OPNsense Forum
English Forums => Tutorials and FAQs => Topic started by: Bob Jones on February 01, 2020, 10:47:29 pm
-
*** Updated process below https://forum.opnsense.org/index.php?topic=15699.msg187076#msg187076 (https://forum.opnsense.org/index.php?topic=15699.msg187076#msg187076)
Hello -
This process can be confusing, I wanted to post the steps I took:
1. Reboot into rescue mode from the OVH console, you will get a temporary root password via email. You can also go into Account Summary, emails sent to me.
2. SSH into the rescue VM with port forwarding. You can do this with putty or if you have a shell:
ssh root@x.x.x.x -L 5900:localhost:5900
3. Download the iso to the RAM /tmp, I used "DVD" "i386"
wget -P /tmp http://mirror.wdc1.us.leaseweb.net/opnsense/releases/20.1/OPNsense-20.1-OpenSSL-dvd-i386.iso.bz2
4. Install bz2
apt update
apt install bzip2
5. Extract and delete old
cd /tmp
bzip2 -dk OPNsense-20.1-OpenSSL-dvd-i386.iso.bz2
rm OPNsense-20.1-OpenSSL-dvd-i386.iso.bz2
6. Download and start VNC
wget -qO- /tmp http://www.danpros.com/content/files/vkvm.tar.gz | tar xvz -C /tmp
/tmp/qemu-system-x86_64 -net nic -net user,hostfwd=tcp::80-:80,hostfwd=tcp::443-:443 -m 1024M -localtime -enable-kvm -hda /dev/sda -hdb /dev/sdb -vnc 127.0.0.1:0 -cdrom /tmp/OPNsense-20.1-OpenSSL-dvd-i386.iso -boot d
7. Connect your VNC client to 127.0.0.1:5900, i use VNC connect by RealVNC
8. I did guided install, some notes:
- There are sections that take forever to complete, specifically cdpup but this install did finish after many long delays within 20 min
- I did DHCP, manually set the WAN interface to vtnet0
- When selecting a drive to install to, the first drive is ~2500mb and the rescue partition. You should be installing to the second, larger drive. Mine was ~ 18000mb
9. When the install finishes, it will reboot. Go into the OVH panel and reboot your VM, not into rescue mode.
10. After reboot, open the KVM panel and login as root. Select option 8 for Shell access
11. Add route (your default gateway is typically x.x.x.1 of your primary IP with OVH)
route add -inet x.x.x.1/32 -link -iface vtnet0
route add default x.x.x.1
11. Disable firewall to access the web gui
pfctl -d
12. Log into the GUI via the WAN IP (https://), I skip the wizard.. you can always go back to it.
13. Go to Gateways, edit the ipv4 DHCP one... set the ip x.x.x.1 and set it as a "far gateway"
14. Make sure you have a rule or interface to access the admin interface
15. Reboot and test
Let me know if you have any suggestions or questions.
-
Hi Bob,
Thanks for the guide, I'm trying to move a few of our customers into the cloud and the One stumbling block I've had is trying to get a firewall setup between the customers infrastructure in OVHCloud and the Public Network.
I've read multiple guides now all suggesting different ways to do this but I can't get any of them to work for me (uploading ISO images to Horizon, Rescue Mode and VNC etc.) Even OVHCloud can't help, when I asked them they linked to an online article from 2014 that bears no resemblance to the current OpenStack Horizon console!
When I follow your guide (yours is the most recent one I found) I run out of disk space when extracting to the RAM Drive and get an error.
I'm new to Linux so please go easy on me, but any help you could provide would be very greatly appreciated!
Thanks
-
When you are using RAM as your drive you need to be aware of your space in the /tmp folder (this writes directly to RAM, not your HDD)... I believe the VPS i was using has 1GB of RAM. I would make sure you are selecting the smallest image you can install. What size VPS are you trying to install to?
-
Hi Bob, thanks for your reply, I'm sorry I haven't responded but I didn't get a notification that I had a reply for some reason.
I had to give up on this in the end as I just could not get it to work.
Instead I installed OpnSense on a Dedicated server and ordered a failover IP from OVH.
I bridged the NIC on the server and assigned the Virtual NIC a specified virtual MAC address to receive data for the new IP directly to the OpnSense VM.
I have to say that I'm really impressed, OpnSense is by far the best Firewall/Router I've ever used, it can do just about anything I can think of.
I'm still learning so I'll post questions as they come up but very happy so far.
Thanks for your help
-
Hello -
This process can be confusing, I wanted to post the steps I took:
1. Reboot into rescue mode from the OVH console, you will get a temporary root password via email. You can also go into Account Summary, emails sent to me.
2. SSH into the rescue VM with port forwarding. You can do this with putty or if you have a shell:
ssh root@x.x.x.x -L 5900:localhost:5900
3. Download the iso to the RAM /tmp, I used "DVD" "i386"
wget -P /tmp http://mirror.wdc1.us.leaseweb.net/opnsense/releases/20.1/OPNsense-20.1-OpenSSL-dvd-i386.iso.bz2
4. Install bz2
apt update
apt install bzip2
5. Extract and delete old
cd /tmp
bzip2 -dk OPNsense-20.1-OpenSSL-dvd-i386.iso.bz2
rm OPNsense-20.1-OpenSSL-dvd-i386.iso.bz2
6. Download and start VNC
wget -qO- /tmp http://www.danpros.com/content/files/vkvm.tar.gz | tar xvz -C /tmp
/tmp/qemu-system-x86_64 -net nic -net user,hostfwd=tcp::80-:80,hostfwd=tcp::443-:443 -m 1024M -localtime -enable-kvm -hda /dev/sda -hdb /dev/sdb -vnc 127.0.0.1:0 -cdrom /tmp/OPNsense-20.1-OpenSSL-dvd-i386.iso -boot d
7. Connect your VNC client to 127.0.0.1:5900, i use VNC connect by RealVNC
8. I did guided install, some notes:
- There are sections that take forever to complete, specifically cdpup but this install did finish after many long delays within 20 min
- I did DHCP, manually set the WAN interface to vtnet0
- When selecting a drive to install to, the first drive is ~2500mb and the rescue partition. You should be installing to the second, larger drive. Mine was ~ 18000mb
9. When the install finishes, it will reboot. Go into the OVH panel and reboot your VM, not into rescue mode.
10. After reboot, open the KVM panel and login as root. Select option 8 for Shell access
11. Add route (your default gateway is typically x.x.x.1 of your primary IP with OVH)
route add -inet x.x.x.1/32 -link -iface vtnet0
route add default x.x.x.1
11. Disable firewall to access the web gui
pfctl -d
12. Log into the GUI via the WAN IP (https://), I skip the wizard.. you can always go back to it.
13. Go to Gateways, edit the ipv4 DHCP one... set the ip x.x.x.1 and set it as a "far gateway"
14. Make sure you have a rule or interface to access the admin interface
15. Reboot and test
Let me know if you have any suggestions or questions.
I just had to redo this process and found the RAM can no longer handle the size of the uncompressed file. To resolve this, I took these steps:
1 - Install Ubuntu (18.04)
3 - reboot in rescue mode
4 - step 5 cd /mnt/sdb1/root/ 5 - step 6 and replace your CDROM with the appropriate filename:
/tmp/qemu-system-x86_64 -net nic -net user,hostfwd=tcp::80-:80,hostfwd=tcp::443-:443 -m 1024M -localtime -enable-kvm -hda /dev/sda -hdb /dev/sdb -vnc 127.0.0.1:0 -cdrom /mnt/sdb1/root/OPNsense-20.1-OpenSSL-vga-amd64.img -boot d
-
With the image size of OPNsense getting larger and the urge to use VPS with a small amount of RAM I have modified the process:
1- Boot the VPS in Rescue mode, it does not matter what OS is installed, it will be wiped in this process
2- Find your VPS hard drive
fdisk -l ### Should return a line that is near the same size as the VPS disk drive. /dev/sda is typically the rescue disk
/dev/sdb1 227328 41943006 41715679 19.9G Linux filesystem
3- Install and launch netcat
apt update && apt install netcat
nc -l -p 19000 | bzip2 -d | dd bs=16M of=/dev/sdb
4- On your local laptop or another server, not the VPS. Download the nano image:
cd ~/Downloads
wget https://mirror.ams1.nl.leaseweb.net/opnsense/releases/23.7/OPNsense-23.7-vga-amd64.img.bz2
5- Extract
bzip2 -dk OPNsense-23.7-nano-amd64.img.bz2
6- Send the disk image to the server
dd bs=16M if=OPNsense-23.7-nano-amd64.img | bzip2 -c | nc xx.xx.xx.xx 19000 ## The public IP of your server
7- Reboot in the OVH control panel and log in via KVM by clicking the three dots in the name square. Log in with: root/opnsense
8- Set the only interface as the WAN vtnet0 was mine
9- Set the WAN IP to static: xx.xx.xx.xx/24 <-- not /32
10- Log into the shell and set a default route
route add default x.x.x.1
11. Disable the firewall to access the web gui
pfctl -d
12- Create a firewall rule that allows you to access the GUI; this will reload the firewall.
This did work on 1GB RAM, I am not sure if it will work on 512MB
-
I'm attempting this method for an OVH VPS.
First off, thanks for the instructions. I've had to fiddle with a few things. Primarily the networking. I wasn't able to get it to work using /32 or /24 with the x.x.x.1 GW address. Out of desperation I told it to boot DHCP where it did get the original IP, marked it with a /32 and then used the GW from the previous/lower /24. So if the IP was 192.168.51.50, the GW came back as 192.168.50.1. I would think that would make it a /23 but apparently not.
Anyhow. So once that is in place and I run pfctl -d, i can reach the box. But it insists it is in LiveCD mode. Which made sense. Its like it booted off the CD as a result of writing the installation disk to the only hard disk. Not like a real / full install.
As a result, when I go to run the installer, select the FS type, partition, etc, it throws out the error :
gpart: geom 'da0': File exists
And therefore refuses to install.
I assume thats because the mounted CDRom image running on the same partition that I want to do a full (non LiveCD) install on. I'm stumped on how to get around this problem.
I've tried the image in your instructions and a newer 24.1 version as well. Same issue. :(
-
@tedly if it boots in live CD mode you probably missed the part about using the nano image for this procedure.
-
@tedly if it boots in live CD mode you probably missed the part about using the nano image for this procedure.
Ohhhh. I grabbed vga based on his instructions showing:
wget https://mirror.ams1.nl.leaseweb.net/opnsense/releases/23.7/OPNsense-23.7-vga-amd64.img.bz2
I didn't catch that he changed it to nano a few lines later. Time to give that a go before the work day starts. Thank you.
-
That was the key, it does rely on it being the nano image. No more LiveCD happening. I'm up and running after a configure and reboot.
Thank you for spotting that error of mine @Patrick.