OPNSense/core e5effd4src/opnsense/scripts/captiveportal/lib arp.py

by Stephan de Wit on ⎇
captive portal / hostwatch: output safety when list_hosts.py or decoding fails

arp.py seems to throw an exception an unpredictable times. Since
the most likely culprit is list_hosts.py, capture both
stderr of list_hosts and the exception value of the caller.

In any case, we reuse the old known ARP state to not kill
the CP background process
DeltaFile
+22-7src/opnsense/scripts/captiveportal/lib/arp.py
+22-71 files

OPNSense/core 58c9b62src/opnsense/scripts/captiveportal/lib arp.py, src/opnsense/scripts/interfaces list_hosts.py

by Stephan de Wit on ⎇
captive portal / hostwatch: output safety when list_hosts.py or decoding fails, capture possible exceptions in list_hosts.py as well
DeltaFile
+22-7src/opnsense/scripts/captiveportal/lib/arp.py
+2-0src/opnsense/scripts/interfaces/list_hosts.py
+24-72 files

OPNSense/core 693ea2dsrc/opnsense/mvc/app/library/OPNsense/OpenVPN ArchiveOpenVPN.php PlainOpenVPN.php

by Ad Schellevis on ⎇
VPN: OpenVPN: add tls-crypt-v2 support (#10069)

fix regression in export output, forgot to remove the base64decode
DeltaFile
+1-1src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php
+1-1src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php
+1-1src/opnsense/mvc/app/library/OPNsense/OpenVPN/ViscosityVisz.php
+3-33 files

OPNSense/core 84ec454src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api InstancesController.php, src/opnsense/mvc/app/library/OPNsense/OpenVPN ArchiveOpenVPN.php ViscosityVisz.php

by Monviech via GitHub on ⎇
VPN: OpenVPN: add tls-crypt-v2 support (#10069)

* VPN: OpenVPN: Add tls-crypt-v2 support, initial implementation

* Unify key generation into a single bash script that handles stdout parsing and always emits base64, consume that in the key generator

* plist fix

* Add comment that explains stuff a bit better

* VPN: OpenVPN: add tls-crypt-v2 support - refactor https://github.com/opnsense/core/pull/10069

---------

Co-authored-by: Ad Schellevis <ad at opnsense.org>
DeltaFile
+53-0src/opnsense/scripts/openvpn/genkey.py
+10-9src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/InstancesController.php
+14-4src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php
+11-2src/opnsense/mvc/app/library/OPNsense/OpenVPN/ViscosityVisz.php
+12-1src/opnsense/mvc/app/library/OPNsense/OpenVPN/BaseExporter.php
+11-1src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php
+111-174 files not shown
+118-2110 files

OPNSense/core 88124a1src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api InstancesController.php, src/opnsense/mvc/app/library/OPNsense/OpenVPN KeyGenerator.php BaseExporter.php

by Ad Schellevis on ⎇
VPN: OpenVPN: add tls-crypt-v2 support - refactor https://github.com/opnsense/core/pull/10069
DeltaFile
+53-0src/opnsense/scripts/openvpn/genkey.py
+0-45src/opnsense/mvc/app/library/OPNsense/OpenVPN/KeyGenerator.php
+0-29src/opnsense/scripts/openvpn/genkey.sh
+12-1src/opnsense/mvc/app/library/OPNsense/OpenVPN/BaseExporter.php
+2-3src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/InstancesController.php
+2-2src/opnsense/service/conf/actions.d/actions_openvpn.conf
+69-804 files not shown
+73-8810 files

OPNSense/core 45b3d35src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.php KeaDhcpv6.php

by Stephan de Wit via GitHub on ⎇
Services: Kea: DHCPv4/6: remove KeaCtrlAgent dependency on HA configuration (#10080)
DeltaFile
+23-25src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+23-25src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+46-502 files

OPNSense/core d68b8desrc/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.php KeaDhcpv6.php

by Stephan de Wit on ⎇
Services: Kea: DHCPv4/6: remove KeaCtrlAgent dependency on HA configuration
DeltaFile
+23-25src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+23-25src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+46-502 files

OPNSense/core 6749576src/opnsense/mvc/app/controllers/OPNsense/Kea/forms generalSettings4.xml generalSettings6.xml, src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv6.php KeaDhcpv4.php

by Stephan de Wit via GitHub on ⎇
Services Kea: DHCPv4/6: add sockets max-retries and retry-wait-time options.  (#10078)
DeltaFile
+16-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings4.xml
+16-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings6.xml
+6-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+6-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+2-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.xml
+2-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+48-26 files

OPNSense/core fabdca9. plist

by Stephan de Wit on ⎇
pkg: fix plist
DeltaFile
+2-0plist
+2-01 files

OPNSense/core c1b4855src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.php KeaDhcpv6.php

by Stephan de Wit on ⎇
replace require-all with a comment, since it's false by default
DeltaFile
+1-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+1-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+2-22 files

OPNSense/core 78acc79src/opnsense/mvc/app/controllers/OPNsense/Kea/forms generalSettings6.xml generalSettings4.xml, src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.php KeaDhcpv6.php

by Stephan de Wit on ⎇
Services Kea: DHCPv4/6: add sockets max-retries and retry-wait-time options. Fixes https://github.com/opnsense/core/issues/10072
DeltaFile
+16-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings6.xml
+16-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings4.xml
+6-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+6-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+2-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+2-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.xml
+48-26 files

OPNSense/core 5c320c1src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.php KeaDhcpv6.php

by Stephan de Wit on ⎇
negate
DeltaFile
+1-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+1-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+2-22 files

OPNSense/core 4a35392src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv6.php KeaDhcpv4.php

by Stephan de Wit on ⎇
isEmpty()
DeltaFile
+2-2src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+2-2src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+4-42 files

OPNSense/core 7a38d12src/opnsense/mvc/app/controllers/OPNsense/Kea/forms generalSettings6.xml generalSettings4.xml

by Stephan de Wit on ⎇
re-add hints, remove help defaults
DeltaFile
+4-2src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings6.xml
+4-2src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings4.xml
+8-42 files

OPNSense/core bf0b318src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.xml

by Stephan de Wit on ⎇
model bump not necessary here
DeltaFile
+1-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+1-11 files

OPNSense/core b62b36bsrc/opnsense/mvc/app/controllers/OPNsense/Kea/forms generalSettings4.xml generalSettings6.xml, src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv6.xml KeaDhcpv4.xml

by Stephan de Wit on ⎇
fix previous
DeltaFile
+2-8src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.xml
+2-8src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+4-2src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+4-2src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+2-2src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings4.xml
+2-2src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings6.xml
+16-246 files

OPNSense/core d84542fsrc/opnsense/mvc/app/controllers/OPNsense/Kea/forms generalSettings4.xml generalSettings6.xml, src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.xml

by Stephan de Wit on ⎇
remove hint, bump model
DeltaFile
+0-2src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings4.xml
+0-2src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings6.xml
+1-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+1-53 files

OPNSense/core eb8e1ffsrc/opnsense/scripts/shell firmware.sh

by Konstantinos Spartalis via GitHub on ⎇
Fix typo in firmware: fetching changelog message (#10079)
DeltaFile
+1-1src/opnsense/scripts/shell/firmware.sh
+1-11 files

OPNSense/core 2c969a9src/opnsense/mvc/app/controllers/OPNsense/Kea/forms generalSettings4.xml generalSettings6.xml, src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv6.xml KeaDhcpv4.xml

by Stephan de Wit on ⎇
Services Kea: DHCPv4/6: add sockets max-retries and retry-wait-time options. Fixes https://github.com/opnsense/core/issues/10072
DeltaFile
+16-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings4.xml
+16-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings6.xml
+8-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.xml
+8-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+4-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+4-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+56-26 files

OPNSense/core 9f10ba9src/opnsense/mvc/app/controllers/OPNsense/Kea/Api LeasesController.php, src/opnsense/mvc/app/views/OPNsense/Kea leases6.volt leases4.volt

by Monviech via GitHub on ⎇
Services: Kea: DHCPv4/6: Add delete lease command, use socket for up to date lease collection (#10019)

Co-authored-by: Stephan de Wit <stephan.de.wit at deciso.com>
DeltaFile
+54-45src/opnsense/scripts/kea/get_kea_leases.py
+62-0src/opnsense/scripts/kea/lib/kea_ctrl.py
+55-0src/opnsense/scripts/kea/del_kea_leases.py
+23-6src/opnsense/mvc/app/views/OPNsense/Kea/leases6.volt
+23-6src/opnsense/mvc/app/views/OPNsense/Kea/leases4.volt
+25-0src/opnsense/mvc/app/controllers/OPNsense/Kea/Api/LeasesController.php
+242-575 files not shown
+257-7111 files

OPNSense/core 41f8086src/opnsense/mvc/app/views/OPNsense/Firewall filter_rule.volt nat_rule.volt

by Ad Schellevis on ⎇
Firewall: Rules [new] - change category sorting using names instead of counted rules to align with interface sorting now, for https://github.com/opnsense/core/issues/9719
DeltaFile
+0-9src/opnsense/mvc/app/views/OPNsense/Firewall/filter_rule.volt
+0-8src/opnsense/mvc/app/views/OPNsense/Firewall/nat_rule.volt
+0-172 files

OPNSense/core e958ea7src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api FilterController.php

by Ad Schellevis on ⎇
Firewall: Rules [new] - change sorting to interface/group name and stop caring about counted rules, for https://github.com/opnsense/core/issues/9719

Historically this made sense to avoid having to click to all interfaces if this component only serviced a part of it, when moving to this being the standard, this feels less relevant.
DeltaFile
+1-4src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterController.php
+1-41 files

OPNSense/core c491376src/opnsense/service configd_ctl.py

by Majx via GitHub on ⎇
configctl: Bugfix #10075 (#10076)

quote configctl parameters to avoid skipping empty ones.
DeltaFile
+2-1src/opnsense/service/configd_ctl.py
+2-11 files

OPNSense/core 56ea14fsrc/opnsense/mvc/app/models/OPNsense/IPsec/FieldTypes IPsecProposalField.php

by jakobsen-lrz via GitHub on ⎇
ipsec: Adding 4 Insecure proposals (#10062)

Signed-off-by: Bjoern Jakobsen <Bjoern.Jakobsen at lrz.de>
DeltaFile
+4-0src/opnsense/mvc/app/models/OPNsense/IPsec/FieldTypes/IPsecProposalField.php
+4-01 files

OPNSense/core 5e781d8src/opnsense/site-python duckdb_helper.py

by Stephan de Wit on ⎇
unbound: limit duckdb to a single thread in write mode to reduce logger memory usage

After some testing, it seems the duckdb python API has a tendency to
leak (up to a cap), which seems to be mitigated when we limit to a single thread.
Further testing shows that the single logger.py process doesn't
use parallelization when appending dataframes to the db instance
and as such multiple threads are useless to begin with. The heavier
actions are the read actions, which are separate short-lived processes
and do not suffer from the same issue and likely do require duckdb
parallelism to perform properly, so apply the single thread only to
writers.
DeltaFile
+2-0src/opnsense/site-python/duckdb_helper.py
+2-01 files

OPNSense/core 1d9782dsrc/opnsense/mvc/app/controllers/OPNsense/Kea/Api LeasesController.php, src/opnsense/scripts/kea del_kea_leases.py

by Stephan de Wit on ⎇
remove logging
DeltaFile
+3-14src/opnsense/scripts/kea/lib/kea_ctrl.py
+1-1src/opnsense/mvc/app/controllers/OPNsense/Kea/Api/LeasesController.php
+1-1src/opnsense/scripts/kea/del_kea_leases.py
+5-163 files

OPNSense/core 9c087a3src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api InstancesController.php, src/opnsense/mvc/app/views/OPNsense/OpenVPN instances.volt

by Monviech on ⎇
Add comment that explains stuff a bit better
DeltaFile
+3-1src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/InstancesController.php
+1-1src/opnsense/mvc/app/views/OPNsense/OpenVPN/instances.volt
+4-22 files

OPNSense/core 0e733b5. plist

by Monviech on ⎇
plist fix
DeltaFile
+1-1plist
+1-11 files

OPNSense/core 4287188. plist, src/opnsense/mvc/app/controllers/OPNsense/Unbound/forms advanced.xml

by Monviech on ⎇
Merge remote-tracking branch 'origin/master' into tls-crypt-v2
DeltaFile
+9-0src/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/advanced.xml
+5-1src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
+5-0plist
+1-0src/opnsense/service/templates/OPNsense/Unbound/core/advanced.conf
+20-14 files

OPNSense/core 8bc5956. plist

by Stephan de Wit on ⎇
pkg: fix plist
DeltaFile
+5-0plist
+5-01 files