Our complete network is behind a PROXY. Within this network, we intend to use OPNsense as the main FW solution. But it seems to be a problem for the OPNsense confid to adapt to HTTP_PROXY environment settings to reach the PROXY.
As FreeBSD user/administrator, it is common to setup the environment with HTTP_PROXY, HTTPS_... and NO_PROXY and its lower case counterparts. For FreeBSD's pkg the place for configure this environment is /usr/local/etc/pkg.conf or whatever config file pkg is delegated to. Settings within pkg.conf do survive a major system update/upgrade.
For OPNsense's configd, the correct place seems to be /usrLocal/opnsense/service/onf/configd.conf, there is a section [environment] and putting the HTTP_PROXY configs there makes OPNsense work through the PROXY as expected.
But the configd.conf configurations vanish after an upgrade/update.
How can this be fixed to be made static and non-volatile?
At the moment this isn't supported waiting for a customer request.
You can always rsync an existing mirror (leaseweb allows it for example) and point your firmware URL there locally.
Cheers,
Franco
So, this is kind of dog's chasing its tail. I have to evaluate the use of OPNsense for my department and I'm officially not a certified customer paying fees, but pushing upstream a request as customer requires me to be a qualified customer? If not, how can I state such a request?
On the other hand, mirroring results in the same way in a not easily to solve problem without a webservice as I asked in another thread recently when I had my issues with stating the URL's target as "file:///" versus OPNsense's internal expansion of this URL into "pkg+file:///" (for reasons unknown FreeBSD's libfetch doesn't allow this kind of URL ... ).
Well, for the time being this is the state of it, yep.
Cheers,
Franco