This commit adds a button to switching the items into a textarea and back which eases edits in these cases.
(only aavailable when new items are allowed in the form)
These are automatically created by ifconfig alias command above
and cause the (spurious) route add -q log messages. Functionally
nothing changes because route add declined to add the routes
already.
wg_start() can detect if the interface was removed, which is
ensured during 'restart' and a fresh 'configure'. The device
could have been created from wireguard_prepare() in the plugin
code but that should normally be used by interfaces_configure()
which also configures the interface correctly (same as the
interfaces_restart_by_device() call).
We only reload the routing in such cases now either as in the
other case the routes should have been placed and remain.
This means the following configuration directives need to be set:
* mode server
* tls-server
* push "topology XXX" << tell the other end which topology we are using
* ifconfig-pool start-ip end-ip << a minimal pool containing one address, if we don't push one, openvpn doesn't know the client and will complain about "bad source address from client "
* ifconfig my-ip remote-ip
The metric is flawed, because there could be a prefix or not, it could shift
or the user specified a client setting the server did not accept.
This is an experimental change that will stay on the development version for
a while.
Since exising gdrive backups are in legacy mode, these can only be parsed when legacy is enabled.
For more information about openssl_pkcs12_read() and used configuration, see https://www.php.net/manual/en/function.openssl-pkcs12-read.php
In order for this to work, one need to generate the template (handled on bootup https://github.com/opnsense/core/blob/master/src/etc/rc.syshook.d/early/15-templates) and restart the webgui.
To validate in a console if legacy mode is available, use the command below:
Providers:
default
name: OpenSSL Default Provider
version: 3.0.12
status: active
legacy
name: OpenSSL Legacy Provider
version: 3.0.12
status: active
- include VLAN (or QinQ) tag in main grid for easy sorting, tooltip will show parent device as well
- present table structure for data nested 1 level deeper in details overview
- include links to either the interface settings or firewall rules pages
The combination of preserve logs and max file size help to guard the boundaries of the log storage being used, an archive action is already being performed hourly, which should be enough in normal situations (although that would be easy to change if needed).
In order to make room for the new additional files per day, we add a sequence to the file, for example the first rotate of a filter log exceeding its limit named /var/log/filter/filter_20231204.log would be moved to /var/log/filter/filter_20231204.0001.log . The syslog-ng reload handles the flush to a new file, which automatically would result in a new filter_20231204.log file after rotate.
Any AEAD algorithm selected for the IKE proposal requires a PRF function.
Internally strongSwan will prepend the selected hash algorithm with 'prf'.
Children do not require a hash algorithm to be selected, so the common
options are listed without one.
One of the main reasons of this function used to be writing
/boot/loader.conf so make sure it does that before going into
something else. There is still account info writing but to
some degree rendering accounts before changing ttys appears to
be favourable.
