The secret of getting ahead is getting started.
So what are you waiting for ?
A few simple steps to get you going.
Thank you for choosing to Install OPNsense ! Just follow these steps and then head to our documentation for further configuration.
Step 1 - Hardware Selection & Sizing
Minimum & Recommended Configurations
Before you can install OPNsense select the right hardware for your setup.
Virtual
| Type | Description |
|---|---|
| Processor | 1 or more virtual cores |
| RAM | Minimum required RAM is 2 GB |
| Install method | ISO |
| Install target | Minimum recommended virtual disk size of 8GB |
Minimum
The minimum specification to run all OPNsense standard features that do not need disk writes, means you can run all standard features, except for the ones that require disk writes, e.g. a caching proxy (cache) or intrusion detection and prevention (alert database).
| Type | Description |
|---|---|
| Processor | 1Ghz dual core cpu |
| RAM | 2 GB |
| Install method | Serial console or video (vga) |
| Install target | SD or CF card with a minimum of 4GB, use nano images for installation. |
Reasonable
The reasonable specification to run all OPNsense standard features, means every feature is functional, but perhaps not with a lot of users or high loads.
| Type | Description |
|---|---|
| Processor | 1 GHz dual core cpu |
| RAM | 2 GB |
| Install method | Serial console or video (vga) |
| Install target | 40 GB SSD, a minimum of 2GB memory is needed for the installer to run. |
Recommended
The recommended specification to run all OPNsense standard features, means every feature is functional and fits most use cases.
| Type | Description |
|---|---|
| Processor | 1.5 GHz multi core cpu |
| RAM | 4 GB |
| Install method | Serial console or video (vga) |
| Install target | 120 GB SSD |
Step 2 - Download & Prepare Installation Media
Select the right version for your system
Installation Files
Depending on your hardware and use case different installation files are provided to Install OPNsense:
| Type | Description |
|---|---|
| dvd | ISO installer image with live system capabilities running in VGA-only mode |
| vga | USB installer image with live system capabilities running in VGA-only mode |
| serial | USB installer image with live system capabilities running in serial console (115200) mode with secondary VGA support |
| nano | A preinstalled serial image for 4GB USB sticks, SD or CF cards for use with low-end embedded devices |
32bit = i386
64bit = amd64
Sample file listing
OPNsense-16.x.x-OpenSSL-cdrom-amd64.iso.bz2
OPNsense-16.x.x-OpenSSL-nano-amd64.img.bz2
OPNsense-16.x.x-OpenSSL-serial-amd64.img.bz2
OPNsense-16.x.x-OpenSSL-vga-amd64.img.bz2
Writing to Installation Media
The easiest method of installation is the USB-memstick installer. If your target platform has a serial interface choose the “serial image. 64-bit and 32-bit install images are provided. The following examples apply to both.
Write the image to a USB flash drive (>= 1GB), either with dd under FreeBSD or under Windows with physdiskwrite (or Rufus).
Before writing an (iso) image you need to unpack it first (use bunzip2).
FreeBSD
dd if=OPNsense-##.#.##-[Type]-[Architecture].[img|iso] of=/dev/daX bs=16k
Where X = the device number of your USB flash drive (check dmesg)
Linux
dd if=OPNsense-##.#.##-[Type]-[Architecture].[img|iso] of=/dev/sdX bs=16k
where X = the IDE device name of your USB flash drive (check with hdparm -i /dev/sdX) (ignore the warning about trailing garbage - it’s because of the digital signature)
OpenBSD
dd if=OPNsense-##.#.##-[Type]-[Architecture].[img|iso] of=/dev/rsd6c bs=16k
The device must be the ENTIRE device (in Windows/DOS language: the ‘C’ partition), and a raw I/O device (the ‘r’ in front of the device “sd6”), not a block mode device.
Mac OS X
sudo dd if=OPNsense-##.#.##-[Type]-[Architecture].[img|iso] of=/dev/rdiskX bs=64k
where r = raw device, and where X = the disk device number of your CF card (check Disk Utility) (ignore the warning about trailing garbage - it’s because of the digital signature)
Windows
physdiskwrite -u OPNsense-##.#.##-[Type]-[Architecture].[img|iso].img
A simple alternative for writing image under windows is Rufus a tool to create bootable USB sticks with a nice GUI.
Step 3 - Installation to Target Device
Using the USB Installer & Quickly Install OPNsense
Install OPNsense to target system
Configure your system to boot from USB.
Default behaviour is to start the Live environment, to install log in with user installer and password opnsense
The installation process involves a few simple steps.
- Configure console - The default configuration should be fine for most occasions.
- Select task - The Quick/Easy Install option should be fine for most occasions. For installations on embedded systems or systems with minimal diskspace choose Custom Installation and do not create a swap slice. Continue with default settings.
- Are you SURE? - When proceeding OPNsense will be installed on the first hard disk in the system.
- Reboot - The system is now installed and needs to be rebooted to continue with configuration.
VMware or XEN virtual Installations
After installation go to firmware page in the GUI and install the vmware-tools or xen-tools plugin for maximum performance and compatibility.
Step 4 - Initial Setup & Configuration
Some tips and pointers to our online documentation
Defaults
Port Assignments
By default the system will be configured with 2 interfaces LAN & WAN. The first network port found will be configured as LAN and the second will be WAN.
IP ranges & DHCP
The WAN port will have a dhcp client and expects to be assigned an IP adress.
The LAN port will have a dhcp server, a static ip of 192.168.1.1/24 and offers ip adresses in the range of 192.168.1.100-200.
Users & Passwords
Default user: root / password: opnsense
Also good to know
For security reasons ssh is disabled by default and the console access is password protected.
Online Documentation
An extensive manual is provided online with many up-to-date examples for making the most out of your newly setup security platform.
Go to: http://docs.opnsense.org