Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
OPNsense behind PROXY: fetch timeout, no update
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense behind PROXY: fetch timeout, no update (Read 5209 times)
Drohne
Newbie
Posts: 10
Karma: 0
OPNsense behind PROXY: fetch timeout, no update
«
on:
December 09, 2021, 09:08:09 pm »
Our complete network is behind a PROXY. Within this network, we intend to use OPNsense as the main FW solution. But it seems to be a problem for the OPNsense confid to adapt to HTTP_PROXY environment settings to reach the PROXY.
As FreeBSD user/administrator, it is common to setup the environment with HTTP_PROXY, HTTPS_... and NO_PROXY and its lower case counterparts. For FreeBSD's pkg the place for configure this environment is /usr/local/etc/pkg.conf or whatever config file pkg is delegated to. Settings within pkg.conf do survive a major system update/upgrade.
For OPNsense's configd, the correct place seems to be /usrLocal/opnsense/service/onf/configd.conf, there is a section [environment] and putting the HTTP_PROXY configs there makes OPNsense work through the PROXY as expected.
But the configd.conf configurations vanish after an upgrade/update.
How can this be fixed to be made static and non-volatile?
Logged
Ex nihilo nihil fit!
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: OPNsense behind PROXY: fetch timeout, no update
«
Reply #1 on:
December 12, 2021, 02:13:40 pm »
At the moment this isn't supported waiting for a customer request.
You can always rsync an existing mirror (leaseweb allows it for example) and point your firmware URL there locally.
Cheers,
Franco
Logged
Drohne
Newbie
Posts: 10
Karma: 0
Re: OPNsense behind PROXY: fetch timeout, no update
«
Reply #2 on:
December 13, 2021, 03:53:05 pm »
So, this is kind of dog's chasing its tail. I have to evaluate the use of OPNsense for my department and I'm officially not a certified customer paying fees, but pushing upstream a request as customer requires me to be a qualified customer? If not, how can I state such a request?
On the other hand, mirroring results in the same way in a not easily to solve problem without a webservice as I asked in another thread recently when I had my issues with stating the URL's target as "file:///" versus OPNsense's internal expansion of this URL into "pkg+file:///" (for reasons unknown FreeBSD's libfetch doesn't allow this kind of URL ... ).
Logged
Ex nihilo nihil fit!
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: OPNsense behind PROXY: fetch timeout, no update
«
Reply #3 on:
December 13, 2021, 03:55:47 pm »
Well, for the time being this is the state of it, yep.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
OPNsense behind PROXY: fetch timeout, no update