Messages

Zuerst würde ich die CAs und Certs importieren, erst dann die CRL

Ja so war mein Plan.
Dann werde ich mal eine .xml bauen und schauen was passiert.

Hallo,

hat schon mal jemand versucht eine aktuelle pfSense (2.5.1) auf die OPNSense (21.4) zu migrieren?
Ich denke das Backup von der pfSense kann auf keinen Fall 1:1 importiert werden (hab es aber auch nicht probiert).

Im Prinzip würde ich nicht viel importieren sondern lieber von Hand übernehmen, allerdings brauche ich auf jeden Fall die CAs, Certs und die CRL's. Ich kann zwar die CRL von der pfSense exportieren und direkt in der OPNSense importieren, allerdings kann ich diese dann nicht erweitern und sehe nicht welche Zertifikate da enthalten sind... (oder habe ich was übersehen?),

Vermutlich würde ich eine OPNSense Grundkonfiguration vornehmen und dann die Zertifikate in das XML bauen und wieder importieren?

In jedem Fall, OPNSense ist ein super spannendes Projekt!

Hi,

Business version will build from the Community version as far I understood.
Community version will receive anyway security relevant hotfixes and patches?

We are new to OPNSense and I guess we like to start with the Community version and move later to the Business version if possible.

If my question is already answered somewhere please point me to this link.

Thanks.

It so cool to donate how much I want and so often I want.
First 25 Euro on the way  ;)

Yes works.

My OPNSense test setup was behind a pfSense and not all necessary ports was open (tcpdump show the issue).
OPNSense is really interesting!

@ franco,

thank you for the help, my donation is on the way.

Ich hänge mich mal hier an, kann man bei der OPNSense ein VLAN 7 in der PPPoE Einstellung mitgeben oder muss man ganz normal ein VLAN 7 auf dem Interface anlegen und das Interfave_VLAN_7 für PPPoE verwenden?

Yes looks good, the default answer to that question is "N"(o) :D

...yes   ;D

Code Select Expand

OPNsense 20.7.8-amd64
FreeBSD 12.1-RELEASE-p12-HBSD
OpenSSL 1.1.1i 8 Dec 2020

Edit:
Update over GUI/Terminal still show the same error, maybe snort in front of OPNsense block something (even if i don't see an alert...).

Look like it works  :)

Code Select Expand

Proceed with this action? [y/N]: y

Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating database digests format: .......... done
New version of pkg detected; it needs to be installed first.
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
pkg: 1.12.0_1 -> 1.15.10_2

Number of packages to be upgraded: 1

4 MiB to be downloaded.
[1/1] Fetching pkg-1.15.10_2.txz: .......... done
Checking integrity... done (0 conflicting)
[1/1] Upgrading pkg from 1.12.0_1 to 1.15.10_2...
[1/1] Extracting pkg-1.15.10_2: .......... done
pkg-static: Failed to execute lua script: [string "args = {}..."]:11: attempt to call a nil value (field 'stat')
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (103 candidates): .......... done
Processing candidates (103 candidates): ....... done
The following 77 package(s) will be affected (of 0 checked):

Hi Franco,

thanks for reply.

fetch -v URL works as expected, test file is downloaded:

Code Select Expand

root@OPNsense:/tmp # fetch -v https://mirror.dns-root.de/opnsense/releases/20.7/OPNsense-20.7-OpenSSL-nano-amd64.img.bz2
resolving server address: mirror.dns-root.de:443
SSL options: 82004854
Peer verification enabled
Using CA cert file: /usr/local/etc/ssl/cert.pem
Verify hostname
TLSv1.3 connection established using TLS_AES_256_GCM_SHA384
Certificate subject: /C=US/ST=CA/L=San Francisco/O=Cloudflare, Inc./CN=sni.cloudflaressl.com
Certificate issuer: /C=US/O=Cloudflare, Inc./CN=Cloudflare Inc ECC CA-3
requesting https://mirror.dns-root.de/opnsense/releases/20.7/OPNsense-20.7-OpenSSL-nano-amd64.img.bz2
remote size / mtime: 443121899 / 1596067234
OPNsense-20.7-OpenSSL-nano-amd64.img.bz2               422 MB 8726 kBps    49s
root@OPNsense:/tmp #

But update do not work:

Code Select Expand

Enter an option: 12

Fetching change log information, please wait... fetch: transfer timed out
fetch: /tmp/changelog/changelog.txz.sig appears to be truncated: 0/1332 bytes

This will automatically fetch all available updates, apply them,
and reboot if necessary.

This update requires a reboot.

Proceed with this action? [y/N]:

*** OPNsense.localdomain: OPNsense 20.7 (amd64/OpenSSL) ***

Oh, maybe only the changelog is the problem, try it with "Proceed with this action? [y/N]:y"...

Hi,

I'm new on OPNsense and install it into a VM.

For some reason the system can not load the updates:

Code Select Expand

Fetching change log information, please wait... fetch: transfer timed out
Found this topic [1] and verify prefer IPv4 over IPv6 is set.

Ping on terminal to opnsense.org is ok, so internet connection working.
Any idea?

[1] https://forum.opnsense.org/index.php?topic=6097.0

Edit: Download a image with curl on the OPNsense terminal work also, but has a delay of 8-9 seconds.
Look like there is a problem on the DNS, maybe the timeout of the updater is to short?