BSD Commit Log Search

Merge branch 'master' into interface-bootgrid-partial

openvpn: remove the old wizard

As discussed the wizard will be removed and the legacy component
it is feeding moved to a plugin for 25.7 so it makes no sense to
drag this along any further.

System: Trust: - cleanup legacy files and functions, closes  https://github.com/opnsense/core/issues/7248

move functions that are only used in a single spot in core to that spot for clarity, certs.inc remaining functions are now:

function &lookup_ca($refid)
function &lookup_ca_by_subject($subject)
function &lookup_cert($refid)
function &lookup_crl($refid)
function ca_chain_array(&$cert)
function ca_chain(&$cert)
function cert_import(&$cert, $crt_str, $key_str)
function certs_build_name($dn)
function cert_get_subject($str_crt, $decode = true)
function cert_get_subject_array($crt)
function cert_get_issuer($str_crt, $decode = true)
function cert_get_modulus($str_crt, $decode = true, $type = 'crt')
function cert_get_purpose($str_crt, $decode = true)
function cert_get_serial($str_crt, $decode = true)
function cert_in_use($certref)

    [5 lines not shown]

system: use unified style for "return preg_match" idiom so the caller receives a boolean

(cherry picked from commit 4b932622ddf69b840199fc1f6898c0716fe0ccaf)

Merge remote-tracking branch 'origin/master' into gateways

system: use unified style for "return preg_match" idiom so the caller receives a boolean

VPN: OpenVPN: Servers - remove unused "pool_enable" attribute, originally introduced as unused setting in https://github.com/pfsense/pfsense/commit/d799787e49e0a535acbc881b8e8944b860e25e47

(cherry picked from commit d4e63780619e0e3bcfcf01572795330ff914e6d2)
(cherry picked from commit 382bb09312c169a2980c855b3b5a5255c9470d0a)

openvpn: follow d4e637806 in wizard as well

Merge branch 'master' into system_status

openvpn: hardcode the RFC 7919 DH parameter #4722

This allows us to remove all DH handling remnants.  If people
want to use a separate content they will have to let us know,
but it seems unlikely.  The only impact seems to be a security
bump from 2k to 4k default.

openvpn: tls-crypt support

Squashed commit of the following:

commit 83171f8b1791aae87fc4dacedb6cc921101d8399
Author: Ad Schellevis <ad at opnsense.org>
Date:   Fri Aug 13 21:44:49 2021 +0200

    whitespace

commit 11990f462eaed9bc9cf2051a377d508a916a3945
Author: Ad Schellevis <ad at opnsense.org>
Date:   Fri Aug 13 21:40:24 2021 +0200

    OpenVPN - cleanups for https://github.com/opnsense/core/pull/4592

    simplify flush tls keys.

commit 74db015f0c9963b53b1d3ea8923e1d89899d04a3

    [32 lines not shown]

openvpn: check ipv4 tunnel prefix. v2 (#5114)

(cherry picked from commit 35b373407cdde12c882dc6ef49b2ea5f3cf0eb78)
(cherry picked from commit 51e7ba17d539779757fe1cbc3e4473674bec86ab)

Squashed commit of the following:

commit 83171f8b1791aae87fc4dacedb6cc921101d8399
Author: Ad Schellevis <ad at opnsense.org>
Date:   Fri Aug 13 21:44:49 2021 +0200

    whitespace

commit 11990f462eaed9bc9cf2051a377d508a916a3945
Author: Ad Schellevis <ad at opnsense.org>
Date:   Fri Aug 13 21:40:24 2021 +0200

    OpenVPN - cleanups for https://github.com/opnsense/core/pull/4592

    simplify flush tls keys.

commit 74db015f0c9963b53b1d3ea8923e1d89899d04a3
Author: Ad Schellevis <ad at opnsense.org>
Date:   Fri Aug 13 21:39:28 2021 +0200

    [28 lines not shown]

System / Trust - split between generic server use in cert_get_purpose() and id-kp-serverAuth according to rfc3280, for https://github.com/opnsense/core/issues/5128

src: style sweep

wizard.inc: make working rules (#5112)

openvpn: check ipv4 tunnel prefix. v2 (#5114)

* wizard.inc: check ipv4 tunnel prefix
* vpn_openvpn_server.php: check ipv4 tunnel prefix

OpenVPN wizard broken, seems like a regression from https://github.com/opnsense/core/commit/71d6d0adeb3d9b046114c12d0d2e2386caee3c36 closes https://github.com/opnsense/core/issues/4943

wizard.inc: make working rules (#5112)

(cherry picked from commit 74ccf1683b94ddf9eb2ad8d7feca852c4d039cbf)

Merge tag '21.1.9' into stable/21.4

stable release

Conflicts:
        src/etc/inc/plugins.inc.d/dhcpd.inc
        src/opnsense/mvc/app/controllers/OPNsense/Routes/Api/RoutesController.php

System / Trust - split between generic server use in cert_get_purpose() and id-kp-serverAuth according to rfc3280, for https://github.com/opnsense/core/issues/5128

(cherry picked from commit b9b6e3eb8dbe4e498f65be3992791104c3f4291a)

System / Trust - split between generic server use in cert_get_purpose() and id-kp-serverAuth according to rfc3280, for https://github.com/opnsense/core/issues/5128

src: style sweep

openvpn: check ipv4 tunnel prefix. v2 (#5114)

* wizard.inc: check ipv4 tunnel prefix
* vpn_openvpn_server.php: check ipv4 tunnel prefix

(cherry picked from commit 35b373407cdde12c882dc6ef49b2ea5f3cf0eb78)

wizard.inc: make working rules (#5112)

(cherry picked from commit 74ccf1683b94ddf9eb2ad8d7feca852c4d039cbf)

openvpn: check ipv4 tunnel prefix. v2 (#5114)

* wizard.inc: check ipv4 tunnel prefix
* vpn_openvpn_server.php: check ipv4 tunnel prefix

wizard.inc: make working rules (#5112)

(cherry picked from commit 74ccf1683b94ddf9eb2ad8d7feca852c4d039cbf)

wizard.inc: make working rules (#5112)

Merge tag '21.1.6' into stable/21.4

stable release

OpenVPN wizard broken, seems like a regression from https://github.com/opnsense/core/commit/71d6d0adeb3d9b046114c12d0d2e2386caee3c36 closes https://github.com/opnsense/core/issues/4943

(cherry picked from commit ca67acc9d8b048dfc31c33453dfc0d08c4dccb36)