OPNsense Forum
English Forums => General Discussion => Topic started by: Johan2 on October 09, 2015, 11:47:46 am
-
Hi,
I read that Opnsense is a standard pkg package. Is it save to use Opnsense in production as a standard pkg package on top of a standard FreeBSD installation?
Thanks,
J.
-
The answer is "no". Just tried it. Sorry for asking.
-
The devs can explain this in more detail, but iirc it will be possible in the future once the package no longer has specific patches for FreeBSD.
Then, there can be a stand alone package of OPNsense.
-
Well, what exactly brought you to the conclusion this doesn't work? We went through the process with a user once, he made a blog post about it:
https://kram3r.wordpress.com/2015/07/09/opnsense-on-digitalocean-droplet/
Lots of manual steps, mostly needed because we still have custom patches on top of FreeBSD and the distance of the project when we forked was bigger than any of us had wished. Since we've done big steps towards making it a true package. Come FreeBSD 11 that might be true. We'll see. :)
-
Well, what exactly brought you to the conclusion this doesn't work? We went through the process with a user once, he made a blog post about it:
Thanks Franco. I am gonna try again.
-
I have tried again and the answer is: no it can not be done.
First I installed plain FreeBSD 10.1.
Than I did what Franco explained.
First error:
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.opnsense.org/freebsd:10:x86:32/latest, please wait...
pkg: Error fetching http://pkg.opnsense.org/freebsd:10:x86:32/latest/Latest/pkg.txz: Not Found
A pre-built version of pkg could not be found for your system.
Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'.
So in /etc/pkg/FreeBSD.conf I changed the line
url: “pkg+http://pkg.opnsense.org/${ABI}/latest”
in to
url: “pkg+http://pkg.opnsense.org/FreeBSD:10:i386/latest”
Second error:
pkg: No packages available to install matching 'os-update' have been found in the repositories
After "pkg install pfsense" I rebooted.
Third error: the machine does not want to boot:
mount: / unknown special file ore file system
mkdir : /tmp/.cdrom: Read-only file system
mount_unionfs: /tmp/.cdrom: No such file or directory
-
I have tried again and the answer is: no it can not be done.
Yes it can. :) Although I am not sure why it is important to transform a FreeBSD system unless it is a remote/cloud service that doesn't do custom ISO install (vultr is great for that btw).
Bootstrapping pkg from pkg+http://pkg.opnsense.org/freebsd:10:x86:32/latest, please wait...
pkg: Error fetching http://pkg.opnsense.org/freebsd:10:x86:32/latest/Latest/pkg.txz: Not Found
A pre-built version of pkg could not be found for your system.
Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'.
FreeBSD pkg switched ${ABI} somewhere after initial release of 10.1. I fixed this on our mirror just now, although we as OPNsense never used the old ABI. This worked before because others would upgrade pkg in FreeBSD before going to switching to OPNsense.
pkg: No packages available to install matching 'os-update' have been found in the repositories
os-update has been renamed to opnsense-update for clarity. Sorry about that.
I would not recommend commencing after such an error, it's impossible to predict what'll happen next...
After "pkg install pfsense" I rebooted.
;)
Third error: the machine does not want to boot:
I'm not sure if you are using UFS or not, requirement is it needs to be UFS in order to work. The scripts don't fiddle with /etc/fstab or boot order at all.
-
.
Yes it can. :) .
Yes it can. Easy. Been there, done that. 8)
Although I am not sure why it is important to transform a FreeBSD system unless it is a remote/cloud service that doesn't do custom ISO install (vultr is great for that btw)..
To add Opnsense to a running system so I do not need an external router for now.
I'm not sure if you are using UFS or not
No I used ZFS. Just tested on UFS, that works. I need ZFS support. UFS will not save me an external router.
Only thing after the transformation from FreeBSD to Opnsense is that SSH can not be started from console. The option is not there. Is that normal? Can not find the option to start SSH in the webgui as well.
-
Hi Johan,
ZFS on root support is still not functional. We've had a few requests regarding this, but haven't been unable to weave it into the mid-term roadmap. Sorry. Any help here is more than welcome. FWIW, additional ZFS volumes can be pushed into the system with no issue.
Please keep in mind that OPNsense will take over the router so it might clobber other settings that were set previously. We can only guarantee consistent behaviour within the bounds of the feature scope that OPNsense delivers itself. Some hooks are in place to allow further low level customisation (persistent), but it may require more system engineering on the router to work conflict-free.
SSH settings are under System: Settings: Admin Access. Make sure you check "root login" and "password login" if you need these options. We try to follow the standard SSH config that does not permit this by default, that's also why we killed the console option: it's useless to switch on SSH if you don't have any uploaded SSH keys in the system or root cannot login, both things won't work on a fresh install anyway.
Enjoy,
Franco
-
I'm following the digital ocean guide, however I find that the package repository is pointing to version 15.7.12, which is old. So is the ${ABI} not updated to version 16.7 ?
-
There's an app for that:
# fetch https://raw.githubusercontent.com/opnsense/update/master/bootstrap/opnsense-bootstrap.sh
# sh opnsense-bootstrap.sh
Cheers,
Franco