lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-18 02:25:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
14,964 Commits 1 Branch 0 Tags
Commit Graph

13710 Commits

Author SHA1 Message Date
Franco Fichtner
842cc577a0 interfaces: flatten IPv4 renewal like IPv6 
Go the extra mile now that we know we reached the bottom of the
barrel with reload functionality.  The new guard is already working
so we can unconditionally run the second half as we already do in
IPv6 variant.
 2023-02-23 12:52:26 +01:00
Franco Fichtner
0a1d59b507 interfaces; IPv6 adjustments to match IPv4 version 2023-02-23 12:51:09 +01:00
Ad Schellevis
bb1aa66802 VPN/OpenVPN - add ovpn_status.py script and configd action to fetch connected clients, refactor legacy backend code while here (https://github.com/opnsense/core/issues/6312) 
Eventually the old gui code should be replaced as well, but this is an easy to release step in between offering nearly the same output (p2p's presentation is aligned with server in stead of client) with code we are able to reuse for the openvpn aliases.
 2023-02-23 11:09:06 +01:00
Franco Fichtner
a37a922ade ipsec: style change 2023-02-23 10:03:54 +01:00
Ad Schellevis
c8bcac1a85 theme: looks like a typo, wrong color selector used 2023-02-23 09:59:51 +01:00
Ad Schellevis
6d2c6502b5 theme - fix DEPRECATION WARNING: The selector "> li:last-child > a" is invalid CSS. 2023-02-23 09:58:51 +01:00
Ad Schellevis
15fbd36792 VPN/IPsec - reqid shouldn't be provided on mobile sessions. closes https://github.com/opnsense/core/issues/6352 
(same as 9be878390a but only for isolated mode)
 2023-02-23 09:40:51 +01:00
Ad Schellevis
9be878390a VPN/IPsec - reqid shouldn't be provided on mobile sessions. looks like we reintroduced this one https://github.com/opnsense/core/issues/4757 2023-02-22 17:13:20 +01:00
Franco Fichtner
6f3ca2d172 wizard: mismatch 2023-02-22 11:28:33 +01:00
Franco Fichtner
0192217554 wizard: value "on" seems strange, switch to "1" 
Even though this might break we shouldn't have a toggle
failing because "on" value is expected.
 2023-02-22 11:17:43 +01:00
Franco Fichtner
a9ac5db3de wizard: unbound setting moved 
May need adjustments but committed for testing.

PR: https://forum.opnsense.org/index.php?topic=32612.0
 2023-02-22 11:03:05 +01:00
Franco Fichtner
5f29e2cf86 interfaces: missed this 2023-02-22 10:21:13 +01:00
Christian
e1aca6af23
Added permanent include statement for custom Monit files (#6346) 2023-02-22 09:37:23 +01:00
Ad Schellevis
675c1b8fda VPN/OpenVPN/Client Export - rename "cipher" to "data-ciphers-fallback" to align with changes in https://github.com/opnsense/core/issues/6293 2023-02-21 15:43:42 +01:00
Ad Schellevis
e7007a42a2 VPN/OpenVPN/Client Export - fix openssl_pkcs12_export(): Passing null to parameter #4 ($passphrase) of type string is deprecated 2023-02-21 15:39:41 +01:00
Franco Fichtner
bf97cdfc87 interfaces: remove this workaround now that we force when applicable 2023-02-21 12:36:15 +01:00
Franco Fichtner
8caf1408c5 interfaces: style and typo 2023-02-21 12:36:15 +01:00
Franco Fichtner
58ffdc1684 interfaces: force renew for IPv6 2023-02-21 12:36:15 +01:00
Franco Fichtner
e420cc4aa7 interfaces: restrict route handing to address family when applicable 2023-02-21 12:36:15 +01:00
Franco Fichtner
4950460715 interfaces: force newip calls through DHCP/PPP/OVPN on IPv4 
In case addresses are removed and reapplied the routes are gone
and other related interface configuration is missing.  In these
cases do a full recycle even though the address did not change
visibly (which is good that we can detect it).

Also address the "miss" of the cached address clean now that we
know DHCP should not force-update us into a missing address
scenario during a renew.

PR: https://github.com/opnsense/core/issues/6338
 2023-02-21 10:50:43 +01:00
kulikov-a
5d77a44ccf
unbound: fix typo in logger. create a pipe early in dnsbl_module.py (#6340) 2023-02-20 10:13:46 +01:00
Franco Fichtner
674ddc0d21 src: style sweep 2023-02-17 08:44:00 +01:00
Dr. Uwe Meyer-Gruhl
95fc53a1d0
dnsmasq: Create three more optional parameters (#6333) 
Add dns_forward_max, cache_size and local_ttl to dnsmasq configuration
 2023-02-17 08:38:28 +01:00
kulikov-a
7ebe361340
unbound: wait for a pipe a bit (#6331) 2023-02-16 15:13:05 +01:00
Ad Schellevis
8cb5ec0e38 Services: Captive Portal: Administration - retire mod_evasion (https://github.com/opnsense/core/issues/6332) 
As lighthttpd's changelog (https://www.lighttpd.net/2023/1/3/1.4.68/) notes the module is deprecated and can be replaced by mod_magnet with lua script.
Since the firewall offers rate limitting as core feature, we might as well remove the fixed (hard) limit in CP and point people to the firewall rules if needed.
 2023-02-16 13:41:14 +01:00
Dr. Uwe Meyer-Gruhl
5c1d17f589
ntpd.conf: Remove "disable monitor" to get rid of log warnings (#6323) 
There is a log message "2023-02-12T14:33:48	Warning	ntpd	restrict: 'monitor' cannot be disabled while 'limited' is enabled" ever so often when rate limiting is enabled. Disabling rate limiting is not advisable and even then, there will be another warning because certain combinations of rate limiting and kiss-of-death are chosen. ntpd options should probably be overhauled anyway.

However, according to the referenced https://www.cisa.gov/uscert/ics/advisories/ICSA-14-051-04, this issue has been fixed long ago. The current version 4.2.8 of ntpd is not longer vulnerable to this, such that "disable monitor" is no longer neccessary.
 2023-02-16 13:38:57 +01:00
Ad Schellevis
2411126812 VPN: IPsec: Connections - Validate pool names, closes https://github.com/opnsense/core/issues/6328 2023-02-15 19:18:59 +01:00
Stephan de Wit
4f02754dfc MVC / CSVListField: add MaskPerItem toggle to allow regex validation per CSV 2023-02-13 17:00:11 +01:00
Franco Fichtner
e08a49332a interfaces: sync up these changes 
Better push 'none' than '' down the code, it is more concise for debugging.
 2023-02-13 09:02:33 +01:00
Ad Schellevis
54693d9153 php8.x - fixed an init too much here 2023-02-13 08:55:09 +01:00
Franco Fichtner
c638b25bce ipsec: fix eap_id placement for eap-mschapv2 
PR: https://forum.opnsense.org/index.php?topic=32440.0
 2023-02-13 07:40:26 +01:00
Ad Schellevis
08fb2ea495 php8.x - fix some deprecation / array key warnings 2023-02-12 20:12:35 +01:00
Ad Schellevis
a9ecea3dcd php8.x - fix some deprecation warnings 2023-02-12 19:12:30 +01:00
Ad Schellevis
9d5e1edb95 VPN: IPsec: Connections - missing remapping pool uuid to name, closes https://github.com/opnsense/core/issues/6324 2023-02-12 18:48:46 +01:00
Ad Schellevis
991f27ee94 Services: Intrusion Detection: Policy - properly reset metdata response when no metadata is found. closes https://github.com/opnsense/core/issues/6322 2023-02-12 14:35:21 +01:00
Ad Schellevis
9a0bc2e79b Interfaces/Virtual IPs/Settings - allow vhid reusage as it was before 23.1. closes https://github.com/opnsense/core/issues/6318 2023-02-10 16:17:56 +01:00
Stephan de Wit
35090ecee1 unbound: missing global, cache is never flushed when enabled 2023-02-10 10:08:56 +01:00
Franco Fichtner
53fefd47a3 openvpn: style sweep 2023-02-10 10:08:09 +01:00
Ad Schellevis
c0a6d22e58 VPN: IPsec: Pre-Shared Keys - faulty unique constraint. closes https://github.com/opnsense/core/issues/6316 2023-02-09 21:29:25 +01:00
Ad Schellevis
89da198d62 VPN/OpenVPN/Servers - when using auth_control_file, success seems to be '1' according to the source (documentation doesn't seem to be explicit about this) 
reference : ccf9d57249/src/openvpn/ssl_verify.c (L1079-L1082)
 2023-02-09 16:21:32 +01:00
Ad Schellevis
69e424acec boot: offer template generation max 10 seconds to wait for configd socket, for some reason it still fails on some platforms (not yet available) 2023-02-09 14:54:22 +01:00
Ad Schellevis
6d33df1bb9 Interfaces: Other Types: VLAN - missing a config lock on delete, preventing multiple delete to function properly 2023-02-09 13:21:24 +01:00
Ad Schellevis
63bac3c6ca MVC/ApiControllerBase - cleanse $record input in searchRecordsetBase before usage, older php versions allowed to send null, which will crash out on later versions. 
Although we do silently ignore the issue now, most callers likely are sending null when trapping into this issue and the user should receive an empty grid anyway in these cases.

```
/usr/local/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php:60: array_keys(): Argument #1 ($array) must be of type array, null given
```
 2023-02-09 10:49:11 +01:00
Franco Fichtner
7609985e69 ipsec: some style and reduce indent since disable if returns anyway 2023-02-09 09:50:41 +01:00
Franco Fichtner
b73e5dd641 system: protect against more scripts on bootup 
All of these could trigger routing or filter reconfiguration (in turn
also routing).
 2023-02-09 09:39:05 +01:00
Franco Fichtner
f8a9e5b990 openvpn: minor adjustments 2023-02-09 08:22:10 +01:00
Franco Fichtner
0dfa6c44af ipsec: oops for #6309 2023-02-08 17:14:26 +01:00
Franco Fichtner
a9dcd3f825 ipsec: migrate duplicated cron job; closes #6309 2023-02-08 17:11:15 +01:00
Franco Fichtner
748b46b393 system: bring ZFS to front of cron job description 2023-02-08 16:28:07 +01:00
Franco Fichtner
d017169a7e system: configctl plugins configure %s %s is too broad and unused 2023-02-08 16:16:09 +01:00