OPNsense behind PROXY: fetch timeout, no update

[Drohne]

Our complete network is behind a PROXY. Within this network, we intend to use OPNsense as the main FW solution. But it seems to be a problem for the OPNsense confid to adapt to HTTP_PROXY environment settings to reach the PROXY.

As FreeBSD user/administrator, it is common to setup the environment with HTTP_PROXY, HTTPS_... and NO_PROXY and its lower case counterparts. For FreeBSD's pkg the place for configure this environment is /usr/local/etc/pkg.conf or whatever config file pkg is delegated to. Settings within pkg.conf do survive a major system update/upgrade.
For OPNsense's configd, the correct place seems to be /usrLocal/opnsense/service/onf/configd.conf, there is a section [environment] and putting the HTTP_PROXY configs there makes OPNsense work through the PROXY as expected.
But the configd.conf configurations vanish after an upgrade/update.

How can this be fixed to be made static and non-volatile?

[franco]

At the moment this isn't supported waiting for a customer request.

You can always rsync an existing mirror (leaseweb allows it for example) and point your firmware URL there locally.


Cheers,
Franco

[Drohne]

So, this is kind of dog's chasing its tail. I have to evaluate the use of OPNsense for my department and I'm officially not a certified customer paying fees, but pushing upstream a request as customer requires me to be a qualified customer? If not, how can I state such a request?

On the other hand, mirroring results in the same way in a not easily to solve problem without a webservice as I asked in another thread recently when I had my issues with stating the URL's target as "file:///" versus OPNsense's internal expansion of this URL into "pkg+file:///" (for reasons unknown FreeBSD's libfetch doesn't allow this kind of URL ... ).

[franco]

Well, for the time being this is the state of it, yep.


Cheers,
Franco