plugins
plugins copied to clipboard
opnsense
Added a plugin for Netbird
This is an initial version of a plugin for Netbird.
I've also created a pull request for the Netbird port, as a small patch is currently needed.
https://netbird.io/
Thank you for doing this—was considering taking a hack at a netbird plugin since I also packaged/maintain it for openSUSE..but I'm very glad someone else did it. :) Really really hope it gets merged soon.
@hrfried actually we're making it a requirement to have it included in FreeBSD ports first https://github.com/opnsense/ports/pull/218#issuecomment-2643328268
If you know some ins and outs for maintaining a package maybe you can help out here too :)
I reached out to the Netbird team to see if they have any objections on me adding the port to FreeBSD. No answer yet. Maybe I‘ll add it and do the handover later, when Netbird wants to maintain it?
From experience, authors do not maintain ports and packages for varying reasons and there should be no harm to go ahead with it indeed as it is in the interest of the authors, too.
Cheers, Franco
Just do it, I was also maintaining Cacti port for long time not beeing the main dev over there :)
Ok, out of nowhere the Netbird now submitted Netbird to the FreeBSD Ports. But they have chosen security/netbird, Tailscale is also in security/. I was using net/ because I oriented on Zerotier, which is there.
I think it needs to be consistent, right? Port is security/netbird, then the plugin would also be security/netbird?
I would need to recreate the pull request. Did you maybe already had a chance to review the code for bigger issues? I would be happy to fix them.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284877 looks like a netbird employee, oh well :)
yes, let's align with security/netbird then. it will save a lot of confusion later.
Update: the port request was accepted.
How can we proceed here?
Do we need to change the category from network to security like in the ports tree?
It's now in our tree via https://github.com/opnsense/ports/commit/9521b10081 -- let me make a quick review here and then the process is to add the port to ports.conf in tools.git and get the plugin merged too
Hi. i have followed this thread for some time now, and have tried it on some test vm's, to see how well it works. But i'm curious if you have any news regarding the issue with os-release from netbird? Have you installed it on a clean opnsense? I can't get i to work without modifying the netbird ports rc.d script, and the config file have recently been changed to a new default location of "/var/db/netbird/config.json"
Hi. i have followed this thread for some time now, and have tried it on some test vm's, to see how well it works. But i'm curious if you have any news regarding the issue with os-release from netbird? Have you installed it on a clean opnsense? I can't get i to work without modifying the netbird ports rc.d script, and the config file have recently been changed to a new default location of "/var/db/netbird/config.json"
To be honest, this process is running for a longer time now. The FreeBSD port needed to be added first. Will try the current plugin with the current port on a fresh installation.
Could you share more information about the changes you need to do to the rc.d script?
Hi. i have followed this thread for some time now, and have tried it on some test vm's, to see how well it works. But i'm curious if you have any news regarding the issue with os-release from netbird? Have you installed it on a clean opnsense? I can't get i to work without modifying the netbird ports rc.d script, and the config file have recently been changed to a new default location of "/var/db/netbird/config.json"
To be honest, this process is running for a longer time now. The FreeBSD port needed to be added first. Will try the current plugin with the current port on a fresh installation.
Could you share more information about the changes you need to do to the rc.d script?
I replaced it with the one you had made for the port, but i believe the least that need to be changed or added is like below.
rcvar=netbird_enable load_rc_config $name
--config /usr/local/etc/netbird/config.json --log-file syslog"
Also the os.release service is still being run, as it are in the template for "/etc/rc.conf.d/netbird"
@KeenanFalcon thank you for clarifying. Interesting, I did not see that the port uses a different rc.d script. I tried to ship my version of the rc.d script with the plugin, but it raised a conflict during installation. I get:
root@OPNsense:~/repo # pkg install os-netbird-devel
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating netbird-251 repository catalogue...
netbird-251 repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
netbird: 0.41.2 [netbird-251]
os-netbird-devel: 0.2 [netbird-251]
Number of packages to be installed: 2
The process will require 26 MiB more space.
10 KiB to be downloaded.
Proceed with this action? [y/N]: y
[1/1] Fetching os-netbird-devel-0.2.pkg: 100% 10 KiB 10.5kB/s 00:01
Checking integrity... done (1 conflicting)
- netbird-0.41.2 [netbird-251] conflicts with os-netbird-devel-0.2 [netbird-251] on /usr/local/etc/rc.d/netbird
Cannot solve problem using SAT solver, trying another plan
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
netbird: 0.41.2 [netbird-251]
Number of packages to be installed: 1
The process will require 26 MiB more space.
maybe someone has a better idea? The version from FreeBSD ports may be perfect for a standard FreeBSD system, but for the OPNsense we should run our own version of the rc.d file.
This would be my version:
#!/bin/sh
# PROVIDE: netbird
# REQUIRE: FILESYSTEMS devfs
# BEFORE: pf ipfw
# KEYWORD: shutdown
. /etc/rc.subr
name="netbird"
rcvar=netbird_enable
load_rc_config $name
pidfile="/var/run/${name}.pid"
netbird_tun_dev="wt0"
procname="/usr/local/bin/netbird"
start_cmd="${name}_start"
stop_postcmd="${name}_poststop"
# Path updated to match latest Netbird defaults
netbird_config="/usr/local/etc/netbird/config.json"
netbird_log="syslog"
netbird_start()
{
logger -s -t netbird "Starting ${name}..."
# Clean up stale tunnel interface, if it's orphaned
if /sbin/ifconfig ${netbird_tun_dev} >/dev/null 2>&1; then
if ! /sbin/ifconfig ${netbird_tun_dev} | fgrep -qw PID; then
logger -s -t netbird "Found orphaned tunnel ${netbird_tun_dev}, destroying"
/sbin/ifconfig ${netbird_tun_dev} destroy
fi
fi
/usr/sbin/daemon -p ${pidfile} -f -t ${name} \
${procname} service run \
--config "${netbird_config}" \
--log-level info \
--log-file "${netbird_log}"
}
netbird_poststop()
{
if /sbin/ifconfig ${netbird_tun_dev} >/dev/null 2>&1; then
logger -s -t netbird "Destroying tunnel interface ${netbird_tun_dev}"
/sbin/ifconfig ${netbird_tun_dev} destroy || \
logger -s -t netbird "Failed to destroy ${netbird_tun_dev}"
fi
}
run_rc_command "$1"
Maybe @fichtner or @mimugmail have an idea for this issue?
@Gauss23 i tried to install it with an embedded rc script file too, but faced same issue so i renamed it to "os-netbird". But i think that it will make the need for modification of other files. Haven't checked properly yet.
My version of the script, it needs a little more polish, but maybe worth a pull-request.
#!/bin/sh
#
# PROVIDE: netbird
# REQUIRE: SERVERS ## REQUIRE: FILESYSTEMS devfs ## REQUIRE: NETWORKING
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# netbird_enable (bool): Set it to YES to enable Netbird.
# Default is "NO".
# netbird_config_file (str): Set Netbird config file location.
# Default is "/var/db/netbird/config.json"
# netbird_hostname (str): Set a custom hostname for the device
# Default is "".
# netbird_daemon_addr (str): Set Daemon service address to serve CLI requests.
# Pattern to use [unix|tcp]://[path|host:port].
# Default is "unix:///var/run/netbird.sock".
# netbird_log_file (str): Set Netbird log path.
# If console is specified the log will be output to stdout.
# If syslog is specified the log will be sent to syslog daemon.
# Default is "/var/log/netbird/client.log".
# netbird_log_level (str): Set Netbird log level
# Default is "info".
# netbird_tun_dev (str): Set the name of the tun interface Netbird creates.
# Default is "wt0"
# netbird_args (str): Additional arguments to pass to Netbird
# Default is "" (empty string).
. /etc/rc.subr
name="netbird"
rcvar=netbird_enable
load_rc_config $name
: ${netbird_enable:="NO"}
: ${netbird_config_file:="/var/db/netbird/config.json"}
: ${netbird_daemon_addr:="unix:///var/run/netbird.sock"}
: ${netbird_hostname:=""}
: ${netbird_log_file:="/var/log/netbird/client.log"}
: ${netbird_log_level:="info"}
: ${netbird_tun_dev:="wt0"}
: ${netbird_args:=""}
netbird_env="IS_DAEMON=1"
pidfile="/var/run/${name}.pid"
procname="/usr/local/bin/${name}"
# command="/usr/sbin/daemon"
# daemon_args="-P ${pidfile} -r -t \"${name}: daemon\""
start_cmd="${name}_start"
stop_postcmd="${name}_poststop"
netbird_start()
{
# Check for orphaned netbird network interface
# And if it exists, then destroy it
logger -s -t netbird "Starting ${name}."
/sbin/ifconfig ${netbird_tun_dev} >/dev/null 2>&1 && (
/sbin/ifconfig ${netbird_tun_dev} | fgrep -qw PID ||
/sbin/ifconfig ${netbird_tun_dev} destroy
)
/usr/sbin/daemon -p ${pidfile} -f -t ${name} ${procname} service run --config ${netbird_config_file} --log-level ${netbird_log_level} --log-file ${netbird_log_file}
# command_args="${daemon_args} ${procname} service run --config ${netbird_config_file} --log-level ${netbird_log_level} --daemon-addr ${netbird_daemon_addr} --log-file ${netbird_log_file}"
}
netbird_poststop()
{
/sbin/ifconfig ${netbird_tun_dev} >/dev/null 2>&1 && (
logger -s -t netbird "Destroying ${netbird_tun_dev} adapter"
/sbin/ifconfig ${netbird_tun_dev} destroy || logger -s -t netbird "Failed to destroy ${netbird_tun_dev} adapter"
)
}
run_rc_command "$1"
I tried to add your repo, after i forked the master from opnsense/plugins, but didn't got it done quite right. But the repo i work on is placed here: https://github.com/KeenanFalcon/OPNsensePlugins/tree/Netbird-devel
@Gauss23 @KeenanFalcon hey guys, I'm the maintainer of the FreeBSD port of NetBird.
@KeenanFalcon is the last rc.d that you've shared works fine? If yes, I will test it in a pure freebsd and commit to our freebsd port.
Is os-release still an issue? What could be the alternative so I can update the codebase?
@hakansa i made an comment about a posible fix here https://github.com/netbirdio/netbird/issues/2200#issuecomment-2934593883
The rc.d i posted here, i have worked some more on, as it didn't worked correctly with opnsense, and i have made an PR here https://github.com/freebsd/freebsd-ports/pull/404
About the os-release issue i worked on a possible fix here https://github.com/netbirdio/netbird/compare/main...KeenanFalcon:netbird:opnsense-devel but i havn't made any pull requests for this one
I've created a submission for the rc.conf hooks. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287762
Also I'm going to check os-release thing, it should not be blocker for now.
rc.conf changes committed to the FreeBSD port repository with the v0.49.0. Could you give it a try guys?
https://cgit.freebsd.org/ports/commit/?id=931ad393edbd96949c8401e1e1b26090e37fbd43
@hakansa i build your first commit for version 48 on FreeBSD 14.2, OPNsense and OPNsense-Devel. And it work as it should, i could control the service both from the plugin settings as well as the dashboard in opnsense, and it also works as expected on freebsd.
I updated the package to v49 with the latest patch and upgraded it on the different systems without any problems and it still works as it should.
So now i guess it just it the plugin that needs to be worked on, and i shall see if i can find some time to look at it.
Can you tell anything about the issue with "os-release" and if there are any news on that?
@Gauss23 @KeenanFalcon @hakansa thanks for the discussion. I made some review comments and the plugin looks almost ready.
Can you tell anything about the issue with "os-release" and if there are any news on that?
We do not have /etc/os-release and it looks like a potential side effect since it is a global change which could complicate support in the future if other software starts behaving differently. We also do not use most of FreeBSD's RC system during bootup since that introduces other side effects and unknowns. I'm trying to be cautious here from previous experience.
Cheers, Franco
@fichtner @Gauss23 @hakansa currently i can only on late hours as i got my kid on vacation right now. i got forked Gauss23 repo wrong somehow, but Some of the latest suggestion from @fichtner i already changed, along with a lot of minor changes in directory naming to make more in line with coding policy. And last night i worked on renaming ConStatusController to StatusController and separating the "Index" page out to Settings and Authentication, and some of the casings to camelCase, but am not sure it all correct yet as it's work in progress. Right now i can see all the pages but the service don't start, and thats where i had to stop for the night.
My changes can be viewed here https://github.com/opnsense/plugins/compare/master...KeenanFalcon:OPNsensePlugins:Plugin-redesign the last commit are rather mixed, and not sorted out like i would wish, but so can it be viewed by your all.
@KeenanFalcon I am from NetBird's team. We are looking into OPNSense now and would like to help move this forward. We just finished the PFsense version and would like to add a few UI changes from that version into the work you are doing.
Would it be ok to fork and open a PR to your fork, or would it be better to open the PR directly to the plugin's repo?
@KeenanFalcon I am from NetBird's team. We are looking into OPNSense now and would like to help move this forward. We just finished the PFsense version and would like to add a few UI changes from that version into the work you are doing.
Would it be ok to fork and open a PR to your fork, or would it be better to open the PR directly to the plugin's repo?
I think to open the PR directly to the plugin's repo will be the right choice.
@KeenanFalcon I am from NetBird's team. We are looking into OPNSense now and would like to help move this forward. We just finished the PFsense version and would like to add a few UI changes from that version into the work you are doing.
Would it be ok to fork and open a PR to your fork, or would it be better to open the PR directly to the plugin's repo?
I have been away some time with my son, so i haven't had much time on the computer lately. But i have looked a little bit more in to rearranging the UI. I just need to get an overview of my latest changes, then i will push them the repo.
I'm not sure what approach will be best, but your are welcome to make an PR to my Repo, so the plugin maybe are more clean and closer to the finished plugin before making an PR directly to the plugin's repo.
Is it only for the UI that your have some suggestions, or have you also been looking into the backend?
@KeenanFalcon I am from NetBird's team. We are looking into OPNSense now and would like to help move this forward. We just finished the PFsense version and would like to add a few UI changes from that version into the work you are doing. Would it be ok to fork and open a PR to your fork, or would it be better to open the PR directly to the plugin's repo?
I have been away some time with my son, so i haven't had much time on the computer lately. But i have looked a little bit more in to rearranging the UI. I just need to get an overview of my latest changes, then i will push them the repo.
I'm not sure what approach will be best, but your are welcome to make an PR to my Repo, so the plugin maybe are more clean and closer to the finished plugin before making an PR directly to the plugin's repo.
Is it only for the UI that your have some suggestions, or have you also been looking into the backend?
We are looking at both. There might be some installation and a restart. We would also like to maintain the plugin moving forward.
I would be more than happy to see Netbird picking up the development and maintenance of the plugin.
But I'm surprised. The pfSense has a completely different UI.
The current Netbird plugin in this PR looks like that (in fact the current version is more polished and has more options, like DNS):
I think the boxes for "Disable client routes" and "Disable custom routing" are really important for some people.
Would your idea be to pick it up from there or to create something based on the pfSense plugin?
Last round of review questions is still open. It would be good to bring this over the finish line first. Anyone can work on the next steps afterwards.
@Gauss23 by following PFSense GUI, we mean more on split authentication and settings and have a more clear text status page. See some examples:
In any case, this is a work in progress.
We intend to follow @fichtner last comment and help @Gauss23 finish the PR by addressing the comments, then we can join forces with @KeenanFalcon to apply the UI changes above. Let us know if this doesn't make any sense.
The open points would be:
- moving to configd instead of writing the config directly
- some case issues: https://github.com/opnsense/plugins/pull/4531#discussion_r2171905633
- some linting needed: https://github.com/opnsense/plugins/pull/4531#discussion_r2171910069
- decision on how to detect the OS: https://github.com/opnsense/plugins/pull/4531#discussion_r2171932945
- and another case issue: https://github.com/opnsense/plugins/pull/4531#discussion_r2172115528
I'm currently covered in work, so I would not be sad, if someone could provide fixes, I can implement them in this PR.
https://github.com/opnsense/tools/commit/13ec1f17c9bb is done so I think w should merge this before proceeding with more changes outside this initial PR scope