BSD Commit Log Search

VPN: IPsec: Security Policy Database - delete selected not backed by actual logic, closes https://github.com/opnsense/core/issues/9937

backend: apparently r'' is a better fix for SyntaxWarning

Sometimes we even use it.

PR: https://forum.opnsense.org/index.php?topic=51175.0

interfaces: fix static neighbor apply button (#9934)

Fixes: #9932

ditch ndp from arp source

Merge pull request #9927 from agoodkind/agoodkind/captive-portal-ipv6-dual-stack-support

Follow up for dual-stack captive portal authorization in `CaptivePortal`

Merge branch 'captive-portal-ipv6' into agoodkind/captive-portal-ipv6-dual-stack-support

last bits of allow.py

Services: Dnsmasq DNS & DHCP: Add no-ping option (#9915)

add accounting as well

Firewall: NAT: Source NAT - add missing "static port" option, closes https://github.com/opnsense/core/issues/9928

captive portal: ditch address fetch in allow.py to prevent potential lockups

Services: Kea DHCP: Add DDNS feature for subnet4 and subnet6 (#9923)

* kea: WIP add dhcp-ddns daemon with forward zone support, goal is initial feature parity with what ISC had.

* Add a default for ddns_domain_algorithm inside the config generator

* The control socket is not needed right now. It would only be required to directly query the ddns server

* Some updates to ddns model and dialogs

* Update service controls via data_service_widget

* More terminology changes for ddns server ip and port

* It looks like a trailing dot validation is not necessary as the configuration is valid regardless, kea does not crash or log any error here

* Add constraints for key_name and key_secret to be used together, adjust some property names for clarity, extend ddns_domain_key_algorithm with all supported values per documentation

* Use single validation string

    [39 lines not shown]

Simplify ctrl_agent volt page to look like the new ddns agent volt page for consistency

This guard is not needed, it's better if the config keys become empty arrays when nothing is configured to prevent old data sticking around

Forgot the ACL name

Merge remote-tracking branch 'refs/remotes/origin/kea-ddns' into kea-ddns

Minor terminology adjustments

firewall: fix regression in 8554581eac so alias content summary is shown (#9929)

The "description" is a summary so change the underlying
code accordingly to avoid future misinterpretations.

PR: https://forum.opnsense.org/index.php?topic=51246.0

firewall: fix regression in 8554581eac so alias content summary is shown

The "description" is a summary so change the underlying
code accordingly to avoid future misinterpretations.

Warm-start captive portal roaming expansion.

This restores best-effort sibling address authorization at login for already-known addresses on the same MAC, while keeping the background reconciliation path as the source of truth for later convergence and cleanup.

Finish captive portal dual-stack authorization flow.

This makes IPv4 and IPv6 portal entry points behave consistently, fixes proxied client IP detection, and lets roaming sessions discover IPv6 addresses quickly enough to authorize privacy and secondary addresses on the same client.

Apply suggestion from @Monviech

interfaces: multi-dhcp6c support #7647

This splits off rtsold and dhcp6c into separate processes.

I'm not entirely sure why we settled for a single deamon of
dhcp6c back in the day, but there are certianly downsides to
it and I don't see something that wasn't fixed in the meantime
that makes this not work.

Add a DependConstraint for ddns_domain_key_secret instead of making it a required field, saves on model migrations

Review comments, add trailing commas for diff control reasons

Update src/opnsense/mvc/app/models/OPNsense/Kea/KeaDdns.php

Co-authored-by: Franco Fichtner <franco at opnsense.org>

fix DDNS config generation to place key-name at domain level and deduplicate DNS servers

rc: speed up file deletes

PR: https://forum.opnsense.org/index.php?topic=51232.0

Copyright date

Add newline to model