OpnSense Firewall

How to Install and Configure OPNSense Firewall steps

First we need to download the OpenSense ISO

Link to download : https://opnsense.org/download/

Select your location or what so nearest

After your OPNServer File is downloaded, please proceed and decompress it using bunzip2 as shown below

While downloading we need to select the downloading options

dvd: ISO installer image with live system capabilities running in VGA mode. On amd64, UEFI boot is supported as well.

vga: USB installer image with live system capabilities running in VGA mode as GPT boot. On amd64, UEFI boot is supported as well.

So I have selected VGA mode and downloaded

we can install OPNServer on a dedicated server or in a Virtual Machine environment. You will need at least two network interfaces. One for LAN connection, and another one for WAN.

OPNSense installation will begin after you boot off ISO image. On the first window, select the installation type.

To continue to the installer, simply press the ‘Enter’ key. This will boot OpnSense into the Live mode but a special user exists to install OpnSense to local media instead.

When the system boots to the login prompt use the username of ‘installer’ with a password of ‘opnsense’.

The installation media will login and launch the actual OpnSense installer. CAUTION: Continuing with the following steps will result in all data on the hard drive within the system being erased! Proceed with caution or exit the installer.

Click “Ok, let’s go” to start the installation of OPNSense.

Select  installation type. Use “Guided Installation” for easy setup or manual for advanced installation.

Need to select the desire location for installation

Once the storage device is selected, the user will need to decide on which partitioning scheme is used by the installer (MBR or GPT/EFI).

Most modern day systems will support GPT/EFI but if the user is re-purposing an older computer, MBR may be the only option supported. Check within the BIOS settings of the system to see if it supports EFI/GPT.


Once partition type selects- installer will begin the installation steps. The process doesn’t take a particularly long time and will prompt the user for information periodically such as the root user’s password

Need to wait for finished the partition

Enter the root password

Once the user has set the root user’s password, the installation will be complete and the system will need to restarted in order to configure the installation.

Default router gateway according to networks

Login with root user and root password

After logging in with the root user and password configured during installation, it can be noted that OpnSense only utilized one of the network interface cards (NIC) on this machine

OpnSense will default to the standard “192.168.1.1/24” network for the LAN. However in the above image, the WAN interface is missing! This is easily corrected by typing ‘1’ at the prompt and hitting enter.

This will allow for the re-assignment of the NICs on the system. Notice in the next image that there are two interfaces available: ‘em0’ and ‘em1’

The configuration wizard will allow for very complex setups with VLANs as well but for now, this guide is assuming a basic two network setup; (ie a WAN/ISP side and a LAN side).

Enter ‘N’ to not configure any VLANs at this time. For this particular setup, the WAN interface is ‘em0’ and the LAN interface is ‘em1’ as seen below

Confirm the changes to the interfaces by typing ‘Y’ in the prompt. This will cause OpnSense to reload many of it’s services to reflect the changes to the interface 

Once done, connect a computer with a web browser to the LAN side interface. The LAN interface has a DHCP server listening on the interface for clients so the computer will be able to obtain the necessary addressing information to connect to the OpnSense web configuration page.

Once the computer is connected to the LAN interface, open a web browser and navigate to the following url: http://192.168.1.1

To log into the web console; use the username ‘root’ and the password that was configured during the installation process. Once logged in, the final part of the installation will be completed.

The first step of the installer is used to simply gather more information such as hostname, domain name, and DNS servers. Most users can leave the ‘Override DNS’ option selected.

This will enable the OpnSense firewall to obtain DNS information from the ISP over the WAN interface

The next screen will prompt for NTP servers. If the user doesn’t have their own NTP systems, OpnSense will provide a default set of NTP server pools

The next screen is WAN interface setup. Most ISP for home users will use DHCP to provide their customers with necessary network configuration information. Simply leaving the Selected Type as ‘DHCP’ will instruct OpnSense to attempt to gather it’s WAN side configuration from the ISP.

in according to ISP Providers suppose

Static IP

DHCP Client

PPPoE and etc – here i am selecting DHCP

Scroll down to the bottom of the WAN configuration screen to continue. ***Note*** at the bottom of this screen are two default rules to block network ranges that generally shouldn’t be see coming in to the WAN interface. It is recommended to leave these checked unless there is a known reason to allow these networks through the WAN interface!

The next screen is the LAN configuration screen. Most users can simply leave the defaults. Realize there are special network ranges that should be used here, commonly referred to as RFC 1918. Make sure to leave the default or pick a network range from within the RFC1918 range to avoid conflicts/issues

The final screen in the installation will ask if the user would like to update the root password. This is optional but if a strong password wasn’t created during installation, now would be a good time to correct the issue!

Once past the password change option, OpnSense will ask for the user to reload the configuration settings. Simply click the ‘Reload’ button and give OpnSense a second to refresh the configuration and current page.

When everything is done, OpnSense will welcome the user. To get back to the main dashboard, simply click ‘Dashboard’ in the upper left corner of the web browser window

At this point the user will be taken to the main dashboard and can continue to install/configure any of the useful OpnSense plugins or functionalities! The author does recommend checking and upgrading the system if upgrades are available. Simply click on the ‘Click to Check for Updates’ button on the main dashboard.

Check for Updates can be used to see a list of updates or ‘Update Now’ can be used to simply apply any available updates

LAN AND WAN Interface

DHCP LAN SERVICES

Sometimes

POP3 / DHCP

Not reloading properly after the configuration

We need to reload the process

One thought on “OpnSense Firewall

  • August 20, 2022 at 1:42 am
    Permalink

    I like what you guys are up also. Such intelligent work and reporting! Keep up the superb works guys I’ve incorporated you guys to my blogroll. I think it will improve the value of my site 🙂

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *