WISH LIST for OPNsense

Started by Supermule, June 06, 2015, 02:11:01 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4
User actions
July 20, 2015, 04:49:07 AM #30
Quote from: franco on July 19, 2015, 10:23:54 AM
Not all packages from the repository are installed by default. You can query the remote by:

# pkg rquery "%n: %c"

You'll notice sixxs-aiccu is already there waiting to be installed. :)

And, yes, you can configure /etc/rc.conf, but you'll have to run "service xxx start" manually for now. We have an automatic hook, but it needs to be replaced as it is not working very well, e.g. with open-vm-tools(-nox11).

Franco,
thank you for taking the time to respond.

nice to see that your listening to what packages/plugins us customers want/need.

does opnsense require the .sh script being created like pfsense does?
July 20, 2015, 06:26:12 AM #31
/etc/rc.conf modification or a drop-in file for /etc/rc.conf.d ought to be enough like you would configure it on FreeBSD, but was I said it sometimes does not work and does not take care of restart after upgrade and other assorted scenarios. Still trying to figure this out.
July 20, 2015, 08:15:54 AM #32
Added tor and polipo, which will be available with 15.7.4 (this week maybe depending on the state of software security) for manual installation. Have fun.

https://github.com/opnsense/tools/commit/d4628b332ebe6266d9505f4b6087d87fd68eaa38
July 20, 2015, 12:35:34 PM #33
In regard to polipo, I always have the small easy pdnsd for small dns caches etc. on the Linux based laptops of my family.

I am not sure if it makes any sense to try to disable/cut out bind from a smaller (so called SOHO) OPNsense install (like in the method lucifercipher posted elsewhere)?

Franco, could you give some light, why big BIND and why Unbound is in?

I really look enthusiastically towards our plugins ready with 16.1 release.
July 20, 2015, 02:22:03 PM #34
Christian, unbound is in FreeBSD base nowadays. There was a move from dnsmasq to unbound in pfSense most likely due to that reason, but that transition hasn't been completed, at least not in our code base.

Bind is in there for a single purpose: Dynamic DNS via RFC 2136. As far as I know there is no replacement. We tried to use bind-tools as a lightweight package but the way the port is designed it conflicts with bind910 installations which some people have asked for as well.

We can add more dns into the packages, but I believe the pressing work is cleaning up the intermittent state of resolver and forwarder and maybe tackling the bind-tools vs full bind packages in FreeBSD.
July 20, 2015, 08:40:35 PM #35
Quote from: franco on July 20, 2015, 02:22:03 PM
Christian, unbound is in FreeBSD base nowadays. There was a move from dnsmasq to unbound in pfSense most likely due to that reason, but that transition hasn't been completed, at least not in our code base.
Ah good to know that.

Quote from: franco on July 20, 2015, 02:22:03 PM
Bind is in there for a single purpose: Dynamic DNS via RFC 2136. As far as I know there is no replacement. We tried to use bind-tools as a lightweight package but the way the port is designed it conflicts with bind910 installations which some people have asked for as well.
You mentioned RFC2136, but now it's clear.

Quote from: franco on July 20, 2015, 02:22:03 PM
We can add more dns into the packages, but I believe the pressing work is cleaning up the intermittent state of resolver and forwarder and maybe tackling the bind-tools vs full bind packages in FreeBSD.
My full ACK!
August 26, 2015, 10:50:51 PM #36
It would be great if if_iwm could be used with opnsense but it was only ported to Freebsd 11. Maybe it is possible somehow ?!
August 27, 2015, 10:25:10 AM #37
FreeBSD is doing a substantial rework of the network driver APIs, which makes it very hard for us to backport new drivers on our own. Once we've reached FreeBSD 10.2, maybe we can look into an experimental build of FreeBSD 11.

(As far as 10.3 is concerned it doesn't look like iwm will ever be backported.)
August 27, 2015, 12:35:42 PM #38
I was afraid so. I looked into the mailing lists and at least it is available in Freebsd 11. But I will find another way around. Thanks any way
August 31, 2015, 08:45:54 AM #39
I would suggest to display only supported WLAN methods provided by the driver. I had a hard time to figure out, that iwn doesn't like hostap
Code Select

ifconfig iwn0_wlan1 list caps

would give a hint about supported setups.

September 10, 2015, 04:54:05 PM #40
Right, we've had multiple reports that seem to originate from this problem. I've added a ticket: https://github.com/opnsense/core/issues/377
September 18, 2015, 02:08:48 PM #41
#377 will be fixed in 15.7.14.
September 19, 2015, 12:45:17 PM #42
OTP - one time password as higher security for administration
For example when config can be reachable from WAN/www

And otp as password for vpn
September 20, 2015, 02:02:11 PM #43
Vnstat2 would be useful for those who are on capped connections and need to keep a close eye on their data consumption.
AMD Ryzen 3 1200
GA-A320M-S2H
8GB DDR4
Intel X550-T2 10GB
32GB Industrial SSD

Shuttle SZ270R8
Intel i5-6500
8gb ram
120gb ssd
Intel x540-t2 10gb nic
September 20, 2015, 02:40:08 PM #44
A vnstat (the FreeBSD command line package can already be installed BTW) plugin is on the horizon, although I'm not sure if it will be "vnstat2" code exactly. See:

https://github.com/opnsense/plugins/issues/3
Print
Go Up Pages 1 2 3 4
User actions