Topics

I would like to know if Python3 support is already in the pipeline. And if it is, what are the timelines on the inclusion of python3 in the distribution?

I ask this for several reasons.
My main reason is that Python2.7 will retire shortly (https://pythonclock.org) and security updates for that package will cease around 2020Q1. This, ofcourse, will not instantly break the firewall but does put us at increased risk as time progresses beyond 01JAN2020.

Another reason is that I develop python software. I use python3 and it annoys the heck out of me that I can't run those apps under OPNsense because python3 is not supported. I know I can install python3 manually, but that has some unwanted side-effects (notably during upgrades  ;) ). Alternatively, re-factoring back to python2.7 just to support OPNsense is a no-go where I'm concerned.

[OPNsense 18.1.13_1-amd64FreeBSD 11.1-RELEASE-p11]

I must have clicked the wrong button somewhere, because I seem to have upgraded successully to 18.7 but then accidentally clicked the Update button which took me back to 18.1 and ow I'm stuck.

On the GUI I am at "18.1.13 (installed)"
On the CLI I am at

Code Select Expand

# opnsense-update -v
18.1.11-amd64

When I click the "Unlock this upgrade" button in the CLI and then click the "Upgrade now"
it says that its fetching the 18.7 packages
Then there's an error when fetching the kernel package:

Code Select Expand

pgrep cannot get process list [kvm_getprocs: No such process]

This is followed by extraction of the packages and seemingly succesful installation.
(see attachment)

After the upgrade I'm still on
OPNsense 18.1.13_1-amd64
FreeBSD 11.1-RELEASE-p11


I can SSH into the box.
Any commands I might try to force this?

[only]

Observed behaviour:
The OPNsense Forum sends me a "Daily Digest" e-mail every single day regardless if there has been activity on the subscribed topics or not.  When there's been no activity the mail is empty apart from the header text:

Below is a summary of all activity in your subscribed boards and topics at OPNsense Forum today. To unsubscribe please visit the link below.

Expected behaviour:
The OPNsense forum sends me a "Daily Digest" e-mail only on days when there actually is some activity in the topics I've subscribed to.

[11.1-RELEASE-p6]

This morning I'm trying to upgrade from OPNsense 17.7.12_1-amd64 to the current 18.* from the WebGUI System > Firmware > Updates  [Check for upgrades] > [Upgrade]

After a reboot I am now on:
OPNsense 17.7.12_1-amd64
FreeBSD 11.1-RELEASE-p6
OpenSSL 1.0.2n 7 Dec 2017

but still no 18.*.

What am I doing wrong?

P.S. Is there an upgrade path using the CLI instead of the GUI?

I'm trying to figure out how to restart syslogd.
Since it is a service (and listed by service -e I thought that this would work:

Code Select Expand


$ sudo service syslogd restart
syslogd not running? (check /var/run/syslog.pid).
Starting syslogd.
syslogd: syslogd already running, pid: 7423
/etc/rc.d/syslogd: WARNING: failed to start syslogd


But apparently it doesn't.

Also using sudo pluginctl syslogd resulted in no restarting of syslogd.

Confusion...  :o

So, I'm now wondering if there is some documentation that I might have missed that lists which services, packages or plugins should be restarted in which way because there seem to be various mechanisms available with (at least to me) no apparent distinctions between the different functionalities.

[bash]

I've installed bash and set the login-shell of my administrative user (admin) to it thusly:

Code Select Expand


sudo sh
chsh -s /usr/local/bin/bash admin


This works great. However, after a reboot the login-shell has changed back to /bin/csh.

This may be related but I don't consider this a problem: I also noticed that I needed to renew my SSH authorisation.

Is there a way to prevent the login-shell from reverting to the installer default?

[/etc/fstab]

I would like to be able to mount an NFS share from one of the Debian-servers (boson) on my LAN. I've added a line to /etc/fstab:

Code Select Expand


boson:/srv/array1/rbin/firebin  /home/admin/bin   nfs   rw   0   0


According to the "Hardened BSD Handbook" (https://hardenedbsd.org/~shawn/hbsd_handbook/book.html#network-nfs) I should also activate the NFS-client. This should be done in /etc/rc.conf.

On OPNsense: I assume I should create a file in /usr/local/rc.d containing

Code Select Expand

nfs_client_enable="YES" which should override one of these settings:

Code Select Expand


$ cat /etc/defaults/rc.conf |grep nfs
netfs_types="nfs:NFS smbfs:SMB" # Net filesystems.
nfs_client_enable="NO" # This host is an NFS client (or NO).
nfs_access_cache="60" # Client cache timeout in seconds
nfs_server_enable="NO" # This host is an NFS server (or NO).
nfs_server_flags="-u -t" # Flags to nfsd (if enabled).
nfs_server_managegids="NO" # The NFS server maps gids for AUTH_SYS (or NO).
nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO).
nfs_bufpackets="" # bufspace (in packets) for client
nfsv4_server_enable="NO" # Enable support for NFSv4
nfscbd_enable="NO" # NFSv4 client side callback daemon
nfscbd_flags="" # Flags for nfscbd
nfsuserd_enable="NO" # NFSv4 user/group name mapping daemon
nfsuserd_flags="" # Flags for nfsuserd


Is that correct? Or should I create /etc/rc.conf  itself?

Trying to update via System > Firmware > Updates returns this error:

Firmware status check was aborted internally. Please try again.

System > Firmware > Plugins only shows one line:

os-dyndns (orphaned)   1.5   133KiB   Dynamic DNS Support

System > Firmware > Packages looks like it is okay.

Help is appreciated. Please let me know what additional info is needed.

I want to install

Code Select Expand

tree and

Code Select Expand

python3 (3.5 or 3.6).

Neither seems to be available in the OPNsense repository.

I'm also wanting to install other packages.
What are my options?

How do I restart dnsmasq from the CLI?

I've tried:

Code Select Expand


% service dnsmasq restart
Cannot 'restart' dnsmasq. Set dnsmasq_enable to YES in /etc/rc.conf or use 'onerestart' instead of 'restart'.

Given the fact that it is already running I presume a different mechanism is active for starting the daemon, so I dare not follow this instruction.

Code Select Expand


% configctl dnsmasq restart
Action not found

Was worth a try. But no joy.

I want to add an option to the Service > Dnsmasq DNS > Settings.
In the Advanced editbox I entered:

Code Select Expand

conf-dir=/usr/local/etc/dnsmasq.d/,*.conf

I get an error message:

Code Select Expand

The following input errors were detected:
Invalid custom options

This is a valid dnsmasq option, so what am I doing wrong?

[local DNS server]

I'm new to OPNsense. As I'll be doing some fine-tuning from the CLI, before I get started, I'd like to read up on the various packages. Strangely, I have not been able to find a list of installed software. Google just gives me old articles and the `docs.opnsense.org` are only discussing the front-end.
Could anyone please point me to a relevant, up-to-date source?
To get up and running as fast as possible I'm particularly interested in:

1.  which local DNS server is installed by default?
2.  which DHCP server is installed by default?

Thanks for your support.