OPNsense Forum
Archive => 22.1 Legacy Series => Topic started by: Drohne on December 09, 2021, 09:08:09 pm
-
Our complete network is behind a PROXY. Within this network, we intend to use OPNsense as the main FW solution. But it seems to be a problem for the OPNsense confid to adapt to HTTP_PROXY environment settings to reach the PROXY.
As FreeBSD user/administrator, it is common to setup the environment with HTTP_PROXY, HTTPS_... and NO_PROXY and its lower case counterparts. For FreeBSD's pkg the place for configure this environment is /usr/local/etc/pkg.conf or whatever config file pkg is delegated to. Settings within pkg.conf do survive a major system update/upgrade.
For OPNsense's configd, the correct place seems to be /usrLocal/opnsense/service/onf/configd.conf, there is a section [environment] and putting the HTTP_PROXY configs there makes OPNsense work through the PROXY as expected.
But the configd.conf configurations vanish after an upgrade/update.
How can this be fixed to be made static and non-volatile?
-
At the moment this isn't supported waiting for a customer request.
You can always rsync an existing mirror (leaseweb allows it for example) and point your firmware URL there locally.
Cheers,
Franco
-
So, this is kind of dog's chasing its tail. I have to evaluate the use of OPNsense for my department and I'm officially not a certified customer paying fees, but pushing upstream a request as customer requires me to be a qualified customer? If not, how can I state such a request?
On the other hand, mirroring results in the same way in a not easily to solve problem without a webservice as I asked in another thread recently when I had my issues with stating the URL's target as "file:///" versus OPNsense's internal expansion of this URL into "pkg+file:///" (for reasons unknown FreeBSD's libfetch doesn't allow this kind of URL ... ).
-
Well, for the time being this is the state of it, yep.
Cheers,
Franco