HardenedBSD experimental builds

[lattera]

It ought to work once I get the right bits pushed to the web server. I've got a few high-priority things going on and will hopefully take care of that part by the end of October.

[lattera]

I just documented my build setup: http://0xfeedface.org/2015/11/07/hbsd-opnsense.html

So I realize I just said that my latest build supports binary upgrades, but due to some issues with going from 15.7.16 to 15.7.18, I'm going to say that it's not possible to do a binary upgrade. There's also a few more changes I should make to the UI (like removing all the mirrors in one of the drop downs). I'm expecting to work on a new build any time within the next 30 days. I'm slightly on the busy side these days with work and a cute wife.

Thanks for all those who are helping test this!

[franco]

I really look forward to 11-CURRENT.

[Solaris17]

This is exciting!

[lattera]

Here's a little status update and a sneak peek:

I have an 11-CURRENT build that I'm testing out. However, there are two issues:

• pfsync kernel panic: I've disabled pfsync for now, so no HA setups.
• Wireless non-functional: The wireless stack on FreeBSD 11-CURRENT has changed quite drastically. Wireless is broken. I've filed a bug report here: https://github.com/opnsense/core/issues/480.

I've also now figured out how to build for the Netgate APU4. My next builds will contain images for: generic, netgate rcc-ve 4860, and the netgate apu4. Please be aware that this build will require a full reinstallation, but backing up and restoring your config ought to work like normal. Going forward, I'll only be using -CURRENT.

Screenshot of a working test installation on my Netgate RCC-VE 4860: http://imgur.com/XVHcZV7

[Solaris17]

11 on hardened will be a great step forward with the new improvements to suricata on the dev opnsense builds I simply cant wait to try them.

[franco]

pfsync kernel panic: I've disabled pfsync for now, so no HA setups.

Shawn, we have zero modifications in this area, can you report this upstream?

Wireless non-functional: The wireless stack on FreeBSD 11-CURRENT has changed quite drastically. Wireless is broken. I've filed a bug report here: https://github.com/opnsense/core/issues/480.

One could argue that upstream broke it.

My next builds will contain images for: generic, netgate rcc-ve 4860, and the netgate apu4.

A little off-topic, but curious: what's the difference between generic and netgate apu4?

[lattera]

Yup. Both of these issues are caused by changes upstream (FreeBSD). Neither are caused by OPNSense.

[franco]

Shawn, I still have the syslog port update in my queue. Will be done soon.

[lattera]

Cool! Thanks! It'll be another couple weeks before I can work further on the wireless issues. I've got a patch to core.git that I've yet to commit to hbsd's fork that starts the port. I need to get back with Adrian Chadd to see if the wireless issues I'm having on 11-CURRENT with hostap mode are specific to me or if he can reproduce. I'll be celebrating five years of marriage with my wife next week, so it'll be a while before I can finish this up.

[interfaSys]

Btw, the link in the wiki to the HardenedBSD images is broken