Messages

Hi,

the issue you have is over amd64 images you downloaded on the opnsense site? I have issues like this, but on arm64 images I built.

Hi guys,

thanks for the help here. it worked just fine, I can build images and update them with no need to a full reinstall :)

I created some simple and not best written scripts to automate this process as a guide for any new comers.

Its available here: https://github.com/matheusber/opnsense

Thanks again for the help.

Franco, what is the process to add new devices?

Thanks again :)

none

PS: if changing the thread subject would help in people finding this repo building, its fine by me ;)

You need to create a key pair before building the sets:

Code Select Expand


cd /usr/tools/
openssl genrsa -out config/24.7/repo.key 4096
openssl rsa -pubout -in config/24.7/repo.key -out config/24.7/repo.pub
make fingerprint


Save the fingerprint to a file. On the machines which are supposed to use the repository for installing updates and plugins, place this file in /usr/local/etc/pkg/fingerprints/OPNsense/trusted.
You can optionally inject the fingerprint file into the OPNsense package during the build process (see my last comment in the thread you linked to). This is useful if your images are used on many systems because you then don't have to manually copy the fingerprint to each machine.

Cheers
Maurice

Thanks Maurice. Do I need to recompile it all so it is signed? If it all needs to be recompiled, I will use for now the way franco said and next build I will add the fingerprint :)

Thanks you both, again ;)

none

Hello and thanks for you both, Maurice and franco. I kinda created a directory that replicates the files I saw on Maurice's server. That is done, but my opnsense won't use it, complaints about:

pkg: No signature found

and in the end I get the message:

The repository has no fingerprint.

That got me blocked :(

I am now searching the web about how to create the .sig files for the sets and the fingerprint for the server.

I found this thread here: https://forum.opnsense.org/index.php?topic=37702.0, but so far I am yet to solve this:

Code Select Expand

root@rpi5:/usr/tools # make fingerprint
>>> Executing build step fingerprint on 24.7
root@rpi5:/usr/tools #


The thread suggests it would echo on stdout some code to redirect. Here there is no code :(

Thanks for all the help.

none

If you're okay with not building everything from source, you could prefetch the packages set from my aarch64 repo:

# make prefetch-packages SETTINGS=24.7 VERSION=24.7.r2 MIRRORS=https://opnsense-update.walker.earth

Cheers
Maurice

Hi Maurice,

thanks for the help :)

I can use it now, thanks :)

But as my goal is to build image for the Nanopi R5S, I plan on having it all here. Furthermore, can you point me where I can learn on how to set this kind of repository? I have more then one opnsense on arm64 here, and I build things from time to time.

Thanks :)

none

Hi,

I am trying to build opnsense 24.7 for a Nanopi R5S and I need another aarch64 box for it (tried on amd64, always had trouble). So the less packages I have to build, the better.

So I did this:

Code Select Expand

root@R4S_imagem:/usr/tools/config/24.7 # cat ports.conf | grep "^#"
#ORIGIN                                         IGNORE
#emulators/virtualbox-ose-additions-nox11       arm,aarch64
#net-mgmt/zabbix5-agent                         arm
#net-mgmt/zabbix5-proxy                         arm
#net-mgmt/zabbix6-agent                         arm
#net-mgmt/zabbix6-proxy                         arm
#net-mgmt/zabbix64-agent                                arm
#net-mgmt/zabbix64-proxy                                arm
#net-mgmt/zabbix7-agent                         arm
#net-mgmt/zabbix7-proxy                         arm
#net/asterisk18                                 arm
#net/bird2                                      arm
#net/frr8                                       arm
#net/haproxy28                                  arm
#net/ntopng                                     arm
#net/siproxd                                    arm
#opnsense/py-haproxy-cli                                arm
#security/clamav                                        arm
#security/suricata                              arm
#security/tor                                   arm
#sysutils/apcupsd                               arm
#sysutils/munin-node                            arm
#sysutils/nut                                   arm,aarch64
#www/sarg                                       arm


the plugins.conf is also edited:

Code Select Expand


root@R4S_imagem:/usr/tools/config/24.7 # cat plugins.conf | grep "^#"
#ORIGIN                                         IGNORE
#net-mgmt/zabbix-agent@zabbix5                  arm
#net-mgmt/zabbix-agent@zabbix6                  arm
#net-mgmt/zabbix-agent@zabbix64                 arm
#net-mgmt/zabbix-agent@zabbix7                  arm
#net-mgmt/zabbix-proxy@zabbix5                  arm
#net-mgmt/zabbix-proxy@zabbix6                  arm
#net-mgmt/zabbix-proxy@zabbix64                 arm
#net-mgmt/zabbix-proxy@zabbix7                  arm
#net/frr                                                arm
#net/haproxy                                    arm
#net/ntopng                                     arm
#net/realtek-re
#net/siproxd                                    arm
#security/clamav                                        arm
#security/tor                                   arm
#sysutils/apcupsd                               arm
#sysutils/apuled                                        arm
#sysutils/munin-node                            arm
#sysutils/nut                                   arm,aarch64
#sysutils/virtualbox                            arm,aarch64
#sysutils/vmware                                        arm
#sysutils/xen                                   arm,aarch64
#www/web-proxy-sso                              arm


but I keep seeing this kind of error:

Code Select Expand


nstalling zip-3.0_2...
Extracting zip-3.0_2: 100%
Installing py311-duckdb-1.0.0...
`-- Installing py311-pandas-2.0.3_2,1...
|   `-- Installing py311-numpy-1.25.0_7,1...
|   `-- Extracting py311-numpy-1.25.0_7,1: 100%
|   `-- Installing py311-numexpr-2.10.1...
|   `-- Extracting py311-numexpr-2.10.1: 100%
|   `-- Installing py311-bottleneck-1.3.8_1...
|   `-- Extracting py311-bottleneck-1.3.8_1: 100%
|   `-- Installing py311-tzdata-2024.1...
|   `-- Extracting py311-tzdata-2024.1: 100%
|   `-- Installing py311-pytz-2024.1,1...
|   `-- Extracting py311-pytz-2024.1,1: 100%
|   `-- Installing py311-python-dateutil-2.9.0...
|   | `-- Installing py311-six-1.16.0_1...
|   | `-- Extracting py311-six-1.16.0_1: 100%
|   `-- Extracting py311-python-dateutil-2.9.0: 100%
`-- Extracting py311-pandas-2.0.3_2,1: 100%
Extracting py311-duckdb-1.0.0: 100%
=====
Message from py311-pandas-2.0.3_2,1:

--
Install math/py-statsmodels to enable parts of pandas.stats.
Install devel/py-xarray to enable the to_xarray() function.
Installing py311-numpy-1.25.0_7,1...
the most recent version of py311-numpy-1.25.0_7,1 is already installed
Installing py311-pandas-2.0.3_2,1...
the most recent version of py311-pandas-2.0.3_2,1 is already installed
Could not find package: suricata
*** Error code 1

Stop.
make: stopped in /usr/tools/


Can I not build all ports there so it can be faster? How can I do it? :)

Thanks,

none

Hi, thanks for the reply. The first I had it unchecked, but will sure check the latter. Thanks!

Hi,

just installed 23.7 and it is still in the test phase, so the networks are all using private address. I created a rule for web access and ssh from "outside", that is my home network. I am using another notebook on the LAN side of opnsense to test. I disabled the "Block private addresses", but it is still not working.

ssh and https to the gui won't work. And I know its the firewall, if i issue pfctl -d all works. Can is there another thing I must disable for it to work? Even a pass all from any to any won't do it. I am blind here.

thanks,

none

Just for the record, I tried using external monitors through VGA or HDMI. Still no luck :(

Does opnsense is not built with the FreeBSD console options for that? The kernel modules loaded show no green or screensaver modules.

Thanks,

none

Hi,

I am using an old notebook and the screen is on all the time. I am looking on how I can make it turn off after some time. I looked for it on google and could not find any hints on how to do it on opnSense.

Is there how to make it turn off after some time?

I tried changing the console type, no go here :(

thanks,

none

Unfortunately, I don't have any advice to offer but I'd definitely be interested in whatever you find.

I'd also be curious if there was a way to make OPNSense always output video even if there isn't a display detected.  That way I don't have to reboot it if I need to connect a monitor. :)

would closing the lid solve this?

The problem with closing the lid is that some machines are designed so that keeping the lid open helps with cooling.  When you close it that can cause problems.

Closing the lid really would not be my first choice, due to heat. I live in a really warm place. But would easy the pain here, but no go :(

About the always present console, I got few issues using VGA monitors, machines that have HDMI I got some issues like yours.

none

Hi, unfortunately not. The light is still on.

Thanks,

none

Hi,

I am using an old notebook and the screen is on all the time. I am looking on how I can make it turn off after some time. I looked for it on google and could not find any hints on how to do it on opnSense.

Is there how to make it turn off after some time?

I tried changing the console type, no go here :(

thanks,

none

Hi,

is there anyone with the kernel config and any other files for building FreeBSD for NanoPI R5S? Is there for opnsense?

thanks,

If need testing, just say so. As long as I can help, count on me.

Hi all,

I tried to upgrade from 21.7.8 to 22.1. It all looked fine till it said would reboot, yet on the web UI. Unfortunately I was behind the firewall and could not get serial output till late in the boot. What I got from console output was:

Code Select Expand

tunefs: soft updates remains unchanged as enabled
tunefs: file system reloaded
camcontrol: cam_lookup_pass: CAMGETPASSTHRU ioctl failed
cam_lookup_pass: No such file or directory
cam_lookup_pass: either the pass driver isn't in your kernel
cam_lookup_pass: or mmcsd0 doesn't exist
** /dev/ufs/OPNsense
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 182026 free (11058 frags, 21371 blocks, 1.2% fragmentation)
Setting hostuuid: 99672fc4-ed42-11eb-8b1b-000db94722f0.
Setting hostid: 0xb59a3a45.
Configuring vt: keymap blanktime.
ld-elf.so.1: /usr/bin/sed: Undefined symbol "regcomp@FBSD_1.6"
Configuring crash dump device: /dev/null
.ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg /usr/local/lib/compat/pkg /usr/local/lib/ipsec /usr/local/lib/perl5/5.32/mach/CORE
32-bit compatibility ldconfig path:
done.
>>> Invoking early script 'upgrade'
ld-elf.so.1: /usr/bin/sed: Undefined symbol "regcomp@FBSD_1.6"
>>> Invoking early script 'configd'
Starting configd.
>>> Invoking early script 'templates'
Generating configuration: OK
>>> Invoking early script 'backup'
>>> Invoking backup script 'captiveportal'
>>> Invoking backup script 'dhcpleases'
>>> Invoking backup script 'duid'
>>> Invoking backup script 'netflow'
>>> Invoking backup script 'rrd'
>>> Invoking early script 'carp'
CARP event system: OK
Launching the init system...done.
Initializing...........done.
igb0: link state changed to UP
debugnet_any_ifnet_update: Bad dn_init result from igb0 (ifp 0xfffff800038f4800), ignoring.
igb1: link state changed to UP
debugnet_any_ifnet_update: Bad dn_init result from igb1 (ifp 0xfffff80003695800), ignoring.
Starting device manager...done.
Configuring login behaviour...done.
Configuring loopback interface...done.
Configuring kernel modules...done.
Setting up extended sysctls...done.
Setting timezone...done.
Writing firmware setting...done.
Writing trust files...done.
Setting hostname: floyd.apartnet
Generating /etc/hosts...done.
Configuring system logging...done.
Configuring loopback interface...done.
Creating wireless clone interfaces...done.
Configuring VLAN interfaces...done.
Creating OpenVPN instances...done.
Configuring LAN interface...done.
Configuring VLAN_6 interface...done.
Configuring WAN interface...done.
Creating IPsec VTI instances...done.
Generating /etc/resolv.conf...done.
Configuring firewall.....failed.
Configuring OpenSSH...done.
Starting web GUI...done.
Configuring CRON...done.
Setting up routes...done.
Generating /etc/hosts...done.
Starting DHCPv4 service...done.
Starting Unbound DNS...done.
Setting up gateway monitors...done.
Configuring firewall.....failed.
Syncing OpenVPN settings...done.
Starting NTP service...done.
Starting Unbound DNS...done.
Generating RRD graphs...done.
Configuring system logging...done.
>>> Invoking start script 'newwanip'
Reconfiguring IPv4 on igb0: OK
Reconfiguring routes: OK
>>> Invoking start script 'freebsd'
>>> Invoking start script 'syslog-ng'
Stopping syslog_ng.
Waiting for PIDS: 85444.
Starting syslog_ng.
>>> Invoking start script 'carp'
>>> Invoking start script 'cron'
Starting Cron: OK
>>> Invoking start script 'beep'
Root file system: /dev/ufs/OPNsense
Sat Jan 29 19:12:07 -03 2022
ld-elf.so.1: /usr/bin/sed: Undefined symbol "regcomp@FBSD_1.6"

*** floyd.apartnet: (/OpenSSL) ***

LAN (igb1_vlan1) -> v4: 10.1.1.88/24
VLAN_6 (igb1_vlan6) -> v4: 10.1.6.88/24
WAN (igb0)      -> v4/DHCP4: xxxxxxxxxxxx

HTTPS: ld-elf.so.1: /usr/bin/sed: Undefined symbol "regcomp@FBSD_1.6"
ld-elf.so.1: /usr/bin/sed: Undefined symbol "regcomp@FBSD_1.6"
SSH:   ld-elf.so.1: /usr/bin/sed: Undefined symbol "regcomp@FBSD_1.6"
awk: i/o error occurred while closing /dev/stdout
input record number 1, file
source line number 1
SSH:   ld-elf.so.1: /usr/bin/sed: Undefined symbol "regcomp@FBSD_1.6"
awk: i/o error occurred while closing /dev/stdout
input record number 1, file
source line number 1
SSH:   ld-elf.so.1: /usr/bin/sed: Undefined symbol "regcomp@FBSD_1.6"
awk: i/o error occurred while closing /dev/stdout
input record number 1, file
source line number 1

FreeBSD/amd64 (xxx) (ttyu0)

login: root

FreeBSD/amd64 (xxx) (ttyu0)

login: root

FreeBSD/amd64 (xxx) (ttyu0)

login:   

I tried to log in and it keeps asking for login when I try to use root user (as the log shows).
I don't have internet connection through it anymore. I kind saw the box is kinda lost, so I came here to warn about it, so others will know the issue. I will install a fresh 22.1 later, its my home backup router and I have a backup from the config.

Is this known?

On the webUI I get this weird thing:

OPNsense 21.7.8-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021

Despite wan displays the IP for my ISP, it won't work the forwarding service.

att,

none