This requires to set up the VLAN priority field of the
DHCPv4 settings as well as removing the vlan-pcp option
which is redundant now. This way we have a simpler
approach to finding the correct value while not borrowing
from IPv6 or parsing the advanced options for vlan-pcp.
Leaving the old vlan-pcp in place should not matter.
The last value is ours and this one should be used.
PR: https://forum.opnsense.org/index.php?topic=33376.0
Some small fixes to prevent referer magic to determine he dot endpoint (searchDotAction, getDotAction, ...), since __call() will only be triggered for non existing endpoints (https://www.php.net/manual/en/language.oop5.overloading.php#object.call), we need to set the default to the methods that do exist. Next we can filter and change the target accordingly. The volt template should figure out where it lives, we could have passed this in the ui controller as well, but as these are only two templates and a single page, javascript will do.
o add new mvc module
o migrate existing data
o add getOverwrite() in OpenVPN model to retrieve data structured as legacy data to make this an easy drop-in
Since "strongswan.conf" applies to both type of tunnels, make sure we can configure some shared settings for both options here (tunnels/connections). Eventually more settings might move out of the "IKE Extension" block, but for now it should be enough to isolate Xauth. The impact of configuring xauth when not being used is likely small, so when connections are used we always provide xauth-pam settings (the connection determines if it's actually used).
Removed the "is mobile" enabled in Auth/Services/IPsec.php, when only legacy is used, the behaviour should be the same (as xauth-pam isn't configured).
note that the header styling affects the plugins repo, but does not affect functionality. The original <h2> did not space and center the text correctly, so some more fluff was needed here.
Although I couldn't reproduce the exact same issue, if some values are empty ('') and some are null (None), weird things might happen. This commit makes sure there is a field delimiter, which logically shouldn't exist in the datastream itself and prevent null values being presented as "None".
Add connection child as option for manual SPDs, to make sure these are easily selectable we'll extend ModelRelationField to include a method to return it's value (so we can combine parent descriptions)
in cases where e.g. an internet connection is down, a reply will not be present should unbounds' iterator module return.
normally we marked this as a SERVFAIL, but Unbound already does this for us in the servfail callback.
This means entries were logged twice, once with a "Pass, Recursion, servfail", another one with "Drop, Local, servfail".
This is ambiguous and would skew the relevant statistics.
minor modifications for e08a96c6cd
[*] separate logger.stats_enabled and rrset handling so cnames are also resolved when logging is disabled
[*] set MODULE_FINISHED as default exit state, toggle to MODULE_ERROR when needed
[*] simplify logic a bit in operate()
There can be multiple CNAMEs in a RRset, so iterate the chain and check every fqdn. If one is encountered in any iteration that matches one in the blocklists, unconditionally block it.
