Merge branch 'opnsense:master' into zenarmor-patch-3

6 months ago · e3bfba6d08
parent 9cb8562d9d bcb0368cc4
commit e3bfba6d08
3 changed files with 15 additions and 3 deletions
--- a/source/manual/how-tos/sslvpn_instance_s2s.rst
+++ b/source/manual/how-tos/sslvpn_instance_s2s.rst
@ -47,7 +47,7 @@ to peer both firewalls. We will create a tunnel network  :code:`10.1.8.0/24` bet
          fwa [shape = "cisco.firewall", address="10.0.8.1/24"];
      }
      network Ext {
-          address = "10.10.8.0/24";
+          address = "WAN net 10.10.8.0/24";
          label = "Tunnel net 10.1.8.0/24";
          fwa [shape = "cisco.firewall", address="10.10.8.1/24"];
          fwb [shape = "cisco.firewall", address="10.10.8.2/24"];
@ -89,7 +89,7 @@ We have chosen to setup the server on "Site B", so we start with Trust configura
   * Choose the just created authority in `Certificate authority`
   * Add descriptive information for this CA (`Descriptive name`, whereabouts are copied from the CA)
   * Set Type to `Server`
-   * Choose cryptographic settings, lifetime determines the validaty of the server certificate (you do need to track this yourself), it's allow to choose a longer period here
+   * Choose cryptographic settings, lifetime determines the validaty of the server certificate (you do need to track this yourself), it's allowed to choose a longer period here
   * Set the `Common Name` to the fqdn of this machine.

 * As the client (Site A) will also need a **Certificate**, we need to create a certificate, also using :menuselection:`System --> Trust --> Certificates`
@ -119,7 +119,7 @@ select `auth` as mode and click the gear button to generate one. Provide a descr
 Prepare Site A
 ..........................................

-*  Copy the public part of the certificate authority to the firewall at Site a (use the download button and copy the contents into a new CA on this host)
+*  Copy the public part of the certificate authority to the firewall at Site A (use the download button and copy the contents into a new CA on this host)
 *  Copy the public and private part of the client certificate into a new one on Site A
 *  Copy the contents of the static key to a new entry and select the same type

--- a/source/releases/BE_23.10.rst
+++ b/source/releases/BE_23.10.rst
@ -297,6 +297,13 @@ Here are the full patch notes:
 * ports: syslog-ng 4.4.0 `[30] <https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.4.0>`__ 
 * ports: unbound 1.18.0 `[31] <https://nlnetlabs.nl/projects/unbound/download/#unbound-1-18-0>`__ 

+A hotfix release was issued as 23.10_2:
+
+* system: detect a on/off password shift when syncing user accounts
+* firewall: when migrating aliases make sure that nesting does not fail
+* plugins: os-OPNWAF now requires a descrption for virtual servers
+* plugins: os-radsecproxy fixes for stale rc script / pidfile issues
+
 Migration notes, known issues and limitations:

 * The Unbound ACL now defaults to accept all traffic and no longer generates automatic entries.  This was done to avoid connectivity issues on dynamic address setups -- especially with VPN interfaces.  If this is undesirable you can set it to default to block instead and add your manual entries to pass.
--- a/source/releases/CE_23.7.rst
+++ b/source/releases/CE_23.7.rst
@ -131,6 +131,11 @@ A hotfix release was issued as 23.7.7_1:
 * firmware: speed up saving the firmware settings by avoiding the newly extended trust store rewrite
 * firmware: opnsense-update: fix mirror replacement broken by pkg 1.20 compatibility effort

+A hotfix release was issued as 23.7.7_3:
+
+* reporting: fix regression in single measurement RRD data reads
+* ipsec: re-add previously missing PRF hashing options to GCM cipher selection
+


 --------------------------------------------------------------------------