Looking for things that could go wrong with root.key in Unbound
this could be one of those. Still, at this point we may not have
received DNS servers from the ISP since these are registered much
later (10-newwanip).
Great opportunity to ditch prefer_ipv4_or_ipv6() since we need it
for resolving which we set up alongside and in the right spot.
Not sure about nameserver.sh name and scope yet so try to
hide it under a link. We can always change the name later
although having .sh suffix helps us lint the script more easily.
Historically both make sense but nothing calls configd_ctl.py
directly anymore so we can either leave it at that or merge
the code and behaviour into configctl. (Or better yet set a
symlink to configctl).
Also now we can grep for "interfaces_vlan_configure" to see both
and "interfaces" is the actual prefix to be used from interfaces.inc.
Later we should try to avoid calling "_" prefix functions from code
not in interfaces.inc.
Cite the manual page on the MTU requirement of (additional) interfaces.
This isn't the first time we add to a bridge since we make sure that
both interfaces exist which can only happen at the end of the boot sequence.
Speed up the reading of ifconfig values by only obtaining it once.
According to history at one point around 2011 FreeBSD removed
a special feature from GIF being able to attach to a bridge
with a lower MTU but althoug those times are long gone and
efforts to retain a patch in project history have made this
silly code stick around for over a decade when the better half
of this decade this didn't work and also nobody reported it.
* Interfaces: Other Types: VLAN - Add stacked VLAN support (IEEE 802.1ad / QinQ) for https://github.com/opnsense/core/issues/5560
This commit adds QinQ to the new VLAN MVC implementation.
o Implement new interface nameing, vlan_XXX for vlans and qinq_XXX for QinQ interfaces, to keep the names static its much easier to cope with changes.
o For backwards compatibilty keep existing interface naming for old entries.
o interfaces_vlan_configure() is only called during bootup and should enforce proper ordering in device creation (vlans first stacked later)
o interface_vlan_configure() remove pcp tricker around 0 as the model will enforce zero's anyway
o lock vlan when being used in QinQ interfaces
We can now safely check packages kernel and base set version from
opnsense-update. The basic idea is still that a packages set marker
is included now so we can refrain from updating packages once we
are crossing over a major version barrier using said packages set.
Change the ping to size 1500 to emulate a typical download
scenario. Sometimes small pings will respond but not the
larger fetch.
Secondly, do a separate IPv4 and IPv6 update of the repository
depending on whether we got a corresponding address from the
host. It should clear up the question if IPv4 or IPv6 or both
is broken/defunct/disabled.
Although in theory this might remove manual added files, we don't officially support manual overwrites here and expect the user to add certificates in our store.
While here cleanup a bit of ipsec_configure_do() for readability
Routes only get added in system_resolvconf_generate() now where
the DNS override is properly checked. The nameservers are added
through the new script for convenience and removed from there as
well. As a bonus we still scrub the routes from the nameserver
file removal to avoid creating "state" about what was done elsewhere.
This is still subject to a lot of funky races for overlapping host
routes either by ISP, manual DNS, gateway monitors or static routes.
We removed other console mute situations and we might as well also
remove the one that is during early boot for the simple fact that
it's probably going to be unmuted anyway.
ovpns1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
description: OpenVPN
options=80000<LINKSTATE>
inet 10.0.8.1 --> 10.0.8.2 netmask 0xffffff00
Calculation using 10.0.8.1/24 will result in 10.0.8.1, but should have been 10.0.8.2
This patch seems to add the least amount of magic, if the correct gateway would be captured in the environment variables that would be preferable, unfortunately that doesn't seem to be the case.
Example environment output:
xormask_1=
daemon_start_time=1645634011
daemon_pid=569
tun_mtu=1500
proto_1=udp4
daemon=1
dev_type=tun
script_context=init
PWD=/usr/local/www
xormasklen_1=0
daemon_log_redirect=0
ifconfig_local=10.0.8.1
local_port_1=1194
dev=ovpns1
link_mtu=1621
remote_port_1=1194
script_type=up
ifconfig_netmask=255.255.255.0
xormethod_1=0
config=/var/etc/openvpn/server1.conf
verb=3
o HostWildcardAllowed - allow the use of "*" (any host)
o FqdnWildcardAllowed - allow the use of wilcard fqdn's (*.my.top.level)
o ZoneRootAllowed - allow the use of "@" (zone root)
o wrap vlan set pcp in new function legacy_vlan_pcp()
o add legacy_vlan_remove_tag() to detach our vlan
o use legacy_vlan_remove_tag() + legacy_vlan_tag() to update vlan interfaces, in which case configuration remains as it was which would make future modifications which don't rely on "logical" names easier.
