Hello all,
After testing OPNsense on ARM64 (aarch64) virtual machines for some time, I've decided to make my firmware repository public. It can be used for installing updates and plugins on existing OPNsense aarch64 systems as well as for quickly building aarch64 images. Updates typically get published within 24 hours of the official amd64 updates.
https://opnsense-update.walker.earth
Configure OPNsense to use the repository for downloading updates and pluginsBuild aarch64 imagesFor building VM images, my fork of the OPNsense tools (https://github.com/maurice-w/opnsense-vm-images) allows configuring the default console. Sample VM images are available in the releases section.
None of this is supported by Deciso or the OPNsense core team! Use at your own risk.Thanks to everyone who contributed to OPNsense-aarch64. I only use the tools others have created.
Cheers
Maurice
GitHub Sponsors (https://github.com/sponsors/maurice-w) is available as an option if you'd like to support these efforts.
The public key for my 25.1-aarch64 packages and sets is:
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvjmZd/4LGgOwvsOW35iH
novsNd+39Y1dWFhLFnYDLQ7Jp+xYeYmFwhLSxxR6mJcHCRQpzL1vX1aCB+6OZNgd
2wfQW44CEW//9hhoAJK/6QUwLmpB7OfFMy8/dnVacAdzLhmdqBjowBMoiRxQ8L7Q
tPGiztsBOK6UsytMquVKmAloo7NxNVK3pDcJpjoN48mS/78NmcW/xoFsP6j55n77
WOpkm2ExklTrpENymFocD/RzKApmTyZMkoeeH3PfdPEj8rd8ZGgposGra1Da0wUb
6moiP1yqnuyS9Wdt91IQ01cWW+DRi/OIZhSJxPrsNvMQQrcS46LviCIJ5nbjPRVq
QAnMXONUbTSR5x4BdUUELTWOCDNonIe3vglpfOB6QYnAZMCi+StY+NVv4hjp92UT
hLCy3hB846ubriIq4LLBVrmMufFuR/1cIPcd2zwyAbjOOsjGSKlL6szjsodBkFnp
Ha+BYY1JtBVe6tCkTF5RRpktK16fml8nYe8fxELDsq3ffayQDi6Uo49gNwGddDC2
VeLskIgweTecMFbwT1Nw2DNNi45RT9w/X5Li+kqgPfUbPWBrQNroH1HfDAmS8/RX
fg70S7WW1czb29tPXk9OR0gaA4hPc3iAlexB5AN+dJ/VsJwzhcVxC7dcSbA069bd
g1TGwGknb36h4NhTiiI0+XkCAwEAAQ==
-----END PUBLIC KEY-----
Nice. Thanks for your work!
Only for reference: what's your update strategy? Providing snapshots (time frame?) or follow stable releases?
Cheers,
Franco
The plan is to follow stable releases. So far I've released packages and sets matching the 23.7, 23.7.1, 23.7.2 and 23.7.3 tags. When you release an official update, I fire up my build system and set the VERSION accordingly.
Not entirely sure how to deal with hotfixes yet. My 23.7.3 packages do include the hotfixed os-wireguard 2.0_2, but the 23.7.1 packages do not include opnsense 23.7.1_3.
Cheers
Maurice
Hotfixes are tricky indeed as they leave the basic formula of building what is tagged.
I wouldn't worry too much about these if you don't happen to be able to pick them up right away (build delay). Following releases sounds like a working strategy for everyone using this. :)
Snapshots are handy too, but too many surprises on updates.
I also see you don't publish development packages (EXTRABRANCH=master). The feature formerly known as "rewind" doesn't like this anyway. It's almost like snapshot releases inside the stable releases so not needed as well.
Cheers,
Franco
Did you get any experience with the performance of a Raspberry Pi 4?
I'm kinda curious since I have a few CM4 with waveshare boards, some with pcie nvme or with pcie 2 Nics. But if you already made some tests yourself it would be nice to know what to expect.
I'll definitely try to build it and implement your firmware repo for tests, thank you.
I'm currently using this on Ampere Altra based Cloud VMs exclusively (which works flawlessly). Don't own a Raspberry Pi.
yrzr.tk offers images for RPI and well-written docs. They've contributed a lot to OPNsense-aarch64. 👍🎉
OPNsense 23.7.4 aarch64 packages and sets released.
Cheers
Maurice
OPNsense 23.7.5 aarch64 packages and sets released.
OPNsense 23.7.6 aarch64 packages and sets released.
Why don't you make this a sticky post?
Waited for someone to ask about it ;)
I use the build of https://github.com/yrzr/opnsense-tools/releases
This repo worked for me.
Thank you very much.
Yep, yrzr's work was the inspiration for my own repo. Their focus clearly is on images for various devices (RPI etc.), while mine is on virtualization and frequent updates.
Expect 23.7.7 by tomorrow.
Cheers
Maurice
OPNsense 23.7.7 aarch64 packages and sets released. Includes hotfix 23.7.7_1.
[Update 2023-10-29]
Hotfix 23.7.7_3 released.
OPNsense 23.7.8 aarch64 packages and sets released.
[Update 2023-11-13]
Hotfix 23.7.8_1 released.
Yay. all the tags in place. Thanks for your work! 8)
OPNsense 23.7.9 aarch64 packages and sets released.
Thanks for the awesome work!
I downloaded 23.7.9 image and it runs under proxmox arm64 with my RK3399 board!
But after a while I noticed below issue for Plugins I installed: it shows missing packages, and after doing the "Resolve Plugin Conficts> Run the automatic resolver", I got below error messages still:
***GOT REQUEST TO SYNC***
Currently running OPNsense 23.7.9 at Wed Nov 29 17:39:57 CST 2023
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing SELECT k.annotation AS tag, v.annotation AS value FROM pkg_annotation p JOIN annotation k ON (p.tag_id = k.annotation_id) JOIN annotation v ON (p.value_id = v.annotation_id) WHERE p.package_id = 1 ORDER BY tag, value in file pkgdb_iterator.c:198: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing SELECT p.name, p.origin, p.version, 0 FROM packages AS p INNER JOIN deps AS d ON (p.id = d.package_id) WHERE d.name = 'libyaml' in file pkgdb_iterator.c:412: database disk image is malformed
pkg: sqlite error while executing SELECT p.name, p.origin, p.version, 0 FROM packages AS p INNER JOIN deps AS d ON (p.id = d.package_id) WHERE d.name = 'libyaml' in file pkgdb_iterator.c:412: database disk image is malformed
pkg: sqlite error while executing SELECT p.name, p.origin, p.version, 0 FROM packages AS p INNER JOIN deps AS d ON (p.id = d.package_id) WHERE d.name = 'openssl111' in file pkgdb_iterator.c:412: database disk image is malformed
pkg: sqlite error while executing SELECT p.name, p.origin, p.version, 0 FROM packages AS p INNER JOIN deps AS d ON (p.id = d.package_id) WHERE d.name = 'openssl111' in file pkgdb_iterator.c:412: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing SELECT p.name, p.origin, p.version, 0 FROM packages AS p INNER JOIN deps AS d ON (p.id = d.package_id) WHERE d.name = 'libffi' in file pkgdb_iterator.c:412: database disk image is malformed
pkg: sqlite error while executing SELECT k.annotation AS tag, v.annotation AS value FROM pkg_annotation p JOIN annotation k ON (p.tag_id = k.annotation_id) JOIN annotation v ON (p.value_id = v.annotation_id) WHERE p.package_id = 6 ORDER BY tag, value in file pkgdb_iterator.c:198: database disk image is malformed
pkg: sqlite error while executing SELECT k.annotation AS tag, v.annotation AS value FROM pkg_annotation p JOIN annotation k ON (p.tag_id = k.annotation_id) JOIN annotation v ON (p.value_id = v.annotation_id) WHERE p.package_id = 6 ORDER BY tag, value in file pkgdb_iterator.c:198: database disk image is malformed
pkg: sqlite error while executing SELECT p.name, p.origin, p.version, 0 FROM packages AS p INNER JOIN deps AS d ON (p.id = d.package_id) WHERE d.name = 'libffi' in file pkgdb_iterator.c:412: database disk image is malformed
pkg: sqlite error while executing SELECT p.name, p.origin, p.version, 0 FROM packages AS p INNER JOIN deps AS d ON (p.id = d.package_id) WHERE d.name = 'libedit' in file pkgdb_iterator.c:412: database disk image is malformed
pkg: sqlite error while executing SELECT p.name, p.origin, p.version, 0 FROM packages AS p INNER JOIN deps AS d ON (p.id = d.package_id) WHERE d.name = 'libedit' in file pkgdb_iterator.c:412: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing SELECT k.annotation AS tag, v.annotation AS value FROM pkg_annotation p JOIN annotation k ON (p.tag_id = k.annotation_id) JOIN annotation v ON (p.value_id = v.annotation_id) WHERE p.package_id = 15 ORDER BY tag, value in file pkgdb_iterator.c:198: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing SELECT k.annotation AS tag, v.annotation AS value FROM pkg_annotation p JOIN annotation k ON (p.tag_id = k.annotation_id) JOIN annotation v ON (p.value_id = v.annotation_id) WHERE p.package_id = 15 ORDER BY tag, value in file pkgdb_iterator.c:198: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing END TRANSACTION; in file pkgdb.c:2333: database disk image is malformed
Checking integrity...pkg: sqlite error while executing SELECT k.annotation AS tag, v.annotation AS value FROM pkg_annotation p JOIN annotation k ON (p.tag_id = k.annotation_id) JOIN annotation v ON (p.value_id = v.annotation_id) WHERE p.package_id = 6 ORDER BY tag, value in file pkgdb_iterator.c:198: database disk image is malformed
Assertion failed: (p != NULL), function pkg_conflicts_check_local_path, file pkg_jobs_conflicts.c, line 313.
Child process pid=19708 terminated abnormally: Abort trap
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing SELECT k.annotation AS tag, v.annotation AS value FROM pkg_annotation p JOIN annotation k ON (p.tag_id = k.annotation_id) JOIN annotation v ON (p.value_id = v.annotation_id) WHERE p.package_id = 1 ORDER BY tag, value in file pkgdb_iterator.c:198: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing END TRANSACTION; in file pkgdb.c:2333: database disk image is malformed
Checking integrity... done (0 conflicting)
The following 2 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
os-wireguard: 2.5_1
wireguard-kmod: 0.0.20220615_1
Number of packages to be installed: 2
[1/2] Installing wireguard-kmod-0.0.20220615_1...
pkg: sqlite error while executing INSERT OR REPLACE INTO packages( origin, name, version, comment, desc, message, arch, maintainer, www, prefix, flatsize, automatic, licenselogic, time, manifestdigest, dep_formula, vital)VALUES( 'net/wireguard-kmod', 'wireguard-kmod', '0.0.20220615_1', 'WireGuard implementation for the FreeBSD kernel', 'Kernel module for FreeBSD to support Wireguard.
At this time this code is new, unvetted, possibly buggy, and should be
considered "experimental". It might contain security issues. We gladly
welcome your testing and bug reports, but do keep in mind that this code
is new, so some caution should be exercised at the moment for using it
in mission critical environments.', '[{"message":"At this time this code is new, unvetted, possibly buggy, and should be\nconsidered \"experimental\". It might contain security issues. We gladly\nwelcome your testing and bug reports, but do keep in mind that this code\nis new, so some caution should be exercised at the moment for using it\nin mission critical environments.","type":"install"},{"message":"===> NOTICE:\n\nThis port is deprecated; you may wish to reconsider installing it:\n\nOnly useful for FreeBSD 12 which is EoL soon.\n\nIt is scheduled to be removed on or after 2023-12-31."}]', 'FreeBSD:13:aarch64', 'decke@FreeBSD.org', 'https://git.zx2c4.com/wireguard-freebsd/', '/usr/local', 104803, 1, 1, NOW(), '2$2$yerp9xs6t9umh3ajk8pthp1ozapwaj9xse4a5gsp3tthgnrffxb99nka6738xqa4usgnyc4yq6rg51csew6ixu6pcujaawgui5kfmcb', NULL, 0 ) in file pkgdb.c:1633: database disk image is malformed
pkg: sqlite error while executing iterator in file pkgdb_iterator.c:1110: database disk image is malformed
pkg: sqlite error while executing SELECT k.annotation AS tag, v.annotation AS value FROM pkg_annotation p JOIN annotation k ON (p.tag_id = k.annotation_id) JOIN annotation v ON (p.value_id = v.annotation_id) WHERE p.package_id = 2 ORDER BY tag, value in file pkgdb_iterator.c:198: database disk image is malformed
pkg: sqlite error while executing END TRANSACTION; in file pkgdb.c:2333: database disk image is malformed
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***
Any idea how to fix it?
Not sure what's going on there. Wild guess: Disk image full? Did you expand it before first boot?
Cheers
Maurice
Quote from: Maurice on November 29, 2023, 01:32:54 PM
Not sure what's going on there. Wild guess: Disk image full? Did you expand it before first boot?
Cheers
Maurice
I deleted the sqlite file (/var/db/pkg/local.sqlite), then did an auto fix in webui, it seems then things get fixed.
But I have another confusing issue under proxmox for wan configuration, the lan seems work, while the wan cannot get DHCP ip address from upstream gateway:
1. I have only 1 ethernet port on my rockpi 4b (rk3399) board, so I created vlan aware vmbr0 in proxmox with parent port eth0 (the only ethernet port).
2. Then I created 2 virtio virtual nics for latest opnsense img virtual machine, one is just with pure vmbr0, the other one is with vlan tag = 10 on vmbr0, two nics have separate random mac address.
3. Both 2 nics appeared in opnsense, the one without vlan tag is vtnet0 and assigned to wan, while the one with vlan tag = 10 is vtnet1 and assigned to lan.
I messed around with all the configurations for a long time, just cannot get wan interface work with DHCP IP assinged from upstream gateway, by monitoring wan port on opnsense, I can see there is DHCP request sent, but no response received, and the strange thing is that when I changed the virtio to e1000 for the wan nic on proxmox, then restart the opnsense, then the DHCP assignment from upstream just worked...
Don't understand the reason here, maybe opnsense doesn't support to virtio nics in parallel, or there is something wrong in my proxmox settings?
This doesn't seem to be a question specifically about OPNsense aarch64. Please look for threads about Proxmox or start a new one.
Quote from: Maurice on December 02, 2023, 10:30:59 PM
This doesn't seem to be a question specifically about OPNsense aarch64. Please look for threads about Proxmox or start a new one.
I guess it is somehow relevant to opnsense virtual version, since the same exact proxmox virtual nic configuration works well on a virtualized aarch64 openwrt, both wan and lab work as expected, there is no dhcp ip fetch issue on wan with virtio bridge, with lan working in parallel with another virtio bridge (vlan id = 10).
Not sure it is an opnsense aarch64 virtual version issue, or common for all virtualized aarch64 freebsd system.
OPNsense 23.7.10 aarch64 packages and sets released. Includes hotfix 23.7.10_1.
[Update 2023-12-30]
openssh 9.6p1 released.
OPNsense 23.7.11 aarch64 packages and sets released.
OPNsense 23.7.12 aarch64 packages and sets released.
[Update 2024-01-30]
Hotfix 23.7.12_5 released.
This is really good work! I am now running on orange pi 5 plus. There were no problems at all.
Thanks for the feedback! And more good news:
OPNsense 24.1.r1 aarch64 packages and sets released.
If you want to test this release candidate, you can upgrade from 23.7.12:
opnsense-update -u -r 24.1.r1
My 24.1-aarch64 builds use a new signing key. The fingerprint is already included in 23.7.12. The new public key is:
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzMwX5pdTxFltQrLqv+rj
jictq2E0TqB3kCrsE4wZ2z7CxuXwqxNrv5Y/847MDWfycyPgxyZx5Iuu/5LapiT4
ilVXkx4hmrrdmpXYiUYgXpMXtRPtbYHIje0QN8YJI5lV1qFLErhkuhr5Ch1o3BYS
Schiq+f9D2/RQtgNp6wySV8wgsoE+71G1z4jJMNQK5Rhnz5s9LRtXLWepevsyYB2
nDBqtLIVckGvM/0ivZtTBj+AHkwRUoN5dBIXJigdU6VXnOJQMSWyNC7c1AwzEp5p
1vyKQVAcuK8Y8424SA1CgqxlKb/Z7s5SIn35DLuQd1JcoxYUKBvykzEJQksL6IsO
Of2KJcVn05l5YbyX3UorNam4De003Gx0UWRDFHRBzASVDktihfanWqyDvNty6/ob
yfhRj6rE9cAXKOYBkckTa0B/G4Fw1Qx2GX9oX6ZAqUphfmaBpBnGOt8nQ+8BxMtm
1J2kH4NQ3uOwxWJPkHx08JzPrAxhtFjjvSsQLYULEWM9yA/+nw3HyhDmOtTCbhMQ
o4qq5FV+g7T8g14jLx+ZkPA+W+ax+n46p3ujv2v4U3x5aZtBTGeBV7TadVwikqJ2
d5lSJU0O0F7pCYqwtPkOacK2w/BeYOwpLTXpBY5JlwC+f5kTKs/7gzc4FY3gfgGe
tsY4Z1KlXUh6KTBDhkKk2y0CAwEAAQ==
-----END PUBLIC KEY-----
Quote from: Maurice on January 19, 2024, 02:07:41 PM
opnsense-update -u -r 24.1.r1
Keep in mind that upgrade sequence is not recommended for production use as it misses the pre-upgrade hook used by web proxy (squid) and unbound dns reporting (duckdb) migration scripts.
Cheers,
Franco
Thanks for the heads-up, Franco!
I've successfully upgraded two systems, but neither of them use squid. Unbound DNS Reporting has indeed been reset, all entries before the upgrade are gone.
I'm wondering what the best portable way is. I think at the moment the tooling requires /usr/local/etc/opnsense-update.conf to be set accordingly in order to use the console scripts (which don't support selecting an upgrade version in the menu for safety reasons).
Update to 24.1 r1 went fine. Everything seems to be working normally.
Kinda late but will that work with a raspberry 5 ?
The repository should work with all aarch64 systems, but it only provides packages and sets. Additionally, I do publish images on GitHub, but only for VMs. So unless you're planning to virtualize, you'll need to get a hardware specific image for initial installation from somewhere else (or build your own using the provided sets). Then you can configure this repository for updates and plugins.
Quote from: Maurice on January 21, 2024, 07:33:36 PM
The repository should work with all aarch64 systems, but it only provides packages and sets. Additionally, I do publish images on GitHub, but only for VMs. So unless you're planning to virtualize, you'll need to get a hardware specific image for initial installation from somewhere else (or build your own using the provided sets). Then you can configure this repository for updates and plugins.
So can I run Ubuntu on the 5 and then use a vm to run olnsense ?
Yes, this should work.
Quote from: Marinoz on January 22, 2024, 08:02:00 PM
Quote from: Maurice on January 21, 2024, 07:33:36 PM
The repository should work with all aarch64 systems, but it only provides packages and sets. Additionally, I do publish images on GitHub, but only for VMs. So unless you're planning to virtualize, you'll need to get a hardware specific image for initial installation from somewhere else (or build your own using the provided sets). Then you can configure this repository for updates and plugins.
So can I run Ubuntu on the 5 and then use a vm to run olnsense ?
Question is: Why would one do that? Raspi 5 has one Interface. Router on a stick? LAN only via wifi?
Calculate the raspi 5, power supply, enclosure, fan etc. and you can buy a cheap x64 (refurbished SFF + PCIe networking card), no trouble with virtual machine. If the argument is "small, for travel", there are alternatives (little more expensive though), too.
Quote from: chemlud on January 23, 2024, 08:27:54 AM
Quote from: Marinoz on January 22, 2024, 08:02:00 PM
Quote from: Maurice on January 21, 2024, 07:33:36 PM
The repository should work with all aarch64 systems, but it only provides packages and sets. Additionally, I do publish images on GitHub, but only for VMs. So unless you're planning to virtualize, you'll need to get a hardware specific image for initial installation from somewhere else (or build your own using the provided sets). Then you can configure this repository for updates and plugins.
So can I run Ubuntu on the 5 and then use a vm to run olnsense ?
Question is: Why would one do that? Raspi 5 has one Interface. Router on a stick? LAN only via wifi?
Calculate the raspi 5, power supply, enclosure, fan etc. and you can buy a cheap x64 (refurbished SFF + PCIe networking card), no trouble with virtual machine. If the argument is "small, for travel", there are alternatives (little more expensive though), too.
Quiet cheap and no heat emit. It's perfect for me
No heat? Sure?
Quote from: chemlud on January 23, 2024, 01:51:57 PM
No heat? Sure?
Also you said it has only one interface. What about using a switch (if not usb to rj45)
Last time I tried was with raspi 3 some years ago. No arm builds available, lots of tinkering necessary, updates a minor nightmare.
If you want something stable and straight forward, go an buy a cheap old Dell Optiplex SFF (important! only in SFF you can have PCIe cards with further NICs) and have fun. Or for mobility: Have a look at some small device from China (Amazon) or what other recommend for fan-free use.
If it's just for fun: go ahead with some orangepi or alike, there are devices with more than 1 NIC. Router on a stick only if you really like the mess... :-D
Quote from: chemlud on January 24, 2024, 04:24:30 PM
Last time I tried was with raspi 3 some years ago. No arm builds available, lots of tinkering necessary, updates a minor nightmare.
If you want something stable and straight forward, go an buy a cheap old Dell Optiplex SFF (important! only in SFF you can have PCIe cards with further NICs) and have fun. Or for mobility: Have a look at some small device from China (Amazon) or what other recommend for fan-free use.
If it's just for fun: go ahead with some orangepi or alike, there are devices with more than 1 NIC. Router on a stick only if you really like the mess... :-D
I just want an opnsene server quiet and not big because I already got i5 750 16 ddr3 ram old desktop gt 210 but I don't wanna use it because I can't fit it where I want
Protectli or some other device from China with a more modern CPU ...
For traveling I use something like this
https://www.amazon.de/-/en/dp/B0CCJ8K76Z/ref=twister_B0CCTJLVHY?_encoding=UTF8&psc=1
or e.g.
https://www.amazon.de/-/en/dp/B0BP9QPMYW/ref=twister_B0B5DQLSQS?_encoding=UTF8&psc=1
Not exactly the same, but kind of.
Quote from: chemlud on January 24, 2024, 09:06:42 PM
For traveling I use something like this
https://www.amazon.de/-/en/dp/B0CCJ8K76Z/ref=twister_B0CCTJLVHY?_encoding=UTF8&psc=1
or e.g.
https://www.amazon.de/-/en/dp/B0BP9QPMYW/ref=twister_B0B5DQLSQS?_encoding=UTF8&psc=1
Not exactly the same, but kind of.
Oh and I forgot, of course because it uses less power than a fat old desktop
Quote from: chemlud on January 24, 2024, 09:06:42 PM
For traveling I use something like this
https://www.amazon.de/-/en/dp/B0CCJ8K76Z/ref=twister_B0CCTJLVHY?_encoding=UTF8&psc=1
or e.g.
https://www.amazon.de/-/en/dp/B0BP9QPMYW/ref=twister_B0B5DQLSQS?_encoding=UTF8&psc=1
Not exactly the same, but kind of.
217 euros? You crazy?
Do your maths. What do you need for the raspi? Plus a managable switch. Plus the time you loose every now and then to get the stuff updated, plus, plus plus.
It's not worth it. Try it out. Write us here how it worked.... ;-)
Quote from: chemlud on January 25, 2024, 09:06:16 AM
Do your maths. What do you need for the raspi? Plus a managable switch. Plus the time you loose every now and then to get the stuff updated, plus, plus plus.
It's not worth it. Try it out. Write us here how it worked.... ;-)
Well you are at a part right, like it will take time and it will be frustrating but 217? I can make a mini pc on my own with that.
Yepp, fan-free? Go ahead! I built my first sense with an old notebook for testing, some old workstation, then fan-free stuff. Now mostly Optiplex or alike... :-)
Quote from: chemlud on January 25, 2024, 04:13:01 PM
Yepp, fan-free? Go ahead! I built my first sense with an old notebook for testing, some old workstation, then fan-free stuff. Now mostly Optiplex or alike... :-)
This seems the most economical and then I add a cheap ram and an ssd I already have. What ram does this take really? Laptop ram?
Which services are needes besides the simple routing? (4-)8 GB is OK for normal use, more is better for Suricata etc...
Guys, just a little reminder that this is a sticky topic about an aarch64 firmware repo... Thank you.
Quote from: Maurice on January 27, 2024, 06:12:42 PM
Guys, just a little reminder that this is a sticky topic about an aarch64 firmware repo... Thank you.
Yeah I know from I would stop talking here about this subject when I got the answer
Quote from: Maurice on January 27, 2024, 06:12:42 PM
Guys, just a little reminder that this is a sticky topic about an aarch64 firmware repo... Thank you.
...some mod can cut off this part...
Quote from: chemlud on January 27, 2024, 05:51:04 PM
Which services are needes besides the simple routing? (4-)8 GB is OK for normal use, more is better for Suricata etc...
yeah i meant to send a link to a no ram and storage firewall appliance that you linked above. its the same without ram so what ram does it use? and sorry for still talking about this thing thats the last question
OPNsense 24.1 aarch64 packages and sets released.
The upgrade path from 23.7.x is the same as on amd64 - update to OPNsense 23.7.12_5 (also released today) to unlock the upgrade.
[Update 2024-01-31]
Hotfix 24.1_1 released.
That was quick, nice! 8)
Thanks for pushing the tags one day in advance, Franco! A full build always takes 10h+ on my aarch64 VM, but since this was done overnight, I only had to hotfix 23.7.12 and do some testing today. Working flawlessly so far!
Except for Suricata it looks good indeed.
OPNsense 24.1 aarch64 .... is working well on Orange Pi 5 Plus.
OPNsense 24.1.1 aarch64 packages and sets released.
OPNsense 24.1.2 aarch64 packages and sets released.
[Update 2024-02-21]
Hotfix 24.1.2_1 released.
OPNsense 24.1.3 aarch64 packages and sets released. Includes hotfix 24.1.3_1.
This took longer than usual because my build attempts kept failing repeatedly. This issue (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277492) most likely was the culprit. The patch for portmaster was merged into opnsense/ports last night and I was able to complete the builds today.
Hi Maurice,
I yesterday read a news on heise.de newsticker a polish company will provide a 2,5Gbit/s hat for raspi 5.
Will that be supported? I really would like to safe some power. My x86 hardware uses over 30w at the moment and thiy would be a great improvement, if the raspi 5 incl addon. Realtek NICs would be supported
See Marinoz' question earlier in this thread. My focus is on providing up-to-date packages, sets and VM images. I currently have no plans to work on hardware-specfic patches / images. Others are more active in this field.
OPNsense 24.1.4 aarch64 packages and sets released.
Hello Maurice,
I successfully built the image using the precompiled set as per your instructions for the OPNsense VM. Here is the command I used:
Quotemake update prefetch-base,kernel,packages vm-qcow2,4G,never,serial SETTINGS=24.1 VERSION=24.1.3 DEVICE=ARM64VM MIRRORS=https://opnsense-update.walker.earth
After creating an A1.Flex instance on Oracle Cloud with this image, I installed the os-acme-client, os-haproxy, and os-iperf plugins. Everything seemed to work fine for a while, but I noticed that OPNsense is randomly rebooting. In the System: Log Files: General section of the web UI, only the message "---<<BOOT>>---" appears, and I cannot see what happened before that.
I'm curious to know if this issue is unique to me, if it's specific to the ARM64 platform, or if it's a bug in version 24.1.3.
Also, it seems that version 24.1.4 has been released recently. How can I update OPNsense to the latest version?
Thank you.
I haven't observed any unexpected reboots on OCI A1.Flex, so not sure what's going on there. The current uptime of my OPNsense test instance there is 32 days. I'm not using os-haproxy or os-iperf though, so you might want to test running it without these two plugins for a while.
The OPNsense package included in my aarch64 packages set is preconfigured with my firmware repo. Since you prefetched that, you can simply update OPNsense the normal way (using the Web UI or the console).
Hello Maurice,
Thank you for your response. It seems that the issue has disappeared after updating to 24.1.4 using the Web UI. I'm not sure, but it seems there might have been some errors during the self-build process.
Edit: In fact, the random reboot issue was caused by suricata. However, it's not certain whether this issue is influenced by arm64 or Oracle Cloud virtualization.
OPNsense 24.1.5 aarch64 packages and sets released. Includes hotfix 24.1.5_1.
[Update 2024-04-06]
Hotfix 24.1.5_3 released.
OPNsense 24.1.6 aarch64 packages and sets released.
OPNsense 24.1.7 aarch64 packages and sets released.
[Update 2024-05-21]
Hotfix 24.1.7_4 released.
Quote from: rdunkle84 on February 01, 2024, 05:29:21 PM
OPNsense 24.1 aarch64 .... is working well on Orange Pi 5 Plus.
Would you mind sharing your build or the steps you took? I'm trying to get it working on my OPI5+ as well. Thank you.
OPNsense 24.1.8 aarch64 delayed until further notice. caddy-custom fails to build.
The resources I can currently assign to OPNsense stuff are unfortunately sufficient for routine builds only, no troubleshooting. So no ETA, sorry (unless someone's crystal ball comes up with a quick fix).
I would recommend removing www/caddy from both ports and plugins configuration and releasing without it. This can be an option... it will show up as orphaned but continue to work as before.
Cheers,
Franco
I only test the build on amd64 so it would be best to remove www/caddy-custom from the build if it fails. I can't do arm build tests. Sorry for the trouble here.
The binary itself is pretty hard to maintain right now since its in a weird state between some internal golang dependency problems. Im fixing upstream issues here too right now. Hope its in a better more consistent state again soon.
Reference why it happens, bad timing: https://github.com/opnsense/tools/pull/400#issuecomment-2140805870
When OPNsense 24.1.8 got built on wednesday, it was still caddy-2.7.6 and things were fine.
On Thursday/Friday they released new version 2.8.0 and 2.8.1 and I didn't verify the built yet. But since the version is not tagged (like I planned to do once), it pulled latest...
EDIT:
@Maurice
config/24.1/make.conf
github.com/caddy-dns/rfc2136@6096cd5db964c3f7757986b73ffa0617534497f7
That plugin has a build error with latest caddy version. It caused your build to fail.
EDIT2:
This PR should fix it: https://github.com/opnsense/tools/pull/413
Build works for me.
EDIT3:
Also working on fixing the port itself so it can be fixed upstream:
https://github.com/opnsense/ports/pull/198
Quote from: jcook on May 23, 2024, 09:15:00 PM
Quote from: rdunkle84 on February 01, 2024, 05:29:21 PM
OPNsense 24.1 aarch64 .... is working well on Orange Pi 5 Plus.
Would you mind sharing your build or the steps you took? I'm trying to get it working on my OPI5+ as well. Thank you.
The first step is to change the firmware of the OPI5+ to use EDK2 firmware.
https://github.com/edk2-porting/edk2-rk3588 (https://github.com/edk2-porting/edk2-rk3588)
If you do that then you can use the OPNsense images.
OPNsense 24.1.8 aarch64 packages and sets released.
Thanks @Monviech, https://github.com/opnsense/tools/pull/413 fixed it.
OPNsense 24.1.9 aarch64 packages and sets released.
[Update 2024-06-20]
Hotfix 24.1.9_3 released.
[Update 2024-06-21]
Hotfix 24.1.9_4 released.
OPNsense 24.1.10 aarch64 packages and sets released. Includes hotfix 24.1.10_2.
[Update 2024-07-15]
Hotfix 24.1.10_3 released.
OPNsense 24.7.r1 aarch64 packages and sets released.
This is mostly a test for my new FreeBSD 14.1 build system. There is no supported upgrade path from 24.1 yet. But if you are in the mood for experiments, you could upgrade manually. Be aware that your config may not be migrated properly, so don't use on production systems:
fetch -o /usr/local/etc/pkg/fingerprints/OPNsense/trusted https://opnsense-update.walker.earth/FreeBSD:14:aarch64/24.7/opnsense-update.walker.earth.20240618
opnsense-update -u -a FreeBSD:14:aarch64 -A 24.7 -r 24.7.r1
You're also welcome to test one of the 24.7.r1 VM images from my GitHub.
My 24.7-aarch64 builds use a new signing key. The fingerprint will be included in 24.1.11 24.1.10_8. The new public key is:
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4cUzCC7UMWhUHzpl7Fvd
DkiOvs7LN1HqX44O41A7OoGgJNm+AV52YZPvorr7PUbJrqtY4kuYiWUuNSvKtVOa
r7Er8TT+GVor6Gtc+WqvcKzRywi7UkXXAkFz1TfSQXzaGgY21B0NPqoi8+1nUsh/
FegPaoEXRWInq6DcZLckOpXHBYf9MucreD+yIEHrIgHkWnklsc78fY6NGHwLSaT6
38nV5knkC8LB5S2PzapEql7Dz7Cvk30MNY2NQ6xiaZr0Mf5C5clnumm3xBWsK+cl
TaSzJCND7F5rHbmom9zNkrqb5yMAoYyX8wD79FjJPgFT/cW+q2uhX3+UPMWCRKTN
JKR4NuHopTc69VX9Dft1ytGOSs9HbASrHOnHytintRz2dyYeVwFbj2dughEvkcBI
UPLklQyVykZDjV5mVDtL9JSbkLINztXy1/fgZqsWpMOdZ+CgShyxyvcER+4aSTKf
/mc7aR6T3cOICPPInck1pct1mXrW2PS1cKH7+98FmzQ1F2otOWsY6hd3+P2KT9rY
QOwQs38BObYPQz/UZiGbqX3f3Y+cyFtbdQl0Es/hQWh9qxsh3m3hQx0av1bbp7i5
CUgjVcP5wN5YeuE01mzu2rXND5ho2khilE6IaS9dVOKYndL//AOZyyOJQUtJdaFb
XTY8nWldWbn2nNFyMODtFxMCAwEAAQ==
-----END PUBLIC KEY-----
Awesome, thanks for doing this!
Having a little side project which requires some attention on a regular basis helps me stay connected to the OPNsense project, even in times when I'm not really active here otherwise.
I don't have any Web server logs enabled, but the repo server's interface statistics currently show about 25 GB upload per month. Not a lot, but at least a few people seem to be using it and I'm not doing this just for myself. 😅
OPNsense 24.7.r2 aarch64 packages and sets released.
OPNsense 24.7 aarch64 packages and sets released.
[Update 2024-07-27]
Hotfix 24.7_5 released.
[Update 2024-07-29]
Hotfix 24.7_9 released.
The upgrade path from 24.1.x is the same as on amd64 - update to OPNsense 24.1.10_8 (also released today) to unlock the upgrade.
Neat! If you notice I have polished the "aux" set for mirror publication. It may help some people to avoid long build times by caching rust and cmake in particular...
Also hotfix incoming today. Better safe than sorry. :)
Cheers,
Franco
Yes, I did notice and published the aux set as well. 8)
Rust is ignored on aarch64 though, so it's just cmake and go.
What would a major release be without a day 2 hotfix! ;D
Cheers
Maurice
Always one step ahead it seems. :)
Time to change the rust/suricata situation maybe?
Cheers,
Franco
Hm, what exactly is the current Rust / Suricata situation?
It works without hiccups build-wise on amd64 these days. I think it had trouble building aarch64 which is why we disabled it?
https://github.com/opnsense/core/commit/f098b3a9ba1
Apparently some time ago in 2019 ;)
May have been for 32-bit ARM anyway. It's worth trying it on your end and raise a PR if it works.
Cheers,
Franco
Suricata is an aarch64 core dependency since 23.7:
https://github.com/opnsense/core/commit/e6994089402
All of the aarch64 packages sets I've released include Suricata. I might be missing something here?
Cheers
Maurice
To be frank you said:
"Rust is ignored on aarch64 though, so it's just cmake and go."
Based off of that I thought Suricata wasn't in aarch64, because Suricata builds Rust anyway making exclusion from the aux set pointless? :)
Cheers,
Franco
> making exclusion from the aux set pointless?
I think so, yes. As way to often, I thought that excluding Rust from the aux set must have a very serious reason that someone figured out after a lengthy evaluation. ;D Turns out it might have just been overlooked when Suricata was made a core dependency on aarch64?
Cheers
Maurice
Could be. Sorry for the confusion. It would be best to add it back to the aux set -- after all the aux stuff does not build directly, but when it is found it will be stored there.
Cheers,
Franco
OPNsense 24.7.1 aarch64 packages and sets released.
OPNsense 24.7.2 aarch64 packages and sets released.
Nice, thanks! :)
24.7.2
Clean install not upgrade.
I see an error on console:
HTTPS: Could not open file or uri for loading certificate from /var/etc/cert.pem
00206149AD9D0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:/usr/src/crypto/openssl/crypto/store/store_register.c:237:scheme=file
00206149AD9D0000:error:80000002:system library:file_open:No such file or directory:/usr/src/crypto/openssl/providers/implementations/storemgmt/file_store.c:267:calling stat(/var/etc/cert.pem)
Unable to load certificate
Just a cosmetic issue at the moment when starting with a vanilla 24.7.2 image.
https://github.com/opnsense/core/commit/49aa78594f
Yes, I noticed this issue when testing the VM images, but decided to release them anyway. Mostly because
- it's not an aarch64 issue,
- there's already a fix in master and
- it's only cosmetic.
When the patch gets officially released, I'll release it, too.
Could you also build the DVD for aarch64? I have a pull request (https://github.com/opnsense/tools/pull/424) that fixes the creation for ARM64. This allows you to install opnsense like any other OS as long as the platform has UEFI available. (which many aarch64 devices do)
We can talk about including this PR, but the review questions still stand. And is UEFI really a prerequisite here anyway?
It just doesn't feel very polished.
Cheers,
Franco
OPNsense 24.7.3 aarch64 packages and sets released. Includes hotfix 24.7.3_1.
@korhojoa You're the first one to ask about DVD images and it seems you're quite proficient at building them yourself. So I'm not sure who I would be building these for. Also, I wouldn't be able to easily test them. All my work with aarch64 happens on cloud VMs, I don't currently own any suitable hardware. Feel free to donate something. ;D
But I'll look into it if your PR gets merged. It wouldn't be a lot of work to add this to my build process.
Cheers
Maurice
OPNsense 24.7.4 aarch64 packages and sets released.
[Update 2024-09-15]
Hotfix 24.7.4_1 released.
@korhojoa haven't read back yet explicitly, but my proposal in https://github.com/opnsense/tools/pull/430 stands.
@Maurice thanks, nice work!
OPNsense 24.7.5 aarch64 packages and sets released.
[Update 2024-09-30]
Hotfix 24.7.5_3 released.
👍
@franco opnsense/ports are missing the 24.7.6 tag, so I just added it to 3a98f86 (https://github.com/opnsense/ports/commit/3a98f8683f8bc94d3eeef9aa8e120a6d9afeef0e) locally. I'm just about ready to release the packages and sets, but noticed that you pushed more commits today. Are these included in 24.7.6?
Cheers
Maurice
Sorry, just pushed 24.7.6 tag.
Here's a little trick for you if in doubt:
https://pkg.opnsense.org/FreeBSD:14:amd64/24.7/MINT/24.7.6/latest/.ports_done
Cheers,
Franco
OPNsense 24.7.6 aarch64 packages and sets released.
@franco Neat!
Great, thanks!
I should say the file is .xxx_done so you see some divergence during earlier stages for obvious reasons. We don't usually build after tagging everything but eventually everything should be on the respective tag. ;)
Cheers,
Franco
OPNsense 24.7.7 aarch64 packages and sets released.
Hi guys and sorry for OT.
after installing the os-sunnyvalley plugin, pkg cannot find the repository from the zenarmor site returning the following errors:
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 24.7.7 at Thu Oct 31 18:20:18 UTC 2024
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 732 packages processed.
Updating SunnyValley repository catalogue...
pkg: https://updates.zenarmor.com/opnsense/FreeBSD:14:aarch64/24.7/latest/meta.txz: Not Found
repository SunnyValley has no meta file, using default settings
pkg: https://updates.zenarmor.com/opnsense/FreeBSD:14:aarch64/24.7/latest/packagesite.pkg: Not Found
pkg: https://updates.zenarmor.com/opnsense/FreeBSD:14:aarch64/24.7/latest/packagesite.txz: Not Found
Unable to update repository SunnyValley
Error updating repositories!
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***
I have just executed "pkg update && pkg upgrade" by shell but nothing has changed.
Someone can help me?
system: OPNsense 24.7.7 aarch64 (on Ampere A1 in Oracle Cloud) downloaded by maurice repo on github
Thanks.
Paganello
Zenarmor is a third-party plugin provided directly by Sunny Valley. They probably don't offer an aarch64 build. There's nothing I can do about that.
Cheers
Maurice
os-sunnyvalley will be removed from future OPNsense aarch64 builds to avoid any confusion. Thanks for the heads-up, Paganello! And feel free to discuss the possibility of Zenarmor aarch64 on the Zenarmor board. It seems they have an aarch64 build for vanilla FreeBSD, so who knows. Supporting a plugin for unofficial OPNsense builds might be challenging though.
Cheers
Maurice
OPNsense 24.7.8 aarch64 packages and sets released.
That was quick. <3
Thanks to your little trick, I was able to start building yesterday once you uploaded the packages. ;)
Just had to double-check the commit hashes today and rebuild opnsense-update.
Err, yes, nothing like an essential missing piece during last minute QA testing... ;)
OPNsense 24.7.9 aarch64 packages and sets released. Includes hotfix 24.7.9_1.
OPNsense 24.7.10 aarch64 packages and sets released. Includes hotfix 24.7.10_2 (kernel, core and plugins).
@franco May I ask why the hotfixed kernel isn't named 24.7.10_2? I renamed it using
make rename-kernel VERSION=24.7.10
to emulate your release, but was wondering why that decision was made.
We don't have revisions support for kernels. It is supposed to be a rare occurrence. :)
Cheers,
Franco
Hm, the kernel I built was named kernel-24.7.10_2-aarch64, I had to explicitly rename it to 24.7.10.
But I guess what you're saying is that opnsense-update wouldn't know what to do with kernel-24.7.10_2?
Cheers
Maurice
Correct, it's intentional that opnsense-update will not take revisions to the kernel so opnsense-update can be corrected but keeps fixed on the same kernel. It was an early design choice that hopefully does not need revisiting.
You can still grab these kernels with opnsense-update manually (-r) though.
Cheers,
Franco
OPNsense 24.7.11 aarch64 packages and sets released. Includes hotfix 24.7.11_2.
A big thank you to keeping this going! I'm mostly using this in local virtual machines on macOS where the aarch64 images work really well.
I used to have my local CI build ARM images but I got lazy and didn't really keep up with the updates and never setup a repo to do in-place upgrades with... but your solution has been a blast!
Some details: this works with native hardware accelerated virtualisation as well as QEMU; but on recent macOS releases you either have to do local user networking (slow, emulated, think: SLIRP) or vmnet which is what Apple supplies. Downside is that it only wants to do NAT, Host-only (PTP) or Bridged networking, and you cannot create something like a Open vSwitch yourself, there is no more TUN/TAP and even VDE doesn't really work anymore. But! You can create a Bond interface with 0 members, which even when down will pass L2 frames like a champ (even VLANs), and it works with vmnet natively as well. End result: accelerated machines and networking for your local networking needs.
OPNsense 24.7.12 aarch64 packages and sets released.
[Update 2025-01-23]
Hotfix 24.7.12_2 released.
[Update 2025-01-29]
Hotfix 24.7.12_4 released.
In other news, GitHub Sponsors (https://github.com/sponsors/maurice-w) is now available as an option to support these efforts. I intend to keep the server public and frequently updated for the foreseeable future. Your contribution helps to maintain these efforts.
OPNsense 25.1.r1 aarch64 packages and sets released.
This is mostly a test for my new FreeBSD 14.2 build system. There is no supported upgrade path from 24.7 yet. But if you are in the mood for experiments, you could upgrade manually. Be aware that your config may not be migrated properly, so don't use on production systems:
fetch -o /usr/local/etc/pkg/fingerprints/OPNsense/trusted https://opnsense-update.walker.earth/FreeBSD:14:aarch64/25.1/opnsense-update.walker.earth.20241220
opnsense-update -u -A 25.1 -r 25.1.r1
You're also welcome to test one of the 25.1.r1 VM images from my GitHub.
My 25.1-aarch64 builds use a new signing key. The fingerprint will be included in the next 24.7.x update / hotfix. The new public key is:
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvjmZd/4LGgOwvsOW35iH
novsNd+39Y1dWFhLFnYDLQ7Jp+xYeYmFwhLSxxR6mJcHCRQpzL1vX1aCB+6OZNgd
2wfQW44CEW//9hhoAJK/6QUwLmpB7OfFMy8/dnVacAdzLhmdqBjowBMoiRxQ8L7Q
tPGiztsBOK6UsytMquVKmAloo7NxNVK3pDcJpjoN48mS/78NmcW/xoFsP6j55n77
WOpkm2ExklTrpENymFocD/RzKApmTyZMkoeeH3PfdPEj8rd8ZGgposGra1Da0wUb
6moiP1yqnuyS9Wdt91IQ01cWW+DRi/OIZhSJxPrsNvMQQrcS46LviCIJ5nbjPRVq
QAnMXONUbTSR5x4BdUUELTWOCDNonIe3vglpfOB6QYnAZMCi+StY+NVv4hjp92UT
hLCy3hB846ubriIq4LLBVrmMufFuR/1cIPcd2zwyAbjOOsjGSKlL6szjsodBkFnp
Ha+BYY1JtBVe6tCkTF5RRpktK16fml8nYe8fxELDsq3ffayQDi6Uo49gNwGddDC2
VeLskIgweTecMFbwT1Nw2DNNi45RT9w/X5Li+kqgPfUbPWBrQNroH1HfDAmS8/RX
fg70S7WW1czb29tPXk9OR0gaA4hPc3iAlexB5AN+dJ/VsJwzhcVxC7dcSbA069bd
g1TGwGknb36h4NhTiiI0+XkCAwEAAQ==
-----END PUBLIC KEY-----
OPNsense 25.1.r2 aarch64 packages and sets released.
OPNsense 25.1 aarch64 packages and sets released.
The upgrade path from 24.7.x is the same as on amd64 - update to OPNsense 24.7.12_4 (also released today) to unlock the upgrade.
OPNsense 25.1.1 aarch64 packages and sets released.
Quote from: rdunkle84 on May 31, 2024, 09:03:54 AMQuote from: jcook on May 23, 2024, 09:15:00 PMQuote from: rdunkle84 on February 01, 2024, 05:29:21 PMOPNsense 24.1 aarch64 .... is working well on Orange Pi 5 Plus.
Would you mind sharing your build or the steps you took? I'm trying to get it working on my OPI5+ as well. Thank you.
The first step is to change the firmware of the OPI5+ to use EDK2 firmware.
https://github.com/edk2-porting/edk2-rk3588 (https://github.com/edk2-porting/edk2-rk3588)
If you do that then you can use the OPNsense images.
I have an OPI5+. I burned the EDK2 image to my sdcard and it boots. How do I get an aarch64 image? Do I need to manually build one? Can I use a VM aarch64 from https://github.com/maurice-w/opnsense-vm-images?
On the OP first post, there are steps on how you can update your existing aarch64 Opnsense.
There is also a step to build it. I followed those steps. I created a FreeBSD 14.2 VM. I followed the steps on https://github.com/opnsense/tools, but when I ran the command
make prefetch-base,kernel,packages MIRRORS=https://opnsense-update.walker.earth nothing happened.
I cannot seem to find a prebuilt ISO anywhere for aarch64 so I cannot run OPs update steps to get the latest version. There is one here: https://personalbsd.org/?p=1561 But it doesn't actually work. It kernel panics. I suspect it does something with EDK2, but it is beyond me.
I am sorry for being a newb, but I really cannot figure this out and would love some help! Can someone point me where I can get an OpnSense aarch64 image?
A VM image should work, but you'll have to convert it to raw. And don't write the entire image to the SD card - this would overwrite the EDK2 firmware. Instead, copy the individual partitions from the VM image to the SD card.
If you want to build your own image, there are step-by-step instructions on my GitHub.
Cheers
Maurice
Quote from: Maurice on February 26, 2025, 12:52:51 AMA VM image should work, but you'll have to convert it to raw. And don't write the entire image to the SD card - this would overwrite the EDK2 firmware. Instead, copy the individual partitions from the VM image to the SD card.
Maurice,
- When I wrote the EDK2 image to my SD card it created a 8MB UBoot partition, leaving the rest of my 32GB card unassigned.
- I DLed VM image https://github.com/maurice-w/opnsense-vm-images/releases/download/25.1/OPNsense-25.1-ufs-efi-vm-aarch64.qcow2.bz2
- Ran
qemu-image resize OPNsense-25.1-ufs-efi-vm-aarch64.qcow2.bz2 20G - Ran
qemu-image convert OPNsense-25.1-ufs-efi-vm-aarch64.qcow2.bz2 OPNsense-25.1-raw.raw - To test this I used QEMU's Virtual Machine Manager to boot from the raw using aarch64 architecture and selecting FreeBSD 14.2 as the OS. It booted, but went to shell, so maybe I didn't do something right
- created a / partition using ext4 on the SD card using the remainder of the space on the SD card
- Copied the raw file to the new / partition
- Booted opi5+ and nothing loaded besides the EDK2 menu system
I couldn't get EDK2 to see the image or recognize the / partition I created, or maybe it did, but my image wasn't formatted right. In any case my opi5+ did boot. I could access the EDK2 menus, but if I tried continue past boot manager nothing would happen. I know the EDK2 part goes beyond your personal experience, but did I correctly setup the RAW or did I miss a step?
You have to extract the bzip2-compressed VM image first.
You don't have to resize it. During first boot, the root partition and its file system automatically grow to fill the SD card.
Don't copy the entire VM image to the SD card. It contains two partitions (esp and rootfs). Copy these to the SD card (in addition to the "uboot" partition).
Quote from: Maurice on February 27, 2025, 02:02:58 AMDon't copy the entire VM image to the SD card. It contains two partitions (esp and rootfs). Copy these to the SD card (in addition to the "uboot" partition).
I extracted the bzip VM image. How do I access the esp and rootfs? From the .qcow2 file what steps are needed so I can see the ESP and RootFS folders?
Edit: I just had thought that I can use the DD command burn the .raw to my / partition that I created .I am trying that now.
Edit2: the DD command did work, but EDK2 is unable to locate the opnsense img. Using Virtual Machine Manager I was able to create a VM using freeBSD14.2 and aarch64 archecture from the raw I created. It is just unfortunate EDK2 cannot detect it. I suspect the format is not correct for EDK2 see it. However EDK2 does try to boot my created partition and it does say its trying to loading /EFI/BOOT/BOOTAA64.EFI, however it doesn't seem like it can see any other file or folder.
OPNsense 25.1.2 aarch64 packages and sets released.
OPNsense 25.1.3 aarch64 packages and sets released.
which socs do you run your arm sense? i think to buy a arm device. can anyone recommed a device for me? i have 1g isp.
I use cloud VMs based on Ampere Altra processors, can't recommend any specific device for bare metal installations.
OPNsense 25.1.4 aarch64 packages and sets released. Includes hotfix 25.1.4_1.
OPNsense 25.1.5 aarch64 packages and sets released. Includes hotfix 25.1.5_4.
[Update 2025-04-14]
Hotfix 25.1.5_5 released.
Hi Maurice,
Thanks for your work here!
Any plans to publish zfs versions for aarch64?
Thanks
Hey eguun,
Please see my response to the same request by another user on GitGub:
https://github.com/maurice-w/opnsense-vm-images/issues/6#issuecomment-2630698012
Cheers
Maurice
Thanks Maurice for the quick response, clear.
Hi,
Which device would be more likely considered to buy? Raspberry Pi5? Orange pi plus?
Something else? Thanks.
OPNsense 25.1.6 aarch64 packages and sets released. Includes hotfix 25.1.6_2.
[Update 2025-05-10]
Hotfix 25.1.6_4 released.