pfSense

Update IPsec Filter Mode text. Implements #12289

VTI mode also works for transport mode (e.g. GRE), so note that as well.

Increase default IPv6 router advertisement (RA) intervals and lifetime. Fixes #12280

Convert RAM disks to tmpfs. Implements #12145

Allow to use nested URL alias in URL alias. Fixes #11863

Port Forward None and Pass associated filter rule copy. Fixes #12272

Do not allow to select PPPoE Server interfaces on the DHCPv6 Server page. Fixes #12277

Regex cleanup should also kill {}. Fixes #12257

It's not used often (and less in the GUI) and can be a source of
problems with large numbers of repetitions even outside of grouped
expressions.

Merge remote-tracking branch 'origin/fix/12279'

Use SHA512 to hash user password. Implements #10298

Original commit by Viktor Gurov

Fixes #12279

Ensure Unbound python script exists. Fixes #12274

Check to make sure a referenced python script exsits before attempting
to use it in the Unbound configuration. If the file does not exist,
Unbound will fail to start.

Fixed #12247 by adding curl_close() call

Add incorrectly generated package rules to status_output. Implements #12269

Correct grep usage where needed. Fixes #12265

Regex cleanup change. Fixes #12257

Rather than attempting to cleanup group repetition, just discard the
unwanted pattern.

Replace unlink() by unlink_if_exists()

System Information widget optimization. Issue #12241

Move IPsec Mobile additional configuration attributes to strongswan.conf. Fixes #11447

Fix IPsec PH1 with Remote Gateway 0.0.0.0 rules creation. Issue #12262

VLAN/QinQ-only interface mismatch detection. Fixes #12170

More route display changes. Fixes #12257

• Move escape_filter_regex() from syslog.inc to util.inc since it will
  be used by things other than syslog.
• Add some basic regex sanity and consistency check functions
• Cleanup diag_routes.php route filter before use...

Do not delete disabled routes. Fixes #10706

Prevent deletion of OpenVPN instances with assigned interfaces. Fixes #12224

Reconfigure stacked IP Aliases on parent CARP VIP changes. Fixes #12227

Change route collection and output. Fixes #12257

All changes are on src/usr/local/www/diag_routes.php

• Change problematic use of sed for an equivalent and safer use of tail
  (to remove headers) and grep (to filter output).
• Restrict AJAX request to POST only...

Sanitize WireGuard keys from status_output. Fixes #12256

Display Gateway IPv6 on status_interfaces.php regardless of Gateway IPv4 status. Fixes #12253

Show received IPv6 DNS servers on status_interfaces.php page. Fixes #12252

Fix is_hostname() regression. Issue #12245

Properly remove the old VHID on XMLRPC CARP VIP sync. Fixes #12202

OpenVPN Tunnel network input validation fix. Issue #11999

Update convert_friendly_interface_to_friendly_descr() to show IP Alias description. Fixes #11337

Use client-connect/client-disconnect script for Remote Access (SSL/TLS) server mode. Fixes #12238

Set $retries=10 in resolve_retry() to improve resolution timeout. Fixes #12196

1:1 NAT rules creation update. Fixes #12168

• Fix 1:1 NAT rule creation when Any is selected for Internal IP
• Fix 1:1 NAT rule creation when Any is selected for Internal IP on 6RD/6to4 interface

Parse ARM 32/64 network boot options on Static DHCP Mapping page. Fixes #12216

Do not create disabled IPsec VTI interfaces. Fixes #12212

Fix disabling IPsec PH1 with PH2 VTI on vpn_ipsec_phase1.php page. Issue #12198

Show all alias references on delete attempt. Fixes #12177

Router Advertisements fixes. Issue #12173

• Set AdvDNSSLLifetime value to 3*MaxRtrAdvInterval per RFC 8106
• Provide DNS configuration via radvd checkbox fix

Write CRL files only if certificate authentication is used in IPsec. Fixes #12195

Fixed missing $ warning

Hide pcscd service from the service list if IPsec PKCS11 support is disabled. Todo #11933

NTP Server SHA256 authentification support. Implements #12213

Delete OpenVPN related config files for disabled instance. Fixes #12223

Fix ProxyARP/Other VIP network address expansion on Port Forward rules. Issue #12233

Increment local port and clear tunnel networks value when restarting the OpenVPN wizard. Fixes #12172

Support for UEFI HTTP Boot option in DHCP config. Implements #11659

Wireless Channel/Width Issues fix. Issue #12234

Do not show Gateway duplicates option for IPsec Mobile. Fixes #12197

Hide console output on system backup restore. Fixes #11909

Group copy button. Implements #12226

Do not show help text under each IPsec bypass rules entry. Fixes #12236

OpenVPN Wizard ncp_enable value fix. Issue #12172

Snort: Enable COREDUMPS option

Clean up some messy HTML in the cert/ca display code. Prep for future MVC changes.

Wireless EAP client option fix. Issue #12239

Merge pull request #4535 from luftegrof/bug12174

Merge pull request #4512 from jvandervyver/master

Merge pull request #4530 from Alexilmarranen/master

Merge pull request #4534 from Uglymotha/master

Merge pull request #4533 from seyfidin/patch-1

Register current pkg_set_version

On pfSense-base post-install script, register current pkg_set_version as
the same of /etc/version

Set PFSENSE_PKG_SET_VERSION to PRODUCT_VERSION

This is going to be used by pfSense-upgrade port to set pkg_set_version
based on PRODUCT_VERSION

Allow %PRODUCT_VERSION% to be used on make.conf

OpenVPN status f/tap+empty tunnel net Fixes #12232

Correct syntax. Fixes #12229

Improve NTP serial port validation. Fixes #12191

Init [''system']['acb']

OpenVPN GUI field adjustments. Implements #12218

• Move description to the top of the page
• For clients and servers, show the ID and corresponding interface name
• Split some options into different sections and change order slightly
  to be more logical.

IPsec Keep Alive corrections. Fixes #12169

• Checked CARP VIP status if used by P1, if VIP is in BACKUP or INIT
  state, it does not attempt to initiate.
• Disable debug printing.

Increase the number of logs we are keeping

Remove a trailing \r that prevents s3 rm from working

missing space in function parameters

Use the cached gateways_status in gateway_info_popup() call

Inline presentation instead of print/echo in PHP

Ensure ACB config section exists

Install ACB cron job on upgrade

Set the output format to avoid \r on line endings preventing log files from being deleted

Fix selector

Completes #12193. Ready for testing. Revert only this commit to go back to old ACB system.

Delete unsupported backups

Prototype cron script to upload ACB backups per #12193

Fix OpenVPN CA/CRL cleanup. Fixes #12192

Validate gpsport. Fixes #12191

Bug #12174 - rename gw_table to gw_info

Bug #12174 - cache results from gateway_info_popup function

IPsec identifier type updates. Implements #12044

Correct names to reflect what the actual types are (e.g. Distinguished
name is really FQDN)

Add an explicit "auto" type which passes the user input through as-is.
Previously some users took advantage of ASN.1 DN behaving this way to...

Add P2 Keep Alive function. Implements #12169

Works for VTI and Tunnel mode. Checks every 5 minutes if the P2 is connected and
initiates if it doesn't.

Since a failed initiation takes ~3-4 minutes to timeout, running more
frequently is counterproductive.

Fix IPsec buttons for Connecting. Fixes #12189

Status page was showing a connect button for tunnels which were already
connecting. It now shows a disconnect button instead.

Fix title length

Fix double encoding. Fixes #12186

The values in these arrays are already encoded, no need to do it again.

Small fixes for expiredays comparing

Add setting for ignore revoked certificates. Fix Bug #12109

Prevent ::\0 from becoming part of negate_networks

Merge branch 'pfsense:master' into master

Cache gw status for rules. Fixes #12174

Don't fetch a new gateway status for every rule. Fetch it once and use
it for the entire page load.

IPsec updates to address multiple issues

• Configure/apply code changes. * Vast performance increase. Fixes #12026 * Changed connection naming to be easier to interpret. Issue #11910
• VTI interface numbering changes. * Name is now "ipsec<reqid>" since reqid is unique per P2 and a low number....

Merge branch 'pfsense:master' into master

Only create pkg.pkg.sig if pkg.pkg exists