Messages

1

Tutorials and FAQs / Re: Build OPNsense on on aarch64

« on: October 01, 2024, 07:08:40 am »

Hi Maurice,

I am building 24.7.x, cross-building on an AMD54 machine running FreeBSD 14-1.

Background
I have successfully build OPNsense for aarch64 on a Amazon Cloud graviton (aarch64) machine without any issues.

As I have access to a number of idle AMD64 vm's in our data center, I decided to cross-build OPNsense on one of these machines.

I think the issue is with the cross-building of OPNsense on an AMD64 machine.

Build System
I started again with a clean AMD64 vm running FreeBSD and followed the recipe in opnsense/tools.

I cloned the repository into /opnsense

I then edited the MakeFile in opnsense/tools:

Code: [Select]

ROOTDIR = /opnsense
DEVICE = R4S
ARCH = aarch64
DEBUG = -g

followed by

Code: [Select]

env ROOTDIR=/tmp/opnsense make update

I then checked two ports to confirm versions by comparing the version info in the MakeFiles of the two ports. I checked the version I have in my local cloned ports tree

Code: [Select]

/opnsense/ports/databases/py-duckdb
/opnsense/ports/sysutils/beats8

against the version in the MakeFile in opnsense/ports repository on Github

Code: [Select]

ports/databases/py-duckdb
ports/sysutils/beats8

The versions were the same.

for example, from the py-duckdb MakeFile:

Code: [Select]

PORTNAME= duckdb
DISTVERSIONPREFIX= v
DISTVERSION= 1.1.1


I started the build process:

Code: [Select]

ev ROOTDIR=/opnsense make base       (success)
ev ROOTDIR=/opnsense make kernel.    (success)
ev ROOTDIR=/opnsense make tools.      (success)
ev ROOTDIR=/opnsense make ports.     (failed)


>>> Creating package mirror set for 24.7.5_33-aarch64... done
-rw-r--r--  1 root wheel  374M Oct  1 03:15 packages-24.7.5_33-aarch64.tar
>>> ERROR: The build encountered fatal issues!
>>> Aborted version 1.1.1 for databases/py-duckdb@py311 (py311-duckdb)
>>> Aborted version 2.1.5_9 for dns/dnscrypt-proxy2 (dnscrypt-proxy2)
>>> Aborted version 3.18.0 for dns/py-dns-lexicon@py311 (py311-dns-lexicon)
>>> Aborted version 2.6.1,1 for dns/py-dnspython@py311 (py311-dnspython)
>>> Aborted version 29.4,3 for editors/emacs@nox (emacs-nox)
>>> Aborted version 12.4.0,2 for emulators/open-vm-tools-nox11 (open-vm-tools-nox11)
>>> Aborted version 3.1.6,1 for lang/ruby31 (ruby)
>>> Aborted version 5.12.0_17 for net-mgmt/collectd5 (collectd5)
>>> Aborted version 1.7.0_1 for net-mgmt/py-opn-cli (py311-opn-cli)
>>> Aborted version 1.32.0 for net-mgmt/telegraf (telegraf)
>>> Aborted version 4.6 for net/chrony (chrony)
>>> Aborted version 24.1.4_1 for net/cloud-init@py311 (py311-cloud-init)
>>> Aborted version 6.2.d20240813,1 for net/ntopng (ntopng)
>>> Aborted version 1100.00_1 for net/realtek-re-kmod (realtek-re-kmod)
>>> Aborted version 2.4.10_1 for print/cups (cups)
>>> Aborted version 1.4.1_2,1 for security/clamav (clamav)
>>> Aborted version 1.6.3_1 for security/crowdsec (crowdsec)
>>> Aborted version 2.4.5_1 for security/gnupg (gnupg)
>>> Aborted version 7.0.6_2 for security/suricata (suricata)
>>> Aborted version 1.8.17_1 for security/xray-core (xray-core)
>>> Aborted version 8.5.0_1 for sysutils/ansible@py311 (py311-ansible)
>>> Aborted version 8.14.3_1 for sysutils/beats8 (beats8)
>>> Aborted version 1.12a_1 for sysutils/cciss_vol_status (cciss_vol_status)
>>> Aborted version 1.8.2 for sysutils/node_exporter (node_exporter)
>>> Aborted version 7.32.1 for sysutils/puppet7 (puppet7)
>>> Aborted version 2.20.37_1 for textproc/minify (minify)
>>> Aborted version 0.5.7 for www/c-icap-modules (c-icap-modules)
>>> Aborted version 2.8.4.3.0.4.2.3_4 for www/caddy-custom (caddy-custom)
>>> Aborted version 1.0.0_10 for www/icapeg (icapeg)
*** Error code 1


Any ideas?

2

Tutorials and FAQs / Build OPNsense on on aarch64

« on: September 25, 2024, 04:54:33 pm »

I have a FreebSD (amd64) cross-build system for building OPNsense for aarch64.

the OPNsense/tools repository is installed on in

Code: [Select]

/tmp/opnsense

on my machine keep it separate from the main package repositories.

I am following the process in OPNsense/tools, but encountered a few problem with the version number of certain packages.

For example, when I build the ports collection, it fails with these type of error messages:

Code: [Select]



>>> ERROR: The build encountered fatal issues!
>>> Aborted version 1.1.0 for databases/py-duckdb@py311 (py311-duckdb)

>>> Aborted version 2.1.5_9 for dns/dnscrypt-proxy2 (dnscrypt-proxy2)
>>> Aborted version 3.18.0 for dns/py-dns-lexicon@py311 (py311-dns-lexicon)
>>> Aborted version 2.6.1,1 for dns/py-dnspython@py311 (py311-dnspython)

>>> Aborted version 29.4,3 for editors/emacs@nox (emacs-nox)
>>> Aborted version 12.4.0,2 for emulators/open-vm-tools-nox11 (open-vm-tools-nox11)
>>> Aborted version 3.1.6,1 for lang/ruby31 (ruby)

>>> Aborted version 5.12.0_17 for net-mgmt/collectd5 (collectd5)
>>> Aborted version 1.7.0_1 for net-mgmt/py-opn-cli (py311-opn-cli)
>>> Aborted version 1.32.0 for net-mgmt/telegraf (telegraf)

>>> Aborted version 4.6 for net/chrony (chrony)
>>> Aborted version 24.1.4_1 for net/cloud-init@py311 (py311-cloud-init)
>>> Aborted version 1100.00_1 for net/realtek-re-kmod (realtek-re-kmod)

>>> Aborted version 2.4.10_1 for print/cups (cups)

>>> Aborted version 1.4.1_2,1 for security/clamav (clamav)
>>> Aborted version 1.6.3_1 for security/crowdsec (crowdsec)
>>> Aborted version 2.4.5_1 for security/gnupg (gnupg)
>>> Aborted version 7.0.6_2 for security/suricata (suricata)
>>> Aborted version 1.8.17_1 for security/xray-core (xray-core)

>>> Aborted version 8.5.0_1 for sysutils/ansible@py311 (py311-ansible)
>>> Aborted version 8.14.3_1 for sysutils/beats8 (beats8)
>>> Aborted version 1.12a_1 for sysutils/cciss_vol_status (cciss_vol_status)
>>> Aborted version 1.8.2 for sysutils/node_exporter (node_exporter)
>>> Aborted version 7.32.1 for sysutils/puppet7 (puppet7)

>>> Aborted version 2.20.37_1 for textproc/minify (minify)

>>> Aborted version 0.5.7 for www/c-icap-modules (c-icap-modules)
>>> Aborted version 2.8.4.3.0.4.2.3_4 for www/caddy-custom (caddy-custom)
>>> Aborted version 1.0.0_10 for www/icapeg (icapeg)


I checked the version numbers against the aarch64 repository of Maurice (OPNsense aarch64 firmware repository) and it looks like it is mostly updated packages that caused the failures.

for example,

py311-duckdb (1.1.0) fails while py311-duckdb (1.0.0) looks like it is ok

How do I fix this version problem in the build system (I am not a FreeBSD expert)

Either I need to get the build system to accept the latest version or I need to revert (downgrade) the packages to the previous versions.

Any help will be appreciated.

3

24.1 Legacy Series / Re: 24.1.2 Wireguard does not work after updating

« on: February 20, 2024, 10:56:23 pm »

Not problems with 24.1.2 updates

I updated 4 systems to 24.1.2, all with WireGuard site-to-site links between the systems.

Updates when smoothly and WireGuard connected without any problems

Johan

4

24.1 Legacy Series / aarch64 (ARM) plugin repositories

« on: February 10, 2024, 11:34:01 am »

I have managed to build the latest OPNsense 24.1.1 for my NanoPi R4S on a vm at aws with a Graviton CPU, by following the make steps given in opnsense/tools

I ended up with the following files in ../images:

Code: [Select]

OPNsense-202402091824-arm-aarch64-R4S.img
Using dd, I can copy this image to a SD card and it works fine in my R4S.

../sets:

Code: [Select]

packages-24.1_101-aarch64.tar
base-24.1_3-aarch64-R4S.txz
kernel-dbg-24.1_3-aarch64-R4S.txz

What is not clear to me, is how do I set up a web server as a repository for the images and plugins to allow the installation of updates and plugins from the menu in OPNsense GUI?

Are there any documents / tutorials /guides on how to create and configure a web server as a repository?

Thanks

5

23.1 Legacy Series / Virtual IPs for CARP Setup

« on: February 15, 2023, 09:06:35 pm »

I am setting up new OPNsense firewalls (23.1.6)

For the CARP setup, I have to define a number of IP Alias settings under Interfaces / Virtual IPs / Settings:

Problem 1:
In the screen for defining an IP Alias, there is no Description field.

Is this a design decision or a bug?

Can we have the Description field back again?

For a CARP ip, the Description field is shown when a CARP ip is defined


Problem 2

In the Summary screen, Interfaces / Virtual IPs / Settings, sorting on the Address column does not work

6

Hardware and Performance / Re: [Work In Progress] OPNsense Ported into ARM Devices

« on: February 20, 2022, 11:02:26 am »

Hi,

Which image did you use?

Would you mind sharing?

7

21.1 Legacy Series / Re: how to limit stepson's usage of internet? new to opsense.

« on: June 09, 2021, 07:12:25 pm »

Don't current iOS mobile devices randomize MAC addresses to prevent tracking?  It can be disabled by the user for home networks, but then can also be re-enabled by the user.  No idea about android...guessing same.

That is true, but it can be switched off per network in the iOS device.

Go with the suggestion above: Deny unknown clients.  If he does not switch the random MAC address feature off, he will never get an IP address assigned, even during allowed time slots.


 

8

20.1 Legacy Series / Re: HA Sync Issue

« on: July 13, 2020, 10:00:49 pm »

Thanks

9

20.1 Legacy Series / Re: HA Sync Issue

« on: July 11, 2020, 08:37:19 am »

Just to clarify "this behaviour"

If you want the behaviour where the unit (all interfaces) fall over when one interface fail, as asked for by the OP, should you have the option "Disable Preemption" ticked or unticked?

10

20.1 Legacy Series / Re: WebRTC failures

« on: April 09, 2020, 11:34:09 am »

I am running jitsi (based on webRTC) on a VM behind an OPNsense (20.1.3) firewall and it works 100%

I configured the VM with One-to-One NAT on a dedicated public IP address

Ports TCP/443 and UDP/10000 are open in the firewall WAN interface

11

20.1 Legacy Series / Re: Unbound DNS

« on: April 09, 2020, 11:28:06 am »

Thanks for help, it is working now.

Not exactly sure what fixed the issue

12

20.1 Legacy Series / Re: Unbound DNS

« on: April 05, 2020, 09:48:58 am »

Hi,

I also specified an internal LAN address on the other network for the domain overrides

Can you elaborate on the fw rule(s) that you have for DNS traffic between the networks please?

At the moment, I allow all traffic on the two IPsec interfaces. I can ping and access the opnsense gui unit from the other network using the internal LAN addresses, so I think traffic is being passed through.

The one network also has a number of VLAN's with the Unbound server listening on all interfaces.

The one network has a dual HA cluster, but I don't think that is the cause of the problem.

Any further advice will be appreciated

13

20.1 Legacy Series / Re: Unbound DNS

« on: April 04, 2020, 06:47:39 pm »

More information...

I can ping the other network from both sides, so there is not an access problem between the opnsense units

14

20.1 Legacy Series / Re: Unbound DNS

« on: April 04, 2020, 06:45:46 pm »

I have already done that and created an access list entry for both Unbound servers to allow queries from the other network, but it still cant resolve the other network

15

20.1 Legacy Series / Unbound DNS

« on: April 04, 2020, 05:33:40 pm »

I have two separate LAN networks, each behind an OPNsense firewall with two private domains:

aaa and bbb

The two networks are link via a site-to-site VPN;

On each network, Unbound is configured as the local DNS server to to resolve local host names of the format:
 
host1.aaa and host2.aaa for the one network and host3.bbb and host4.bbb for the other network.

How do I configure the Unbound DNS server on the aaa domain to forward queries for hosts on the bbb domain to the Unbound server on the bbb domain?