In this article, I will guide you on step by step installation of the OPNsense on one of the devices that you can order from Aliexpress. Once you put a phrase “pfsense” you’ll get a list of different vendors and products.
In my case, I’ve ordered a fanless Topton device based on N5105 Celeron processor that comes with 4x 2.5 Gigabit Intel NICS. The appliance is powerful enough to serve a small
company with low power consumption.
Specification:
- Intel Celeron Jasper Lake N5105
- 2x SO-DIMM 2933MHz 16 GB from Samsung
- 1x NVME 2280 SSD 512 GB from Kioxia
- 4x Intel i225-V B3 (2.5G network card)
Model: https://it.aliexpress.com/item/1005004501531656.html
Watch the hardware review from ServeTheHome channel:
STEP1: PREPARE INSTALLATION MEDIA
Find a USB stick with more than 4GB free memory that can be erased for next installation steps.
STEP2 DOWNLOAD OPNSENSE IMAGE
The OPNsense installation file can be obtained from the official OPNsense download page. You have the option to choose the system architecture based on your CPU, type of the image type and mirror location. For an installation on USB stick please proceed as follows:
Select
vga
image type for USB installationSelect the fastest mirror for your location
Click
Download
button.
STEP2: UNPACK THE FILE
The file usually is bzipped so before writing an image on installation media please unzip it first so you will have the .IMG file only.
From the GUI, on Windows is recommended to use 7Zip. On Linux, use PeaZip.
Alternatively use the Linux command
bunzip2 OPNsense-21.7.1-OpenSSL-vga-amd64.img.bz2
STEP4: WRITE THE IMG TO THE INSTALLATION MEDIA
On Windows, the easiest way is to use app called Rufus
On Linux via GUI you can flash the image using Balena Etcher or Popsicle.
Example settings with RUFUS.
Alternatively use a command line on Linux. To write the OPNsense image to a USB drive on a Linux system, run the following command.
dd if=OPNsense-##.#.##-[Type]-[Architecture].[img|iso] of=/dev/sdX bs=16k
Where X = the IDE device name of your USB flash drive (check with hdparm -i /dev/sdX) (ignore the warning about trailing garbage, it’s because of the digital signature)
For example:
dd if=OPNsense-21.7.1-OpenSSL-vga-amd64.img of=/dev/da1 bs=16k
STEP5: MAKE CHANGES ON YOUR APPLIANCE BIOS
Connect your external monitor and keyboard (you will only need to do that for initial configuration). Turn on the appliance and check if it runs correctly and there are no warnings presented in BIOS.
Most of the appliance comes with the default settings which are enough to make the OPNsense to boot properly. If the appliance needs to work as a reliable router/firewall, please consider enabling AC loss power failure setting to always ON. This way if the router loses the power, once the power is back it will boot automatically without any physical action.
When the appliance boots up hit DEL to enter the BIOS. Look for Advanced >> Hardware Monitor > Restore AC power loss and change it to Power ON
STEP6: INSTALL OPNSENSE FROM INSTALLATION MEDIA
Boot the device and wait until OPNsense autoboots.
- ETH0 (em0) – WAN interface, here we connect our ISP cable. This is our connection to the public Internet
- ETH1 (em1) – LAN1 interface
- ETH2 (em2) – LAN2 interface
- ETH3 (em3) – LAN3 interface
- Do you want to configure LAGGS now? (y/N): n
- Do you want to configure VLANS now? (y/N): n
- WAN INTERFACE: em0
- LAN INTERFACE: em1
- OPTIONAL INTERFACE: em2
- OPTIONAL INTERFACE: em3
STEP7: INITIAL CONFIGURATION VIA GUI
Now connect your PC to the LAN1 port and browse to the default https://192.168.1.1 address for initial configuration using a browser.
Default credentials:
- login: root
- password: opnsense
After you login, there should be a Wizard opened for the initial configuration of system. If not, please navigate to System -> Wizard on OPNsense Web GUI.
Choose:
- Hostname: name of the router
- Domain: local domain namey
- Primary DNS: 1.1.1.3 (Cloudflare)
- Secondary DNS: 9.9.9.9 (QUAD9)
I recommend to leave default settings below as it is.
Leave the NTP server and adjust your timezone.
You may change the WAN interface configurations or leave them as default. You should leave RFC1918 Networks settings as checked for security reasons.
NOTE: In the MAC ADDRESS field you are able to clone MAC ADDRESS from other device and overwrite it on WAN interface.
MTU you can leave on auto or change to 1500 so it will use jumbo frames.
You may change the LAN interface configurations or leave it as default.
I strongly recommend to avoid default subnet at all costs and find some unique subnet from private range ex. 192.168.60.1-192.168.254.1
Click on Next. You may change the root
password from default ‘opnsense‘
Click Reload
to apply the changes.
When everything is completed successfully, OpnSense will welcome the user. You can get back to the main dashboard, by clicking Dashboard
in the upper left corner of the web browser window.
Source:
Alternatively, you’ll find a lot of tutorials over the Youtube which can guide you through installation:
Maciej Zytowiecki
Network security expert with a deep passion for wireless networks, networking and data security. When I'm not working, you'll find me diving into hobby projects, contributing to open-source initiatives, or enjoying hands-on experiments with cutting-edge tech. My goal is to bridge the gap between complex concepts and accessible knowledge, making the world of network security both intriguing and approachable for all.