The secret of getting ahead is getting started.

So what are you waiting for ?


A few simple steps to get you going.

Thank you for choosing to Install OPNsense ! Just follow these steps and then head to our documentation for further configuration.


 

Step 1 - Hardware Selection & Sizing

Minimum & Recommended Configurations

Before you can install OPNsense select the right hardware for your setup.

If you are looking for pre-installed hardware then take a look at the Deciso hardware or one of our other partners.

Virtual

Type Description
Processor 1 or more virtual cores
RAM Minimum required RAM is 2 GB
Install method ISO
Install target Minimum recommended virtual disk size of 8GB

Minimum

The minimum specification to run all OPNsense standard features that do not need disk writes, means you can run all standard features, except for the ones that require disk writes, e.g. a caching proxy (cache) or intrusion detection and prevention (alert database).

Type Description
Processor 1Ghz dual core cpu
RAM 2 GB
Install method Serial console or video (vga)
Install target SD or CF card with a minimum of 4GB, use nano images for installation.

Reasonable

The reasonable specification to run all OPNsense standard features, means every feature is functional, but perhaps not with a lot of users or high loads.

Type Description
Processor 1 GHz dual core cpu
RAM 2 GB
Install method Serial console or video (vga)
Install target 40 GB SSD, a minimum of 2GB memory is needed for the installer to run.

The recommended specification to run all OPNsense standard features, means every feature is functional and fits most use cases.

Type Description
Processor 1.5 GHz multi core cpu
RAM 4 GB
Install method Serial console or video (vga)
Install target 120 GB SSD

Step 2 - Download & Prepare Installation Media

Select the right version for your system

Installation Files

Depending on your hardware and use case different installation files are provided to Install OPNsense:

Type Description
dvd ISO installer image with live system capabilities running in VGA-only mode
vga USB installer image with live system capabilities running in VGA-only mode
serial USB installer image with live system capabilities running in serial console (115200) mode with secondary VGA support
nano A preinstalled serial image for 4GB USB sticks, SD or CF cards for use with low-end embedded devices

32bit = i386
64bit = amd64

Sample file listing
OPNsense-16.x.x-OpenSSL-cdrom-amd64.iso.bz2
OPNsense-16.x.x-OpenSSL-nano-amd64.img.bz2
OPNsense-16.x.x-OpenSSL-serial-amd64.img.bz2
OPNsense-16.x.x-OpenSSL-vga-amd64.img.bz2

Looking for the latest realease? First download and install the current distribution version (usually updated twice a year) and then utilize the powerful update mechanism from within the User Interface.

Writing to Installation Media

The easiest method of installation is the USB-memstick installer. If your target platform has a serial interface choose the “serial image. 64-bit and 32-bit install images are provided. The following examples apply to both.

Write the image to a USB flash drive (>= 1GB), either with dd under FreeBSD or under Windows with physdiskwrite (or Rufus).

Before writing an (iso) image you need to unpack it first (use bunzip2).

FreeBSD

dd if=OPNsense-##.#.##-[Type]-[Architecture].[img|iso] of=/dev/daX bs=16k

Where X = the device number of your USB flash drive (check dmesg)

Linux

dd  if=OPNsense-##.#.##-[Type]-[Architecture].[img|iso] of=/dev/sdX bs=16k

where X = the IDE device name of your USB flash drive (check with hdparm -i /dev/sdX) (ignore the warning about trailing garbage - it’s because of the digital signature)

OpenBSD

dd if=OPNsense-##.#.##-[Type]-[Architecture].[img|iso] of=/dev/rsd6c bs=16k

The device must be the ENTIRE device (in Windows/DOS language: the ‘C’ partition), and a raw I/O device (the ‘r’ in front of the device “sd6”), not a block mode device.

Mac OS X

sudo dd  if=OPNsense-##.#.##-[Type]-[Architecture].[img|iso] of=/dev/rdiskX bs=64k

where r = raw device, and where X = the disk device number of your CF card (check Disk Utility) (ignore the warning about trailing garbage - it’s because of the digital signature)

Windows

physdiskwrite -u OPNsense-##.#.##-[Type]-[Architecture].[img|iso].img

A simple alternative for writing image under windows is Rufus a tool to create bootable USB sticks with a nice GUI.

Step 3 - Installation to Target Device

Using the USB Installer & Quickly Install OPNsense

Install OPNsense to target system

Configure your system to boot from USB.

Default behaviour is to start the Live environment, to install log in with user installer and password opnsense

The installation process involves a few simple steps.

  1. Configure console - The default configuration should be fine for most occasions.
  2. Select task - The Quick/Easy Install option should be fine for most occasions. For installations on embedded systems or systems with minimal diskspace choose Custom Installation and do not create a swap slice. Continue with default settings.
  3. Are you SURE? - When proceeding OPNsense will be installed on the first hard disk in the system.
  4. Reboot - The system is now installed and needs to be rebooted to continue with configuration.
WARNING: You will lose all files on the installation disk. If another disk is to be used then choose a Custom installation instead of the Quick/Easy Install.

VMware or XEN virtual Installations

After installation go to firmware page in the GUI and install the vmware-tools or xen-tools plugin for maximum performance and compatibility.

Step 4 - Initial Setup & Configuration

Some tips and pointers to our online documentation

Defaults


Port Assignments

By default the system will be configured with 2 interfaces LAN & WAN. The first network port found will be configured as LAN and the second will be WAN.

IP ranges & DHCP

The WAN port will have a dhcp client and expects to be assigned an IP adress.
The LAN port will have a dhcp server, a static ip of 192.168.1.1/24 and offers ip adresses in the range of 192.168.1.100-200.

Users & Passwords

Default user: root / password: opnsense

Also good to know

For security reasons ssh is disabled by default and the console access is password protected.

Online Documentation


An extensive manual is provided online with many up-to-date examples for making the most out of your newly setup security platform.
Go to: http://docs.opnsense.org