Topics

Hi,

I am trying to build ARM64 images for opnsense and now I have to add manually two files after I dd the image to the microSD.

I found a small guide for git on this post, but the images won't have the same files I commit using this commands.

I use the following line to build:

make -C /usr/tools/ VERSION=$TAG_SRC DEVICE=$DEVICE base

Where TAG_SRC on the last build has the value of 25.1.4.

I did:

Code Select Expand

git tag -f -m "message" 25.1.4

and then on the /usr/core (where my commited files are) I run:

Code Select Expand

git checkout 25.1.4

and there my files are what I expect them to be.

My knowledge of git is not much, if anyone has any hints here :)

I want to include my fingerprint for the packages and a new /usr/local/etc/rc script for ARM64 gpart resizing.

Thanks in advance :)

none

Hi,

I build images using the line:

Code Select Expand

make -C /usr/tools/ VERSION=25.1.4 DEVICE=R4S arm-8G

and then I get my 8GB image ready for dd'ing. It works but the disk is not resized.

I have 32GB and 64GB microSD in use and it keeps the 8GB partition size.

My research took me to the need for the .probe.for.growfs file on /, and the opnsense scripts do create it as is written in extras.conf. The extras.conf I use (https://github.com/matheusber/opnsense/blob/main/arm64-opnsense-build/opnsense-confs/extras.conf) just add the lines to load if_re from Realtek kmod version 1.98 from ports, that I build here.

The disk layout is what opnsense scripts creates. Have anyone delt with this?

Would really help create 1GB image files that would expand to the microSD size after. Will help too much here in storage space and other people to download.

Thanks,

none

Hi,

I have a working run0 interface configured as AP. I can connect to it, but it always has no WPA security.

I checked all options for WPA, using AES and defined a pre-shared key. But the network created is always an open one, asks for no key at all.

Is there the desired behavior? I checked all twice, all is left is installing any plugin needed (if any) or to understand it won't work. I tried using different WIFI nics, all the same.

If anyone can help me, thanks :)

none

Hi,

trying to build 25.1-BETA and I noticed that the plugins github  repository is the only one without 25.1.b TAG.

Should I use master instead? Will be a matching TAG for it?

Thanks,

none

Hi,

I am trying to build 24.7.4 for arm here and this port kind of is not letting me do that. I installed a fresh 14.1 for it on rpi5, and I got this error:

Code Select Expand

===>   urwfonts-1.0_8 depends on executable: fc-cache - found
===>   Returning to build of urwfonts-1.0_8
===>   urwfonts-1.0_8 depends on executable: mkfontscale - not found
[20240920043050] ===> License MIT accepted by the user
===>   mkfontscale-1.2.3 depends on file: /usr/local/sbin/pkg - found
[20240920043050] => mkfontscale-1.2.3.tar.xz doesn't seem to exist in /usr/ports/distfiles/xorg/app.
[20240920043050] => Attempting to fetch https://xorg.freedesktop.org/releases/individual/app/mkfontscale-1.2.3.tar.xz
mkfontscale-1.2.3.tar.xz                               142 kB  306 kBps    01s
[20240920043052] ===> Fetching all distfiles required by mkfontscale-1.2.3 for building
[20240920043052] ===> Extracting for mkfontscale-1.2.3
[20240920043052] => SHA256 Checksum OK for xorg/app/mkfontscale-1.2.3.tar.xz.
[20240920043052] ===> Patching for mkfontscale-1.2.3
===>   mkfontscale-1.2.3 depends on package: pkgconf>=1.3.0_1 - not found
===>   Installing existing package /.pkg-cache/All/pkgconf-2.3.0,1.pkg
Installing pkgconf-2.3.0,1...
Extracting pkgconf-2.3.0,1: 100%
===>   mkfontscale-1.2.3 depends on package: pkgconf>=1.3.0_1 - found
===>   Returning to build of mkfontscale-1.2.3
===>   mkfontscale-1.2.3 depends on package: xorgproto>=0 - not found
===>   mkfontscale-1.2.3 depends on package: xorgproto>=0 - not found
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/x11-fonts/mkfontscale
*** Error code 1

Stop.
make: stopped in /usr/ports/x11-fonts/urwfonts
[20240920043054] ===> Cleaning for mkfontscale-1.2.3
[20240920043054] ===> Cleaning for xorgproto-2024.1
[20240920043054] ===> Cleaning for xorg-macros-1.19.3
[20240920043055] ===> Cleaning for urwfonts-1.0_8
pdating database digests format: 100%
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 7 packages:

Installed packages to be REMOVED:
        brotli: 1.1.0,1
        expat: 2.6.2
        fontconfig: 2.15.0_3,1
        freetype2: 2.13.2
        pkg: 1.19.2_1
        pkgconf: 2.3.0,1
        png: 1.6.43

Number of packages to be removed: 7

The operation will free 21 MiB.
[1/7] Deinstalling fontconfig-2.15.0_3,1...
[1/7] Deleting files for fontconfig-2.15.0_3,1: 100%
[2/7] Deinstalling freetype2-2.13.2...
[2/7] Deleting files for freetype2-2.13.2: 100%
[3/7] Deinstalling pkg-1.19.2_1...
[3/7] Deleting files for pkg-1.19.2_1: 100%
[4/7] Deinstalling png-1.6.43...
[4/7] Deleting files for png-1.6.43: 100%
[5/7] Deinstalling brotli-1.1.0,1...
[5/7] Deleting files for brotli-1.1.0,1: 100%
[6/7] Deinstalling pkgconf-2.3.0,1...
[6/7] Deleting files for pkgconf-2.3.0,1: 100%
[7/7] Deinstalling expat-2.6.2...
[7/7] Deleting files for expat-2.6.2: 100%
Creating repository in /usr/obj/usr/tools/config/24.7/aarch64/.pkg-new/: 100%
Packing files for repository: 100%
>>> Removing packages set
>>> Creating package mirror set for 24.7.4-aarch64... done
-rw-r--r--  1 root wheel  807M Sep 20 01:32 packages-24.7.4-aarch64.tar
>>> ERROR: The build encountered fatal issues!
>>> Aborted version 0.95_2 for net/mtr (mtr)
>>> Aborted version 1.0_8 for x11-fonts/urwfonts (urwfonts)
*** Error code 1

Stop.
make: stopped in /usr/tools/


So I tried it again, and same error, same place. To make it short, I reinstalled 3 times the rpi5, using different disks and soruces, same error.
So today I tried to figure it out if I could just not build this package, and I saw in freshports.org that it is needed for two deleted ports:

This port is required by:
for Run
Deleted ports which required this port:

net/ntop*
www/trac-graphviz*

and the ntop opnsense uses is ntopng.

I will try to build packages again and take urwfonts out of the list, but it got me to think if maybe it should not be there, listed on the ports.conf file, hence this post here.

none

Hi,

I built arm64 image for R5S here. I now get this error and cannot find its source. I have 24.7 images that have not this issue.

HTTPS: Could not open file or uri for loading certificate from /var/etc/cert.pem
002021C7872D0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:/usr/src/crypto/openssl/crypto/store/store_register.c:237:scheme=file
002021C7872D0000:error:80000002:system library:file_open:No such file or directory:/usr/src/crypto/openssl/providers/implementations/storemgmt/file_store.c:267:calling stat(/var/etc/cert.pem)
Unable to load certificate

I tried to make update and build 24.7.1, got this error. Then I deleted all and tried again. Same error. I installed a 14.1R from scratch, same error. Now I have no ideas.

I began to use fingerprint and singing on the build process but cannot tell if this is the culprit.

If anyone has any clues :)

none

Hi,

I am trying to build opnsense 24.7 for a Nanopi R5S and I need another aarch64 box for it (tried on amd64, always had trouble). So the less packages I have to build, the better.

So I did this:

Code Select Expand

root@R4S_imagem:/usr/tools/config/24.7 # cat ports.conf | grep "^#"
#ORIGIN                                         IGNORE
#emulators/virtualbox-ose-additions-nox11       arm,aarch64
#net-mgmt/zabbix5-agent                         arm
#net-mgmt/zabbix5-proxy                         arm
#net-mgmt/zabbix6-agent                         arm
#net-mgmt/zabbix6-proxy                         arm
#net-mgmt/zabbix64-agent                                arm
#net-mgmt/zabbix64-proxy                                arm
#net-mgmt/zabbix7-agent                         arm
#net-mgmt/zabbix7-proxy                         arm
#net/asterisk18                                 arm
#net/bird2                                      arm
#net/frr8                                       arm
#net/haproxy28                                  arm
#net/ntopng                                     arm
#net/siproxd                                    arm
#opnsense/py-haproxy-cli                                arm
#security/clamav                                        arm
#security/suricata                              arm
#security/tor                                   arm
#sysutils/apcupsd                               arm
#sysutils/munin-node                            arm
#sysutils/nut                                   arm,aarch64
#www/sarg                                       arm


the plugins.conf is also edited:

Code Select Expand


root@R4S_imagem:/usr/tools/config/24.7 # cat plugins.conf | grep "^#"
#ORIGIN                                         IGNORE
#net-mgmt/zabbix-agent@zabbix5                  arm
#net-mgmt/zabbix-agent@zabbix6                  arm
#net-mgmt/zabbix-agent@zabbix64                 arm
#net-mgmt/zabbix-agent@zabbix7                  arm
#net-mgmt/zabbix-proxy@zabbix5                  arm
#net-mgmt/zabbix-proxy@zabbix6                  arm
#net-mgmt/zabbix-proxy@zabbix64                 arm
#net-mgmt/zabbix-proxy@zabbix7                  arm
#net/frr                                                arm
#net/haproxy                                    arm
#net/ntopng                                     arm
#net/realtek-re
#net/siproxd                                    arm
#security/clamav                                        arm
#security/tor                                   arm
#sysutils/apcupsd                               arm
#sysutils/apuled                                        arm
#sysutils/munin-node                            arm
#sysutils/nut                                   arm,aarch64
#sysutils/virtualbox                            arm,aarch64
#sysutils/vmware                                        arm
#sysutils/xen                                   arm,aarch64
#www/web-proxy-sso                              arm


but I keep seeing this kind of error:

Code Select Expand


nstalling zip-3.0_2...
Extracting zip-3.0_2: 100%
Installing py311-duckdb-1.0.0...
`-- Installing py311-pandas-2.0.3_2,1...
|   `-- Installing py311-numpy-1.25.0_7,1...
|   `-- Extracting py311-numpy-1.25.0_7,1: 100%
|   `-- Installing py311-numexpr-2.10.1...
|   `-- Extracting py311-numexpr-2.10.1: 100%
|   `-- Installing py311-bottleneck-1.3.8_1...
|   `-- Extracting py311-bottleneck-1.3.8_1: 100%
|   `-- Installing py311-tzdata-2024.1...
|   `-- Extracting py311-tzdata-2024.1: 100%
|   `-- Installing py311-pytz-2024.1,1...
|   `-- Extracting py311-pytz-2024.1,1: 100%
|   `-- Installing py311-python-dateutil-2.9.0...
|   | `-- Installing py311-six-1.16.0_1...
|   | `-- Extracting py311-six-1.16.0_1: 100%
|   `-- Extracting py311-python-dateutil-2.9.0: 100%
`-- Extracting py311-pandas-2.0.3_2,1: 100%
Extracting py311-duckdb-1.0.0: 100%
=====
Message from py311-pandas-2.0.3_2,1:

--
Install math/py-statsmodels to enable parts of pandas.stats.
Install devel/py-xarray to enable the to_xarray() function.
Installing py311-numpy-1.25.0_7,1...
the most recent version of py311-numpy-1.25.0_7,1 is already installed
Installing py311-pandas-2.0.3_2,1...
the most recent version of py311-pandas-2.0.3_2,1 is already installed
Could not find package: suricata
*** Error code 1

Stop.
make: stopped in /usr/tools/


Can I not build all ports there so it can be faster? How can I do it? :)

Thanks,

none

Hi,

just installed 23.7 and it is still in the test phase, so the networks are all using private address. I created a rule for web access and ssh from "outside", that is my home network. I am using another notebook on the LAN side of opnsense to test. I disabled the "Block private addresses", but it is still not working.

ssh and https to the gui won't work. And I know its the firewall, if i issue pfctl -d all works. Can is there another thing I must disable for it to work? Even a pass all from any to any won't do it. I am blind here.

thanks,

none

Hi,

I am using an old notebook and the screen is on all the time. I am looking on how I can make it turn off after some time. I looked for it on google and could not find any hints on how to do it on opnSense.

Is there how to make it turn off after some time?

I tried changing the console type, no go here :(

thanks,

none

Hi all,

I tried to upgrade from 21.7.8 to 22.1. It all looked fine till it said would reboot, yet on the web UI. Unfortunately I was behind the firewall and could not get serial output till late in the boot. What I got from console output was:

Code Select Expand

tunefs: soft updates remains unchanged as enabled
tunefs: file system reloaded
camcontrol: cam_lookup_pass: CAMGETPASSTHRU ioctl failed
cam_lookup_pass: No such file or directory
cam_lookup_pass: either the pass driver isn't in your kernel
cam_lookup_pass: or mmcsd0 doesn't exist
** /dev/ufs/OPNsense
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 182026 free (11058 frags, 21371 blocks, 1.2% fragmentation)
Setting hostuuid: 99672fc4-ed42-11eb-8b1b-000db94722f0.
Setting hostid: 0xb59a3a45.
Configuring vt: keymap blanktime.
ld-elf.so.1: /usr/bin/sed: Undefined symbol "regcomp@FBSD_1.6"
Configuring crash dump device: /dev/null
.ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg /usr/local/lib/compat/pkg /usr/local/lib/ipsec /usr/local/lib/perl5/5.32/mach/CORE
32-bit compatibility ldconfig path:
done.
>>> Invoking early script 'upgrade'
ld-elf.so.1: /usr/bin/sed: Undefined symbol "regcomp@FBSD_1.6"
>>> Invoking early script 'configd'
Starting configd.
>>> Invoking early script 'templates'
Generating configuration: OK
>>> Invoking early script 'backup'
>>> Invoking backup script 'captiveportal'
>>> Invoking backup script 'dhcpleases'
>>> Invoking backup script 'duid'
>>> Invoking backup script 'netflow'
>>> Invoking backup script 'rrd'
>>> Invoking early script 'carp'
CARP event system: OK
Launching the init system...done.
Initializing...........done.
igb0: link state changed to UP
debugnet_any_ifnet_update: Bad dn_init result from igb0 (ifp 0xfffff800038f4800), ignoring.
igb1: link state changed to UP
debugnet_any_ifnet_update: Bad dn_init result from igb1 (ifp 0xfffff80003695800), ignoring.
Starting device manager...done.
Configuring login behaviour...done.
Configuring loopback interface...done.
Configuring kernel modules...done.
Setting up extended sysctls...done.
Setting timezone...done.
Writing firmware setting...done.
Writing trust files...done.
Setting hostname: floyd.apartnet
Generating /etc/hosts...done.
Configuring system logging...done.
Configuring loopback interface...done.
Creating wireless clone interfaces...done.
Configuring VLAN interfaces...done.
Creating OpenVPN instances...done.
Configuring LAN interface...done.
Configuring VLAN_6 interface...done.
Configuring WAN interface...done.
Creating IPsec VTI instances...done.
Generating /etc/resolv.conf...done.
Configuring firewall.....failed.
Configuring OpenSSH...done.
Starting web GUI...done.
Configuring CRON...done.
Setting up routes...done.
Generating /etc/hosts...done.
Starting DHCPv4 service...done.
Starting Unbound DNS...done.
Setting up gateway monitors...done.
Configuring firewall.....failed.
Syncing OpenVPN settings...done.
Starting NTP service...done.
Starting Unbound DNS...done.
Generating RRD graphs...done.
Configuring system logging...done.
>>> Invoking start script 'newwanip'
Reconfiguring IPv4 on igb0: OK
Reconfiguring routes: OK
>>> Invoking start script 'freebsd'
>>> Invoking start script 'syslog-ng'
Stopping syslog_ng.
Waiting for PIDS: 85444.
Starting syslog_ng.
>>> Invoking start script 'carp'
>>> Invoking start script 'cron'
Starting Cron: OK
>>> Invoking start script 'beep'
Root file system: /dev/ufs/OPNsense
Sat Jan 29 19:12:07 -03 2022
ld-elf.so.1: /usr/bin/sed: Undefined symbol "regcomp@FBSD_1.6"

*** floyd.apartnet: (/OpenSSL) ***

LAN (igb1_vlan1) -> v4: 10.1.1.88/24
VLAN_6 (igb1_vlan6) -> v4: 10.1.6.88/24
WAN (igb0)      -> v4/DHCP4: xxxxxxxxxxxx

HTTPS: ld-elf.so.1: /usr/bin/sed: Undefined symbol "regcomp@FBSD_1.6"
ld-elf.so.1: /usr/bin/sed: Undefined symbol "regcomp@FBSD_1.6"
SSH:   ld-elf.so.1: /usr/bin/sed: Undefined symbol "regcomp@FBSD_1.6"
awk: i/o error occurred while closing /dev/stdout
input record number 1, file
source line number 1
SSH:   ld-elf.so.1: /usr/bin/sed: Undefined symbol "regcomp@FBSD_1.6"
awk: i/o error occurred while closing /dev/stdout
input record number 1, file
source line number 1
SSH:   ld-elf.so.1: /usr/bin/sed: Undefined symbol "regcomp@FBSD_1.6"
awk: i/o error occurred while closing /dev/stdout
input record number 1, file
source line number 1

FreeBSD/amd64 (xxx) (ttyu0)

login: root

FreeBSD/amd64 (xxx) (ttyu0)

login: root

FreeBSD/amd64 (xxx) (ttyu0)

login:   

I tried to log in and it keeps asking for login when I try to use root user (as the log shows).
I don't have internet connection through it anymore. I kind saw the box is kinda lost, so I came here to warn about it, so others will know the issue. I will install a fresh 22.1 later, its my home backup router and I have a backup from the config.

Is this known?

On the webUI I get this weird thing:

OPNsense 21.7.8-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021

Despite wan displays the IP for my ISP, it won't work the forwarding service.

att,

none

Hi all,

I am setting up a opnsense firewall with squid and LDAP(MS AD) auth. No need to be transparent.

I set a remote blacklist and now I want to use AD users and groups to tell who can and can't use that site. I can't find how on the webui, all I found was this thread:

Code Select Expand

https://forum.opnsense.org/index.php?topic=16171.0.

Is there any other way to solve this? Cause if not I will start editing my custom extra configs to send there. As I need to be user and group (from AD) aware, I assume it must be on post-auth dir.

Thanks,

none

Hi,

I have the last stable opnsense and I can see an annoying issue: sometimes I have connectivity from my local net, but the opnsense box has no default gw. As a coincidence, everytime this happens, I can't reach my box from any of the internet links. I followed the opnsense wan guide, and from time to time I get this.

Its just me? Is this known?

thanks,

Hail,

I tried some old version (15.x) and now I run 16.1 and have the same problem:

two WAN (A and B), and once I set a rule on LAN so my desktop machine will use the B (not the default) wan, DNS stops working for the desktop machine.

I get to see the dns query on the B link:

Code Select Expand

00:50:05.548848 IP 1x.x.x.x.17803 > 10.1.1.81.53: 26623+ A? openbsd.org. (29)
00:50:06.548621 IP 1x.x.x.x.17803 > 10.1.1.81.53: 26623+ A? openbsd.org. (29)
00:50:07.548685 IP 1x.x.x.x.17803 > 10.1.1.81.53: 26623+ A? openbsd.org. (29)


it never gets the answer, as the query is not fulfilled.

I tried the dns forwarder and the resolver. not gone far yet.

is this only me?

I saw the talk on https://forum.opnsense.org/index.php?topic=433.0, tried those settings but no good also.

thanks,

none

Hi,

I got 15.7.8 nano running and I get this DNS problem:

I have two wan dhcp ISP's, and two machines are on wan2, all other machines are on wan1. So I have a rule on firewall to change the router (route-to) for an alias that holds my two machines.

The issue is, on these two machines I can't get dns to work. I tried to disable dns forwarder, use just dnsresolver, no deal. If I use, manually, the 8.8.8.8 address, the machine is fine on surfing.

So I added a rule to pass dns traffic before the route-to one, so it is back to normal. Whats the issue to use wan2 to send dns packets ?

Is this supposed to be like this ?

thanks,

hail,

I have a soekris 5501-70 running:

OPNsense 15.7-i386
FreeBSD 10.1-RELEASE-p14
LibreSSL 2.2.0

This box has two cable wan, and there is the point. I get once a day a lost connection. Even though all looks fine, I can't ping from the main wan. I have to go on interfaces UI and click on "release" e "renew". This happened today once, and tomorrow too.

Has anyone seen this ?

I have a strangely high load of, at least, 1.00. Does this have any to do ?

I come from the project that is sibling to this, I don't know if there is any problem on saying it (so I don't), and I want to give this a try. So far, a bit slow on the 5501-70, but still testing.

About the packages, how can I test or run them ?

All I need so far is the vnstat package. I found some links to git, but I can't find how to install them. The pkg add on CLI won't find vnstat :(

thanks for the project, its a great project !

none