OPNsense Forum
Archive => 15.7 Legacy Series => Topic started by: franco on August 27, 2015, 11:17:08 am
-
Hi all,
so with 15.7.12 we have shipped an optional development package that has a rework of the whole firewall section (similar to what we did with OpenVPN and IPSec).
We invite everyone to test and report issues or give general comments on layout and workflow.
Here's a manual on how to switch to the development version (and back):
https://forum.opnsense.org/index.php?topic=917.0
Cheers,
Franco
-
are these changes also reflected in the 10.2 snapshot?
-
The call for testing of 10.2 is fundamentally different from the 15.7.11 development changes. You can use any of the the following combinations:
o OPNsense release with FreeBSD 10.1 release (defaults)
o OPNsenes release with FreeBSD 10.2 snapshot (see other thread)
o OPNsense development with FreeBSD 10.1 release (this thread)
o OPNsense development with FreeBSD 10.2 snapshot (both threads)
-
hi all!
just wanted to gain a quick look at that firewall-section overhaul, but... somethings missing here.
took a vm, installed latest 15.7.11, configured. checked working state (ping to wan, etc. all good).
then issued in shell the provided command "pkg install -y opnsense-devel" – that downloaded stuff and returned shell prompt. exited and did a reboot.
logged in, went to the firewall section and have seen nothing, nothing new to my eye. what went wrong?
checked system information and saw this:
OPNsense 15.7_824-amd64
FreeBSD 10.1-RELEASE-p18
OpenSSL 1.0.2d 9 Jul 2015
ok, what to do?
cheers,
Blacky
-
Well, you don't have to reboot. You are on the development version (15.7_xxx). Currently, the firewall section pages are being reworked, so you'll have to navigate to them and see how the are different now. Sometimes it's subtle or not visible liken when we improved LDAP, VPN and firewall pages look cleaner now but untrained roughly the same as they always were (or how they should have been looked like all along). Remaining bits are new features that have new pages you won't find in the release so soon.
-
15.7.12 has some updates to these pages as well as a new subnavigation in the menu to get rid of tabs and cluttered navigation (status/diagnostics) in the long run. If you find anything, let us know. If you like it let us know. If you don't let us know anyway. It's coming to 15.7.13 or 15.7.14 in any case and it better be according to your feedback. Thanks. :)
-
Can't wait to give it a go when my network is less busy! I wanted to mention the help on the various builds. How exactly would you like a report? Is there anything we can do specifically to help opnsense? If I install a beta build and nothing goes wrong and everything is working fine I don't have much to talk about, which is fine but maybe I can be doing something more productive?
-
Reports are fine either here or GitHub, that's where others can pick them up as well. Keeping track of the forum isn't easy at times, but we can always pick up issues from here and move them to GitHub for traceability. Generally speaking, just let us know and keep prodding until good things happen. ;)
Running the beta/devel version shouldn't be hard or very much notable. Things tend to run smoothly apart from the few corners we're working on. Should you find something odd it's great to have a head start before the actual release of a feature (or regression). If you want to do more, join the GitHub discussions, skim the tickets, dump your ideas there or here in the forum. If you are a programmer, there may be a few tiny tickets that have the "help wanted" tag. But in any case testing is the most important thing for us.
Discussions and involving others, asking questions is a great way to come up with ideas, minor improvements that make a big difference or new features that help incorporate more use cases, which can pull in more interested parties and then go back to step one: discussions and start again. :)
-
Should 15.7.12 also include the changes Ad or Jos did for the Static port mapping in NAT Outbound that was missing some options?
Reverted the snapshot to 15.7.11 and upgraded, but it misses the Alias and network address dropdown menu options.
-
I only know of changes to the opnsense-devel package WRT firewall pages.
-
NAT Outbound is part of firewall pages?
-
Yup, it is. :)
-
aw they took away my crypto status on the main page when I updated and then upgraded back to 10.2 :(
OPNsense 15.7_947-amd64
FreeBSD 10.2-RELEASE-p1
LibreSSL 2.2.3
I also apprently cant get a system status (pftop) & (Diagnostics: System Activity), Limiter info and anything gathering data in this method gives me the following.
CSRF check failed. Your form session may have expired, or you may not have
cookies enabled.
when I hit test again my page goes blank and dumps output like a sql debug
last pid: 9979; load averages: 0.04, 0.16, 0.14 up 0+00:08:27 19:57:18 125 processes: 5 running, 100 sleeping, 20 waiting Mem: 254M Active, 82M Inact, 217M Wired, 76M Buf, 7272M Free Swap: PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 11 root 155 ki31 0K 64K CPU3 3 8:21 100.00% [idle{idle: cpu3}] 11 root 155 ki31 0K 64K CPU2 2 8:20 100.00% [idle{idle: cpu2}] 11 root 155 ki31 0K 64K CPU1 1 8:17 100.00% [idle{idle: cpu1}] 11 root 155 ki31 0K 64K RUN 0 8:13 98.29% [idle{idle: cpu0}] 69184 root 22 0 130M 34716K piperd 1 0:08 1.27% /usr/local/bin/php-cgi 41268 root 20 0 289M 203M uwait 0 0:04 0.59% /usr/local/bin/suricata -D -i re0 -i re1 0 root -16 0 0K 160K swapin 3 0:28 0.00% [kernel{swapper}] 41268 root 20 0 289M 203M nanslp 3 0:02 0.00% /usr/local/bin/suricata -D -i re0 -i re1 63601 root 21 0 126M 29040K accept 3 0:01 0.00% /usr/local/bin/php-cgi 12 root -92 - 0K 320K WAIT 1 0:01 0.00% [intr{irq267: re0}] 12 root -92 - 0K 320K WAIT 1 0:01 0.00% [intr{irq268: re1}] 55284 root 20 0 60804K 7072K kqread 3 0:01 0.00% /usr/local/sbin/lighttpd -f /var/etc/lig 41268 root 20 0 289M 203M uwait 0 0:00 0.00% /usr/local/bin/suricata -D -i re0 -i re1 180 root 20 0 115M 30864K accept 0 0:00 0.00% /usr/local/bin/python2.7 /usr/local/opns 41268 root 20 0 289M 203M uwait 2 0:00 0.00% /usr/local/bin/suricata -D -i re0 -i re1 12 root -60 - 0K 320K WAIT 0 0:00 0.00% [intr{swi4: clock}] 41268 root 20 0 289M 203M uwait 1 0:00 0.00% /usr/local/bin/suricata -D -i re0 -i re1 41268 root 20 0 289M 203M uwait 1 0:00 0.00% /usr/local/bin/suricata -D -i re0 -i re1
but it actually is the output I was expecting except well....formatted......and inside the CP.
I also still have an issue with selection on the left hand pane when I scroll down a page on the right.
here is an example
http://recordit.co/f7mGECeRKC
pfinfo doesnt work at all for me.
also if I may ask what exactly is reported and sent via SMTP? I finally got it working but I would like alot communication through this since I prefer email/easier than using a remote logging server for event notification. Can/are we/able to customize/request features or alerts that can be sent via this?
-
What do you mean by "crypto" status?
I tracked down the CSRF issue last night (it's only on opnsense-devel fortunately), can be fixed via:
# cd /usr/local/www/csrf
# fetch https://raw.githubusercontent.com/opnsense/core/master/src/www/csrf/csrf-magic.js
This is the likely cause for the diagnostics pages misbehaving.
Also not sure what you mean by SMTP... do you mean the notifications?
I'm going to push proper amendments for 15.7.12 (both release and devel) on Monday or Tuesday at the latest.
-
What do you mean by "crypto" status?
I tracked down the CSRF issue last night (it's only on opnsense-devel fortunately), can be fixed via:
# cd /usr/local/www/csrf
# fetch https://raw.githubusercontent.com/opnsense/core/master/src/www/csrf/csrf-magic.js
This is the likely cause for the diagnostics pages misbehaving.
Also not sure what you mean by SMTP... do you mean the notifications?
I'm going to push proper amendments for 15.7.12 (both release and devel) on Monday or Tuesday at the latest.
Hmm it must have been a bug then. Immediately after I updated I was on the new opnsense build but BSD 10.1 before I upgraded back to 10.2 the opnsense main page had or seemed to have had a field for the cryptography used mine specifically said that it was AES-NI but possibly this was not meant to show up?
yes as for SMTP I ment the email notification system. I just applied the CSRF fix. Did you just disable the cache or was it some kind of incompatibility?
-
CSRF: the style enforcer we use works pretty well on PHP, but it introduced a JavaScript Syntax error. I did not expect this to break, but that's what devel is for some times. Oh, well, nobody expects the Spanish Inquisition. :)
As for crypto I haven't looked at this but I will try to see if I can reproduce when I'm back home.
SMTP Notifications: Gateway down messages, CARP (HA) messages, Config loading errors, some filter messages. Very disorderly and hard to trace to be honest.