lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 17:14:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,624 Commits 1 Branch 0 Tags
Commit Graph

2858 Commits

Author SHA1 Message Date
Ad Schellevis
07791dcb47 OpenVPN, cleanup tls-verify.php script 2018-04-20 17:06:01 +02:00
Franco Fichtner
d23bc12e45 services: plug blind spots, want to know what failed 2018-04-20 12:41:25 +02:00
Franco Fichtner
eab13ff0fc services: sadly link-local is ok for routing but not transporting 2018-04-20 12:36:54 +02:00
Franco Fichtner
9f4837d11a services: hybrid approach to previous 
Finally, this makes sense and avoids probing already global
addresses...

1. If a private IPv4 or link-local IPv6 we can try to
   use the web test.

2. If anything else just pass it through, it should be
   reachable if configured correctly.
 2018-04-20 10:49:20 +02:00
Franco Fichtner
1547ecce67 services: if ip detection fails don't leak private IPv4 
PR: https://github.com/opnsense/core/issues/2368
 2018-04-20 09:59:24 +02:00
Franco Fichtner
2b9ee69f10 rc: IPv6 is trigger-happy, we only need this once 
The unique file id was used to prevent overwrites from different
interfaces but we can just use the argument in the file so that
everything is rewritten in place causing the renewals to boil down
to one.

See a previous run with a WAN-only setup:

  >>> Invoking start script 'newwanip'
  Reconfiguring IPv4: OK
  Reconfiguring IPv6: OK
  Reconfiguring IPv6: OK
  Reconfiguring IPv6: OK
  Reconfiguring IPv6: OK
  Reconfiguring IPv6: OK
  >>> Invoking start script 'freebsd'

While here, also display the interface for clarity now:

  >>> Invoking start script 'newwanip'
  Reconfiguring IPv4 on em0: OK
  Reconfiguring IPv6 on em0: OK
  >>> Invoking start script 'freebsd'
 2018-04-20 08:18:32 +02:00
Franco Fichtner
9cff964f2c src: style fixes 2018-04-19 19:54:25 +02:00
Franco Fichtner
2c94aa083c openvpn: retain openvpn_ prefix in file 
Way easier to spot where a function belongs to.
 2018-04-17 08:37:50 +02:00
Ad Schellevis
017b00ee9b OpenVPN, cleanups for csc generation. for https://github.com/opnsense/core/issues/2348 
* isolate write_openvpn_csc_conf so we can write out a new one with server and csc settings
* add and use openvpn_fetch_csc_list to return a simple representation for the csc administration currently known for all servers
 2018-04-16 22:15:21 +02:00
Ad Schellevis
f50c9266fd OpenVPN, refactor auth-user script, keeping it functionally the same. preparation for https://github.com/opnsense/core/issues/2348 2018-04-16 18:21:00 +02:00
Ad Schellevis
075a0b7a4a CARP/VIP, remove address requirement for virtual ip's, closes https://github.com/opnsense/core/issues/2358 2018-04-15 15:37:09 +02:00
Franco Fichtner
27a051b577 console: if no VLANs are there we don't have to print nothing 2018-04-13 08:30:48 +02:00
Franco Fichtner
88a6ede3d5 console: consistent language 2018-04-13 08:26:37 +02:00
Franco Fichtner
172b0da6e7 console: spurious newline 2018-04-13 08:24:21 +02:00
Franco Fichtner
af428d38ce console: and another one 2018-04-13 08:11:04 +02:00
Franco Fichtner
f2bacb7df6 console: ignore VLANs even more as we create/recreate them 2018-04-13 08:08:37 +02:00
Franco Fichtner
fa9eceabdb console: a few problems with VLAN assignment 2018-04-13 07:49:14 +02:00
Franco Fichtner
f850748d1d console: reset VLANs as stated; closes #2342 
Regression introduced in 566fe52 a while back.  Checked the commits
and code again so a bit of assorted cleanup attached.  Other spots
in the commits look good.
 2018-04-13 07:31:48 +02:00
Franco Fichtner
4858faafe0 console: make tracking the default for LAN IPv6 2018-04-12 11:52:54 +02:00
Franco Fichtner
0c54c68d26 system: better factory reset 
Shut down as previously mentioned.  It helps with moving the
firewall into a different environment prior to first boot so
that it can auto-adapt / live-boot to that environment.
 2018-04-12 10:41:00 +02:00
Franco Fichtner
a528a9ffeb system: make factory reset a bit more thorough 
Suggested by: Markus Stubbig
 2018-04-12 06:35:53 +00:00
Franco Fichtner
743eaed9bf interfaces: building on previous, GRE had the same issue 
Try to use mwexecf() although for all of this there should be
a more thorough rework.  Not our cleanest code...
 2018-04-10 17:15:10 +00:00
noctarius
a68e1deeb3 Fixed creation of GIF tunnel with an outer IPv6 remote address (remote-addr) 2018-04-10 18:29:04 +02:00
Franco Fichtner
6fb26f989b system: split off monitor reload for upcoming dpinger integration 2018-04-10 08:47:45 +02:00
Franco Fichtner
6c4ee8a945 system: hardcode $keep as suggested previously 2018-04-10 07:33:16 +02:00
Franco Fichtner
434347bb4e interfaces: remove unused $flush argument 2018-04-09 07:26:36 +02:00
Franco Fichtner
5dd172ed16 firewall: rewrite in equal case, otherwise we end up without a limit 2018-04-08 09:53:10 +00:00
Franco Fichtner
fc0c66e87b firewall: auto-increase table size for IPv6 bogons 
While here, kill the $GatewaysList side-effect that is no
longer necessary.

PR: https://forum.opnsense.org/index.php?topic=7194.0
 2018-04-08 09:29:22 +00:00
Ad Schellevis
eaf19276ae ipsec, regression in previous for https://github.com/opnsense/core/issues/2334 2018-04-07 15:43:47 +02:00
Ad Schellevis
28d0816229 ipsec, add phase2 dh groups for https://github.com/opnsense/core/issues/2335 2018-04-07 14:43:14 +02:00
Ad Schellevis
3c3628ca99 ipsec/roadwarrior, keep rightsubnet to default as stated by the docs, see https://github.com/opnsense/core/issues/2334 2018-04-07 14:03:10 +02:00
Franco Fichtner
0a3b5ed342 rc: typo 2018-04-04 12:23:56 +02:00
Franco Fichtner
e49a6176b0 rc: generate and permanently save hostid 
PR: https://forum.opnsense.org/index.php?topic=7787.0
 2018-04-04 06:14:36 +00:00
Franco Fichtner
00c7507be0 system: remove dead link from tunable description; close #2325 2018-04-03 22:58:45 +02:00
Ad Schellevis
8cf31215f5 Fix gateway creation for GRE/GIF tunnels, simplifies https://github.com/opnsense/core/pull/2312 2018-04-02 19:25:13 +02:00
Franco Fichtner
b113dabcbc firmware: bump copyright in previous 2018-04-01 23:28:03 +02:00
Franco Fichtner
b13ca18b37 firmware: reboot indicator for console #2283 2018-04-01 18:40:21 +02:00
Franco Fichtner
027a312ce4 firewall: after review, this reloads the wrong way around 
We need to reload late to catch '0,15,30,45' rules...
 2018-04-01 11:17:48 +02:00
Franco Fichtner
154d75816f unbound: style fix in previous 2018-03-31 11:47:37 +02:00
Eugen Mayer
c4c28ff6b1 add support for wildcard entries in unbound (#2313) 
* add support for wildcard entries in unbound
 2018-03-31 11:31:53 +02:00
Franco Fichtner
0c0a0f121f interfaces: log first 2018-03-30 15:44:55 +02:00
Franco Fichtner
0c4a31f536 interfaces: symmetric logging 2018-03-30 15:42:35 +02:00
marjohn56
f00aeb39de Send HUP to dhcp6c 
Make use of updated dhcp6c clients config re-read.
 2018-03-30 15:40:57 +02:00
Franco Fichtner
7f815541ae core: better description for previous 2018-03-30 11:16:09 +02:00
Franco Fichtner
87663b5c7b netflow: fix previous 2018-03-30 09:09:20 +00:00
Franco Fichtner
3dc1ff68aa netflow: improve handling of offered services 2018-03-30 11:00:22 +02:00
Franco Fichtner
b27e3f9d00 interfaces: small tweaks 
o Do not try to clean up stray config file, it is rewritten either way
  or missed to be deleted during a reconfigure on some other code path.
o Don't stop dhcp6c on save, it stops during interface_bring_down()
 2018-03-29 10:04:06 +02:00
Ad Schellevis
90e8e5fe20 Insight, add netflow data aggregator to service list, helps debugging issues like https://github.com/opnsense/core/issues/2296 2018-03-26 15:43:09 +02:00
Ad Schellevis
23d13aaa74 Proxy, pid isn't an option of service, but because the name matched it looked like it worked (used is_process_running in stead of pid) 2018-03-26 15:41:42 +02:00
Franco Fichtner
700dc954d4 system: small corrections in pfsync peer IP handling 2018-03-24 12:26:40 +01:00