Messages

It 'supports' it as in, it is functional and has a driver but it doesn't "do" anything for your network.

Do you know what a TPM is and what it is for? Because it seems like you might just like it because it has a cool name  :P

It almost seems like it's trying to start up but gets a brownout and resets, which could indicate a bad power supply. It's not really flashing, but more like turning on and then losing power.

Flashing or blinking usually has a fixed pattern which also happens when the PC is in standby mode.

Anyhow, Qotom is pretty good at their customer service (for an Aliexpress supplier  :P) so I'm sure they'll figure it out and get you up and running.

[Preamble]

Preamble
I've been running OPNSense on a number of refurbished/retargeted hardware devices that are slowly trickling down from the high-end NFV enterprise boxes down to us mortals, and ONIE availability has been coming in more frequently over the past few years.

For example, a relatively large amount of Dell VEP devices is becoming available due to their enterprise lifecycle nearing the end of the first support phase, those boxes generally come with multicore C3000 series SoCs, 4+ GB of RAM and some combination of eMMC and mSATA or M.2 SSDs with a number of high quality network interfaces (some via the C3000 embedded interfaces, some i3xx series). Due to the low cost and relatively high reliability and performance this makes for a very neat platform to run a variety of network functions on top of.

One of the features of a lot of uCPE and NFV hardware devices have is ONIE support. This is essentially an embedded Linux environment that serves to install/update/replace the main OS. It doesn't need to target a Linux OS, examples (commercial mostly) running NetBSD and even VxWorks are in use at scale. The benefit is that you get integrated support for recovery methods, as well as embedded diagnostics, and device-specific information about the ports, locations, naming, and other chassis features. It's not quite as 'fat' or complex as a BMC or SPS but more comparable to an extension of a DTB.

The actual idea
Wouldn't it be great if we could package an OPNSense installation into a format that can be 'installed' and 'recovered' using ONIE? This way, we can run on a variety of network hardware while only adding a single installation option. It is similar to developing an AMI for AWS or a CF image for x86 devices with no VGA. As far as I can tell, this boils down to a package with a disk image, a deployment script so whatever bootloader the device comes with can chainload BTX, and an addition to that disk image that reads the configuration ONIE parks in a known spot so it can boot up and know what interfaces exist ahead of time.

I am by no means a BSD installer specialist, but looking at the scripts for the ARM build and AWS AMI build it should be feasible to prepare an architecture-specific image that can at least run without additional installation, and then inject a process or rc script to read a base configuration when a fresh install/image is detected.

I don't know if anyone else has thought of this or if this was attempted at an earlier time but some feedback on this idea would be neat.

For anyone stumbling upon this topic; they don't ship outside the US, Canada or UK, so unless you can do shipment there it's sadly not an option.

Can you post PCB pictures and BIOS setup pictures?

I'm getting an odd issue where `System: Access: Users download` doesn't work (Could not connect to the LDAP server. Please check your LDAP configuration.) but `System: Access: Servers / Authentication containers` works and so does `System: Access: Tester`

The server is available and works fine, but it seems the code path for system_usermanager_import_ldap.php isn't using the same settings as the configuration or testing pages?

How does this run on board with Intel BootGuard enabled?

Any interest in reports on doing this on AWS EC2? I have a few self-bootstrapped OPNSense setups there that work fine. I can just snapshot and try the kernel to see how that turns out.

FreeBSD 11.1-RELEASE-p17  bf74bfa8a63(stable/18.7) amd64
OPNsense 18.7.9 068523882
LibreSSL 2.7.4
PHP 7.1.25

Code Select Expand



[04-Jan-2019 02:05:00 UTC] PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20160303/ldap.so' - Shared object "libdl.so.1" not found, required by "libsasl2.so.3" in Unknown on line 0
[04-Jan-2019 03:05:00 UTC] PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20160303/ldap.so' - Shared object "libdl.so.1" not found, required by "libsasl2.so.3" in Unknown on line 0
[04-Jan-2019 04:05:00 UTC] PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20160303/ldap.so' - Shared object "libdl.so.1" not found, required by "libsasl2.so.3" in Unknown on line 0
[04-Jan-2019 05:05:00 UTC] PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20160303/ldap.so' - Shared object "libdl.so.1" not found, required by "libsasl2.so.3" in Unknown on line 0
[04-Jan-2019 06:05:00 UTC] PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20160303/ldap.so' - Shared object "libdl.so.1" not found, required by "libsasl2.so.3" in Unknown on line 0
[04-Jan-2019 07:05:00 UTC] PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20160303/ldap.so' - Shared object "libdl.so.1" not found, required by "libsasl2.so.3" in Unknown on line 0
[04-Jan-2019 08:05:00 UTC] PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20160303/ldap.so' - Shared object "libdl.so.1" not found, required by "libsasl2.so.3" in Unknown on line 0



Is this a missing dependency check somewhere?

I can report the Qotom hardware works very well. We use them a lot in smaller setups where there is no contract-forced requirement for a fully enterprise supported chain of hardware and software; we have had about 3 DOA's per 50 units so far, which is pretty good. Have not had a failure in the field.

So instead of doing the engineering part first, I simply swapped stub for forward: https://github.com/opnsense/core/issues/2550 & https://github.com/opnsense/core/pull/2627

Works a treat in the setups I manage (mostly virtual but a good number of varying physical boxes).

Heb je al gekeken of unbound misschien gewoon crasht of dat dmesg misschien iets laat zien over algemene processen die falen op OS-niveau?

I already posted it as an issue: https://github.com/opnsense/core/issues/2550

But since resources are probably limited and use cases not very broad, I was thinking I might implement this myself. As far as I can see, Unbound is not MVC-integrated yet, so a good first step would be upgrading that so it's MVC based. Next, I could add a switch or toggle to override entries to select between stub-zone and forward-zone (maybe call it "Authorative server" and "Any server" or something like that), and have the config output print forward-zone and stub-zone depending on the selection.

Looking at the build system and sources, it seems that the PHP (and Python if I need to do something in configd) parts are not that hard to update, but rebuilding a whole image is a lot of work (since it's pretty much building the entire ports tree?) I can spin up a FreeBSD vm for development, but it seems rather overkill for something so small. Is this the only way to develop this? And how would one start with this, just convert some pages, or does it have to be the whole module at once?

I was wondering if it would be helpful to create a HCL-type Wiki like OpenWRT/LEDE, coreboot, and one of those hackintosh project pages have. I know it can be a pain to maintain, but with correct versioning and reporting on the staleness/freshness of the entry it would be a very helpful resource. One of the ways this could be filtered might be a Sphinx/GitHub based solution where you need to submit a PR with the data to get it on the page.

Hi, is there an option to add a wider theme to SMF, or perhaps a bootstrapified theme that grows with window size?