opennds (10.2.0)
This version is a minor upgrade that introduces some significant additional functionality.
In addition it includes numerous enhancements bug fixes and cosmetic fixes.
Additional functionality includes:
Pre-emptive Client Lists
A list of the MAC addresses and access conditions of pre-emptively authenticated client devices.
Unlike Trusted Clients, Pre-emptive clients have their data usage monitored. Quotas and timeouts are applied.
Pre-emptive clients are logged both locally and in remote fas servers in the same way as normal validated clients.
Autonomous Block Lists
Autonomous block lists are lists of FQDNs for which all ip addresses allocated to those FQDNs will be blocked.
Internet hosted https FAS support for resource limited routers.
For limited resource router hardware, inbound nat traversal has been extended to allow https FAS without additional dependencies.
An example FAS script fas_hid_https.php is provided.
Fair Usage Policy
A Fair Usage Policy (FUP) option is introduced where if a client exceeds the pre-configured data quota, rate throttling will be enabled automatically.
Changelog:
- Add - Page 202 HTTP_ACCEPTED for future use
- Fix - remove redundant workaround for old MHD versions [bluewavenet]
- Fix - some nft and other error messages [bluewavenet]
- Fix - remove unnecessary debug messages [bluewavenet]
- Add - improved ndsctl status detection for authmon [bluewavenet]
- Add - increase RestartSec parameter in opennds.service for generic Linux [bluewavenet]
- Fix - prevent unnecessary shutdown [bluewavenet]
- Fix - Generic Linux, error updating dnsmasq.conf [bluewavenet]
- Add - allow dynamic update of flowtable rules [bluewavenet]
- Fix - use Themespec in place of deprecated preauth in ndectl status [bluewavenet]
- Fix - Generic linux - keep old config [bluewavenet]
- Fix - remove some unused variables [bluewavenet]
- Add - support for nftables blocklists [bluewavenet]
- Add - ensure authenticated user rules are added in list order [bluewavenet]
- Add - Set default authenticated policy to accept [bluewavenet]
- Add - urandom hash to key generation [bluewavenet]
- Fix - Fix - duplicate users_to_router rules [bluewavenet]
- Add - Automatic dns resolution of fas_remotefqdn in nftables rules [bluewavenet]
- Add - flowtables rules [bluewavenet]
- Add - dynamic flowtable support allowing multiple upstream connections [bluewavenet]
- Add - skip preemptivemac client if not dhcp database or is already authenticated [bluewavenet]
- Add - Skip auth_restore if client is in preemptivemac list [bluewavenet]
- Add - use daemon_auth in auth_restore [bluewavenet]
- Add - Dynamic refresh of configured preemptive macs [bluewavenet]
- Fix - suppress demon_auth debug output [bluewavenet]
- Add - urlencode ALL list blocks and introduce preemptivemac lists [bluewavenet]
- Add - fas-hid-https to makefiles [bluewavenet]
- Add - warning that pre-shared key will be generated and added to config if not present [bluewavenet]
- Add - b64decode payload in fas [bluewavenet]
- Add - b64encode payload before sending to fas [bluewavenet]
- Add - level 4 fas-hid-https [bluewavenet]
- Add - support for fas_secure_enabled = 4 [bluewavenet]
- Add - updates to comments in fas-hid script [bluewavenet]
- Fix - fas-hid icon position [bluewavenet]
- Add - wget_request support to authmon [bluewavenet]
- Add - ruleset full parsing of verdict, protocol ports to/from address [bluewavenet]
- Fix - send_to_fas_deauthed [bluewavenet]
- Fix - ensure action is parsed correctly in all cases [bluewavenet]
- Add - Quota based Fair Usage Policy, sets throttled rate when quota exceeded [bluewavenet]
- Add - QL code scanning support in Community theme_voucher ThemeSpec script [bluewavenet]
- Add - support for cpi_query in example FAS scripts [bluewavenet]
- Fix - memory leak when deleting client from client list [bluewavenet]
- Add - html entity handling for semicolon [bluewavenet]
- Add - Store RFC8910 request string in client data [bluewavenet]
-- Rob White dot@blue-wave.net Wed, 22 Nov 2023 11:08:15 +0000