| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
package contents may live there, factory default configs live there.
|
| |
|
| |
|
| |
|
|
|
|
| |
VGA redirection is enabled
|
| |
|
|
|
|
| |
necessary or desirable, but Amazon VPC VPNs use that as their tunnel subnet with BGP setups.
|
|
|
|
| |
used, otherwise you're restoring a probably old backup file. Ticket #4531
|
| |
|
| |
|
|
|
|
|
|
| |
Note that advertise is spelt with an "s" in other places in the GUI, so
making it consistent in services_ntpd - but maybe Americans do spell it
"advertize" these days?
|
| |
|
|
|
|
| |
a config setting to disable, rather than enable, this functionality since it's enabled by default so the tag isn't necessary in the default config. Remove now unnecessary config upgrade code.
|
| |
|
|
|
|
| |
obsoletedfiles
|
| |
|
| |
|
| |
|
|
|
|
| |
lan from ipsec. Ticket #4504
|
| |
|
|
|
|
| |
traffic sent to lan ip to go to the ipsec tunnel
|
| |
|
| |
|
|
|
|
| |
to logs.
|
| |
|
| |
|
| |
|
|
|
|
| |
When generating policy-routing rules there was no check if a gateway had force-down set, so gateway with force_down set would still get policy-routing rules written for it, even if skip_rules_gw_down was enabled.
|
| |
|
|
|
|
| |
daemon not running or has a problem!" when IPsec isn't enabled.
|
| |
|
|
|
|
| |
wlandev in FreeBSD 10.x at the moment. Ticket #4406
|
| |
|
|
|
|
| |
it doesn't fall through to the default (1).
|
|
|
|
|
|
|
|
|
|
|
|
| |
when forwarding mode is on.
The General Setup setting "Allow DNS server list to be overridden by DHCP/PPP on WAN" has always been used in dnsmasq to ADD DHCP/PPP provided DNS servers to the list, while also keeping the DNS servers specified in General Setup. That behavior is needed if:
1) WAN1 static IP with upstream DNS server/s specified in General Setup and selecting the WAN1 gateway. WAN2 uses DHCP, DNS server received by DHCP from upstream. The user needs to tick "Allow DNS server list to be overridden by DHCP/PPP on WAN" to get the WAN2 DNS server to be used, but also wants the DNS server from General Setup to also be used.
2) WAN1 static IP, DNS server/s specified in General Setup. For whatever reason the user has also ticked "Allow DNS server list to be overridden by DHCP/PPP on WAN". In actual fact there are no WAN-style interfaces set to DHCP, so "allowing to be overridden" should not come into effect anyway - the DNS servers in General Setup should be used.
3) WAN1 DHCP, but the upstream DHCP does not give out any DNS server/s. "Allow DNS server list to be overridden by DHCP/PPP on WAN" is ticked. Again there are no DNS servers received via DHCP, so any "override" should not be invoked.
In all cases, it turns out that actually we want any General Setup DNS servers to be included in the DNS forwarder/resolver conf in addition to whatever (if any) DNS servers happen to be provided from a DHPC-WAN.
This change makes unbound behave that way - the same as dnsmasq already does.
|
|
|
|
|
|
|
|
| |
I was on a test system and had an upstream DNS server IP specified in System-General Setup. WAN was setup with a static IP and a gateway to that upstream device. All good.
Then I also checked "Allow DNS server list to be overridden by DHCP/PPP on WAN" and changed WAN to be DHCP. It received by DHCP the same DNS server IP that already happened to be in General Setup (and the same gateway IP - not the issue here).
/var/etc/resolv.conf had the name server line twice with the same IP address - once from the DHCP acquired data, and once from the General Setup data.
I don't think it broke anything, but it does look odd.
This change makes sure that DNS servers from General Setup are only added to resolv.conf when they are not already there.
|
|
|
|
|
|
| |
It is not necessary to check, as the only times a gateway event should trigger the VPN to restart are when the current and new devices differ.
This also allows us to simplify the code a bit and eliminate some single-use variables.
See the discussion at https://github.com/pfsense/pfsense/commit/4aefcf915112b38784b06abc8dd9a26d9a4960b3
|
|
|
|
|
| |
If the interface is the same, this test will fail, and that's the one case that should not need a resync.
The logic in this test has been flipped and reversed a few times over the years and without comments it's difficult to discern its true purpose.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Forum: https://forum.pfsense.org/index.php?topic=91075.0
For DNS Forwarder (dnsmasq)
1) dnsmasq is the name of the service
2) DNS Forwarder is the text description
Make Unbound consistent with that, so that menu names and services status display and... work in the same way:
1) unbound is the name of the service
2) DNS Resolver is the text description
|
|
|
|
| |
Use the `none` keyword instead of a whitespace to disable the FreeBSD version in sshd_config.
|
|
|
|
| |
ifconfig. This shouldn't be necessary, but specifying mode has proven to trigger driver problems that don't exist if it's left unspecified (such as FreeBSD PR 198680). Chosing "auto" fixes ath(4) BSS mode issues otherwise preventing it from connecting.
|
| |
|
|
|
|
|
|
|
|
|
| |
Example: LAN IP 10.0.1.1/24 OPT1 IP 10.0.2.1/24
Rules with SRC or DST LANnet correctly have 10.0.0.0/24 (the subnet base address) in /tmp/rules.debug
Rules with SRC or DST OPT1net have 10.0.2.1/24 (the OPT1 IP address with OPT1 net mask) in /tmp/rules.debug
It still works (I think) because actually 10.0.2.1/24 and 10.0.2.0/24 interpreted as a subnet still describes the same set of IP addresses, but it looks odd, as reported by: https://forum.pfsense.org/index.php?topic=90096.msg498474#msg498474
Same issue with IPv6 for OPT1net rules.
This fixes the rule generation to that OPT1net uses the base subnet address in the rule, in the same way that LANnet and WANnet does.
|
| |
|
|
|
|
| |
errors in some configurations. Disable it again since it's been disabled for years, and comment out the user-facing config portion for now since it doesn't do anything. Ticket #4516
|
| |
|
|
|
|
|
|
| |
Looking at where this is nested inside various if statements, I do not think this error did too much harm - only to the $mac['descr'] - in this particular code flow $username is not used for important stuff after this point.
Conflicts:
etc/inc/captiveportal.inc
|
|
|
|
| |
here, though it's also handled by the supplicant/authenticator. Ticket #4516
|
| |
|
| |
|