OPNsense is an open source firewall distribution based on FreeBSD. Typical deployments are stateful perimeter firewalls, routers, wireless access points, DHCP and DNS servers, VPN endpoints, and UTM-machines. The OPNsense project is a fork of pfSense.
First of all we need to configure network interface on our VirtualBox. Go to VirtualBox settings and open “Network” settings
Here open a “Host-only Networks” and create a new adapter.
Then open configuration of it, disable “DHCP server” and change an IP address to “10.0.0.1”
Creation of a new Virtual Machine
Now we ready to create a new instance of virtual machine. Tap on a New button in main window on VirtualBox.
Here we need to input a proper name, select type and version.
In next window we need to specify about of RAM
OPNsense provide less requirements for a system resources and 512MB is more then enough.
Then we go to create of a hard drive
Select “Create a virtual drive now” options. Then select hard drive file type
For a first time, file type does not matter and we leave default value “VDI”.
After that we must make a decision about storage on physical hard drive. For OPNsense recommend a “Fixed size” option.
Finally we need to select location and size of the virtual hard drive.
For this system is enough 2GB or more.
Tap a “Create” button and creation of Virtual Machine is over.
Configuration of a Virtual Machine
Now we have a new instance of virtual machine. Before configuration of it we need to download an installation image with OPNsense. We can find it on official site on download page.
After upload an image we need to go into settings of previously created virtual machine and make some additional actions.
Firstly we obligated to select a “Network” menu item and enable a “Adapter 1” and “Adapter 2”. “Adapter 1” we attached to “Bridge adapter” and “Adapter 2” we attached to “Host-only Adapter”.
Secondly we go to “Storage” menu item and need to configure a boot device.
Here we must attach downloaded installation image to “Host drive” and assign “IDE Primary Master” to it. Then we assign “IDE Secondary Master” to “OPENSense.vdi”.
That’s all. Preparation is over and we ready to get to install a OPNsense.
Installation of OPNsense
The installation process of the OPNsense system is absolutely same as in pfSense. This is normal because OPNsense is forked from pfSense.
After reboot in the end of installation wizard, we wait a minute, until appear a console input for a login. Here login is root and password is opnsense. Now we see a system menu with options
Let’s configure an interface. Select the option number one.
Skip VLANs configuration and go to WAN interface name. Set em0 as WAN interface.
Then em1 as LAN interface.
Base configuration of interface is over. Press the ENTER and confirm interface settings.
After this action we see a initial system screen. Below the welcome message we see a current configuration of interfaces.
With WAN all right, but LAN needed additional configuration. Select the option number two in main menu.
Type two for select LAN interface. Then input 10.0.0.1 as IPv4 address, 24 as subnet bit count and skip steps with upstream gateway address and IPv6. All describes steps you can find on screenshot below.
Moreover enable DHCP server for LAN, set 10.0.0.100-10.0.0.20 as range of clients IPv4 addresses and say yes in question about revert to HTTP as the webConfigurator protocol. You can find all this actions on the screenshot below too.
Thats all. Now we done base configuration of OPNsense as a firewall. We may test an internet connection using ping. Select the option with number seven on main menu and try to ping a default google-dns 126.96.36.199. We must see something like this:
Sometime needed a reboot for successfully configuration of interfaces. If ping doesn’t work try to reboot the system.
OPNsense has many benefits from his parent pfSense. This is lots of services and network monitoring functions, friendly web-gui, easy installation and configuration and so on. But this system has a primary orientation on usage as firewall. So it is good variant for installing on routers, firewalls and on home and production machines as virtual system for purpose of improve security.