4 simple steps to get you setup

Step 1 – Hardware Selection & Sizing

How can you select the right hardware configuration and appropriate sizing for OPNsense?

Before you can install OPNsense select the suitable hardware configuration for your setup.

OPNsense® is available for x86-32 (i386) and x86-64 (amd64) bit microprocessor architectures. Full installs on SD memory cards, solid-state disks (SSD) or hard disk drives (HDD) are intended for OPNsense. While the range of supported devices are from embedded systems to rack-mounted servers, we recommend to use a 64-bit versions of OPNsense, if the hardware is capable of running 64-bit operating systems. It is possible to install and run 32-bit (x86-32, i386) versions of OPNsense® on 64-bit (x86-64, amd64) PC hardware, but we do not recommend it, especially not for new deployments.

If you are using a VM machine, at least you can use minimal configuration as shown below, but more resources are always good.

For VM

TypeDescrition
Processor1 or more virtual cores
RAMMinimum required RAM is 1 GB
Install methodISO
Install targetMinimum recommended virtual disk size of 8GB

For bare-metal HW (minimum requirements)

TypeDescription
Processor500 MHz single core CPU
RAM512 Mb
Installed MethodSerial console or video (vga)
Install TargetSD or CF card with a minimum of 4GB, use nano images for installation.

Reasonable

The reasonable specification to run all OPNsense standard features, means every feature is opened, but perhaps not with lots of users or high loads. High loads may caused by users or malicious activities.

TypeDescription
Processor1 GHz dual core cpu
RAM1 GB
Install methodSerial console or video (vga)
Install target40 GB SSD, a minimum of 1GB memory is needed for the installer to run.

Recommended

The recommended specification to run all OPNsense standard features, means every feature is functional and fits most use cases. More features need to have more system resources as well.

TypeDescription
Processor1.5 GHz multi core cpu
RAM4 GB
Install methodSerial console or video (vga)
Install target120 GB SSD

Installation Files

Depending on your hardware and use case different installation files are provided to Install OPNsense:

TypeDescription
DvdISO installer image with live system capabilities running in VGA-only mode
VgaUSB installer image with live system capabilities running in VGA-only mode
SerialUSB installer image with live system capabilities running in serial console (115200) mode with secondary VGA support
NanoA preinstalled serial image for 4GB USB sticks, SD or CF cards for use with low-end embedded devices

Throughput

The main hardware-factors of the OPNsense setup involved are CPU, RAM, mass storage (disc), the number and quality of network interfaces.

Throughput (Mbps)Hardware requirementsFeature setUsers / Networks
1-10Basic spec.NarrowedFew (1-10)
11-150Minimum spec.ReducedAdjusted (10-30)
151-350Reasonable spec.AllSubstantial (30-50)
351-750+Recommended specAllSubstantial+ (50-150+)
Mbps (Mbit/s or Mb/s) – Megabit per second – 1,000,000 bits per second

Network Interface Cards

As the FreeBSD hardware-lists and -recommendations say, Intel® network interface cards (NIC) for LAN connections are reliable, fast and not error-prone. Intel chipset NICs deliver higher throughput at a reduced CPU load.

Supported Hardware

The HardenedBSD 11.2-RELEASE is the base of OPNsense. All HardenedBSD drivers are included in the OPNsense kernel, and the hardware compatibility is the same.

TIP

If you are looking to buy new hardware then take a look at OPNsense partner page as these partners contribute back to OPNsense and sell hardware that is know to work well.

Step 2 – Download & Prepare Installation Media

Where can you from download OPNsense?

You can download OPNsense which is the official website. You can select system architecture according your system’s CPU architecture, and also specifiy image type and mirror location as well.

Depending on your hardware and use case different installation files are provided to Install OPNsense:

TypeDescription
DvdISO installer image with live system capabilities running in VGA-only mode
VgaUSB installer image with live system capabilities running in VGA-only mode
SerialUSB installer image with live system capabilities running in serial console (115200) mode with secondary VGA support
NanoA preinstalled serial image for 4GB USB sticks, SD or CF cards for use with low-end embedded devices

32bit = i386
64bit = amd64

Sample file listing

  • OPNsense-16.x.x-OpenSSL-cdrom-amd64.iso.bz2
  • OPNsense-16.x.x-OpenSSL-nano-amd64.img.bz2
  • OPNsense-16.x.x-OpenSSL-serial-amd64.img.bz2
  • OPNsense-16.x.x-OpenSSL-vga-amd64.img.bz2

Writing to Installation Media

The easiest method of installation is the USB-memstick installer. If your target platform has a serial interface choose the “serial image. 64-bit and 32-bit install images are provided. The following examples apply to both.

Write the image to a USB flash drive (>= 1GB), either with dd under FreeBSD or under Windows with physdiskwrite (or Rufus).

Before writing an (iso) image you need to unpack it first (use bunzip2).

FreeBSD

dd if=OPNsense-##.#.##-[Type]-[Architecture].[img|iso] of=/dev/daX bs=16k

Where X = the device number of your USB flash drive (check dmesg)

Linux

dd if=OPNsense-##.#.##-[Type]-[Architecture].[img|iso] of=/dev/sdX bs=16k

Where X = the IDE device name of your USB flash drive (check with hdparm -i /dev/sdX) (ignore the warning about trailing garbage – it’s because of the digital signature)

OpenBSD

dd if=OPNsense-##.#.##-[Type]-[Architecture].[img|iso] of=/dev/rsd6c bs=16k

The device must be the ENTIRE device (in Windows/DOS language: the ‘C’ partition), and a raw I/O device (the ‘r’ in front of the device “sd6”), not a block mode device.

Mac OS X

sudo dd if=OPNsense-##.#.##-[Type]-[Architecture].[img|iso] of=/dev/rdiskX bs=64k

Where r = raw device, and where X = the disk device number of your CF card (check Disk Utility) (ignore the warning about trailing garbage – it’s because of the digital signature)

Windows

physdiskwrite -u OPNsense-##.#.##-[Type]-[Architecture].[img|iso].img

A simple alternative for writing image under windows is Rufus a tool to create bootable USB sticks with a nice GUI.

Step 3 – Installation to Target Device

Using the USB Installer & Quickly Install OPNsense

Install OPNsense to target system

Configure your system to boot from USB. Default behaviour is to start the Live environment, to install log in with user installer and password opnsense

The installation process involves a few simple steps.

  1. Configure console – The default configuration should be fine for most occasions.
  2. Select task – The Quick/Easy Install option should be fine for most occasions. For installations on embedded systems or systems with minimal diskspace choose Custom Installation and do not create a swap slice. Continue with default settings.
  3. Are you SURE? – When proceeding OPNsense will be installed on the first hard disk in the system.
  4. Reboot – The system is now installed and needs to be rebooted to continue with configuration.

WARNING: You will lose all files on the installation disk. If another disk is to be used then choose a Custom installation instead of the Quick/Easy Install.

VMware or XEN virtual Installations

After installation go to firmware page in the GUI and install the vmware-tools or xen-tools plugin for maximum performance and compatibility.

Step 4 – Initial Setup & Configuration

Defaults

Port Assignments

By default the system will be configured with 2 interfaces LAN & WAN. The first network port found will be configured as LAN and the second will be WAN.

IP ranges & DHCP

The WAN port will have a dhcp client and expects to be assigned an IP adress. The LAN port will have a dhcp server, a static ip of 192.168.1.1/24 and offers ip adresses in the range of 192.168.1.100-200.

Users & Passwords

Default user: root
password: opnsense

Also good to know

For security reasons ssh is disabled by default and the console access is password protected.

Online Documentation

An extensive manual is provided online with many up-to-date examples for making the most out of your newly setup security platform. Go to: http://docs.opnsense.org

Leave a Reply