Ensure this is always an array to avoid a PHP error from foreach.
rightsourceip must be used with PSK+Xauth.
This is required for PSK+Xauth. I'll commit that clarification in a bit.Revert "Revert "Fix assignment of tunnel IPs to mobile clients.""
This reverts commit 23ba08fc940b711f3b44551199890dc8e28a63b6.
Revert "Fix assignment of tunnel IPs to mobile clients." This normally is not needed since the attr plugin deals with all this.
This reverts commit 00311d6a841c0f6fc162ea11da06569f10220f5e.
Actually disable this plugin for now. It was not really needed for solving the issues with IKEv1
Do not reset source and destination port range values when it's an associated rule created by nat port forward. It fixes #3778
Move dhcp6c log to dhcpd.log, it fixes #3799
Remove double defined 'localhost' on the list of networks to create outbound NAT rules. It should fix #3800
Do not create automatic outbound NAT rule for disabled openvpn servers and clients
Fix assignment of tunnel IPs to mobile clients.
Fix #3798 - 'IPsec phase 2 pinghost is not used if the source IP should be a virtual IP address'
Avoid a "Cannot use string offset as an array" error if the packages section of the config is missing.
Require click-through POST confirmation when restoring or deleting a configuation from the backup history page.
Do not execute DNS resolution on GET, only pre-fill Host box so the user can press the button to execute. Turn alias creation links into submit buttons for POST. While here, remove some backticks and simplify a little.
Correct this so the dpdaction is created properly as restart
Shorten the wait at "reload" in startup wizard to 5 seconds from 60. That's more than adequate for current systems, no need to make people sit there for 1 minute. Many likely click out via the logo and miss the last screen entirely.
Do a reload on the cofniguration which is better than update. Also let the keyingtries to 3 rather than forever to avoid problems on recovery.
Change the logic of the vpn config generation to make connectivity more stable especially ipsec. Also for IKEv1 just generate the policies and only on traffic start them.
Move the rekey to yes always to avoid issues.
Per the dhcpd.conf man page and other documentation from ISC, mclt must not be defined on the secondary.
Encode interface/VIP descriptions before displaying them on the NTP daemon settings.
Encode interface/VIP descriptions before displaying them on the GRE and GIF pages also;While here, the GRE page was missing IP aliases from its list of bind IPs, add it in.
Encode the detail field of an alias entry before displaying its contents back to the user.
Escape the individual dnsmasq advanced/custom options
Allow to add ipalias vip to lo0, it should fix #3773
Use GPS type presets only to pre-set values then user can change it. After user changes, save type always as Custom to avoid overwriting values when user attempt to edit. It fixes #3782
More non-functional changes to make code more readable
Fix indent and spaces
This if is unecessary since input_errors is unset in the line above
Fix indent and whitespaces
Make sure there are not empty options on dst select to avoid creating empty user or group. This issue was introduced by b4e9a4da
Fix select name
Fix input validation logic on diag_testport.php, escape more shell arguments for good measure
Fix #3790. Fix IPv6 Prefix ID check using interface user choose before save
Do not try to rekey for IKEv1.
Use a uniqid() to track phase2 entries to avoid confustion and various mistakes when modifying and editing them.
Fix for #3785 - 'strongswan config being generated with ike SA lifetime set to value of ipsec SA lifetime'
Remove even the config.cache from /tmp to avoid issues while here
Fix #3781 - 'strongswan dpdtimeout value not generated correctly'
Add message about Gold to setup wizard and menu/link to Gold signup.
Fix #3575, do not allow user to set IPs for GRE interfaces on interface edit page.
Fix redirect after editing permissions
Disable bandwidth checks for PRIQ, it should fix #3537
Fix field name that cannot contain spaces, and use displayname
Fix scheduler field name
Fix field name
Strict checks for number of WANs and LANs on wizard
Fix number of WAN / LAN interfaces detection for dedicated wizard
Try to guess number of WANs
Try to guess number of WANs and LANs
Fix number of WAN and LAN connections check
Just show right type of interfaces (LAN/WAN) on traffic shapper wizards, it fixes #3535
Remove 'multi lan/single wan' and 'multi wan/single lan' traffic shaper wizards, multi lan/wan can be used to replace any of them
Replace exec() and system() calls by internal functions
Fix for bug 3769
Use SERVER_NAME instead of HTTP_HOST env var, it doesn't have port, then it avoids wizard end point to wrong IPv6 address. It should fix #3550
Fix #983 - Add IP aliases subnets to interface subnet macro on GUI, since I'm here also fix not rules for PPTP clients macro.
Concat var before call escapeshellarg
Make dhcpleases use unbound pid when it's configured
Fix shell script syntax, it should fix #3361
Merge pull request #1252 from N0YB/XHTML_Compliance_System_Menu
System: Firmware: Settings
Updater Settings Tabsystem_firmware_settings.php
Line 488, Column 43: value of attribute "type" cannot be "input"; must be one of "text", "password", "checkbox", "radio", "submit", "reset", "file", "hidden", "image", "button"...
Detect when protocol changes and invalidate session to get a new cookie with secure flag set according. It fixes #3714
Merge pull request #1247 from DasTestament/master
Merge pull request #1232 from N0YB/Widget_Gateways
Merge pull request #1235 from N0YB/Mixed_Case_Hostname
Merge pull request #1236 from N0YB/Widget_Services_Status
Merge pull request #1237 from N0YB/XHTML_Compliance_System_Menu
Merge pull request #1234 from agibson2/master
Review all parameters on unbound main GUI, fix boolean params and add missing ones. Also make it work properly with 'apply'
Use the apply trigger for unbound acls to avoid restart unbound every time
Some GUI tweaks on unbound main screen
Improve unbound ACL edit page to use correct classes and jquery.ipv4v6ify.js
Fix acl item removal
Few GUI tweaks on unbound ACL page
Fix multiple issues on unbound advanced options GUI:
- Drop many wrong key assignments to pconfig- Add missing keys to pconfig- Deal fine with boolean parameters- Mark subsystem dirty to require apply button- Drop calls to enable_change()- Remove unecessary js function enable_change()...
Use cron.pid to get pid number and avoid kill minicron processes. It fixes #3757
Allow hostnames in bulk import since they are valid entries in a network type alias.
Merge pull request #1242 from ExolonDX/branch_master_01
Don't use pfsense name in comment
Use $product instead of pfSense when logging the version to syslog
Log pfsense version to syslog after bootup
Fix PHP script closing tag placement.
Fix #3749:
When a full upgrade from 2.1.x to 2.2 is being done, after decompresstarball with 2.2 files, /bin/sh is not able to run a script using syntax'sh scriptname'. Because of that, /tmp/post_upgrade_command and/etc/rc.reboot are not executed ending on an incomplete and broken...
Make sure scripts have necessary attributes and use its shebang line instead of force sh to call it. This will help to prevent or workaround issues similar to #3749 in the future
In some cases, new /bin/sh binary doesn't work properly before reboot during a upgrade, and because of that /etc/rc.reboot is not executed and system doesn't reboot. Source /etc/rc.reboot instead of open a new sh session to avoid it happening again in future versions (ticket #3749)
use HTTPS for files.pfsense.org for update_bogons and priv_url in pkg-utils
no () around qlength here
qlimit must be included here
Avoid reseting firewall hostname by WAN DHCP. It should fix #3746
Convert almost all /sbin/sysctl calls to php functions
Fix sysctl name
Add set_single_sysctl(), a wrapper to set_sysctl() to make it simple to set value of a single sysctl
Add get_single_sysctl(), a wrapper to get_sysctl() to make it simple to get value of a single sysctl
Fix indent