In case addresses are removed and reapplied the routes are gone
and other related interface configuration is missing. In these
cases do a full recycle even though the address did not change
visibly (which is good that we can detect it).
Also address the "miss" of the cached address clean now that we
know DHCP should not force-update us into a missing address
scenario during a renew.
PR: https://github.com/opnsense/core/issues/6338
As lighthttpd's changelog (https://www.lighttpd.net/2023/1/3/1.4.68/) notes the module is deprecated and can be replaced by mod_magnet with lua script.
Since the firewall offers rate limitting as core feature, we might as well remove the fixed (hard) limit in CP and point people to the firewall rules if needed.
There is a log message "2023-02-12T14:33:48 Warning ntpd restrict: 'monitor' cannot be disabled while 'limited' is enabled" ever so often when rate limiting is enabled. Disabling rate limiting is not advisable and even then, there will be another warning because certain combinations of rate limiting and kiss-of-death are chosen. ntpd options should probably be overhauled anyway.
However, according to the referenced https://www.cisa.gov/uscert/ics/advisories/ICSA-14-051-04, this issue has been fixed long ago. The current version 4.2.8 of ntpd is not longer vulnerable to this, such that "disable monitor" is no longer neccessary.
Although we do silently ignore the issue now, most callers likely are sending null when trapping into this issue and the user should receive an empty grid anyway in these cases.
```
/usr/local/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php:60: array_keys(): Argument #1 ($array) must be of type array, null given
```
This initial commit focusses on structuring the event flow around user and client registration, moving events to our new ovpn_event.py handler.
By supporting both deferred and direct authentication in user_pass_verify.php, we should be able to start with a cleanup patch for OpenVPN 2.5.x and work our way up to
a smaller fix for 2.6.x.
In preperation for 2.6, this commit also moves --cipher to --data-ciphers-fallback as suggested by the warning "DEPRECATED OPTION: --cipher set to '' but missing in --data-ciphers". Rename the option in the gui while there and add a note in the help text.
Reported for DHCP in #5493 consider that all connectivity modes
that create a router file to be eligable for this only. VIPs
do overcomplicate this but that is also where the gateway has
to be explicit instead of being provided at a later time, which
makes the validations fail which is why we end up here.
Also move the current route check to avoid some work. The check
is not 100% when flipping the far behaviour but doing less work
and keeping the current behaviour is fine.
