On My Wishlist - Caching Proxy Option for Downloading Updates

[abalsam]

I have found OPNSense to be a full featured, well documented and easy to use solution that can have a small memory/processor footprint (depending on what features are actively in use).  I am therefore using it as my standard firewall not only for my home but also for my test labs.  This means that when all of my labs are running, I have 10 to 20 OPNSense VMs running at once.  When a series of patches are then released, I have to go through the update process on all of the instances.  Since, at the end of the update process the downloaded files are deleted and I am unable to find a way to point to a dedicated caching proxy where the update files can be downloaded again locally, the same files need to be downloaded from the internet again and again (consuming bandwidth).

I was wondering if there are any plans to support configuring a dedicated caching proxy for updates only.  Alternatively, is there a way to download and centrally maintain update files for select platforms (similar to what Ubuntu offers) so that I could have an internal mirror I could point my VMs to?

Thanks

[fabian]

You should use an internal mirror for that - for example you can mirror https://pkg.opnsense.org/ and make it available via a webserver (for example: nginx) by setting the webroot to your mirror directory. On the firmware page you will have to add the address of your mirror.

Note: you do not have to mirror all directories (for example you can omit i386 if you are not using it)

Franco may also have a working rsync command you can use to mirror the files.

Kind regards

Fabian

[franco]

Please don't mirror the main server... use one of https://opnsense.org/download/

Use e.g. one of the LeaseWeb servers around the world and sync the main directory:

http://mirror.sfo12.us.leaseweb.net/opnsense/

You only need an HTTP host (all updates are signed) to publish your changes internally, then go to System: Firmware: Updates and change mirror to "(other)" and put your own URL in there (it can be an internal one, even DNS if the firewall can resolve it).


Cheers,
Franco

[abalsam]

When I reviewed the content of the mirror, it looks like some of the same packages are present in multiple locations (which implies symlinks on the source).  If I just did a sync of the entire mirror, I am afraid I would be copying more than I would need to.  Is there a document that I can refer to that would tell me how to set up a local mirror?

Thanks

[franco]

LeaseWeb supports rsync, it's really simple

https://mirror.de.leaseweb.net/