FreshBSD

Filter, alias. calculate uniqueid() using all of its contents +minor cleanup (this alias 
is always in _known_aliases). closes https://github.com/opnsense/core/issues/3432

filter, aliases. add alias cleanup. previously a delete of an alias would result in the 
old one still being there. closes https://github.com/opnsense/core/issues/3431

Since all aliases are written to /usr/local/etc/filter_tables.conf, it should be safe to 
drop all for which a file in aliastables exists but no entry is available in 
filter_tables.conf anymore.
For debug purposes we log the entries which we delete, although this probably wouldn't be 
absolutely necessary, it might help to debug potential issues.

backup, disable cron when not enabled. closes https://github.com/opnsense/core/issues/3430

(cherry picked from commit 2e896d47b3dd66b3ef0a019102d04b2f1635822c)

backup, disable cron when not enabled. closes https://github.com/opnsense/core/issues/3430

IPsec, switch to PAM, closes https://github.com/opnsense/core/issues/3265

system: sync PAM-based authentication rework

src: style and whitespace sweep

(cherry picked from commit a0f234f76169bd0e904c5eb45e5757d03684316c)

Alias, add export+import option, closes https://github.com/opnsense/core/issues/3171

(cherry picked from commit f2948e6af4707717859d131b9d2f19d5106cd944)

MVC, add filter closure to searchBase(), for https://github.com/opnsense/plugins/pull/1274

(cherry picked from commit 8ae69d5f06ae1db9936dbceae8b32f8ea4733da4)
(cherry picked from commit 39a95d3c39f77cdf5ff93a59229dcb62e130248b)

Captive portal, in case someone execs listClients before service start, make sure the 
directory exists. for https://github.com/opnsense/core/issues/3425

(cherry picked from commit a193e1e39711477da6bd52c20f9c96116841a4e7)

captive portal: update to bootstrap 3.4.1

interfaces: ppp-related changes from master

(cherry picked from commit cfc95122f2d248e61d03d8f1dbae3cbd40260196)
(cherry picked from commit 75c3100ba7fca08e874dfea7b40831781bdf7f74)
(cherry picked from commit be9a1c94ab0a96d7c3a1f94eedaa4c88c5275639)

system: remove feature that was never implemented

ipsec: restyle mobile settings a little

(cherry picked from commit 9cb95f7c86b925b3095b12f598f2769e25cbd269)

system: support for syncing alias+vhid to the slave

HAsync, prevent sloppy apply behaviour in various places due to configuring the backup 
device and point the user to our status page.

(cherry picked from commit b214b89e2078e26cee8e778a43b1946ee5ac9943)
(cherry picked from commit 883063c49c499697dba0f8b12a7855da9690d0c5)

system: move health scripts to Python 3.6

ipsec: only apply mobile PFS to mobile phase 2; closes #3323

(cherry picked from commit cf721cf4b115c0b9247e9c5139dbdc32b226d05e)

implemented wildcard includes for ipsec/strongswan

(cherry picked from commit acdf14e63667034cda82dc75fcdcccd4b4367f6d)
(cherry picked from commit a4d157db0bc622c68af6da717c311499d8362691)
(cherry picked from commit dfd48d29349688d25b102b928ccbd509aa516f9a)
(cherry picked from commit 2056e907ffd47cf2646899f37448c8e54f19cc05)

dhcpd/leases, double html escaping. closes https://github.com/opnsense/core/issues/3427

(cherry picked from commit 248156f8ee783b86f7ce5c6d7fdc914361b4af57)

system: cleanly rewrite CA root files, add our own; closes #1460

(cherry picked from commit 59b913f9e5e5c7c722f5364e91feaac358e63ebf)
(cherry picked from commit 3d46287880bc0ed3960402f50ef809438c79a2ec)
(cherry picked from commit 241716e8a7a9f5bba53c870442505167bdced076)

system: remove unused option

(cherry picked from commit 81b43740f2f4f6a028042dd06c955ebdee8dd3a0)

dhcpd/leases, double html escaping. closes https://github.com/opnsense/core/issues/3427

system: remove unused option

Routing, gateways for https://github.com/opnsense/core/issues/2279 align automatic 
gateways to legacy behaviour. Since gif/gre interfaces already write _router files, we 
should only add openvpn client gateways to mimic the way it wasbefore. Also skip disabled 
interfaces.

system: retain old GW naming convention #2279

Captive portal, in case someone execs listClients before service start, make sure the 
directory exists. for https://github.com/opnsense/core/issues/3425

dpinger: reshuffle some related code

system: move gwlb.inc to dpinger.inc

Auth, extend AuthenticationFactory to support getLastAuthProperties() from last 
authenticate() call. part of https://github.com/opnsense/core/issues/3266

Routing, gateways. missed a spot in https://github.com/opnsense/core/issues/2279, remove 
column header for VIP

Routing, gateways. Technically we could add tunnel gateways automatically, but since you 
can easily add them manually, we better start without these and only add the ones found in 
the /tmp/XX_router[XX] files. for https://github.com/opnsense/core/issues/2279

Routing, gateways. move get_gateway_error() from gwlb.inc to gateway_alert script, since 
only used there now. for https://github.com/opnsense/core/issues/2279

Routing, gateways. replace contents of return_gateway_groups_array() for 
https://github.com/opnsense/core/issues/2279 complete removacl should be part of 
https://github.com/opnsense/core/issues/3423

Routing, gateway groups, use new class methods in filter and filter edit page, for 
https://github.com/opnsense/core/issues/2279

Routing, gateways. add group functions to new gateway class, for 
https://github.com/opnsense/core/issues/2279

configd, idna encode, orginating from https://github.com/opnsense/core/pull/3107 and other 
commits from the same contributor.
Fix for https://github.com/opnsense/core/pull/3107, although I'm doubting if we should 
keep supporting idna, since fixing these issues often cost us quite some time and demand 
for the feature doesn't appear to be very high.

Fitler, firewall_rules.php, descr already escaped. closes 
https://github.com/opnsense/core/issues/3418

(cherry picked from commit 0edd56242939d2cc7900b89abd3554a1831eff68)

dhcp: added TFTP bootfile-name (fix for #3074, introduced with 8e361f3051aa) (#3420)


(cherry picked from commit e9cb9c08620fd67872533a409bc175d12e74b924)

sysct, remove duplicates. closes https://github.com/opnsense/core/issues/3410

(cherry picked from commit 6101ba8940f02888fd096f4e8e458624ec5f0ff2)

routing, gateways. In gateway groups you could originally select a vip, which isn't used 
in our system. orgininally this came from 
https://github.com/pfsense/pfsense/commit/ab1112da4c1c8dc9c22486d0d69dca9cd1216cd2
Let's remove it while working on https://github.com/opnsense/core/issues/2279

Routing, gateways - groups. regression in https://github.com/opnsense/core/issues/2279 , 
since "interface" contains the configured value now, we should use "if".

Routing, gateway_groups, don't hide gateways on edit, which keeps presentation on new/edit 
equal. Previously you could have a group, containing an item that didn't exist anymore 
(interface removed), in which case you needed to remove the group to be able to edit it. 
related to https://github.com/opnsense/core/issues/2279

dhcp: added TFTP bootfile-name (fix for #3074, introduced with 8e361f3051aa) (#3420)

Routing, gateways. When gathering gateway status from dpinger, don't consider dpinger 
endpoints down if not yet available. This could lead to some unexpected gateway switches. 
for https://github.com/opnsense/core/issues/2279

We might consider another status for "startup", although since we report loss and delay as 
"~" it should already be obvious that we don't know the status yet.

Filter, add ipv6-icmp type selection, closes https://github.com/opnsense/core/issues/3412

Routing, gateways. don't consider lo0 as a default gateway candidate. Since it doesn't 
make much sense to send all traffic to localhost, we better exclude it to keep the 
previous behaviour. for https://github.com/opnsense/core/issues/2279

Routing, gateways. log gateways that are not being considered, 
https://github.com/opnsense/core/issues/2279

Routing, gateways. The `/tmp/*_defaultgw` construction has a race condition the way it is 
implemented now. for https://github.com/opnsense/core/issues/2279

It is used by dhcp client to detect if a default route might be overwritten and it 
determines default gateway priority. Since I don't want to refactor the dhclient-script at 
the moment, we best keep the file, but remove the "default" detection.
So system_default_route() sets the file, which dhclient can pickup when a new gateway is 
propagated.

sysct, remove duplicates. closes https://github.com/opnsense/core/issues/3410