WISH LIST for OPNsense

[guest7876]

Not all packages from the repository are installed by default. You can query the remote by:

# pkg rquery "%n: %c"

You'll notice sixxs-aiccu is already there waiting to be installed.

And, yes, you can configure /etc/rc.conf, but you'll have to run "service xxx start" manually for now. We have an automatic hook, but it needs to be replaced as it is not working very well, e.g. with open-vm-tools(-nox11).

Franco,
thank you for taking the time to respond.

nice to see that your listening to what packages/plugins us customers want/need.

does opnsense require the .sh script being created like pfsense does?

[franco]

/etc/rc.conf modification or a drop-in file for /etc/rc.conf.d ought to be enough like you would configure it on FreeBSD, but was I said it sometimes does not work and does not take care of restart after upgrade and other assorted scenarios. Still trying to figure this out.

[franco]

Added tor and polipo, which will be available with 15.7.4 (this week maybe depending on the state of software security) for manual installation. Have fun.

https://github.com/opnsense/tools/commit/d4628b332ebe6266d9505f4b6087d87fd68eaa38

[chol]

In regard to polipo, I always have the small easy pdnsd for small dns caches etc. on the Linux based laptops of my family.

I am not sure if it makes any sense to try to disable/cut out bind from a smaller (so called SOHO) OPNsense install (like in the method lucifercipher posted elsewhere)?

Franco, could you give some light, why big BIND and why Unbound is in?

I really look enthusiastically towards our plugins ready with 16.1 release.

[franco]

Christian, unbound is in FreeBSD base nowadays. There was a move from dnsmasq to unbound in pfSense most likely due to that reason, but that transition hasn't been completed, at least not in our code base.

Bind is in there for a single purpose: Dynamic DNS via RFC 2136. As far as I know there is no replacement. We tried to use bind-tools as a lightweight package but the way the port is designed it conflicts with bind910 installations which some people have asked for as well.

We can add more dns into the packages, but I believe the pressing work is cleaning up the intermittent state of resolver and forwarder and maybe tackling the bind-tools vs full bind packages in FreeBSD.

[chol]

Christian, unbound is in FreeBSD base nowadays. There was a move from dnsmasq to unbound in pfSense most likely due to that reason, but that transition hasn't been completed, at least not in our code base.

Ah good to know that.

Bind is in there for a single purpose: Dynamic DNS via RFC 2136. As far as I know there is no replacement. We tried to use bind-tools as a lightweight package but the way the port is designed it conflicts with bind910 installations which some people have asked for as well.

You mentioned RFC2136, but now it's clear.

We can add more dns into the packages, but I believe the pressing work is cleaning up the intermittent state of resolver and forwarder and maybe tackling the bind-tools vs full bind packages in FreeBSD.

My full ACK!

[loden_richard]

It would be great if if_iwm could be used with opnsense but it was only ported to Freebsd 11. Maybe it is possible somehow ?!

[franco]

FreeBSD is doing a substantial rework of the network driver APIs, which makes it very hard for us to backport new drivers on our own. Once we've reached FreeBSD 10.2, maybe we can look into an experimental build of FreeBSD 11.

(As far as 10.3 is concerned it doesn't look like iwm will ever be backported.)

[loden_richard]

I was afraid so. I looked into the mailing lists and at least it is available in Freebsd 11. But I will find another way around. Thanks any way

[loden_richard]

I would suggest to display only supported WLAN methods provided by the driver. I had a hard time to figure out, that iwn doesn't like hostap

Code: [Select]

ifconfig iwn0_wlan1 list caps
would give a hint about supported setups.

[franco]

Right, we've had multiple reports that seem to originate from this problem. I've added a ticket: https://github.com/opnsense/core/issues/377

[franco]

#377 will be fixed in 15.7.14.

[Andreas]

OTP - one time password as higher security for administration
For example when config can be reachable from WAN/www

And otp as password for vpn

[va176thunderbolt]

Vnstat2 would be useful for those who are on capped connections and need to keep a close eye on their data consumption.

[franco]

A vnstat (the FreeBSD command line package can already be installed BTW) plugin is on the horizon, although I'm not sure if it will be "vnstat2" code exactly. See:

https://github.com/opnsense/plugins/issues/3