Installing OPNsense Virtual Firewall on Proxmox

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

if you have an interest in running open Sense on proxmox this video is going to be for you I'm going to walk through how to install it and walk through some of the networking options uh I don't generally recommend that you run a virtualized firewall it can just cause you a lot more headache when it comes to troubleshooting things it's just many people do it's just not something I believe in doing I'm doing it in this case so that I can um it just makes more sense for me to have it on prox MOX while I'm doing some of the videos that I have planned so let's dive straight [Music] in first things first we're going to need to uh download the Open sense ISO so head across to open sense and grab that so you want amd64 uh we need to change this to DVD because we want the iso not the uh USB image so we can go ahead and download that uh just quickly while this is downloading you'll notice the file extension is doo. bz2 um which means it's a bzi compressed file so once that's downloaded we're going to need to uncompress it and then upload the iso so we can't do this a copy that link we can't just go into ISO and download from URL because the file extension it won't work even if we change that to gzip it won't work so we need to grab it first and then once we've grabbed it we'll have to decompress it and then upload it so we grab the file and we can do extract all or in my case I have seven zip installed so I'm just going to go ahead and use seven zip to extract it once it's extracted uh you can delete though bz2 file and now we need to go into prox boox and upload that so if we go into your node select your storage you want ISO images and upload select the file once you've selected the file go ahead and click upload once we've got the iso downloaded we can go ahead and create our virtual machine go ahead click create VM choose a node that you want to install it on we only have one node in this case enter your VM ID give it a name so open sense I'm not going to take start at boot at this stage under OS um choose your op sense ISO that we've downloaded you want other for a guest OS type it's not Linux you can leave these as default on the system under diss um we want to make sure that's set to scuzzy we can have right back for the cash uh I Fred we want that enabled for performance reasons discard I'm using SSD so I'm going to enable discard storage uh this depends on how your systems configured so I have my local ZFS which is my um boot pool my data pool is tank so I'm going to store my VM on here 32 gig is fine for today's purposes under CPU so you can select sockets and C um I'm going to leave the sockets as one recommend you use four for production um as is on so you might want as for Hardware acceleration and stuff so we'll go ahead and next that memory again recommended is 8 gig a disabled ballooning um we want to make sure that our system has got 8 gig available to it all the time I certainly have enough memory to do that in this the next is configure networking so I'm going to set this to non Network device and we'll go through the um Network configurations options network configuration options next so select no network device and then next go ahead and confirm make sure you don't have start after created T we'll go ahead and finish that you can see our open sense vm's just appeared the name will change in a second so there we go open sense now comes the networking options so this is where it gets um interesting we have various options available for how we do this and this completely depends on your use case your network and how you setting it up um so if you're going into the open sense VM going take a look at hardware and you'll notice I've got no network cards in here um we've got a couple of ways of doing this we can add to PCI device and we can physically pass through the network adapters so if I choose ra device you can see I've got my um Ean for eanet adapters here so we can just go ahead and add them if that's what if that's the way we wanted to do it so PCI device raw and obviously just select the network adapters if you want to pass them through now there is another way to do it that's why Bridging the adapters and that's the way that we're going to do it so in order to create a network bridge we need to go into the node Network and you'll notice that I have my four network cards listed and my bridge so we've got the default Bridge which is the same L Network as box Mox and this is going to change depending on how you want it to work so what we can do is create a bridge for the one I'm going to put BM1 that's fine um emp2 s0 is e zero on this device and I'm going to use that for my one so we're creating a bridge and I'm going to call emp2 s0 and I'm going to give it description so I can actually see what it is um you may or may not want to use V on you one most of the time you won't we're not going to do in this case uh now when it comes up to comes to setting the land side again this is completely on you and how you want to configure your system to connect so we have vmbr0 which is already part of our system so I'm going to go ahead and use that for the Lan um if you wanted to add an extra use one of the additional Network ports for the land you could do that but then obviously you'd have to um plug a device into that so you do create Linux [Music] Bridge uh and then the port so if it was emp3 s0 for example I could set that to E one plan so in my case um I don't have something else to plug into the one so I'm going to remove that vmb one which we set up initially for the one and I'm going to use the MBR Z which is our L interface for pro marks I'm going to use that so I can um set the DHCP address on open sense uh on the open sense one so it'll pick up an rfc1 1918 address um if you plug directly into a router again this is the networking side the most complicated bit you do get stuck with it um leave any comments or questions down below I'm happy to address them one once you've got your network interfaces set up then we can actually go ahead and create our machine oh hang on one second apply the configuration uh so now we've added the bridges into the actual node what we need to do is go into open sent then we need to add the network device so you'll notice previously if we was directly passing the ports through we would have done PCI device but because we've created the virtual network bridge we going to do Network device B and BR Z so this is the land side of my proxo device um going set that to vert IO and that's our one so set the multiq to8 and add that and then I'm going to add my LINE interface which is two again set the multi Q to8 change the type to ver we can go ahead and add that in so now we've got Net Zero which is our one and net one which is our lamb and we can see from here we can see the MAC address which we might need later to help identify them um but for now we're pretty much good so we can go ahead and start this machine we're not importing an existing configuration so we're just going to let that go I am going to interrupt this and just manually do this you can white out if you want but yeah no so you can see we've got the two network adapters VT net Z and VT Net One um what I did see we can see one ends in zof and one ends in C5 so if we look at Hardware you see the ones that end in z f is our one device ends in C5 is if one so that's easy enough for us to assign it so enter one for uh enter the one interface going to VT Net Zero and then enter the line interface and that's going to VT net one so I want to proceed okay so as you can see our one has now picked up the DHCP address of 10.1.1 do0 for it says 24 so we're on 107 uh and our l is on 19216811 which is the default uh now remember we're still on the live installer here so we need to have to go ahead and install it so we'll log in as installer go ahead and set your Keem up now you can choose whether you want to install it with ufs or ZFS I generally go with ZFS these days um unless you're installing on a flash card or something there's not really much point in ufs so we'll go ahead and do that I'm going to stripe it because I only have one hard drive yes we know we're going to erase the content go ahead set your root password now we can complete the installation and reboot so I'm going to into Hardware here the CD DVD I just want to reject this so now we're good we're on 19 192 1.1 and uh one is 10.1 10107 let's try and log into that we good so we've got the um webin face up so CU I've got two network cards in my machine um I'm able to plug directly in so we'll log in let's go ahead and completely the wizard so give it its host name set the domain that you want so language set your DNS servers I'm just going to use Google for this and I'm just going to override uh but un take that so I don't want the DNS server to be overridden by DHCP so click next to that select your time zone so I'm in uh londom one interface um the changes I'm going to have to make here are it's obviously set to DHCP now I'm going to have to untake block the private networks um because I've got a private Network assign to the one address I'm going go ahead and set the Lan confirm your root password and then reload so we finished the initial configuration and now we can uh go and check for updates I'm we'll go ahead and update those okay log back in oh we're going to want to install a qmu plugin as well so we' go into system uh firmware plugins Q qmu guest agent for open sense so we're going to go ahead and install that let's go ahead and reboot in fact I'm just going to shut this down um once you've installed the qmu guest agent we need to enable it uh so it's under options um Q your guest agent so we need to enable this just enable it to ver then we can go ahead and start the system again as you'll notice at the moment it says IPS guest St not running um so now we should be good yeah so now we got our IP address so the guest agent is running um obviously you can confirm that by logging in drop to a shell new service uh qmu yes agent status we can see it is running so with that we'll now be able to um shut down the machine gracefully and control it properly from prox boox how you set up on Pro marks with open sense so I'm guessing that you're going to want your virtual machines to be able to um access the internet by that so let's go ahead and take a look at how to do that I've got a FreeBSD machine here now if go into Hardware we can see that the network device is set to um vmbr0 which is my actual Lan here um Che open sense out the question for a minute so my lamb will be on the same subnet as the open sense one so that should get a 10.1 address so let me just see if this Powers up yeah so it's got 10.11.18 just make sure the networking works on this yep so that's fine so that's using my Lan um and we need it to use a open sense one so I'm going to power this off a second and I'm going to edit its Hardware so we're on Bridge vmbr0 um we drop that down we have vmb 2 which is the E1 Lan which we set up during the open sense when we was setting the VMS up so basically we should just need to change it over to that and then that should work so I don't want the firewall on that's okay now we should get an IP address from open sense yes so now DHCP offer from 19 9 26811 we bound to 1921 68110 so we have indeed got our um IP address from open sense make sure that the uh Network worked y so we can ping Google um try the oh okay I seem to have a DNS issue always have DNS issues that's right uh what have we done wrong Services Unbound it's enabled so I'm not enabl query F him P up yeah so that's fine um so there we go I hope that helped if running open Sense on proxmox is something that you want to do uh if you did find this video useful please hit the like button to enable others to find it uh it's just the way the YouTube algorithm works uh sub subscribe to the channel and also if you hit that notifications icon you'll receive notifications of any videos as they are done and don't forget you can hire us by heading across to our website and clicking on that hire us button

Info

Channel: Sheridan Computers

Views: 2,261

Rating: undefined out of 5

Keywords: opnsense setup, opnsense install, virtual machines, how to install opnsense, opnsense installation, opnsense vm, proxmox ve, homelab ideas, opnsense tutorial, opnsense proxmox, open source firewall, opnsense setup firewall, opnsense install proxmox, how to install opnsense on proxmox, opnsense vm setup, opnsense vm install, opnsense proxmox vm, proxmox opnsense passthrough, proxmox opnsense, proxmox opnsense install, opnsense proxmox install, proxmox opnsense setup

Id: -eqenlbBDLQ

Channel Id: undefined

Length: 22min 42sec (1362 seconds)

Published: Wed Dec 06 2023