Topics

1

Development and Code Review / ArrayField->getNodes() returns empty array after write_config()

« on: February 25, 2020, 09:00:44 pm »

After a write_config(), getNodes() returns null/empty array for type ArrayField.
Don't know if this is a bug or me just missing how to refresh the config.

Example model test script attached.

2

General Discussion / No console menu after update

« on: March 22, 2018, 07:46:31 am »

No console menu after update

Before and after config diff doesn't show anything that would expect to disable/lock console menu.  Doesn't seem to be anything else unusual.  SSH as root still works.

Haven't seen anyone else mention it so may be a me thing.

Same for both production and devel.

opnsense-update -t opnsense

OPNsense 18.1.5-amd64
FreeBSD 11.1-RELEASE-p8
LibreSSL 2.6.4

opnsense-update -t opnsense-devel

OPNsense 18.7.a_264-amd64
FreeBSD 11.1-RELEASE-p8
LibreSSL 2.6.4

3

General Discussion / Netherlands doing well in Olympics

« on: February 20, 2018, 12:21:38 am »

Forth place overall medal count.
Tied for third for gold medals.

4

Development and Code Review / Master Repo Version out of Sync

« on: February 11, 2018, 11:59:39 pm »

How do I get my master repo to upgrade to 18.7.a?  It's stuck on 18.1.b.

When I check for upgrade it shows new version opnsense-devel 18.7.a and upgrade to that as expected.  But if I do a make upgrade from the master repo it reverts to reporting version 18.1.b.

Don't think there would be any code difference.  Just version reporting and always thinking there is an upgrade available.

Firmware release type is set to development.

Thanks

5

General Discussion / WinSCP separate session for duplicating files

« on: January 30, 2018, 01:00:08 am »

WinSCP opens a separate ssh session for direct duplication of remote files.

On OPNsense box "starting the session..." fails.

Works fine on other FreeBSD boxes.

Is there something specific about the OPNsense that would cause this?

Thanks

6

General Discussion / WebGUI WAN Access

« on: January 26, 2018, 07:25:32 am »

Trying to access the WebGUI via wan interface.  Have pass all rule at top of WAN firewall and it responds with SYN ACK to client IP address.  However it is to the default gateway MAC address so never reaches the client.

Why is it being sent to the gateway?  They are all on the same subnet (192.168.2.0/24).

Client x.x.x.10
OPNsense x.x.x.44
Default Gateway x.x.x.1

Thanks

7

Development and Code Review / Viewport User Scaling

« on: January 24, 2018, 07:36:15 am »

Tinkering with the viewport settings and find that I like

this

Code: [Select]

<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" />
better than this

Code: [Select]

<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" />
Because it allows zooming in on something and then easily returning to the scale factor 1.

In the past I know Chrome was using or a combination of viewport settings to disable double click zoom.  But from what I understand they changed to triggering that by width set to device-width or less.

Preventing user scaling is typical beneficial for things such as maps where it is better for the app to handle the zooming by providing a higher resolution image of that map section.  Rather than the browser zooming in on the lower res image and pixelating.

What is the purpose of preventing user scaling here?

Thanks

8

Development and Code Review / Speaking of accessibility...

« on: January 20, 2018, 10:03:37 am »

I also want a couple of accessibility improvements here.

HTML/Usage/Headings/Missing
https://www.w3.org/wiki/HTML/Usage/Headings/Missing

Code: [Select]

grep -ERIisro '<section ' /usr/core/src/* | grep -c '<section '
grep -ERIisrc '<section ' /usr/core/src/* | grep -v ':0$' | grep -c ".*"
grep -ERIisrc '<section ' /usr/core/src/* | grep -v ':0$'
313 occurrences in 136 files

Code: [Select]

grep -ERIisro '<section ' /usr/plugins/* | grep -c '<section '
grep -ERIisrc '<section ' /usr/plugins/* | grep -v ':0$' | grep -c ".*"
grep -ERIisrc '<section ' /usr/plugins/* | grep -v ':0$'
79 occurrences in 34 files

https://validator.w3.org/
Warning: Section lacks heading. Consider using h2-h6 elements to add identifying headings to all sections.

9

General Discussion / Virtual Interface VLANs

« on: January 18, 2018, 01:26:28 pm »

Any plan to use virtual interface vlans (em0.1 vs em0_vlan1)?
https://www.freebsd.org/doc/handbook/network-vlan.html

I don't know what all the advantages are.  But I know it is much nicer to work with packet capturing.  Can just specify the virtual vlan interface (em0.n) rather than having to include the vlan tag in the capture filter.

10

Development and Code Review / "for" attribute usage in form_input_tr.volt

« on: January 12, 2018, 09:25:28 am »

Having trouble understanding the "for" attribute in the <tr> (line 45) and <span> (line 81) elements here.
Could someone please shed some light on how, when, and where these are made use of?
Thanks.

form_input_tr.volt
/usr/local/opnsense/mvc/app/views/layout_partials/

Code: [Select]

45: <tr for="{{ id }}" {% if advanced|default(false)=='true' %} data-advanced="true"{% endif %}>
 . . .
        <input id="{{ id }}" ... >
 . . .
80:     <td>
81:         <span class="help-block" for="{{ id }}" ></span>
82:     </td>
83: </tr>


11

18.1 Legacy Series / Certificate Serial Number Decrement

« on: January 05, 2018, 02:06:23 am »

System: Trust: Authorities: Add/Edit
(https://opnsense.office/system_camanager.php?act=edit&id=0)

The "Serial for next certificate" value decrements with each save.
full help: "Enter a decimal number to be used as the serial number for the next certificate to be created using this CA."

Should this value really be decremented by saving?  Doesn't seem like it should.  Maybe I'm not understanding the use case.

12

18.1 Legacy Series / Plugin Installed or Not

« on: December 29, 2017, 09:39:00 am »

System: Firmware

Plugins tab shows "os-dyndns" as NOT installed.  But "Dynamic DNS" is in the "Services" menu (and configurable), and "configctl firmware plugin dyndns" returns "1" (installed).

I'm confused.  Please clarify.

Thanks.

13

Documentation and Translation / Typo in Hello world module & plugin code sample

« on: December 25, 2017, 11:33:57 pm »

Docs »
 Development Manual »
 Examples »
 Hello world module & plugin

https://docs.opnsense.org/development/examples/helloworld.html#add-actions

This add actions section example code line...
$bckresult = trim($backend->configdRun("template reload OPNsense.HelloWorld"));

should be...
$bckresult = trim($backend->configdRun("template reload OPNsense/HelloWorld"));

14

18.1 Legacy Series / Eliminate 300 ms click delay

« on: December 24, 2017, 06:23:44 am »

The 300 ms click delay seems to have out lived it's usefulness.  Could we please remove it?

It's been eliminated for specifically for Chrome via the viewport meta tag width=device-width.  But that is browser specific and maybe even proprietary solution.

Think CSS is the W3C "recommending" solution.

body {
  touch-action: manipulation;
}

Background:
What Exactly Is..... The 300ms Click Delay
https://www.telerik.com/blogs/what-exactly-is.....-the-300ms-click-delay

Thanks

15

18.1 Legacy Series / Using own CA's w/Python (update_tables.py, etc.)

« on: December 20, 2017, 11:48:02 pm »

Python is using the certifi CA bundle (.../site-packages/certifi/cacert.pem).

Is there also an equivalent to the OpenSSL CAPATH?  A hash dir of CA's.  That Python/certifi can be configured to check if the CA is not found in cacert.pem?  Like OpenSSL does?
e.g. /etc/ssl/certs or /usr/local/openssl/certs

Could add own CA's to the cacert.pem, but that is ungainly approach.

Is OpenSSL going by the wayside in favor of Certifi?

18.1.b