Quick tutorial: how to deploy OPNsense easily on Oracle Cloud for free.

[Bob.Dig]

Have you tried using ee on the cloud console? That should work.

Will give it a try but again, very novice user, so I might fail yet again. Thanks anyway. To bad there is no oneliner with "sed" or something.

[Bob.Dig]

I already used IPv6 when I was still on the free tier and would be very surprised if they removed this.

You where right, IPv6 is still possible. For whatever reason I can't login to the Cloud Console right now so I am unable to do anything.
Edit: it will not let my use the CC anymore, it had worked before...

[Bob.Dig]

I already used IPv6 when I was still on the free tier

So finally got it working with IPv6, thank you again.
The problem with the not working Cloud Console was that I downloaded the nano Image a second time and this time I had manually selected a mirror (cloudflare)... big mistake. The image that was given to me was not bootable/to be made bootable. Only took me some hours to find out and download from leaseweb again...

[Maurice]

Embrace it as a great learning experience! 😊
Glad it works.

[Bob.Dig]

Embrace it as a great learning experience!

But what have I learned, that I can not trust the OPNsense Mirrors for downloads? It was a great waste of time.

Anyways, if you have an idea, so that my free tier doesn't get canceled by oracle, pls let me know. I heard some stuff, you need to utilize those to some degree.

[Maurice]

https://docs.opnsense.org/manual/install.html#download-and-verification

When you're on the free tier, Oracle monitors your resource utilization and terminates instances it considers idle. That's to avoid orphaned non-revenue instances existing indefinitely. You can avoid this by upgrading to pay-as-you-go (which is still free as long as you don't exceed the free tier quotas).

[n0ir]

Hey Maurice,
thanks for your effort bringing arm Images to OCI  :)
Which qemu file do I need for the OCI Ampere Instance? ufs-serial oder ufs-efi?
When I do a "qemu-img resize filename.qemu 40G" will this create a swap partition? Or is it just 40G root and no swap?
I'm a bit lost with the next steps, I have a PAYG account. Which distribution do I need? Is it just adding a linux instance, upload the qemu to a bucket and insert it into the boot image and go?
Assistance is much appreciated, thanks everyone

[Maurice]

Which qemu file do I need for the OCI Ampere Instance? ufs-serial oder ufs-efi?

Both work, but the serial image is recommended. It allows using the cloud console for initial configuration (interface assignment, root password).

When I do a "qemu-img resize filename.qemu 40G" will this create a swap partition? Or is it just 40G root and no swap?

qemu-img only resizes the disk image, not the partitions inside it. OPNsense then expands the root partition on first boot. It does not create a swap partition. I recommend building your own image if you need a swap partition.

None of this should be necessary for OCI though. They automatically expand the image to the configured disk size (default 47 GB), no manual resizing required. And I never felt the need for swap since the Ampere instances have plenty of RAM.

I'm a bit lost with the next steps, I have a PAYG account.

Upload the qcow2 image to a bucket, then import it as a custom image (generic Linux works) and configure it to support UEFI boot and Ampere instances. Then create an instance using this image.

[n0ir]

Upload the qcow2 image to a bucket, then import it as a custom image (generic Linux works) and configure it to support UEFI boot and Ampere instances. Then create an instance using this image.

Thanks Maurice, did the steps till the Instance creation:
1. Downloaded the latest OPNsense-24.1.7-ufs-serial-vm-aarch64.qcow2.bz2
2. Unzipped and uploaded qcow2 to bucket
3. Imported custom image (type qcow2, launch mode native / paravirtualized -> tried both)
4. Create Instance from this custom image

I can't select the Ampere Instance. Below the Image there is a Lock-symbol with the letters "BS" inside. It says: This image supports confidential computing. Confidential computing is hardware technology in CPUs that encrypts data in-use while being processed and protects against these threats.

When I try to change the shape to Ampere it states: This shape is either not compatible with the selected image, or not available in the current availability domain.

Any ideas?

EDIT: Found that I need to Edit the Custom Image and allow VM.Standard.A1.Flex in Image Details. It was not ticket so I did and this solved the selection in Instances

[Maurice]

Paravirtualized mode is correct, but you might have missed this step:

[...] and configure it to support UEFI boot and Ampere instances.

By default, custom images created by importing an image from a bucket are configured to only support legacy BIOS firmware and amd64 instances. You have to change this in the custom image's capabilities and details before creating an instance.

[n0ir]

Thanks, got it working. The public IP is natted 1:1 for WAN interface, there is no way to expose the public IP directly the WAN interface i guess?

[Bob.Dig]

there is no way to expose the public IP directly the WAN interface i guess?

I don't think so but the IPv6-address is.

[kohly]

Hi!

I like to give this torial a try but it seems the version 13.1 of FreeBSD is no more available.
So i used 13.2 instead.
I was able to dd the image to the disk, also the reboot to FreeBSD works like a charm.

When i execute the opnsense-bootstrap.sh.in i get the error that ca_root_nss is already unlocket.
Then the script ends.

What can i do?

BR
Christian

[Bob.Dig]

What can i do?

Use the latest nano image and don't select the mirror yourself.

[kohly]

Use the latest nano image and don't select the mirror yourself.

Thank you for your response.

I found a 13.1 image at ftp-archive.freebsd.org and will try again with this one.

BR
Christian