OPNSense/core 48eeef5src/opnsense/mvc/app/library/OPNsense/Firewall ForwardRule.php

by Ad Schellevis on ⎇
Firewall: NAT: Destination NAT - regression in https://github.com/opnsense/core/commit/e0f0cbf922ff8ddf688362b78c5bc151f5ff20f3, closes https://github.com/opnsense/core/issues/9702
DeltaFile
+2-2src/opnsense/mvc/app/library/OPNsense/Firewall/ForwardRule.php
+2-21 files

OPNSense/plugins 9486488net/frr/src/opnsense/service/templates/OPNsense/Quagga frr

by Ad Schellevis on ⎇
net/frr - after wwitch to watchfrr, setup.sh doesn't seem to be triggered, most likely https://github.com/opnsense/plugins/pull/5367
DeltaFile
+1-1net/frr/src/opnsense/service/templates/OPNsense/Quagga/frr
+1-11 files

OPNSense/core d626d9f. SECURITY.md

by Konstantinos Spartalis via GitHub on ⎇
Make security update release schedule readable (#10085)
DeltaFile
+4-4SECURITY.md
+4-41 files

OPNSense/plugins 2d3ee9fdns/ddclient/src/opnsense/mvc/app/controllers/OPNsense/DynDNS/forms dialogAccount.xml, dns/ddclient/src/opnsense/scripts/ddclient/lib/account allinkl.py

by cakallie via GitHub on ⎇
dns/ddclient: add all-inkl.com KAS API DynDNS provider (#5339)

* dns/ddclient: add all-inkl.com KAS API DynDNS provider

Adds a new Python provider for all-inkl.com hosting using the KAS SOAP API
(KasApi.wsdl). Supports A and AAAA records, including root (@) and wildcard (*)
entries. Credentials are passed per-request (no separate auth step).

- allinkl.py: new provider class AllInkl, service key 'allinkl'
- dialogAccount.xml: show Zone field for service_allinkl
- DynDNS.xml: add allinkl to static service list (ddclient backend fallback)

Co-Authored-By: Claude Sonnet 4.6 <noreply at anthropic.com>

* dns/ddclient: address review feedback for all-inkl.com provider

- Remove allinkl entry from DynDNS.xml; known_services() handles
  registration automatically for Python providers
- Replace regex-based XML parsing with xml.etree.ElementTree:

    [9 lines not shown]
DeltaFile
+337-0dns/ddclient/src/opnsense/scripts/ddclient/lib/account/allinkl.py
+1-1dns/ddclient/src/opnsense/mvc/app/controllers/OPNsense/DynDNS/forms/dialogAccount.xml
+338-12 files

OPNSense/core 70eb725.github/ISSUE_TEMPLATE bug_report.md feature_request.md

by Konstantinos Spartalis via GitHub on ⎇
Issue template: typos (#10083)
DeltaFile
+2-2.github/ISSUE_TEMPLATE/bug_report.md
+2-2.github/ISSUE_TEMPLATE/feature_request.md
+2-2.github/ISSUE_TEMPLATE/question.md
+6-63 files

OPNSense/core 75e60e8src/opnsense/www/js opnsense_bootgrid.js

by Stephan de Wit on ⎇
bootgrid: maintain scrolling position for both datatree and command actions. Closes https://github.com/opnsense/core/issues/9151

The usage of scrollToRow has been considered, but this contains
too much magic causing all kinds of jumps in scroll position,
causing a user to lose track of the changes they made. The only
downside to this is that when a datatree is expanded at the bottom
of a grid, the associated rows aren't immediately visible until
manually scrolled to.
DeltaFile
+14-2src/opnsense/www/js/opnsense_bootgrid.js
+14-21 files

OPNSense/core da2c0bdsrc/opnsense/service/templates/OPNsense/Captiveportal lighttpd-zone.conf

by Stephan de Wit on ⎇
captive portal: disable lighttpd-zone syslog output. Closes https://github.com/opnsense/core/issues/10036
DeltaFile
+1-1src/opnsense/service/templates/OPNsense/Captiveportal/lighttpd-zone.conf
+1-11 files

OPNSense/core e5effd4src/opnsense/scripts/captiveportal/lib arp.py

by Stephan de Wit on ⎇
captive portal / hostwatch: output safety when list_hosts.py or decoding fails

arp.py seems to throw an exception an unpredictable times. Since
the most likely culprit is list_hosts.py, capture both
stderr of list_hosts and the exception value of the caller.

In any case, we reuse the old known ARP state to not kill
the CP background process
DeltaFile
+22-7src/opnsense/scripts/captiveportal/lib/arp.py
+22-71 files

OPNSense/core 58c9b62src/opnsense/scripts/captiveportal/lib arp.py, src/opnsense/scripts/interfaces list_hosts.py

by Stephan de Wit on ⎇
captive portal / hostwatch: output safety when list_hosts.py or decoding fails, capture possible exceptions in list_hosts.py as well
DeltaFile
+22-7src/opnsense/scripts/captiveportal/lib/arp.py
+2-0src/opnsense/scripts/interfaces/list_hosts.py
+24-72 files

OPNSense/core 693ea2dsrc/opnsense/mvc/app/library/OPNsense/OpenVPN ArchiveOpenVPN.php PlainOpenVPN.php

by Ad Schellevis on ⎇
VPN: OpenVPN: add tls-crypt-v2 support (#10069)

fix regression in export output, forgot to remove the base64decode
DeltaFile
+1-1src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php
+1-1src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php
+1-1src/opnsense/mvc/app/library/OPNsense/OpenVPN/ViscosityVisz.php
+3-33 files

OPNSense/core 84ec454src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api InstancesController.php, src/opnsense/mvc/app/library/OPNsense/OpenVPN ArchiveOpenVPN.php ViscosityVisz.php

by Monviech via GitHub on ⎇
VPN: OpenVPN: add tls-crypt-v2 support (#10069)

* VPN: OpenVPN: Add tls-crypt-v2 support, initial implementation

* Unify key generation into a single bash script that handles stdout parsing and always emits base64, consume that in the key generator

* plist fix

* Add comment that explains stuff a bit better

* VPN: OpenVPN: add tls-crypt-v2 support - refactor https://github.com/opnsense/core/pull/10069

---------

Co-authored-by: Ad Schellevis <ad at opnsense.org>
DeltaFile
+53-0src/opnsense/scripts/openvpn/genkey.py
+10-9src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/InstancesController.php
+14-4src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php
+11-2src/opnsense/mvc/app/library/OPNsense/OpenVPN/ViscosityVisz.php
+12-1src/opnsense/mvc/app/library/OPNsense/OpenVPN/BaseExporter.php
+11-1src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php
+111-174 files not shown
+118-2110 files

OPNSense/core 88124a1src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api InstancesController.php, src/opnsense/mvc/app/library/OPNsense/OpenVPN KeyGenerator.php BaseExporter.php

by Ad Schellevis on ⎇
VPN: OpenVPN: add tls-crypt-v2 support - refactor https://github.com/opnsense/core/pull/10069
DeltaFile
+53-0src/opnsense/scripts/openvpn/genkey.py
+0-45src/opnsense/mvc/app/library/OPNsense/OpenVPN/KeyGenerator.php
+0-29src/opnsense/scripts/openvpn/genkey.sh
+12-1src/opnsense/mvc/app/library/OPNsense/OpenVPN/BaseExporter.php
+2-3src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/InstancesController.php
+2-2src/opnsense/service/conf/actions.d/actions_openvpn.conf
+69-804 files not shown
+73-8810 files

OPNSense/core 45b3d35src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.php KeaDhcpv6.php

by Stephan de Wit via GitHub on ⎇
Services: Kea: DHCPv4/6: remove KeaCtrlAgent dependency on HA configuration (#10080)
DeltaFile
+23-25src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+23-25src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+46-502 files

OPNSense/core d68b8desrc/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.php KeaDhcpv6.php

by Stephan de Wit on ⎇
Services: Kea: DHCPv4/6: remove KeaCtrlAgent dependency on HA configuration
DeltaFile
+23-25src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+23-25src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+46-502 files

OPNSense/core 6749576src/opnsense/mvc/app/controllers/OPNsense/Kea/forms generalSettings4.xml generalSettings6.xml, src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.php KeaDhcpv6.php

by Stephan de Wit via GitHub on ⎇
Services Kea: DHCPv4/6: add sockets max-retries and retry-wait-time options.  (#10078)
DeltaFile
+16-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings4.xml
+16-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings6.xml
+6-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+6-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+2-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+2-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.xml
+48-26 files

OPNSense/core fabdca9. plist

by Stephan de Wit on ⎇
pkg: fix plist
DeltaFile
+2-0plist
+2-01 files

OPNSense/core c1b4855src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.php KeaDhcpv6.php

by Stephan de Wit on ⎇
replace require-all with a comment, since it's false by default
DeltaFile
+1-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+1-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+2-22 files

OPNSense/core 78acc79src/opnsense/mvc/app/controllers/OPNsense/Kea/forms generalSettings4.xml generalSettings6.xml, src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.php KeaDhcpv6.php

by Stephan de Wit on ⎇
Services Kea: DHCPv4/6: add sockets max-retries and retry-wait-time options. Fixes https://github.com/opnsense/core/issues/10072
DeltaFile
+16-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings4.xml
+16-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings6.xml
+6-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+6-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+2-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+2-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.xml
+48-26 files

OPNSense/core 5c320c1src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.php KeaDhcpv6.php

by Stephan de Wit on ⎇
negate
DeltaFile
+1-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+1-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+2-22 files

OPNSense/core 4a35392src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.php KeaDhcpv6.php

by Stephan de Wit on ⎇
isEmpty()
DeltaFile
+2-2src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+2-2src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+4-42 files

OPNSense/core 7a38d12src/opnsense/mvc/app/controllers/OPNsense/Kea/forms generalSettings4.xml generalSettings6.xml

by Stephan de Wit on ⎇
re-add hints, remove help defaults
DeltaFile
+4-2src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings4.xml
+4-2src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings6.xml
+8-42 files

OPNSense/core bf0b318src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.xml

by Stephan de Wit on ⎇
model bump not necessary here
DeltaFile
+1-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+1-11 files

OPNSense/core b62b36bsrc/opnsense/mvc/app/controllers/OPNsense/Kea/forms generalSettings6.xml generalSettings4.xml, src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv6.xml KeaDhcpv4.xml

by Stephan de Wit on ⎇
fix previous
DeltaFile
+2-8src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.xml
+2-8src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+4-2src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+4-2src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+2-2src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings6.xml
+2-2src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings4.xml
+16-246 files

OPNSense/core d84542fsrc/opnsense/mvc/app/controllers/OPNsense/Kea/forms generalSettings4.xml generalSettings6.xml, src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.xml

by Stephan de Wit on ⎇
remove hint, bump model
DeltaFile
+0-2src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings4.xml
+0-2src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings6.xml
+1-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+1-53 files

OPNSense/core eb8e1ffsrc/opnsense/scripts/shell firmware.sh

by Konstantinos Spartalis via GitHub on ⎇
Fix typo in firmware: fetching changelog message (#10079)
DeltaFile
+1-1src/opnsense/scripts/shell/firmware.sh
+1-11 files

OPNSense/core 2c969a9src/opnsense/mvc/app/controllers/OPNsense/Kea/forms generalSettings4.xml generalSettings6.xml, src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.xml KeaDhcpv6.xml

by Stephan de Wit on ⎇
Services Kea: DHCPv4/6: add sockets max-retries and retry-wait-time options. Fixes https://github.com/opnsense/core/issues/10072
DeltaFile
+16-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings4.xml
+16-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings6.xml
+8-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+8-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.xml
+4-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+4-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+56-26 files

OPNSense/core 9f10ba9src/opnsense/mvc/app/controllers/OPNsense/Kea/Api LeasesController.php, src/opnsense/mvc/app/views/OPNsense/Kea leases4.volt leases6.volt

by Monviech via GitHub on ⎇
Services: Kea: DHCPv4/6: Add delete lease command, use socket for up to date lease collection (#10019)

Co-authored-by: Stephan de Wit <stephan.de.wit at deciso.com>
DeltaFile
+54-45src/opnsense/scripts/kea/get_kea_leases.py
+62-0src/opnsense/scripts/kea/lib/kea_ctrl.py
+55-0src/opnsense/scripts/kea/del_kea_leases.py
+23-6src/opnsense/mvc/app/views/OPNsense/Kea/leases4.volt
+23-6src/opnsense/mvc/app/views/OPNsense/Kea/leases6.volt
+25-0src/opnsense/mvc/app/controllers/OPNsense/Kea/Api/LeasesController.php
+242-575 files not shown
+257-7111 files

OPNSense/core 41f8086src/opnsense/mvc/app/views/OPNsense/Firewall filter_rule.volt nat_rule.volt

by Ad Schellevis on ⎇
Firewall: Rules [new] - change category sorting using names instead of counted rules to align with interface sorting now, for https://github.com/opnsense/core/issues/9719
DeltaFile
+0-9src/opnsense/mvc/app/views/OPNsense/Firewall/filter_rule.volt
+0-8src/opnsense/mvc/app/views/OPNsense/Firewall/nat_rule.volt
+0-172 files

OPNSense/core e958ea7src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api FilterController.php

by Ad Schellevis on ⎇
Firewall: Rules [new] - change sorting to interface/group name and stop caring about counted rules, for https://github.com/opnsense/core/issues/9719

Historically this made sense to avoid having to click to all interfaces if this component only serviced a part of it, when moving to this being the standard, this feels less relevant.
DeltaFile
+1-4src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterController.php
+1-41 files

OPNSense/core c491376src/opnsense/service configd_ctl.py

by Majx via GitHub on ⎇
configctl: Bugfix #10075 (#10076)

quote configctl parameters to avoid skipping empty ones.
DeltaFile
+2-1src/opnsense/service/configd_ctl.py
+2-11 files