OpnSense initially as a branch pfSense exists, but has evolved into a completely separate firewall solution. This article describes the initial installation and basic configuration OpnSense.
OPNSense firewall
And pfSense, like, OpnSense is based on FreeBSD open source firewall solution. This release can be installed on their devices for free. OpnSense less demanding, ordinary computer hardware can be installed OpnSense. Recommended minimum hardware specifications are as follows:
Minimum hardware
500 MHz CPU
1 GB of RAM
4GB of storage space
Two network interface cards
Recommended Hardware
1GHz CPU
1 GB of RAM
4GB of storage space
Two or more network interface cards PCI-e.
If you use some of the more advanced features of OpnSense (Suricata, ClamAV services, etc.), you should provide better hardware for the system, it is recommended to meet the following minimum requirements.
At least in modern multi-core CPU at 2.0 GHz
More than 4GB RAM
10GB + storage space
Two or more Intel PCI-e Network Interface Card
OpnSense firewall installation and configuration
Whatever hardware selection, installation OpnSense are very simple, just pay attention to settings (LAN, WAN, wireless, etc.) network port.
Prompts the user to configure the installation process involves LAN and WAN interfaces, WAN interfaces before inserting recommended configuration OpnSense, then by inserting the LAN interface to complete the installation.
1, download OpnSense firewall
Download OpnSense software, based on equipment and installation methods, there are several possible options, the software used in this tutorial is: OPNsense-18.7-OpenSSL-dvd -amd64.iso.bz2, the latest version is 19.7.
After downloading and decompressing the installer, it can be burned to a disc, the guide means may be a PE, the ISO file directly to the U disk boot installation. Of course, you can also download the installation files img format, and with rufus write U disk installation tool.
2, install a firewall OpnSense
U disk or optical disk to boot the system, the display will start following.
OpnSense boot menu
继续安装,只需按回车键。这会将OpnSense引导到 Live mode(在线模式),在这种模式下,不能保存设置,如果是安装到本地,需要使用不同的用户名和密码。当系统引导至登录提示时,请使用用户名“installer”和密码“opnsense”进行登录,就进入了本地安装模式。
OpnSense在线模式
注意:继续执行安装步骤会删除所有硬盘数据!
OpnSense安装程序
点击回车键将开始安装过程。第一步是选择keymap(键盘映射)。默认情况下,安装程序可以检测到正确的键盘映射。查看选择的键盘映射,并根据需要进行更改。
OpnSense键盘映射设置
下一步会有一些安装选项。如果用户希望进行高级分区或从另一个OpnSense导入配置,则可以在此步骤中完成。本教程为全新安装,选择“ Guided Installation ” (引导式安装)选项。
OpnSense安装类型
下面的步骤将显示已识别的可以用来安装的存储设备。
OpnSense安装设备
选择安装的存储设备后,用户将需要确定安装程序使用哪种分区方案(MBR或GPT/ EFI)。
近几年的硬件都支持GPT/EFI,但是如果用户使用的是早期计算机设备,也许只能选择MBR。可以在设备的BIOS设置中进行检查,查看其是否支持EFI/GPT。
OpnSense安装模式
选择分区方案后,安装程序将开始安装。该过程不会花费很长时间,安装过程中会提示用户输入信息,例如root用户的密码。
OpnSense安装过程
OpnSense Root密码
用户设置了Root用户的密码后,安装完成,重新启动系统。这时应该取出安装介质,重新启动系统。系统重新引导时,它将在控制台登录提示符处停止并等待用户登录。
OpnSense登录提示
使用安装期间配置的root用户和密码登录后,可以看到,OpnSense仅使用了此计算机上的一个网络接口卡(NIC)。在下图中,显示为LAN(em0)。
OpnSense网络接口
OpnSense默认将LAN接口分配“ 192.168.1.1/24”的网络。在上图中,WAN接口未显示,可以通过按‘1’ 来重新分配接口。在下图中,可以看到有两个可用接口:’em0′和’em1′。
OpnSense配置网络接口
配置向导允许使用VLAN进行非常复杂的设置,本教程只使用基本的两个网络设置,即WAN接口和LAN接口。
输入‘N’不配置任何VLAN。在本教程种,WAN接口为“ em0”,LAN接口为“ em1”。
OpnSense网络设置
输入‘Y’提示确认对接口的修改。完成后,将计算机连接到LAN接口后,打开Web浏览器输入:“http://192.168.1.1”,使用用户名“ root”和在安装过程中配置的密码登录OpnSense的Web管理后台。
OpnSense登录界面
进入后台后,自动进入安装向导,第一步要输入主机名、域名和DNS服务器。一般用户可以选中“ 覆盖DNS ”选项。这将使OpnSense防火墙能够通过WAN接口从ISP获取DNS信息。
OpnSense系统信息
下一步输入NTP服务器。如果用户没有自己的NTP系统,可以使用OpnSense提供的默认NTP服务器。
OpnSense NTP服务器
The next step is to set the WAN interface. If the ISP uses DHCP to provide customers with network configuration, simply "selected type" left "DHCP", if the dial-up user, select PPPOE, and enter the user name and password.
OpnSense DHCP settings
Scroll down to the bottom of the WAN configuration page. There are two default rules, for blocking not normally enter a network-wide WAN interface. Unless there is a known reason to allow these networks via the WAN interface, it is recommended that leave it checked!
Next configure the LAN interface, the default values can be used here, may be modified as required.
OpnSense configure the LAN interface
The final step asks whether the user wants to update the root password, if a strong password is not created during installation, then this can be modified. Upon completion, OpnSense will require the user to reload the configuration. Just click "Reload (reload)" button, then wait a minute, let OpnSense refresh configuration.
After the completion of all operations, OpnSense The Welcome the user interface. To return to the main dashboard, click the top left corner of the web browser window "Dashboard (dashboard)."
OpnSense dashboard
Return to the main dashboard, you can continue with the installation / configuration OpnSense plug-in or the required function! General recommended to check and upgrade the system (if upgraded). Simply click on the main instrument panel "Click to Check for Updates (Click to check for updates)" button.
OpnSense Configuration Options
Then use the " Check for Updates " to see the list of updates, or you can use the " Update Now " to simply apply all available updates.
OpnSense update
Here, we have successfully completed the installation of OpnSense, and it has been fully updated!