There is no gain saying that the sheer number of open source, commercial offerings for the router nd firewall family is simply staggering.
We have talked about the flexible, and if properly configured, the stable, secure iptables in linux machines, vyos firewalling and routing solutions, pfsence unified treat management gateway, and the very powerfull cisco router family of products, just to name a few.
Now, we are going to get a step further into exploring the wonderful family line of router cum firewall solution called OPNSense, in this “OPNSense Installation and Configuration Guide”.
Recently, I have been compiling various security solutions for home and enterprises because of the importance of securing computer networks, and I have come across a wide range of products like ipfire, smoothwall express, clearos, pfsense and others.
Follow this site as I will be installing all these security solutions to ensure that you know what to expect when installing a security solution for your home or for an enterprise.
I will also go a step further to hack my network using kali linux in a later guide. These will make us better prepared to defend against threats.
Enough of what I plan to do in the future and back to what OPNSense really is.
OPNSense is an opensource, easy to use freebsd based firewalling and routing platform. It claims to have many and more features available in expensive commercial firewall solutions. The name OPNSense was derived from the word, open and sense, meaning, open source makes sense. It is a fork of pfsense, which was forked out of Monowall.
Features of OPNSense.
Below are some feature set of OPNSense.
- Traffic Shaper.
- Captive Portal.
- High Availability.
- DNS and DHCP
- IDS and IPS
- Routing and a host of other features.
The minimum requirement to run opnsense is: 512mb RAM, 4GB HDD, 500MHz single core cpu. This may not be able to do ids/ips and proxying.
But in a production environment, use 4gb RAM, 120GB SSD, 1.5GHz multi core cpu.
This guide and other guide, will attempt to show how opnsense can be used as an enterprise or SOHO security solution.
But before we can test out the features of opnsense, we first need to install it, don’t we?
How to Install OPNSence Router and Firewall.
To install opnsense, head over to https://opnsense.org/download/, and download the iso file by selecting the architecture that suits your computer architecture. Also select dvd if you want it to be an iso file and select a download mirror.
Now extract the .iso.bz2 file so that you have access to the iso file using winzip or 7zip.
If you downloaded the vga or serial usb installer, then use a program called rufus to create bootable usb media.
Now boot into the iso image and login to the console by typing root as login name and opnsense as password.
At this point, you can enter in the username of root and password of opnsense to gain access to the system. But mind you, this will only give you access to the live system. This is usually good for testing purposes, because as soon as you reboot the system, all your changes will be discarded.
To make it permanent, we will have to install the iso to the hard disk. This is made possible by typing a username of installer and a password of opnsense
The next screen confirms that you are ready to install to hard disk.
Now accept the keymap settings and choose GUIDED installation since this is a fresh install.
Select the hard disk that is available on your system. Linux may label this ada0.
Also select GPT mode.
Then enter the password you will use to login to the system after install to hard disk.
Reboot your system after installation making sure to remove the opnsense installation media. Login now with root and the password you created above.
Next type 2 into the console to set ip address on your lan interface.
Type 1 to select the LAN interface. Give it an ip address and subnet mask as shown below.
SET DHCP SERVER ON OPNSENSE IN LAN INTERFACE
When asked if you want to enable dhcp server on lan, type yes and hit enter.
Enter in the start and end ip address range that will be issued to your client machines as shown under.
Now that you have assigned an ip address to the opnsense LAN interface, navigate to https://ip address of opnsense lan interface to access the web interface.
Enter in the username of root and password the password your created above.
Now, we can access the dashboard and do some configurations to our newly installed security appliance.
This ends our “OPNSense Installation and Configuration Guide”. We will progress to configuring our device to support enterprise grade solutions.