igmpproxy param -d doesn't like the space before optarg. Fixes #3852
Fixes #3664, actually make sense of this function to work properly
Fixes #3823 Properly parse auth tags as variables
Add more services and reorder
Add following shaping rules:ARMA 3WIIEA OriginGames For Windows LiveCrysis 3DeadSpace 2DeadSpace 3DragonAge2MassEffect3FacetimeGoogle HangoutsTeamSpeak 3VentriloiTunes RadoIMAP/SPOP3/SSMTP/SApple Mobile Sync...
Fix subnet display for IPsec status. Ticket #3826
Hide FreeBSD version from sshd banner. It fixes #3840
Merge pull request #1258 from yarick123/master
Fix match for help pages privileges, it fixes #3777
Do not use regex to check filetype to avoid being wrong since . is a regex metachar. It fixes #3817
Merge pull request #1255 from leleobhz/master
Take virtual IPs into consideration for automatic outbound NAT rules, it should now fix #983
pgrep parameters are out of order and it also needs -a to find sshd. While I'm here, simplify sh syntax and prevent noise to be printed if pid file doesn't exist
delete the dhcpd.pid file before starting dhcpd. Fixes bug where on rare occasions a stale PID file could prevent dhcpd from starting until it's manually deleted.
use pgrep here instead, previous way could wrongly show SSH as enabled where it isn't.
Remove extra noise from rc.shutdown
Move the fetching of a package's config file and additional files to separate functions, and then have the "xml" package button perform these so that it is not only a redundant copy of the "pkg" reinstall button. This can help ensure a package files are in a known-good state before other actions are performed, in case the deinstall would fail or behave erratically due to other files being missing.
Correct the ipsec status pages to show proper information as needed.
Correct processing and assignment on ikeid variable so it does the right thing
Use proper path to setkey now that ipsec-tools are not used anymore
Correct the functions for returning tunnel status to use strongswan status reports
Allow HASH algorithms to be empty for phase2 in case the encryption one is AES-GCM
Add filter.so to list of extensions loaded for 2.2
Do not allow duplicate subnet entries on left|rightsubnet specification since it will blackhole all traffic to that subnet when connection is setup as route
Do not accept proposal out of that configured even for IKEv2 even though there is no possibility in the GUI to set more than one proposal for Phase1 so far.
Restore behaviour as with racoon to trigger tunnel startup from traffic that needs to go into the tunnel. Even related to Ticket #3806.
Do not show errors from trying to delete a socket or similar
rightsourceip must be used with PSK+Xauth.
This is required for PSK+Xauth. I'll commit that clarification in a bit.Revert "Revert "Fix assignment of tunnel IPs to mobile clients.""
This reverts commit 23ba08fc940b711f3b44551199890dc8e28a63b6.
cherry pic from 'hotfix/3347-Certificate_Authority_SAN_names_not_working':
bugfix #3347: Certificate Authority SAN names not working in 2.1
subjectAltName can be set only via configuration file - created three extra sections in openssl.cnf to use in case of existing subjectAltName....
Revert "Fix assignment of tunnel IPs to mobile clients." This normally is not needed since the attr plugin deals with all this.
This reverts commit 00311d6a841c0f6fc162ea11da06569f10220f5e.
Actually disable this plugin for now. It was not really needed for solving the issues with IKEv1
Move dhcp6c log to dhcpd.log, it fixes #3799
Remove double defined 'localhost' on the list of networks to create outbound NAT rules. It should fix #3800
Do not create automatic outbound NAT rule for disabled openvpn servers and clients
Fix assignment of tunnel IPs to mobile clients.
Fix #3798 - 'IPsec phase 2 pinghost is not used if the source IP should be a virtual IP address'
Avoid a "Cannot use string offset as an array" error if the packages section of the config is missing.
Correct this so the dpdaction is created properly as restart
Do a reload on the cofniguration which is better than update. Also let the keyingtries to 3 rather than forever to avoid problems on recovery.
Change the logic of the vpn config generation to make connectivity more stable especially ipsec. Also for IKEv1 just generate the policies and only on traffic start them.
Move the rekey to yes always to avoid issues.
Per the dhcpd.conf man page and other documentation from ISC, mclt must not be defined on the secondary.
Escape the individual dnsmasq advanced/custom options
Do not try to rekey for IKEv1.
Use a uniqid() to track phase2 entries to avoid confustion and various mistakes when modifying and editing them.
Fix for #3785 - 'strongswan config being generated with ike SA lifetime set to value of ipsec SA lifetime'
Remove even the config.cache from /tmp to avoid issues while here
Fix #3781 - 'strongswan dpdtimeout value not generated correctly'
Fix for bug 3769
Fix #983 - Add IP aliases subnets to interface subnet macro on GUI, since I'm here also fix not rules for PPTP clients macro.
Concat var before call escapeshellarg
Make dhcpleases use unbound pid when it's configured
Fix shell script syntax, it should fix #3361
Detect when protocol changes and invalidate session to get a new cookie with secure flag set according. It fixes #3714
Merge pull request #1247 from DasTestament/master
Use cron.pid to get pid number and avoid kill minicron processes. It fixes #3757
Don't use pfsense name in comment
Use $product instead of pfSense when logging the version to syslog
Log pfsense version to syslog after bootup
Make sure scripts have necessary attributes and use its shebang line instead of force sh to call it. This will help to prevent or workaround issues similar to #3749 in the future
In some cases, new /bin/sh binary doesn't work properly before reboot during a upgrade, and because of that /etc/rc.reboot is not executed and system doesn't reboot. Source /etc/rc.reboot instead of open a new sh session to avoid it happening again in future versions (ticket #3749)
use HTTPS for files.pfsense.org for update_bogons and priv_url in pkg-utils
no () around qlength here
qlimit must be included here
Convert almost all /sbin/sysctl calls to php functions
Fix sysctl name
Add set_single_sysctl(), a wrapper to set_sysctl() to make it simple to set value of a single sysctl
Add get_single_sysctl(), a wrapper to get_sysctl() to make it simple to get value of a single sysctl
Remove extra spaces and tabs
Remove extra quote and fix syntax
use HTTPS for dyndns providers that support it
Use a php function rather tan using exec. Suggested-by: garga
Remove all .xml file generated from upgrade since it makes /var full
Add one more seatbelt to prevent tar to attempt to overwrite /dev items
Back to cons25 for now since we found some issues with xterm on serial console
un-obsolete gettytab.bak
Also check and verify the package server's SSL certificate if using HTTPS. Issue 484Our current XMLRPC client version doesn't have support on its own to validate this in a way we can use to test in a usable for printing an error message. For now, a cURL query to the XMLRPC URL is used in its place.
More refinements to the unofficial package repository warning ( Issue #484 ) -- Now also shows on Dashboard and installed package list. Cleaned up some code and shuffled things around to avoid unnecessary repetition.
Set proper serial parameters on boot.config and loader.conf for nanobsd without vga
Detect if an unofficial package repository is in use and warn the user. Part of issue #484 (more to go)
Make proper checks to check if we should or not enable serial console
Fix typo on var name
Obsolete ttys_wrap and gettytab.bak
Fix #3647 and other improvements:
- Remove auto_login(), now gettytab is a constant file- Add reload_ttys(), that will send a SIGHUP to init and make it reload /etc/ttys- Change serial speed on /etc/ttys when necessary- Change console and serial auto_login on /etc/ttys when necessary...
Stop restoring gettytab.bak since it doesn't exist anymore
Sync etc/ttys with FreeBSD 10-STABLE, change default console for al.Pc and default serial for al.115200
Sync gettytab with FreeBSD 10-STABLE, also reduce customizations, the only difference is al.Pc entry, for Pc with auto login
Remove unused function color()
Delete gettytab.bak and ttys_wrap, they are not needed anymore
fixes #3713
Fix #3725:
- Fix match_filter_field() and also simplify logic- Fix $filterfieldsarray initialization- Avoid to have double spaces on filterfieldsarray['act']- Fix filter on Firewall Logs
Add a BETA key for PBI signature check, this will be replaced by the final one before RELEASE. Ticket #3365
Fix dir name
Set default serial speed to 115200 for 2.2, fixes #3715
Merge pull request #1238 from DasTestament/master
Add the AESGCM and XCBC on the list of algos availble
Actually use ph1ent ikeid here otherwise will duplicate ids here.
Fix dscp values and provide a config upgrade to fix values stored in config.xml. This is a proper fix for #3688
Update openvpn.inc