Hi All,
Have read a couple posts from a couple of years ago (Mainly Patrick's responses) about this but I'm afraid I'm just too dumb to understand and need bigger brains to help me if anyone's willing.
So far, I've got OPNSense running beautifully using a single port for WAN and a single Port for LAN that includes 4 VLANs. What I've since learnt is that TrueNAS is an absolute *&%^*$ if you want to spin up services with it on your desired VLANs.
Anyway, Rather than buy another Ubiquity Flex 10 Gig switch in such lovely economic times, to in order to bash TrueNAS over the head and comply, I'm wondering if I can utilise the existing ports on the router (i5-7500 CPU @ 3.40GHz, 32GB RAM) to have a few house bound devices hang off it so I can move the Flex switch to the shed.
I know, I know, I shouldn't be switching on a router. and yes, if throughput turns to crap, I'll starve the family for a month and get another Flex 10GB switch.
Anyway, I spent fifty-hundred hours putting the following diagram together which is an example of what I'm after, but simplified with just 2 VLANs ← hopefully am not too dumb and can scale out the rest things click for me.
The grouping of opt ports on the router symbolise installed PCIe NICs and the thicker lines for opt5/opt6 ports = 10 gig NIC.
I've already created a bridge with all the ports, but the VLANs are still configured to only use opt1 as their parent, which is how I had it originally configued before attempting this. I can tear down the router and start again no probs if need be, but it would ideally be nice to preserve it since I've got Unify and Arguard up and running on the router via plugins.
Obviously can provide more info if needed, but figured the diagram below is what a lot of home-lab users would like to try/test when physical/locality issues come into play.
If anyone is able to tackle a howto to achieve the diagram below, I'm sure I wouldn't be the only appreciative one.
Thanks,
(edit: I tried to include the diagram inline using asci art but it was too wide and crapped out... soz)
Quote from: hoondi on June 20, 2024, 10:30:01 AM
I've already created a bridge with all the ports, but the VLANs are still configured to only use opt1 as their parent, which is how I had it originally configued before attempting this. I can tear down the router and start again no probs if need be, but it would ideally be nice to preserve it since I've got Unify and Arguard up and running on the router via plugins.
It works the other way round.
You need to create a VLAN interface with tag 1 on each physical interface where you need them, then create a bridge with all these VLAN interaces as members. Same for VLAN 10 and so forth. One bridge per VLAN. Each VLAN explicitly created on each port - not on the bridge.
ah...
I think it just clicked for me.
Will give it a go at a more civil hour and I think I understand now.
Thank you.
update: This post has the bridges wrong, so jump past this. Am leaving it here so others can learn from my mistakes. ;)
Quote from: hoondi on June 24, 2024, 08:57:46 AM
eg:
bridge 1 members consist of: vlan1_em1
bridge 2 members consist of: vlan1_em2
bridge 3 members consist of: vlan1_em3 vlan10_em3
bridge 4 members consist of: vlan1_em4
bridge 5 members consist of: vlan1_cx0
bridge 6 members consist of: vlan1_cx1 vlan10_cx1
Nope.
bridge1: vlan1_em1, vlan_em2, vlan1_em3, vlan1_em4, vlan1_cx0, vlan1_cx1
bridge10: vlan10_em3, vlan10_cx1
One bridge per VLAN as I wrote already ;)
You want all VLAN X instances across all physical ports connected, not all different VLANs on a single physical port, right?
Ah...
So that's why I wasn't understanding the gateway IP and thus DHCP setup.
I was so sure I had it, ::)
okay,
So I've now got the bridges setup. I actually have 5 VLANs in total. (see attached), assigned the bridges as the gateway IP ending in dot one for each VLAN and the DHCP setup makes sense now too.
Thank you Patrick. You are a champion!
If you intend to use IPv6, enable "link local" on the bridge.
Thank you,
I've switched all iPv6 off where possible so this is about the only thing I got right. ha!
Thanks again.
So not quite happening.
with tunables enabled:
System → Settings → Tunables:
net.link.bridge.pfil_member to 0
net.link.bridge.pfil_bridge to 1
I've got the bridges setup to group together the vlans I've created for each physical port.
(Notation used when creating the vlans is "parent-port_vlan-number")
bridge0 cxl0_141, cxl1_141, em0_141, em1_141, em2_141, em3_141, ix0_141, ix1_141
bridge1 cxl0_145, cxl1_145, ix0_145, ix1_145
Subnets are as follows where opnsense web management is 192.168.140.1 ← all Ubiquiti hardware running on this subnet for management as well.
untagged = 192.168.140/24
vlan141 = 192.168.141.0/24
vlan145 = 192.168.145.0.24
I've assigned IPs to the bridges:
bridge0 = 192.168.141.1
bridge1 = 192.168.145.1
DHCP is active and enabled for each of the above, being the untagged/LAN and the two bridges:
ISC DHCPv4
[140_MGMT]
[141_IoT]
[145_Raywood]
this is working as expected and all devices are receiving respective IP addresses on the correct vlan when using the single physical ethernet port of ix0 (← LAN) connected to the Ubiquiti switch which is also setup for vlans.
The moment I unplug a device from the Ubiquiti switch where it is receiving 192.168.141.8 (an AppleTV with static assignment) and plug it directly into the em2 ethernet port which is a spare port configured for use with vlan141 in the bridge on the opnsense router, I get nothing. (i.e. a 169.254.x.y).
Q1.
em2 is the parent for vlan141 only and is in one bridge only being bridge0 and so I'm expecting the Apple TV to receive an IP of 192.168.141.8, ← I'm expecting the Apple TV to receive an IP from the only vlan running on the wire?
Manually assigning an IP doesn't help and so there's more than just DHCP not happening.
Q2.
Enable Interface is checked for all entries in Interfaces → Assignments.
Do all need to be enabled? or just the vlans and the bridges?
I see that floating rules (about 19 of them) for the untagged and two bridges contain two entries for DHCP.
But what I'm seeing in the live view of the firewall log for the physical port em2 is:
em2 2024-07-15T00:12:14 0.0.0.0:68 255.255.255.255:67 udp Default deny / state violation rule
and so it looks like that not only is the firewall preventing DHCP, there's more going on as I've attempted a manual ip config and still have no luck, I'm starting to wonder if I've set things up incorrectly still.
I only have two firewall rules on each of the two bridges and the untagged subnet.
Basically pass DNS and !PrivateNetworks:
IPv4 TCP/UDP 141_IoT net * 141_IoT address 53 (DNS) * * Allow DNS
IPv4 * 141_IoT net * ! PrivateNetworks * * * All Access to Only Internet
Q3.
As the Firewall shows an entry for the raw port, the vlan(s) created on the raw port and the bridge grouping all the vlans together, do I need to apply the above rules to all 3 mentioned or just the bridge? ← I've only configured firewall rules for the bridges and untagged/LAN.
To test, I've created firewall rules on em2 and em2_vlan141 to pass all in and out which has not helped. 0.0.0.0:68 is no longer being blocked on em2 though.
I also disabled !PrivateNetworks for the 141 bridge which has not helped either and so I'm all out of ideas.
I'm clearly missing something and so am wondering if anyone with a bigger brain can spot my error.
ta.
Quote from: hoondi on July 14, 2024, 05:15:16 PM
I've got the bridges setup to group together the vlans I've created for each physical port.
(Notation used when creating the vlans is "parent-port_vlan-number")
bridge0 cxl0_141, cxl1_141, em0_141, em1_141, em2_141, em3_141, ix0_141, ix1_141
bridge1 cxl0_145, cxl1_145, ix0_145, ix1_145
Looks good.
Quote from: hoondi on July 14, 2024, 05:15:16 PM
The moment I unplug a device from the Ubiquiti switch where it is receiving 192.168.141.8 (an AppleTV with static assignment) and plug it directly into the em2 ethernet port which is a spare port configured for use with vlan141 in the bridge on the opnsense router, I get nothing. (i.e. a 169.254.x.y).
Of course. VLAN 141 on em2 is
tagged. Tagged VLANs are for links between routers, switches, servers, ...
An end device like an Apple TV needs an
untagged port. An untagged port carries one VLAN only. To turn em2 into an untagged port in VLAN 141:
- remove the em2_vlan141 interface
- add em2 to the bridge for VLAN 141
Quote from: hoondi on July 14, 2024, 05:15:16 PM
em2 is the parent for vlan141 only and is in one bridge only being bridge0 and so I'm expecting the Apple TV to receive an IP of 192.168.141.8, ← I'm expecting the Apple TV to receive an IP from the only vlan running on the wire?
This is not how this works. In your current configuration the other end needs to understand and use VLAN tags, too, so it needs to be a switch or similar. Reconfigure em2 like I outlined above.
Let's get this fundamental issue fixed, first, before we dig deeper into firewall rules.
Explicitly assigning and enabling the parent interfaces should not be necessary, anymore, if you create VLANs on top of them. It will be necessary for e.g. em2 if you make it a member of the bridge in untagged fashion.
well,
I did say I need a bigger brain right at the start! hehe
You've blown my mind with this fundamental nugget.
I always thought that a switch would assign/tag the actual/physical ports with a vlan (or vlans) for endpoint devices, andd that if only one vlan was configured, that's the IP/subnet that the endpoint would utilise.
I now know that sounds stupid when I read it back!
I'll have another go when I'm back there tonight.
Thanks again Patrick, I'm very appreciative of your knowledge and your willingness to share.
Hi all,
I managed to get the bridges up and running with 5 vlans and so thank you Patrick.
I started over with 24.7 in the end.
I've since noticed that Unifi and AdGuard install, but I'm struggling to identify what interface they're running.
I posted over at https://forum.opnsense.org/index.php?topic=41803.0 thinking it might be a 24.7 issue, but I'm now suspecting the issue is to do with the bridges.
I have a spare box and so will test a basic box using 24.7 with WAN/LAN only.
anyone else using Unifi plugin with a bridge setup by chance?
How many and which kind of Unifi devices do you have and how are you intending to connect them? Are you planning to use VLANs with Unifi APs and map them to SSIDs? If yes, you need a managed switch, period. While you can get far with "switch emulation" with bridges that doesn't play nicely with Unifi. If you have only one WiFi network and SSID, it will work without a switch.
I'll explain the details after your answer.
Kind regards,
Patrick
Hi Patrick,
2 x U6Pro
3 x Flex-Mini
1 x Flex-XG
as of 24.1, I had everything connected via a single 10GB copper port on OPNSense that goes to the Flex-XG and then branches out from there.
I've got two SSIDs running which work fine (vlan141 and vlan145) and have configured the respective ports for the vlans and I can't fault it. My setup provides the correct vlan to the device in question and DHCP is issuing the correct IPs etc etc.
Then I started over with 24.7. Please note that I have not altered any physical port connections, nor have I changed anything in Unify at the time. So all the vlans and devices are happily functioning fine and as expected on their respective vlans and ports.
It's just that after installing Unifi and starting the daemon via the plugin section, I'm not able to get to it on port 8080 to set it up.
As my MGMT/LAN (140) network is able to access all others atm, I expected Unify to appear on 140 subnet also. As that wasn't the case, I've since tried:
192.168.140.1:8080
192.168.141.1:8080
192.168.142.1:8080
192.168.143.1:8080
192.168.144.1:8080
192.168.145.1:8080
no cigar...
I've got more info over at: https://forum.opnsense.org/index.php?topic=41803.msg205501#msg205501 when I thought it was a 24.7 issue.
Update:
I've since installed AGH and I can't get to it on port 3000 either, i.e. I've tried all my vlan gateway IPs as well to no avail.
Just to be clear, all my Unifi equipment is functioning as expected atm, as I haven't even looked at removing the 10GB switch from the house and move it to the shed/home-lab yet. ← I wanted to get it all happening first before physically moving anything.
I can send screenshots if you're after more info.
I've attached what the Unifi controller "tree view" was showing before I started over.
The only difference from I can see from when it was working/accessible to not now is bridges and the new OPNSense version.
I'm writing the new 24.7 to USB stick now to test as well.
ta.
OK, I probably cannot help with the controller proper. I run it in a Linux VM and not on OPNsense.
The intention of my questions was that Unifi expects VLAN 1 to be untagged for provisioning which conflicts with the general advice not to mix untagged and tagged frames on the same port on OPNsense.
That's why I run a trunk port with only tagged VLANs and another dedicated port for VLAN 1 from my OPNsense to my Unifi switch.
Kind regards,
Patrick
Yes,
my 192.168.140.0/24 on OPNSense is the original LAN interface and thus untagged.
Right at the beginning, I changed all my Unifi devices to match this network which is what I understand they like to call VLAN1 from memory, even though it's not a tagged/logical network.
So I "manage" OPNSense and all Unify switches on the same untagged network.
Cheers
just setup a new box.
added mimugmail's repo: https://github.com/mimugmail/opn-repo (https://github.com/mimugmail/opn-repo)
***GOT REQUEST TO INSTALL***
Currently running OPNsense 24.7_9 at Mon Jul 29 23:37:04 AEST 2024
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.
The following 48 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
alsa-lib: 1.2.11 [mimugmail]
brotli: 1.1.0,1 [OPNsense]
dejavu: 2.37_3 [mimugmail]
encodings: 1.1.0,1 [mimugmail]
font-bh-ttf: 1.0.3_5 [mimugmail]
font-misc-ethiopic: 1.0.4 [mimugmail]
font-misc-meltho: 1.0.3_5 [mimugmail]
fontconfig: 2.15.0_3,1 [OPNsense]
freetype2: 2.13.2 [OPNsense]
giflib: 5.2.2 [OPNsense]
graphite2: 1.3.14 [mimugmail]
harfbuzz: 9.0.0 [OPNsense]
javavmwrapper: 2.7.10 [mimugmail]
jbigkit: 2.1_3 [OPNsense]
jpeg-turbo: 3.0.3 [OPNsense]
lcms2: 2.16_2 [mimugmail]
lerc: 4.0.0 [OPNsense]
libICE: 1.1.1,1 [mimugmail]
libSM: 1.2.3_1,1 [mimugmail]
libX11: 1.8.9,1 [mimugmail]
libXau: 1.0.9_1 [mimugmail]
libXdmcp: 1.1.5 [mimugmail]
libXext: 1.3.6,1 [mimugmail]
libXfixes: 6.0.0_1 [mimugmail]
libXi: 1.8_1,1 [mimugmail]
libXrandr: 1.5.2_1 [mimugmail]
libXrender: 0.9.10_2 [mimugmail]
libXt: 1.3.0,1 [mimugmail]
libXtst: 1.2.3_3 [mimugmail]
libdeflate: 1.20 [OPNsense]
libfontenc: 1.1.8 [OPNsense]
libunwind: 20240221 [OPNsense]
libxcb: 1.17.0 [mimugmail]
mkfontscale: 1.2.3 [mimugmail]
mongodb60: 6.0.15_3 [mimugmail]
openjdk17: 17.0.11+9.1 [mimugmail]
os-unifi-maxit: 1.3 [mimugmail]
pcre: 8.45_4 [OPNsense]
png: 1.6.43 [OPNsense]
snappy: 1.2.1 [mimugmail]
snappyjava: 1.1.10.5 [mimugmail]
snowballstemmer: 2.2.0 [mimugmail]
tiff: 4.6.0 [OPNsense]
unifi8: 8.2.93 [mimugmail]
xorg-fonts-truetype: 7.7_1 [mimugmail]
xorgproto: 2024.1 [mimugmail]
yaml-cpp: 0.8.0 [mimugmail]
zstd: 1.5.6 [OPNsense]
Number of packages to be installed: 48
The process will require 754 MiB more space.
341 MiB to be downloaded.
[1/48] Fetching png-1.6.43.pkg: .......... done
[2/48] Fetching javavmwrapper-2.7.10.pkg: ... done
[3/48] Fetching libxcb-1.17.0.pkg: .......... done
[4/48] Fetching freetype2-2.13.2.pkg: .......... done
[5/48] Fetching jpeg-turbo-3.0.3.pkg: .......... done
[6/48] Fetching libXt-1.3.0,1.pkg: .......... done
[7/48] Fetching libXrandr-1.5.2_1.pkg: .... done
[8/48] Fetching os-unifi-maxit-1.3.pkg: . done
[9/48] Fetching lcms2-2.16_2.pkg: .......... done
[10/48] Fetching openjdk17-17.0.11+9.1.pkg: .......... done
[11/48] Fetching snowballstemmer-2.2.0.pkg: .......... done
[12/48] Fetching mkfontscale-1.2.3.pkg: ... done
[13/48] Fetching libdeflate-1.20.pkg: ......... done
[14/48] Fetching libXfixes-6.0.0_1.pkg: .. done
[15/48] Fetching snappyjava-1.1.10.5.pkg: .......... done
[16/48] Fetching font-misc-ethiopic-1.0.4.pkg: .......... done
[17/48] Fetching libX11-1.8.9,1.pkg: .......... done
[18/48] Fetching giflib-5.2.2.pkg: ......... done
[19/48] Fetching libXrender-0.9.10_2.pkg: .... done
[20/48] Fetching xorgproto-2024.1.pkg: .......... done
[21/48] Fetching libXtst-1.2.3_3.pkg: ... done
[22/48] Fetching libXi-1.8_1,1.pkg: .......... done
[23/48] Fetching yaml-cpp-0.8.0.pkg: .......... done
[24/48] Fetching graphite2-1.3.14.pkg: .......... done
[25/48] Fetching encodings-1.1.0,1.pkg: .......... done
[26/48] Fetching alsa-lib-1.2.11.pkg: .......... done
[27/48] Fetching harfbuzz-9.0.0.pkg: .......... done
[28/48] Fetching snappy-1.2.1.pkg: ..... done
[29/48] Fetching libfontenc-1.1.8.pkg: ... done
[30/48] Fetching libunwind-20240221.pkg: .......... done
[31/48] Fetching zstd-1.5.6.pkg: .......... done
[32/48] Fetching font-bh-ttf-1.0.3_5.pkg: .......... done
[33/48] Fetching mongodb60-6.0.15_3.pkg: .......... done
[34/48] Fetching brotli-1.1.0,1.pkg: .......... done
[35/48] Fetching libXext-1.3.6,1.pkg: .......... done
[36/48] Fetching libXau-1.0.9_1.pkg: .. done
[37/48] Fetching libICE-1.1.1,1.pkg: .......... done
[38/48] Fetching fontconfig-2.15.0_3,1.pkg: .......... done
[39/48] Fetching pcre-8.45_4.pkg: .......... done
[40/48] Fetching libSM-1.2.3_1,1.pkg: ... done
[41/48] Fetching jbigkit-2.1_3.pkg: ........ done
[42/48] Fetching font-misc-meltho-1.0.3_5.pkg: .......... done
[43/48] Fetching libXdmcp-1.1.5.pkg: .. done
[44/48] Fetching tiff-4.6.0.pkg: .......... done
[45/48] Fetching xorg-fonts-truetype-7.7_1.pkg: . done
[46/48] Fetching dejavu-2.37_3.pkg: .......... done
[47/48] Fetching unifi8-8.2.93.pkg: .......... done
[48/48] Fetching lerc-4.0.0.pkg: .......... done
Checking integrity... done (0 conflicting)
[1/48] Installing xorgproto-2024.1...
[1/48] Extracting xorgproto-2024.1: .......... done
[2/48] Installing libXau-1.0.9_1...
[2/48] Extracting libXau-1.0.9_1: .......... done
[3/48] Installing libXdmcp-1.1.5...
[3/48] Extracting libXdmcp-1.1.5: ......... done
[4/48] Installing png-1.6.43...
[4/48] Extracting png-1.6.43: .......... done
[5/48] Installing libxcb-1.17.0...
[5/48] Extracting libxcb-1.17.0: .......... done
[6/48] Installing brotli-1.1.0,1...
[6/48] Extracting brotli-1.1.0,1: .......... done
[7/48] Installing freetype2-2.13.2...
[7/48] Extracting freetype2-2.13.2: .......... done
[8/48] Installing libX11-1.8.9,1...
[8/48] Extracting libX11-1.8.9,1: .......... done
[9/48] Installing libfontenc-1.1.8...
[9/48] Extracting libfontenc-1.1.8: ......... done
[10/48] Installing jpeg-turbo-3.0.3...
[10/48] Extracting jpeg-turbo-3.0.3: .......... done
[11/48] Installing mkfontscale-1.2.3...
[11/48] Extracting mkfontscale-1.2.3: ....... done
[12/48] Installing libdeflate-1.20...
[12/48] Extracting libdeflate-1.20: .......... done
[13/48] Installing libXfixes-6.0.0_1...
[13/48] Extracting libXfixes-6.0.0_1: ....... done
[14/48] Installing zstd-1.5.6...
[14/48] Extracting zstd-1.5.6: .......... done
[15/48] Installing libXext-1.3.6,1...
[15/48] Extracting libXext-1.3.6,1: .......... done
[16/48] Installing libICE-1.1.1,1...
[16/48] Extracting libICE-1.1.1,1: .......... done
[17/48] Installing fontconfig-2.15.0_3,1...
[17/48] Extracting fontconfig-2.15.0_3,1: .......... done
[18/48] Installing jbigkit-2.1_3...
[18/48] Extracting jbigkit-2.1_3: .......... done
[19/48] Installing lerc-4.0.0...
[19/48] Extracting lerc-4.0.0: ........ done
[20/48] Installing font-misc-ethiopic-1.0.4...
[20/48] Extracting font-misc-ethiopic-1.0.4: ... done
[21/48] Installing libXrender-0.9.10_2...
[21/48] Extracting libXrender-0.9.10_2: .......... done
[22/48] Installing libXi-1.8_1,1...
[22/48] Extracting libXi-1.8_1,1: .......... done
[23/48] Installing graphite2-1.3.14...
[23/48] Extracting graphite2-1.3.14: .......... done
[24/48] Installing encodings-1.1.0,1...
[24/48] Extracting encodings-1.1.0,1: .......... done
[25/48] Installing font-bh-ttf-1.0.3_5...
[25/48] Extracting font-bh-ttf-1.0.3_5: .......... done
[26/48] Installing libSM-1.2.3_1,1...
[26/48] Extracting libSM-1.2.3_1,1: .......... done
[27/48] Installing font-misc-meltho-1.0.3_5...
[27/48] Extracting font-misc-meltho-1.0.3_5: .......... done
[28/48] Installing tiff-4.6.0...
[28/48] Extracting tiff-4.6.0: .......... done
[29/48] Installing dejavu-2.37_3...
[29/48] Extracting dejavu-2.37_3: .......... done
[30/48] Installing javavmwrapper-2.7.10...
[30/48] Extracting javavmwrapper-2.7.10: .......... done
[31/48] Installing libXt-1.3.0,1...
[31/48] Extracting libXt-1.3.0,1: .......... done
[32/48] Installing libXrandr-1.5.2_1...
[32/48] Extracting libXrandr-1.5.2_1: .......... done
[33/48] Installing lcms2-2.16_2...
[33/48] Extracting lcms2-2.16_2: .......... done
[34/48] Installing snowballstemmer-2.2.0...
[34/48] Extracting snowballstemmer-2.2.0: ..... done
[35/48] Installing giflib-5.2.2...
[35/48] Extracting giflib-5.2.2: .......... done
[36/48] Installing libXtst-1.2.3_3...
[36/48] Extracting libXtst-1.2.3_3: .......... done
[37/48] Installing yaml-cpp-0.8.0...
[37/48] Extracting yaml-cpp-0.8.0: .......... done
[38/48] Installing alsa-lib-1.2.11...
[38/48] Extracting alsa-lib-1.2.11: .......... done
[39/48] Installing harfbuzz-9.0.0...
[39/48] Extracting harfbuzz-9.0.0: .......... done
[40/48] Installing snappy-1.2.1...
[40/48] Extracting snappy-1.2.1: .......... done
[41/48] Installing libunwind-20240221...
[41/48] Extracting libunwind-20240221: .......... done
[42/48] Installing pcre-8.45_4...
[42/48] Extracting pcre-8.45_4: .......... done
[43/48] Installing xorg-fonts-truetype-7.7_1...
[44/48] Installing openjdk17-17.0.11+9.1...
[44/48] Extracting openjdk17-17.0.11+9.1: .......... done
[45/48] Installing snappyjava-1.1.10.5...
[45/48] Extracting snappyjava-1.1.10.5: ..... done
[46/48] Installing mongodb60-6.0.15_3...
===> Creating groups
Creating group 'mongodb' with gid '922'
===> Creating users
Creating user 'mongodb' with uid '922'
===> Creating homedir(s)
[46/48] Extracting mongodb60-6.0.15_3: ........ done
[47/48] Installing unifi8-8.2.93...
===> Creating groups
Creating group 'unifi' with gid '975'
===> Creating users
Creating user 'unifi' with uid '975'
[47/48] Extracting unifi8-8.2.93: .......... done
[48/48] Installing os-unifi-maxit-1.3...
[48/48] Extracting os-unifi-maxit-1.3: .......... done
Stopping configd...done
Starting configd.
Migrated OPNsense\Unifi\General from 0.0.0 to 0.0.1
Reloading plugin configuration
Configuring system logging...done.
Reloading template OPNsense/Unifi: OK
Running fc-cache to build fontconfig cache...
=====
Message from freetype2-2.13.2:
--
The 2.7.x series now uses the new subpixel hinting mode (V40 port's option) as
the default, emulating a modern version of ClearType. This change inevitably
leads to different rendering results, and you might change port's options to
adapt it to your taste (or use the new "FREETYPE_PROPERTIES" environment
variable).
The environment variable "FREETYPE_PROPERTIES" can be used to control the
driver properties. Example:
FREETYPE_PROPERTIES=truetype:interpreter-version=35 \
cff:no-stem-darkening=1 \
autofitter:warping=1
This allows to select, say, the subpixel hinting mode at runtime for a given
application.
If LONG_PCF_NAMES port's option was enabled, the PCF family names may include
the foundry and information whether they contain wide characters. For example,
"Sony Fixed" or "Misc Fixed Wide", instead of "Fixed". This can be disabled at
run time with using pcf:no-long-family-names property, if needed. Example:
FREETYPE_PROPERTIES=pcf:no-long-family-names=1
How to recreate fontconfig cache with using such environment variable,
if needed:
# env FREETYPE_PROPERTIES=pcf:no-long-family-names=1 fc-cache -fsv
The controllable properties are listed in the section "Controlling FreeType
Modules" in the reference's table of contents
(/usr/local/share/doc/freetype2/reference/index.html, if documentation was installed).
=====
Message from dejavu-2.37_3:
--
Make sure that the freetype module is loaded. If it is not, add the following
line to the "Modules" section of your X Windows configuration file:
Load "freetype"
Add the following line to the "Files" section of X Windows configuration file:
FontPath "/usr/local/share/fonts/dejavu/"
Note: your X Windows configuration file is typically /etc/X11/XF86Config
if you are using XFree86, and /etc/X11/xorg.conf if you are using X.Org.
=====
Message from pcre-8.45_4:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
EOLed by upstream, use devel/pcre2 instead.
=====
Message from openjdk17-17.0.11+9.1:
--
This OpenJDK implementation requires fdescfs(5) mounted on /dev/fd and
procfs(5) mounted on /proc.
If you have not done it yet, please do the following:
mount -t fdescfs fdesc /dev/fd
mount -t procfs proc /proc
To make it permanent, you need the following lines in /etc/fstab:
fdesc /dev/fd fdescfs rw 0 0
proc /proc procfs rw 0 0
=====
Message from mongodb60-6.0.15_3:
--
MongoDB on Rasperry Pi can work but is unsupported upstream.
Please read https://jira.mongodb.org/browse/SERVER-71772 if you run this on a non-LSE ARM cpu.
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***
Unifi is up and accessible after enabling in the plugin section. see attached.
I guess I'll log it as a bug with mimugmail and see what happens.
mimugmail suggested I "allow all" across all interfaces as a temp test.
Unify could be reached after that... :-[
Even tho I was testing with a client PC on the same subnet (192.168.140.0/24), I had to add a pass rule to 192.168.140.1:8080 before I could get to it with bridges in the mix. (don't need this rule with just basic LAN/WAN setup)