OPNsense on Oracle Cloud Ampere instances (aarch64)

[Maurice]

I hope you're all doing well.

Oracle Cloud offers a VM shape based on Ampere Altra CPUs (VM.Standard.A1.Flex). It's more affordable than AMD / Intel shapes and has a generous free tier, so I decided to give it a try. I built an OPNsense-23.1.11-ufs-vm-aarch64.qcow2 image, imported it as a custom image and used it to create an Ampere instance. If you know your way around OCI, this is pretty straight forward and works surprisingly well. Initial interface assignment and root password change can be done with the cloud shell. Next, you can allow access to the Web GUI by adding an ingress rule to the VCN security list, then configure everything else as usual.

I did have to patch extras.conf to enable the serial console menu out of the box, other than that it's a standard VM build:

Code Select Expand

make update DEVICE=ARM64
make vm-qcow2,20G,off DEVICE=ARM64

The main caveat is the lack of a public update / plugin mirror for aarch64. If there is interest in this, I might consider running one. I also thought about making the image available as an OCI community image, but knowing that cloud images are part of Deciso's commercial offerings, I'd rather not. Feedback welcome.

If you want to build it yourself, here are two lessons I had to learn the hard way:

• Don't use the FreeBSD 13.1 OCI partner image for your build system. It has only 800k inodes, you will run out a few hours into the build. Instead, import FreeBSD-13.1-RELEASE-arm64-aarch64.qcow2 as a custom image. This has 6M inodes.
• OCI custom images default to BIOS boot, which doesn't work with FreeBSD / OPNsense aarch64 VM images. To enable UEFI boot, click Edit image capabilities and Save changes (you don't have to change anything).

Cheers
Maurice

[Maurice]

Almost perfect timing:

https://ftp.yrzr.tk/opnsense/FreeBSD:13:aarch64/23.1/

Thanks a lot @yrzr, works like a charm!