Rename previous "advanced settings" to "mobile & advanced settings" to guide people into the right direction, strongswan.conf contains both sets of data.
Keep legacy page for settings that are only relevant for the old components.
Since our pam authenticator hooks into the configuration, refactor to use the model as well.
Cleanup code in the model that was only used in the legacy glue.
* mvc/view: Ensure fields stay aligned relatively to another when headers are used in forms.
* mvc/view: Add style that forces consistency in smaller viewport sizes in base forms.
* mvc/view: Make classes more selective so the style does not leak when modal-dialog and form-inline exist in the same view (e.g. dnsmasq).
* mvc/view: Ensure the change in base_dialog is backwards compatible when msgzone_width is defined (e.g. in Intrusion Detection)
This commit changes PF.list_tables() to yield both the name of the aliases as well as (limited) stats, in places where we only check for totals, these are faster to collect than counting them in python.
There should be no functional impact.
When dnsmasq is not used for dns services, no default dns is being send to the client for dhcp.
Add a non specific option, which can be overwritten using tags.
In some cases it's practical to document the field so grids may use them, but skip them on input processing as the information is not that relevant to ask (or show using an info type)
Ideally these spots should not be needed as the frontend generates the configuration and on boot these are flushed as well, ... but, when interfaces change during boot or triggered by the wizard, these parts are not aware of these facts.
as discussed with @fichtner
In rare cases it is possible to lock the system during boot while drivers are loaded and tunables try to fetch all information from sysctl.
Since we already implemented a lazy loading pattern on the Alias model, it seems to make sense to push this up the chain and reuse it.
For consistency reasons, we should also push the "lazy" attribute when constructing new ModelRelationField types.
* vpn/openvpn: Implement base_bootgrid_table and base_apply_button for https://github.com/opnsense/core/issues/8318
* vpn/openvpn: overflow-y in column dropdown due to amount of items in grid
Add a note on top of the legacy pages about the end of maintenance, depending on version, this will be version 26.1 ot 26.4 [BE].
In the meantime components will move to plugins. When maintenance ends, it will still be possible to install the component, but may break unexpectedly.
This rather large commit implements most relevant dhcp options and rewrites dnsmasq's backend.
By default dnsmasq is disabled, eventually we do want dnsmasq enabled for dhcp services by default, but dns itself disabled. For this reason we support port "0" as implemented at dnsmasq (not listening for dns).
For cases where users want to integrate dns and dhcp services, the advise is to make dnsmasq listen on a non standard port and point unbound to the zones where dnsmasq is responsible for. This has the advantage of a direct connection between dhcp registered hosts and the requesting service. In these cases dnsmasq's dns service acts like a "connector".
In the long run we should deprecate `regdhcpstatic` and `regdhcp` as these either belong to legacy isc-dhcp or hook kea entries (which are better served via unbound).
The first mvc migration phase implemented IndexController.php, which we rename to SettingsController.php now as these results in more logical ui endpoints.
Since we don't bind to addresses directly (unless specifically configured and adviced only for static setups), we can skip the newwanip event which means we don't restart the service on interface changes. dnsmasq is able to filter the relevant networks on the fly, which is the advised scenario and can cope more easily with changes.
When different clients need to receive different options, we can use "tags" now. Requests can add tags to filter options which will be offered to the client, in the most simple scenario one would tag on a range or a host reservation, but more advanced choices can also be achieved using match statements (for example architecture [client-arch])
When services offer aliases which are less static, the current json option isn't very practical as we only want the package manager to ship files into these directories.
The new DynamicAliases namespace may contain simple php classes, which return a named set of aliases to merge into the set.
Since all of these classes are created on each alias query, it's highly advisable to keep their implementations as lightweight as possible.
* vpn/wireguard: Introduce latest-handshake-age to calculate if tunnel is online in backend. Implement it in wireguard.js widget and diagnostics.volt
* vpn/wireguard: expose peer-connected via API to approximate state of wireguard peers online/offline status, change status formatter to show statos of interfaces and peers, improve diagnostic grid
* vpn/wireguard: Move epoch calculation from frontend to controller
* vpn/wireguard: Track 3 different status instead of a boolean offline/online. Online means a handshake happened recently, Stale means a handshake happened in the past above a threshold of 300s, Offline means there was never a handshake yet. The same icons are implemented in the widget and the wireguard diagnostics page.
* vpn/wireguard: Remote peer disconnected translation since this is tracked by the icon now. Add stale translation.
* vpn/wireguard: Compact widget information for better readability
This commit changes the default update handling slightly as we need setBaseHook() to do it's work on imports as well so we can't trust $POST to be populated.
As a result, we need to query the node (which has already been set in either our import or addBase, setBase), which only causes some challenges when reading the password.
Passwords are being flushed plaintext to the model, but not returned, so we need to validate isFieldChanged() and check if actual content was offered.
To trigger setBaseHook() from the import hook, we extended the importRecordSet() with another callback called when the node has been populated with data, in which case it's the same as a regular ui update.
Added a config lock early in the importCsv() method to prevent race conditions on updates.
* vpn/wireguard: Integrate layout_partials/base_bootgrid_table and layout_partials/base_apply_button
* vpn/wireguard: Change spot of base_form, add formatter for Instance so that wg0,wg1 etc is displayed again in the grid as before the change
* Fix whitespace
Make sure that 'pluginctl -s xxx stop' isn't used here as it
does not stop a disabled instance. The point is moot for
syslog-ng since you cannot disable it but that only leaves
a tiny amount of daemons that still use it in core (nothing
in plugins uses it).
Also consolidate away from service(8) since we expect and
call the rc.d script directly.
This was steered by the need to let 'other' mode VIPs not cause any
regression with the other logic so now we only have one clear spot and
reload condition and ignore unknown modes gracefully.
delBase() already added a lock, but in practice, when automation is in play, there's a risk for other updates as well, which means we need to synchronize them to avoid data being lost.
* interface: gif.volt - Integrate layout_partials/base_bootgrid_table
* interface: gre.volt - Integrate layout_partials/base_bootgrid_table
* interface: lagg.volt - Integrate layout_partials/base_bootgrid_table
* interface: loopback.volt - Integrate layout_partials/base_bootgrid_table
* interface: neighbor.volt - Integrate layout_partials/base_bootgrid_table
* interface: vip.volt - Integrate layout_partials/base_bootgrid_table
* interface: vlan.volt - Integrate layout_partials/base_bootgrid_table
* interface: vxlan.volt - Integrate layout_partials/base_bootgrid_table
* interface: Change location of Configuration Change Message above Apply
* interface: Fix search base so all grid columns are populated with data
* interface: Integrate layout_partials/base_apply_button https://github.com/opnsense/core/issues/8284
* interface: Missed a spot
* interface: Do not render VHID group password in grid
* interface: vip.volt adjust view more to look like the previous grid
* interface: vip.volt add network formatter, remove vhid formatter since these fields are now displayed by default as separate rows
* interface: loopback.volt add loFormatter to turn device ID into loX in the grid
* interface: vxlan.volt add vxlanFormatter to turn device ID into vxlanX in the grid
