Fix logic to find available next number for limiters and queues. It fixes #3998
Add an extra protection to avoid having an empty group created
Do not display the disabled tunnels since they are not needed in the widget. Ticket #3955
Commit the other part of the fix for Ticket #3955
Oops wrong choice the checkbox is only for javascript
Remove redundant code and check for dpd_enable checkbox to be set
Fixup some redirected URLs.
Fixup some URLs that changed.
Standardize quotes in help.php
Don't allow interface descriptions that are strictly numbers as thatgenerates an invalid ruleset. Ticket #4005
fix variable typo
fix text
Make sure empty group or user are not created when editing
Only create missing ssh keys, do not overwrite existing ones. It fixes #4003
Use route command directly rather than trying to make a route search on php thorugh netstat. It Fixes #4000
Oops do the right thing here by passing proper argument rather than breaking the ipsec status page. Ticket #3955
Revert "Make phase1_status function wok whnever there is a smp dump. This should unbreak Ticket #3955"
This reverts commit 694d368d818508a40bdef4f1a3f64b414b11c442.
remove this log, it's never logged anything useful that I've seen, and unnecessarily spams the secondary's system log on every config sync.
hn(4) is ALTQ-capable, mark as such.
Make phase1_status function wok whnever there is a smp dump. This should unbreak Ticket #3955
Actually require group name!
Do not do operations for empty group members
Do not do this during boot
Use leftcert for more options on IPsec authentication
Ticket #3967 also sync other vip types that can be synched.
Fixes #3967, properly resolve interface
Set proxy env vars on interactive shell and also on crontab to make all scripts be able to use it. Ticket #3789
Revert "Ticket #3789. Put a start at using the proxyurl/proxyport from system configured settings for bogons. It still does not consider the user/pass configured"
This reverts commit 664adf3845cf1df89769bb0ed5fc113048e0912e.
touch up text
Change copyright statement to reflect reality
modify copyright statement to reflect reality
Fix syntax error in CARP status page. Ticket #3967
Restore the CARP parent display in firewall_virtual_ip.php. Ticket #3967
Set this to /8 instead since that's how it's done in stock FreeBSD 10.1. Ticket #3941
Setting an interface's IP to 0.0.0.0 with mask 0.0.0.0 overwrites thedefault route with that interface's link route. Later in dhclient, thatgets deleted and leaves the system with no default route. Using a /32 maskhere works in every scenario I can find, and stops the default route...
Strengthen check
Compare the right things here.
Do not require the default sysctl items to be set on the config.xml but rather extract the definitions from the sysctl tree. Also to reduce config.xml size
Retire flowtable_configure as a useless code since its not in kernel
Actually make default sysctls reside on globals.inc and use those by default this allows to trim down the config.xml sysctl and also fixes #3666 by setting set source interface on reply of icmp
Put the new sysctl on the config as needed.
Tighten checks here to avoid overriding the default gw with garbage
Make some more useful checks here
Be sure the same gateway is not processed for v4 and v6
Lets put a logging to see what is bing passed to the rtsold script on calling. Helps with Ticket #3361
Ticket 3967, revert upgrade code. Existing 2.2 installs might be impacted
Fixes #3967, configure ip alias on top of carp by joining them to the same vhid as its parent
Ticket #3967. Allow to have carp as parent of ipaliases - continued
Ticket #3967. Allow to have carp as parent of ipaliases
Fixes #3995. Do not set rightsourceip on site-to-site VPNs but only on mobile users ones otherwise nothing works.
Make ipsec_starter log go to ipsec.log rather than system one
Reload also the configuration not only the secrets before trying to apply existing configuration. Ticket #3981
show interface name, not identifier
fix text, PPPoE Server, not VPN
add a route debug option to log info about route commands executed (where those aren't already logged) to help with troubleshooting various routing scenarios.
remove unnecessary is_array check, thanks Renato
Don't allow P2 local+remote network combinations that overlap withinterface+remote-gateway of the P1. Fixes #3812
set install_routes=no for charon to avoid the issues noted in ticket
Pass zone id to pfSense_ipfw_getTablestats(), should fix #3990
Make sure target has scope when it's a link-local. Fixes #3969
Check if array is set
Merge pull request #1330 from phil-davis/patch-1
Make sure srcip has scope when it's link-local. Should fix #3969
Remove extra ; and space
Process obsolete files in shell script instead of php
Simplify post_upgrade_command logic and obsolete /usr/local/sbin/cvs_sync.sh instead of removing it on post_upgrade_command
Fix to SMART disk matching
preg_match returns 0 when the string does not match the regex.0 does not "===" FALSESo this check is not always working.preg_match returns 1 when the string matches the regex.IMO it is better to check for !== 1 - then anything that is not success (0 or false or...) will be unset.
fix captive portal status page display
fix up text
Pass friendlyifname to handle_argument_group, not realifname. Fixes #3984. clean up some text while here.
isset($_GET) seems to always evaluate to true, use something more specific. Fixes use of rc.linkup when run from CLI. Others likely fix similar circumstances, though maybe not ones that are used anywhere.
Disable delete_old_states in dhclient-script. rc.newwanip handles this correctly in 2.2, and this killed states in multiple circumstances where that isn't necessary nor desirable.
don't duplicate $message in CP log entries
When an alias contain hosts, add IPs and networks to filterdns too, otherwise you end up with a pre-defined and non-persistent table. Fixes #3939
Merge pull request #1323 from derelict-pf/master
Merge pull request #1320 from phil-davis/patch-2
use a bit stronger of defaults in OpenVPN wizard
Fix WINS description. It's not 1999, and it wasn't a good description for back then either. If you're running WINS at this point on your AD DCs...get rid of the Win 9x boxes, or realize you don't actually need or want WINS on anything Windows 2000 and newer.
Fix updating of hosts file on host override updates by bringing back the same behavior from previous releases.
skip disabled phase 1 entries in status output
fix NAT-T status. The 'nat' in the status array just tells how the connection is configured, not what it's actually using. Port seems to be the best way to determine what it's using. Fix up some other text while here
use tabs rather than spaces, as most of this already did.
strongswan only has two options for NAT-T, force or auto.
setting nmbclusters to 0 just results in an error, remove unnecessary line
remove old DISABLE_PHP_LINT_CHECKING, which dates way back to the CVS days and hasn't been relevant in years.
fix invalid ipsec.conf
clean up text
Use a better method of finding disks for SMART.Old code was inaccurate and also listed entries that were symlinks to other disks
Restore 3 values back on NAT-T settings Just Enable now its Auto as per strongswan default. and off disabled mobike. Ticket #3979
Rename the options to actually make sense with strongswan
Remove Force options since it has not meaning for now.
fix comment
Catch some more sensitive info when sanitizing.
Merge pull request #1329 from phil-davis/patch-3