Add support for auth-gen-token renawal time.
Add support for auth-gen-token-secrets to allow failover between
servers.
Add support for pushing inactive to clients to have them disconnect
after being idle for a set time.
Add support for explicit-exit-notify and for pushing it. This will allow
UDP connection to notify peers that they are going away.
Add support for ifconfig-pool-persist, which will allow smoother roaming
combined with auth-gen-token since client will keep their ip address.
Add support from compress migrate. This option will conditionally use
stub compression for clients announcing they have compression enabled
while leaving it of for all other clients.
Build a formatter for the empty default and hide the
virtual fields from the default dialog by default.
The cloning doesn't make a lot of sense here so remove
it completely.
Delete only if in config.
After a bit of back and forth and issues reported with
bootstrapping it's better to get rid of the old keyword
which unifies the default selection under the empty value.
This inline-assign shouldn't happen anymore (likely a very early version
using the wlan device name implicitly). Maybe for 25.7, needs a tiny code
audit at one point but since the other cruft changes are in 25.1.3 this
makes sense to push.
First these are sane defaults, second they always belonged to NTPd which
we do not configure in the wizard. The settings are now contained
within network time/ntpd and just need a proper migration when the MVC/API
conversion for that component begins.
We never rely on xml ordering, which means a "nosync" can always be appended or prepended into an existing dataset (as long as uuid's don't overlap, but that's a bit of a corner case).
This commits tracks the nosync items inside the dataset to sync and prepends them to the new target set, so all nosync items on the back remain where they belong.
The $sync_full construct always looked a bit weird, certainly as different other comparable config sections don't seem to have the same issue as mentioned in the original commit (1b99e1e53a). Tried the nat rules on an existing setup after this change, which still works like a charm.
This is certainly a downside of data migrations in general, when looking at the actual target, we don't have all the versions in between available. which means breakage is possible when skipping a lot of versions on our end.
* wizard: reimplement system setup, for https://github.com/opnsense/core/issues/8352
This commit implements our replacement for the setup wizard. The questions are roughly the same as in the legacy version.
Some less relevant options have been removed (pppoe ondemand for example) and isc-dhcpd has been replaced with dnsmasq.
Only standard tools have been used, a memory model to validate the data and simple input forms in tabs.
The in memory model acts as a wrapper around a legacy configuration data and a couple of component models to apply the requested settings.
Some legacy settings using isset() have been altered to use their empty() equivalent.
* wizard: as we're changing to dnsmasq as default, we need to make sure the console setup configures the same (https://github.com/opnsense/core/issues/8352)
Fix some small php arnings in the process, but further than that just rewrite the dhcpd console handling to use dnsmasq instead of isc.
Eventually we will need to rewrite the console tools as well, but let's try to keep this compatible with minimal impact.
* wizard: change other occurrences of isset($config['dnsallowoverride']) for https://github.com/opnsense/core/issues/8352
* wizard: sort listtags() and some other minor review comments for https://github.com/opnsense/core/issues/8352
For ipv4 there only appears to be a static mode type, ipv6 will extend the options. If we don't want to risk needing a checkbox for each of them, it's better to implement this as a mode dropdown.
* Captive Portal: WIP for migration to pf (https://github.com/opnsense/core/issues/8326)
Captive Portal: cleanup references to ipfw
Captive Portal: move accounting deletion to get action, update references and descriptions
Captive Portal: remove note
Captive Portal: move accounting to pf match rules
Captive Portal: cleanup and shorten code
Captive Portal: parser issue after refactor
Captive Portal: update logo in default login page
* Captive Portal: internal alias should not be editable
* Captive Portal: move to periodic accounting sync
* Captive Portal: update lighttpd zone config
* Captive Portal: ether rules for accounting
* Captive Portal: safe accounting fetch
* Captive Portal: move counter calculation to bgprocess
* Captive Portal: remove nested anchors, match anchors on interfaces as well
* Captive Portal: move service logic to captiveportal.inc
* Captive Portal: leftover test statement
* Captive Portal: properly initialize accounting result
* Captive Portal: cleanup sql
* Captive Portal: Implement backend requirements for RFC 8908
While here, the zoneid is provided to the client, even though there
there is no need to do so. Instead let lighttpd forward the
request with an added header containing the zoneid of the client
* Captive Portal: review feedback
* Captive Portal: from_not case
