Installation on windows

Started by RoadRunner, September 02, 2024, 09:33:01 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
September 02, 2024, 09:33:01 AM
Hi guys, newbie here. Pardon me if this was answered before but the books I've read so far mention the necessity of use of either virtualbox or vmware when installing OPNSense. Is it possible to install OPNSense on Windows without involving Virtualbox or Vmware, utilising only USB stick or similar?

Thanks in advance,
September 02, 2024, 09:41:38 AM #1
OPNsense is an appliance OS. If you install it on your Windows machine, you will replace Windows with OPNsense. Unless you use some sort of virtualisation as you already found out.

OPNsense is not an add on to Windows but an OS for a dedicated "hardware firewall".
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
September 02, 2024, 10:40:22 AM #2
Let me know if I understood you correctly:
- Installing it on Windows will make Windows unusable,
-  If use virtualisation, I will have to start it from whatever virtualisation software I am using after the Windows booted up. That also means quite a bit of extra load on CPU and Ram. Correct?
September 02, 2024, 11:02:12 AM #3 Last Edit: September 02, 2024, 11:07:56 AM by Patrick M. Hausen
Both correct, not only will Windows be unusable, Windows will be gone from your disk/SSD if you install OPNsense over it.

What are you intending to do with OPNsense? Again: it is an OS for a dedicated firewall machine that you place between your network and the Internet. Not something you install as a "security product" on your existing desktop OS.

You need a dedicated computer for OPNsense and that replaces your ISP router in most cases.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
September 02, 2024, 11:06:43 AM #4
Running OPNsense in VM like this is OK for testing, trying learning.

But if you want to use it as your FW/Router or what ever you need a dedicated machine as mentioned by Patrick. Because you are new to this I advice to get a device and do a Baremetal setup (no Hypervisor), get a small machine install on it OPNsense.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
September 02, 2024, 11:25:11 AM #5 Last Edit: September 02, 2024, 11:27:11 AM by Monviech
If you use Windows 10 or 11, using Hyper-V to get used to the OPNsense is a good choice.

Also on Windows 11 I did some performance testing just recently.

I've gotten 9.45Gbit/s routing performance through the OPNsense between two Debian VMs (machine had 12 Core Ryzen 9 CPU, 10G Vswitches). That's pretty good for  a Hypervisor running an OPNsense.
Hardware:
DEC740
September 02, 2024, 09:07:35 PM #6
Quote from: Patrick M. Hausen on September 02, 2024, 11:02:12 AM
Both correct, not only will Windows be unusable, Windows will be gone from your disk/SSD if you install OPNsense over it.

What are you intending to do with OPNsense? Again: it is an OS for a dedicated firewall machine that you place between your network and the Internet. Not something you install as a "security product" on your existing desktop OS.

You need a dedicated computer for OPNsense and that replaces your ISP router in most cases.

I simply want to secure my home network and in this sense both OPNSense or PFSense seemed to be much better options than their consumer grade counterparts targeted at home users. If this is the wrong way to accomplish this, what would be your advice?
September 02, 2024, 09:12:03 PM #7
Buy a dedicated device, install OPNsense, come back with any questions you might have.

A consumer grade router is a dedicated device in your network, right? So is OPNsense. Main difference: you only have to buy some matching hardware, the software is free and better.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
September 02, 2024, 09:20:40 PM #8
Patrick M. Hausen, Seimus and Monviech,

Thank you all for the hand. Appreciated.
September 02, 2024, 10:47:55 PM #9
Quote from: Patrick M. Hausen on September 02, 2024, 11:02:12 AM
not only will Windows be unusable, Windows will be gone from your disk/SSD if you install OPNsense over it.

But that sounds like a nice improvement...  8) :P
September 03, 2024, 10:14:03 AM #10
Quote from: doktornotor on September 02, 2024, 10:47:55 PM
Quote from: Patrick M. Hausen on September 02, 2024, 11:02:12 AM
not only will Windows be unusable, Windows will be gone from your disk/SSD if you install OPNsense over it.

But that sounds like a nice improvement...  8) :P

I agree, I did last year such improvement on all of my laptops and PCs (as well gaming rig) and I could not be happier.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
September 06, 2024, 05:04:45 PM #11
Quote from: Monviech on September 02, 2024, 11:25:11 AM
If you use Windows 10 or 11, using Hyper-V to get used to the OPNsense is a good choice.

Also on Windows 11 I did some performance testing just recently.

I've gotten 9.45Gbit/s routing performance through the OPNsense between two Debian VMs (machine had 12 Core Ryzen 9 CPU, 10G Vswitches). That's pretty good for  a Hypervisor running an OPNsense.

Monviech, this may sound a dumb question but if I install OPNsense on one of these virtualization tools, would it protect the VMs only or the host (Windows) as well?
September 06, 2024, 05:21:38 PM #12
It would not protect anything. OPNsense goes on a dedicated device in your network. It replaces your ISP router.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
September 06, 2024, 05:24:20 PM #13
It depends on the config.

If you do a Passthrough for the WAN (virtual switch external mode), and put the host itself into the same other vswitch as the VMs (virtual switch internal with host sharing enabled), then yes.

So at least two network ports for the host. (or vlan tagging with one port, but I wouldnt advice that for beginners)

In most other cases, no.
Hardware:
DEC740
September 06, 2024, 05:57:09 PM #14
Quote from: Patrick M. Hausen on September 06, 2024, 05:21:38 PM
It would not protect anything. OPNsense goes on a dedicated device in your network. It replaces your ISP router.

Some time ago, there was a book I read, called "ETHICAL HACKING A Hands-on Introduction to Breaking In", and pfsense was one of the lab VMs to be set up that the writer said "pfSense Virtual Machine An open source router/firewall to protect the vulnerable virtual machines from outside hackers."  Considering the fact that both are very similar, the same can be achieved with OPNsense as well, I guess.

Am I missing something?
Print
Go Up Pages1 2
User actions