lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-18 18:44:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,320 Commits 1 Branch 0 Tags
Commit Graph

16320 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Franco Fichtner
03ffdf511d ipsec: same same but different; closes #6973 
In portait mode the __ml looks odd as the form-inline
is broken off to avoid wide form layouts so we use __mr
on the button div instead.
 2024-02-09 11:04:45 +01:00
Franco Fichtner
66b50c3d51 ipsec: enable placement on connections page for #6973 
Placing this right beside the apply button might make some people
think about not missing this option when using IPsec.
 2024-02-09 10:57:22 +01:00
Franco Fichtner
c1d2d18a72 wireguard: fix copy and paste refactor 2024-02-09 10:09:32 +01:00
Franco Fichtner
0d7d48eb17 wireguard: improve previous 
Since route add with subnet will revert to a strict subnet route
two separate entries 192.168.1.1/24 and 192.168.1.2/24 will both
be added as 192.168.1.0/24 and produce the same error.

Normalize here as well and get rid of the duplicates.  It should
also fix IPv6 compression mismatches.
 2024-02-09 09:59:12 +01:00
Ad Schellevis
56e5f99390 VPN: IPsec: Connections - allow % to support %any in id's. closes https://github.com/opnsense/core/issues/7220 2024-02-09 09:01:13 +01:00
Ad Schellevis
c8adc29212 ui / tokenizer - One minor annoyance of tokenizers is that it's impossible to edit the separate tokens. 
This commit adds a button to switching the items into a textarea and back which eases edits in these cases.
(only aavailable when new items are allowed in the form)
 2024-02-08 21:21:12 +01:00
Franco Fichtner
77fba066bd wireguard: skip attached instance address routes 
These are automatically created by ifconfig alias command above
and cause the (spurious) route add -q log messages.  Functionally
nothing changes because route add declined to add the routes
already.
 2024-02-08 19:57:24 +01:00
Franco Fichtner
84e96a53da src: style sweep 2024-02-08 19:57:05 +01:00
Franco Fichtner
7413ca696d wireguard: improve previous 
wg_start() can detect if the interface was removed, which is
ensured during 'restart' and a fresh 'configure'.  The device
could have been created from wireguard_prepare() in the plugin
code but that should normally be used by interfaces_configure()
which also configures the interface correctly (same as the
interfaces_restart_by_device() call).

We only reload the routing in such cases now either as in the
other case the routes should have been placed and remain.
 2024-02-08 19:27:54 +01:00
Franco Fichtner
b8665c9da0 wireguard: if instances are assigned as interfaces we need to reload them 2024-02-08 17:13:32 +01:00
Ad Schellevis
33894fc6a7 diagnostics/log - add colon [:] to acceptable query characters, closes https://github.com/opnsense/core/issues/7215 2024-02-08 12:36:35 +01:00
Ad Schellevis
20e9bdc459 Services: Kea DHCP: Leases DHCPv4 - gather missing leases by implementing the lease storage as documented in https://github.com/isc-projects/kea/blob/ef1f878f5272d/src/lib/dhcpsrv/memfile_lease_mgr.h#L1039-L1051 
The lfc process is responsible for lease cleanup, but apparantly uses multiple files to get the full picture, which unfortunately wasn't very clear from the upstream documentation (https://kea.readthedocs.io/en/latest/arm/lfc.html + https://kea.readthedocs.io/en/kea-2.0.2/arm/dhcp4-srv.html#memfile-basic-storage-for-leases). The wiki does offer a design document for lfc (https://gitlab.isc.org/isc-projects/kea/-/wikis/designs/Lease-File-Cleanup-design#file-names) which hints about multiple files, but also seem to be less explicit about where the active leases land, the source seem to be more clear in this case.

closes https://github.com/opnsense/core/issues/7204
 2024-02-08 11:27:35 +01:00
Ad Schellevis
ce8b3c878f VPN: WireGuard: Settings - Peer uniqueness should depend on pubkey+endpoint. closes https://github.com/opnsense/core/issues/7213 2024-02-07 18:24:36 +01:00
Ad Schellevis
43c3ca47af ISC DHCP / unbound / dnsmasq - be more explicit of what the feature offers. https://github.com/opnsense/core/issues/7209 2024-02-07 14:00:32 +01:00
Stephan de Wit
d8df599d0d network time: clarify help text for interface selection 
ntpd will also use these interfaces for syncing with a remote
server. Accompanies f85849736d
 2024-02-07 11:04:47 +01:00
Franco Fichtner
b2d6acc23e pkg: finally move back to original package 2024-02-07 09:23:23 +01:00
Ad Schellevis
e48d3f740e mvc - minor modification in for processing for multiselect tokenizers, when style contains "tokenize" as part of a list of styles, copy/paste buttons won't show. Unfortunately volt templates don't support an inline "split" operator, which means we need to embed php code to split the styles. 2024-02-06 19:57:24 +01:00
Ad Schellevis
12001a32f2 System: Access: Users - add issuer and logo to OTP link, for https://github.com/opnsense/core/issues/7126 2024-02-06 18:39:47 +01:00
Ad Schellevis
66fd0e4699 VPN: OpenVPN: Instances - Fix support for /30 p2p/net30 instances, 2758f9f649 only included a partial fix. Although we are able to configure openvpn with small nets, we should follow the same procedure the normal "server" directive would follow (as documented in https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/). 
This means the following configuration directives need to be set:

* mode server
* tls-server
* push "topology XXX" << tell the other end which topology we are using
* ifconfig-pool  start-ip end-ip << a minimal pool containing one address, if we don't push one, openvpn doesn't know the client and will complain about "bad source address from client "
* ifconfig my-ip remote-ip
 2024-02-06 17:45:20 +01:00
Ad Schellevis
78c0e681ca Interfaces: Virtual IPs: Settings - fix Vip.xml subnet/network. see also https://github.com/opnsense/core/issues/7041 2024-02-06 09:46:19 +01:00
Ad Schellevis
efae7a5fd9 VPN: OpenVPN: Servers - cso_login_matching ignored during authentication, closes https://github.com/opnsense/core/issues/7199 2024-02-05 18:02:32 +01:00
Ad Schellevis
630ab193b6 Firewall: Settings: Normalization - change default traffic normalization behavior and choose "in" as standard direction for manual rules. closes https://github.com/opnsense/core/issues/7203 2024-02-05 15:27:03 +01:00
Franco Fichtner
c7d6f53797 interfaces: need this now #7202 2024-02-04 18:23:56 +01:00
Franco Fichtner
f1fbf811b2 interfaces: stop caching IPv6 address to decide if reload is required or not #7202 
The metric is flawed, because there could be a prefix or not, it could shift
or the user specified a client setting the server did not accept.

This is an experimental change that will stay on the development version for
a while.
 2024-02-04 18:06:38 +01:00
Ad Schellevis
0ab7a966b0 VPN: OpenVPN: Instances - add "various_push_flags" field for simple boolean server push options, while here also change output order a bit (so push rules are not at the top of the file, which is a bit easier on the eyes). closes https://github.com/opnsense/core/issues/7196 2024-02-04 15:07:55 +01:00
Stephan de Wit
ce87c2f68c intrusion detection: behaviour change in suricata 7 [3] 
Along with midstream-policy causing issues,
livedev.use-for-tracking=true breaks IPS so disable it here.
ref: https://redmine.openinfosecfoundation.org/issues/6726
 2024-02-02 15:31:48 +01:00
Franco Fichtner
c965e8d3f0 dhcp: set RemoveAdvOnExit to off in CARP mode #7194 2024-02-02 11:25:40 +01:00
Stephan de Wit
0168141566 dashboard: widgets: bring back interface statistics update interval 2024-02-01 17:09:55 +01:00
Ad Schellevis
b1685d8e46 Services: Kea DHCP [new]: Kea DHCPv4 - add optional automatic firewall rules for dhcpv4 access. closes https://github.com/opnsense/core/issues/7188 2024-02-01 14:05:12 +01:00
Ad Schellevis
46e0bc67bb VPN: WireGuard: Settings / Instances - allow instances to start their id at 0. closes https://github.com/opnsense/core/issues/7192 2024-02-01 09:27:14 +01:00
Franco Fichtner
c34427999b system: add a trust template reload hook in the... well.. trust function :) 2024-02-01 08:57:40 +01:00
Franco Fichtner
e68e7959ed pkg: fix plist 2024-02-01 08:55:23 +01:00
Ad Schellevis
d8ba131aad System/Trust - enable openssl legacy provider by default. closes https://github.com/opnsense/core/issues/7184 
Since exising gdrive backups are in legacy mode, these can only be parsed when legacy is enabled.
For more information about openssl_pkcs12_read() and used configuration, see https://www.php.net/manual/en/function.openssl-pkcs12-read.php

In order for this to work, one need to generate the template (handled on bootup https://github.com/opnsense/core/blob/master/src/etc/rc.syshook.d/early/15-templates) and restart the webgui.

To validate in a console if legacy mode is available, use the command below:

Providers:
  default
    name: OpenSSL Default Provider
    version: 3.0.12
    status: active
  legacy
    name: OpenSSL Legacy Provider
    version: 3.0.12
    status: active
 2024-01-31 18:12:02 +01:00
Ad Schellevis
7e994cab29 xmlrpc sync, on nat sync, all items in the OPNsense container are transfered. regression in 6ab8f8cf2d closes https://github.com/opnsense/core/issues/7173 2024-01-31 17:47:21 +01:00
Franco Fichtner
157a2d9f03 src: spurious whitespace (the other one is for the templating) 2024-01-31 15:43:15 +01:00
Franco Fichtner
fccaa2e548 pkg: avoid the problematic "suricata" package for now 2024-01-31 12:13:06 +01:00
Franco Fichtner
f28786db4a firmware: adjust wording 2024-01-31 11:23:29 +01:00
Ad Schellevis
4a5193900c Services: Kea DHCP [new]: Kea DHCPv4 - omit comma when control agent is disabled. should fix https://github.com/opnsense/core/issues/7183 2024-01-31 10:41:57 +01:00
Ad Schellevis
5667764034 Reporting: Unbound DNS - Omit export duckdb when stats are disabled. closes https://github.com/opnsense/core/issues/7149 2024-01-31 10:12:51 +01:00
Franco Fichtner
0c731017ad firmware: now at 24.7 development track 2024-01-31 07:58:32 +01:00
Ad Schellevis
0d676c7bf6 intrusion detection: behaviour change in suricata 7 [2] 2024-01-30 21:41:27 +01:00
Franco Fichtner
f5ae0c8448 intrusion detection: behaviour change in suricata 7 2024-01-30 21:26:06 +01:00
Franco Fichtner
890ca6435e firmware: fix a glitch taining the upgrade log while installing squid 
Only callers of -u are changelog.sh and install.sh but changelog.sh
doesn't even support LOCKFILE so do a mininal fix.
 2024-01-30 13:31:47 +01:00
Stephan de Wit
681006cd39 interfaces: overview: align buttons and remove assignment option 2024-01-29 09:18:30 +01:00
Ad Schellevis
6533aa951b Firewall: Aliases - align geoip file check with documentation, closes https://github.com/opnsense/core/issues/7174 2024-01-28 19:49:57 +01:00
Stephan de Wit
c17bc785e8 interfaces: overview: small usability improvements 
- include VLAN (or QinQ) tag in main grid for easy sorting, tooltip will show parent device as well
- present table structure for data nested 1 level deeper in details overview
- include links to either the interface settings or firewall rules pages
 2024-01-28 16:52:14 +01:00
Franco Fichtner
54d98085c2 system: do not fail on CMD_BANNER error; closes #7171 2024-01-26 14:16:13 +01:00
Franco Fichtner
73c12179eb firmware: almost time for 24.1 2024-01-26 10:02:16 +01:00
Franco Fichtner
83b7cd7213 src: style sweep 2024-01-26 09:37:26 +01:00
Ad Schellevis
9f8a23a1da configd - optimise stream_handler to exit and kill running process when there's no listener attached. While here cleanup some left over print statements introduced in 86c1087dd6 2024-01-25 20:30:08 +01:00