Thanks for watching! All the best!

Indeed.

Agreed. I have this issue now. Should we set Kali to use both NAT and Internal Network? When I do this I get Connection Failed - Activation of Network connection failed. Ifconfig only shows eth0 and not eth1. If I only use NAT, Kali has internet access but cannot ping Opnsense. If I use only Internal Network, I get network connection errors and ifconfig only I get the same issues. So I guess I'm confused what Network settings I'm supposed to use for the Kali box so that it can ping and communicate with Opnsense.

I got Kali to work by putting it on the 10.255.255.x subnet and can ping the Opnsense box, but this only works for me when I put Adapter 1 on Internal Network. If I set Adapter 1 to Nat, then Adapter 2 to Internal Network Kali won't boot up. So do I need to have both or can I just use Adapter 1 on Internal Network?

@@Incanet66 did u still figure it out ??, because i'm also in the same problem

Thanks Scott! Glad you found this useful and thanks for the sub.

Glad that you found this helpful! I have published a few videos after this one that cover various OPNsense firewall features such as IDS/IPS, Failover, Web Filtering/Proxy and Next-Generation firewall features using Zenarmor. If you haven't already, please do check those videos out. Thanks for watching!

I am stuck with Firmware not updating on Opnsense firewall. I do have internet connectivity on Kali linux, not sure what am I doing wrong. Any tips ?

thats honestly a bit of a pretentious thing to say. knowing everything there is to know about networking isnt going to help navigate a buggy interface. and if you were wondering why people had issues with it is because when you edit the ip address it takes off track6 and you are just left with static.

Awesome Video Series Thank you very much, but would you please recommned a video or a few of them (basic networking knowledge) about these concepts that are as close as possible to this video series. Thanks again for these great informative clear videos. 🙂

​I 2nd @@MrSwatsteven to some extent. Even if you "expect" people to know I find that when instructors assume anything about their audience they are doing them a disservice. The reason I am looking at this video is because I am a beginner and am trying to understand the context of these technologies. When you leave context out it makes it harder to follow along just gets frustrating.

Thanks for the comment, and I understand your frustrations especially being a beginner trying to break into a new industry. Lets put what I am trying to say in the above comment into another perspective. Lets say for instance you wanted to become a mechanic, you are going to need to learn the different parts that make up the engine, the tools that mechanics use to carry out their jobs, and the different techniques used to service engines and so on. No one is going to let you strip and rebuild their car engine if you don't know what a spark plug is or a piston, or a screwdriver vs a wrench. The very same applies in the IT industry and especially if you are you are trying to break into cyber security being a more advanced vertical within the IT industry, you HAVE to know the basics first before you can learn how to secure and find vulnerabilities in networks. I don't believe my original comment was pretentious in any way, I am simply offering guidance where I saw it was needed, with most of the issues seen related to misunderstanding of basic networking concepts, which I do assume to a certain extent people have, especially when it comes to configuring firewalls which is generally a more advanced topic. I always encourage open communication like this from my audience as it helps me to learn where I need to improve, and you will be pleased to know that I am currently working on a supplementary video to this series that explains things like how the networking works in VirtualBox which it seems most people are getting stuck on. Please understand I create these videos because I am trying to contribute to a industry that drastically needs more skilled people. I try my best to make these videos meaningful by parting with my knowledge at no charge to anyone, in my spare time. I wish you all the best with your ventures into cyber security, it will be challenging at times, but the hard work and persistence will pay off.

@@ls111cyberEd I appreciate your response and am glad that you care enough to respond. This is coming from someone who desperately wants to understand the tools and methodology and am only pointing out the shortcomings I see in the content. I appreciate you imparting your knowledge, but when doing so I would say as a teacher there are things that are more obvious to you than your student. And I hope that in your next series you take this into consideration. Thank you again for helping us with less understanding.

Thanks for the comment! 100% agree with you. These videos were created to help people get some hands on experience with a firewall that have limited resources in a lab environment. In a production environment the hardware would need to be spec'd correctly based on the business requirements and in some cases a dedicated firewall appliance may be preferred.

Hi and Thanks for watching, please check out a more recent video that I did covering the different networking modes in VirtualBox here: kzfaq.info/get/bejne/fM6Uq85lx9Ouc6c.html Kali network configuration can simply be done using the settings GUI, look for the network option and your interface, and you can set up static ipv4 addresses and DHCP there. Hopefully this helps

Do not change the static settings for the network adapter in your LAN. In the network settings for your Kali machine, click adapter 2 and enable the internal network "intnet" and save the changes. This will make both networks visible on the kali machine.

@@AnonymousLifestyle1012 there both visable for me, but now my kali network does not work. And it only works for the internet for opnsense if i switch to that adapter in Kali linux. Any ideas ?

what script did you use

Hi, thanks for watching. Try removing the second NIC from your Kali machine and make sure the first NIC is set to the internal network mode. Also, make sure that your OPNsense LAN interface is in the internal network mode, (intnet) by default. If you have DHCP enabled on OPNsense, the Kali machine will automatically get an IP address. If you don't have DHCP enabled, you need to assign a static IP address to your Kali machine on the same subnet as what you configured your OPNsense LAN interface on, then they will be able to communicate. If you need more info about how VirtualBox networking works, please check out this video: kzfaq.info/get/bejne/fM6Uq85lx9Ouc6c.html All the best with your exams.

because you dont have a NAT adapter on the kali vm, you need a NAT adapter for internet connection, best wishes

Thanks for watching!

Hi Justin, thanks for watching. You can try starting off with some basic troubleshooting. Is the WAN interface up and does it have a IP address? If it does, from the OPNSense terminal are you able to ping anything on the internet? Does the device connected to your LAN interface have internet traffic? You can also check your DNS settings, confirm that when you ping a hostname that you are getting a reply. Hopefully this points you in the right direction.

Thanks for watching, I set a static IP on my network on the 10.200.200.0/24 subnet as described between 17:00 - 20:00. It's your choice here how you would like to do this, you can leave DHCP enabled on OPNsense and it will automatically provide Kali with an IP or you can choose a static setup as I did.

Thanks for watching! I don't have Discord running at the moment, however, it's something that I will consider in the future when the channel and community grows enough, so please do share and get more people involved.

@@ls111cyberEd I would definitely appreach a discord in the future!

I don't have a video about this, however, thanks for the suggestion.

I finally was able to figure it out, just leave it dhcp dont try it static

After i used that it worked for a while then stopped so i tried bridge for both with dhcp, Hopefully it doesnt mess up the lab

I guess you could try setting the VirtualBox interface for the firewall LAN facing interface to bridged mode and giving it a IP address on your LAN, then you would need to set the default gateway on your host machine to the IP of the firewall. I am speaking off the top of my head and I have not tested this, if it does not work just revert back to the old setup.

Hi there, episode 3 of this series covers Suricata IDS/IPS features of Opnsense, link: kzfaq.info/get/bejne/irZ7f9hlxpmlZHk.html

Hi Najeeb, thanks for watching. Unfortunately there is no video detailing the network setup in Kali or the virtual switch as I assume when creating these videos that for someone to be exploring firewalls, which is an intermediate to advanced topic, that they already have an understanding of basic networking concepts like configuring IP addresses to device interfaces. In the case of this video, the virtual switch I mention does not require configuration itself, its a logical representation of a layer2 switch. At 10:47 onward, when I configure adapter 2 and join it to the internal network called "intnet" this would be the same as taking a physical cable, and plugging it into a port on a physical switch. The same applies for the Kali machine, when you setup the adapter you join it to the same internal network called "intnet" and it would be like physically plugging a cable into the same physical switch that the LAN interface of your OPNSense firewall is plugged into. Once both devices are connected to the switch, they can communicate provided that they are on the same subnet. So if you choose 192.168.1.254/24 for your OPNSense firewall, then in order for Kali to communicate with it, you will need to make sure that it uses an IP address between 192.168.1.1-192.168.1.253. Each device that you connect to the LAN network will need a unique IP address in that range. Hopefully this helps.

@@ls111cyberEd That step you skipped has stumped me too. So what are the settings on the 2 adapter cards on Kali to work with the opnsense in this video?

Hello, the disk or ISO image in this case needs to be removed before the system reboots so that it can boot from the virtual hard disk and not from the ISO image again. Once you have installed OPNSense to the disk, there is no need to boot using the ISO. Hope this helps!

Yes, correct, I disabled dhcp4 because I wanted to use static IPs on the LAN segment. I explained this in the video from about 18:50 onward. The choice is obviously yours here, you can leave dhcp4 enabled and your Kali machine will receive an IP automatically or you can assign a static address, as long as it's on the same subnet they will be able to communicate.

Hi, thanks for watching, please check out this video about VirtualBox networking, it explains the switch aspect of the lab: kzfaq.info/get/bejne/fM6Uq85lx9Ouc6c.html Kali network configuration can simply be done using the settings GUI, look for the network option and your interface, and you can setup static ipv4 addresses and DHCP there. Hopefully this helps

Hi JF, thanks for watching. Please double check that the both Kali and the OPNSense LAN interfaces are connected to the internal network called "intnet" as per the video. OPNSense will then supply Kali with a IP via DHCP. If this does not work, check your interface assignments on OPNSense and confirm that you have not accidently swapped the WAN and LAN interfaces around. Hope this helps.

Hello LS111 and thank you for your response. I have checked my configuration and it is exactly like in the video and it still does not work. As you can see from 22:04 of the video, dhcp has been assigned to the WAN interface instead. In Kali, I have set adapter 2 under network to 'Intnet'. Once again thanks for your resonse.'

@@JF-zs6jm i setup adapter 2 in kali as the intnet, still not showing. any ideas ?

Hi Kenny, thanks for watching, the 10.200.200.x/24 address range setup on my LAN/Internal network was my choice and you can choose whatever works for you. OPNSense will then use DHCP by default to provide IP's within that range to hosts on the LAN/Internal network segment which is fine for your workstations. For the servers described above, it will be best to assign static IP addresses within the same LAN/Internal range and exclude those from the DHCP IP pool.

Thanks for watching! By default, the firewall will block all communication from the outside, however, for this lab you should not be attempting to connect to it via the WAN interface anyway. You need to set up a VM attached to the LAN network and ensure that your LAN devices are all on the same subnet e.g. 192.168.1.0/24 for them to be able to communicate. From about 16:20 in the video, we start talking about configuring the firewall interfaces with IP addresses, to keep things simple, leave DHCP enabled and the firewall will automatically provide IP addresses to machines on the LAN in the above-mentioned range, the firewall can be accessed with your browser on 192.168.1.1

@@ls111cyberEd but the auto generated rules can't be changed . but what I do if the host needs to access a service on one the LAN vms . what to do to redirect the host to the vm service using the firewall ?. And another if u pleased. I tried the bridger adater on wan and the host can not ping the firewall wan ? is it also bcz of the default config knowing that I added a new pass rule to allow all and any on the wan int in the firewall settings through one my local vms

Hi Shrutika, thanks for watching. In the video from 18:50 onward I covered how to manually assign an IP address to the OPNSense LAN interface, if you follow these steps, the network I used in my lab is 10.200.200.X/24. You need to make sure that your firewall LAN interface and your kali linux machine are both connected to the 10.200.200.X/24 network. Because I disabled DHCP on the LAN interface, you will need to manually assign an IP address to your kali linux machine and use whatever your firewall LAN IP address is for kali's gateway, in the case of the video this is 10.200.200.254/24, for this to work. Alternatively, skip this part of the video and use the default OPNSense settings and connect to your firewall on 192.168.1.1 to make it a bit easier. Hope this helps

@@ls111cyberEd Thanks so much for the quick reply. I used static IP Address but as you shared I assigned the IP addresses manually on the kali machine and it worked!! Thanks again!

Update: I managed to figure it out. I restarted the OpnSense VM and also changed the repository mirror to (LeaseWeb HTTPS, San Francisco, US). Its working now.

Can you please tell me if you configured two adapters on kali linux, one for internal network and one as NAT? @@shadrachwilson1211

@@stellar369 yes thats how you do it, use one for intnet and one for NAT, if you have a problem with the intnet interface configure it manually, you can see in the video that he has to adapter activated

Thanks for watching, please double check that both your Kali VM and your OPNSense LAN interface are connected to the same internal virtual network and that they both have IP addresses in the same subnet configured correctly, if you followed the video you will need to setup a static IP address on Kali, if you decided to leave DHCP enabled on the OPNSense firewall it will automatically provide your Kali VM with an IP address. Hopefully, this helps.

Hi, thanks for watching! You need to make sure that the LAN interface is joined to the internal network (intnet), check the video at 10:40 onward. You can then watch from 16:00 onward, in the video I show you how to assign the static IP on Opnsense, hope this helps.

@@ls111cyberEd OK noted with thanks I'll check. Thanks for your videos and and explanations

Thanks for watching, you can try changing your mirror, go to system->firmware->settings and there is a dropdown box to select your mirror, try another location and see if this improves things for you.

@@ls111cyberEd Thank you it works with the cloudflare mirror. Awesome video!

Thanks for watching! It seems like you are running OPNsense in its live mode, meaning that you are running it from the installation media, and it lives in your computer's volatile memory (RAM). If you perform any configurations in live mode, they will be lost when you restart because RAM has no persistence and will be cleared on reboot. You need to be sure that you install OPNSense on your hard drive, then once done, remove the installation media to prevent yourself from booting back into live mode. Hopefully, this helps.

@@ls111cyberEd Thanks for replying I fixed that but no plugins and no ip for Linux it looks no dhcp server distributed ip from opnsense do you have any idea? I already watched last video for vm networking changed even bridging but no ip from eth1 no ping no internet.

I too had the same issue but once I turned on the dchp server that fixed the issue.

@@Adminsb42 turned it on where ?

@@Adminsb42 like on Kali? Or in the opnsense? If you got which steps you did that would be a life saver bro

@@iamnyron on opnsense. So do everything like normal when setting up the interface ip address. Once you get to the part about dchp server hit y. Then enter the ip you want on that dchp server.

@@Adminsb42 my Lan & Wan are getting addresses via dhcp, but still no internet on kali. I even setup the adapter 2 to the internet network. I appreciate the help though

Hi Ymenseus, please confirm that the computer your are pinging your OPNSense LAN IP with is on the same network subnet as your OPNSense LAN interface, so like in the case of the video at 19:36, I manually configured my OPNSense firewall to use 10.200.200.254/24 and disabled DHCP server which otherwise would automatically give IP addresses to devices on the LAN. You need to make sure that you manually assign an IP Address to you kali machine on the 10.200.200.X/24 network and that you set your Kali machines gateway to 10.200.200.254 for this work. Alternatively, keep your DHCP server enabled on the firewall and it will automatically assign an IP address to your machine.

@@ls111cyberEd Thank you so much, I've gone to File, Preferences and found the list empty so i created a new NAT network and after that in my both kali and OPNsense machines I made them connect to NAT network instead of NAT and it finally worked

Another problem i encountered is that the list of plugins isn't showing up, is there any prior settings i need to make sure of? I already clicked update before and it didn't update anything

Thanks for watching, Please try some troubleshooting basics first, does your firewall have internet access? Is your DNS setup correctly? Try pinging 8.8.8.8 or www.google.com do you get replies or does it time out?

At 10:00 onward, when we configure Adapter 1 in VirtualBox and attach it to a NAT network, this is essentially configuring em0. OPNSense is based on a Unix operating system called FreeBSD, in FreeBSD when we are referring to a network interface, you will see it named as em0, or em1 and so on, it names it like this based on the chipset used in the network card, so in this case, 'em' is for Intel based chipsets like VirtualBox emulates. If we were using RealTek network adapters they would be labeled re0 or re1. Hopefully this helps.

Thanks for watching!

Hi, thanks for watching. Double check that you unmounted the OPNSense installation .iso, possibly the VM is still booting off the .iso and not off the hard drive. If this is the case, the root password you set wont work. Hopefully this helps.

Thanks for watching, I would say around 16GB RAM and a CPU that supports virtualization, which most do anyway, however, keep in mind that you won't need to be running all these VMs at once, only the ones you are working on at the time, so you could get away with less.

@@ls111cyberEd thanks for the response 👍🏽

Well, I just started making one change at a time in the settings of the Virtualbox configs and found it was due to only having 1 CPU assigned to the machine. When I bumped it to 2 CPUs it worked.

Glad that you got it working!

@@ls111cyberEd Unfortunately I ran into another issue. I got the Suricate rule created, imported and enabled, but it would not pick up the Nmap scan. Nothing shows up in the alerts. I spent a couple hours trying to figure it out but ended up moving on to the next video.