Proxmox opnSense Installation and Setup
Рет қаралды 21,643
Күн бұрынTutorial on "How to Install OPNsense on Proxmox." This step-by-step guide is designed to assist you in setting up a robust and efficient virtual network environment using OPNsense and Proxmox. Perfect for both beginners and advanced users, this tutorial covers every critical aspect of the installation process. Here's what you'll learn:
✅ Downloading and Preparing OPNsense: We start by guiding you through the process of downloading the OPNsense ISO file and demonstrating how to effectively burn it onto a USB flash drive, ensuring you have a reliable installation medium.
✅ Setting Up Your Virtual Machine: Discover the nuances of configuring a virtual machine (VM) in Proxmox specifically for OPNsense. This includes allocating resources like CPU, RAM, and storage optimally for the best performance.
🧑🎓 Advanced Networking Configuration: Dive deep into the complex world of virtual and physical network interfaces. Learn how to configure PCI pass-through and network bridges in Proxmox, a critical step for a seamless OPNsense operation.
🧑🎓 OPNsense Installation & Updates: Walk through the installation process of OPNsense on your virtual machine. Plus, we’ll show you how to immediately update OPNsense to the latest version, ensuring your system is secure and up-to-date.
🧑🎓 QEMU Guest Agent Installation: A crucial step often overlooked, installing the QEMU guest agent on OPNsense can significantly enhance the performance and manageability of your virtual environment. We cover the easy steps to achieve this.
🧑🎓 Configuring VM Internet Access through OPNsense: Finally, learn how to configure other VMs in your Proxmox environment to access the internet via the OPNsense firewall, ensuring a secure and efficient network setup.
Whether you're looking to enhance your home lab, setting up a virtual office environment, or just keen on learning about virtual networking, this tutorial has got you covered. Join us and transform your Proxmox setup with OPNsense for a powerful, secure network solution.
Remember to like, share, and subscribe for more in-depth tutorials on virtualisation and networking. Drop your questions or feedback in the comments below, and let's make virtual networking easy and accessible for everyone!
OPNsense Default Install Credentials:
Username: installer
Password: opnsense
=== SUPPORT OUR CHANNEL ===
Support our channel by joining our KZfaq channel membership to donate a small amount each month. Not only does your support help us continue creating content you love, but as a channel member, you'll also enjoy early access to our videos. While our videos are scheduled for regular days and times, becoming a channel member allows you to watch them as soon as they are uploaded. Your support truly makes all the difference!
Channel Membership:
👍 www.youtube.com/@sheridans/join
Patreon:
💳 go.sheridan.uk/patreon
=== GET IN TOUCH ===
📣 Hire Us: Hire us for a Project
go.sheridan.uk/hire
📣 Forums: Discussion on Videos
go.sheridan.uk/forum
📣 Facebook: Follow Us on Facebook
go.sheridan.uk/fb
📣 LinkedIn: Connect with us on LinkedIn
go.sheridan.uk/linkedin
📣 Twitter: Get in touch on X (Twitter)
go.sheridan.uk/x
📣 Website: Our Website
sheridancomputers.co.uk/
===
=== AFFILIATES & REFERRALS ===
This video is NOT sponsored. Some product links are affiliate links which means if you buy something we'll receive a small commission.
Sheridan Computers Swag Store on Amazon:
go.sheridan.uk/swag
🛍️ Amazon Affiliate Store: Products We Use
go.sheridan.uk/amazon
AUDIO AND VIDEO
🎧 AE Juice: animation tools, plugins and presets
go.sheridan.uk/aejuice
CLOUD HOSTING, SERVERS AND STORAGE
☁️ Digital Ocean: VPS & Storage
go.sheridan.uk/ocean
☁️ HostiFi: Cloud UniFi Controllers
go.sheridan.uk/hostifi
☁️ Vultr: VPS & Storage
go.sheridan.uk/vultr
===
Timestamps:
00:00 - What we're going to cover
00:43 - Download & prepare OPNsense media
02:55 - Preparing the virtual machine hardware
05:45 - Configure VM network interfaces and bridges
11:30 - Installing OPNsense on the VM
14:35 - Configuring OPNsense via the wizard
16:28 - Installing QEMU Guest Agent plugin on OPNsense
19:05 - Configuring other VMs to use our OPNsense instance
21:30 - Set Unbound DNS forwarding within OPNsense
22:13 - Conclusion
#OPNsense #Proxmox #VirtualNetworking #NetworkSecurity #FirewallSetup #HomeLab #VirtualMachine #TechTutorial
@Nyrix1 7 ай бұрын
Thank you for this guide! I now have it working on my miniPC with 2 ethernet ports using your tutorial. Now I need to check some tutorials how to properly set up firewall settings :)
@sheridans 7 ай бұрын
Glad you have it working 💪
@prosperstudios Ай бұрын
Thank you Sheridan Computing. There is gold in this tutorial. 🎉
@prosperstudios Ай бұрын
FYI, for those of you who are building a firewall appliance, with a Proxmox hypervisor, be careful if you choose a mini pc from Ali-Express. I found my came loaded with OPNsense, with UEFI malware for a backdoor to the Ethernet driver. This was a normal machine working well. Except it was being C2ed from China. I approached the assembler about this and they sent me another installer of their Ethernet drivers with their back door and controlled malware drivers. Be aware of the provenance of your firewall device and mini pcs!!
@sheridans Ай бұрын
You're very welcome! Thank you for taking the time to leave feedback
@Sc4rEye 7 ай бұрын
Great tutorial, the only thing I would add is if you are going to run this in a production environment, you may want to go into options for the opnsense VM and change "Start at boot" to Yes.
@sheridans 7 ай бұрын
Quite correct, I forgot to mention this 👍
@JoaquinVacas 7 ай бұрын
Also, disabling the USB tablet as pointer under "Options", it makes CPU relax a while. Also, not related to but... do you notice degraded performance under OPNSense using VirtIO? Get tired of that and finally opted for doing PCI Passthrough as I have one of those mini PCs with 4 NICs, performance improved A LOT and iperf3 shows no lost packages anymore, which was the main issue for me.
@JoaquinVacas 7 ай бұрын
Disabling the USB tablet as pointer under "Options", it makes CPU relax too and it's not needed for the OS. Also, not related to but... do you notice degraded performance under OPNSense using VirtIO? Get tired of that and finally opted for doing PCI Passthrough as I have one of those mini PCs with 4 NICs, performance improved A LOT and iperf3 shows no lost packages anymore, which was the main issue for me.
@BillZUpZBdZ 7 ай бұрын
Thanks!!
@sheridans 7 ай бұрын
And yourself for saying so 👍
@muxhax2 7 ай бұрын
thank you very much! Greatly helped, especially with that qemu-agent remark. Hope, you're doing well, sir!
@sheridans 7 ай бұрын
Glad it helped, brings purpose and encouragement for the videos, much appreciated 🙏
@KymHammond Ай бұрын
Great tutorial! I am at 13:40. How in the world did you managed to put an asterisk in that box?
@sheridans Ай бұрын
Spacebar
@SilinEgor 5 ай бұрын
Thank you!
@sheridans 5 ай бұрын
Welcome, thanks for commenting. I did a live stream on these yesterday 😀
@Apollopayne25 2 ай бұрын
Hi thank you for your video. I’ve tried to do this. Got to web ui of opnsense. But my wan isn’t getting a ip from my modem. I currently run bare metal opnsense. But want to virtualise to get benefits of snapshots. Just can’t figure what I’ve done wrong
@mattax87 5 ай бұрын
look like solution for me :) TY ❤
@sheridans 5 ай бұрын
Hope it helps
@techtodaylab 6 ай бұрын
Hi Sam, why not do a PCI passthrough of the NICs instead of creating the bridges (vmbr). What's the benefit? Also Why did you set the multiqueue? Why the value of 8? Cheers
@sheridans 6 ай бұрын
You certainly can do PCI pass through and recommend it for the wan if you can. Comes down to your use case, I wasn't in a position to pass through the nic due to my physical network setup (i believe i mentioned). Increasing the multiqueue for freebsd enables multi core cpu network packets, 8 is maximum iirc. It's usually recommended to set the Multiqueue to same number of cpu cores, but no more than 8. I usually set to 8 all time, it has been said that it can cause high cpu on vm if you set it higher than nunber of cpu cores, i haven't seen this being an issue
@wilsonherazo 7 ай бұрын
I would like to know what the diagram of this tutorial is so I can understand.
@kahqt3935 7 ай бұрын
thanks for your tutorial, however wouldnt it be better to set the cpu type to HOST instead of x86x64-v2-AES? otherwise my opnsense vm is running perfectly, and i am able to get my full 2.5gb line speed.
@sheridans 7 ай бұрын
Yes, use the host setting to get full features, my bad.
@auslander1026 4 ай бұрын
i have proxmox machine with only one network port which is connected to asus AP. would appreciate advice on connection for opensense vm for that. should i create an additional vlan for opensense only? thank you!
@sheridans 4 ай бұрын
You could create a vlan yes and assign a linux bridge to it
@noormohammedshikalgar 3 ай бұрын
Hello Sir, I am struggling to get this setup you shown in the video running on my local, I followed same everything from scratch My WAN has a DHCP And i configured LAN same Dns also Still my machine cant reach internet I can ping my other devices connected to LAN but i cannot ping anything on other interfave WAN one What will be the issue here I am not getting it Please do help
@sheridans 3 ай бұрын
Can you ping internet by IP to rule out dns?
@noormohammedshikalgar 3 ай бұрын
@@sheridans No nothing was working, so i tried pfsense so i installed it And boom it worked without anything to do Out of the box it worked. So for now i am sticking to pfsense Will learn how things work in firewall And then will switch to OPNsense and fix the issue Thanks a lot for the reply
@BACKSPIN9ball Ай бұрын
I want to set this up virtualized so I can learn before moving onto a bare Metal install. would this setup be the one you recommend that wouldn't affect my main network in other words only isolated to vms that connect to the Open sense WAN and nothing else?
@sheridans Ай бұрын
This is similar to how I do, using a different IP range and then blocking anything from that IP range to main network (blocking on main network switch)
@murphyslawdoesnotalwaysapply 5 ай бұрын
you lost me at 8:25. good video overall. What where you doing with the 3rd port and why did you remove another we just made?
@sheridans 5 ай бұрын
Hi, just watched it back and started waffling a bit; sorry about that. I added the additional interface trying to explain that in most cases you'd want to pass an interface directly through to opnSense for you WAN. I was unable as my lan and wan were on the same switch port (vlan) due to the configuration of my network.
@kayodeolaoye4124 3 ай бұрын
Thanks for the tutorial, my lab ip4 didn’t open on the browser after installation, please what can I do?
@sheridans 3 ай бұрын
that's kind of hard to diagnose from youtube comments, can you ping the ip?
@kayodeolaoye4124 3 ай бұрын
Thanks for your response I can ping it inside opnsense but didn’t open webgui on browser
@orion4502 5 ай бұрын
Once I am done with setting all this up do i just unplug my old router and plug the wan into the configured wan port in OPNsense?
@sheridans 5 ай бұрын
I don't know what your current setup is or how your current router connects to the internet
@orion4502 5 ай бұрын
@@sheridanscurrently I have an Asus router but I would like to see if I could replace it with a proxmox setup and have OPNsense running on a virtual machine. Currently I have IP passthrough enabled from my modem to go to the router with DHCP enabled. How would I go about replacing the router altogether and just use the OPNsense on Proxmox?
@sheridans 5 ай бұрын
@@orion4502Depends on your internet connection and whether you'd need a modem attached.
@kayodeolaoye4124 3 ай бұрын
I can ping the ip inside opnsense with ping host but it doesn’t open on browser
@sheridans 3 ай бұрын
You could try resetting the gui via console
@iochisono97 5 ай бұрын
i've followed your steps but somehow opnsense has no access to the internet, i don't know why my isp router is blocking it since it's connected to a lan port and should be just another device for it to route traffic to
@sheridans 5 ай бұрын
Usually, you'd set your ISP router in bridge mode; though it should work either way. Is the opnsense picking up a dhcp address from your isp router? can you ping the router from opnsense?
@iochisono97 5 ай бұрын
@@sheridans the isp router has no bridge mode; opnsense gets an IP and i can see the device from the isp gui but opnsense can only reach the isp router. i was able to setup an AP with no effort, i can't understand why opnsense is not being routed
@sheridans 5 ай бұрын
So you can ping the ISP routers local address?
@iochisono97 5 ай бұрын
@@sheridans yes
@kwazie_harry 5 ай бұрын
I only have one interface, how do i go about it? i'm stuck. i can't access the interface.
@sheridans 5 ай бұрын
Your device only has 1 physical interface? Ideally you need more for a firewall
@kwazie_harry 5 ай бұрын
@@sheridans thanks for this. Found one of my old Dell DA-300 hubs that happens to have a network port. So I just basically plugged it there to get a second interface.
@Mystik3Al 4 ай бұрын
what is the default password for opnsense installer? one is not defined when VM is created.
@sheridans 4 ай бұрын
To install: installer with pass opnsense, normal login, root with pass opnsense
@Mystik3Al 4 ай бұрын
@@sheridans cheers.
@vonderlust 3 ай бұрын
Lots of glossing over settings makes this unusable. Such as the queue settings on WAN
@sheridans 3 ай бұрын
Multiqueue is related to multiple cpu threads handling packets. It's a recommended setting to pass them through to FreeBSD. Not sure what about this is unusable?
AnythingAlexia
Рет қаралды 24 МЛН
Cool Items Official
Рет қаралды 38 МЛН
Dave's Garage
Рет қаралды 587 М.
Tailscale
Рет қаралды 41 М.
Brother-live_mob
Рет қаралды 1,6 МЛН