Messages

It's pretty interesting. I'll try to delete it when I see embedded links, but they mostly stick random stuff on here or repost old forum messages and only go back later and add links everywhere they already posted.


Cheers,
Franco

You both have been arguing with a bot :)

>  I try to see the legacy and direction of the project, but I don't always succeed, of course.

That's fair. I don't try to preach if I can and instead get to the technical side quickly, because ideas and actual patches can often differ in scope and complexity and person who has to carry it out.

Some discussions tend to sway to the wall-of-text postings, which usually means someone else should do the work. I'm not judging, but also blunt enough to say it's not going to be me either.


Cheers,
Franco

>  but I think one of the important pieces here is that OPNsense in a lot of places asks the user to manually enter data when OPNsense already knows the answer:

I don't agree and the past discussions are all over the forum and GitHub to read through. I don't enjoy starting at the "but what if we just did it this way". This is not how projects work when they span multiple decades in total.


Cheers,
Franco

There's a fix in 25.7.8 when the rule ID is zero where it doesn't render the redirect properly. Almost all automatic rules have a configuration setting that triggers them. If you find one that has not let me know.


Cheers,
Franco

/var MFS was a very volatile idea for what /var/log was supposed to do. The NetFlow dump in /var/netflow is a historic artifact that predates the removal of /var MFS, but so far it hasn't come up as far as I can remember.


Cheers,
Franco

ZFS can be a bit annoying in this regard writing metadata for no apparent reason all the time even when the disk content is not (significantly) changing.

You can tweak the tunable 'vfs.zfs.txg.timeout' to your liking by increasing it at the expense of losing more data during an outage.


Cheers,
Franco

That makes sense then. Happy to see this progress.  :)

We could indeed annotate the mirrors with the architectures, but keep in mind when we would add an architecture then these mirrors are invalid until declared otherwise in a release. Perhaps a minor thing, but it indicates manual maintenance which may not be worth the effort.


Cheers,
Franco

Thanks, this works nicely. Now I can get the fingerprints back if I install a development version from our repo. This is still not optimal but it helps and I'll keep pondering about it. I also pushed the man page update for the opnsense-bootstrap change.

FWIW, I don't think you strictly need to change opnsense.xml as your inject the correct mirror into the configuration as it seems. But I was wondering where it reads the default from anyway which is the OPNsense.conf file so I think you don't even need to do that and "(default)" should just work.

Maybe we can hide the other repositories for aarch64 on opnsense.xml but I'm not sure yet.


Cheers,
Franco

Basically what people are asking for is a setup wizard. We'll be extending the existing wizard with a few use-case type presets in 26.1 but nothing that resembles a non-first-time setup yet.

If this is viable then we can talk about extending this idea based on the new wizard structure, but you still need all the old pages if you ever want to go back and edit a specific parameter.


Cheers,
Franco

I think so too. Since WAN is still dynamic in your case you may not get the IPv6 properly from the ISP which causes this instability intermittently.


Cheers,
Franco

Correct, opnsense-bootstrap only works on amd64. I thought about adapting it for aarch64 before, but that's currently very low priority.

So, yes, here is what I think is needed from our end:

https://github.com/opnsense/update/commit/b637c8b819

However, I've not pushed it to master yet because when I use

# opnsense-bootstrap -br 25.7 -A maurice-w -R opnsense-core

There's nothing to bootstrap against: no stable branch, no CORE_PACKAGESITE, no fingerprints.

I thought about other means to handle this but to me this is the most convenient and integrated.


Cheers,
Franco

Looks like the fix was already made but it's only scheduled for 25.7.8 now:

# opnsense-patch https://github.com/opnsense/core/commit/1a3744fc606


Cheers,
Franco

Are you using LAN tracking WAN via DHCPv6? Maybe there is an instability in your uplink.

I wouldn't suspect core changes at a first glance either, but maybe a newer Kea version could also be the culprit?

community/25.7/25.7.4:o ports: kea 3.0.1
community/25.7/25.7.7:o ports: kea 3.0.2

You can try the older Kea version from the 25.7 release:

# opnsense-revert -r 25.7.3 kea

or

# opnsense-revert -r 25.7.4 kea

or the latest

# opnsense-revert -r 25.7.7 kea



Cheers,
Franco

Well slower than not breaking it but the grid loading improvement in 25.7.7 was necessary and nicely speeds up all pages. Some pages differ in behaviour and cause these side effects during page loading.


Cheers,
Franco