OPNsense Forum
English Forums => Tutorials and FAQs => Topic started by: Maurice on September 06, 2023, 07:28:35 pm
-
Hello all,
After testing OPNsense on ARM64 (aarch64) virtual machines for some time, I've decided to make my firmware repository public. It can be used for installing updates and plugins on existing OPNsense aarch64 systems as well as for quickly building aarch64 images. Updates typically get published the day after the official amd64 updates.
https://opnsense-update.walker.earth
Configure OPNsense to use the repository for updates and plugins
- Add the fingerprint to OPNsense:
fetch -o /usr/local/etc/pkg/fingerprints/OPNsense/trusted https://opnsense-update.walker.earth/FreeBSD:13:aarch64/24.1/opnsense-update.walker.earth.20240113 - Change the firmware mirror:
'System: Firmware: Settings'
Mirror (custom)
https://opnsense-update.walker.earth
Build aarch64 images
- Follow the instructions on https://github.com/opnsense/tools
- Before invoking make arm or make vm, prefetch the sets:
make prefetch-base,kernel,packages MIRRORS=https://opnsense-update.walker.earth
For building VM images, my fork of the OPNsense tools (https://github.com/maurice-w/opnsense-vm-images) allows configuring the default console. Sample VM images are available in the releases section.
None of this is supported by Deciso or the OPNsense core team! Use at your own risk.
Thanks to everyone who contributed to OPNsense-aarch64. I only use the tools others have created.
Cheers
Maurice
The public key for my 24.1-aarch64 packages and sets is:
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzMwX5pdTxFltQrLqv+rj
jictq2E0TqB3kCrsE4wZ2z7CxuXwqxNrv5Y/847MDWfycyPgxyZx5Iuu/5LapiT4
ilVXkx4hmrrdmpXYiUYgXpMXtRPtbYHIje0QN8YJI5lV1qFLErhkuhr5Ch1o3BYS
Schiq+f9D2/RQtgNp6wySV8wgsoE+71G1z4jJMNQK5Rhnz5s9LRtXLWepevsyYB2
nDBqtLIVckGvM/0ivZtTBj+AHkwRUoN5dBIXJigdU6VXnOJQMSWyNC7c1AwzEp5p
1vyKQVAcuK8Y8424SA1CgqxlKb/Z7s5SIn35DLuQd1JcoxYUKBvykzEJQksL6IsO
Of2KJcVn05l5YbyX3UorNam4De003Gx0UWRDFHRBzASVDktihfanWqyDvNty6/ob
yfhRj6rE9cAXKOYBkckTa0B/G4Fw1Qx2GX9oX6ZAqUphfmaBpBnGOt8nQ+8BxMtm
1J2kH4NQ3uOwxWJPkHx08JzPrAxhtFjjvSsQLYULEWM9yA/+nw3HyhDmOtTCbhMQ
o4qq5FV+g7T8g14jLx+ZkPA+W+ax+n46p3ujv2v4U3x5aZtBTGeBV7TadVwikqJ2
d5lSJU0O0F7pCYqwtPkOacK2w/BeYOwpLTXpBY5JlwC+f5kTKs/7gzc4FY3gfgGe
tsY4Z1KlXUh6KTBDhkKk2y0CAwEAAQ==
-----END PUBLIC KEY-----
-
Nice. Thanks for your work!
Only for reference: what's your update strategy? Providing snapshots (time frame?) or follow stable releases?
Cheers,
Franco
-
The plan is to follow stable releases. So far I've released packages and sets matching the 23.7, 23.7.1, 23.7.2 and 23.7.3 tags. When you release an official update, I fire up my build system and set the VERSION accordingly.
Not entirely sure how to deal with hotfixes yet. My 23.7.3 packages do include the hotfixed os-wireguard 2.0_2, but the 23.7.1 packages do not include opnsense 23.7.1_3.
Cheers
Maurice
-
Hotfixes are tricky indeed as they leave the basic formula of building what is tagged.
I wouldn't worry too much about these if you don't happen to be able to pick them up right away (build delay). Following releases sounds like a working strategy for everyone using this. :)
Snapshots are handy too, but too many surprises on updates.
I also see you don't publish development packages (EXTRABRANCH=master). The feature formerly known as "rewind" doesn't like this anyway. It's almost like snapshot releases inside the stable releases so not needed as well.
Cheers,
Franco
-
Did you get any experience with the performance of a Raspberry Pi 4?
I'm kinda curious since I have a few CM4 with waveshare boards, some with pcie nvme or with pcie 2 Nics. But if you already made some tests yourself it would be nice to know what to expect.
I'll definitely try to build it and implement your firmware repo for tests, thank you.
-
I'm currently using this on Ampere Altra based Cloud VMs exclusively (which works flawlessly). Don't own a Raspberry Pi.
yrzr.tk offers images for RPI and well-written docs. They've contributed a lot to OPNsense-aarch64. 👍🎉
-
OPNsense 23.7.4 aarch64 packages and sets released.
Cheers
Maurice
-
OPNsense 23.7.5 aarch64 packages and sets released.
-
OPNsense 23.7.6 aarch64 packages and sets released.
-
Why don't you make this a sticky post?
-
Waited for someone to ask about it ;)
-
I use the build of https://github.com/yrzr/opnsense-tools/releases
This repo worked for me.
Thank you very much.
-
Yep, yrzr's work was the inspiration for my own repo. Their focus clearly is on images for various devices (RPI etc.), while mine is on virtualization and frequent updates.
Expect 23.7.7 by tomorrow.
Cheers
Maurice
-
OPNsense 23.7.7 aarch64 packages and sets released. Includes hotfix 23.7.7_1.
[Update 2023-10-29]
Hotfix 23.7.7_3 released.
-
OPNsense 23.7.8 aarch64 packages and sets released.
[Update 2023-11-13]
Hotfix 23.7.8_1 released.
-
Yay. all the tags in place. Thanks for your work! 8)
-
OPNsense 23.7.9 aarch64 packages and sets released.
-
Thanks for the awesome work!
I downloaded 23.7.9 image and it runs under proxmox arm64 with my RK3399 board!
But after a while I noticed below issue for Plugins I installed: it shows missing packages, and after doing the "Resolve Plugin Conficts> Run the automatic resolver", I got below error messages still:
***GOT REQUEST TO SYNC***
Currently running OPNsense 23.7.9 at Wed Nov 29 17:39:57 CST 2023
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing SELECT k.annotation AS tag, v.annotation AS value FROM pkg_annotation p JOIN annotation k ON (p.tag_id = k.annotation_id) JOIN annotation v ON (p.value_id = v.annotation_id) WHERE p.package_id = 1 ORDER BY tag, value in file pkgdb_iterator.c:198: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing SELECT p.name, p.origin, p.version, 0 FROM packages AS p INNER JOIN deps AS d ON (p.id = d.package_id) WHERE d.name = 'libyaml' in file pkgdb_iterator.c:412: database disk image is malformed
pkg: sqlite error while executing SELECT p.name, p.origin, p.version, 0 FROM packages AS p INNER JOIN deps AS d ON (p.id = d.package_id) WHERE d.name = 'libyaml' in file pkgdb_iterator.c:412: database disk image is malformed
pkg: sqlite error while executing SELECT p.name, p.origin, p.version, 0 FROM packages AS p INNER JOIN deps AS d ON (p.id = d.package_id) WHERE d.name = 'openssl111' in file pkgdb_iterator.c:412: database disk image is malformed
pkg: sqlite error while executing SELECT p.name, p.origin, p.version, 0 FROM packages AS p INNER JOIN deps AS d ON (p.id = d.package_id) WHERE d.name = 'openssl111' in file pkgdb_iterator.c:412: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing SELECT p.name, p.origin, p.version, 0 FROM packages AS p INNER JOIN deps AS d ON (p.id = d.package_id) WHERE d.name = 'libffi' in file pkgdb_iterator.c:412: database disk image is malformed
pkg: sqlite error while executing SELECT k.annotation AS tag, v.annotation AS value FROM pkg_annotation p JOIN annotation k ON (p.tag_id = k.annotation_id) JOIN annotation v ON (p.value_id = v.annotation_id) WHERE p.package_id = 6 ORDER BY tag, value in file pkgdb_iterator.c:198: database disk image is malformed
pkg: sqlite error while executing SELECT k.annotation AS tag, v.annotation AS value FROM pkg_annotation p JOIN annotation k ON (p.tag_id = k.annotation_id) JOIN annotation v ON (p.value_id = v.annotation_id) WHERE p.package_id = 6 ORDER BY tag, value in file pkgdb_iterator.c:198: database disk image is malformed
pkg: sqlite error while executing SELECT p.name, p.origin, p.version, 0 FROM packages AS p INNER JOIN deps AS d ON (p.id = d.package_id) WHERE d.name = 'libffi' in file pkgdb_iterator.c:412: database disk image is malformed
pkg: sqlite error while executing SELECT p.name, p.origin, p.version, 0 FROM packages AS p INNER JOIN deps AS d ON (p.id = d.package_id) WHERE d.name = 'libedit' in file pkgdb_iterator.c:412: database disk image is malformed
pkg: sqlite error while executing SELECT p.name, p.origin, p.version, 0 FROM packages AS p INNER JOIN deps AS d ON (p.id = d.package_id) WHERE d.name = 'libedit' in file pkgdb_iterator.c:412: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing SELECT k.annotation AS tag, v.annotation AS value FROM pkg_annotation p JOIN annotation k ON (p.tag_id = k.annotation_id) JOIN annotation v ON (p.value_id = v.annotation_id) WHERE p.package_id = 15 ORDER BY tag, value in file pkgdb_iterator.c:198: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing SELECT k.annotation AS tag, v.annotation AS value FROM pkg_annotation p JOIN annotation k ON (p.tag_id = k.annotation_id) JOIN annotation v ON (p.value_id = v.annotation_id) WHERE p.package_id = 15 ORDER BY tag, value in file pkgdb_iterator.c:198: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing END TRANSACTION; in file pkgdb.c:2333: database disk image is malformed
Checking integrity...pkg: sqlite error while executing SELECT k.annotation AS tag, v.annotation AS value FROM pkg_annotation p JOIN annotation k ON (p.tag_id = k.annotation_id) JOIN annotation v ON (p.value_id = v.annotation_id) WHERE p.package_id = 6 ORDER BY tag, value in file pkgdb_iterator.c:198: database disk image is malformed
Assertion failed: (p != NULL), function pkg_conflicts_check_local_path, file pkg_jobs_conflicts.c, line 313.
Child process pid=19708 terminated abnormally: Abort trap
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing SELECT k.annotation AS tag, v.annotation AS value FROM pkg_annotation p JOIN annotation k ON (p.tag_id = k.annotation_id) JOIN annotation v ON (p.value_id = v.annotation_id) WHERE p.package_id = 1 ORDER BY tag, value in file pkgdb_iterator.c:198: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing END TRANSACTION; in file pkgdb.c:2333: database disk image is malformed
Checking integrity... done (0 conflicting)
The following 2 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
os-wireguard: 2.5_1
wireguard-kmod: 0.0.20220615_1
Number of packages to be installed: 2
[1/2] Installing wireguard-kmod-0.0.20220615_1...
pkg: sqlite error while executing INSERT OR REPLACE INTO packages( origin, name, version, comment, desc, message, arch, maintainer, www, prefix, flatsize, automatic, licenselogic, time, manifestdigest, dep_formula, vital)VALUES( 'net/wireguard-kmod', 'wireguard-kmod', '0.0.20220615_1', 'WireGuard implementation for the FreeBSD kernel', 'Kernel module for FreeBSD to support Wireguard.
At this time this code is new, unvetted, possibly buggy, and should be
considered "experimental". It might contain security issues. We gladly
welcome your testing and bug reports, but do keep in mind that this code
is new, so some caution should be exercised at the moment for using it
in mission critical environments.', '[{"message":"At this time this code is new, unvetted, possibly buggy, and should be\nconsidered \"experimental\". It might contain security issues. We gladly\nwelcome your testing and bug reports, but do keep in mind that this code\nis new, so some caution should be exercised at the moment for using it\nin mission critical environments.","type":"install"},{"message":"===> NOTICE:\n\nThis port is deprecated; you may wish to reconsider installing it:\n\nOnly useful for FreeBSD 12 which is EoL soon.\n\nIt is scheduled to be removed on or after 2023-12-31."}]', 'FreeBSD:13:aarch64', 'decke@FreeBSD.org', 'https://git.zx2c4.com/wireguard-freebsd/', '/usr/local', 104803, 1, 1, NOW(), '2$2$yerp9xs6t9umh3ajk8pthp1ozapwaj9xse4a5gsp3tthgnrffxb99nka6738xqa4usgnyc4yq6rg51csew6ixu6pcujaawgui5kfmcb', NULL, 0 ) in file pkgdb.c:1633: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing SELECT k.annotation AS tag, v.annotation AS value FROM pkg_annotation p JOIN annotation k ON (p.tag_id = k.annotation_id) JOIN annotation v ON (p.value_id = v.annotation_id) WHERE p.package_id = 2 ORDER BY tag, value in file pkgdb_iterator.c:198: database disk image is malformed
pkg: sqlite error while executing END TRANSACTION; in file pkgdb.c:2333: database disk image is malformed
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***Any idea how to fix it?
-
Not sure what's going on there. Wild guess: Disk image full? Did you expand it before first boot?
Cheers
Maurice
-
Not sure what's going on there. Wild guess: Disk image full? Did you expand it before first boot?
Cheers
Maurice
I deleted the sqlite file (/var/db/pkg/local.sqlite), then did an auto fix in webui, it seems then things get fixed.
But I have another confusing issue under proxmox for wan configuration, the lan seems work, while the wan cannot get DHCP ip address from upstream gateway:
1. I have only 1 ethernet port on my rockpi 4b (rk3399) board, so I created vlan aware vmbr0 in proxmox with parent port eth0 (the only ethernet port).
2. Then I created 2 virtio virtual nics for latest opnsense img virtual machine, one is just with pure vmbr0, the other one is with vlan tag = 10 on vmbr0, two nics have separate random mac address.
3. Both 2 nics appeared in opnsense, the one without vlan tag is vtnet0 and assigned to wan, while the one with vlan tag = 10 is vtnet1 and assigned to lan.
I messed around with all the configurations for a long time, just cannot get wan interface work with DHCP IP assinged from upstream gateway, by monitoring wan port on opnsense, I can see there is DHCP request sent, but no response received, and the strange thing is that when I changed the virtio to e1000 for the wan nic on proxmox, then restart the opnsense, then the DHCP assignment from upstream just worked...
Don't understand the reason here, maybe opnsense doesn't support to virtio nics in parallel, or there is something wrong in my proxmox settings?
-
This doesn't seem to be a question specifically about OPNsense aarch64. Please look for threads about Proxmox or start a new one.
-
This doesn't seem to be a question specifically about OPNsense aarch64. Please look for threads about Proxmox or start a new one.
I guess it is somehow relevant to opnsense virtual version, since the same exact proxmox virtual nic configuration works well on a virtualized aarch64 openwrt, both wan and lab work as expected, there is no dhcp ip fetch issue on wan with virtio bridge, with lan working in parallel with another virtio bridge (vlan id = 10).
Not sure it is an opnsense aarch64 virtual version issue, or common for all virtualized aarch64 freebsd system.
-
OPNsense 23.7.10 aarch64 packages and sets released. Includes hotfix 23.7.10_1.
[Update 2023-12-30]
openssh 9.6p1 released.
-
OPNsense 23.7.11 aarch64 packages and sets released.
-
OPNsense 23.7.12 aarch64 packages and sets released.
[Update 2024-01-30]
Hotfix 23.7.12_5 released.
-
This is really good work! I am now running on orange pi 5 plus. There were no problems at all.
-
Thanks for the feedback! And more good news:
OPNsense 24.1.r1 aarch64 packages and sets released.
If you want to test this release candidate, you can upgrade from 23.7.12:
opnsense-update -u -r 24.1.r1
My 24.1-aarch64 builds use a new signing key. The fingerprint is already included in 23.7.12. The new public key is:
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzMwX5pdTxFltQrLqv+rj
jictq2E0TqB3kCrsE4wZ2z7CxuXwqxNrv5Y/847MDWfycyPgxyZx5Iuu/5LapiT4
ilVXkx4hmrrdmpXYiUYgXpMXtRPtbYHIje0QN8YJI5lV1qFLErhkuhr5Ch1o3BYS
Schiq+f9D2/RQtgNp6wySV8wgsoE+71G1z4jJMNQK5Rhnz5s9LRtXLWepevsyYB2
nDBqtLIVckGvM/0ivZtTBj+AHkwRUoN5dBIXJigdU6VXnOJQMSWyNC7c1AwzEp5p
1vyKQVAcuK8Y8424SA1CgqxlKb/Z7s5SIn35DLuQd1JcoxYUKBvykzEJQksL6IsO
Of2KJcVn05l5YbyX3UorNam4De003Gx0UWRDFHRBzASVDktihfanWqyDvNty6/ob
yfhRj6rE9cAXKOYBkckTa0B/G4Fw1Qx2GX9oX6ZAqUphfmaBpBnGOt8nQ+8BxMtm
1J2kH4NQ3uOwxWJPkHx08JzPrAxhtFjjvSsQLYULEWM9yA/+nw3HyhDmOtTCbhMQ
o4qq5FV+g7T8g14jLx+ZkPA+W+ax+n46p3ujv2v4U3x5aZtBTGeBV7TadVwikqJ2
d5lSJU0O0F7pCYqwtPkOacK2w/BeYOwpLTXpBY5JlwC+f5kTKs/7gzc4FY3gfgGe
tsY4Z1KlXUh6KTBDhkKk2y0CAwEAAQ==
-----END PUBLIC KEY-----
-
opnsense-update -u -r 24.1.r1
Keep in mind that upgrade sequence is not recommended for production use as it misses the pre-upgrade hook used by web proxy (squid) and unbound dns reporting (duckdb) migration scripts.
Cheers,
Franco
-
Thanks for the heads-up, Franco!
I've successfully upgraded two systems, but neither of them use squid. Unbound DNS Reporting has indeed been reset, all entries before the upgrade are gone.
-
I'm wondering what the best portable way is. I think at the moment the tooling requires /usr/local/etc/opnsense-update.conf to be set accordingly in order to use the console scripts (which don't support selecting an upgrade version in the menu for safety reasons).
-
Update to 24.1 r1 went fine. Everything seems to be working normally.
-
Kinda late but will that work with a raspberry 5 ?
-
The repository should work with all aarch64 systems, but it only provides packages and sets. Additionally, I do publish images on GitHub, but only for VMs. So unless you're planning to virtualize, you'll need to get a hardware specific image for initial installation from somewhere else (or build your own using the provided sets). Then you can configure this repository for updates and plugins.
-
The repository should work with all aarch64 systems, but it only provides packages and sets. Additionally, I do publish images on GitHub, but only for VMs. So unless you're planning to virtualize, you'll need to get a hardware specific image for initial installation from somewhere else (or build your own using the provided sets). Then you can configure this repository for updates and plugins.
So can I run Ubuntu on the 5 and then use a vm to run olnsense ?
-
Yes, this should work.
-
The repository should work with all aarch64 systems, but it only provides packages and sets. Additionally, I do publish images on GitHub, but only for VMs. So unless you're planning to virtualize, you'll need to get a hardware specific image for initial installation from somewhere else (or build your own using the provided sets). Then you can configure this repository for updates and plugins.
So can I run Ubuntu on the 5 and then use a vm to run olnsense ?
Question is: Why would one do that? Raspi 5 has one Interface. Router on a stick? LAN only via wifi?
Calculate the raspi 5, power supply, enclosure, fan etc. and you can buy a cheap x64 (refurbished SFF + PCIe networking card), no trouble with virtual machine. If the argument is "small, for travel", there are alternatives (little more expensive though), too.
-
The repository should work with all aarch64 systems, but it only provides packages and sets. Additionally, I do publish images on GitHub, but only for VMs. So unless you're planning to virtualize, you'll need to get a hardware specific image for initial installation from somewhere else (or build your own using the provided sets). Then you can configure this repository for updates and plugins.
So can I run Ubuntu on the 5 and then use a vm to run olnsense ?
Question is: Why would one do that? Raspi 5 has one Interface. Router on a stick? LAN only via wifi?
Calculate the raspi 5, power supply, enclosure, fan etc. and you can buy a cheap x64 (refurbished SFF + PCIe networking card), no trouble with virtual machine. If the argument is "small, for travel", there are alternatives (little more expensive though), too.
Quiet cheap and no heat emit. It's perfect for me
-
No heat? Sure?
-
No heat? Sure?
Well uhhh.... lol
-
No heat? Sure?
Also you said it has only one interface. What about using a switch (if not usb to rj45)
-
Last time I tried was with raspi 3 some years ago. No arm builds available, lots of tinkering necessary, updates a minor nightmare.
If you want something stable and straight forward, go an buy a cheap old Dell Optiplex SFF (important! only in SFF you can have PCIe cards with further NICs) and have fun. Or for mobility: Have a look at some small device from China (Amazon) or what other recommend for fan-free use.
If it's just for fun: go ahead with some orangepi or alike, there are devices with more than 1 NIC. Router on a stick only if you really like the mess... :-D
-
Last time I tried was with raspi 3 some years ago. No arm builds available, lots of tinkering necessary, updates a minor nightmare.
If you want something stable and straight forward, go an buy a cheap old Dell Optiplex SFF (important! only in SFF you can have PCIe cards with further NICs) and have fun. Or for mobility: Have a look at some small device from China (Amazon) or what other recommend for fan-free use.
If it's just for fun: go ahead with some orangepi or alike, there are devices with more than 1 NIC. Router on a stick only if you really like the mess... :-D
I just want an opnsene server quiet and not big because I already got i5 750 16 ddr3 ram old desktop gt 210 but I don't wanna use it because I can't fit it where I want
-
Protectli or some other device from China with a more modern CPU ...
-
For traveling I use something like this
https://www.amazon.de/-/en/dp/B0CCJ8K76Z/ref=twister_B0CCTJLVHY?_encoding=UTF8&psc=1
or e.g.
https://www.amazon.de/-/en/dp/B0BP9QPMYW/ref=twister_B0B5DQLSQS?_encoding=UTF8&psc=1
Not exactly the same, but kind of.
-
For traveling I use something like this
https://www.amazon.de/-/en/dp/B0CCJ8K76Z/ref=twister_B0CCTJLVHY?_encoding=UTF8&psc=1
or e.g.
https://www.amazon.de/-/en/dp/B0BP9QPMYW/ref=twister_B0B5DQLSQS?_encoding=UTF8&psc=1
Not exactly the same, but kind of.
Oh and I forgot, of course because it uses less power than a fat old desktop
-
For traveling I use something like this
https://www.amazon.de/-/en/dp/B0CCJ8K76Z/ref=twister_B0CCTJLVHY?_encoding=UTF8&psc=1
or e.g.
https://www.amazon.de/-/en/dp/B0BP9QPMYW/ref=twister_B0B5DQLSQS?_encoding=UTF8&psc=1
Not exactly the same, but kind of.
217 euros? You crazy?
-
Do your maths. What do you need for the raspi? Plus a managable switch. Plus the time you loose every now and then to get the stuff updated, plus, plus plus.
It's not worth it. Try it out. Write us here how it worked.... ;-)
-
Do your maths. What do you need for the raspi? Plus a managable switch. Plus the time you loose every now and then to get the stuff updated, plus, plus plus.
It's not worth it. Try it out. Write us here how it worked.... ;-)
Well you are at a part right, like it will take time and it will be frustrating but 217? I can make a mini pc on my own with that.
-
Yepp, fan-free? Go ahead! I built my first sense with an old notebook for testing, some old workstation, then fan-free stuff. Now mostly Optiplex or alike... :-)
-
Yepp, fan-free? Go ahead! I built my first sense with an old notebook for testing, some old workstation, then fan-free stuff. Now mostly Optiplex or alike... :-)
This seems the most economical and then I add a cheap ram and an ssd I already have. What ram does this take really? Laptop ram?
-
Which services are needes besides the simple routing? (4-)8 GB is OK for normal use, more is better for Suricata etc...
-
Guys, just a little reminder that this is a sticky topic about an aarch64 firmware repo... Thank you.
-
Guys, just a little reminder that this is a sticky topic about an aarch64 firmware repo... Thank you.
Yeah I know from I would stop talking here about this subject when I got the answer
-
Guys, just a little reminder that this is a sticky topic about an aarch64 firmware repo... Thank you.
...some mod can cut off this part...
-
Which services are needes besides the simple routing? (4-)8 GB is OK for normal use, more is better for Suricata etc...
yeah i meant to send a link to a no ram and storage firewall appliance that you linked above. its the same without ram so what ram does it use? and sorry for still talking about this thing thats the last question
-
OPNsense 24.1 aarch64 packages and sets released.
The upgrade path from 23.7.x is the same as on amd64 - update to OPNsense 23.7.12_5 (also released today) to unlock the upgrade.
[Update 2024-01-31]
Hotfix 24.1_1 released.
-
That was quick, nice! 8)
-
Thanks for pushing the tags one day in advance, Franco! A full build always takes 10h+ on my aarch64 VM, but since this was done overnight, I only had to hotfix 23.7.12 and do some testing today. Working flawlessly so far!
-
Except for Suricata it looks good indeed.
-
OPNsense 24.1 aarch64 .... is working well on Orange Pi 5 Plus.
-
OPNsense 24.1.1 aarch64 packages and sets released.
-
OPNsense 24.1.2 aarch64 packages and sets released.
[Update 2024-02-21]
Hotfix 24.1.2_1 released.
-
OPNsense 24.1.3 aarch64 packages and sets released. Includes hotfix 24.1.3_1.
This took longer than usual because my build attempts kept failing repeatedly. This issue (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277492) most likely was the culprit. The patch for portmaster was merged into opnsense/ports last night and I was able to complete the builds today.
-
Hi Maurice,
I yesterday read a news on heise.de newsticker a polish company will provide a 2,5Gbit/s hat for raspi 5.
Will that be supported? I really would like to safe some power. My x86 hardware uses over 30w at the moment and thiy would be a great improvement, if the raspi 5 incl addon. Realtek NICs would be supported
-
See Marinoz' question earlier in this thread. My focus is on providing up-to-date packages, sets and VM images. I currently have no plans to work on hardware-specfic patches / images. Others are more active in this field.
-
OPNsense 24.1.4 aarch64 packages and sets released.
-
Hello Maurice,
I successfully built the image using the precompiled set as per your instructions for the OPNsense VM. Here is the command I used:
make update prefetch-base,kernel,packages vm-qcow2,4G,never,serial SETTINGS=24.1 VERSION=24.1.3 DEVICE=ARM64VM MIRRORS=https://opnsense-update.walker.earth
After creating an A1.Flex instance on Oracle Cloud with this image, I installed the os-acme-client, os-haproxy, and os-iperf plugins. Everything seemed to work fine for a while, but I noticed that OPNsense is randomly rebooting. In the System: Log Files: General section of the web UI, only the message "---<<BOOT>>---" appears, and I cannot see what happened before that.
I'm curious to know if this issue is unique to me, if it's specific to the ARM64 platform, or if it's a bug in version 24.1.3.
Also, it seems that version 24.1.4 has been released recently. How can I update OPNsense to the latest version?
Thank you.
-
I haven't observed any unexpected reboots on OCI A1.Flex, so not sure what's going on there. The current uptime of my OPNsense test instance there is 32 days. I'm not using os-haproxy or os-iperf though, so you might want to test running it without these two plugins for a while.
The OPNsense package included in my aarch64 packages set is preconfigured with my firmware repo. Since you prefetched that, you can simply update OPNsense the normal way (using the Web UI or the console).
-
Hello Maurice,
Thank you for your response. It seems that the issue has disappeared after updating to 24.1.4 using the Web UI. I'm not sure, but it seems there might have been some errors during the self-build process.
Edit: In fact, the random reboot issue was caused by suricata. However, it's not certain whether this issue is influenced by arm64 or Oracle Cloud virtualization.
-
OPNsense 24.1.5 aarch64 packages and sets released. Includes hotfix 24.1.5_1.
[Update 2024-04-06]
Hotfix 24.1.5_3 released.
-
OPNsense 24.1.6 aarch64 packages and sets released.