opn-repo icon indicating copy to clipboard operation
opn-repo copied to clipboard

Published 20 hours ago verified publisher icon mimugmail

OPNsense IPv6 Update - Not Populating Plugins

Open vanastasis opened this issue 1 year ago • 14 comments

Hi,

Having issues updating over IPv6

wget https://www.routerperformance.net/mimugmail.conf

--2023-11-24 02:13:58-- https://www.routerperformance.net/mimugmail.conf Resolving www.routerperformance.net (www.routerperformance.net)... 64:ff9b::5118:40d7, 81.24.64.215 Connecting to www.routerperformance.net (www.routerperformance.net)|64:ff9b::5118:40d7|:443... failed: Network is unreachable. Connecting to www.routerperformance.net (www.routerperformance.net)|81.24.64.215|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 109 Saving to: ‘mimugmail.conf’

mimugmail.conf 100%[===============================================================================>] 109 --.-KB/s in 0s

2023-11-24 02:14:02 (358 MB/s) - ‘mimugmail.conf’ saved [109/109]

When doing updates within OPNsense via default IPv6 it doesn't work correctly and not populate plugin list Update only works if i enable "Prefer to use IPv4 even if IPv6 is available "

NSLookup Non-authoritative answer: Name: routerperformance.net Address: 81.24.64.215 Name: routerperformance.net Address: 64:ff9b::5118:40d7

mxtoolbox.com - DNS Record not found

vanastasis avatar Nov 23 '23 15:11 vanastasis

I have no idea where this came from, the site only runs on v4

mimugmail avatar Nov 23 '23 18:11 mimugmail

@mimugmail I recently made my own OPNsense repo hosted at repo.mihak.link. it is a static website hosted on Azure storage, guaranteed to never have expired TLS certificate and has IPv6 endpoint.

Primarily I did it to have a place where I can dump all missing FreeBSD binary packages that I want on OPNsense, but I plan to use it to publish any of my plugins and OPNsense packages.

If you are ok, I can easily mirror all the content of your repo too, so you can add a mirror link into .conf file and make it more enterprise-worthy. And it will satisfy IPv6 zealots (like me) as well!

Let me know.

mihakralj avatar Nov 24 '23 19:11 mihakralj

This repo is only for home labbers .. if I want it enterprise I'd take money for it :)

mimugmail avatar Nov 24 '23 19:11 mimugmail

@mimugmail So... Yes or no on mirroring idea?

mihakralj avatar Nov 24 '23 19:11 mihakralj

Can you elaborate a bit more details about your plan?

mimugmail avatar Nov 24 '23 19:11 mimugmail

@mimugmail I run freeBSD server (in Azure) and run a script every 24 hrs that:

  • packages my OPNsense plugins and puts them in /repo
  • copies my latest release of opnsense-cli and puts it in /repo
  • goes through a list of packages that I want from freeBSD master-repo and copies each package (and all required dependencies that are not already in OPNsense repo) to /repo
  • after all buildout of packages is done, pkg repo generates and packages packagesite.yaml in the directory /repo
  • markdown file is generated with info about every package listed in packagesite.yaml
  • markdown is converted to index.html using pandoc and put in /repo
  • upload every file from /repo that has a different MD5 (or file doesn't exist) to Azure storage linked to repo.mihak.link site
  • Force purge of Azure CDN for all files that were uploaded

I could easily add a script to go through all packages listed in your packagesite.yaml, and copy them over to /repo, add them to my packagesite.yaml and upload to Azure if changed.

With making a full mirror of your files in my repo (and listing them in my packagesite.yaml), my repo becomes a superset of your repo. All you'd need to do is to change your .conf to:

mimugmail: {
  url: "https://opn-repo.routerperformance.net/repo/${ABI}, https://repo.mihak.link",
  priority: 190,
  enabled: yes
}

This makes the second URL a backup mirror that is accessed only when primary (your) repo is not available (either over ipv4 or ipv6)

mihakralj avatar Nov 24 '23 19:11 mihakralj

What an awesome offer. So many good people on here. Love to see what happens now

vanastasis avatar Nov 24 '23 22:11 vanastasis

@vanastasis let's start with baby steps. Can you add my repo by following instructions at repo.mihak.link and check if you can pull from it over ipv6?

mihakralj avatar Nov 24 '23 23:11 mihakralj

@mihakralj sure can. and plugins populate with your plugins

vanastasis avatar Nov 24 '23 23:11 vanastasis

@vanastasis great; what packages are you after? Unless they are *-maxit (where we need permission from @mimugmail first), I can populate my repo with your needs.

mihakralj avatar Nov 25 '23 02:11 mihakralj

@mihakralj ultimately would be good for everything to be up there for everyone but you would need to work that out to combine or mirror.

I only really use speedtest & AdGuard Home

Thank you :)

vanastasis avatar Nov 25 '23 02:11 vanastasis

@mihakralj this method will break when ABI changes to 14 I'd guess. I'm not against a mirror but when you offer different packages this smells like trouble and fingerpointing when something breaks.

Adding v6 shouldnt be hard, but in the initial request it was something broken in nat64

mimugmail avatar Nov 25 '23 06:11 mimugmail

The reason that I do NOT have ABI path in my repo is exactly to prevent breaking packages when we will have split installations between 13 and 14... I already tested every package I have on 14 and avoiding ABI works (for packages that I host)

mihakralj avatar Nov 25 '23 07:11 mihakralj

When you sync my repo, pkg have ABI 13 and when you install a dev Version with 14 (when available) your upgrade will fail.. I already experienced it with 12 and 13.

mimugmail avatar Nov 25 '23 08:11 mimugmail