vpn/openvpn: Use tls-crypt and tls-auth aliases for generating the static key (#9810)
* vpn/openvpn: Even though openvpn --genkey secret generates the same static key for secret, tls-auth and tls-crypt, it is more explicit to use all modes verbatim. It's simpler to expand it in the future this way.
vpn/openvpn: Even though openvpn --genkey secret generates the same static key for secret, tls-auth and tls-crypt, it is more explicit to use all modes verbatim. It's simpler to expand it in the future this way.
dashboard: sync layout with configuration when adjusting column count
This prevents edge cases of widget deletion or additions in one layout mode
still showing up in others. This also handles privilege changes, where
users don't have access to specific widgets anymore, making sure
these persisted widget layouts are cleaned up when requested.
dashboard: store layout types based on column breakpoints
We currently define 3 breakpoints with 1, 3 and 12 columns respectively.
Previously, if a user loaded the dashboard on a phone or tablet
screen and subsequently saved the layout, this layout would be
ignored in order to prevent a hardcoded number of columns on
larger screens. With this commit, each breakpoint will have its
own associated layout and dynamically adjust the layout to one
of the available ones if the screen is resized and forced to reduce
the number of columns. Layouts on smaller screens are therefore
persisted as well.
Firewall: Schedule: Fix is_schedule_inuse so it works for legacy and new rules (#9807)
* Firewall: Schedule: Fix is_schedule_inuse so it works for legacy and new rules
* Use config_read_array instead
interfaces: multi-dhcp6c support and custom PD association #7647
This splits off rtsold and dhcp6c into separate processes
which frees us from the restrictions of faked iterative IDs
for PD associations. For NA we simply default to 0 now.
I'm not entirely sure why we settled for a single deamon of
dhcp6c back in the day, but there are certianly downsides to
it and I don't see something that wasn't fixed in the meantime
that makes this not work.
Fix typo (#9803)
The installation wizard has a typo wherein Unbound is referred to as "Unboud" (missing the 'n' character). This commit fixes this typo.
make: remove CORE_REPOSITORY
Looking at it again this was used for LibreSSL back in the day
but we do not need this and aux configuration is also hardcoded.
Security: Q-Feeds Connect - add new options as available in integrated blocklists (#5226)
* Security: Q-Feeds Connect - add new options as available in integrated blocklists, closes https://github.com/opnsense/plugins/issues/5197
This adds allowlists (regex patterns), source_nets Q-Feeds applies on, address to return and optional NXDOMAIN responses.
Please note this version is only compatible with current community versions, business edition installs will have to wait for 26.4.
* Security: Q-Feeds Connect - update version and changelog
Services: Dnsmasq DNS & DHCP: add IP address validations for some of the DHCPv4 and DHCPv6 options (#9790)
---------
Co-authored-by: Ad Schellevis <AdSchellevis at users.noreply.github.com>
Co-authored-by: Franco Fichtner <1915288+fichtner at users.noreply.github.com>
Services: Captive Portal: Move template actions out of the ServiceController into its own TemplateController, so it can use the ApiMutableModelControllerBase methods
