Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - franco

Pages: [1] 2 3 ... 518

19.1 Development Series / Re: update packages breaks opnsense

« on: Today at 07:19:50 am »

Hi there,

I just did an upgrade test on 19.1-BETA and the system came back up, OpenSSL and LibreSSL alike.

I simply want to state the facts that go with the harmlessness in updating 19.1-BETA under the conditions that:

1. The base and kernel are not unlocked or forcefully downgraded.
2. No ports are being built.

It's mentioned again here because in another thread you talked about getdns not being able to build anymore and I can see two things that are potentially devastating:

Running custom-built software, even from the provided ports tree. As well as building them on 19.1-BETA which has a different base and kernel layout and causes shared libraries to shift and break our current 18.7 binary packages on updates.

I'm not sure what happened here and I need to know the steps to reproduce to be able to inspect it.

That being said additional BETA risk for custom-built software goes away when 19.1-RC is out. But while it generally works, we cannot guarantee risk-free manipulation of our system that goes beyond the limitations that we have and have set.

Cheers,
Franco

18.7 Production Series / Re: Unbound ipv6

« on: December 16, 2018, 08:11:26 pm »

do-ip6 was hardcoded to yes for a long time. 18.7.9 changed that slightly, but it should improve things, not worsen them as then it follows your system configuration more closely.

The other forum thread was solved a while back...

Cheers,
Franco

19.1 Development Series / Re: update packages breaks opnsense

« on: December 16, 2018, 08:07:34 pm »

Hi,

Unless ports are built from a local /usr/ports tree this shouldn't happen.

What are the steps to reproduce?

Cheers,
Franco

Documentation and Translation / Re: cron log

« on: December 16, 2018, 08:06:15 pm »

We do not have a cron log. For all the activities the log locations are System or Backend log.

Cheers,
Franco

German - Deutsch / Re: IPv6 mit OPN hinter SPH

« on: December 16, 2018, 08:03:53 pm »

> Und was soll denn "nicht reichen" heißen

Der Router gibt ein /64 für das Heimnetzwerk. Es ist das einzige Netzwerk das man hier haben kann. Hinter dem Router muss dann alles gebridged sein.

Kommt OPNsense hinter den Router bekommt das OPNsense WAN den /64, aber man kann es nicht weitergeben ins LAN über Routing, weil mit /64 hinter dem WAN nichts mehr sein darf, weil es generell keine Möglichkeit gibt ein kleineres Netz als /64 zu delegieren auch wenn das theoretisch ginge und sowieso zu viele Adressen sind.

Grüsse
Franco

General Discussion / Re: tapatalk forum

« on: December 14, 2018, 12:56:07 pm »

Have you tried it yet?

18.7 Production Series / Re: not boot after update to 18.7.9

« on: December 14, 2018, 12:51:12 pm »

Since 18.7.9 you can do a health check of your base system using:

# mtree -e -p / < /usr/local/opnsense/version/base.mtree

But it will only tell you several files were damaged and to repair it you need to manually configure a network to be able to reinstall it:

# opnsense-update -fb

But that only works if the base system has not been damaged beyond repair.

Cheers,
Franco

18.7 Production Series / Re: Nginx Plugin :: Log Viewer

« on: December 14, 2018, 12:47:22 pm »

Seems to read a huge log file all at once. PHP says no.

Cheers,
Franco

18.7 Production Series / Re: Wireguard duplicate Firewall Rule after update

« on: December 14, 2018, 12:46:00 pm »

WireGuard group is correct, it is the same as IPsec and OpenVPN.

The wg0 is from manual interface assignment on your part. Both work interchangeably, but the group is for all devices, the individual devices are .... individual.

Cheers,
Franco

German - Deutsch / Re: IPv6 mit OPN hinter SPH

« on: December 14, 2018, 12:20:39 am »

Es kommt auf den ISP an ob er mehr als /64 freigeben möchte. /64 reicht für ein LAN, aber nicht für einen zusätzlichen Router dazwischen. Wie gesagt: der ISP muss es erlauben. Fragen kostet nichts.

Grüsse
Franco

18.7 Production Series / Re: Wireguard duplicate Firewall Rule after update

« on: December 14, 2018, 12:05:36 am »

https://twitter.com/opnsense/status/1073199933866602496

18.7 Production Series / Re: Traverse Viking ADSL2+ PCI Modem

« on: December 13, 2018, 04:08:58 pm »

It looks like the Realtek vendor driver does not support some older cards that they simply expect to be EoL.

You'd have to take the whole sys/dev/re directly and use the one from FreeBSD 11.1 and build a full kernel and replace it on your box. I'm not sure it's worth doing this over and over, but you can lock the kernel and only deal with this once on major updates every 6 months.

Sorry,
Franco

Hardware and Performance / Re: unable to boot i386 image from usb flashdrive

« on: December 13, 2018, 04:04:08 pm »

It's one of the older Soekris Net boxes that supposedly have 64 bit support but don't work in GENERIC FreeBSD amd64.

I'm aware it matters that much if it's a "real" i386 or not. Are we talking about "real older" or "real newer" devices?

Cheers,
Franco

German - Deutsch / Re: Überlegungen eines Wechsels von pfsense

« on: December 13, 2018, 03:58:27 pm »

Sagen wir einfach man kann nach wie vor beides frei nutzen.

German - Deutsch / Re: LAN fehlender Gateway

« on: December 13, 2018, 03:54:33 pm »

These: Es wird nichts unter System: Gateways: Single stehen. Vermutlich weil es ein Static WAN ohne Gateway ist oder es gar kein WAN gibt. In dem Fall ergibt es keinen Sinn in DHCP die lokale LAN IP als Router anzupreisen.

Für das Debugging ist es hier ganz interessant zu fragen: kann man ein Update machen, oder ist von der OPNsense kein Internet erreichbar?

Grüsse
Franco

Pages: [1] 2 3 ... 518