OPNsense Forum

English Forums => General Discussion => Topic started by: fox983 on September 23, 2015, 05:35:37 pm

Title: Windows Updates caching
Post by: fox983 on September 23, 2015, 05:35:37 pm

Hello everyone, this is my first post.
First of all, compliments for the great job you're making for this project!!
I've already searched in the forum but unfortunately I didn't find the answer.
So, this is my question: is in your plans implementing a feature for simply caching Windows Updates like IPFire (see http://wiki.ipfire.org/en/configuration/network/update-booster (http://wiki.ipfire.org/en/configuration/network/update-booster))?
In my lab there are many PCs (for repairing - no AD), when Windows Update starts internet connection slows down, a simply web page can take 1-2 mins to load. I think it could be helpful for everyone that doesn't have a good internet connection. If not possible, can you tell me a solution for this?
I've tried http://wiki.squid-cache.org/SquidFaq/WindowsUpdate (http://wiki.squid-cache.org/SquidFaq/WindowsUpdate) with pfSense, but IPFire's solution is much better and ready to use...
Hope to see that in OPNsense, and sorry for my bad english...  :D
Thank you

Title: Re: Windows Updates caching
Post by: weust on September 23, 2015, 06:23:49 pm

If you already have a lab, why not setup a Windows server with WSUS?
Especially if you have a MSDN license that shouldn't be a problem.

Your clients don't need to be domain members to use the WSUS, although you need to manually configure the local group policy, and use wuauclt to authorize it.

Seems to me that's a lot simpler then messing around with non-Microsoft products.

Title: Re: Windows Updates caching
Post by: fox983 on September 24, 2015, 10:53:05 am

I'm testing this solution for a couple of days, but requires registry or GP changes when pc come into the lab and I must remember to delete changes when I finish to repair...

It's better to have a transparent proxy that does the caching job (without necessity to approve or refuse update, etc), don't you think?

Title: Re: Windows Updates caching
Post by: weust on September 24, 2015, 02:12:37 pm

In my opinion, a computer that enters the lab will be enrolled for the lab.
Ideal situation of course.

Personally I don't like caching proxies. Never did.
And to come back to WSUS, you could use your production machine as well, as long as you allow the correct port to the VLAN where the production WSUS server resides.
Unless you have it fysically seperated.

Title: Re: Windows Updates caching
Post by: fox983 on September 24, 2015, 04:44:37 pm

Computers are not mine, I work in a repair shop, after repairing customers bring them back to home.

Title: Re: Windows Updates caching
Post by: weust on September 24, 2015, 05:33:12 pm

Aaah, now it makes sense to me :-)

Title: Re: Windows Updates caching
Post by: fox983 on September 25, 2015, 08:32:32 pm

 :) :)
So none of you have this problem?

Title: Re: Windows Updates caching
Post by: btoaldas on November 24, 2015, 12:30:51 am

Pues yo bloquear todas las ip y web que utilizan para actualizaciones de windows (por ejemplo windowsupdate.com) tanto por firewall como por proxy, con eso ya ninguno tiene por que actualizarse y consumir tu ancho de banda, y que después vaya a su casa

Title: Re: Windows Updates caching
Post by: fox983 on December 17, 2015, 10:42:35 am

This isn't a solution!  :) Updates have to be done in lab...

Title: Re: Windows Updates caching
Post by: weust on December 17, 2015, 11:10:09 am

Isn't Offline Windows Update (forgot the exact name) not something to try out in your case?
Could place it on a share or USB stick for usage.