FR: Package for OPNsense

[DentonGentry]

What are you trying to do?

Create an OPNsense plugin for Tailscale, allowing it to appear as an Interface for use with other features and to be configured using the UI.

How should we solve this?

No response

What is the impact of not solving this?

No response

Anything else?

No response

[stewag]

A plugin makes updates easier using the build-in OPNsense update machanism.

[txr13]

A plugin for OPNsense would definitely be an excellent thing, as it would avoid the process of having to manually update the ports tree, deinstall, clean, and then install the new version.

[DentonGentry]

For anyone reading this who has experience building plugins for OPNsense: we'd love to write a contract to develop a Tailscale plugin. Please contact dgentry at tailscale.

[juliocbc]

Hi @DentonGentry, we (at Cloudfence) have some experience building plugins. We'll be glad to help.

[fichtner]

We're already talking to @DentonGentry at the moment about how to approach this structurally.

Cheers,
Franco

[noseshimself]

Would it be possible (as quick fix) to include the tailscaled pkg into the OPNSense repository? It would be necessary for a plugin anyway.

[ellnic]

Would it be possible (as quick fix) to include the tailscaled pkg into the OPNSense repository? It would be necessary for a plugin anyway.

But it's already in ports? :)

[fichtner]

it's in mimugmail's community repo

[noseshimself]

Would it be possible (as quick fix) to include the tailscaled pkg into the OPNSense repository? It would be necessary for a plugin anyway.

But it's already in ports? :)

Sure -- how do you think I installed it? But I do not really want a development environment on production routers.

[ellnic]

Sure -- how do you think I installed it? But I do not really want a development environment on production routers.

Right... but when you say "development environment", you're not talking about actively developing / coding something exposing the box to memory leaks and kps, are you? You're not opening additional ports to test your application... you're just building something in ports. Anyway, you don't have to use ports on the production routers in question, just build elsewhere and copy the pkg. Or build on the router in question then remove build tools afterwards if you're concerned about out them being there? The end result is the same and you'd achieve your desired result in minutes, whereas waiting for the package to be added to the OPNsense repo when the plugin is underway... well, you might be waiting a long time. Or there's mimu's repo as @fichtner suggested, but I'm guessing that's probably not your cup of tea. I personally don't see the issue using ports on a production box, I get what you mean about developing on a production box, but that doesn't apply here. Just my 2p.

[noseshimself]

Sure -- how do you think I installed it? But I do not really want a development environment on production routers.

Right... but when you say "development environment", you're not talking about actively developing / coding something exposing the box to memory leaks and kps, are you?

You need the ports support infrastructure on the machine you want to install it on.

Having anything not provided by the vendor on a production machine usually does not comply with basic gocernance rules so: No. Not in serious production.

[fichtner]

We provide the ports tree and therefore you have my vendor blessing. 😉

[noseshimself]

Just for my understanding: How "bad" (in terms of future work for keeping it there) would be adding the port to the precompiled packages in the OPNSense repository? Compiling the package on a rather weak older appliance will be an adventure in itself...

[fichtner]

I've made a comment a while back here...

opnsense/tools#331 (comment)

So you can also use the FreeBSD package without an issue I think (just use pkg-add) so adding it to our build really doesn't change much at the moment if we are not progressing on a plugin. The way forward is very much tied to #5067 (comment)