Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Update Issues behind a seperate proxy.
« previous
next »
Print
Pages: [
1
]
Author
Topic: Update Issues behind a seperate proxy. (Read 3790 times)
nevotheless
Newbie
Posts: 4
Karma: 0
Update Issues behind a seperate proxy.
«
on:
November 20, 2019, 02:40:19 pm »
Howdy OPNsense Community.
I don't know if this is the right place to ask for such a question, but i'll just try.
Environment
We're evaluating a OPNsense Firewall at the Moment for a big Company which has multiple locations and each location kinda does their own thing. So far so bad.
We're inside a huge company intranet where we need to authenticate with a proxy if we want to go to the interwebs.
Issue Description
When trying to Update the OPNsense System through,
Code:
[Select]
opnsense-update
. It fails with An Error which is 407 Proxy Authentication required. I know for a fact, that the Environment Vars which the underlying libfetch respect, are properly set and in place. The issue here is, that libfetch doesn't handle the 407 and doesn't try to resend the CONNECT with an proper Proxy-Authentication Header.
What i tried so far
I tried, the usual troubleshooting to make sure it's not my fault
Fetch with http works
Fetch with https doesn't work
Curl with http works
Curl with https works
I don't want to just Change the repo url to http, which would work, because we have other repo's in place which would need https support anyway.
I also found a Issue Report on the FreeBSD Bugtracker, which seems to fit this exact issue:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220468
and it actually contains a patch, which unfortunately never got applied.
I know how to compile stuff usually, and i would've tried patching the library myself, but since it's so integrated into FreeBSD and has quite some 'internal' dependencies i don't really know how to just test and or build the fixed lib.
My hope was, that since OPNsense probably (hopefully) doesn't actually just use the upstream FreeBSD without changing anything there, that i could either get this patch integrated into OPNsense directly, since FreeBSD doesn't seem to care, (Issue created 2017) or eventually getting help from some knowledgeable people to build the library myself, without building the whole freebsd os.
Thanks for reading this far,
and have a great day.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Update Issues behind a seperate proxy.
«
Reply #1 on:
November 20, 2019, 03:57:38 pm »
You can either set up proxy stuff in /usr/local/etc/pkg.conf by creating it or create a local rsync mirror of --let's say-- leaseweb:
https://mirror.leaseweb.com/
And change the external URL to an internal URL (system: firmware: settings: mirror, choose "(other)") where the rsync is going. This way you can also control which version is available for update internally... with the official mirrors it's always latest.
Cheers,
Franco
Logged
nevotheless
Newbie
Posts: 4
Karma: 0
Re: Update Issues behind a seperate proxy.
«
Reply #2 on:
November 20, 2019, 04:10:49 pm »
Thanks for the Answer,
since it's an issue with the fetchlib i'll probably go for the local mirror option, which sounds a bit more likely for us to handle than waiting for freebsd to apply the patch for the bug.
Thanks for the input anyways.
«
Last Edit: November 20, 2019, 04:13:11 pm by nevotheless
»
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Update Issues behind a seperate proxy.
«
Reply #3 on:
November 20, 2019, 04:16:17 pm »
Ah I see, the patch was never applied. This tends to happen and we already carry a few patches that we'd rather see in FreeBSD itself.
Though, TBH, the rsync is more robust in a number of ways.
Cheers,
Franco
Logged
nevotheless
Newbie
Posts: 4
Karma: 0
Re: Update Issues behind a seperate proxy.
«
Reply #4 on:
November 21, 2019, 08:27:34 am »
How much space would it require to mirror the opnsense repository for example?
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Update Issues behind a seperate proxy.
«
Reply #5 on:
November 21, 2019, 03:33:31 pm »
The full mirror is currently 63G, but that includes 3 years of old versions for both 32 and 64 bit builds.
Cheers,
Franco
Logged
nevotheless
Newbie
Posts: 4
Karma: 0
Re: Update Issues behind a seperate proxy.
«
Reply #6 on:
November 22, 2019, 08:29:55 am »
Thanks for the Info!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Update Issues behind a seperate proxy.