Messages

Hello, nice to have you two guys!

Every insightful suggestion and constructive critique is very well appreciated, you know other commercial companies spend millions on customer compliance and new ideas.

Now, we at OPNsense are not commercial and get it for free from you, a great thank you for that :)

Please keep in mind, that our OPNsense project just started and tries to shift from the legacy pfSense codebase up to a more FreeBSD alligned rock solid secure manageable code base. This all needs work and time and hands and a community. So our project needs helpful developers, editors, testers, and design critiques like the one from you guys as well ...

Again a warm wellcome to our project. We will do what we can to get a good free product out, promised!

The link you might find helpful is to iXsystems, they offer great Server and storage systems:

ixSystems FreeNAS mini

You might as well want to discuss your insights to the NAS domain with the members of the FreeNAS forum

Warum einfach, wenn es auch kompliziert geht  ;)

IPcop hat nun ja auch schon Jahre auf dem Buckel.
Ich hatte das vor mehr als 10 Jahren mal in gebrauch mit Einwahlsteuerung und Firewall fuer eine doppelte ISDN Internetverbindung, weil mein Stadtteil OPAL Glasfaser "verseucht" war und fand dann Fli4Linux doch besser.

IPcop wurde bekannt, in Dland hatte es die heise Redaktion gefoerdert und nahm dann einen aehnlichen Weg wie jetzt pfSense, es wurde speziell, spezieller und dann viertel und halb und mehr Kommerziell mit mehreren Fork-Projekten.

Das Rot-Gruen-Orange hat sich bewaehrt und ging auch in Nachfolger ein. Hast Du mal darueber nachgedacht die Interface=farben mit farbigen Netzwerkkabeln nachzustellen, sprich gruen fuer den LAN port, rot fuer den WAN port, Blau/Organe fuer den DMZ port? Plus Du kannst die Netzwerk interfaces natuerlich auch ROT und GRUEN statt WAN und LAN nennen , wenn es Dir beliebt, oder halt WAN (rot).

Im Hinblick auf die Firewall ist die Farbampel natuerlich vereinfachend und passt dann schnell nicht mehr zu einer komplexen und leistungsfaehigen Firewall software wie pf (PF) hier bei uns. Wie Du anhand meiner oben angefuerhrten Beispiele erahnen kannst ist pf das leistungsfaehigere Product und IPcop bilded eine GUI fuer iptables bei Linux.

Deine Hardware: Du hast ein PC-Engines Produkt gewaehlt, fuer dass es noch keine stark ausgearbeitetes OPNsense software image gibt, d.h. was wir haben ist noch in der Entwicklung. Plus du kannst nur mit einer Terminalverbindung ohne Monitor auf die APU von PC-Engines zugreifen.

Da Du von IPCop kommst und nach einer englischen Uebsetzung fragst ist es evtl. besser fuer Dich mit deiner bisherigen IPCop Hardware einmal OPNsense auszuprobieren (1GHz reicht).

Ich empfehle dir also OPNsense ohne die PC-Engines APU Hardware zu nutzen (weil es einfacher ist) oder die APU mit dem pfSense image auszuprobieren oder wenn Du es Dir trotz der Warnungen zutraust halt die APU mit OPNsense (als Bastel und Lernprojekt) was Du aber evtl. aufgrund von Zeitmangel nicht zum Laufen bekommen wirst.

Du kannst von aussen auf dein Solarlog oder NAs system zugreifen, wenn dir die Stichworte port forwarding und/oder 1:1 NAT und/oder virtual IP etwas sagen. Wenn Du wenig weist fang einfach an im Netz zu lernen. Dein vorgestelltes Setup sollte von Dir mit Hilfe der meist englischen Internetquellen aufzusetzen sein.

Ein sehr einfacher Weg fuer Deine Beduerfnisse waere evtl. ein Consumer-router wie die Fritzbox. Und du brauchst nicht unbedingt IPv6 fuer ein locales sicheres LAN mit NAS und Solarlog.

I am a novice in graphic arts. But can you do it? Or you maybe know somebody who can and would do?

Hello,
it is nice that you tried OPNsense.

If you come from pfSense, the set-up of OPNsense should not be much different.

Do you still have your OPNsense appliance connected to a monitor/console? If so please configure the network interface(s) first. If not please go back and connect your monitor/console, it is the easiest and fastest way to get your initial connection problem solved. The configuration through the OPNsense console menu is also highly recommended for virtual machine installs. In the console menu one can ping out to a IP address to see if the WAN is set-up right.

See:
Setup wizard

and

How To Install OPNsense on VirtualBoxP

Hope that helps.

OPNsense kommt ja als ein Fork von pfSense und von m0n0wall und ist auf FreeBSD basierend.

Im Primzip kommst Du der Frage naeher, was denn OPNsense und FreeBSD basierte Firewall software bzw. Distributionen sind naeher, wenn Du der pf (auch PF geschrieben)  Firewall nachrecherchierst.

Ich empfehle Dir diese Videos:

Henning Brauer (ruBSD 2013) ueber pf

Episode 035: Puffy Firewall

Episode 072: Common OPNsense Approach

Episode 025: A Sixth pfSense




und die folgende Uebersichts-Seite:

OPNsense

Re:  quick navigation feature

Is this feature planned to hit OPNsense images prior to 15.7 or 15.7 or after?
Is this feature changing the present menu structure, like in 15.1.11.x?

With a "Lite" version, OPNsense won't suffer the same fate as pfSense, no matter how feature rich OPNsense become in the future, the "Lite" version will keep reminding people that, at its core, OPNsense is still a no-nonsense firewall/router.

Also, once the first step of transition is made, it'll be easy to encourage them to try the more advanced version, for example, in the settings page of the "Lite" version, there can be some advance setting fields that are greyed out, with the text "This feature is available in the Normal/Advance version <URL>" next to it.

I like the idea a lot. We have all build overrides in place in the config folder of our tools.git:

https://github.com/opnsense/tools/tree/master/config/current

This means ports, their options, the source binaries to be installed, the kernel to be built. Even the core/GUI repository could be replaced. However, things start to get rough around the edges. While it is perfectly safe to start with this, the projects will diverge quickly in terms of the core.git. We might be able to stay on track with the tools.git, src.git and ports.git.

So here it seems that there should be a "core-lite.git" or something along with the proper overrides in the tools.git.

I have seen a web-based build config tool with OpenWRT router images some years ago. I did configure my router build online via web-interface, specifying platform, radio drvers, code-base (stable, snapshot..) and got it build with a remote serve. I got an email notifiv=cation if the image was build with or without errors and a download link.
I do not know the downsides of this, but jused it to just build my images and testing stuff for the small plastic WRT type routers/firewalls, then.

May this be an idea for exactly tailored embedded / NaonBSD images of OPNsense in the future?

To conclude, you guys could strip down the system, remove features and still ride most of the eco system drive with OPNsense. Maybe there is a better solution mid or longterm, but as far as those things go they tend to diverge rather than converge.

PS: I really like this productive discussion. Thank all of you for your time. (No, the discussion isn't over ;) )

Yes, exactly my idea/thinking. So, in my oppinion, with all due respect, it would be fantastic if all the legacy m0nowall developers would join our alingnment with stable FreeBSD 10 code!

Also, this would mean more fun in development, for it is always nicer and more inspiring, if people work together, create, envision, merge, just make things happen in a group of like-minded people! And, eventually, meet from time to time.

The potential is there, for my gut feeling is that pfSense shows signs to head for big iron/$ and enterprise and the m0nowall code-base is fading out, unfortunately, again with all due respect. And there is no shame in leting established senior codes retire in dignity and go on with new and more exciting streams. This is how things go, one would say.

Your m0n0wall system is still quite stable and will be fine for quite a while.  Also the m0n0wall developers did not all retire with Manuel.  I have been talking with a few of them, and while we are impressed with OPNsense, many of us do not feel it truly addresses the m0n0wall segment.  (Others do, and my join the project)

As I see it, to push the remaining m0n0wall code-base to FreeBSD10.1 or later to 11 would be a huge block of work and the conclusion was, that time is running fast, very fast away from the m0nowall/FreeBSD-8 base, while the alignment to stable, peer reviewed & secureFreeBSD10 base is done here with the developers of OPNsense anyway, which is backed by industry and a potential huge user base.

Because I can add drivers for one platform in one day.  Doing an entire basis takes a lot more. :)  However, you are right in that we need to stay current.  It adds ALL the drivers for nics, video, and more...

I was just saying we might be able to fix your problem sooner than you think.

Yes! Make it so! Maybe use the OPNsense base?

Plus, there are new drivers for new hardware, many new WiFi drivers and (more secure) WLAN support in FreeBSD, but also only in the new distributions.

Security also goes up with FreeBSD 10 or 11 .

Idea: merge development power and establish a light NanoBSD version out of OPNsense, that would fit the legacy m0n0wall user-base with their reliable older or smaller hardware and have it all more secure and up to date!

At least I feel the need for a rush to develop, test install a new firewall, like Manuel advised!

OPNsense has many exciting features, but right now, there is a large group of m0n0wall refugees out there looking for a new shelter, so this is like a humanitarian problem, lol.

Lol, like that!

Perhaps there can be a "OPNsense Lite" approach? A bare minimum version of OPNsense that doesn't do much more than m0n0wall? Many existing m0n0wall users will transit in droves just for the OS/SSL bug patches and new drivers alone (us included).

Franco mentioned something like stripping down the base install of OPNsense by selectable packet, i.e. option out big-BIND (for a smaller) or Squid-proxy or WiFi+Captive portal blob, if I am not mistaken.

The problem with pfSense is that, there is always a large group of users who only require the most basic functions, but once they install pfSense and see the 10 menus with 100 options, they think "screw this, I am not going to spend a month to learn and tweak everything and risk breaking something", pfSense ended up trying to be everything for everybody and lost many would-be users.

Exactly, plus the GUI is crowded and deep. It will need huge man-years only to explain all the basic firewall configurations over and over via forum, mailing-list to the normal users...
Our project's developers recently did add toggle switches for advanced/basic options to the GUI, which shows the right way in which OPNsense will go in the future.

With a "Lite" version, OPNsense won't suffer the same fate as pfSense, no matter how feature rich OPNsense become in the future, the "Lite" version will keep reminding people that, at its core, OPNsense is still a no-nonsense firewall/router.

Exactly!! And, again, if I am not mistaken, the developers showed understanding and awareness of this, so I see forward to it - it should show up in the future. It is a question of time, number of developers and community strength.

Yes, exactly as you say. It was me that was confused. I learned, recently, about the FreeBSD 2-clause docu license - and set it asthe base for the wiki-documntation now.
The Free BSD docu license is just a little more specific on what docu source and derived works would be.

Hi all,

I created an OPNsense community mascot for the docu wiki. I would like to hear yor say about it.

You can see it in this article, here => OPNsense, and  here


Love to hear your oppinions.  :)

Hi,
I can not reproduce your install problem here.
My latest upgrade from OPNsense 15.1.9-LibreSSL to latest 15.1.11.1 did run smooth.

Be careful to verify your downloaded images with the help of the various hash summs.
You maybe only got unlucky and downloaded a corrupted image?

Best thing would be a fresh download of the latest 15.1.11.1 for OpenSSL flavour and the 15.1.9-LibreSSL flavour and then a console tiggered upgrade.

Please try it and report your results, here. Good luck!

You probably did run a liveCD.

You may want to install OPNsense prior to an upgrade. Use console menu point 99) to initiate the hard disk install.

Hope that helps.

See : Memory Disks

Kaxia , look here, please, it might help