OPNSense/core b83cb18src/www firewall_rules.php

firewall: nicer toggle; closes #3700

OPNSense/core 915ebdcsrc/www/widgets/api/plugins system.inc, src/www/widgets/widgets system_information.widget.php

system: show all swap partitions; closes #3592

OPNSense/core 5d4599esrc/www diag_packet_capture.php

interfaces: packet capture switcheroo

PR: https://forum.opnsense.org/index.php?topic=13897.0

(cherry picked from commit 01cdf46908ec273ad06d18ea023378d256ad0951)
(cherry picked from commit 8a73ea0af2992e4e1edbe554eebe29a01c28b3d4)

OPNSense/core 8a73ea0src/www diag_packet_capture.php

interfaces: part two (actual fix) (actual fix)

OPNSense/core 01cdf46src/www diag_packet_capture.php

interfaces: packet capture switcheroo

PR: https://forum.opnsense.org/index.php?topic=13897.0

OPNSense/core ffd5060src/etc/inc plugins.inc, src/opnsense/mvc/app/controllers/OPNsense/IPsec KeyPairsController.php

src: minor style updates in diff vs. stable/19.7

OPNSense/core e637e76. plist

plist: fix
DeltaFile
+9-0plist
+9-01 files

OPNSense/core 6b542e9src/etc/inc/plugins.inc.d ipsec.inc, src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api KeyPairsController.php LegacySubsystemController.php

Merge branch 'ppmathis-feature/ipsec-pubkey-auth'

OPNSense/core 013e802src/opnsense/mvc/app/views/OPNsense/IPsec key_pairs.volt

IPSec public key authentication, fix background on /ui/ipsec/key-pairs

OPNSense/core 0038128src/etc/inc/plugins.inc.d ipsec.inc, src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api KeyPairsController.php LegacySubsystemController.php

Merge branch 'feature/ipsec-pubkey-auth' of https://github.com/ppmathis/opnsense-core into 
ppmathis-feature/ipsec-pubkey-auth

OPNSense/core 2da6de4src/opnsense/scripts/OPNsense/CaptivePortal/lib ipfw.py

Captive portal, regression in merging 
https://github.com/opnsense/core/commit/b54f3d2cc437efe4790c1587433dca985614e6ca

ref https://forum.opnsense.org/index.php?topic=14186

(cherry picked from commit 2a72b99a9dda11e9daf352d1ae8af3e7bebb26bf)

OPNSense/core 2a72b99src/opnsense/scripts/OPNsense/CaptivePortal/lib ipfw.py

OPNSense/core 814d9e7src/opnsense/mvc/app/controllers/OPNsense/Core/Api/repositories opnsense.xml

Update opnsense.xml (#3699)


(cherry picked from commit 42e2dcd20ef7e8b27663a0a3997a71db591babe8)

OPNSense/core 42e2dcdsrc/opnsense/mvc/app/controllers/OPNsense/Core/Api/repositories opnsense.xml

Update opnsense.xml (#3699)

OPNSense/core ffcd85fsrc/opnsense/scripts/OPNsense/CaptivePortal cp-background-process.py allow.py, src/opnsense/scripts/OPNsense/CaptivePortal/lib ipfw.py arp.py

Captive portal: optimise ipfw rule parsing. for 
https://github.com/opnsense/core/issues/3559 (#3608)

Our current generated ruleset creates two count rules to match incoming and outgoing 
traffic to and from the client for accounting purposes. Since ipfw doesn't support table 
stats, the options are limited to know the amount of traffic processed and last accessed 
times.

This patch basically replaces the accounting section with seperate blocks, which are 
jumped to using the exising table (which contains address + rulenumber now), logically 
this would lower the time needed to parse the accounting section (since only the count 
rules for the specif ip's are evaulated now).

In terms of ruleset, this will generate 3 rules per address (count from, count to and jump 
to end of ruleset), like:

```
30001   342    27744 count ip from xxx.xxx.xxx.xxx to any
30001  1194   225783 count ip from any to xxx.xxx.xxx.xxx
30001  1536   253527 skipto 60000 ip from any to any       [ <--- NEW ]
```

Since we need the address to collect rules, we can't simply this count to one rule 
(IPFW.list_accounting_info() parses the address from the ruleset).


    [8 lines not shown]

OPNSense/core 3740e22src/etc/rc.d netflow, src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/forms netflow_capture.xml

netflow: set active/inactive timeout (#3651)



(cherry picked from commit 8afb87cc0450aa8b606790be2bef46efca858922)

OPNSense/core a09b586src/etc/rc.d netflow

netflow: load needed ng_ether if not found yet

(cherry picked from commit 4edbacc5193319337f4c1004e2505fe0821cb0c3)
DeltaFile
+10-4src/etc/rc.d/netflow
+10-41 files

OPNSense/core d16b0b8. plist, src/etc/inc interfaces.inc

CARP, kill vague advskew legacy hook when starting in maintenance mode 
(virtualip_carp_maintenancemode), closes https://github.com/opnsense/core/issues/3671

(cherry picked from commit 28cc0dc5f4f2600098267ed76b165bb1067a91fc)
(cherry picked from commit fe11354c82028d0aa4f8458ef0d66a495096619d)

OPNSense/core 2e0ea99src/opnsense/scripts/filter/lib alias.py

Alias, when geoip alias name is the same as it's country, it won't fetch contents, since 
the name matches an existing alias.

(cherry picked from commit 3ef14d17e3b4f4ed38cbe8a9a3861ca5914ee59e)

OPNSense/core 9c88331. plist, src/etc/inc authgui.inc

Revert "jQuery, upgrade to 3.4.1, keep 3.2.1 on disk for older third party plugins and 
disable jquery-migrations while herre."

-- seems to be for later, dashboard dies with "Uncaught TypeError: e.indexOf is not a 
function .... "

This reverts commit 244b70b77193f9c4d5f2912ca3c3cccf65f49d55.

OPNSense/core 244b70b. plist, src/etc/inc authgui.inc

jQuery, upgrade to 3.4.1, keep 3.2.1 on disk for older third party plugins and disable 
jquery-migrations while herre.

OPNSense/core a05202esrc/etc/inc/plugins.inc.d opendns.inc, src/opnsense/mvc/app/controllers/OPNsense/Base ApiControllerBase.php

src: style sweep

(cherry picked from commit c668ae42cab9df005e345d5815176a83d373f018)

OPNSense/core c668ae4src/etc/inc plugins.inc, src/etc/inc/plugins.inc.d opendns.inc

src: style sweep

OPNSense/core 7b2096fsrc/etc/inc/plugins.inc.d unbound.inc

Set absolute path to root.hints

root.hints file is located at /var/unbound not /

Current users may not be leveraging root.hints with unbound deployments.

(cherry picked from commit 6c4b88070508b52468ad6238bb087f490530f014)

OPNSense/core f358d95. plist, src/etc/inc/plugins.inc.d unbound.inc

unbound, support custom includes. for https://github.com/opnsense/core/issues/3621

(cherry picked from commit 3211eaed62461e98a33476df125a7a49ffd9be7d)
(cherry picked from commit 234b30ffaaaa214214313d49fd69f1502abfa12a)

OPNSense/core 14f384bsrc/www system_advanced_sysctl.php

system: fix translation order of tunables description; closes #3676

(cherry picked from commit 060f9edad76a2705d1af7d80ebaab447457e1a71)
(cherry picked from commit 79732b440e4d129bce43f272204bf22d0bbf6a1c)

OPNSense/core 41c0cbasrc/www diag_dns.php

diag_dns.php it seems like a good time to delete non functional links here, since 
private.dnsstuff.com isn't active. closes https://github.com/opnsense/core/pull/3677

(cherry picked from commit eff129c82006b42a7e1c7911f8adb03b8dd5f372)
(cherry picked from commit bd988894a5cdd8cd0317d4ec81bf2a1a81505fa2)
DeltaFile
+2-17src/www/diag_dns.php
+2-171 files

OPNSense/core 9470332src/etc rc.configure_firmware rc.reload_all, src/etc/inc system.inc

system: break out system_trust_configure()

(cherry picked from commit afe3c3a6cb52b0de7b439b17a126d4bd1ff7a7f6)

OPNSense/core 3ef14d1src/opnsense/scripts/filter/lib alias.py

Alias, when geoip alias name is the same as it's country, it won't fetch contents, since 
the name matches an existing alias.

OPNSense/core bf1d3a2.github/ISSUE_TEMPLATE bug_report.md

Update bug_report.md

(cherry picked from commit 3a5862c7ae101a5583dd429d8bcc7f1e00539ba6)
(cherry picked from commit 4b55adf484d704fa0afff04feb47b8e95f07fb99)
(cherry picked from commit 813bb55533c35982b312a473a1690b97e26e1b0b)

OPNSense/core 813bb55.github/ISSUE_TEMPLATE bug_report.md

src: whitespace sweep

OPNSense/core 1615761src/opnsense/mvc/app/models/OPNsense/Core/Menu Menu.xml

menu: hide helper entry

(cherry picked from commit 1282ac33c537c329e067147c7e0915c95c170e89)

OPNSense/core 1282ac3src/opnsense/mvc/app/models/OPNsense/Core/Menu Menu.xml

menu: hide helper entry

OPNSense/core fe6a12fsrc/opnsense/service/templates/OPNsense/Filter filter_tables.conf

filter/alias, missing refresh on geoip type closes 
https://github.com/opnsense/core/pull/3685

(cherry picked from commit ae5692b477db1701491bce55db5317b0a73728c0)

OPNSense/core 5e7236fsrc/opnsense/service/templates/OPNsense/Syslog syslog-ng-legacy-remote.conf

syslog, fix legacy remote logging. closes https://github.com/opnsense/core/issues/3682

(cherry picked from commit 74c2ac9a203f5fe689d5bbf32014ac7c71bfbcb6)

OPNSense/core 4b55adf.github/ISSUE_TEMPLATE bug_report.md

Update bug_report.md

OPNSense/core 3a5862c.github/ISSUE_TEMPLATE bug_report.md

Update bug_report.md

OPNSense/core 8227a0csrc/opnsense/mvc/app/models/OPNsense/Core/ACL ACL.xml, src/opnsense/mvc/app/models/OPNsense/Core/Menu Menu.xml

ipsec: Move menu and ACL entries into MVC code

This commit moves all menu and ACL entries from the legacy code of the
IPsec subsystem into the new MVC codebase. Additionally, a small bug in
the current master of OPNsense has been fixed, where the ACL
"page-status-systemlogs-ppp" has been mistakenly labeled as "IPsec VPN"
instead of "PPP".

Signed-off-by: Pascal Mathis <mail at pascalmathis.com>

OPNSense/core 74c2ac9src/opnsense/service/templates/OPNsense/Syslog syslog-ng-legacy-remote.conf

syslog, fix legacy remote logging. closes https://github.com/opnsense/core/issues/3682

OPNSense/core 5d9183asrc/etc/inc/plugins.inc.d ipsec.inc, src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api KeyPairsController.php LegacySubsystemController.php

ipsec: Add support for public key authentication

The current IPsec plugin implementation does not support public key
authentication, which allows for a more secure mutual authentication
than PSK while still not introducing the complexity of X509
certificates.  The authentication can easily be set up by generating a
bare RSA keypair chain on both machines, followed by exchanging the
public keys between the two peers.

This commit introduces public key authentication functionality by adding
a new authentication method to phase 1 configuration called "Mutual
Public Key" and adding a menu entry "Key Pairs", which allows adding
public keys + optional private keys. It was successfully tested against
a Linux virtual machine running Strongswan 5 and the entered RSA keys
are automatically verified for correctness.

Useful commands for generating a bare RSA keypair:
$ ipsec pki --gen --type rsa --outform pem --size 4096 > private.pem
$ ipsec pki --pub --outform pem --in private.pem > public.pem

Signed-off-by: Pascal Mathis <mail at pascalmathis.com>

OPNSense/core ae5692bsrc/opnsense/service/templates/OPNsense/Filter filter_tables.conf

filter/alias, missing refresh on geoip type closes 
https://github.com/opnsense/core/pull/3685

OPNSense/core 2982424src/www interfaces.php

interfaces, only trigger newwanip event for affected interfaces

OPNSense/core 2d73c2csrc/etc/inc plugins.inc

plugins_configure, log actions

OPNSense/core bd98889src/www diag_dns.php

DeltaFile
+1-11src/www/diag_dns.php
+1-111 files

OPNSense/core eff129csrc/www diag_dns.php

diag_dns.php it seems like a good time to delete non functional links here, since 
private.dnsstuff.com isn't active. closes https://github.com/opnsense/core/pull/3677

OPNSense/core 79732b4src/www system_advanced_sysctl.php

system: this is the right fix for #3676 ;)

OPNSense/core 060f9edsrc/www system_advanced_sysctl.php

system: fix translation order of tunables description; closes #3676

OPNSense/core fe11354. plist

pkg: last minute build breakage ;)
DeltaFile
+1-0plist
+1-01 files

OPNSense/core 28cc0dcsrc/etc/inc interfaces.inc, src/etc/rc.syshook.d/early 98_carp_maintenance

CARP, kill vague advskew legacy hook when starting in maintenance mode 
(virtualip_carp_maintenancemode), closes https://github.com/opnsense/core/issues/3671

OPNSense/core 6255e8asrc/opnsense/mvc/app/library/OPNsense/Routing Gateways.php

src: style sweep

(cherry picked from commit 612cdd511807e7f4c807d18cb4d07096abd6f9ff)