Messages

I just tested this with the upcoming 15.1.11 images: cpdup(1) has been replaced by the traditional tar(1) utility and now installs with only 512MB of RAM, but not all files land on the disk. I expect this is a serious issue without tar(1) noticing... Might as well have something to do with the images being larger installations now. Will debug this further...

Wir können diesen Code dann auch sehr gern Mergen. Im Moment nähern wir uns dem großen Release 15.7 und da gibt es leider eine Menge zu tun für unser kleines Kern-Team um z.B. die GUI Firmware-Updates zu vervollständigen. Um so mehr freut es mich, dass Kepa auf einem guten Weg ist. :)

Grüße Franco

Passiert mir auch nur zu oft. ;)

Wenn man das core.git im System hat, kann man mit "make lint" in /root/core auch den Syntax-Checker laufen lassen über alle Dateien. Das führen wir spätestens vor Releases aus für die Qualitätssicherung.

siehe http://lastsummer.de/development-workflow-in-opnsense/


Grüße Franco

Hallo,

seltsam, wie hieß denn die Funktion? Seit PHP 5.4 gibt es keine call-by-reference mehr. Das passiert wenn man in den Funktionsaufruf ein "&" einbindet: meine_funktion(&$hallo);

Normalerweise kann der PHP syntax checker das aber auffangen, es könnte also bei Editieren hinzugefügt worden sein aus Versehen?


Grüße Franco

This is overly tricky, because:

(a) you are not using MITM decryption

Unless you monitor the DNS queries of your system, you'll never know which page HTTPS is using since it's encrypted. Even that is not completely sane, the best you can do is add an IP alias list for the host and open port 443 with the same rule.

One could also monitor the SSL header for the Common Name / Hostname, but that is not supported by pf(4).

http://wiki.squid-cache.org/Features/SslPeekAndSplice

(b) you want to use MITM decryption

This requires proxying with relayd(8) or another sophisticated application we do not currently provide a GUI for.


A large number of commercial firewall supports this natively, but it is still a largely unavailable open source firewall distro feature.

You can add and modify Wireless settings such as SSID and passphrase from this page: https://your.OPNsense.ip/interfaces_wireless.php

I can recommend FreeNAS http://www.freenas.org/ or you could delve into how to set up SMB/NFS shares with FreeBSD on top of OPNsense https://www.freebsd.org/doc/en/books/handbook/network-samba.html / https://www.freebsd.org/doc/en/books/handbook/network-nfs.html

Assuming you used 15.1.10 and the quick/easy installer, the following things have been do increase disk life and performance:

* Enables TRIM and soft updates for better crash recovery (a fix is in 15.1.11 to address setup issues)
* Only one partition to maximise controller flexibility WRT write cycles
* No swap space that might wear down the disk
* Root partition has noatime set to avoid fiddling with the file system

The one thing you can do to increase disk life is go to: System -> Settings -> Misc and enable "Use memory file system for /tmp and /var". After reboot these changes take effect.


Hope that helps,
Franco

Small note on the widgets: 15.1.11 is coming out tomorrow fixing the issue. Sorry for the trouble.

Nah, I'll add it to the backlog and will revisit later. No need to tackle this right away then:

https://github.com/opnsense/core/issues/182

Is this still happening for you, Tom? Sorry this slipped through my fingers earlier.

Hi mate, currently in the Netherlands for our monthly meetup. Haven't forgotten this. :)

Does the test/update button indicate "success"? Maybe your users are getting DNS queries from somewhere else or OpenDNS is not set up correctly for your domain?

Please try "Services: DNS Filter", it's the setup page for OpenDNS and let us know if the issue persists.

Great to hear that. :)