if no shaper (ipfw) rules are present, or these rules are disabled, ipfw will be disabled as well (firewall_enable="NO" and rc.ipfw onestop).
Traffic shaped via pf will not show up in the stats output of dnctl pipe|queue|sched show. Also, there is currently no logic to associate pipes/queues with pf rules.
Add support for auth-gen-token renawal time.
Add support for auth-gen-token-secrets to allow failover between
servers.
Add support for pushing inactive to clients to have them disconnect
after being idle for a set time.
Add support for explicit-exit-notify and for pushing it. This will allow
UDP connection to notify peers that they are going away.
Add support for ifconfig-pool-persist, which will allow smoother roaming
combined with auth-gen-token since client will keep their ip address.
Add support from compress migrate. This option will conditionally use
stub compression for clients announcing they have compression enabled
while leaving it of for all other clients.
Build a formatter for the empty default and hide the
virtual fields from the default dialog by default.
The cloning doesn't make a lot of sense here so remove
it completely.
Delete only if in config.
After a bit of back and forth and issues reported with
bootstrapping it's better to get rid of the old keyword
which unifies the default selection under the empty value.
This inline-assign shouldn't happen anymore (likely a very early version
using the wlan device name implicitly). Maybe for 25.7, needs a tiny code
audit at one point but since the other cruft changes are in 25.1.3 this
makes sense to push.
First these are sane defaults, second they always belonged to NTPd which
we do not configure in the wizard. The settings are now contained
within network time/ntpd and just need a proper migration when the MVC/API
conversion for that component begins.
We never rely on xml ordering, which means a "nosync" can always be appended or prepended into an existing dataset (as long as uuid's don't overlap, but that's a bit of a corner case).
This commits tracks the nosync items inside the dataset to sync and prepends them to the new target set, so all nosync items on the back remain where they belong.
The $sync_full construct always looked a bit weird, certainly as different other comparable config sections don't seem to have the same issue as mentioned in the original commit (1b99e1e53a). Tried the nat rules on an existing setup after this change, which still works like a charm.
This is certainly a downside of data migrations in general, when looking at the actual target, we don't have all the versions in between available. which means breakage is possible when skipping a lot of versions on our end.
* wizard: reimplement system setup, for https://github.com/opnsense/core/issues/8352
This commit implements our replacement for the setup wizard. The questions are roughly the same as in the legacy version.
Some less relevant options have been removed (pppoe ondemand for example) and isc-dhcpd has been replaced with dnsmasq.
Only standard tools have been used, a memory model to validate the data and simple input forms in tabs.
The in memory model acts as a wrapper around a legacy configuration data and a couple of component models to apply the requested settings.
Some legacy settings using isset() have been altered to use their empty() equivalent.
* wizard: as we're changing to dnsmasq as default, we need to make sure the console setup configures the same (https://github.com/opnsense/core/issues/8352)
Fix some small php arnings in the process, but further than that just rewrite the dhcpd console handling to use dnsmasq instead of isc.
Eventually we will need to rewrite the console tools as well, but let's try to keep this compatible with minimal impact.
* wizard: change other occurrences of isset($config['dnsallowoverride']) for https://github.com/opnsense/core/issues/8352
* wizard: sort listtags() and some other minor review comments for https://github.com/opnsense/core/issues/8352
For ipv4 there only appears to be a static mode type, ipv6 will extend the options. If we don't want to risk needing a checkbox for each of them, it's better to implement this as a mode dropdown.
