- remove unbound registration if lease expires (previously this was only written to disk, not supplied to unbound-control)
- when leases change, remove old fqdn's using unbound-control, this should mimic the current output in dhcpleases.conf more closely (if a manual registration was already there, it will be overwitten)
- log when entries are removed, eventually it might be better to lower the level a bit, but informal seems like a good starting point for now.
- switch to argparse for handling parameters
This commit deals with mobile IPsec web UI. The changes include:
- define and copy fileds related to IPv6 configuration (match changes made in ipsec.inc) - L39 and L144;
- set the default value for IPv6 netbits to 64 - L51;
- adjust PHP form validation to match IPv6 controls - L104-105;
- adjust JS magic to match IPv6 controls - L197 and L216-226;
- adjust text related to IPv4 pool configuration (added 'IPv4' word to make it look consistent) - L406-425 and L101;
- create a new row with a check box, an input box and a drop-down box for IPv6 pool configuration - L426-445.
This commit deals with ipsec.conf file drafting. In terms of mobile clients option 'rightsourceip' now may be:
1) empty if no pools are configured;
2) %pool_address%/%pool_netbits% for an IPv4 only option;
3) %pool_address_v6%/%pool_netbits_v6% for an IPv6 only option;
4) %pool_address%/%pool_netbits%,%pool_address_v6%/%pool_netbits_v6% for a dual stack option.
Registrations of static mappings do not always use the system domain. The domains configured for individual static mappings or for the DHCP servers always had higher priority. Static mapping registrations work for both DHCPv6 and DHCPv4, dynamic lease registrations only for DHCPv4.
Registrations of static mappings do not always use the system domain. The domains configured for individual static mappings or for the DHCP servers always had higher priority. Static mapping registrations work for both DHCPv6 and DHCPv4, dynamic lease registrations only for DHCPv4.
'domain' was replaced by 'domainsearchlist' in #3824 because 'domain' is not used by dhcpdv6. But it is used by unbound and dnsmasq for DNS registration of DHCP static mappings. Just set it to the first entry of the domain search list.
'domain' was removed in #3824 because it is not used by dhcpdv6. But it is used by unbound and dnsmasq for DNS registration of DHCP static mappings. Just set it to the first entry of the domain search list.
Always check if voucher is not expired (either
because of never expires or because of expiry
date is in the future) and ensure session timeout
will be the lowest of validity based on the first
usage, the starttime or expiry (if not never expires).
If one of those conditions is not true, reject
authentication.
Fix#3930
For tracking LAN interfaces with manual configuration disabled, some odd radvd configuration choices were made:
MinRtrAdvInterval / MaxRtrAdvInterval were set to very low values (3 / 10) for no apparent reason. Now removed so radvd defaults (200 / 600) will be used.
The DHCPv6 server is enabled and configured with a range6, but the Managed flag was not set. Now set to on.
DeprecatePrefix was only set if the IPv6 configuration type of the tracked WAN interface was SLAAC. Now always set to on.
small improvement when trying to create a new cert for a user, you need to delete the old cert, which is difficult to distinct because both have the same name (validity helps) and the new cert very often needs to use the same ca, set this one as default when requesting a new one.
