With the default PHP settings, there is a 1% chance for the session gc
to trigger upon the start of a session, removing session files with
modification times older than 24 minutes. This can cause sessions to
timeout earlier than indicated by the webgui settings.
This commit offers support for deeper nested commands by simplifying the call flow of configd. Eventually we should try to make the action types more modular, but before doing that it makes sense to cleanup up what we have now first. Remove csconfigparser.py as we should be able to pass "optionxform" without wrapping the class as well.
- The "internally generated" ACL entries have been removed in favor of a wildcard (well, a wildcard and localhost)
- Users can now change the default action used by the wildcard: either allow, deny or refuse.
- The legacy implementation wasn't very strict (you could add an entry without any input), this does at least require a name and at least one network. To facilitate the migration, if the 'name' property was empty, it will be set to 'Unnamed ACL'. Entries without defined networks will be discarded without notice.
This appears to be the last one in Interfaces: Diagnostics, it's a simple and small netcat user interface to check if a remote host+port is accessible.
- eliminate the artificial limit of length and
signs which does not exist in squid
- allow in particular @ to support first.last@mycompany.com as username
- all other characters can be used via URL escaping (i.e. %20 for
spaces) but this also means % must be written as %%
see http://www.squid-cache.org/Doc/config/cache_peer/
Co-authored-by: Bi0T1N <Bi0T1N@users.noreply.github.com>
This requires to set up the VLAN priority field of the
DHCPv4 settings as well as removing the vlan-pcp option
which is redundant now. This way we have a simpler
approach to finding the correct value while not borrowing
from IPv6 or parsing the advanced options for vlan-pcp.
Leaving the old vlan-pcp in place should not matter.
The last value is ours and this one should be used.
PR: https://forum.opnsense.org/index.php?topic=33376.0
Some small fixes to prevent referer magic to determine he dot endpoint (searchDotAction, getDotAction, ...), since __call() will only be triggered for non existing endpoints (https://www.php.net/manual/en/language.oop5.overloading.php#object.call), we need to set the default to the methods that do exist. Next we can filter and change the target accordingly. The volt template should figure out where it lives, we could have passed this in the ui controller as well, but as these are only two templates and a single page, javascript will do.
o add new mvc module
o migrate existing data
o add getOverwrite() in OpenVPN model to retrieve data structured as legacy data to make this an easy drop-in
Since "strongswan.conf" applies to both type of tunnels, make sure we can configure some shared settings for both options here (tunnels/connections). Eventually more settings might move out of the "IKE Extension" block, but for now it should be enough to isolate Xauth. The impact of configuring xauth when not being used is likely small, so when connections are used we always provide xauth-pam settings (the connection determines if it's actually used).
Removed the "is mobile" enabled in Auth/Services/IPsec.php, when only legacy is used, the behaviour should be the same (as xauth-pam isn't configured).
note that the header styling affects the plugins repo, but does not affect functionality. The original <h2> did not space and center the text correctly, so some more fluff was needed here.
