upstream/opnsense-plugins
1
0
Fork 0
mirror of https://github.com/opnsense/plugins.git synced 2026-05-28 04:34:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

dns/dnscrypt-proxy: new plugin (#965)

Browse source 
(cherry picked from commit bface5bb83)
(cherry picked from commit 9499a7351e)
This commit is contained in:
Michael 2018-11-19 08:25:11 +01:00 committed by Franco Fichtner
parent ec904e9158
commit 73552323e2
32 changed files with 1356 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -34,6 +34,7 @@ databases/redis -- Redis DB
devel/debug -- Debugging Tools
devel/helloworld -- A sample framework application
dns/bind -- BIND domain name service
dns/dnscrypt-proxy -- Flexible DNS proxy supportung DNSCrypt and DoH
dns/dyndns -- Dynamic DNS Support
dns/rfc2136 -- RFC-2136 Support
mail/postfix -- SMTP mail relay

8
dns/dnscrypt-proxy/Makefile Normal file
View file

@ -0,0 +1,8 @@
PLUGIN_NAME= dnscrypt-proxy
PLUGIN_VERSION= 0.1
PLUGIN_COMMENT= Flexible DNS proxy supportung DNSCrypt and DoH
PLUGIN_DEPENDS= dnscrypt-proxy2
PLUGIN_MAINTAINER= m.muenz@gmail.com
PLUGIN_DEVEL= yes
.include "../../Mk/plugins.mk"

4
dns/dnscrypt-proxy/pkg-descr Normal file
View file

@ -0,0 +1,4 @@
A flexible DNS proxy, with support for modern encrypted DNS protocols
such as DNSCrypt v2 and DNS-over-HTTPS.
WWW: https://github.com/jedisct1/dnscrypt-proxy

55
dns/dnscrypt-proxy/src/etc/inc/plugins.inc.d/dnscryptproxy.inc Normal file
View file

@ -0,0 +1,55 @@
<?php
/*
Copyright (C) 2018 Michael Muenz <m.muenz@gmail.com>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
function dnscryptproxy_enabled()
{
$model = new \OPNsense\Dnscryptproxy\General();
return (string)$model->enabled == '1';
}
function dnscryptproxy_services()
{
$services = array();
if (!dnscryptproxy_enabled()) {
return $services;
}
$services[] = array(
'description' => gettext('DNSCrypt-Proxy'),
'configd' => array(
'restart' => array('dnscryptproxy restart'),
'start' => array('dnscryptproxy start'),
'stop' => array('dnscryptproxy stop'),
),
'name' => 'dnscrypt-proxy',
'pid' => '/var/run/dnscrypt-proxy.pid'
);
return $services;
}

65
dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/Api/CloakController.php Normal file
View file

@ -0,0 +1,65 @@
<?php
/**
* Copyright (C) 2018 Michael Muenz <m.muenz@gmail.com>
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\Dnscryptproxy\Api;
use \OPNsense\Base\ApiMutableModelControllerBase;
use \OPNsense\Core\Backend;
class CloakController extends ApiMutableModelControllerBase
{
static protected $internalModelName = 'cloak';
static protected $internalModelClass = '\OPNsense\Dnscryptproxy\Cloak';
public function searchCloakAction()
{
return $this->searchBase('cloaks.cloak', array("enabled", "name", "destination"));
}
public function getCloakAction($uuid = null)
{
$this->sessionClose();
return $this->getBase('cloak', 'cloaks.cloak', $uuid);
}
public function addCloakAction()
{
return $this->addBase('cloak', 'cloaks.cloak');
}
public function delCloakAction($uuid)
{
return $this->delBase('cloaks.cloak', $uuid);
}
public function setCloakAction($uuid)
{
return $this->setBase('cloak', 'cloaks.cloak', $uuid);
}
public function toggleCloakAction($uuid)
{
return $this->toggleBase('cloaks.cloak', $uuid);
}
}

65
dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/Api/ForwardController.php Normal file
View file

@ -0,0 +1,65 @@
<?php
/**
* Copyright (C) 2018 Michael Muenz <m.muenz@gmail.com>
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\Dnscryptproxy\Api;
use \OPNsense\Base\ApiMutableModelControllerBase;
use \OPNsense\Core\Backend;
class ForwardController extends ApiMutableModelControllerBase
{
static protected $internalModelName = 'forward';
static protected $internalModelClass = '\OPNsense\Dnscryptproxy\Forward';
public function searchForwardAction()
{
return $this->searchBase('forwards.forward', array("enabled", "domain", "dnsserver"));
}
public function getForwardAction($uuid = null)
{
$this->sessionClose();
return $this->getBase('forward', 'forwards.forward', $uuid);
}
public function addForwardAction()
{
return $this->addBase('forward', 'forwards.forward');
}
public function delForwardAction($uuid)
{
return $this->delBase('forwards.forward', $uuid);
}
public function setForwardAction($uuid)
{
return $this->setBase('forward', 'forwards.forward', $uuid);
}
public function toggleForwardAction($uuid)
{
return $this->toggleBase('forwards.forward', $uuid);
}
}

39
dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/Api/GeneralController.php Normal file
View file

@ -0,0 +1,39 @@
<?php
/**
* Copyright (C) 2018 Michael Muenz <m.muenz@gmail.com>
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\Dnscryptproxy\Api;
use OPNsense\Base\ApiMutableModelControllerBase;
class GeneralController extends ApiMutableModelControllerBase
{
static protected $internalModelClass = '\OPNsense\Dnscryptproxy\General';
static protected $internalModelName = 'general';
}

47
dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/Api/ServiceController.php Normal file
View file

@ -0,0 +1,47 @@
<?php
/**
* Copyright (C) 2018 Michael Muenz <m.muenz@gmail.com>
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\Dnscryptproxy\Api;
use OPNsense\Base\ApiMutableServiceControllerBase;
use OPNsense\Core\Backend;
use OPNsense\Dnscryptproxy\General;
/**
* Class ServiceController
* @package OPNsense\Dnscrypt-proxy
*/
class ServiceController extends ApiMutableServiceControllerBase
{
static protected $internalServiceClass = '\OPNsense\Dnscryptproxy\General';
static protected $internalServiceTemplate = 'OPNsense/Dnscryptproxy';
static protected $internalServiceEnabled = 'enabled';
static protected $internalServiceName = 'dnscryptproxy';
}

65
dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/Api/WhitelistController.php Normal file
View file

@ -0,0 +1,65 @@
<?php
/**
* Copyright (C) 2018 Michael Muenz <m.muenz@gmail.com>
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\Dnscryptproxy\Api;
use \OPNsense\Base\ApiMutableModelControllerBase;
use \OPNsense\Core\Backend;
class WhitelistController extends ApiMutableModelControllerBase
{
static protected $internalModelName = 'whitelist';
static protected $internalModelClass = '\OPNsense\Dnscryptproxy\Whitelist';
public function searchWhitelistAction()
{
return $this->searchBase('whitelists.whitelist', array("enabled", "name"));
}
public function getWhitelistAction($uuid = null)
{
$this->sessionClose();
return $this->getBase('whitelist', 'whitelists.whitelist', $uuid);
}
public function addWhitelistAction()
{
return $this->addBase('whitelist', 'whitelists.whitelist');
}
public function delWhitelistAction($uuid)
{
return $this->delBase('whitelists.whitelist', $uuid);
}
public function setWhitelistAction($uuid)
{
return $this->setBase('whitelist', 'whitelists.whitelist', $uuid);
}
public function toggleWhitelistAction($uuid)
{
return $this->toggleBase('whitelists.whitelist', $uuid);
}
}

41
dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/GeneralController.php Normal file
View file

@ -0,0 +1,41 @@
<?php
/*
Copyright (C) 2018 Michael Muenz <m.muenz@gmail.com>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\Dnscryptproxy;
class GeneralController extends \OPNsense\Base\IndexController
{
public function indexAction()
{
$this->view->generalForm = $this->getForm("general");
$this->view->formDialogEditDnscryptproxyForward = $this->getForm("dialogEditDnscryptproxyForward");
$this->view->formDialogEditDnscryptproxyCloak = $this->getForm("dialogEditDnscryptproxyCloak");
$this->view->formDialogEditDnscryptproxyWhitelist = $this->getForm("dialogEditDnscryptproxyWhitelist");
$this->view->pick('OPNsense/Dnscryptproxy/general');
}
}

20
dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/dialogEditDnscryptproxyCloak.xml Normal file
View file

@ -0,0 +1,20 @@
<form>
<field>
<id>cloak.enabled</id>
<label>Enabled</label>
<type>checkbox</type>
<help>This will enable or disable this override.</help>
</field>
<field>
<id>cloak.name</id>
<label>Name</label>
<type>text</type>
<help>Set the name to override, e.g. www.google.*</help>
</field>
<field>
<id>cloak.destination</id>
<label>Destination</label>
<type>text</type>
<help>Set target name to what to resolve.</help>
</field>
</form>

20
dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/dialogEditDnscryptproxyForward.xml Normal file
View file

@ -0,0 +1,20 @@
<form>
<field>
<id>forward.enabled</id>
<label>Enabled</label>
<type>checkbox</type>
<help>This will enable or disable this forward.</help>
</field>
<field>
<id>forward.domain</id>
<label>Domain</label>
<type>text</type>
<help>Set the domain, e.g. example.com</help>
</field>
<field>
<id>forward.dnsserver</id>
<label>DNS Server</label>
<type>text</type>
<help>Set the IP addresses to forward the domain.</help>
</field>
</form>

14
dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/dialogEditDnscryptproxyWhitelist.xml Normal file
View file

@ -0,0 +1,14 @@
<form>
<field>
<id>whitelist.enabled</id>
<label>Enabled</label>
<type>checkbox</type>
<help>This will enable or disable the whitelist entry.</help>
</field>
<field>
<id>whitelist.name</id>
<label>Name</label>
<type>text</type>
<help>Set the domain, IP or expression to whitelist, e.g. ads.* or *.example.com</help>
</field>
</form>

154
dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/general.xml Normal file
View file

@ -0,0 +1,154 @@
<form>
<field>
<id>general.enabled</id>
<label>Enable DNSCrypt-Proxy</label>
<type>checkbox</type>
<help>This will activate DNSCrypt-Proxy service.</help>
</field>
<field>
<id>general.listen_addresses</id>
<label>Listen Address</label>
<style>tokenize</style>
<type>select_multiple</type>
<allownew>true</allownew>
<help>Set the IP address and port combinations this service should listen on, e.g 127.0.0.1:5353 and/or [::1]:5353</help>
</field>
<field>
<id>general.max_clients</id>
<label>Max Client Connections</label>
<type>text</type>
<help>Set the maximum number of simultaneous client connections to accept.</help>
</field>
<field>
<id>general.ipv4_servers</id>
<label>Use IPv4 Servers</label>
<type>checkbox</type>
<help>Let DNSCrypt-Proxy use IPv4 enabled servers.</help>
</field>
<field>
<id>general.ipv6_servers</id>
<label>Use IPv6 Servers</label>
<type>checkbox</type>
<help>Let DNSCrypt-Proxy use IPv6 enabled servers.</help>
</field>
<field>
<id>general.dnscrypt_servers</id>
<label>Use DNSCrypt Servers</label>
<type>checkbox</type>
<help>Let DNSCrypt-Proxy use servers with DNSCrypt protocol enabled.</help>
</field>
<field>
<id>general.doh_servers</id>
<label>Use DNS-over-HTTPS Servers</label>
<type>checkbox</type>
<help>Let DNSCrypt-Proxy use servers with DNS-over-HTTPS protocol enabled.</help>
</field>
<field>
<id>general.require_dnssec</id>
<label>Require DNSSEC</label>
<type>checkbox</type>
<help>Only use DNS server with DNSSEC enabled.</help>
</field>
<field>
<id>general.require_nolog</id>
<label>Require NoLog</label>
<type>checkbox</type>
<help>Only use DNS server without user request logging.</help>
</field>
<field>
<id>general.require_nofilter</id>
<label>Require NoFilter</label>
<type>checkbox</type>
<help>Only use DNS server without own blacklisting. There are many servers deleting ads or with parental control enabled.</help>
</field>
<field>
<id>general.force_tcp</id>
<label>Force TCP</label>
<type>checkbox</type>
<help>Always use TCP to connect to upstream servers. This can be can be useful if you need to route everything through Tor, otherwise keep it disabled.</help>
</field>
<field>
<id>general.proxy</id>
<label>Proxy</label>
<type>text</type>
<help>Use this to route all TCP connections to a local Tor node, format has to be like 127.0.0.1:9050</help>
</field>
<field>
<id>general.timeout</id>
<label>Timeout</label>
<type>text</type>
<help>How long a DNS query will wait for a response in milliseconds.</help>
</field>
<field>
<id>general.keepalive</id>
<label>Keepalive</label>
<type>text</type>
<help>Keepalive for HTTP (HTTPS, HTTP/2) queries in seconds.</help>
</field>
<field>
<id>general.cert_refresh_delay</id>
<label>Cert Refresh Delay</label>
<type>text</type>
<help>Delay in minutes after which certificates are reloaded.</help>
</field>
<field>
<id>general.dnscrypt_ephemeral_keys</id>
<label>Ephemeral Keys</label>
<type>checkbox</type>
<help>Create a new, unique key for every single DNS query. This may improve privacy but can also have a significant impact on CPU usage.</help>
</field>
<field>
<id>general.tls_disable_session_tickets</id>
<label>TLS Disable Session Tickets</label>
<type>checkbox</type>
<help>Disable TLS session tickets - increases privacy but also latency.</help>
</field>
<field>
<id>general.fallback_resolver</id>
<label>Fallback Resolver</label>
<type>text</type>
<help>This is a normal, non-encrypted DNS resolver, that will be only used for one-shot queries when retrieving the initial resolvers list, and only if the system DNS configuration does not work. Format is e.g. 9.9.9.9:53</help>
</field>
<field>
<id>general.block_ipv6</id>
<label>Block IPv6</label>
<type>checkbox</type>
<help>Immediately respond to IPv6-related queries with an empty response. This makes things faster when there is no IPv6 connectivity.</help>
</field>
<field>
<id>general.cache</id>
<label>Cache</label>
<type>checkbox</type>
<help>Enable a DNS cache to reduce latency and outgoing traffic.</help>
</field>
<field>
<id>general.cache_size</id>
<label>Cache Size</label>
<type>text</type>
<help>Set the cache size.</help>
</field>
<field>
<id>general.cache_min_ttl</id>
<label>Cache Min TTL</label>
<type>text</type>
<help>Minimum TTL for cached entries.</help>
</field>
<field>
<id>general.cache_max_ttl</id>
<label>Cache Max TTL</label>
<type>text</type>
<help>Maximum TTL for cached entries.</help>
</field>
<field>
<id>general.cache_neg_min_ttl</id>
<label>Cache Negative Min TTL</label>
<type>text</type>
<help>Minimum TTL for negatively cached entries.</help>
</field>
<field>
<id>general.cache_neg_max_ttl</id>
<label>Cache Negative Max TTL</label>
<type>text</type>
<help>Maximum TTL for negatively cached entries.</help>
</field>
</form>

9
dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/ACL/ACL.xml Normal file
View file

@ -0,0 +1,9 @@
<acl>
<page-dnscryptproxy-config>
<name>Services: dnscrypt-proxy</name>
<patterns>
<pattern>ui/dnscryptproxy/*</pattern>
<pattern>api/dnscryptproxy/*</pattern>
</patterns>
</page-dnscryptproxy-config>
</acl>

31
dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/Cloak.php Normal file
View file

@ -0,0 +1,31 @@
<?php
/*
Copyright (C) 2018 Michael Muenz <m.muenz@gmail.com>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\Dnscryptproxy;
use OPNsense\Base\BaseModel;
class Cloak extends BaseModel
{
}

21
dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/Cloak.xml Normal file
View file

@ -0,0 +1,21 @@
<model>
<mount>//OPNsense/dnscryptproxy/cloak</mount>
<description>dnscrypt-proxy Override configuration</description>
<version>0.1.0</version>
<items>
<cloaks>
<cloak type="ArrayField">
<enabled type="BooleanField">
<default>1</default>
<Required>Y</Required>
</enabled>
<name type="TextField">
<Required>Y</Required>
</name>
<destination type="HostnameField">
<Required>Y</Required>
</destination>
</cloak>
</cloaks>
</items>
</model>

31
dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/Forward.php Normal file
View file

@ -0,0 +1,31 @@
<?php
/*
Copyright (C) 2018 Michael Muenz <m.muenz@gmail.com>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\Dnscryptproxy;
use OPNsense\Base\BaseModel;
class Forward extends BaseModel
{
}

21
dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/Forward.xml Normal file
View file

@ -0,0 +1,21 @@
<model>
<mount>//OPNsense/dnscryptproxy/forward</mount>
<description>dnscrypt-proxy Forwarder configuration</description>
<version>0.1.0</version>
<items>
<forwards>
<forward type="ArrayField">
<enabled type="BooleanField">
<default>1</default>
<Required>Y</Required>
</enabled>
<domain type="HostnameField">
<Required>Y</Required>
</domain>
<dnsserver type="HostnameField">
<Required>Y</Required>
</dnsserver>
</forward>
</forwards>
</items>
</model>

35
dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.php Normal file
View file

@ -0,0 +1,35 @@
<?php
/*
Copyright (C) 2018 Michael Muenz <m.muenz@gmail.com>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\Dnscryptproxy;
use OPNsense\Base\BaseModel;
class General extends BaseModel
{
}

133
dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml Normal file
View file

@ -0,0 +1,133 @@
<model>
<mount>//OPNsense/dnscryptproxy/general</mount>
<description>dnscrypt-proxy configuration</description>
<version>0.1.0</version>
<items>
<enabled type="BooleanField">
<default>0</default>
<Required>Y</Required>
</enabled>
<listen_addresses type="CSVListField">
<default>127.0.0.1:5353,[::1]:5353</default>
<Required>N</Required>
</listen_addresses>
<max_clients type="IntegerField">
<default>250</default>
<Required>Y</Required>
<MinimumValue>1</MinimumValue>
<MaximumValue>10000</MaximumValue>
<ValidationMessage>Choose a number between 1 and 10000.</ValidationMessage>
</max_clients>
<ipv4_servers type="BooleanField">
<default>1</default>
<Required>Y</Required>
</ipv4_servers>
<ipv6_servers type="BooleanField">
<default>0</default>
<Required>Y</Required>
</ipv6_servers>
<dnscrypt_servers type="BooleanField">
<default>1</default>
<Required>Y</Required>
</dnscrypt_servers>
<doh_servers type="BooleanField">
<default>1</default>
<Required>Y</Required>
</doh_servers>
<require_dnssec type="BooleanField">
<default>0</default>
<Required>Y</Required>
</require_dnssec>
<require_nolog type="BooleanField">
<default>1</default>
<Required>Y</Required>
</require_nolog>
<require_nofilter type="BooleanField">
<default>0</default>
<Required>Y</Required>
</require_nofilter>
<force_tcp type="BooleanField">
<default>0</default>
<Required>Y</Required>
</force_tcp>
<proxy type="TextField">
<Required>N</Required>
</proxy>
<timeout type="IntegerField">
<default>2500</default>
<Required>Y</Required>
<MinimumValue>100</MinimumValue>
<MaximumValue>10000</MaximumValue>
<ValidationMessage>Choose a number between 100 and 10000.</ValidationMessage>
</timeout>
<keepalive type="IntegerField">
<default>30</default>
<Required>Y</Required>
<MinimumValue>1</MinimumValue>
<MaximumValue>600</MaximumValue>
<ValidationMessage>Choose a number between 1 and 600.</ValidationMessage>
</keepalive>
<cert_refresh_delay type="IntegerField">
<default>240</default>
<Required>Y</Required>
<MinimumValue>1</MinimumValue>
<MaximumValue>3600</MaximumValue>
<ValidationMessage>Choose a number between 1 and 3600.</ValidationMessage>
</cert_refresh_delay>
<dnscrypt_ephemeral_keys type="BooleanField">
<default>0</default>
<Required>Y</Required>
</dnscrypt_ephemeral_keys>
<tls_disable_session_tickets type="BooleanField">
<default>0</default>
<Required>Y</Required>
</tls_disable_session_tickets>
<fallback_resolver type="TextField">
<default>9.9.9.9:53</default>
<Required>Y</Required>
</fallback_resolver>
<block_ipv6 type="BooleanField">
<default>0</default>
<Required>Y</Required>
</block_ipv6>
<cache type="BooleanField">
<default>1</default>
<Required>Y</Required>
</cache>
<cache_size type="IntegerField">
<default>512</default>
<Required>Y</Required>
<MinimumValue>1</MinimumValue>
<MaximumValue>20480</MaximumValue>
<ValidationMessage>Choose a number between 1 and 20480.</ValidationMessage>
</cache_size>
<cache_min_ttl type="IntegerField">
<default>600</default>
<Required>Y</Required>
<MinimumValue>1</MinimumValue>
<MaximumValue>3600</MaximumValue>
<ValidationMessage>Choose a number between 1 and 3600.</ValidationMessage>
</cache_min_ttl>
<cache_max_ttl type="IntegerField">
<default>86400</default>
<Required>Y</Required>
<MinimumValue>1</MinimumValue>
<MaximumValue>86400</MaximumValue>
<ValidationMessage>Choose a number between 1 and 86400.</ValidationMessage>
</cache_max_ttl>
<cache_neg_min_ttl type="IntegerField">
<default>60</default>
<Required>Y</Required>
<MinimumValue>1</MinimumValue>
<MaximumValue>3600</MaximumValue>
<ValidationMessage>Choose a number between 1 and 3600.</ValidationMessage>
</cache_neg_min_ttl>
<cache_neg_max_ttl type="IntegerField">
<default>600</default>
<Required>Y</Required>
<MinimumValue>1</MinimumValue>
<MaximumValue>86400</MaximumValue>
<ValidationMessage>Choose a number between 1 and 86400.</ValidationMessage>
</cache_neg_max_ttl>
</items>
</model>

5
dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/Menu/Menu.xml Normal file
View file

@ -0,0 +1,5 @@
<menu>
<Services>
<DNSCrypt-Proxy cssClass="fa fa-lock fa-fw" url="/ui/dnscryptproxy/general/index" />
</Services>
</menu>

31
dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/Whitelist.php Normal file
View file

@ -0,0 +1,31 @@
<?php
/*
Copyright (C) 2018 Michael Muenz <m.muenz@gmail.com>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\Dnscryptproxy;
use OPNsense\Base\BaseModel;
class Whitelist extends BaseModel
{
}

18
dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/Whitelist.xml Normal file
View file

@ -0,0 +1,18 @@
<model>
<mount>//OPNsense/dnscryptproxy/whitelist</mount>
<description>dnscrypt-proxy Whitelist configuration</description>
<version>0.1.0</version>
<items>
<whitelists>
<whitelist type="ArrayField">
<enabled type="BooleanField">
<default>1</default>
<Required>Y</Required>
</enabled>
<name type="TextField">
<Required>Y</Required>
</name>
</whitelist>
</whitelists>
</items>
</model>

219
dns/dnscrypt-proxy/src/opnsense/mvc/app/views/OPNsense/Dnscryptproxy/general.volt Normal file
View file

@ -0,0 +1,219 @@
{#
OPNsense® is Copyright © 2014 2018 by Deciso B.V.
This file is Copyright © 2018 by Michael Muenz <m.muenz@gmail.com>
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
#}
<!-- Navigation bar -->
<ul class="nav nav-tabs" data-tabs="tabs" id="maintabs">
<li class="active"><a data-toggle="tab" href="#general">{{ lang._('General') }}</a></li>
<li><a data-toggle="tab" href="#forwards">{{ lang._('Forwarders') }}</a></li>
<li><a data-toggle="tab" href="#cloaks">{{ lang._('Overrides') }}</a></li>
<li><a data-toggle="tab" href="#whitelists">{{ lang._('Whitelists') }}</a></li>
</ul>
<div class="tab-content content-box tab-content">
<div id="general" class="tab-pane fade in active">
<div class="content-box" style="padding-bottom: 1.5em;">
{{ partial("layout_partials/base_form",['fields':generalForm,'id':'frm_general_settings'])}}
<div class="col-md-12">
<hr />
<button class="btn btn-primary" id="saveAct" type="button"><b>{{ lang._('Save') }}</b><i id="saveAct_progress"></i></button>
</div>
</div>
</div>
<div id="forwards" class="tab-pane fade in">
<table id="grid-forwards" class="table table-responsive" data-editDialog="dialogEditDnscryptproxyForward">
<thead>
<tr>
<th data-column-id="enabled" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
<th data-column-id="domain" data-type="string" data-visible="true">{{ lang._('Domain') }}</th>
<th data-column-id="dnsserver" data-type="string" data-visible="true">{{ lang._('DNS Server') }}</th>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
<th data-column-id="commands" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
</tr>
</thead>
<tbody>
</tbody>
<tfoot>
<tr>
<td colspan="5"></td>
<td>
<button data-action="add" type="button" class="btn btn-xs btn-default"><span class="fa fa-plus"></span></button>
</td>
</tr>
</tfoot>
</table>
<div class="col-md-12">
<hr />
<button class="btn btn-primary" id="saveAct_forward" type="button"><b>{{ lang._('Save') }}</b><i id="saveAct_forward_progress"></i></button>
<br /><br />
</div>
</div>
<div id="cloaks" class="tab-pane fade in">
<table id="grid-cloaks" class="table table-responsive" data-editDialog="dialogEditDnscryptproxyCloak">
<thead>
<tr>
<th data-column-id="enabled" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
<th data-column-id="name" data-type="string" data-visible="true">{{ lang._('Name') }}</th>
<th data-column-id="destination" data-type="string" data-visible="true">{{ lang._('Destination') }}</th>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
<th data-column-id="commands" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
</tr>
</thead>
<tbody>
</tbody>
<tfoot>
<tr>
<td colspan="5"></td>
<td>
<button data-action="add" type="button" class="btn btn-xs btn-default"><span class="fa fa-plus"></span></button>
</td>
</tr>
</tfoot>
</table>
<div class="col-md-12">
<hr />
<button class="btn btn-primary" id="saveAct_cloak" type="button"><b>{{ lang._('Save') }}</b><i id="saveAct_cloak_progress"></i></button>
<br /><br />
</div>
</div>
<div id="whitelists" class="tab-pane fade in">
<table id="grid-whitelists" class="table table-responsive" data-editDialog="dialogEditDnscryptproxyWhitelist">
<thead>
<tr>
<th data-column-id="enabled" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
<th data-column-id="name" data-type="string" data-visible="true">{{ lang._('Name') }}</th>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
<th data-column-id="commands" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
</tr>
</thead>
<tbody>
</tbody>
<tfoot>
<tr>
<td colspan="5"></td>
<td>
<button data-action="add" type="button" class="btn btn-xs btn-default"><span class="fa fa-plus"></span></button>
</td>
</tr>
</tfoot>
</table>
<div class="col-md-12">
<hr />
<button class="btn btn-primary" id="saveAct_whitelist" type="button"><b>{{ lang._('Save') }}</b><i id="saveAct_whitelist_progress"></i></button>
<br /><br />
</div>
</div>
</div>
{{ partial("layout_partials/base_dialog",['fields':formDialogEditDnscryptproxyForward,'id':'dialogEditDnscryptproxyForward','label':lang._('Edit Forwarders')])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogEditDnscryptproxyCloak,'id':'dialogEditDnscryptproxyCloak','label':lang._('Edit Overrides')])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogEditDnscryptproxyWhitelist,'id':'dialogEditDnscryptproxyWhitelist','label':lang._('Edit Whitelists')])}}
<script>
$( document ).ready(function() {
var data_get_map = {'frm_general_settings':"/api/dnscryptproxy/general/get"};
mapDataToFormUI(data_get_map).done(function(data){
formatTokenizersUI();
$('.selectpicker').selectpicker('refresh');
});
updateServiceControlUI('dnscryptproxy');
$("#grid-forwards").UIBootgrid(
{ 'search':'/api/dnscryptproxy/forward/searchForward',
'get':'/api/dnscryptproxy/forward/getForward/',
'set':'/api/dnscryptproxy/forward/setForward/',
'add':'/api/dnscryptproxy/forward/addForward/',
'del':'/api/dnscryptproxy/forward/delForward/',
'toggle':'/api/dnscryptproxy/forward/toggleForward/'
}
);
$("#grid-cloaks").UIBootgrid(
{ 'search':'/api/dnscryptproxy/cloak/searchCloak',
'get':'/api/dnscryptproxy/cloak/getCloak/',
'set':'/api/dnscryptproxy/cloak/setCloak/',
'add':'/api/dnscryptproxy/cloak/addCloak/',
'del':'/api/dnscryptproxy/cloak/delCloak/',
'toggle':'/api/dnscryptproxy/cloak/toggleCloak/'
}
);
$("#grid-whitelists").UIBootgrid(
{ 'search':'/api/dnscryptproxy/whitelist/searchWhitelist',
'get':'/api/dnscryptproxy/whitelist/getWhitelist/',
'set':'/api/dnscryptproxy/whitelist/setWhitelist/',
'add':'/api/dnscryptproxy/whitelist/addWhitelist/',
'del':'/api/dnscryptproxy/whitelist/delWhitelist/',
'toggle':'/api/dnscryptproxy/whitelist/toggleWhitelist/'
}
);
$("#saveAct").click(function(){
saveFormToEndpoint(url="/api/dnscryptproxy/general/set", formid='frm_general_settings',callback_ok=function(){
$("#saveAct_progress").addClass("fa fa-spinner fa-pulse");
ajaxCall(url="/api/dnscryptproxy/service/reconfigure", sendData={}, callback=function(data,status) {
updateServiceControlUI('dnscryptproxy');
$("#saveAct_progress").removeClass("fa fa-spinner fa-pulse");
});
});
});
$("#saveAct_forward").click(function(){
saveFormToEndpoint(url="/api/dnscryptproxy/forward/set", formid='frm_general_settings',callback_ok=function(){
$("#saveAct_forward_progress").addClass("fa fa-spinner fa-pulse");
ajaxCall(url="/api/dnscryptproxy/service/reconfigure", sendData={}, callback=function(data,status) {
updateServiceControlUI('dnscryptproxy');
$("#saveAct_forward_progress").removeClass("fa fa-spinner fa-pulse");
});
});
});
$("#saveAct_cloak").click(function(){
saveFormToEndpoint(url="/api/dnscryptproxy/cloak/set", formid='frm_general_settings',callback_ok=function(){
$("#saveAct_cloak_progress").addClass("fa fa-spinner fa-pulse");
ajaxCall(url="/api/dnscryptproxy/service/reconfigure", sendData={}, callback=function(data,status) {
updateServiceControlUI('dnscryptproxy');
$("#saveAct_cloak_progress").removeClass("fa fa-spinner fa-pulse");
});
});
});
$("#saveAct_whitelist").click(function(){
saveFormToEndpoint(url="/api/dnscryptproxy/whitelist/set", formid='frm_general_settings',callback_ok=function(){
$("#saveAct_whitelist_progress").addClass("fa fa-spinner fa-pulse");
ajaxCall(url="/api/dnscryptproxy/service/reconfigure", sendData={}, callback=function(data,status) {
updateServiceControlUI('dnscryptproxy');
$("#saveAct_whitelist_progress").removeClass("fa fa-spinner fa-pulse");
});
});
});
});
</script>

23
dns/dnscrypt-proxy/src/opnsense/service/conf/actions.d/actions_dnscryptproxy.conf Normal file
View file

@ -0,0 +1,23 @@
[start]
command:/usr/local/etc/rc.d/dnscrypt-proxy start
parameters:
type:script
message:starting dnscrypt-proxy
[stop]
command:/usr/local/etc/rc.d/dnscrypt-proxy stop
parameters:
type:script
message:stopping dnscrypt-proxy
[restart]
command:/usr/local/etc/rc.d/dnscrypt-proxy restart
parameters:
type:script
message:restarting dnscrypt-proxy
[status]
command:/usr/local/etc/rc.d/dnscrypt-proxy status; exit 0
parameters:
type:script
message:restarting dnscrypt-proxy

5
dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/+TARGETS Normal file
View file

@ -0,0 +1,5 @@
dnscrypt_proxy:/etc/rc.conf.d/dnscrypt_proxy
dnscrypt-proxy.toml:/usr/local/etc/dnscrypt-proxy/dnscrypt-proxy.toml
cloaking-rules.txt:/usr/local/etc/dnscrypt-proxy/cloaking-rules.txt
forwarding-rules.txt:/usr/local/etc/dnscrypt-proxy/forwarding-rules.txt
whitelist.txt:/usr/local/etc/dnscrypt-proxy/whitelist.txt

11
dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/cloaking-rules.txt Normal file
View file

@ -0,0 +1,11 @@
{% if helpers.exists('OPNsense.dnscryptproxy.general.enabled') and OPNsense.dnscryptproxy.general.enabled == '1' %}
{% if helpers.exists('OPNsense.dnscryptproxy.cloak.cloaks.cloak') %}
{% for cloak_list in helpers.toList('OPNsense.dnscryptproxy.cloak.cloaks.cloak') %}
{% if cloak_list.enabled == '1' %}
{{ cloak_list.name }} {{ cloak_list.destination }}
{% endif %}
{% endfor %}
{% endif %}
{% endif %}

138
dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml Normal file
View file

@ -0,0 +1,138 @@
{% if helpers.exists('OPNsense.dnscryptproxy.general.enabled') and OPNsense.dnscryptproxy.general.enabled == '1' %}
{% if helpers.exists('OPNsense.dnscryptproxy.general.listen_addresses') and OPNsense.dnscryptproxy.general.listen_addresses != '' %}
listen_addresses = [{{ "'" + ("','".join(OPNsense.dnscryptproxy.general.listen_addresses.split(','))) + "'" }}]
{% else %}
listen_addresses = []
{% endif %}
max_clients = {{ OPNsense.dnscryptproxy.general.max_clients }}
{% if helpers.exists('OPNsense.dnscryptproxy.general.ipv4_servers') and OPNsense.dnscryptproxy.general.ipv4_servers == '1' %}
ipv4_servers = true
{% else %}
ipv4_servers = false
{% endif %}
{% if helpers.exists('OPNsense.dnscryptproxy.general.ipv6_servers') and OPNsense.dnscryptproxy.general.ipv6_servers == '1' %}
ipv6_servers = true
{% else %}
ipv6_servers = false
{% endif %}
{% if helpers.exists('OPNsense.dnscryptproxy.general.dnscrypt_servers') and OPNsense.dnscryptproxy.general.dnscrypt_servers == '1' %}
dnscrypt_servers = true
{% else %}
dnscrypt_servers = false
{% endif %}
{% if helpers.exists('OPNsense.dnscryptproxy.general.doh_servers') and OPNsense.dnscryptproxy.general.doh_servers == '1' %}
doh_servers = true
{% else %}
doh_servers = false
{% endif %}
{% if helpers.exists('OPNsense.dnscryptproxy.general.require_dnssec') and OPNsense.dnscryptproxy.general.require_dnssec == '1' %}
require_dnssec = true
{% else %}
require_dnssec = false
{% endif %}
{% if helpers.exists('OPNsense.dnscryptproxy.general.require_nolog') and OPNsense.dnscryptproxy.general.require_nolog == '1' %}
require_nolog = true
{% else %}
require_nolog = false
{% endif %}
{% if helpers.exists('OPNsense.dnscryptproxy.general.require_nofilter') and OPNsense.dnscryptproxy.general.require_nofilter == '1' %}
require_nofilter = true
{% else %}
require_nofilter = false
{% endif %}
{% if helpers.exists('OPNsense.dnscryptproxy.general.force_tcp') and OPNsense.dnscryptproxy.general.force_tcp == '1' %}
force_tcp = true
{% else %}
force_tcp = false
{% endif %}
{% if helpers.exists('OPNsense.dnscryptproxy.general.proxy') and OPNsense.dnscryptproxy.general.proxy != '' %}
proxy = "socks5://{{ OPNsense.dnscryptproxy.general.proxy }}"
{% endif %}
timeout = {{ OPNsense.dnscryptproxy.general.timeout }}
keepalive = {{ OPNsense.dnscryptproxy.general.keepalive }}
log_level = 2
log_file = 'dnscrypt-proxy.log'
use_syslog = false
cert_refresh_delay = {{ OPNsense.dnscryptproxy.general.cert_refresh_delay }}
{% if helpers.exists('OPNsense.dnscryptproxy.general.dnscrypt_ephemeral_keys') and OPNsense.dnscryptproxy.general.dnscrypt_ephemeral_keys == '1' %}
dnscrypt_ephemeral_keys = true
{% else %}
dnscrypt_ephemeral_keys = false
{% endif %}
{% if helpers.exists('OPNsense.dnscryptproxy.general.tls_disable_session_tickets') and OPNsense.dnscryptproxy.general.tls_disable_session_tickets == '1' %}
tls_disable_session_tickets = true
{% else %}
tls_disable_session_tickets = false
{% endif %}
fallback_resolver = '{{ OPNsense.dnscryptproxy.general.fallback_resolver }}'
{% if helpers.exists('OPNsense.dnscryptproxy.general.ignore_system_dns') and OPNsense.dnscryptproxy.general.ignore_system_dns == '1' %}
ignore_system_dns = true
{% else %}
ignore_system_dns = false
{% endif %}
netprobe_timeout = 30
log_files_max_size = 10
log_files_max_age = 7
log_files_max_backups = 1
{% if helpers.exists('OPNsense.dnscryptproxy.general.block_ipv6') and OPNsense.dnscryptproxy.general.block_ipv6 == '1' %}
block_ipv6 = true
{% else %}
block_ipv6 = false
{% endif %}
forwarding_rules = 'forwarding-rules.txt'
cloaking_rules = 'cloaking-rules.txt'
{% if helpers.exists('OPNsense.dnscryptproxy.cache') and OPNsense.dnscryptproxy.cache == '1' %}
cache = true
cache_size = {{ OPNsense.dnscryptproxy.general.cache_size }}
cache_min_ttl = {{ OPNsense.dnscryptproxy.general.cache_min_ttl }}
cache_max_ttl = {{ OPNsense.dnscryptproxy.general.cache_max_ttl }}
cache_neg_min_ttl = {{ OPNsense.dnscryptproxy.general.cache_neg_min_ttl }}
cache_neg_max_ttl = {{ OPNsense.dnscryptproxy.general.cache_neg_max_ttl }}
{% else %}
cache = false
{% endif %}
[query_log]
file = 'query.log'
format = 'tsv'
[nx_log]
file = 'nx.log'
format = 'tsv'
[whitelist]
whitelist_file = 'whitelist.txt'
log_file = 'whitelisted.log'
log_format = 'tsv'
[sources]
[sources.'public-resolvers']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
cache_file = 'public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = ''
{% endif %}

5
dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt_proxy Normal file
View file

@ -0,0 +1,5 @@
{% if helpers.exists('OPNsense.dnscryptproxy.general.enabled') and OPNsense.dnscryptproxy.general.enabled == '1' %}
dnscrypt_proxy_enable="YES"
{% else %}
dnscrypt_proxy_enable="NO"
{% endif %}

11
dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/forwarding-rules.txt Normal file
View file

@ -0,0 +1,11 @@
{% if helpers.exists('OPNsense.dnscryptproxy.general.enabled') and OPNsense.dnscryptproxy.general.enabled == '1' %}
{% if helpers.exists('OPNsense.dnscryptproxy.forward.forwards.forward') %}
{% for forward_list in helpers.toList('OPNsense.dnscryptproxy.forward.forwards.forward') %}
{% if forward_list.enabled == '1' %}
{{ forward_list.domain }} {{ forward_list.dnsserver }}
{% endif %}
{% endfor %}
{% endif %}
{% endif %}

11
dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/whitelist.txt Normal file
View file

@ -0,0 +1,11 @@
{% if helpers.exists('OPNsense.dnscryptproxy.general.enabled') and OPNsense.dnscryptproxy.general.enabled == '1' %}
{% if helpers.exists('OPNsense.dnscryptproxy.whitelist.whitelists.whitelist') %}
{% for whitelist_list in helpers.toList('OPNsense.dnscryptproxy.whitelist.whitelists.whitelist') %}
{% if whitelist_list.enabled == '1' %}
{{ whitelist_list.name }}
{% endif %}
{% endfor %}
{% endif %}
{% endif %}