

Default IPsec to AES

Default IPsec to main mode, unless mobile client.

Do not count twice the phase2 entries

Just some reshufling and cleanup

This broke a variety of things. Revert "Deprecated and non-static method messages"

This reverts commit 91b9a02fb131746c67fdf9f34282f123a13f1b13.

Make this code less memory hungry and fix route command generation

Deprecated and non-static method messages

Fix various files that can emit messages like:
PHP Strict Standards: Non-static method SimplePie_Misc::array_unique()
should not be called statically, assuming $this from incompatible
context in /etc/inc/simplepie/simplepie.inc on line 5508...

Improve URL and URL ports alias update data:

- Move redundant code to a function parse_aliases_file(). Before the max
number of items was not being respected when URL content is updated,
only when alias was saved. Same was happening with ip/subnet/port
validation and user could end up with a bad pf.conf...

Also include /127 for IPv6, it works fine. Ticket #3657

Allow for configuring /31 masks on interfaces.php. The rest of the code was updated accordingly some time ago, and an employee with Cox Communications has confirmed this allows things to work on their circuits deployed with /31s. Ticket #4190

fix up text

Provide an advanced setting to be able to disable Unity Plugin(Cisco extensions)

split is deprecated move to explode

split is deprecated move to explode

split is deprecated move to explode

fix text

fix spelling of compression

Fixes #4182 by properly managing IPcomp on ipsec tunnels.
Also retires IPsec force reloading advanced sysctl since its useless nowdays with strongswan and remove its call on rc.newipsecdns.

OpenVPN backend authentication fix key and translation

The array returned by auth_get_authserver_list() has key as the fixed name of each available authentication mode - e.g. "Local Database".
The array value ["name"] has the name string translated into the selected GUI language....

Fix #4090:

- Unbound advanced options may contain double quotes and it breaks the
syntax when a backup is restored because newlines are trimmed. Save it
in base64 format is a safe way to prevent it
- Bump config version to 11.5
- Provide upgrade code to encode current config or the one that came...

Make it possible to backup/restore 'DNS Resolver' section individually

Fix track6 prefix id range check, reported by jimp

Allow blank source port in diag_testport

Reported by forum https://forum.pfsense.org/index.php?topic=86146.0
Also, if there are input validation errors, save the user-entered data and re-display it, making it easier for the user to just correct the data in error and press Test again. It was blanking out all the entered data.

Fix lineup of copyright lines

and module names and other bits of formatting and typos in header
comment sections.

Remove duplicate copyright

Noticed these had the copyright twice

Welcome 2015

IPsec Widget allow for old settings that have no iketype

as mentioned in https://forum.pfsense.org/index.php?topic=84527.msg471919#msg471919
This change makes it work like similar if tests in /usr/local/wwwvpn_ipsec.php, and code in /etc/inc/vpn.inc that effectively defaults to ikev1 when iketype is not specified....

Allow for old settings that have no iketype

This bit of code looks like it could do with the same test as https://github.com/pfsense/pfsense/pull/1412
This is executed when the "Connect" button is pressed from Status->IPsec
Somebody with these problematic old IPsec entries could test this - with current code I suspect that disconnect followed by connect - it will not connect. With this change it will (might?) connect again.

Captive portal spelling

Backout pull request #1391

https://forum.pfsense.org/index.php?topic=85944.0

Backout pull request #13191

Fix unbound shortcut links

Fixes redmine #4151
1) Make the naming in shortcuts.inc more clear - forwarder=dnsmasq
resolver=unbound
2) Make the value of $shortcuts_section correct in each dnsmasq and
unbound php code
3) Make diag_logs_resolver.php smarter, so if dnsmasq is enabled, then...

clarify message here after customer feedback, it wasn't meant to imply "only a reboot will re-enable" but that's how some people have read it.

Move this check before full sync to disable dnsmasq/unbound in the first time it's sync'd

Add dnsmasq and unbound config sections to full sync, it fixes #4076 that is caused because boolean config fields are not disabled on secondary

Display tunnel description on IPsec widget

There was not even code to attempt to display the description.
Also, when I first created a phase1 and there were no phase2 yet, the widget spat out the warning for the line:
foreach ($config['ipsec']['phase2'] as $ph2ent){ ......

Correct even other areas of CP using pfSense_ipfw_getTablestats function.

Fix displaying description for IKEv1 connected tunnels

Oops remove variable with same name unused!

Add checks for ghost phase2 and no need to check for number of phase2 here

Correct skipping of disabled tunnels

Correct status counter of inactive tunnels

Merge pull request #1395 from wagonza/RELENG_2_2

Oops do not override ipsec status array!

Reboot not required for password protect console menu

On my systems I can toggle and save "Password protect the console menu" back and forth and the console switches back and forth from the menu to a login prompt in real time. IMHO a reboot is no longer needed. Remove this note might save some people unnecessary reboot time.

Handle firewall log widget display formats

the same way for the initial display and for updated rows done by Java Script. Now we receive the source IP and port, destination IP and port, all in separate fields so they can be put together in whatever combination for display....

Interfaces widget remove blank line if no IPv4 address

If the interface had an IPv6 address but no IPv4 address, there was a blank line where the IPv4 address would have been. There is no need for that, and one day IPv4 will be old legacy and systems will routinely have no IPv4 addresses at all - they will all be IPv6. Might as well make that look ordinary on the display now....

Interfaces widget create all div

All div for the various things need to be created here, so that later AJAX can switch the necessary things on/off and write a new IPv4 or IPv6 address into the div when an interface acquires an address.

Remove "link", "vlink" and "alink" from BODY tag

This is a positional change to remove "link", "vlink" and "alink" from
the BODY tag, the following themes do not have Anchor tags defined in
CSS, so they use the colours defined in the BODY tag, which is blue...

Put line break only if IPv4 address exists

This makes a line for the IPv4 address if it is there. If the IPv4 address goes away, the whole line will disappear, leaving just the IPv6 address without an empty line above it.

Set Interfaces widget IPv6 address

Now that get_interfacestatus() is returning us the IPv6 address, and interfaces.widget.php has a div to put it in, actually update the IPv6 address on the widget.

Lastsawtime has moved further along

srcport, dstport and version are now explicitly passed as fields here, so lastsawtime is 3 fields further out.

Display better message when booting and awaiting package reinstall

Display better message when booting and awaiting package reinstall

Send IPv4 and IPv6 address in get_interfacestatus

And make them strong (bold), which is how they are displayed originally by interfaces.widget.php
This allows the AJAX that manipulates the div's in interfaces.widget.php to get the data, so it can make it update.

Display better message when booting and awaiting package reinstall

Standardise dynamic firewall log view

to be like Firewall Log widget:
1) Display IPv6 address and port in [a:b::c]:123 format
2) Fix same issue with rows gradually disappearing each update, or when in reverse order, update lines not being put in the right place....

Add missing $ as spotted by Kill Bill, ticket #4132

Correct display of tunnel status on ikev1 with multiple phase2

Correct ipsec status page to make connect button work

Correct dashboard with new ipsec generation

Fix string, we want to print variable name here and not its value. Fixes #4132

Use correct port for viewing portal page contents. Ticket #4125

Fix help for UPnP/NAT-PMP

Remove option that has now been merged into infra-host-ttl.

Disable dhcp server when interface is disabled. Ticket #4119

Do not check disabled interfaces, ticket #4119

Encode space to avoid rejecting users with spaces in username

Use updated URLs for Limiters and Layer 7 help.

Remove some old comments and unnecessary cruft.

Pick up some more new pages for 2.2 that need help links.

Some misc updates to pkg help links

Add help for Unbound/DNS Resolver and its related tabs.

Point these CARP Help pages at more useful places.

Use provided function to change user's password

Fixup the rest of the URLs for DHCPv6/RA help.

The ID in DUID is Identifier.
See also: ATM Machine, ISP Provider, DMZ Zone, LCD Display, GMT Time...

Update help links for DHCPv6 relay and DHCPv6 Lease Status

Remove old/invalid note

Fix up Help links for Inbound Load Balancing.

Tidy up "widgets" XHTML

Add CDATA sections to scripts
Add ALT to image tags and close image tags
DIV tag cannot be inside a STRONG tag, so swap them around
SCRIPT cannot be part of TR tag, so place the SCRIPT inside a TD tag but
hide it.

Cleanup aliases when temporarily disable CARP, fixes #4116

Follow help page that moved.

Follow help page that moved.