Virtualizing OPNsense on Proxmox as Your Primary Router

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
in this video I'm going to demonstrate how to set up an open sense virtual machine on a prox MOX virtualization server so that you can use an open sense virtual machine as your primary router and firewall for your network for my network I typically run open Sense on a bare metal machine dedicated just for that purpose so that I don't have to worry about my proxmox server going down and taking down my entire network but I'm considering creating a proxmox cluster with these more powerful mini PCS so I can be more energy efficient and have more flexibility and be able to deploy very apps services and vmss and containers and those sorts of things so now I feel more comfortable running open Sense on a virtual machine because I can just live migrate this over to another proxmox node while I'm doing maintenance on my main system or I need to reboot it for updates and I can I don't have to take my network down if you if you only have one machine that you want that you have set up as a virtualization machine you just have to keep in mind that if that goes down you don't have any Internet or network to be able to get back up and running as easily as you would if you had a dedicated box for open sense so it's kind of a caveat if you want to do this only on one machine you got to know the pros and cons of what happens if your network goes down you need a backup plan or have everything downloaded so you can reinstall everything or have some spare Hardware or something like that uh ready to go in case everything goes down so I wanted to to state that I would don't recommend doing this unless you have a good backup plan so that if your proxo server goes down you're not stuck at you know not having any internet or network access so with that said I'm going to be using my proly VP 6650 which I did a walkthrough video on previously and I'm going to use a TPL link switch and I'm going to use a zma board to use as my main PC to kind of log in and configure everything and I'm going to assume this is just for illustration purposes that you're going to have like a modem or an ont that you're plugged into a an existing Network which I'm using my old linkis classic Wi-Fi router here to demonstrate that you're going to be connected to an existing Network while you configure and set this stuff up most likely so you'll be able to download and configure all this equipment here before you cut over to using this as your primary router so to walk through all the connections of what I'm going to assume in this scenario is you're going to have your your modem so your Wi-Fi router is going to be connected to your network switch you can have more interfaces and then your proxmox node or be just like any other PC or server on your network it's just going to be connected to the switch as well while we configure all this before we switch everything over and I'm going to use one of the SFP plus interfaces and use a 10 gig interface this switch doesn't support 10 gig but for illustration purposes I'm just going to use SFP plus interfaces CU where I'm going to put all the vlans since that's a higher speed interface you can get some extra bandwidth between inter you know inner VLAN routing depending if you do bridging or pass through will depend how much performance you get and if you're running IDs or IPS but you can still gain more than 1 gigabit so it's still nice to have that extra bandwidth between your vlans for routing traffic and also connected to the the switch we have a zemma board I'm be using as a PC to configure this network with and then I'm going to assume that uh you might want to hook another wireless access point or replace your other wireless access point once since we're replacing your network with this equipment that's basically what I'm going to be assuming for the network so when we're done you'll be able to plug in the interface from the WAN directly into your proly box with open Sense on it so we're going to make one of these interfaces a w interface and then we'll just be able to get rid of your existing modem or router one quick note before we move on if your ISP takes a long time to switch over to a new router or you have to call and like manually register a MAC address with them you could make note of the MAC address that's on your router it might be on the bottom on a sticker or something and you could enter that Mac address in open sense and spoof it on the W interface so then that it'll think it's the same box when you plug it back in so you basically can be up and running even quicker with your when interface without have to make any phone calls or wait you know a certain amount of time before the it switches over to your new router that's just something to keep in mind that might make your experience a little bit more seamless and a little easier to do if you want to make use of that I'm going to be using the first interface as the management interface for proxmox and it'll be how you access the web interface the PC that you're going to be using to configure this needs to be on the same network or the same VLAN um so you got to make keep that in mind when you go ahead and set this up and what's going to be interesting with our open sense virtual machine so we don't have to waste any other interfaces we could use this same interface as the landan interface of open sense so that it can we can use that as the management interface for open sense and also the management interface for proxmox cuz they'll be on the same network this will just be on our Land network so that's one uh option that's pretty interesting that you can do and that's how I'm going to configure this box so we don't waste any interfaces because we're going to use one for a w interface and then we you'll have two more interfaces over here of the 2.5 gig interfaces left you could save another one for a secondary Wan or you if you're doing clustering you might want to save one of these interfaces for corosync so it's on a dedicated Network you know I mentioned earlier that we're going to use vlans on one of the 10 gig interfaces for our vings for open sense Network the final 10 gig interface you could use it to connect it to a 10 gig storage backend server which is what I'll probably do when I I set this up to be used in my network it's just a network I set up that I could send high-speed traffic across for anything for Nas traffic or backup traffic or any of those sorts of traffic between my servers uh it's really nice to have a dedic a 10 gig Network I'm just kind of giving you some ideas to how you want to might want to utilize these network interfaces on this box before we begin the first thing we're do is configure our proxmox server at this point you need to make sure you only have the first 2.5 gig interface plugged into your existing Network we don't want to plug everything in right away at the beginning because once you get open sense set up you don't want to have it if you're using the same IP addresses and you don't want to have another dhtp server enabled in your network at the same time you could cause problems with your existing Network and we want to avoid that but for the initial setup it's good to have proxmox plugged in by itself so we can update it and get all that software configured First Once proxmox is configured we can plug directly into it with our zema board and finish configuring proxmox and open sense directly from the proxmox system independent from your network that way when we are finished you'll be able to plug in your open sense into your primary Network and it should work as your primary router so the first thing we need to check in here is your bio settings to make sure virtualization is enabled your bio screens may look a little different I'm not using core boot with the VP 6650 so this is kind of more like an old school Ami bios so in this bios it's actually under the chipset system agent configuration menu and then you'll see vt-d this is for Intel processors it might be called something different for AMD but you'll see that it's enabled down here at the bottom and that's what we want and then you'll just need to reboot your system so once we have that we'll be able to reboot once the system reboots we can hit f11 for the boot menu then you see some options to pick from we'll pick the UEFI protect I have a 64 gig thumb drive from protect Le okay now it's going to boot the proxmox installer and we'll do install graphical the first thing you'll see is the enduser license agreement the Ula once you're done reading this which we all read right we click agree and then you'll see this first screen here where you need to pick the target hard disk by default it's going to be using EXT T4 if that's what you want to use you can just pick a disc down here otherwise if you want to use ZFS to take advantage of mirroring and various other ZFS features you can click on options so I'm going to pick ZFS raid zero cuz I'm only using one dis so if you're using more than one disc you might want to pick raid one for mirroring if you want to do that but you'll see It'll show all three discs here which I only need to pick the first one which I like to use the ssds for the operating system and then nvme drives for virtual machines and containers so I can get better performance on those uh discs so let's pick SSD for the first one I have a Samsung SSD and we'll pick none do not use for the other two so if you just click okay and then we'll click next and then we'll pick the country is set to United States you can pick whatever country you want and the time zone I'm just going to pick Chicago for the fun of it and I click next and you enter the password for your root user and an email address the email address might be used if you want to do system email alerts but you can also configure that for a different email address to get different to send them to different uh email accounts so by default dccp is going to pick up your domain name which which for me it's h network.com and then it's going to use PVE I'm going to change the host name to PVE test make sure for the management interface which I don't want to forget you pick the proper one I accidentally had this one plug pluged in so it's going to pick the wrong one for me I want to use the first interface if you only have one plugged in it should pick the proper one uh it's going to pick up a dynamic IP address but it's going to set it as a static IP address in this installer so we want to make sure we change this to something that's not inside our DHCP range so I'm going to be setting it to 70 if you don't have proxmox plugged into your network at this point in time you it might show something different as a default it might use like 10 or something like that and so you can leave the Gateway and server the same if this is the network where you want to manage your proximo virtual machine which is what I'm going to be doing I'm going be using the land Network eventually from uh which is also where I'm going to manage open sense to all of my other network infrastructure so I want everything on the one network and then we'll just click next and we'll just hit install So Pro is finished installing it doesn't take too long and now it's rebooting the system there's the proxmox virtual menu okay once proxmox is loaded it says here's you can log in using this URL so we'll be able to do that here in a minute so we'll just switch over to our zema board and we'll log into our proxmox web interface and configure proxmox from there okay once you access proxmox which you said was at 192 168 170 and the ports 806 by default so we do colon 80006 you'll be able to get to this screen here and log in screen and we'll just type in our username password root and then the password that we entered on our installer and then you'll see that no valid subscription um which you'll get if you don't have a license we say okay and for the sake of everyone's eyes I'll change the color theme to dark mode which is nice that they added this a few versions ago so apply so there we go that's pretty nice so you'll see this is our node PVE test if I click on it and I go to summary you'll see that some stats about how many CPUs that we have and the type of processor and amount of resources and various things that we have available now first thing we should do is get our networking setup so when we go to create a virtual machine we'll be ready to go we're also going to create a storage for our virtual machines and containers after we configure our Network because remember we have a nvme drive that available to be able to do that so that will be used for that purpose but for now let's click on on the system section we'll go to network and by default it creates this bridge which is bbmr z for the management interface and it says the management interface is emp3 s0 which is one of our 2.5 gig interfaces as you can see here there's four 2.5 gig interfaces and two 10 gig it usually the ports on the the way they're numbered here are the same as they are numbered on the you know protect techly box and a lot of systems it should be in order but if they're wired different in Hardware they might not necessarily be in order and you'll see that it's set to a static IP address and the Gateway which is what we want for our management Network it's fine so we're actually going to reuse this bridge interface for our land interface and open sense but so let's go to create and we'll go to Linux bridge and for this bridge we're going to use the Bridge Port we'll move this down so you can see everything a little bit so we have 3 four 5 six we're going to make this the interface and we'll make it the next interface over so it'll be emp4 s0 we just type that in and we could put a comment in here saying when you know so this will be our when interface for open sense hit create and if you want you can go and edit the this first Bridge while we're at it and just put in MGMT for for management interface for proxmox and since I I have it zoomed in here so it's a little hard to see so let me scroll this over over fix this a little bit better uh so you see the comments over here management W really helps especially when you have a lot of interfaces like this to know what they're used for all right so the next Bridge we're going to create is just one on our 10 gig interfaces and the Bridge Port we're going to use is we'll just pick this first 10 gig interface at the top here which is EMP 2 s0 F0 and the comment here we can just say um we could just say vlans on that um you can call it whatever you want I don't want to call VLAN this to be confusing but we just say vlans for our Network since we'll have more than one VLAN on there and before we close that out I accidentally closed it out but we want to make this VLAN aware not because we're putting vlans in open sense because it'll work fine with the bridge to do VLS within the open sense VM but the reason we want VLAN aware option enabled here is if we have other VMS containers I'll us out your VM VMS and containers will show up in here and you'll be able to set any of those VMS and containers on any of the networks that's on this bridge so let's go ahead and apply this configuration you'll see once you apply this these once you create these Bridges it automatically sets them as active so and then they're all also set the auto start because you want these just to to automatically come online whenever you boot your machine so that's all we need to do for the network interfaces so now let's add our story just let scroll down over here to Diss and click on Diss and you'll see here's all the discs in our system and you'll even see our USB drive still I didn't unplug it um but it shows up in there as well but we have the mvme drive here that says the usage is no because it's empty but if this drive isn't empty you can go up here and click wipe dis and hit yes on it and clear it out if you have an lvm partition on it you're going to have to go down to lvm and then click on this more button and click destroy because you have to destroy the volume before you can come back here and then wipe the disc that's something I found out because I was I had a different operating system on here I was playing around with some things and I couldn't wipe the disc and I and I was trying to figure out why all right so if we go to ZFS option down here we can just create a ZFS pull on that single drive if you have multiple drives you can use any of the ZFS storage options you can use ry2 whatever or mirroring those sorts of things so we'll click on this drive because it's freely available and say it says we'll create a name called we call app storage I like to try to name it something useful so we know this is our apps and VM storage you can call it VM storage whatever so you can leave compression on that that can potentially boost a little bit of performance on your reading from your discs and stuff so let's go to create so once you create that you'll see it appears over here and it's a question mark As It Gets initialized and once it's fully initialized you'll see you'll see the dis usage right here on this little bar see now you can see that so if we go to click on it you can see how much space we have it's a 2 tbte nvme drive one thing one thing that I like to do is go to the data center and storage and let's go to local ZFS I like to disable this this is the one that's on your boot dis that way you don't accidentally use that because if you fill up your boot disc with proxmox it's really hard to recover your proxmox CU you're you can't get logged into your web guy uh very easily it's really slow and even SSH sometimes it just really almost locks up so let's go to this enable option we'll uncheck that and we'll hit okay one other thing I'll just go back to edit on this again you'll see that there's a thin provision option that's enabled by default on this GFS pool I didn't notice this even on my own installation I learned this when I was just playing around with this uh demonstration that that when you create a ZFS storage it doesn't then provision it by default so you can enable this and this will make it similar to the default storage local ZFS storage so when you go to create VMS and stuff like that it doesn't allocate all that disc space which which means you can over provision your disc space to a higher capacity than what your drive supports so if you do that you have to be careful not to fill up your drive so you can decide what you want to do there I kind of like the idea of just thin provisioning because that way you can oversize your partitions a little bit you don't have to worry about trying to resize them later and if you need more space you can just migrate it over to a bigger disc and then you don't have to worry about resizing stuff within your VMS so now we got our networking set up and our app store is created so we next thing we need to do is upload our open sense VM image by default the local storage uh provides a place to put ISO images since we're only going to put one on here we don't have to worry about filling up our boot dis but that's something to keep in mind you can create another storage like an NFS share or something like that which I do on my network and I put all my ISO images in there and I don't have to waste any space on my boot dis or any other storage that's on my proxx server but to make it simple we'll just go to ISO images under the local and we'll click upload and I already have the files downloaded and extracted to make it easy and we'll just go to this open sense DVD ISO now that we selected the DVD ISO for open sense we can click upload right we can close this out once it's uploaded you'll see we have an ISO image in here now you got some preliminary items configured in your proxmox one thing you might want to do is go ahead and configure the community repository and get proxmox up to date and you can also even disable that no subscription nag there's a handy script that you can get on this website here the t. github.io a lot of people like to use these proxmox helper scripts if you go to the one that says proxmoxve post install there's a script here we can copy and paste this so let's go back to our proxmox and we'll go back to our node here and click on shell and I always caveat you know if you're running a third party script you can make sure you go look make you know trust what it's actually doing a lot of people use these I think they're pretty trustworthy but you can do this process manually but just for the sake of demo this makes really easy um to set this up because I'll show you you can walk through this you say do the script and we'll say correct the sources make sure it's using the right uh sources and then say yes and then we disable the Enterprise repository because when you go update it'll fail so we want to disable that we want to enable the new subscription Repository and we want to correct the sources for the SEF packages we're not going to be using SEF but you can just hit it yes it doesn't hurt anything and you can add a disabled PVE test repository you could hit yes on this because it's disabled doesn't do anything but you could do no if you know you're never going to use beta features so let's do no and disable the subscription neag so that'll be nice so hit yes and of course you want to support proxmox if you can right and disable High availability I'm going to say no on that in case you want to use this as a in a cluster you don't definitely don't want to disable those sorts of features that might be necessary to use in a cluster that no because the reason they ask you that is so you can save some resources if you're not if you're just using a single node so you want to hit yes if you're using a single node and we could say update proxmoxve now we can hit say yes all right once it's done It'll ask you if you want to reboot now and you might as well do that so we can get our proxim up to date you notice it's 8 8.1.4 and I believe it'll be 8.1 do10 when it reboots as the latest version as of the time of this recording so you might need to refresh your web browser to to to if it doesn't prompt you to log in but you'll see that we're now at 8.1.1 so that's a pretty cool little script to get us up to date really quickly and you'll need to clear out your browser cash to get rid of that nag because I noticed if I log back in it still shows up now we got prox configured and up to date we're ready to create our virtual machine for open sense what we're going to do now is plug the system used to manage proxmox directly into the management report of proxmox so that we can configure open sense in a virtual machine without worrying about conflicting with our existing Network and the main reason we're doing this is because we're sharing that same land interface with open sense as we are the proxmox management interface and we don't want that land DHCP server on open sense to interfere with the land Network that you're currently plugged into so I just plugged my zma board directly into the first interface of proxmox unless refresh this page and you'll see that I still have access to proximo that's pretty cool the only thing you might need to do is manually configure your IP address I've already done that ahead of time so I want to mention that just so if you are plugging in to proxmox and it doesn't work you need to make sure you set a a manual IP address so I'm going to exit full screen mode here and show you that I have a static IP address set here if I go to configure here you see I have a set the 50 just a main IP address cuz we don't have dhtp set up just yet so now we're back in proxmox we can go to create VM and I'm on the PV test node and then I'm just going to leave the VM ID as 100 it'll use the lowest number that's over 100 that's not currently being used so you can pick whatever number you want there and then I always call this open sense and you can make sure you have this Advanced options check to you see how much more stuff you get here at the bottom because you want to make sure this starts at boot because you always want this virtual machine running and because this is also you know controlling your main Network you might want to put the start shutdown order as one here because you want this to start first before anything else on your network runs uh might not be critical for certain uh things that might not need to use your network at much but it might be a nice thing to have here because then we can we can set our other virtual machines on this box to come up after the network comes up so that's a nice little feature we'll click next for the OS we're going to select the image the DVD image for the open sense machine and it's going to default to local cuz that's our only storage that has any ISO images configured we can leave the guest type as the default for the graphics card you can leave it at the default and the scuzzy controller you can set it as the default leave it at the default as well I think this one's optimized for performance the way it threads the um processes I was looking up the machine for the best settings for virtualization for open sense you can leave all this stuff at the default if you're just using Bridges but if you want to use uh PCI pass through it's probably better to set this as Q35 I'm going to go ahead and set it up this way cuz once you change set the bias this way it's kind of a harder to do later it's possible but it's harder so what we if you if you do this now if you decide later you want to do PCI pass through this is probably better just go ahead and do it ahead of time and we'll just pick UEFI o ovmf UEFI so and then we'll say we'll just pick the storage this will be our app storage where we're going to store our container and we can do the uh cumu agent we don't really need to use TPM because um open sense doesn't use that and we just click next and we can leave this stuff as the default has I thread enabled uh dis size you can bump this up a little bit just make sure you having room for um log files whatever we could set this since we're thin provisioning we shouldn't be wasting space here right we so I can just set this to 64 gig um just to make sure we have enough you might be able to get some benefits out of doing SS you know SSD emulation I don't think that hurts some people might use discard I think for SSD I'm not sure how I don't not sure how much this stuff affects performance a whole lot especially for firewall you can play around with some of these stuff you might want to use some things that are you know potentially more optimal settings here let just go to next for Cores we're just going to do four I've noticed with open sense it doesn't tend to use much more than four and but you can bump this up to eight if you want so we could leave this type here as a default I think this one yields pretty good performance it used to default to some other values in the past like KVM 64 maybe and I think the this is the preferred default now uh that's set in proxmox and I'm not sure since this has AES in the the type here I think it has AES enabled already but there's an option down here for ases you can just make sure it's enabled for sure because if you're going to use bpns and those sorts of things that uses as instruction set it definitely does not hurt to make sure that that's enabled because you'll get better performance for VPN traffic so let's go to next uh for memory the bare minimum is you want to probably have eight gigs but if you're going to do IPS IDs you can bump it up to 12 or 16 gigs or whatever uh depends how much you have in your system because even with Zen armor running I think it usually uses six or seven gigabytes with elastic search takes up a lot of ram so let's go to next the bridges here what we're going to do is we're going to pick when we'll just pick the WAN one first okay and then we'll add more additional network interfaces because you only pick one from this initial screen but we'll we'll add more before we start the virtual machine up because we make sure we have everything in there I usually just turn off the proxx firewall because we're just going to be using the firewall and open sense I don't know if that really affects performance any or not you can disable this at the data center level if you're not using any at all and you're relying on Fireballs Within These virtual machine and the the ver IO yields the best performance usually as par Riz is what it's called and for the multiq I think the recommendation is to use as many cues as you have cores assigned to your VM so I'm I do four since I'm using four cores but if you're using eight cores you can put eight um you might get a little more performance if you do this with your network interfaces since we're using bridging so we'll just go and do that weit next and we won't hit we won't start it after creating it so that way we can add our other network interfaces so go ahead and hit finish and and you'll see over to the left here it's creating our virtual machine and it'll be kind of question mark there for a little bit until it gets initialized and created all right so now it's created so let's go over to the hardware section and we'll go add some another additional network interfaces cuz we have our first one we want our first one to be W just makes it easy to identify within the open sense virtual machine if we just make the W interface first so let's go to add and we'll go to network device and remember we're just doing brid Bridges here if you want to do PCI pass through you have to do it differently so this bridge we're going to pick if you see see this is where comments come in handy you can just see oh if you don't for forget what BMR bb1 is there it is you can see what it is so we'll use our management interface which is also our Lan for open sense and management so we'll do the multiq 4 on this as well and hit add and then we'll add our last interface we're going to be using and we're going to be adding all the ones for our vlans which is VM bbmr 2 and we'll hit multiq 4 hit add so now we have everything we need to fire up our virtual machine now just quick note here if you're going doing PCI pass through you can say PCI device and I don't have iommu enabled if you do you can you can see all the map devices here that's why you can't see anything here but even without I mmu enabled you can pass through raw the raw device so you can still do some pass through without even enabling I ommu immu gives you a little bit more control since these devices are treated independently these interfaces you can just pick even the raw interface you can pass through this one specific interface you don't really need the extra granular control of IO mmu enabled close that out just keep in mind if you're going to use a cluster it's harder to migrate that stuff there are some if you go to Data Center to show you real quick before we move on if you go down to Resource mapping there are some ways you can map Hardware at the cluster level and I think you can do manual migrations this way someone said automatic failover migrations don't currently work with this method maybe it's something new they're going to be doing but see you can map the these things to different mmu groups and subsystems and various things like that now we can fire up the open sense virtual machine but we're going to have to do one extra step before we boot into it because when you use ufi it's going to enable secure boot in the virtual machine which open sense doesn't support so we are going to do that first so if we go to start we go to console make sure you open that up and if you hit the Escape key so you'll see this is our vm's bios menu so if we go to the device manager and click on secure boot configuration and then we want to uh go down to the X and this hits a space bar which clears out that space and it says you need to restart so we want to hit F10 to save hit yes to confirm and then escape to exit and then escape again and then we can just hit continue and hit enter to reset and we have the open sense uh bootup screen for our installer actually we don't have to press any key for the configuration we just let it go and now for manual interface assignment let's just hit enter so we can pick it ourselves we set no to configure legs no vins right now we'll do that later and for the W interface name we can type in VT net0 which is our first one we we did them in order right W Lan and then our interface for all of our VLS that we're going to add later so VT Net Zero and then for the land we're going to do vtn net one when you do Bridges with virtual machines the interfaces are always going to be called vtn Net Zero through whatever um just what it names it as so we do VT net one for this one do vtn net 2 and then we say enter because we don't have any more interfac is left yes to proceed so now we're at the login screen you can use the root user if you want to do live mode and we'll just you can if you just want to try out open sense without actually installing it or you can use the installer to install open sense that's what we want to do to put it on our virtual machine so we do installer and the password is open sense and then we'll continue with the default layout of the key map if you're in us if you're somewhere else you can change it to a different key map and and for this installer you can pick ufs or ZFS since our host machine has ZFS it's generally not recommended to put ZFS on top of ZFS inside of a virtual machine like this so you might as well just use ufs and then the underlying operating system a host operating system is going to be taking advantage of all the ZFS features so you're not going to be worrying about doing ZFS snapshots inside the virtual machine we don't really need to do that cuz you can just snapshot the whole virtual machine in proxmox and restore that way so so by default we'll just uh pick the ufs option and we'll pick our hard disk of 64 gigs and you can do recommended swap of 8 gigs in case it runs out of ram it can use that as a swap it's no big deal let hit yes and we say yes destroy the disc because it's a virtual machine anyway right so let's go ahead it's cloning the system shouldn't take real long to do this depending on how fast your system is all right so now once you get to this it says it's almost complete and the one thing I recommend you do is just go and change the root password right off the bat so you don't have to worry about having a default password in there okay then just hit complete install and it'll exit and reboot all right now that it's booted up you'll see that all we have is our Lan IP address set up and there's no Wan address right now cuz we're not plugged in now the open sense is up and running we could go over to a different tab in our browser cuz we we have proxmox tab open right now we can create a new tab okay we just click on accept the risk self sign certificate we can use the username and password that we already set and let me increase the screen size a little bit so you can see and it says you can click on this icon in the corner to just exit out of this configuration guide which we could do that so now that we're logged in open sense we can see that we have our virtual CPU which has four cores and four threads that we configured has a gigs in Ram since we don't have any IDs IPS a gigs is overkill you can tune that later that's the great thing about virtual machines you could change the amount of RAM and CPU cords if you find you need more or less because we'll go ahead and configure open sense just like any other installation of open sense at this point you know you can set your network up however you want I'm not going to do a full Network build in this example one thing you might want to do to minimize downtime and disruption of switching over to open sense is use the same Mac address as your current ISP router or your customer own router that you're using using you can go to interfaces and go to the WAN interface and down here you'll see there's a place for MAC address so you can spoof the MAC address for this and it'll think it's the same device on on your ISP I just want to show you that's an option for you so if we go to the L interface it's set to this default network of 1.1 so we don't really need to do anything here if you want to use the parent interface like I mentioned before what I would probably do is go to other types and we'll create a VLAN I'm just going to show this as an example so let's go to the parent is going to be this op one you can rename that interface too if you want um but we would say this is uh you know 10 we into the tag and we can say this will be our D DMZ Network and you can create you know another Network here just say we can call this you know iot make sure we pick our our interface as optional one and then we'll go here and we'll do one more we'll just call it guest and make sure we pick opt one and hit save and you can hit apply just so we have these VLS here and if we go to um the optional interface up here you can you know disable this interface if you want and hit save and then if you just want only VLS on this interface we to set apply and we'll go to assignments and we'll go back over here and we'll we have the the various VLS that we need that we want to assign let's just go ahead and assign all of them we'll just call them the same name as the VLAN name so we know what they are iot okay and then say add and guest Network oops I can type hit add okay so now we have all of our networks they're over here and you would just configure them like you would normally and then you can go ahead and remove this one if you don't want to use the parent interface so I went ahead and finished setting up open sense with my interfaces and stuff just to save a little bit of time in this video because the main purpose was show how to set up the virtual machine aspect and how you want to configure your network interfaces but I want to do a quick little demo to show something real quick on how you can join your uh virtual machines and your containers to any of the networks that you have set up along with you know your other uh physical Hardware that you might have so I went ahead install Dark mode on here that's why it looks a little different CU I plugged the way interface of open sense in and then I also plugged in my VL interface and I made sure I use different VLAN IDs than what's already being used on my network just for demonstration purposes I showed 1020 and 30 earlier in the video but I just switched them to four five and six because I don't want to conflict with any of my other networks and have multiple DHCP servers on the network so because I don't have any extra 10 gigabit uh manage switches laying around right now currently so let's go back over to proxmox and you'll see I have two containers set up in here and I set one up on the DMZ Network one on the Network so if I do IP a and then you'll see that I'm on the4 cuz I made it4 5.6 as I mentioned earlier to match the VLAN IDs so that's pretty cool that I joined in this container with the VLAN based off of what I mentioned earlier with this if I go to network you'll see I have this VLAN aware flag you'll need to do that so when you come into your containers and you go to the network settings you'll see that I I if I double click this uh the VLAN tag I set at the four you can set whatever VLAN tags you want you can pick you have to pick your VLAN Bridge which is what I did which is vbm to and you can set any VLAN tag that you have set up for vlans on that interface and so that this is really why I said you should enable that V wear flag that option so on this one I I want to demonstrate real quick on the console that I have a physical machine plugged into the guest network uh it's in my server closet right now and I can do an perf test from a virtual machine well it's actually a container uh connecting to my physical machine with it has I server running on it right now and you'll see I can get almost 5 gigabits per second because that's the you know amount of throughput you're going to be losing when you do vlans with a bridge uh I want to show one other thing real quick just to show you how easy it is to set up a new container I'm going to shut down this one I'm just going to clone this this I just this is just a simple iunu template so it's basically like having your own iunu server setup so I once I shut this down I can go to more and I can just clone this and just set up a new one and I'll just call it um this one was my iot network so this will be iot test and I'll set clone and it just takes a few seconds to clone this now that the container is created we need to go to the network and we'll just change the VLAN tag to six so we can put it on our iot Network show you how easy it is just to move this over or set this up on a different network and we need to go to DNS and we want to put make sure it's uh 6.1 so that is our DNS server it's in our Network because by default it's going to use the host which is you know 1.1 which we don't want you know that IP address because unless you have firewall rules to access that IP address you won't be able to get to it so once we do these two things we should start up our container and we should be on the iot network which is shows you how easy it is to set up a new container I just cloned my other one just to save even more time so to IPA you can see it's 6101 so now I have a container on each Network so I can just I can I should be able to Ping any of the other containers I I just create a firewall rules to allow all the networks to communicate fully with each other just so I can make it easy to show this demo I test out make sure all everything's all connected so um I think my other container is 101 so if I ping that so I'm pinging my other container it's technically on another Network and that traffic will go over the open sense firewall and if we go over to our dashboard here and our LOB you should be able to see whenever we go to Services DCP we go to leases here's all of the different containers and this test uh 10g client is a real machine and you'll see that I have a lease here that's an old one because I was I was playing with different connecting to different networks to try it out but basically you'll see this is the physical machine and then you'll see the containers that are in here and they they just show up just like a real machine so I thought that's a kind of a cool demonstration to show how you can mix your containers and virtual machines in with with real machines so you can host things on your network when you're ready for your virtualized open sense to be your primary router or firewall you can plug in the second interface which is our when interface to your cable modem or on which I'm showing in my rack and for the interface that contains all the vlans you can connect that 10 gig interface up to your 10 gbit network switch so I hope you found this to be helpful the demonstration of how all these devices are connected and how you might want to transition from more consumer grade type equipment over to a virtual app open sense so until next time I hope you have a great day [Music]
Info
Channel: Home Network Guy
Views: 14,887
Rating: undefined out of 5
Keywords:
Id: VcTGKBHcqmk
Channel Id: undefined
Length: 41min 8sec (2468 seconds)
Published: Thu Apr 18 2024
Related Videos
Set up a Full Network using OPNsense (Part 2: OPNsense)
Home Network Guy
67K
UglyScale -- Banana-Pi BPi-M7 1st Impression
TerrorPUP
220
Proxmox opnSense Installation and Setup
Sheridan Computers
14K
UniFi Network BEGINNERS Configuration Guide | 2024
Unified IT
27K
Why Some Designs Are Impossible to Improve: Quintessence
Design Theory
41K
The EVERYTHING $300 Fanless Home Server
ServeTheHome
374K
Addendum: Virtualizing OPNsense on Proxmox as Your Primary Router
Home Network Guy
1.9K
HOW TO SETUP OPNsense: From First Boot to Fully Functional (with IPv6!)
apalrd's adventures
57K
OPNSense: Protect Your Home LAN With a Transparent Filtering Bridge with Step by Step Instructions
Dave's Garage
309K
More POWER for my HomeLab! // Proxmox Cluster
Christian Lempa
45K
Beginner's Guide to Set up a Full Network using OPNsense
Home Network Guy
35K
Our BIG network upgrade! - OPNsense DEC4280
ShortCircuit
491K
The shocking truth behind migrating from pfSense to OPNsense - Important contemplation before you do
LS111 Cyber Security Education
14K
Best Docker Containers in 2024
VirtualizationHowto
37K
I Bought a Recording Jammer. It’s Legal.
Linus Tech Tips
692K
Secure Your Self-Hosted Network with Wazuh
Techdox
61K
Windows 11 24H2 is Going To Be A Huge Update!!
CyberCPU Tech
162K
How to Set Up SR-IOV with Intel Flex 170
Level1Linux
18K
My Proxmox Home Server Walk-Through: Part 1 (TrueNAS, Portainer, Wireguard)
Hardware Haven
1M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.