1
22.1 Production Series / Re: os-ddclient 1.7 - PHP Error
« on: Today at 09:22:27 am »
Actually, 3.10.0_1 and 3.10.0_2 are pre-release versions but we might as well use it.
Cheers,
Franco
Cheers,
Franco
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
22.1 Production Series / Re: os-ddclient 1.7 - PHP Error
« on: Today at 09:19:29 am »
I'll update the port today and it'll be in 22.1.10 then, but I'm unsure if there are any upstream issues with it. We just have to do it to see it. I don't think FreeBSD ports is moving forward at the moment so we might as well update it there too.
Cheers,
Franco
Cheers,
Franco
3
22.1 Production Series / Re: os-ddclient configuration error
« on: Today at 09:18:31 am »
Unfortunately the first fix didn't work as expected although early user reports indicated it would. We've updated the plugin to version 1.7_2 now.
Cheers,
Franco
Cheers,
Franco
4
22.1 Production Series / Re: scattered issues OPNsense version 22.1.9_1 (the very latest)
« on: June 28, 2022, 02:29:31 pm »
> only the IP of the LAN interface is accessed.
> the same goes for SSH access.
You need to specifically allow access on optional interfaces as allow-all is only applied to default LAN interface. Similar things happen with anti-lockout rules... only the first interface will gain anti-lockout behaviour for management reasons.
I'm not sure about your reboot situation.
Maybe for WireGuard it's just a DNS issue (don't set DNS servers in WireGuard config).
Cheers,
Franco
> the same goes for SSH access.
You need to specifically allow access on optional interfaces as allow-all is only applied to default LAN interface. Similar things happen with anti-lockout rules... only the first interface will gain anti-lockout behaviour for management reasons.
I'm not sure about your reboot situation.
Maybe for WireGuard it's just a DNS issue (don't set DNS servers in WireGuard config).
Cheers,
Franco
5
Announcements / Re: OPNsense 22.1.9 released
« on: June 28, 2022, 12:47:12 pm »
A hotfix release was issued as 22.1.9_1:
o system: prefer primary IPv6 in dpinger
o plugins: os-ddclient fix for missing IP property
o plugins: os-nginx fix for obsoleted syntax (contributed by kulikov-a)
o system: prefer primary IPv6 in dpinger
o plugins: os-ddclient fix for missing IP property
o plugins: os-nginx fix for obsoleted syntax (contributed by kulikov-a)
6
General Discussion / Re: How to automount a second zpool ?
« on: June 28, 2022, 12:46:06 pm »
For context, the discussed change was added in 22.1.4:
https://github.com/opnsense/changelog/blob/master/community/22.1/22.1.4#L20
The pool requires one manual import/export if it was not a local pool before.
Cheers,
Franco
https://github.com/opnsense/changelog/blob/master/community/22.1/22.1.4#L20
The pool requires one manual import/export if it was not a local pool before.
Cheers,
Franco
7
22.1 Production Series / Re: Auto ZFS GPT/UEFI Hybrid Install (what settings does it use?)
« on: June 24, 2022, 02:45:46 pm »
That's almost correct. The devil is in the details, however:
For ZFS it doesn't preselect this when booting BIOS:
https://github.com/opnsense/installer/commit/3bd93a6b36ca2
For UFS you can never get UEFI install for BIOS boot:
https://github.com/opnsense/src/commit/c10887be55
And I am relatively sure that UEFI UFS install won't boot BIOS due to incompatible layout or at least that was the case at some point. But covering all this in QA is tedious work so I could be mixing up cases from back in 21.7 / HBSD 12 and things are different now.
Cheers,
Franco
For ZFS it doesn't preselect this when booting BIOS:
https://github.com/opnsense/installer/commit/3bd93a6b36ca2
For UFS you can never get UEFI install for BIOS boot:
https://github.com/opnsense/src/commit/c10887be55
And I am relatively sure that UEFI UFS install won't boot BIOS due to incompatible layout or at least that was the case at some point. But covering all this in QA is tedious work so I could be mixing up cases from back in 21.7 / HBSD 12 and things are different now.
Cheers,
Franco
8
Tutorials and FAQs / Re: Why is port forwarding not easier?
« on: June 24, 2022, 02:37:04 pm »
My good colleague pointed out the help labels are missing (ironically similar to pfSense). We could change that, but again to reiterate it would be best to change all NAT types and firewall rules labels for source /destination options and update the documentation accordingly to avoid future reports about the same thing.
Cheers,
Franco
Cheers,
Franco
9
22.1 Production Series / Re: Auto ZFS GPT/UEFI Hybrid Install (what settings does it use?)
« on: June 24, 2022, 02:34:15 pm »
I wasn't saying that.
Try installing BIOS and booting UEFI afterwards. Doesn't work. Try installing on UEFI and boot BIOS... doesn't work either. That's why we use hybrid approach. It's also better for testing.
Cheers,
Franco
Try installing BIOS and booting UEFI afterwards. Doesn't work. Try installing on UEFI and boot BIOS... doesn't work either. That's why we use hybrid approach. It's also better for testing.
Cheers,
Franco
10
22.1 Production Series / Re: Auto ZFS GPT/UEFI Hybrid Install (what settings does it use?)
« on: June 24, 2022, 01:36:20 pm »
The "other installs" option are exactly the FreeBSD installs so you can avoid the bootstrap.
Except... FreeBSD doesn't install in hybrid mode. UEFI installs only work in UEFI and BIOS only works in BIOS environments. With our installs you can swap discs without these boundaries between hardware.
I know it's just a bonus, but I want to avoid later complaints.
Cheers,
Franco
Except... FreeBSD doesn't install in hybrid mode. UEFI installs only work in UEFI and BIOS only works in BIOS environments. With our installs you can swap discs without these boundaries between hardware.
I know it's just a bonus, but I want to avoid later complaints.
Cheers,
Franco
11
Tutorials and FAQs / Re: Why is port forwarding not easier?
« on: June 24, 2022, 01:33:24 pm »
I would tend to disagree, unless you want to imply the concept of "source" and "destination" in all NAT types and firewall rules is ambiguous. I might agree, but I haven't witnessed a single discussion that brought that particular argument.
You may think this qualifies as a strawman, but I'm simply wondering why nobody brought this up before in clarity after decades of this code existing. It's strange.
Cheers,
Franco
You may think this qualifies as a strawman, but I'm simply wondering why nobody brought this up before in clarity after decades of this code existing. It's strange.
Cheers,
Franco
12
22.1 Production Series / Re: zabbix_agentd fails on boot if listening interface is vpn, manual start works
« on: June 24, 2022, 01:05:55 pm »
Once people asked why boot delays exist with multiple OpenVPN interfaces. Now that boot is asynchronous people see that there is a race condition with VPN availability and service startup. I'm unsure how to bring everyone together on this.
Cheers,
Franco
Cheers,
Franco
13
22.1 Production Series / Re: Auto ZFS GPT/UEFI Hybrid Install (what settings does it use?)
« on: June 24, 2022, 01:01:35 pm »
Hmm, the swap dialog was hidden because it was decided to make auto-install as snappy as possible. seeing zfs being squeezed into tiny systems we might as well make the swap dialog get in the way of every zfs install, likely to the disadvantage of people avoiding the swap partition altogether.
While a swap file can be used, a swap file cannot hold a crash dump. This is what matters...
Cheers,
Franco
While a swap file can be used, a swap file cannot hold a crash dump. This is what matters...
Cheers,
Franco
14
Tutorials and FAQs / Re: Why is port forwarding not easier?
« on: June 24, 2022, 11:16:37 am »
It's rather simple really. Destination is the address of the packet in the destination address field at the time of the rule evaluation. This is basic matching on IP header information. Not magic.
I understand the motivation to make it simple, but without basic networking knowledge port forwarding makes no sense whatsoever.
Cheers,
Franco
I understand the motivation to make it simple, but without basic networking knowledge port forwarding makes no sense whatsoever.
Cheers,
Franco
15
22.1 Production Series / Re: [CALL FOR TESTING] FreeBSD 13.1 / 22.7 operating system preview
« on: June 24, 2022, 10:36:40 am »
If you don't have issues with 22.7.b keep it. If there are issues 22.1.9 is recommended.
I've also updated the 22.7.b to a newer version which matches the fixes included in 22.1.9. In that care a reinstall of the beta is recommened.
# opnsense-update -bkfzr 22.7.b
(note the additional -f to force a reinstall)
Cheers,
Franco
I've also updated the 22.7.b to a newer version which matches the fixes included in 22.1.9. In that care a reinstall of the beta is recommened.
# opnsense-update -bkfzr 22.7.b
(note the additional -f to force a reinstall)
Cheers,
Franco