Topics

1

General Discussion / Transition to Python3

« on: October 24, 2018, 03:01:43 pm »

I would like to know if Python3 support is already in the pipeline. And if it is, what are the timelines on the inclusion of python3 in the distribution?

I ask this for several reasons.
My main reason is that Python2.7 will retire shortly (https://pythonclock.org) and security updates for that package will cease around 2020Q1. This, ofcourse, will not instantly break the firewall but does put us at increased risk as time progresses beyond 01JAN2020.

Another reason is that I develop python software. I use python3 and it annoys the heck out of me that I can't run those apps under OPNsense because python3 is not supported. I know I can install python3 manually, but that has some unwanted side-effects (notably during upgrades  ). Alternatively, re-factoring back to python2.7 just to support OPNsense is a no-go where I'm concerned.

2

18.7 Legacy Series / Stuck on 18.1 during upgrade

« on: September 02, 2018, 11:34:26 am »

I must have clicked the wrong button somewhere, because I seem to have upgraded successully to 18.7 but then accidentally clicked the Update button which took me back to 18.1 and ow I'm stuck.

On the GUI I am at "18.1.13 (installed)"
On the CLI I am at

Code: [Select]

# opnsense-update -v
18.1.11-amd64
When I click the "Unlock this upgrade" button in the CLI and then click the "Upgrade now"
it says that its fetching the 18.7 packages
Then there's an error when fetching the kernel package:

Code: [Select]

pgrep cannot get process list [kvm_getprocs: No such process]
This is followed by extraction of the packages and seemingly succesful installation.
(see attachment)

After the upgrade I'm still on
OPNsense 18.1.13_1-amd64
FreeBSD 11.1-RELEASE-p11


I can SSH into the box.
Any commands I might try to force this?

3

General Discussion / Daily mail from OPNsense Forum (BUG?)

« on: February 25, 2018, 11:18:14 am »

Observed behaviour:
The OPNsense Forum sends me a "Daily Digest" e-mail every single day regardless if there has been activity on the subscribed topics or not.  When there's been no activity the mail is empty apart from the header text:

Below is a summary of all activity in your subscribed boards and topics at OPNsense Forum today. To unsubscribe please visit the link below.

Expected behaviour:
The OPNsense forum sends me a "Daily Digest" e-mail only on days when there actually is some activity in the topics I've subscribed to.

4

18.1 Legacy Series / Upgrade from 17.7.12 to 18.* not completing

« on: February 10, 2018, 10:06:34 am »

This morning I'm trying to upgrade from OPNsense 17.7.12_1-amd64 to the current 18.* from the WebGUI System > Firmware > Updates  [Check for upgrades] > [Upgrade]

After a reboot I am now on:
OPNsense 17.7.12_1-amd64
FreeBSD 11.1-RELEASE-p6
OpenSSL 1.0.2n 7 Dec 2017

but still no 18.*.

What am I doing wrong?

P.S. Is there an upgrade path using the CLI instead of the GUI?

5

17.7 Legacy Series / Restarting services & documentation

« on: February 03, 2018, 10:45:56 am »

I'm trying to figure out how to restart syslogd.
Since it is a service (and listed by service -e I thought that this would work:

Code: [Select]

$ sudo service syslogd restart
syslogd not running? (check /var/run/syslog.pid).
Starting syslogd.
syslogd: syslogd already running, pid: 7423
/etc/rc.d/syslogd: WARNING: failed to start syslogd

But apparently it doesn't.

Also using sudo pluginctl syslogd resulted in no restarting of syslogd.

Confusion... 

So, I'm now wondering if there is some documentation that I might have missed that lists which services, packages or plugins should be restarted in which way because there seem to be various mechanisms available with (at least to me) no apparent distinctions between the different functionalities.

6

17.7 Legacy Series / Login shell does not survive reboot

« on: January 28, 2018, 02:14:13 pm »

I've installed bash and set the login-shell of my administrative user (admin) to it thusly:

Code: [Select]

sudo sh
chsh -s /usr/local/bin/bash admin

This works great. However, after a reboot the login-shell has changed back to /bin/csh.

This may be related but I don't consider this a problem: I also noticed that I needed to renew my SSH authorisation.

Is there a way to prevent the login-shell from reverting to the installer default?

7

17.7 Legacy Series / Enable NFS client mode

« on: January 27, 2018, 11:49:10 am »

I would like to be able to mount an NFS share from one of the Debian-servers (boson) on my LAN. I've added a line to /etc/fstab:

Code: [Select]

boson:/srv/array1/rbin/firebin  /home/admin/bin   nfs   rw   0   0

According to the "Hardened BSD Handbook" (https://hardenedbsd.org/~shawn/hbsd_handbook/book.html#network-nfs) I should also activate the NFS-client. This should be done in /etc/rc.conf.

On OPNsense: I assume I should create a file in /usr/local/rc.d containing

Code: [Select]

nfs_client_enable="YES" which should override one of these settings:

Code: [Select]

$ cat /etc/defaults/rc.conf |grep nfs
netfs_types="nfs:NFS smbfs:SMB" # Net filesystems.
nfs_client_enable="NO" # This host is an NFS client (or NO).
nfs_access_cache="60" # Client cache timeout in seconds
nfs_server_enable="NO" # This host is an NFS server (or NO).
nfs_server_flags="-u -t" # Flags to nfsd (if enabled).
nfs_server_managegids="NO" # The NFS server maps gids for AUTH_SYS (or NO).
nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO).
nfs_bufpackets="" # bufspace (in packets) for client
nfsv4_server_enable="NO" # Enable support for NFSv4
nfscbd_enable="NO" # NFSv4 client side callback daemon
nfscbd_flags="" # Flags for nfscbd
nfsuserd_enable="NO" # NFSv4 user/group name mapping daemon
nfsuserd_flags="" # Flags for nfsuserd

Is that correct? Or should I create /etc/rc.conf  itself?

8

17.7 Legacy Series / Firmware update fails

« on: January 22, 2018, 06:59:49 pm »

Trying to update via System > Firmware > Updates returns this error:

Firmware status check was aborted internally. Please try again.

System > Firmware > Plugins only shows one line:

os-dyndns (orphaned)   1.5   133KiB   Dynamic DNS Support

System > Firmware > Packages looks like it is okay.

Help is appreciated. Please let me know what additional info is needed.

9

17.7 Legacy Series / Can't find packages

« on: January 21, 2018, 06:29:28 pm »

I want to install

Code: [Select]

tree and

Code: [Select]

python3 (3.5 or 3.6).

Neither seems to be available in the OPNsense repository.

I'm also wanting to install other packages.
What are my options?

10

17.7 Legacy Series / [CLOSED] Restart dnsmasq from the CLI

« on: January 21, 2018, 06:04:51 pm »

How do I restart dnsmasq from the CLI?

I've tried:

Code: [Select]

% service dnsmasq restart
Cannot 'restart' dnsmasq. Set dnsmasq_enable to YES in /etc/rc.conf or use 'onerestart' instead of 'restart'.
Given the fact that it is already running I presume a different mechanism is active for starting the daemon, so I dare not follow this instruction.

Code: [Select]

% configctl dnsmasq restart
Action not found
Was worth a try. But no joy.

11

17.7 Legacy Series / [CLOSED] Adding conf-dir option to Dnsmasq setting

« on: January 21, 2018, 09:46:28 am »

I want to add an option to the Service > Dnsmasq DNS > Settings.
In the Advanced editbox I entered:

Code: [Select]

conf-dir=/usr/local/etc/dnsmasq.d/,*.conf
I get an error message:

Code: [Select]

The following input errors were detected:
Invalid custom options
This is a valid dnsmasq option, so what am I doing wrong?

12

17.7 Legacy Series / [CLOSED] What's installed?

« on: January 20, 2018, 08:11:42 am »

I'm new to OPNsense. As I'll be doing some fine-tuning from the CLI, before I get started, I'd like to read up on the various packages. Strangely, I have not been able to find a list of installed software. Google just gives me old articles and the `docs.opnsense.org` are only discussing the front-end.
Could anyone please point me to a relevant, up-to-date source?
To get up and running as fast as possible I'm particularly interested in:

1.  which local DNS server is installed by default?
2.  which DHCP server is installed by default?

Thanks for your support.