UnivNautes

Fix logic to find available next number for limiters and queues. It fixes #3998

Add an extra protection to avoid having an empty group created

Do not display the disabled tunnels since they are not needed in the widget. Ticket #3955

Commit the other part of the fix for Ticket #3955

Oops wrong choice the checkbox is only for javascript

Remove redundant code and check for dpd_enable checkbox to be set

Fixup some redirected URLs.

Fixup some URLs that changed.

Standardize quotes in help.php

Don't allow interface descriptions that are strictly numbers as that
generates an invalid ruleset. Ticket #4005

fix variable typo

fix text

Make sure empty group or user are not created when editing

Only create missing ssh keys, do not overwrite existing ones. It fixes #4003

Use route command directly rather than trying to make a route search on php thorugh netstat. It Fixes #4000

Oops do the right thing here by passing proper argument rather than breaking the ipsec status page. Ticket #3955

Revert "Make phase1_status function wok whnever there is a smp dump. This should unbreak Ticket #3955"

This reverts commit 694d368d818508a40bdef4f1a3f64b414b11c442.

remove this log, it's never logged anything useful that I've seen, and unnecessarily spams the secondary's system log on every config sync.

hn(4) is ALTQ-capable, mark as such.

Make phase1_status function wok whnever there is a smp dump. This should unbreak Ticket #3955

Actually require group name!

Do not do operations for empty group members

Do not do this during boot

Use leftcert for more options on IPsec authentication

Ticket #3967 also sync other vip types that can be synched.

Fixes #3967, properly resolve interface

Set proxy env vars on interactive shell and also on crontab to make all scripts be able to use it. Ticket #3789

Revert "Ticket #3789. Put a start at using the proxyurl/proxyport from system configured settings for bogons. It still does not consider the user/pass configured"

This reverts commit 664adf3845cf1df89769bb0ed5fc113048e0912e.

touch up text

fix text

Change copyright statement to reflect reality

modify copyright statement to reflect reality

Change copyright statement to reflect reality

Fix syntax error in CARP status page. Ticket #3967

Restore the CARP parent display in firewall_virtual_ip.php. Ticket #3967

Set this to /8 instead since that's how it's done in stock FreeBSD 10.1. Ticket #3941

Setting an interface's IP to 0.0.0.0 with mask 0.0.0.0 overwrites the
default route with that interface's link route. Later in dhclient, that
gets deleted and leaves the system with no default route. Using a /32 mask
here works in every scenario I can find, and stops the default route...

Strengthen check

Compare the right things here.

Do not require the default sysctl items to be set on the config.xml but rather extract the definitions from the sysctl tree. Also to reduce config.xml size

Retire flowtable_configure as a useless code since its not in kernel

Actually make default sysctls reside on globals.inc and use those by default this allows to trim down the config.xml sysctl and also fixes #3666 by setting set source interface on reply of icmp

Put the new sysctl on the config as needed.

Tighten checks here to avoid overriding the default gw with garbage

Make some more useful checks here

Be sure the same gateway is not processed for v4 and v6

Lets put a logging to see what is bing passed to the rtsold script on calling. Helps with Ticket #3361

Ticket 3967, revert upgrade code. Existing 2.2 installs might be impacted

Fixes #3967, configure ip alias on top of carp by joining them to the same vhid as its parent

Ticket #3967. Allow to have carp as parent of ipaliases - continued

Ticket #3967. Allow to have carp as parent of ipaliases

Fixes #3995. Do not set rightsourceip on site-to-site VPNs but only on mobile users ones otherwise nothing works.

Make ipsec_starter log go to ipsec.log rather than system one

Reload also the configuration not only the secrets before trying to apply existing configuration. Ticket #3981

fix text

show interface name, not identifier

fix text, PPPoE Server, not VPN

add a route debug option to log info about route commands executed (where those aren't already logged) to help with troubleshooting various routing scenarios.

remove unnecessary is_array check, thanks Renato

Don't allow P2 local+remote network combinations that overlap with
interface+remote-gateway of the P1. Fixes #3812

set install_routes=no for charon to avoid the issues noted in ticket

Pass zone id to pfSense_ipfw_getTablestats(), should fix #3990

Make sure target has scope when it's a link-local. Fixes #3969

Check if array is set

Merge pull request #1330 from phil-davis/patch-1

Make sure srcip has scope when it's link-local. Should fix #3969

Remove extra ; and space

Process obsolete files in shell script instead of php

Simplify post_upgrade_command logic and obsolete /usr/local/sbin/cvs_sync.sh instead of removing it on post_upgrade_command

Fix to SMART disk matching

preg_match returns 0 when the string does not match the regex.
0 does not "===" FALSE
So this check is not always working.
preg_match returns 1 when the string matches the regex.
IMO it is better to check for !== 1 - then anything that is not success (0 or false or...) will be unset.

fix captive portal status page display

fix up text

Pass friendlyifname to handle_argument_group, not realifname. Fixes #3984. clean up some text while here.

isset($_GET) seems to always evaluate to true, use something more specific. Fixes use of rc.linkup when run from CLI. Others likely fix similar circumstances, though maybe not ones that are used anywhere.

Disable delete_old_states in dhclient-script. rc.newwanip handles this correctly in 2.2, and this killed states in multiple circumstances where that isn't necessary nor desirable.

don't duplicate $message in CP log entries

When an alias contain hosts, add IPs and networks to filterdns too, otherwise you end up with a pre-defined and non-persistent table. Fixes #3939

Merge pull request #1323 from derelict-pf/master

Merge pull request #1320 from phil-davis/patch-2

fix up text

use a bit stronger of defaults in OpenVPN wizard

Fix WINS description. It's not 1999, and it wasn't a good description for back then either. If you're running WINS at this point on your AD DCs...get rid of the Win 9x boxes, or realize you don't actually need or want WINS on anything Windows 2000 and newer.

fix up text

Fix updating of hosts file on host override updates by bringing back the same behavior from previous releases.

skip disabled phase 1 entries in status output

fix NAT-T status. The 'nat' in the status array just tells how the connection is configured, not what it's actually using. Port seems to be the best way to determine what it's using. Fix up some other text while here

use tabs rather than spaces, as most of this already did.

strongswan only has two options for NAT-T, force or auto.

setting nmbclusters to 0 just results in an error, remove unnecessary line

remove old DISABLE_PHP_LINT_CHECKING, which dates way back to the CVS days and hasn't been relevant in years.

touch up text

fix invalid ipsec.conf

clean up text

Use a better method of finding disks for SMART.
Old code was inaccurate and also listed entries that were symlinks to other disks

Restore 3 values back on NAT-T settings Just Enable now its Auto as per strongswan default. and off disabled mobike. Ticket #3979

Rename the options to actually make sense with strongswan

Remove Force options since it has not meaning for now.

fix comment

Catch some more sensitive info when sanitizing.

Merge pull request #1329 from phil-davis/patch-3