Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update IPFire from 2.25 to 2.29 and solve unbound issue #95

Closed
1ncludeSteven opened this issue Oct 28, 2024 · 2 comments
Closed

Update IPFire from 2.25 to 2.29 and solve unbound issue #95

1ncludeSteven opened this issue Oct 28, 2024 · 2 comments
Assignees
@Maspital
Labels
enhancement New feature or request

Comments

@1ncludeSteven
Copy link

1ncludeSteven commented Oct 28, 2024
edited
Loading

Dear Author:

I have found that you haven't the time to update the IPFire from 2.25 to 2.29. I have done this thing. Below is the boot command for internet router and company router:

iso_urls and iso_checksum:

      "iso_checksum": "sha256:ae9c1f9639e30e9e88b7363426d69297300cf15543498bef0b18e27f3dd66222",
      "iso_urls": [
        "https://downloads.ipfire.org/releases/ipfire-2.x/2.29-core189/ipfire-2.29-core189-x86_64.iso"
      ],

boot command for internet router:

"boot_command": [
        "<enter><wait10s>",
        "<tab><enter>",
        "<wait><enter>",
        "<wait><enter>",
        "<wait><tab><enter>",
        "<wait60s><enter>",
        "<wait30s><enter><wait><enter>",
        "<wait><spacebar>",
        "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>internetrouter<tab><spacebar>",
        "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>localdomain<tab><spacebar>",
        "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>breach<tab>breach<tab><spacebar>",
        "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>breach<tab>breach<tab><spacebar>",       
	      "<wait10s><tab><spacebar>",
        "<wait><down><down><tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><tab><tab><tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><spacebar>",
        "<wait>172.18.0.1<tab>",
        "<wait><left><left><bs><bs><bs>0<tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait>192.168.56.30<tab>",
        "<wait><tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait><tab><spacebar><tab><tab><tab><tab><spacebar>",
        "<wait><tab><tab><spacebar>",
        "<wait><tab><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><spacebar>",    
        "<wait60s>",
        "root<wait><enter>breach<wait><enter>",
        "<wait20s>iptables -I INPUT -p tcp --dport 444 -j ACCEPT<enter>",
        "<wait>iptables -I INPUT -p tcp --dport 222 -j ACCEPT<enter>",
        "<wait>sed -i 's/ENABLE_SSH=off/ENABLE_SSH=on/g' /var/ipfire/remote/settings<enter>",
        "<wait>sed -i 's/ENABLE_SSH_PORTFW=off/ENABLE_SSH_PORTFW=on/g' /var/ipfire/remote/settings<enter>",
        "<wait>sed -i 's/ENABLE_SSH_KEYS=off/ENABLE_SSH_KEYS=on/g' /var/ipfire/remote/settings<enter>",
        "<wait>touch /var/ipfire/remote/enablessh<enter>",
        "<wait>chown nobody:nobody /var/ipfire/remote/enablessh<enter>",
        "<wait>sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config<enter>",
        "<wait>sed -i 's/Port 22/Port 222/g' /etc/ssh/sshd_config<enter>",
        "<wait>/etc/rc.d/init.d/sshd restart<enter>",
        "<wait10s>/etc/init.d/sshd restart<enter>",
        "<wait10s>"
      ],

boot command for company router:

      "boot_command": [
        "<enter><wait10s>",
        "<tab><enter>",
        "<wait><enter>",
        "<wait><enter>",
        "<wait><tab><enter>",
        "<wait60s><enter>",
        "<wait30s><enter><wait><enter>",
        "<wait><spacebar>",
        "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>companyrouter<tab><spacebar>",
        "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>localdomain<tab><spacebar>",
        "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>breach<tab>breach<tab><spacebar>",
        "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>breach<tab>breach<tab><spacebar>",
        "<wait10s><tab><spacebar>",
        "<wait><down><down><down><tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><down><down><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><up><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><down><down><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><tab><tab><tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><spacebar>",
        "<wait>172.16.0.1<tab>",
        "<wait><left><left><bs><bs><bs>0<tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait>192.168.56.10<tab>",
        "<wait><tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait>172.17.0.1<tab>",
        "<wait><left><left><bs><bs><bs>0<tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait><tab><tab><tab>172.18.0.2<tab>",
        "<wait><left><left><bs><bs><bs>0<tab>",
        "<wait>172.18.0.1<tab><spacebar>",
        "<wait><tab><tab><spacebar>",
        "<wait><tab><tab><spacebar>",
        "<wait><spacebar>",
        "<wait><tab>172.16.1.1<tab>",
        "<wait>172.16.255.254<tab><tab><tab><tab><tab>",
        "<wait><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>breach.local<tab><spacebar>",
        "<wait><spacebar>",
        "<wait60s>",
        "root<wait><enter>breach<wait><enter>",
        "<wait20s>iptables -I INPUT -p tcp --dport 444 -j ACCEPT<enter>",
        "<wait>iptables -I INPUT -p tcp --dport 222 -j ACCEPT<enter>",
        "<wait>echo 'ENABLE_SSH_PORTFW=on' > /var/ipfire/remote/settings<enter>",
        "<wait>echo 'ENABLE_SSH=on' >> /var/ipfire/remote/settings<enter>",
        "<wait>echo 'ENABLE_SSH_PASSWORDS=on' >> /var/ipfire/remote/settings<enter>",
        "<wait>echo 'ENABLE_SSH_KEYS=on' >> /var/ipfire/remote/settings<enter>",
        "<wait>echo 'SSH_PORT=off' >> /var/ipfire/remote/settings<enter>",
        "<wait>touch /var/ipfire/remote/enablessh<enter>",
        "<wait>chown nobody:nobody /var/ipfire/remote/enablessh<enter>",
        "<wait>sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config<enter>",
        "<wait>sed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/g' /etc/ssh/sshd_config<enter>",
        "<wait>sed -i 's/Port 22/Port 222/g' /etc/ssh/sshd_config<enter>",
        "<wait>/etc/rc.d/init.d/sshd restart<enter>",
        "<wait10s> /etc/init.d/sshd restart<enter>",
        "<wait10s>"
      ],

after update IPFire, I think add manual dns server is recommend for stable dns lookup, so I add two dns server to internet router using ansible role named post_unbound (directory is ansible/roles/post_unbound/tasks/main.yml) as below:

---

- name: Add 8.8.8.8 to the DNS servers file
  lineinfile:
    path: /var/ipfire/dns/servers
    line: "3,8.8.8.8,,enabled,"
    create: yes  
    state: present 

- name: Add 114.114.114.114 to the DNS servers file
  lineinfile:
    path: /var/ipfire/dns/servers
    line: "4,114.114.114.114,,enabled,"
    create: yes 
    state: present 

- name: Restart unbound service
  service:
    name: unbound
    state: restarted

and then add this role to internet router as below:

---
- hosts: internetrouter
  become: yes
  gather_facts: true

  roles:
    - configure_internet_router
    - rsyslog_install_ipfire
    - rsyslog_ISO8601
    - post_unbound

then unbound service in internet router can running stably!
@1ncludeSteven 1ncludeSteven added the enhancement New feature or request label Oct 28, 2024
@1ncludeSteven 1ncludeSteven changed the title Update IPFire from 2.25 to 2.29 Update IPFire from 2.25 to 2.29 and solve unbound issue Oct 28, 2024
@Maspital Maspital self-assigned this Oct 28, 2024
@Maspital
Copy link
Collaborator

Hi, thanks for your issue.
There are currently some fixes waiting to be merged in #94 , we'll test and implement your suggestions after these have been moved into main.

@Maspital Maspital mentioned this issue Nov 4, 2024
Merged
@ru37z
Copy link
Collaborator

ru37z commented Jan 31, 2025

Thanks again for reporting this issue!

  • The unbound DNS problems have been fixed in v1.3.7.
  • As for the IPFire version update, we currently do not deem it necessary. In case you see any advantages, feel free to create a pull request including a list of the potential benefits of the update.

@ru37z ru37z closed this as completed Jan 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Maspital Maspital

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Maspital @1ncludeSteven @ru37z