Install OPNsense on Oracle

Started by DeeGee, March 19, 2021, 11:23:18 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 19, 2021, 11:23:18 PM
I'm looking to install OPNsense on a Oracle Always Free Tier virtual machine to use as an endpoint for my WAN (local OPN on LAN and WG to Oracle) because my ISP puts me behind NAT. The VM specs seem to be fine for this limited usecase. It's not possible to upload ISO's, but apparently it can be done by loading a preinstalled qcow2 file. There is some form of scripted install but I've not figured that out yet.

So... Has anyone else installed OPN on Oracle Cloud and have insights to share?
April 18, 2021, 07:01:43 PM #1
I've got this working and could give some hints. Since you posted this a month ago, let me know whether you're still interested.

Cheers

Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
July 05, 2021, 09:41:19 PM #2
I ran into this when looking up the same topic.

@Maurice, would you be able to share your findings?
July 11, 2021, 02:06:07 AM #3
Be aware of the limitations: 50 Mbps Internet connectivity (up / down combined!), 1 virtual NIC, 32 public IPv6 addresses (no subnets), 1 public IPv4 address. The VM only gets a private IPv4 address via DHCP, the public address is NATed 1:1.

First, you have to install OPNsense in a local VM and pre-configure it. Any hypervisor should work. Important steps:

Create a VM with a single virtual NIC. OPNsense will assign it to the LAN interface, but it will be Internet-facing once running in OCI. You have to disable the DHCPv4 server and set the interface's IP configuration types to DHCP.

Add these tunables. FreeBSD won't boot in OCI without them.
hint.hpet.0.clock   0   (Disables High Precision Event Timer functionality)
kern.cam.da.0.minimum_cmd_size   10   (Increases the minimum READ/WRITE CDB size to 10 bytes)

If the resulting disk image isn't in QCOW2 format, convert it (qemu-img works). Upload the QCOW2 to a bucket and create a custom image (Linux, paravirtualized mode). Follow Oracle's guide for details. Edit the image details to add all the VM.Standard.E2 shapes.

Create an "Always Free" compute instance using the custom image. Add an ingress rule to your VCN security list allowing TCP connections to port 443. The OPNsense web UI should now be accessible and you can complete the configuration as usual.

These are the essentials which should get you started.

Cheers

Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
July 12, 2021, 06:40:26 PM #4
That's great to know thanks.  One other question is around the custom image part.  On the free tier there doesn't seem to be a way to create a custom image.  Did you do that on a paid account?
July 12, 2021, 07:28:14 PM #5
I created the custom image during the initial trial period. When signing up, you get a free $300 budget and 30 days to spend it.
Once created, custom images keep working indefinitely even after the trial period ends.

Cheers

Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
October 03, 2021, 02:52:22 PM #6
Is there any way to do this when it's no longer on the free period?
Print
Go Up Pages1
User actions