Hi guys - I am pbvious stupid, but I cannot understand any of the instructions as to verify the download.
I am on PC, I want to use a USB and but OPNSense on another PC. I have downloaded:
OPNsense-22.7-OpenSSL-vga-amd64.img.bz2 SHA256
But I cannot understand how to verify. Everyone tends to gloss over this part or is using a VM or Mac or something that just confuses me.
Sorry for the stupid question.
https://docs.opnsense.org/manual/install.html
Hi. It's not obvious to unix or linux users, even mac ones. As the manual states, the openssl tool (command line) is used. Openssl is installed on most *nixes by default, so the verification step is easy. If you're using windows, there might be a way to do it. Dunno.
Hi Cookie monster.
Thank you. I also read again the link.
But I did not understand it.
Is there a step-by-step (with pictures) walk through for dummies???
I find many of the videos and instructions leave out the obvious and I do not know what I do not know. Like to remove gear box, taken engine out.... well how?
Anyone???
Just download the files and follow the instruction on that page. Example with my last downloads I had for 21.7 (since then they've been in-place upgrades):
penguin@pluto:~/Downloads$ ls -alh {*.sig,*.img.bz2}
-rw-rw-r-- 1 penguin penguin 424M Aug 3 2021 OPNsense-21.7-OpenSSL-serial-amd64.img.bz2
-rw-rw-r-- 1 penguin penguin 695 Aug 3 2021 OPNsense-21.7-OpenSSL-serial-amd64.img.bz2.sig
-rw-rw-r-- 1 penguin penguin 695 Aug 3 2021 OPNsense-21.7.pub.sig
penguin@pluto:~/Downloads$ openssl base64 -d -in OPNsense-21.7-OpenSSL-serial-amd64.img.bz2.sig -out /tmp/image.sig
penguin@pluto:~/Downloads$ openssl dgst -sha256 -verify OPNsense-21.7.pub -signature /tmp/image.sig OPNsense-21.7-OpenSSL-serial-amd64.img.bz2
Verified OK
This is on my laptop I'm typing this from, where I made the downloads and after this verification, used the image to create a bootable usb stick.
Thank you.
https://opnsense.org/download/ I can only find one (1) file - OPNsense-22.7-OpenSSL-vga-amd64.img.bz2
Where do I get the other files and how many do I get?
Sorry....but all the instructions seem to miss this step. I watched more videos and I am still not getting it.
In the announcements page of this forum. Remember only main releases have them. That means look for the announcement for version 22.7 and not 22.7.1 as an example.
https://forum.opnsense.org/index.php?topic=29507.0
There will be on the page a few links to mirrors close to your location.
The manual page lists the four files needed and the steps.
Hi ....
There are 12 files. When I click on the first one I get 4 lines. What do I do? How do I save the files and which ones do I save.
This is very complex. All the videos just say do this, do this BAM and it works. But it does not work for me.
???
Hi
I went to https://mirror.wdc1.us.leaseweb.net/opnsense/releases/22.7/ and I double clicked on all 12 files and they have downloaded.
What is next?
You need to use the command line. And you need to have the OpenSSL command line tools available. How to do that on Windows I don't know. They are by default available on every Unix/Linux system including the Mac.
Possibly there's a different way on Windows. The 4 line text files contain cryptographic checksums of the various images that are available for download. What you need is a too, to compute that checksum for the image you donwloaded and then compare that result to what is in the text file. Maybe there is a Ui tool for Windows to do that.
Thank you for the information. I have no idea what you are asking/saying.
I am on Windows 10. I have watched a lot of videos and they all lack something. I thought I would start at the very beginning, with verifying the file.... but I am totally lost.
As most of the world is on windows, why is it so hard to use the programme on windows. I even searched for the very specific topic Verifying the OPNSense files. But nothing.
I have all 12 files downloaded. Does anyone with Windows knows what to do. There was a video about Windows Powershell, but the command lines did not work for me.
I know this is free...but surely there are windows people out there???
Of you downloaded e.g. the file
OPNsense-22.7-OpenSSL-vga-amd64.img.bz2
then in powershell change to the directory containing the file and enter this command
Get-Filehash OPNsense-22.7-OpenSSL-vga-amd64.img.bz2 -Algorithm SHA256
Then compare the result with the checksum published here:
https://forum.opnsense.org/index.php?topic=29507.0
which should be
2537f37247d98e27634c34cdf23f30f95d0ed00ac0af01c2d9675580a790f8fb
If both checksums match, you are good.
HTH,
Patrick
P.S. I just entered "windows 10 compute sha256 checksum" into google to find that.
hi Patrick
Thank you.
I got it to work.
It is similar - but mine has lower-case letters:
2537F37247D98E27634C34CDF23F30F95D0ED00AC0AF01C2D9675580A790F8FB
2537f37247d98e27634c34cdf23f30f95d0ed00ac0af01c2d9675580a790f8fb
Were did you get the thing to compare it??
Upper/lower case are meaningless. It's a hexadecimal number.
So the two numbers are identical. Your download is good.
What do you mean by "thing to compare it"? I use my eyes ;)
hi Patrick
Thank you. Always a steep learning curve.
I downloaded 12 files and note sure if any were:
2537f37247d98e27634c34cdf23f30f95d0ed00ac0af01c2d9675580a790f8fb
So I was wondering were you got all these numbers/letters.
You need exactly one file. The image you want to install. The checksums for all different images (DVD, VGA, serial, ...) are all listed on the release notes page that I already linked:
https://forum.opnsense.org/index.php?topic=29507.0
Bottom of the initial post:
SHA256 (OPNsense-22.7-OpenSSL-dvd-amd64.iso.bz2) = 9345057e993cd55dfa5280beefd33f1dc2243681defff3c5f11b84fa2c7910f8
SHA256 (OPNsense-22.7-OpenSSL-nano-amd64.img.bz2) = 061ea4ca261bcd8397ae1a4acf2fb32f0fbbb6ac00d617e1f4151318f66cc77d
SHA256 (OPNsense-22.7-OpenSSL-serial-amd64.img.bz2) = cf1603e20d4268d917b40344ddadd2f147c3e167dbe1f6cd254a2afcb586fb4d
SHA256 (OPNsense-22.7-OpenSSL-vga-amd64.img.bz2) = 2537f37247d98e27634c34cdf23f30f95d0ed00ac0af01c2d9675580a790f8fb
Four different image file names, four different checksums. Pick the one for your image.
Hi Patrick
I did not know about - https://forum.opnsense.org/index.php?topic=29507.0
I just went to the download page and then I got confused.
Perhaps there needs to be a windows page for windows and another page for idiots like me.
I think this linxus thing confuses me. I have a lot of windows PC's and thought a firewall would be good. Perhaps there is a good windows one.
Well the next thing is trying to get this onto a windows box.
In the meantime I was trying to flash the img to a USB. I failed with Rufus, failed with ImageUSB. But finally Win32 Disk Imager worked - I suppose it is a windows programme, is the reason it worked.
But thanks for the help.
All I am doing is trying to put up a firewall with VPN. I do not want anything else, just safety. Ad blocking would be good...but I do not need anything fancy.
Thanks
D
You cannot install this on a windows system. OPNsense is a firewall appliance to be installed on a dedicated separate piece of hardware. It routes/protects an entire network replacing (in many cases) your router.
Rufus generally works great but you probably need to uncompress the image first. I'd google "windows 10 bzip2" to find a suitable program for that.
Hi Patrick,
Thank you for our comments.
You have now totally stumped me.
I thought one could install OPNsense on a windows box. I have an old HP 340Ah Small Form Factor with i5 650. So, I need a Mac or something else??
I connect my internet modem to the HP and this to my switch....or have I got the whole thing totally wrong???
Now I am really confused.
Ah ... misunderstanding in both directions ;)
You can probably install OPNsense on that PC. It's just not a Windows box anymore afterwards. Installing OPNsense means completely wiping the disk/SSD and replacing whatever was installed (Windows) with the OPNsense software. OPNsense brings its own operating system.
I read "installing on Windows box" as "installing on top of a running Windows like application software". That does not work.
An Intel/AMD based PC is not a "Windows box". It's a PC. Windows is only one of several operating system options.
What model exactly? Searching for "HP 340Ah" only lead me to notebooks.
Well, I had also misunderstood the ask. I thought too that he was trying to convert a machine to OPN.
Thanks for continuing there Patrick.
Hi Patrick,
Thank you for clarifying the situation. Yes, I have a PC Compaq HP that is all on the box. All I know is the MB is a 340Ah with i5 650 and 6GB of ram. 2 of the RAM slots are not working so I am stuck with 2. It is a small form factor black box
To confirm, the Win OS will go, and the PC will run OPNsense and that is all?? I think I am OK with this. Am I??
I keep reading the posts and I am beginning to realise that you guys can do so much with this programme and all I want to do is protect myself form the outside world. I have 4 PC in my home network and Kaspersky VPN.
There is talk of very strange IP addresses and alike. I am happy with 192.168.1.1...it took me a long time to come to terms with this number. All my PC's have static IP addresses and I like it that way as I know what they are and what they do.
I have physical boxes that I can touch and just want a remarkably simple setup. I do not need to know my traffic. As I said an adblocker would be on my Wishlist. But it is so complicated.
Thanks
Dan
Looks like that box is good to go, then. Keep in mind that you need two network interfaces. If that requirement is satisfied you will probably be ok.
Hi Patrick
Thank you.
Just to confirm, and the jargon sometimes confused me. I need 2 Gigabit R45 plugs/cards in the PC. I have a spare network card that plug into a PCIE slot...???
Is there a cutdown set-up guide for the basic of the basics. No unreal PC's all boxes that exist in the real world. The only traffic I want in is email, web browsing, VPN and adblocker...I think????
Dan
Ps...my next BIG step it putting it on the PC.....that will be interesting.
Yes, probably just put the network card into an empty slot. Only after installation will we be able to see if OPNsense recognises both interfaces and everything is fine.
As for the basics: they are already set by default. Connect PC to LAN interface, OPNsense will have 192.168.1.1 IP address, configure WAN --> email, browsing, all set.
VPN and ad blocking are add-ons that need to be explicitly set up. But first things first.