pfSense

Only write DHCP6 gw when given a value. Fixes #11454

Add 2.5.1-RC repository

Set correct WireGuard interface MTU on boot/config changes. Fixes #11482

Reject IPv4-mapped IPv6 addresses on Mobile IPsec DNS server input validation. Fixes #11446

Revise target port error message

Do not delete disabled routes on boot. Fixes #3709

Shell LDAP authentication fix. Issue #11644

Correct local IPv6 address for OpenVPN on 6RD/6to4 interfaces. Fixes #11674

Change OpenVPN auth to php-cgi for the time being. Fixes #4521

Merge pull request #187 from viktor/route_get_fix

Supress route no found error. Issue #11475

Supress route no found error. Issue #11475

Refine help/error text for system domain. Fixes #11658

IPsec IKEv1 mixed Phase 2 IP protocols support. Issue #11643

WireGuard default route Allowed IPs validation. Issue #11465

OpenVPN auth sources strlen validation. Issue #11104

Do not clean dmesg.boot on Reset Log Files. Fixes #11428

route_del() optimization. Issue #11475

Move interfaces_ipsec_vti_configure() to the end of interfaces_configure(). Issue #11537

Fix removing automatic DNS server route. Issue #11578

Static IPv6 /128 routes fix. Issue #11594

WireGuard default TCP MSS clampling. Issue #11600

Unmount var and tmp ZFS on boot. Fixes #11617

DHCP6 interfaces bootup fix. Issue #11633

XMLRPC no section fix. Issue #11638

Correct source IP for IPsec on 6RD/6to4 interfaces. Fixes #11643

Reverse x509 escape cert subjects on renewal page. Fixes #11654

Fix handling of renewing cert w/o SAN. Fixes #11652

Use correct parameters when adding WG IPv6 tunnel addr. Fixes #11618

Do not build node_exporter on armv7 since lang/go14 is broken

Report full product version, including -pN

Revise firewall_nat_edit for MVC

Correct rsort_log_filename() behavior. Fixes #11639

Catch up with rename of Coreboot upgrade package to Firmware

Remove obsolete vars for MVC

Revise firewall_nat.php for MVC

Typo fix. Issue #11624

Do not run post-install during build

Fix typo

Add missing break

Rework WOL page a bit. Fixes #11616

• Eliminate duplicate code
• Fix output encoding
• Additional validation
• Use POST when waking all devices

route_get() optimization. Fixes #11475

Set correct DHCP failover peer IP on XMLRPC sync. Fixes #11519

Move custom IPSEC NAT-T port settings to Advanced Options. Todo #11518

Set explicit-exit-notify to 1 for new OpenVPN Client instances. Implements #11521

IPsec Mobile users swanctl.conf fix. Issue #11564

IPsec peer ID Any fix. Issue #11555

Cisco AVPair parse {clientip}. Fixes #11561

OpenVPN data-ciphers option length validation. Issue #11559

OpenVPN ncp_enable checkbox fix. Issue #11554

Restart unbound on interface recover. Fixes #11547

IPsec VTI interfaces bootup fix. Issue #11537

WPA Enterprise PAP inner method support. Issue #2400

Show changed NAT timeouts on the system_advanced_firewall page. Issue #11565

Merge pull request #4504 from bashkarev/master

Merge pull request #4505 from woeperbe/patch-1

Update services.inc

Corrects the error in the dynamic DNS widget
warning: array_combine(): both parameters should have an equal number of elements in /usr/local/www/widgets/widgets/dyn_dns_status.widget.php on line 151

Fixed bug parsing netmask cisco acl

Basic fiurewall_NAT MVC conversion

Correct location and config for Strict CRLs in IPsec. Fixes #11526

Improve CA/Self-Signed serial handling. Fixes #11514

Try parsing four digit years in cert timestamps. Fixes #11504

Improve handling of broken/invalid certs. Fixes #11489

On save return virtual IP id

Merge pull request #4501 from mschiegl/patch-1

Use set_curlproxy() function for cURL proxy configuration. Issue #11476

IPsec Mobile EAP-RADIUS additional configuration fix. Issue #11447

Put OpenVPN route-nopull option after custom options. Fixes #11448

System Information widget fix. Issue #11443

WireGuard interface friendly description. Fixes #11437

Allow to use OpenVPN provided DNS servers. Implements #11140

WPA Enterprise (PEAP/TLS/TTLS) client mode. Feature #2400

Fix a typo.

No functional changes.

Merge pull request #4491 from dsmackie/issue-9887

Merge pull request #4500 from bitscher/master

Merge pull request #4487 from znerol-forks/feature/master/radvd-linklocal-vip

Don't add empty pools line. Fixes #11488

Fix child SA name generation. Fixes #11487

Fix IPsec connect/disconnect for all tunnels. Fixes #11486

Fix openssl digest algorithm param in openvpn.inc

At least in OpenSSL 1.1.1i-freebsd, used by pfsense 2.5, there is no longer a "list-message-digest-algorithms" parameter. It has been replaced by "list -digest-algorithms".
The old parameter results in an error 'Invalid command 'list-message-digest-algorithms'; type "help" for a list' and may even cause an endless loop on startup/migration.

Fixed #5685 - Renaming alias does not update firewall rules containg that alias

Fixed #11464 by adding proxy configuration to web service calls

Merge branch 'master' into master

Add getVIPs() function for MVC

Revised firewall_virtual_ip_edit for MVC

Fix broken help link.

firewall_virtual_ip refactored fro MVC

Fix filename in copyright message

Refactored system_advanced_misc for MVC

Non local gateways fix. Issue #11433

Show switch tagging ports on status_interfaces page. Implements #10804

RTL8153 USB ethernet module. Implements #11125

Replace HTTP links to HTTPS. Implemets #11228

Delete static routes on gateway down. Fixes #11296

Remove unused L2TP VPN directory. Fixes #11299

Hide MAC address field for pseudo-interfaces. Issue #11387

Authentication Servers copy button. Feature #11390

Unbound ip6.arpa local-zone type. Fixes #11403

aliasmod shell script. Implements #11380

Set correct TCP MSS for IPv6. Fixes #11409

Allow to use host portion of IPv6 in firewall rules. Feature #6626