Topics

16

15.7 Legacy Series / Installation failure

« on: December 18, 2015, 02:45:04 pm »

Hi,
I'd like to install OPNsense into a VM, but the installer (OPNsense-15.7.18-OpenSSL-serial-amd64.img.bz2) runs into troubles:

Code: [Select]

Flow executing -> main/install/format_disk (Format Disk)           
,-<<< Executing `/usr/local/installer/cleargpt.sh vtbd0'           
| gpart: Device busy                                               
| gpart: Invalid value for 'i' argument: Invalid argument           
| gpart: Device busy                                               
`->>> Exit status: 0                                               
,-<<< Executing `/sbin/fdisk -I vtbd0'                             
| ******* Working on device /dev/vtbd0 *******                     
| fdisk: /boot/mbr: Device not configured                           
`->>> Exit status: 1                                               
[Fri Dec 18 13:25:06 2015]                                         
,-<<< Executing `/sbin/fdisk -I vtbd0'                             
| ******* Working on device /dev/vtbd0 *******                     
| fdisk: /boot/mbr: Device not configured                           
`->>> Exit status: 1                                               
[Fri Dec 18 13:25:09 2015]                                         
,-<<< Executing `/sbin/fdisk -I vtbd0'                             
| ******* Working on device /dev/vtbd0 *******                     
| fdisk: /boot/mbr: Device not configured                           
`->>> Exit status: 1                                               
I'm using KVM, but have a similar error on VMware Workstation.

17

Development and Code Review / Status display of MVC apps

« on: December 15, 2015, 09:20:15 am »

Hi,

I'd like to show some status information of an MVC app within the GUI (e.g. interface IP, sent/received bytes, etc.). I am planning to accomplish that through a script, which gets called by configd and returns the status info (as a JSON string). The configd action is being triggered by the service controller and the view requests the status info through the service controller, and then populates the corresponding layout.
Does that sound reasonable, or is there a better way to display status information of a service?

A down-side of this construct is, that the script delivering the status information does not have any well-defined (e.g. XML defined) model. The information passed between the script and the view are "loose" JSON objects. Is there any intended concept in defining models for external (Python) scripts?


Thanks,
Manuel

18

Development and Code Review / configd: stopping services via rc script

« on: December 13, 2015, 07:43:16 pm »

Hi,
what's the recommended way to stop services using configd? Keeping in mind, that rc script refuse to work if the corresponding service is not enabled, simply executing /usr/local/etc/rc.d/<service> stop is not sufficient.

In the Proxy plugin is was done by calling killall squid after trying to execute the rc.d/squid stop, but why did you actually use killall to "stop" squid instead of executing /usr/local/etc/rc.d/squid onestop? Is there a side-effect in using the "onestop" action? I'd say a completely clean mechanism should not kill all instances, but should only kill the instance stored in the service's pid-file...

Also for querying the service status, maybe using "onestatus" instead of "status" would allow recognizing e.g. a hanging or still running process, even the service has already been disabled. Right now if the service is not enabled, OPNsense always assumes that the process behind the service is not running, which is fact is not always the case.

Thanks,
Manuel

19

Development and Code Review / Coding guidelines

« on: December 07, 2015, 08:02:50 am »

Are there any coding guidelines for OPNsense? The forked pfsense code does not seem to have any guidelines (e.g. indents vary in tabs and spaces, single if statements used with and without curly braces, etc.)... Currently the code is a mix between different coding styles, it seems.

If one adds code to existing files, should the style of the file being adopted, or is there a OPNsense recommendation to apply? Shall existing files be adopted to a consistent style in future?

20

15.7 Legacy Series / New menu structure and DNS services

« on: December 04, 2015, 11:28:30 pm »

I really like the new menu structure, which e.g. unifies the DHCP Relay and the DHCP Server. But is there a specific reason, why the different DNS services were not put together into one sub-menu? I guess the DNS Filter, DNS Forwarder, DNS Resolver, and maybe even the Dynamic DNS services might go into one DNS menu, which then has sub items for Filter, Forwarder, Resolver, and Dynamic DNS.

21

15.7 Legacy Series / Column missmatch in IPsec tunnel settings?

« on: December 04, 2015, 08:33:09 pm »

The IPsec tunnel settings (see attachment) has six columns for each P1 entry: IKE, Remote Gateway, Mode, P1 Protocol, P1 Transforms, and P1 Description. I don't understand the columns P1 Protocol and P1 Transforms:
The P1 Protocol column shows the P1 encryption algorithm, why the name P1 Protocol? The column P1 Transforms should show the P1 authenticity algorithm (but currently it does not show it, I guess due to a bug?), but typically I know the term proposal as a combination of all cryptographic algorithms and settings, so I personally would expect e.g. "AES (128 bits), SHA-256" in the P1 Proposal column.

Maybe the P1 Protocol column should show something regarding the chose key material, like PSK or RSA? But then, still a better name should be chosen...

22

15.7 Legacy Series / nano image bigger than (standard) 4GB CF card?

« on: November 29, 2015, 07:52:02 pm »

The nano image (OPNsense-15.7.18-OpenSSL-nano-i386.img) is actullay 3999997952 bytes in size, while my 4GB Kingston CF card holds 3997163520 bytes. Interestingly I've a second 4GB CF from Transcend, which holds 4009549824 bytes.

I have no idea if there is a well defined definition for "4GB", but actually I guess I'm not the only one with a CF smaller than the nano image. What does the third slice of the image actually hold? Is there any important data in the last 50MB?

23

15.7 Legacy Series / Difference nano and non-nano with ramdisk setting active

« on: November 29, 2015, 02:43:50 pm »

Is there any difference between the nano images and the other images manually configured to use a ramdisk for /var and /tmp? Does the nano image use redundant partitions on the storage media, or so?

24

15.7 Legacy Series / [SOLVED] IPsec tunnel only establishes first phase 2 entry

« on: November 29, 2015, 11:30:43 am »

I've a IPsec phase 1 entry with three phase 2 entries. Only the first in the list is being established. At the other endpoint I cannot even see OPNsense trying to establish the other P2's. If I swap the P2 entries (just order, no config), the new first P2 entry is being established.

The /usr/local/etc/ipsec.conf file contains all endpoints as configured via the GUI, namely con1-000 up to con1-002. In the IPsec logs i found:

Nov 29 10:30:22    ipsec_starter[87595]: 'con1-001' routed
Nov 29 10:30:22    ipsec_starter[87595]: 'con1-000' routed
Nov 29 10:30:21    ipsec_starter[87595]: configuration 'con1-001' not found
Nov 29 10:30:21    ipsec_starter[87595]: configuration 'con1-000' unrouted

I'm not so deep into charon, which log levels should I raise to get more info on that issue?

I use OPNsense 15.7.18_1-i386 (willing to upgrade to unstable if this would help investigations).