How to Install OPNSense Router and Firewall on VirtualBox

OPNSense is a free and open-source firewall router based on FreeBSD. It was developed by a company called 'Deciso' based in the Netherlands. It is a fork of pfSense, which was forked from m0n0wall, built on FreeBSD, and launched in January 2015.

This tutorial will show you how to install and configure the OPNSense Router Firewall on VirtualBox. With this guide, you can learn how to set up the OPNSense Router Firewall locally before implementing in the real world.

Prerequisite

For this guide, we will be using two virtual machines on the VirtualBox. The OPNSense itself, and the Debian operating system as a client.

To download the OPNSense, you can use the link below.

https://opnsense.org/download/

Download the 'dvd' version from your nearest mirror location, then extract the ISO file using the bzip command as below.

bunzip2 -d OPNsense-19.7-OpenSSL-dvd-amd64.iso.bz2

Now you're ready to install the OPNSense on the virtual environment VirtualBox.

Virtual Machine Configuration

Below are the details configuration of two virtual machines on the VirtualBox, the OPNSense server and the Debian Client. Ensure that all virtual machine configurations are the same as the example below.

1. OPNSense Firewall Router

Below is the configuration of the OPNSense on the local environment VirtualBox.

  • Type: FreeBSD 64-bit
  • Memory: 1GB
  • Disk: 16GB
  • Audio: Disabled
  • Network:
    • Adapter 1: Internal Network 'intnet' with promiscuous mode 'Allow All' - (For LAN)
    • Adapter 2: NAT or Bridge to your WiFi with promiscuous mode 'Allow All' - (For WAN)

2. Debian Client

Below is the Debian 10 OS configuration already installed on VirtualBox.

  • Type: Debian 64-bit
  • Memory: 512MB
  • Disk: 8GB
  • Network:
    • Adapter 1: Internal Network 'intnet' with promiscuous mode 'Allow All'

1. Install OPNSense Firewall Router

First, start the VirtualBox OPNSense VM by pressing the 'Start' button. When the OPNSense is started, you will get the boot splash screen as below.

Press the 'Enter' key on your keyboard, and the OPNSense will boot to the 'Live' mode.

Within the 'dvd' ISO image of the OPNSense, we're able to install the OPNSense using the user 'installer' with the default password 'opnsense'.

Log in with the user 'installer', and the password 'opnsense'.

And you will be shown the first installer screen as below.

Press the 'Enter' key on the 'Ok, let's go' option to continue the installation.

Now you need to set up the keymap, press the 'Enter' button on the 'Accept these settings' option to use the default detected keymap.

After that, you will be shown the OPNSense installation type. If you're first time installing the OPNSense, you can use the 'Guided installation'.

For advanced users, you can use the 'Manual Installation'. Or if you want to restore your OPNSense installation, you can use the 'Import Configuration' option.

Now select the disk for the OPNSense installation.

Then select the installation mode. The 'GPT/UEFI' is the most recommended option for newer hardware support.

Now the OPNSense installation will begin, and it takes no time.

After that, you will need to set up the 'root' password. Type your strong password for the 'root' user and press the 'Enter' key on the 'Accept and Set Password'.

And the OPNSense installation has been completed, reboot the server and remove the ISO image installer.

Now the OPNSense firewall router has been installed. Log in to the OPNSense system using the user 'root' and the password that you use on top.

And you will get the OPNSense screen as below.

2. Configure LAN and WAN IP Address OPNSense

By default, the OPNSense is running on the local IP address '192.168.1.1'. And for this guide, we're going to set up the static IP address for the WAN interface and set up a new subnet for the LAN interface.

Below are details about the LAN and WAN Interfaces that we want to configure.

1. LAN Interface

  • Interface: em0
  • IP Address: 10.5.5.1/24
  • DHCP: ON
  • DHCP Range: 10.5.5.10-10.5.5.50
  • Gateway: NONE

2. WAN Interface

  • Interface: em1
  • IP Address: 192.168.1.25/24
  • Gateway: 192.168.1.1

Firstly, we will assign an interface for both LAN and WAN. The LAN with the 'em0' interface, and the WAN with the 'em1' interface.

- Assign Network Interfaces

On the OPNSense firewall router screen, choose number '1' to 'Assign Interfaces'.

Do you want to configure VLANs now? y
Enter the parent interface for the new VLAN: Just press the 'ENTER' key
Enter the WAN interface name or 'a' for auto-detection: em1
Enter the LAN interface name or 'a' for auto-detection: em0

Enter the optional Interface: Just press the 'ENTER' key
Do you want to proceed? y

Now all services will be restarted and each interface has been assigned. The LAN will be using the 'em0' interface, and the WAN will be using the 'em1' interface.

Next, we will set up the IP address for both LAN and WAN interfaces.

- Setup LAN IP Address

On the OPNSense firewall router screen, choose number '2' to 'Set interface IP address'.

Enter the number of interface to configure: 1 (For LAN interface)
Configure IPv4 address LAN interface via DHCP: N
Enter the new LAN IPv4 address: 10.5.5.1
Enter the new LAN IPv4 subnet bit count: 24
Enter the new LAN IPv4 upstream gateway address: Just press 'ENTER' key

Configure IPv6 address LAN interface via WAN tracking? n
Configure IPv6 address LAN interface via DHCP6? N
Enter the new LAN IPv6 address: Just press 'Enter' key for none
Do you want to enable the DHCP server on LAN? y
Enter the start address of the IPv4 client address range: 10.5.5.10
Enter the end address of the IPv4 client address range: 10.5.5.50

Do you want to revert to HTTP as the web GUI protocol? N

Now all services will be restarted, and the web GUI of OPNSense is available on the HTTPS protocol with the LAN IP address '10.5.5.1'.

And the LAN interface and IP address have been configured.

- Setup WAN IP Address

Next, choose the option number '2' again and select the WAN interface.

Configure IPv4 address LAN interface via DHCP: N
Enter the new WAN IPv4 address: 192.168.1.25
Enter the new WAN IPv4 subnet bit count: 24
Enter the new LAN IPv4 upstream gateway address: 192.168.1.1

Do you want to use the gateway as the IPv4 name server, too? Y

Configure IPv6 address LAN interface via DHCP6? N
Enter the new LAN IPv6 address: Just press 'Enter' key for none

Do you want to revert to HTTP as the web GUI protocol? N

Now all services will be restarted, and the WAN interface 'em1' with the IP address '192.168.1.25' has been configured.

- Testing Internet Connection

To test the internet connection on the OPNSense firewall router, you can use menu number '7' to 'Ping host'.

Enter a hostname or IP address: howtoforge.com

Now make sure you get the ICMP reply from the server as below.

As a result, the connection test from the OPNSense firewall router has been successful.

3. OPNSense Setup Wizard Through Debian Client

We're using the Debian virtual machine as the client for this guide. It only has one network interface,  'Adapter 1' with 'Internal Network'. We will setup the OPNSense installation wizard through this Debian VM with Firefox browser.

Start the Debian client, and it will get an IP address automatically via DHCP from the OPNSense firewall router.

Check the Debian client's IP address and the internet connection using the following commands.

ifconfig
ping -c3 howtoforge.com

And you will get the result as below.

As a result, the client network is working correctly as we want. The Debian client gets an IP address '10.5.5.10' via DHCP from the OPNSense router, and the internet is working on the client machine.

Next, open the web browser and type the LAN IP address of OPNSense router.

https://10.5.5.1/

And you will get the OPNSense login page as below.

Log in with the user 'root', type your password already configured during the installation, and then click the 'Login' button.

Now you will get the OPNSense Setup Wizard.

Click the 'Next' button to continue.

Change the general information about your firewall router and click 'Next'.

Choose your timezone with your own and click 'Next'.

Leave it as default for the WAN interface configuration and scroll to the bottom. Then uncheck the 'RFC1918 Networks' and the 'Block bogon Network'  options, and click 'Next'.

Leave it as default for the LAN interface configuration and click 'Next'.

After that, we must set up the new root password and click 'Next' again.

Once the OPNSense setup wizard has been completed, click the 'Reload' button to reload the page.

Now click the 'Dashboard' menu on the left, and you will get the OPNSense dashboard as below.

As a result, the configuration of the OPNSense firewall router has been completed successfully.

The OPNSense server runs with the WAN IP address '192.168.1.25', on the interface 'em1'. And the LAN interface with the 'em0', and the IP address '10.5.5.1/24'.

The OPNSense firewall router is up and running with the DHCP enabled on the LAN Interface, with the IP pool '10.5.5.10-10.5.5.50'. All clients under the firewall will get the IP address on the pool range.

The Debian client gets an IP address via DHCP and gets the IP address '10.5.5.10'.

Reference

Share this page:

0 Comment(s)