Messages

Hello

My ISP has setup so that every customer (me) needs to access an activation webpage, and on the webpage click a button "activate internet" so that the internet connection actually works.

My problem is that I cannot reach this webpage from my computer, since my computer is "behind" my OPNSense firewall/router.
I must connect a device directly, and then open a web-browser, try to go to a website which triggers a redirection to the ISP activation webpage.

Reaching the ISP activation webpage is a bothersome task, is it perhaps possible to fix in some way so that I can reach the webpage from my computer (which is behind the OPNSense firewall/router in a LAN)

Thanks for any ideas. :)

[Some questions:]

Hello

I have a "Desktop & Wallmountable" firewall which I bought from [applianceshop.eu] a few years ago.

The bios on the device is somewhat old now and I'm thinking about updating it, currently it seems to be SeaBIOS version 1.7.5-20141105_115023-ubuntu.


Some questions:

• Would there be any benefits in updating the bios?
  Of course it's always nice to have up-to-date software just for its own sake, but should I expect there to be any real/actual benefits I could notice?

• How would an update be performed?

• Is it risk-free to try updating the bios... or could there be a risk that the hardware gets bricked?

• Has anyone here got experience doing a more-or-less similar update? Perhaps even updating on this exact hardware?

Thanks for your help  :)

Below is an excerpt from the boot of my firewall which shows some information:

Code Select Expand

SeaBIOS (version 1.7.5-20141105_115023-ubuntu)
Found mainboard Deciso Netboard A10
Relocating init from 0x000e76b9 to 0xbf0e5df0 (size 41283)
Found CBFS header at 0xfffffc50
boot order:
1: /pci@i0cf8/*@14,7
2: /pci@i0cf8/*@11/drive@0/disk@0
3: /pci@i0cf8/*@11/drive@1/disk@0
4: /pci@i0cf8/usb@12,2/usb-*@2
5: /pci@i0cf8/usb@13,2/usb-*@1
6: /pci@i0cf8/usb@12,2/usb-*@1
...

Hello

I have recently done a fresh install of OPNsense v19.1.
I am wondering if there is some further configuration that is recommended to do on a fresh install? (Besides the configuration that OPNsense itself does during the installation/initial setup).


I have also looked at all the settings for the firewall and it seems like OPNsense creates a pretty ok configuration.

However, I have noticed one setting which I don't know if it's so good...
In System -> Settings -> Administration, for 'Web GUI' and 'Secure Shell' there's a setting 'Listen Interfaces' which for me by default is "All" (which should mean both WAN and LAN interfaces).

I think I want to change the value of 'Listen Interfaces' to "LAN", as a security precaution so that access is only allowed from LAN, and not from WAN.

Hello

I wanted to report back that installing OPNsense v19.1 went well with no trouble.
I used the "serial" install image on a usb-memstick. I installed according to the description below:

1. Attach prepared usb-memstick to the firewall.
2. From a desktop computer, connect a usb-cable to the firewall, the port labeled "Console" (mini-usb).
3. Establish a serial connection from the PC to the firewall. [link]
4. Reboot the firewall
5. In the boot menu, select boot from usb instead of ssd.

Now the device boots up OPNsense from the usb-stick.
Next you can choose to run OPNsense in live mode from the usb-stick, or do a permanent install to ssd.

I think the installation procedure that followed was easy.
There was an option to choose installation mode between GPT/UEFI or MBR. I selected GPT/UEFI and it went fine, (but keep in mind this options probably depends on what hardware you got!).

[with live system capabilities]

https://opnsense.org/download/
serial: USB installer image with live system capabilities running in serial console (115200) mode as MBR boot.

If I test "live system'" and it works, could I draw some conclusions from that?

Should it then be all-clear to install it to the SSD and it will work?

Thanks for the heads up about firmware, newsense!

It is this thread you are referring to? https://forum.opnsense.org/index.php?topic=4200.0
APU is the bios of the device?

The specific device I've got is this one: [link]
Hardware specs are towards the bottom of the page (but doesn't seem to say much about the board).

Hello chemlud, I have looked into installation some more.
There are some questions and I wonder if you maybe have misunderstood something in your earlier replies.

I looked at the available installation media OPNsense provides. (here: https://opnsense.org/download/ )
Since my firewall device doesn't have any video output interface (VGA), the installation media I could possibly use should be "serial" or "nano".

https://opnsense.org/download/
serial: USB installer image with live system capabilities running in serial console (115200) mode as MBR boot.
nano: a preinstalled serial image for USB sticks, SD or CF cards as MBR boot. These images are 3G in size and automatically adapt to the installed media size after first boot.

My firewall does have an SSD (that was unclear earlier, I'm sorry), so OPNsense should not run off an SD-card or similar. The OS should be installed on the SSD-disk.
I want to run a fully-featured installation of OPNSense, so I should not use the "nano" image, "serial" looks like it would be the right choice.

The documentation describes that the "serial" install image can be installed by using a usb-memory stick:

https://wiki.opnsense.org/manual/install.html#installation-method
The easiest method of installation is the USB-memstick installer. If your target platform has a serial interface choose the "serial image. 64-bit and 32-bit install images are provided. The following examples apply to both. If you need to know more about using the serial interface, consult the serial access how-to.

Write the image to a USB flash drive (>=1 GB) or an IDE hard disk, either with dd under FreeBSD, HardenedBSD or under Windows with physdiskwrite

From this information I draw the conclusion that it should work fine to use usb-memory sticks for installing OPNsense.
Also, I have a few usb-sticks lying around which is convenient.

...
So installing a new fresh version of OPNsense should be something like:
- Plug-in usb-stick to the device
- Establish serial/console connection
- Reboot the device
- Install OPNsense
(- Get everything working)

Have I gotten it right?

The process is described here: https://docs.opnsense.org/manual/install.html

I have read that and still it didn't make me fully understand how an installation would be performed on a device which is limited to Console, USB and SD Card for I/O.

In principle:

-Get a new CF/SD-card (whichever you need, just to keep your old OS and start with a fresh one).

- Get a serial to microUSB adapter for the serial console output. Something like (if your computer has a serial interface, otherwise a microUSB-USB-cable should work)
https://www.amazon.de/uc232-FTDI-RS232-Kabel-DB9-Stecker-Pinbelegung-uc232-us232-Micro-Micro-USB-male-FT232RL-150cm/dp/B078PF1RN1/ref=sr_1_5/257-5113574-8988614?ie=UTF8&qid=1550573797&sr=8-5&keywords=micro+usb+seriell+kabel

- Establish a serial access to your box (putty on windows, e.g. minicom on Linux)

- Backup your config.xml (hopefully you have already opnsense on you device. If it's pfsense you might need to be carefull with installing the config.xml to opnsense. Depending on you setup: start with the basics, interfaces, firewall, DHCP etc)

- Download fresh opnsense that fits your device (nano image, 386/x64)

- Burn image to your fresh card

- Import config.xml

- Boot device with new memory card and see how it does. If problems arise, boot from old card and report here ;-)

Thanks for the guidance.
I have done console-connection earlier (with minicom on linux) using a common usb/mini usb-cable, so I know a bit about that.

So I will need an SD-card to perform the installation? It's not possible to do it just using a console connection somehow?

If I want to be safe I should have two sd-cards, one with the old OS (old version of OPNsense) and one card with OPNsense 19.1?

Hello

I have a "Desktop & Wallmountable" device which I bought from applianceshop.eu some years ago. [applianceshop.eu]

I have never done any update on the device so the firmware/software is pretty old now.  :-[
I want to install the latest OPNsense version on the device (currently v19.1.1)

However, I don't really know well enough how an installation would be performed to do it.
I have read some documentation [link] and I guess maybe it's done by serial, or with an SD-card?

The device has three ports:
A USB type A port
A port labeled "Console" which looks like a mini-usb port
SD-card slot

Could anyone help with detailed information on how an installation could be performed for the type of device I got?

Thanks for your help