OPNsense Research - micahgrinnell/CC-Capstone-Project GitHub Wiki
About
OPNsense is a free open-source firewall and routing software built off of HardenedBSD. It started as a subpart of pfSense in 2014 and officially released for the first time in January 2015. It is very similar in both form and function to pfSense but has a few of its own features. These can be found on their markets & features page. Consequently, the size of the image is slightly bigger at 1.74 GB so a slightly larger USB drive could be required.
I have no previous experience with OPNsense, but its similarities to pfSense will make testing much easier. There is also extensive documentation available on their respective page.
This page will be a collection of everything related to OPNsense and my project. The sections will go as follows:
- Startup & Configuration
- A preliminary guide on how to install the software onto the Protectli device
- Initial configuration and customization
- Implementation Testing
- Live notes and findings from my experimentation with the software in the test environment
- Configuration necessary for my personal environment and services
- Scripts, Ansible, and Other Documentation
- Collection of scripts and ansible playbooks I've written to assist with configuration
- Other config files or notes I think should be included
Again, this is an evolving page so everything seen here is subject to change.
Startup & Configuration
In this section will be rough notes of the actions I completed throughout testing. These notes will eventually be turned into an easier to digest guide
Since pfSense was already installed on the device, this is the first OS I installed directly onto the device. Below I will outline my process.
- Download OPNsense image from https://opnsense.org/download/
- amd64
- vga image type
- NYC*BUG Mirror Location
- Write image to USB drive
- Download and use Rufus from https://rufus.ie/
- Transfer image using Rufus to USB drive
- Install OPNsense
- Boot device to BIOS
- Boot from USB drive
- Wait for install to complete
- Login and change password
- User: root
- Pass: opnsense
- Connect PC to LAN
- Navigate to 192.168.1.1 and login with the your new credentials
- Do initial configuration
- System > Wizard
- Hostname: fw-OPNsense
- Primary DNS: 8.8.8.8
- Defaults for the rest and next page
- Upstream Gateway: 10.0.0.1
- Uncheck "Block RFC1918 Private Networks"
- LAN IP Address: 192.168.1.1
- Subnet Mask: 24
- Add a WAN firewall rule
- For now, all the defaults work for us
- Save
- Set NAT forwarding rule
- Firewall > NAT > Outbound
- Select Hybrid outbound NAT rule generation and click save
- Then click add in the top right
- Interface: WAN
- TCP/IP Version: IPv4
- Protocol: any
- Source address: LAN net
- Source port: any
- Translation/target: Interface address
- Save
- Save and upload config file to Github
I found this information on the Protectli site at [https://protectli.com/kb/how-to-install-opnsense-on-the-vault/](https://protectli.com/kb/how-to-install-opnsense-on-the-vault/)