OPNsense Forum
Archive => 17.1 Legacy Series => Topic started by: abalsam on November 06, 2016, 05:21:53 pm
-
I have found OPNSense to be a full featured, well documented and easy to use solution that can have a small memory/processor footprint (depending on what features are actively in use). I am therefore using it as my standard firewall not only for my home but also for my test labs. This means that when all of my labs are running, I have 10 to 20 OPNSense VMs running at once. When a series of patches are then released, I have to go through the update process on all of the instances. Since, at the end of the update process the downloaded files are deleted and I am unable to find a way to point to a dedicated caching proxy where the update files can be downloaded again locally, the same files need to be downloaded from the internet again and again (consuming bandwidth).
I was wondering if there are any plans to support configuring a dedicated caching proxy for updates only. Alternatively, is there a way to download and centrally maintain update files for select platforms (similar to what Ubuntu offers) so that I could have an internal mirror I could point my VMs to?
Thanks
-
You should use an internal mirror for that - for example you can mirror https://pkg.opnsense.org/ and make it available via a webserver (for example: nginx) by setting the webroot to your mirror directory. On the firmware page you will have to add the address of your mirror.
Note: you do not have to mirror all directories (for example you can omit i386 if you are not using it)
Franco may also have a working rsync command you can use to mirror the files.
Kind regards
Fabian
-
Please don't mirror the main server... use one of https://opnsense.org/download/
Use e.g. one of the LeaseWeb servers around the world and sync the main directory:
http://mirror.sfo12.us.leaseweb.net/opnsense/
You only need an HTTP host (all updates are signed) to publish your changes internally, then go to System: Firmware: Updates and change mirror to "(other)" and put your own URL in there (it can be an internal one, even DNS if the firewall can resolve it).
Cheers,
Franco
-
When I reviewed the content of the mirror, it looks like some of the same packages are present in multiple locations (which implies symlinks on the source). If I just did a sync of the entire mirror, I am afraid I would be copying more than I would need to. Is there a document that I can refer to that would tell me how to set up a local mirror?
Thanks
-
LeaseWeb supports rsync, it's really simple :)
https://mirror.de.leaseweb.net/