"
If you would like to first test OPNsense in an isolated virtual environment, this is a basic guide to get you started.
This guide assumes the following:
1. You have downloaded an OPNsense ISO image; for this guide, 18.1.5 was used and tested
2. You have installed VMware Workstation; for this guide, v14 is referenced
3. You already have an active DHCP server in your network (or any working LAN and internet connection basically, adjust your OPNsense WAN interface accordingly)
4. You want to isolate your new OPNsense-controlled test network so that it will not interfere with your current one. For this, we will also use/need another VM as a LAN client of the OPNsense-controlled network
5. You have enough resources on the host machine for VMware to run at least 2 VMs. For the OPNsense machine, please refer to https://wiki.opnsense.org/manual/hardware.html. For your other VM, please refer to your other OS requirements
VMware environment setup:
1. You will need to create an isolated LAN network serving as the OPNsense LAN network. The DHCP server of your virtual LAN network will run on a custom interface, part of this network, making sure your OPNsense LAN clients will automatically receive an IP address
- open VMware and go to Edit -> Virtual Network Editor
- click on Add Network and create a new interface; select "Host-only", making sure "Connect a host virtual network adapter" is checked and "Use local DHCP service..." is unchecked
- for Subnet IP and Subnet mask use something it's not used anywhere in your actual network. If your actual network uses 192.168.100.1/24 for example, you can use 192.168.10.0/255.255.255.0 here
- click OK to add the interface
- select the newly created interface from the list then click on "Rename network" to something easy to identify, like "OPNsense LAN"
2. Create a new virtual machine:
- select Custom configuration
- select the OPNsense ISO you downloaded
- configure at least 2 CPU cores and 4gb RAM for the OPNsense vm
- select "Use bridged networking" for the network type
- the last config window will display a summary of your VM and has a "Customize hardware" button; click on it and add a new network adapter and click "Finish" to add the adapter
3. Uncheck "Power on this VM after creation" and click "Finish" once again
4. Go to VMware -> VM -> Settings:
- make sure your first network adapter is set on "bridged"; select this network adapter and go to "Advanced" and write down the MAC address of this adapter, then click on OK or Cancel (we just need the MAC). This will be the WAN of your OPNsense VM
- go to your second network adapter and instead of "bridged" or whatever is its default, select "custom" and from the drop-down menu select "OPNsense LAN (Host-only)", then go to "Advanced" and write down the MAC address of this adapter as well
- save all settings power up the vm and create your OPNsense VM
Install OPNsense on the VM:
1. Power it up and install OPNsense referring to https://wiki.opnsense.org/manual/install.html
2. After installation, hit any key when prompted to manually assign interfaces and type in the interface corresponding to the MAC address intended for the WAN interface, then for the LAN interface
3. After OPNsense fully boots and prompts for credentials, reboot (option #6 from the console menu)
4. After the reboot, login and select option #12 (Upgrade from console)
5. Reboot once more it will not reboot automatically
Create and/or edit an existing VM serving as a LAN client for your new OPNsense network:
1. If you already have a VM, select it and go to VMware -> VM -> Settings
2. Edit your existing network adapter, select "Custom (specific virtual network)" and from the drop-down menu select "OPNsense LAN (Host-only)"
3. If you have no VM to edit, create one using the OS of your preference, making sure its network adapter has the "OPNsense LAN (Host-only)" network connection selected
4. Power up / create this VM as well
Verify your setup:
1. Make sure you have a working internet connection on your new OPNsense VM and its LAN client (ping, traceroute, web etc.)
2. Make sure you can load the OPNsense WebGUI and log on (by default, its address is http://192.168.1.1/)
3. To access the OPNsense WebGUI from your "real" network (aka your actual LAN network which is the WAN network of the OPNsense VM), you have to allow private/bogon networks on the WAN interface of the OPNsense VM and add rules to allow access to the WebGUI and/or ssh from the WAN interface of OPNsense
4. If everything works, power off your OPNsense VM and create a snapshot; you can always return to it as a basic setup if you break something while testing
Good luck!
This guide assumes the following:
1. You have downloaded an OPNsense ISO image; for this guide, 18.1.5 was used and tested
2. You have installed VMware Workstation; for this guide, v14 is referenced
3. You already have an active DHCP server in your network (or any working LAN and internet connection basically, adjust your OPNsense WAN interface accordingly)
4. You want to isolate your new OPNsense-controlled test network so that it will not interfere with your current one. For this, we will also use/need another VM as a LAN client of the OPNsense-controlled network
5. You have enough resources on the host machine for VMware to run at least 2 VMs. For the OPNsense machine, please refer to https://wiki.opnsense.org/manual/hardware.html. For your other VM, please refer to your other OS requirements
VMware environment setup:
1. You will need to create an isolated LAN network serving as the OPNsense LAN network. The DHCP server of your virtual LAN network will run on a custom interface, part of this network, making sure your OPNsense LAN clients will automatically receive an IP address
- open VMware and go to Edit -> Virtual Network Editor
- click on Add Network and create a new interface; select "Host-only", making sure "Connect a host virtual network adapter" is checked and "Use local DHCP service..." is unchecked
- for Subnet IP and Subnet mask use something it's not used anywhere in your actual network. If your actual network uses 192.168.100.1/24 for example, you can use 192.168.10.0/255.255.255.0 here
- click OK to add the interface
- select the newly created interface from the list then click on "Rename network" to something easy to identify, like "OPNsense LAN"
2. Create a new virtual machine:
- select Custom configuration
- select the OPNsense ISO you downloaded
- configure at least 2 CPU cores and 4gb RAM for the OPNsense vm
- select "Use bridged networking" for the network type
- the last config window will display a summary of your VM and has a "Customize hardware" button; click on it and add a new network adapter and click "Finish" to add the adapter
3. Uncheck "Power on this VM after creation" and click "Finish" once again
4. Go to VMware -> VM -> Settings:
- make sure your first network adapter is set on "bridged"; select this network adapter and go to "Advanced" and write down the MAC address of this adapter, then click on OK or Cancel (we just need the MAC). This will be the WAN of your OPNsense VM
- go to your second network adapter and instead of "bridged" or whatever is its default, select "custom" and from the drop-down menu select "OPNsense LAN (Host-only)", then go to "Advanced" and write down the MAC address of this adapter as well
- save all settings power up the vm and create your OPNsense VM
Install OPNsense on the VM:
1. Power it up and install OPNsense referring to https://wiki.opnsense.org/manual/install.html
2. After installation, hit any key when prompted to manually assign interfaces and type in the interface corresponding to the MAC address intended for the WAN interface, then for the LAN interface
3. After OPNsense fully boots and prompts for credentials, reboot (option #6 from the console menu)
4. After the reboot, login and select option #12 (Upgrade from console)
5. Reboot once more it will not reboot automatically
Create and/or edit an existing VM serving as a LAN client for your new OPNsense network:
1. If you already have a VM, select it and go to VMware -> VM -> Settings
2. Edit your existing network adapter, select "Custom (specific virtual network)" and from the drop-down menu select "OPNsense LAN (Host-only)"
3. If you have no VM to edit, create one using the OS of your preference, making sure its network adapter has the "OPNsense LAN (Host-only)" network connection selected
4. Power up / create this VM as well
Verify your setup:
1. Make sure you have a working internet connection on your new OPNsense VM and its LAN client (ping, traceroute, web etc.)
2. Make sure you can load the OPNsense WebGUI and log on (by default, its address is http://192.168.1.1/)
3. To access the OPNsense WebGUI from your "real" network (aka your actual LAN network which is the WAN network of the OPNsense VM), you have to allow private/bogon networks on the WAN interface of the OPNsense VM and add rules to allow access to the WebGUI and/or ssh from the WAN interface of OPNsense
4. If everything works, power off your OPNsense VM and create a snapshot; you can always return to it as a basic setup if you break something while testing
Good luck!
