remove CGN from "Block private networks" as it was in 2.0x and earlierreleases since it specifically notes RFC 1918 and CGN is more bogon.Ticket #4379
Fixes #4381 this was a leftover of the change of zoneids to start from 2.
Use web-gui setting for pap or chap instead of having it hard-coded to chap.
Fixed not being able to save custom and custom-v6 dyndnsentries due to "host" being posted empty, and thus failingis_domain() check.
Firmware upgrade script text changes
while I am looking at this, might as well correct these.No function problems or impact.
Fix restartipsec command line script.
Fixes #3669 Handle properly recording of the ipv6 interface new ip and do not issues commands that cannot succeed.
In last case, use dmesg.boot do detect ALIX boards when hw.model is not enough
Silent kenv when smbios.system.product is not present. While here, add VirtualBox to the list of virtualenvs
fix responder-only IPsec text
fix text
Allow IPseec clients to properly connect and not stomp over each other. Reported-by https://forum.pfsense.org/index.php?topic=87980.0
Fix aliases popup width when fields are hidden when page is loaded. It should fix #4238
Properly calculate the 6rd default gateway honoring netmasks other than /32
Ticket #4353 fix typo on unset var spotted-by: Phil Davis
Unbound domain override IP:port validation
The domain override is IP:port is invalid if either the IP address OR port is invalid.Previously you could put an invalid IP with valid port, or valid IP with invalid port.
speedup 'function is_port($port)' speed by skipping calls to getservbyname when possible
Remove latin-1 encoding of RSS feed
Many thanks to Gertjan in forum https://forum.pfsense.org/index.php?topic=87504.msg484017#msg484017Specifically setting the output encoding to latin-1 was causing the "black diamonds" for special characters in the http://blog.pfsense.org RSS feed (e.g. the registered trademark sign after pfSense did not come out)....
need $g here so product_name is set in user agent
Add input validation to prevent the use of AES > 128 where glxsb is enabled. Ticket #4361
Fixes #4360 allow marking a connection as responder only, the same behviour as mobile connections
Fixes #4359 Allow controlling uniqueids
Traffic Shaper Wizard Upstream SIP Server
Not being remembered and actioned.Bug #4314
Fixes #4353 Identify when strongswan.conf needs a reload and restart ipsec service.
Fixes #4333 Unset previous defined values before using the new ones
Firewall Log does not display logged IGMP packets
If IGMP packets are logged (either pass or block) then parse_filter_line did not set their src and dst IP.Later in the subroutine, it zapped the filter line because it did not have a src and dst.This fixes it. Now the IGMP lines in /var/log/filter.log appear on the Firewall Log GUI.
Fixes #4340 encode username same as with password to avoid issues with special chars.
Do not reuse reqid on copy of phase2 Fixes #4349
Set update_url and update_manifest automatically based on version being or not a RELEASE
fix input validation, = is OK here
Fixes #4274 same fix as #4302 enclose in double quotes to tell yacc this is a string to be parsed.
Apparently yacc became more strict in FreeBSD 10. Fixes #4302
Fixes #4275 use double quotes on asn1dn specification so strongswan properly interprets it
Accept port range on Outbound NAT. Fixes #4300
Reload filter when IPsec is disabled, fixes #4245
Add support for 0x20 DNS random bit support. Fixes #4205
Support for Office365 Mail
https://redmine.pfsense.org/issues/4176Allow the user to choose SMTP authentication mechanism PLAIN or LOGIN.For existing configs with this option not set, PLAIN is the default, and will appear first in the dropdown box, so next time the user saves the SMTP Notification settings, PLAIN will be the value selected and saved.
Support choice of SMTP Authentication Mechanisms
https://redmine.pfsense.org/issues/4176I have left some documentation here of other mechanisms that someone might care about in future (or not). I left the array with name=>desc so it will be easy if new mechanisms come along that need a description different to the name.
Fix #4318 - gen_subnetv4_max() not working on 32bit
Dynamic DNS wildcard typo
Self-explanatory, just a dumb typo bug
Unimportant typos in user and group manager
that do not effect anything.
Simplify use of other serial ports setting all of them as onifconsole when serial is enabled
Teach ufslabels.sh to deal with DESTDIR, useful on installation
Improve a bit sh syntax and fix it for multiple swap devices
Change version to 2.2.1-DEVELOPMENT
Fix sed syntax, -i requires a space before the parameter. Also fix regex to find swap device
use example.com for examples
these descriptions were flipped. Ticket #4273
Fixes #4257 With the platform_booting() fixes a regression was done on openvpn tap interfaces or dynamic ones that are part of a bridge.
Allow during bootup rc.newwanip to continue up to a ceratin part to handle bridges or other complex interfaces.
Make sure radvd is reconfigured when CARP is enabled/disabled. It should fix #4252
Save the tradition and point to used binaries here
When configuring radvd, check if carp is enabled. Ticket #4252
Do not translate function return string
Fix typo in function name
Strict comparison not necessary here, and makes this fail to work asintended. Fixes #4258
Ticket #4254 do not put duplicate interface names
Ticket #4254 Actually use proper variables allover to have correct route added
Ticket #4254 Actually use proper interface to check if gateway exists
Ticket #4254 Use proper variable
Ticket #4254 actually use the info on the protocol of the vpn sepcification to be more sure on the family to use
Ticket #4254 Handle even hosts specified throguh dns name
Ticket #4524 Bring back static routes on ipsec to make sure charon does not send traffic through wrong iface. This handles properly ipv6
Be compliant with gatway groups specified on ipsec. Ticket #4254
Ticket #4254 Actually fix this on 2.2 branch since vips are not handled by get_real_interface apparently!
When radvd is configured on a CARP interface, enable it when it is MASTER and disable when go to BACKUP. It should fix #4252
Ticket #4254 specify the list of interfaces to be used by charon. This is a workaround for now. Being investigated the fix.
Use the parent NIC rather than the VIP. Fixes part of Ticket #4252
The reset button check should happen on all platforms, not only NanoBSD
Add missing require for filter.inc since vpn_ipsec_configure() calls filter_configure(). It should fix #4236
Add reset button support for APU and FW7541
add detection for 7541, APU
move jquery ui css to theme folders
Set $arch accordingly to release
change update URLs for release
Bump to 2.2-RELEASE
Validate if both IP address and subnet are valid and the same version. Fixes #4223
Firewall Rules Apply be friendly to other languages
Forum: https://forum.pfsense.org/index.php?topic=86808.0Redmine: https://redmine.pfsense.org/issues/3886
print_info_box_np() when called with just the first $msg parameter has some rough tests to decide if the "Apply" button should be displayed. It checks if the translation of "apply", "save" or "create" appears in the $msg string (which is a translated string itself). If the $msg string did not translate, and thus remains in English, but gettext("apply") does translate then the e.g. Turkish word for "apply" is not going to appear in the English $msg string. So things go wrong....
Time to let these go
Just do an update since it will handle itself properly.
Revert "Move to specifically specifying the ID type apart when an ip address to have strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own."
This reverts commit 1ada4c8c514cc33b0df6238b7f2f177078bfe2e8.
Revert "Fix typos introduced by chaning to explicit id specification when necessary. Fixes #4202"
This reverts commit 324311043385aed357ca8838bde2c3af3111e564.
Add RSA keys even for eap-mschapv2
Add EAP-MSChapv2 implementation for Windows ipsec support as reported here https://forum.pfsense.org/index.php?topic=81657.15
Oops add missing curly
Also take care of ph1 mobile settings for eap-tls
Obsolete libpng15 in favour of libpng16
Correctly handle number of cores and power of 2. Merged from the package already had this. Fixes #4212
Actually remove rekey/reauth from config to avoid strange issues. Ticket #4208
Add some saftey belts here to be safe
Heh bump the config version
To avoid issues with clashing SAIDs go back to specifying the reqid in strongswan config.
To be able to manage this first upgrade the config to assign each phase2 an reqidSecond use that during config generation
Ticket #4208
Improving aesthetics.
Make title color more consistent with other pages.Improving aesthetics.
Where the P1 is disabled, show the P2s as disabled since they will be, same as in previous versions.
Fix IPsec widget for multiple P2, it fixes #4164
Unbound is compiled with libevent so setting this to always be 4096.
Allow for overhead and up maximum limit from 8 to 32, also only set it if its set to 4 or above. Fixes https://forum.pfsense.org/index.php?topic=78356.msg472781#msg472781
Remove old write caching tunable as well. Ticket #4203
Remove the settings to disable DMA, which have changed in FreeBSD 10.Ticket #4203
Do not leak firewall rules as well when (re)creating rules
Fix spell typo spotted by phil-davis