Tinc package on 2.3
-
Any progress?
I would also like to help test this extension. -
Hello guys,
I would be very glad to receive some help with packaging - I've just started a few hours ago with FreeBSD packages and ports from absolutely nothing.
However, I can confirm I have an installable tinc 1.0.28 package for pfSense 2.3. Can you please review the code if it's ready for a pull request? I'm concerned it doesn't build on the official pfSense builder machine. For some reason, I cannot manage to include the compiled binary when creating the package, it must be some banal mistake I make at this late hour.Installation:
-
Diagnostics -> Command Prompt -> Upload file
-
From console: pkg add /tmp/pfSense-pkg-tinc-1.0.28.txz
Attached package and source. Alternative URLs:
Package: https://dl.dropboxusercontent.com/u/4512442/pfSense-pkg-tinc-1.0.28.txz (FIXME: tincd binary doesn't get copied to the package - syntax mistake in Makefile?)
Source: https://dl.dropboxusercontent.com/u/4512442/pfSense-pkg-tinc.tar.gzAny feedback is very much appreciated! Thank you in advance.
-
-
Wow, great news! Thanks!
I'll try on Sunday evening (EST). Obviously, I just can try if it works, have no experience with pfSense programming
So, just to copy a binary built after install, that's all?
Where it supposed to go? /usr/local/sbin/ ?
-
No, what I just realized is that it actually works as designed. The binary is not supposed to be part of the pfSense package.
So when you want to install tinc, it will actually install 2 packages:- the official tinc package
- and then the pfSense-pkg-tinc extra package, which is basically the GUI adapted to pfSense
(-> and the Makefile is basically just a pointer to require the official package at runtime - it's a great approach!)
Since the official tinc package is not available yet on this pfSense release, what you can do is to copy the txz package and install it from command line, then install the extra pF-related package. I can confirm this way it works fine.
I have attached the compiled tinc 1.0.28 FreeBSD port, but feel free to compile it yourself for security considerations. (on a FreeBSD 10.2: cd /usr/ports/security/tinc; make package).
Meanwhile, I also realized the Tinc status PHP page has to be adapted to Bootstrap because it looks a bit messed up, I'm already working on it, still needs some final touches then I will share it too.
-
Hi dmegyesi,
I gave it a quick little check on 1 pfSense test machine (without actually connecting anywhere) as i'm not actively using tinc. So i have not fully tested its workings, but my guess is you have already done that.
From what i see it looks valid except you should indeed drop 'tincd' binary from the pfSense package 'makefile' the package dependency will indeed take care of that.
For testing i used "pkg add http://pkg.freebsd.org/freebsd:10:x86:64/release_3/All/tinc-1.0.26_1.txz" to add that package from the FreeBSD repository.. I suppose i could have used http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/tinc-1.0.28.txz as well.. But anyway package looks like i remember it from 2.2 and tincd daemon seems to be properly started with some basic configurations.
If you can send pullrequest on github that would be great :) (dont forget to sign the 2 pfSense contributer licence agreements)
Regards,
PiBa-NL -
Cool,
I use tinc for all controlled offices.
Though, I'd wait until it is all done. 3 days before leaving for vacations is not best time for experimenting on real business
-
b.t.w. Did notice a php warning(only pfsense development snapshots show those, the release version only shows 'errors'..):
[11-Jun-2016 16:28:24 CET] PHP Warning: rename(/usr/local/etc/tinc/,/usr/local/etc/tinc/.old): Invalid argument in /usr/local/pkg/tinc.inc on line 67 [11-Jun-2016 16:28:24 CET] PHP Stack trace: [11-Jun-2016 16:28:24 CET] PHP 1\. {main}() /usr/local/www/pkg_edit.php:0 [11-Jun-2016 16:28:24 CET] PHP 2\. eval() /usr/local/www/pkg_edit.php:255 [11-Jun-2016 16:28:24 CET] PHP 3\. tinc_save() /usr/local/www/pkg_edit.php(255) : eval()'d code:1 [11-Jun-2016 16:28:24 CET] PHP 4\. rename() /usr/local/pkg/tinc.inc:67 [11-Jun-2016 16:29:13 CET] PHP Warning: rename(/usr/local/etc/tinc/,/usr/local/etc/tinc/.old): Invalid argument in /usr/local/pkg/tinc.inc on line 67 [11-Jun-2016 16:29:13 CET] PHP Stack trace: [11-Jun-2016 16:29:13 CET] PHP 1\. {main}() /usr/local/www/pkg_edit.php:0 [11-Jun-2016 16:29:13 CET] PHP 2\. eval() /usr/local/www/pkg_edit.php:255 [11-Jun-2016 16:29:13 CET] PHP 3\. tinc_save() /usr/local/www/pkg_edit.php(255) : eval()'d code:1 [11-Jun-2016 16:29:13 CET] PHP 4\. rename() /usr/local/pkg/tinc.inc:67Maybe you could check why this happens.?
-
Thank you guys very much for the quick feedbacks!
I have fixed the Makefile as discussed, it should be okay now.
I haven't managed to produce the mentioned warning, however by looking at the code I believe it's caused by trying to rename the tinc/ folder to tinc/.old, so I removed the trailing slash at the end in that variable. All the rest of the lines later using this config folder variable are explicitly adding the beginning slash anyway, so it shouldn't cause any issue.
Pull request submitted: https://github.com/pfsense/FreeBSD-ports/pull/149
Hope to see the package offically back to pfSense very soon. :) -
@ dmegyesi
The version you compiled is a 64bit version?
Du you have a 32bit version too ?
-
Hi,
I believe it should work basically on any architecture, the package I prepared is not hard-wired for anything special, it just depends on the tinc package itself. As long as the original package is available for i386, I think it should work. I don't have such a system to test though.
-
Building a new pfSense right now… If TINC could be on there, it'd be great, since it's currently on a different machine in the network and being routed through it... It works... mostly...
Having it on the pfSense box should make it much easier, as I'd no longer have to depend on another box and vague routing glitches... ;)
-
dmegyesi, i checked the pull request, i'm not that familiar with github, but theres a CLA logo next to it. does it mean its waiting for you to accept a contributor license agreement?
-
It means it's verified that I have already accepted the CLA. So right now it's waiting for review and merge by the pfSense team. As I see there isn't much progress with some older pull requests neither, so I believe they might be busy.
-
Hello everyone,
in order to see the connected clients in tinc, syslog has to know about /var/log/tinc.log. At this point, it's not included by default in the pfSense syslog.conf. I have submitted a PR to fix this: https://github.com/pfsense/pfsense/pull/3023
Until then, a workaround is to add the following 2 lines in /var/etc/syslog.conf:
!tinc *.* %/var/log/tinc.logPlease note the syslog.conf is regenerated automatically at each syslog package update / syslog reset. (Those details come from /etc/inc/system.inc. The PR is supposed to fix this for the future.)
You can find the latest working version here to test: https://dl.dropboxusercontent.com/u/4512442/pfSense-pkg-tinc-1.0.28.txz
-
Hello everyone,
in order to see the connected clients in tinc, syslog has to know about /var/log/tinc.log. At this point, it's not included by default in the pfSense syslog.conf. I have submitted a PR to fix this: https://github.com/pfsense/pfsense/pull/3023
Until then, a workaround is to add the following 2 lines in /var/etc/syslog.conf:
!tinc *.* %/var/log/tinc.logPlease note the syslog.conf is regenerated automatically at each syslog package update / syslog reset. (Those details come from /etc/inc/system.inc. The PR is supposed to fix this for the future.)
You can find the latest working version here to test: https://dl.dropboxusercontent.com/u/4512442/pfSense-pkg-tinc-1.0.28.txz
Thanks a lot for you support!
Finally, I can use 2.3.1.
Uploaded your pfSense-pkg-tinc-1.0.28.txz first, http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/tinc-1.0.28.txz second. Existing configuration picked up and all works fine
I use tinc with Quagga routing, tap mode. Everything is good
There is a minor thing, Status->Tinc VPN does not show any status. Empty "Connection List …" etc
-
Fetching tinc-1.0.28.txz: …....... done
Installing tinc-1.0.28...
pkg: wrong architecture: FreeBSD:10:amd64 instead of FreeBSD:10:i386Failed to install the following 1 package(s): http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/tinc-1.0.28.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:32/latest/All/tinc-1.0.28.txz:
Fetching tinc-1.0.28.txz: …....... done
Installing tinc-1.0.28...
the most recent version of tinc-1.0.28 is already installedI'm runnig my PFsense on an old Watchguard x750.
Now I have successfully installed tinc, but how can I get a webinterface for tinc?
:(
-
There is a minor thing, Status->Tinc VPN does not show any status. Empty "Connection List …" etc
Did you do the syslog.conf modification? After that, you need to restart syslogd. (killall syslogd && syslogd)
The syslog modification won't persist through reboots. The fix is already submitted to the pfSense repo, waiting for the pull request to be merged.
-
Now I have successfully installed tinc, but how can I get a webinterface for tinc?
:(
It's actually 2 packages: the tinc software itself + the web interface. Now you have installed the base software; the web interface will be the package I provided, see some posts before with the Dropbox link.
-
Did you do the syslog.conf modification? After that, you need to restart syslogd. (killall syslogd && syslogd)
Thank you!
Restarting syslog without reboot makes tinc status page working
-
Any further progress on an making the Tinc package official for 2.3.2?
