pfSense

Dynamic DNS wildcard typo

Self-explanatory, just a dumb typo bug

Fixes #4257 With the platform_booting() fixes a regression was done on openvpn tap interfaces or dynamic ones that are part of a bridge.

Allow during bootup rc.newwanip to continue up to a ceratin part to handle bridges or other complex interfaces.

Make sure radvd is reconfigured when CARP is enabled/disabled. It should fix #4252

Save the tradition and point to used binaries here

When configuring radvd, check if carp is enabled. Ticket #4252

Do not translate function return string

Fix typo in function name

Strict comparison not necessary here, and makes this fail to work as
intended. Fixes #4258

Ticket #4254 do not put duplicate interface names

Ticket #4254 Actually use proper variables allover to have correct route added

Ticket #4254 Actually use proper interface to check if gateway exists

Ticket #4254 Use proper variable

Ticket #4254 actually use the info on the protocol of the vpn sepcification to be more sure on the family to use

Ticket #4254 Handle even hosts specified throguh dns name

Ticket #4524 Bring back static routes on ipsec to make sure charon does not send traffic through wrong iface. This handles properly ipv6

Correct this typo which would make other things break

Be compliant with gatway groups specified on ipsec. Ticket #4254

Ticket #4254 Actually fix this on 2.2 branch since vips are not handled by get_real_interface apparently!

When radvd is configured on a CARP interface, enable it when it is MASTER and disable when go to BACKUP. It should fix #4252

Add missing require for filter.inc since vpn_ipsec_configure() calls filter_configure(). It should fix #4236

Ticket #4254 specify the list of interfaces to be used by charon. This is a workaround for now. Being investigated the fix.

Use the parent NIC rather than the VIP. Fixes part of Ticket #4252

The reset button check should happen on all platforms, not only NanoBSD

Add reset button support for APU and FW7541

add detection for 7541, APU

move jquery ui css to theme folders

make master 2.3-DEVELOPMENT

Still missed one mistake on last commit

Fix some logic mistakes introduced in 89f171b052, spotted by phil-davis

fix syntax and unbreak pfsense-utils.inc

fix syntax and unbreak interfaces.inc

Validate if both IP address and subnet are valid and the same version. Fixes #4223

Merge pull request #1441 from phil-davis/patch-1

Time to let these go

Ticket #3997 s/_vhid/_vip/g

Ticket #3997 Put a uniq identifier on the carp settings.

Just do an update since it will handle itself properly.

Ticket #3997, teach code to track carp through uniqids(). Missing carp GUI changes and upgrade code

Firewall Rules Apply be friendly to other languages

Forum: https://forum.pfsense.org/index.php?topic=86808.0
Redmine: https://redmine.pfsense.org/issues/3886

print_info_box_np() when called with just the first $msg parameter has some rough tests to decide if the "Apply" button should be displayed. It checks if the translation of "apply", "save" or "create" appears in the $msg string (which is a translated string itself). If the $msg string did not translate, and thus remains in English, but gettext("apply") does translate then the e.g. Turkish word for "apply" is not going to appear in the English $msg string. So things go wrong....

Fixes #4150. Move to tables to accomodate unlimited number of interfaces.

Add RSA keys even for eap-mschapv2

Oops add missing curly

Also take care of ph1 mobile settings for eap-tls

Obsolete libpng15 in favour of libpng16

Add EAP-MSChapv2 implementation for Windows ipsec support as reported here https://forum.pfsense.org/index.php?topic=81657.15

Merge pull request #1439 from wagonza/patch-5

Correctly handle number of cores and power of 2. Merged from the package already had this. Fixes #4212

Actually remove rekey/reauth from config to avoid strange issues. Ticket #4208

Add some saftey belts here to be safe

Heh bump the config version

To avoid issues with clashing SAIDs go back to specifying the reqid in strongswan config.

To be able to manage this first upgrade the config to assign each phase2 an reqid
Second use that during config generation

Ticket #4208

Merge pull request #1437 from xbipin/master

Improving aesthetics.

Make title color more consistent with other pages.
Improving aesthetics.

Where the P1 is disabled, show the P2s as disabled since they will be, same as in previous versions.

Fix IPsec widget for multiple P2, it fixes #4164

Merge pull request #1430 from wagonza/patch-4

Merge pull request #1428 from wagonza/patch-3

Fix copyright

Ooops fix culries

No need for this anymore

Improve this part as well

Split the work into different jobs called through fcgicli. Helps Ticket #3932

Remove old write caching tunable as well. Ticket #4203

Remove the settings to disable DMA, which have changed in FreeBSD 10.
Ticket #4203

Do not leak firewall rules as well when (re)creating rules

Fix spell typo spotted by phil-davis

Fix typos introduced by chaning to explicit id specification when necessary. Fixes #4202

Merge pull request #1431 from phil-davis/patch-1

Properly handle large passthrough entries even here.

Use this generation now of committing pipes directly and only rules to put on ruleset to avoid memory pressure and the timelimit will than be enforced by the caller

Revert "Ticket #3932 Use array_map to get more parallelism when there are many entries. This makes it not reach the execution timeout with large entries."

This reverts commit 7077addc5a5058fab4b4dc7678270c1000d342c9.

Actually improve the previous resource leak commit since the function is there but it was not being used during init_rules process.

• Try to autodetect if the execution limit needs to be raised on big number of passthrough entries.
  Set the time limit to 0 and restore it back to default value when this is detected.

• Do not leak pipes when reloading ruleset for CP since this will consume available descriptors....

Put the value of password under double quotes(") to avoid issues with special characters in passwords. Ticket #4177

Do not override the passwd string. First it prevents the md5 working if the crypt() check fails and also is useless to override it since the parameter is passed by value and not by reference.

Prevent echo to insert a newline(\n) at the secret string. Fixes #4177

Ticket #3932 Use array_map to get more parallelism when there are many entries. This makes it not reach the execution timeout with large entries.

Fix typos and set needed variable

properly apply the passthrough entries when apply is hitr.

Fix inherent issues with isset and empty values set as true by our parser. This made the piep configuration to be wrong at least for passthrough entries. Ticket #3932

Bring back showing of default value like previous versions.

Merge pull request #1433 from phil-davis/patch-3

Remove debug code

Fix cut paste brain fade

Do not return disabled dynamic gateways

When a dynamic gateway is disabled (by the user through the webGUI), it was still being returned by return_gateways_array(). But when called like that, disabled gateways should not be returned. The first part of the routine was correctly skipping disabled gateways, but then the later part would effectively re-generate those dynamic gateways on-the-fly and not realise they should be skipped because they were disabled....

Merge pull request #1432 from phil-davis/patch-2

Fix POST typo in interfaces_assign.php

Obviously a typo. But this section is inside:
if (isset($_POST['add_x']) && isset($_POST['if_add'])) {
and I cannot find where 'add_x' is ever sent here, so I do not see how this whole code section is ever executed (and that will be why this typo bug has no symptoms). What is the history here? Can the whole block of code be removed?...

Fixes #3281 do not undo any changes already done for gif/gre interface.

Fixes #4177 convert password to base64 to be submitted to avoid issues with special chars in shell and HTTP GET parameter passing. Probably should add POST support to fcgicli.

Properly rename the var Ticket #4164

Restart PHP-FPM allow to setup ini file

I was just using console menu option 16 Restart PHP-FPM and it hung on a nanoBSD system.
I found /tmp/php_errors.txt with this in it:
"override rw-r--r-- root/wheel for /usr/local/etc/php.ini?"
Flying blind at the console I entered "y", then /tmp/php_errors.txt had this:...

Default to only AES and SHA1 for new P2s.

Default IPsec to AES

Default IPsec to main mode, unless mobile client.

Do not count twice the phase2 entries

Just some reshufling and cleanup

Let the kernel handle REQID rather than handling it manually. The connection name is the one needed here.

Add tracker and label to IPv4 Link-Local block rules.

Unbound is compiled with libevent so setting this to always be 4096.

Allow for overhead and up maximum limit from 8 to 32, also only set it if its set to 4 or above. Fixes https://forum.pfsense.org/index.php?topic=78356.msg472781#msg472781