mimugmail / opn-repo Goto Github PK

Hi All,

I'm running into an issue installing the repo - firstly, the install is very slow, even the fetch command seems to take a while, then the pkg update command takes a long time too. Once it is updated however I don't see any packages (either from the OPNsense repo or the community repo).

I'm running this from California, so thought perhaps it was my connection to Germany, but we're talking 20 plus seconds for the fetch and minutes for the update. Also when I curl the repo config from the router itself, all works quickly as expected...

Any thoughts?

Hi,

I would be interested is seeing a Jenkins Controller plugin if it's feasible.

This would be just for the controller as adding any agents would really be asking for trouble.
Would also want the the controller to be able to access agents inside the network (own VLan perhaps) and in the cloud.

The main prerequisite for Jenkins is Java.

I'm not sure if running all the Jenkins plugins would work and if it's appropriate for a firewall.

Thanks

I tried ssh into opnsense and pasted the repository in, but get this output:

Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3 2710860361728:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915: fetch: https://www.routerperformance.net/mimugmail.conf: Authentication error

I installed AdGuardHome on port 53 and disabled Unbound. All is running fine. But since this about. 50% of the services are not re-starting after OPNsense reboot. OPNsense is running 21.1.1.

As a big Smokeping fan I miss this package in the OpnSense distribution (the possibility for probes, not the Apache Head).

I read in your teaser that you would like to add this to your opn-repo. What is the status of this?

I would be happy to support on this as well.

Best Regards, Roman

Let us add the latest versions of ntopng, nprobe and n2disk from ntop.org repo as described here:
https://packages.ntop.org/FreeBSD/

I installed your OPNsense repository and tried to install AdGuardHome.
The plugin is installed but the package apparently not. It is missing, although I can see it in the packages list on OPNsense.
I really don't know what went wrong, but I fetched the FreeBSD 64bit package from Adguard, extracted it and copied the binary to /usr/local/opnsense/service/ directory.
Then I was able to login on port 3000 and it is working fine now. I disabled Unbound/dnscrypt-proxy because AdGuardHome has the same/more functionality and a nice interface.
Thanks for your repository. I hope you can find the problem with installation.

I was perusing the source code of various plugins and stumbled upon package that adds SunnyValey repo to OPNsense and therefore enables Sensei.

Any thoughts on replicating the same model to enable opn-repo?

And the same model to install ports, which are not included in OPNsense by default?

Opening the issue here - to track and perhaps to get to a resolution path...

When Unifi controller is on a different IP than OPNsense, the js call XMLhttprequest() will refuse to reach out from the OPNsense IP space due to Content Security Policy restriction.

CSP policy is required on Volt page in the view, allowing js code to reach out and call Unifi API. Without defining CSP in either the http header or in the tag in the of the page, there is no way to get to Unifi APIs (outside OPNsense box).

I tried to add the CSP tag into the page through a jquery insert, but that change happens too late and security context is already clamped down at the time of jquery execution.

cross-referencing the question that I posted on OPNsense forums: https://forum.opnsense.org/index.php?topic=23221

Hello,

Once we got the FreeBSD version.
https://crowdsec.net/

It's not yet on FreeBSD but just to remember it and don't forget it once they have it on the distro 👍

I figured I'd recount our conversation on reddit here for posterity's sake.

Zeek fails on install with the python errors:

  File "/usr/local/bin/zeekctl", line 17, in <module>
    from ZeekControl.zeekctl import ZeekCtl, ZeekControlError, CommandSyntaxError
  File "/usr/local/lib/zeek/python/zeekctl/ZeekControl/zeekctl.py", line 8, in <module>
    from ZeekControl import lock
  File "/usr/local/lib/zeek/python/zeekctl/ZeekControl/lock.py", line 4, in <module>
    from ZeekControl import config
  File "/usr/local/lib/zeek/python/zeekctl/ZeekControl/config.py", line 14, in <module>
    from .state import SqliteState
  File "/usr/local/lib/zeek/python/zeekctl/ZeekControl/state.py", line 2, in <module>
    import sqlite3
  File "/usr/local/lib/python3.7/sqlite3/__init__.py", line 23, in <module>
    from sqlite3.dbapi2 import *
  File "/usr/local/lib/python3.7/sqlite3/dbapi2.py", line 27, in <module>
    from _sqlite3 import *
ModuleNotFoundError: No module named '_sqlite3'

It's looking for python3.7 instead of the new 3.8 version in 21.7.

Add a link to the Services-Unifi pane that would connect to HTTP://localhost:8443 and launch GUI of Unifi controller

The Unifi controller connects to https://network.unifi.ui.com/ but when attempting to use the "Launch using cloud" option, a connection failed message displays.

The only log message is as follows, but this may be a red herring:
[2021-10-26T22:27:18,075] WARN system - cannot load native lib - ubnt_webrtc_jni

Are there plans to update the unifi package to the latest release (6.1.71)? It looks like there have been a few releases of the 6.1.x series in the last month, but haven't seen any updates to the opn-repo.

I don't know if the issue will be adopted by the main OPNSense branch, but I really like the proposal from
opnsense/core#4557

Below is my code from /usr/local/opnsense/scripts/unbound/download_blacklists.py with highlighted modification.
I wonder if we could put this alternative configuration of unbound blacklisting that creates 'refuse' blocks instead of 'accept, 0.0.0.0' into opn-repo?

  # write out results
   with open("/var/unbound/etc/dnsbl.conf", 'w') as unbound_outf:
       if blacklist_items:
           unbound_outf.write('server:\n')
           for entry in blacklist_items:
              unbound_outf.write("local-zone: \"%s\" refuse\n" % entry)
             # original: unbound_outf.write("local-data: \"%s A 0.0.0.0\"\n" % entry)

Unifi controller plugin does not start automaticly on a reboot and/or shutdown. Opnsense also report the plugin as "miscoufigured".

Hello, i don't find the features request menu.

• ElasticSearch :)

Thank you!

I saw that nextdns CLI is already among BSD ports: https://www.freshports.org/dns/nextdns/
Could we... add it to the repo?

Now that we have MongoDB and Elasticsearch in the repo, should we add Graylog for log filtering and parsing?

I never put Graylog on BSD, but it looks doable: https://charliepitkin.com/install-graylog-on-freebsd-10-3/

I recently reinstalled OPNsense as part of moving from UFS to ZFS, and as a result need to reinstall the speedtest plugin. I am running OPNsense 21.7.1 and os-speedtest-community 0.9_1.

I cannot now install the Ookla module. When attempting to do so I get the following in the logs for configd.py:

Script action failed with Command '/bin/sh /usr/local/opnsense/scripts/OPNsense/speedtest/install_speedtest.sh socket' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 478, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.8/subprocess.py", line 364, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/bin/sh /usr/local/opnsense/scripts/OPNsense/speedtest/install_speedtest.sh socket' returned non-zero exit status 1.

Be grateful for any suggestions.

Hi,

Thank you for the adguard plugin. Now the problem is Adguard is shows only one client 127.0.0.1 I mapped the port to 3000 and in unbound I put in custom options

do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@5353
forward-addr: ::1@5353

How can I fix this? so the connected clients will be shown in Adguard.

Regards!

Hi,
When i try to install os-zeek-maxit-plugin on my opnsense 21.1.3 i've got this following error :

Using existing user 'zeek'.
[3/4] Extracting zeek-3.0.12_2: .......... done
Error: running "zeek -v" failed with output:
ld-elf.so.1: Shared object "libssl.so.11" not found, required by "zeek"

My opnsense is configure for using libressl (vs openssl) i don't know if it's related.

Thanks
Thomas

Could it be possible to include samba as a plug-in?
Sharing a folder in the network is something many have requested over the years but including it in the base system would add possible security issues and bloat that would be unnecessary for most users. A plug-in could be the best solution.

I know there are other options out there already, but the GUI that NPM provides is just really nice for beginners like myself.

Could you please add net/mosh to the repo?

New addition

I wrote a bit of php code to display relevant details that are pulled via API calls from unifi controller. It can display info on the (enhanced) Volt page of Unifi, but I could make a widget to display core Unifi vitals (heath, num of clients, alerts) on thr dashboard.

Any interest? How do I pass the kludge of my quasi-coding over? 😊

MIchael,
while I see the updated ipcheck.py in the repo, the .txz package still pulls the old one.
Also, the current package doesn't have the exec rights on ipcheck.py - can we make sure that the re-built .txz does?

I'm getting an error on trying to install the repo

root@xxxxxx:~ # fetch -o /usr/local/etc/pkg/repos/mimugmail.conf https://www.routerperformance.net/mimugmail.conf Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3 4266780590080:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915: fetch: https://www.routerperformance.net/mimugmail.conf: Authentication error

Hi,
I configured the Unifi Controller as described by the plugin and everything seems to work as expected, but under Firmware/Plugins it is shown as "misconfigured". Any idea why this is so?

Hey mmg, I know you're aware of this, but I wanted to see if you had fix options to recommend for those of us who are cert-process-challenged. I changed my mirror to Cloudflare and it addressed the OPNsense repository cert issue, but this repo is still failing, preventing updates altogether.

Alternatively, is there a way to temporarily disable the repo at least long enough to install OPN updates (and wireguard-kmod again in my case) and then re-enable it without losing setup for things like AdGuardhome plugin?

Firstly, great thanks for making the AGH plugin. I enabled SR-IOV in BIOS today but even after disabling it, it won't run..When I booted my OPNSense running in Hyper-V, the Adguard Home plugin crashes repeatedly. Cannot get it running. I can ping IPs but no DNS due to adguard crashing. I updated OPNSense to the latest and it still doesn't work. I am new to opening issues but if there is any information I can provide, let me know and I'll gladly provide it.

the tailscale version is update to 1.16.1
the pkg version 1.10 in repo is too old.

Hi,

Would it be possible to add cloudflared as a package?
https://github.com/cloudflare/cloudflared

Thanks
Cadish

A good tools for building mesh vpn.
https://github.com/slackhq/nebula

Could we add it to the repo? Will be better with Web support.

Thanks

While Unifi controller works fine on OPNSense after installing it through plugins, the Services tab claims that the controller is not running - see the image.

my unifi service is no longer responding on port 8443 although the service is running:

# sudo service unifi status
unifi is running as pid 5805.

The problem is - I believe - with mongodb; here is the tail of unifi log:

tail -n 100 server.log
[2021-01-26T17:49:49,239] <db-server> WARN  db     - Mongo start up failed with rc=134
[2021-01-26T17:49:53,288] <db-server> INFO  db     - DbServer stopped
[2021-01-26T17:49:53,288] <db-server> WARN  db     - Mongo start up failed with rc=134
[2021-01-26T17:49:57,329] <db-server> INFO  db     - DbServer stopped

and here is the tail of mongodb log:

2021-01-25T11:52:07.834-0800 I CONTROL  [main] ***** SERVER RESTARTED *****
2021-01-25T11:52:07.861-0800 I CONTROL  [initandlisten] MongoDB starting : pid=45288 port=27117 dbpath=/usr/local/share/java/unifi/data/db 64-bit host=OPNsense.kraljfamily.net
2021-01-25T11:52:07.862-0800 I CONTROL  [initandlisten] db version v3.6.21
2021-01-25T11:52:07.862-0800 I CONTROL  [initandlisten] git version: 1cd2db51dce4b16f4bc97a75056269df0dc0bddb
2021-01-25T11:52:07.862-0800 I CONTROL  [initandlisten] OpenSSL version: OpenSSL 1.1.1d-freebsd  10 Sep 2019
2021-01-25T11:52:07.862-0800 I CONTROL  [initandlisten] allocator: system
2021-01-25T11:52:07.862-0800 I CONTROL  [initandlisten] modules: none
2021-01-25T11:52:07.862-0800 I CONTROL  [initandlisten] build environment:
2021-01-25T11:52:07.862-0800 I CONTROL  [initandlisten]     distarch: x86_64
2021-01-25T11:52:07.862-0800 I CONTROL  [initandlisten]     target_arch: x86_64
2021-01-25T11:52:07.862-0800 I CONTROL  [initandlisten] options: { net: { bindIp: "127.0.0.1", port: 27117, unixDomainSocket: { pathPrefix: "/usr/local/share/java/unifi/run" } }, processManagement: { pidFilePath: "/usr/local/share/java/unifi/run/mongod.pid" }, storage: { dbPath: "/usr/local/share/java/unifi/data/db" }, systemLog: { destination: "file", logAppend: true, logRotate: "reopen", path: "/usr/local/share/java/unifi/logs/mongod.log" } }
2021-01-25T11:52:07.862-0800 I -        [initandlisten] Detected data files in /usr/local/share/java/unifi/data/db created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'.
2021-01-25T11:52:07.863-0800 I STORAGE  [initandlisten] wiredtiger_open config: create,cache_size=15809M,cache_overflow=(file_max=0M),session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),compatibility=(release="3.0",require_max="3.0"),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),statistics_log=(wait=0),verbose=(recovery_progress),
2021-01-25T11:52:08.701-0800 E STORAGE  [initandlisten] WiredTiger error (-31803) [1611604328:701447][45288:0x3dbc3fd6000], file:WiredTiger.wt, connection: __wt_turtle_read, 336: WiredTiger.turtle: fatal turtle file read error: WT_NOTFOUND: item not found Raw: [1611604328:701447][45288:0x3dbc3fd6000], file:WiredTiger.wt, connection: __wt_turtle_read, 336: WiredTiger.turtle: fatal turtle file read error: WT_NOTFOUND: item not found
2021-01-25T11:52:08.701-0800 E STORAGE  [initandlisten] WiredTiger error (-31804) [1611604328:701488][45288:0x3dbc3fd6000], file:WiredTiger.wt, connection: __wt_panic, 523: the process must exit and restart: WT_PANIC: WiredTiger library panic Raw: [1611604328:701488][45288:0x3dbc3fd6000], file:WiredTiger.wt, connection: __wt_panic, 523: the process must exit and restart: WT_PANIC: WiredTiger library panic
2021-01-25T11:52:08.701-0800 F -        [initandlisten] Fatal Assertion 50853 at src/mongo/db/storage/wiredtiger/wiredtiger_util.cpp 420
2021-01-25T11:52:08.701-0800 F -        [initandlisten] \n\n***aborting after fassert() failure\n\n
2021-01-25T11:52:08.704-0800 F -        [initandlisten] Got signal: 6 (Abort trap).

 0x32fd622dc76 0x32fd622d53b 0x3dbc3a3a3c0
----- BEGIN BACKTRACE -----
{"backtrace":[{"b":"32FD36DD000","o":"2B50C76","s":"_ZN5mongo15printStackTraceERNSt3__113basic_ostreamIcNS0_11char_traitsIcEEEE"},{"b":"32FD36DD000","o":"2B5053B","s":"_ZN5mongo29reportOutOfMemoryErrorAndExitEv"},{"b":"3DBC3A26000","o":"143C0","s":"_pthread_sigmask"}],"processInfo":{ "mongodbVersion" : "3.6.21", "gitVersion" : "1cd2db51dce4b16f4bc97a75056269df0dc0bddb", "compiledModules" : [], "uname" : { "sysname" : "FreeBSD", "release" : "12.1-RELEASE-p12-HBSD", "version" : "FreeBSD 12.1-RELEASE-p12-HBSD #0  0f20aab2bae1(stable/21.1)-dirty: Tue Jan  5 15:42:50 CET 2021     root@sensey64:/usr/obj/usr/src/amd64.amd64/sys/SMP", "machine" : "amd64" } }}
 mongod(_ZN5mongo15printStackTraceERNSt3__113basic_ostreamIcNS0_11char_traitsIcEEEE+0x36) [0x32fd622dc76]
 mongod(_ZN5mongo29reportOutOfMemoryErrorAndExitEv+0x15B) [0x32fd622d53b]
 libthr.so.3(_pthread_sigmask+0x530) [0x3dbc3a3a3c0]
-----  END BACKTRACE  -----

First off, thank you for your plugin repository. I recently added the Adguardhome plugin to my OPNsense, and it is working great.
I've also set up the official ACME Client plugin and have it generating a Let's Encrypt certificate for my OPNsense host. I then set that certificate to be used for HTTPS with Adguardhome as well. The ACME Client plugin allows you to create "Automations" that run whenever a new certificate is issued. For instance, restarting the OPNsense webgui, so it starts using the new certificate immediately. I wanted to set an automation to restart the Adguardhome service for the same reason, but was disappointed to find it was not available in the list of plugin actions. After reviewing the OPNsense configd documentation (https://docs.opnsense.org/development/backend/configd.html?highlight=configd#action-properties) and checking the Adguardhome configd script (actions_adguardhome.conf), I found that simply adding the "description" field to the configd script ( and then restarting the configd service), made the Adguardhome "restart" action available in the OPNsense gui; both under the ACME Client plugin and also in the cron job commands list. The [restart] section of my actions_adguardhome.conf now looks like this:

[restart]
command:/usr/local/etc/rc.d/adguardhome restart
parameters:
type:script
Message:restarting Adguardhome
description:Restart Adguardhome service

I was hoping you could add this into the plugin officially, so if it is ever updated or reinstalled, I won't have to make the same change. And hopefully other users of this plugin will find it similarly useful.

Hi there,
I have your AdGuard Home plugin nice set up and its running fine. All query's from lan works and so on.
But now the problem when I connect eg. with my mobile trough wireguard to the firewall, no dns query's get answered so the internet doesnt really work. Opnsense is running on 192.168.1.1 (LAN)

From my mobile I can reach all devices in my lan by ip, including the FW where adguard is running. Even a simple port scan targeted at 192.168.1.1 from my mobile 10.10.0.2/32 (Wireguard) show port 53 is open. But all querys times out all the time.
In the wireguard tunnel config I have set the dns server to 192.168.1.1

The other case is when I use unbound as the networkwide dns server then its works with same wireguard config.

Any idea to that ?

Hi, Any plans to upgrade the grafana plugin to version 8?

Is it possible to add to your repo latest Mosquitto with WebSockets support.

Thanks

I have done a search for forum and Reddit posts but not found anything specific about whether it is safe to use the built in Adguard updater for the Adguard plugin.

I am in the process of migrating to OPNsense and have everything pretty much setup now. Adguard is giving a banner message at the top prompting to update but as a new user I am not sure whether this will cause issues or update fine.

Can you advise whether this has been tested or not at all?

Thanks very much for all your work, it has made replacing my Unifi stack and PiHole an easy task.

I would like to align two Unifi plugins - the one that installs/runs the actual controller and the one that brings data and actions from controller to OPNsense.

Currently, we have the structure of:
Unify (root)
-->General

May I suggest:
Unifi (root)
--> Controller (this one is currently named 'General')
--> Networks
--> Devices
--> Clients
--> Settings (this one should capture the admin username/password and IP/port of Unifi controller)

Good tool to be integrated with Packet Captures and Zeek. I dont think it would be wise to have it feed into the same elasticsearch node on Opnsense, but would love to see if a capture node could be integrated.

https://arkime.com/

I actually had it working fine on a test install on a different device, but with permanent device I tried fresh install of it and even with rebooting OPNsense, restarting and stopping service and daemon over and over, I cannot access the GUI at either 8080 or 8443 at all. I don't see any issues in logs, service appears started in status. Port scan shows 8080 in use.

I would love to see Filebeat added along side Elasticsearch and Kibana. I run a remote elk stack and I would like to export eve logs from Suricata and system logs from opnense to my Logstash instance for ingestion into the stack. Thank you in advance.

When you do a restart of this service, it remains in stopped state.
You have to start it again, to get it to work.
Same behaviour on the GUI as on CLI (pluginctl -s AdGuardHome restart).

I use the restart option in a script when my domain certificate is refreshed and now I have to do a 'stop' and then a 'start'.

After rebooting opnsense the unifi controller does not start up. I have tried stopping it and starting it but when I go to 8443 I just get a 404 error. So Im stuck now without the controller not sure what to do at this point. Any ideas?

After upgrading to 21.7 i see the same error about missing python37 dependency

https://forum.opnsense.org/index.php?topic=24144.0

I have noticed some icons are not loading properly in both Solarized and Dracula themes. Tested in both Firefox and Safari. Screen shots from the "Interfaces - Assignments" menu.