* wizard: reimplement system setup, for https://github.com/opnsense/core/issues/8352
This commit implements our replacement for the setup wizard. The questions are roughly the same as in the legacy version.
Some less relevant options have been removed (pppoe ondemand for example) and isc-dhcpd has been replaced with dnsmasq.
Only standard tools have been used, a memory model to validate the data and simple input forms in tabs.
The in memory model acts as a wrapper around a legacy configuration data and a couple of component models to apply the requested settings.
Some legacy settings using isset() have been altered to use their empty() equivalent.
* wizard: as we're changing to dnsmasq as default, we need to make sure the console setup configures the same (https://github.com/opnsense/core/issues/8352)
Fix some small php arnings in the process, but further than that just rewrite the dhcpd console handling to use dnsmasq instead of isc.
Eventually we will need to rewrite the console tools as well, but let's try to keep this compatible with minimal impact.
* wizard: change other occurrences of isset($config['dnsallowoverride']) for https://github.com/opnsense/core/issues/8352
* wizard: sort listtags() and some other minor review comments for https://github.com/opnsense/core/issues/8352
* System: Trust: Settings - add boilerplate and move existing store_intermediate_certs setting to new module including migration
* System: Trust: Settings - add configuration constraints and glue to flush CRL's to local trust store when requested.
This implements the following options:
* Enable/Disable legacy providers (enabled by default, which is the current default)
* Option to write specific configuration constraints, when enabled, CipherString, Ciphersuites and MinProtocol[DTS] can be configured
One last piece of the puzzle is the "crl" event action, which should deploy to the local trust store as well ehen requested.
* Update src/opnsense/mvc/app/models/OPNsense/Core/Menu/Menu.xml
Co-authored-by: Franco Fichtner <franco@opnsense.org>
* System: Trust: Settings - process review comments https://github.com/opnsense/core/pull/7854
* System: Trust: Settings - flush CRL's when "Store CRL's" is selected
---------
Co-authored-by: Franco Fichtner <franco@opnsense.org>
The rest of the system knows to use "opnsense" already. The page
throws the warning here but instead of hardcoding the theme name
just give it an empty string so the first one is selected even
though it might not be the right one. Hardcoding this doesn't
feel right...
Replace a few easy spots. Eventually we want to call both
functions for each spot instead of doing both (in switching order)
or only one of them. They are both cheap operations since they
don't (re)start DNS processes any longer.
* Don't suggest using unreserved top-level domains.
* Use the reserved example.com|net domains for other examples.
* Encourage adoption of the special-purpose internal/site home.arpa (RFC 8375) domain.
Looking for things that could go wrong with root.key in Unbound
this could be one of those. Still, at this point we may not have
received DNS servers from the ISP since these are registered much
later (10-newwanip).
Great opportunity to ditch prefer_ipv4_or_ipv6() since we need it
for resolving which we set up alongside and in the right spot.
When someone adds an intermediate certificate into the trust store leading either into a missing or expired root, other paths aren't being evaluated anymore, leading into verification errors.
In case someone would like to enforce saving the intermediates, System->Settings->General introduces a new trust section to revert back to the old behaviour.
Not the perfect spot either as this is for gateway groups
now but still better than firewall and actually the original
spot where the setting could be found.
* As discussed a long time ago stop mentioning "DNS Forwarder"
* Remove strong tags from Dnsmasq form
* DNSSEC option, off by default
* Some GUI elements flattened
* Advanced button tweaks
Tested using: http://en.conn.internet.nl/connection/
Use original element (<div>/<small>) with "data-for" attribute.
The old jquery "for" attribute selectors can be removed once conversion to "data-for" attribute is complete (including plugins).
The old jquery selectors to remove once conversion is complete.
opnsense_ui.js & head.inc
$("*[for='" + $(this).attr('id') + "']")....
$('[for*="help_for"]')....
