DNS OVER TLS GETDNS and STUBBY Amended Package Creation
ubernupe last edited by ubernupe
DNS OVER TLS getdns and stubby Amended Package Creation
I apologize to the Community for some of my errant advice in my first tutorial on this subject. Excuse the new post but Ashmet flags my attempts to revisions on my initial post as spam.
This is a much more simple and accurate tutorial to install getdns and stubby package on Pfsense 2.4.4 - Original flawed tutorial here - https://forum.netgate.com/topic/130832/solution-posted-dns-tls-getdns-stubby-from-pfsense-freebsd-ports - I now understand this whole process much better so I felt compelled to share and pass it on.
1- A - Follow this guide here - https://gist.github.com/jdillard/3f44d06ba616fec60890488abfd7e5f5 - Making a package for pfSense 2.3. As the guide asserts , you need to set up a FreeBSD (build) server. This is how to do just that as per the guides' instructions. Make sure to NOT install ports on your initial installation ! You will be cloning pfsense/FreeBSD-ports collection from Github - which are synced with FreeBsd ports.
B - Install and configure the iso below on your Vmware Machine ( or other Build Server ). Here are two links as to how do this if you are somewhat unfamiliar with this process: https://www.tecmint.com/freebsd-11-1-installation-guide/ https://tutorialforlinux.com/2017/02/25/how-to-install-freebsd-11-on-vmware-workstation-step-by-step-easy-guide/ iso install image below:
2 - After you have installed Freebsd 11 - you need to follow these steps here : https://www.tecmint.com/things-to-do-after-installing-freebsd/
A - The main things I did here ( from the link above ) were to 1. Update FreeBSD System / 2. Install Editors and Bash / 3. Secure SSH on FreeBSD ( you need this to make the rest of this process much easier for you ) / 7. Configure FreeBSD Static IP ( you really should do this while installing and the initial configuration of Freebsd ) / 9. Manage FreeBSD Services ( very important in order to start programs at boot -especially SSH shell ).
3 - After you have successfully installed and configured your FreeBSD (build) server - it is now time to update your ports collection. The method to do that is to follow the guide I mentioned earlier: https://gist.github.com/jdillard/3f44d06ba616fec60890488abfd7e5f5
A - First you need to follow the instructions in the section Clone the pfSense ports repo
B - In order to this you must follow these instructions https://www.techsupportpk.com/2016/11/how-to-install-and-configure-git-on.html and install and configure git. Go to " Configuring Git " Section at bottom of page and proceed.
4- After installing and configuring git follow the guide by entering these commands via SSH shell in order:
(1)cd /usr then (2)git clone https://github.com/pfsense/FreeBSD-ports.git to clone the pfSense ports repo and finally (3)mv FreeBSD-ports ports
You now have the fully synced pfsense/FreeBSD-ports collection installed on your FreeBsd Build Server.
5 - Now it is time to make your getdns / stubby package. First you must install getdns port on your FreeBsd Build server. Follow these instructions as the referenced guide may confuse some as detailed by Jared Dillard in his tutorial.
6 - Now that you have set up your pfsense/FreeBSD-ports collection, it is time to install getdns port on your FreeBSD (build) server. Basically you manage your pfsense ports collection as you would Freebsd. Here is how to do that below:
A - cd /usr/ports/dns/getdns/ - to enter into appropriate port directory
B - make config - here select all options - especially Stubby - hit OK after finishing selecting your options
C- make install clean - the process will proceed - you will be asked to select other options for dependencies as getdns package builds - just select defaults
7- Now to actually make your package follow these instructions:
A - cd /usr/ports/dns/getdns/ - once again enter into appropriate port directory
B - make clean
C - make package - command must be run from inside the directory of the package you are making
Your package is now complete after process concludes
8 - Now you are ready to export your getdns-1.4.2.txz package from your FreeBSD (build) server and import / install it to your Pfsense box.
WinSCP ( scp protocol ) into your FreeBSD (build) server. Go into your /usr/ports/dns/getdns directory. Within the directory look for a folder labeled " work " then look for sub directory labeled " pkg " when you open that directory you will find your pfsense getdns-1.4.2.txz package. Transfer ( drag and drop ) that package to a local folder on your desktop - I am on Windows 7.
9 - Now fire up your Pfsense box. I have done this so I can save you a few potential headaches as you must do the following before installing Getdns and Stubby on Pfsense. This package has dependencies which are not available in the Pfsense repos. There are only two of them. So do the following first in order to satisfy the package's need for these dependencies:
A pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/libev-4.24,1.txz
B pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/libidn-1.34.txz
C pkg install libuv
D pkg install libyaml
10 - Now WinSCP ( scp protocol ) into your Pfsense box and transfer ( drag and drop ) the getdns-1.4.2.txz package from the local directory you exported it to earlier ( in this case on my Windows 7 machine ) into the /home directory of your Pfsense firewall. You are now ready to install the package with the following ssh commands: cd /home and then issue the all important command pkg install getdns-1.4.2.txz ( if for any reason later you need to re-install this package you may do so by issuing command: cd /home and pkg add -f getdns-1.4.2.txz - You can remove package from /home directory after everything is up and running by cd /home and rm getdns-1.4.2.txz
See Final Steps starting with Step 11 here:
Peace and God Bless To All,