Update fails without WAN connected port

[mszeliga]

Hi

I'm trying to get OPNsense to work as an "internal" firewall between our test environments and production, so it ends up with no WAN interface.

My primary problem is that I can't fetch updates, I've tried with proxy and without proxy but the result is the same "Connection Error".  Then I added a WAN port (still behind the corporate firewall) but update still fails.
I can see (on the external firewall) it is connecting successfully to mail.opnsense.org on port 80.

Regards
Maciej

[franco]

Hi Maciej,

The work for 16.7 will include firmware improvements that will support custom/internal mirrors directly manageable via the GUI, but you can already set this up manually.

An update server is just a HTTP server with signed packages.

1. You can e.g. sync all packages from a mirror like http://mirror.ams1.nl.leaseweb.net/opnsense/releases/mirror/ and push them to your own web server with the same structure.

2. The /conf/config.xml needs editing in the <system> section, it requires a <firmware><mirror>YOUR_UPDATE_SERVER_AND_DIRECTORY</mirror></firmware> option.

3. The update tool /usr/local/sbin/opnsense-update needs the same MIRROR= location.

At the moment, step 3. will be overwritten by the firmware upgrade. As I said, this will all be weaved into 16.7 and shipped over the upcoming months.


Hope this helps,
Franco