HOWTO OPNsense in Microsoft Azure

Started by bulmaro, August 28, 2017, 08:37:22 PM

Previous topic - Next topic
August 28, 2017, 08:37:22 PM Last Edit: August 28, 2017, 11:42:53 PM by bulmaro
Sorry, I do not speak English, I try to translate the step I took, after reading several documents online
If someone can use the steps to configure your firewall in Microsoft Azure

FreeBSD Azure
1- Create MV FreeBSD 11.0    https://docs.microsoft.com/en-us/azure/virtual-machines/windows/classic/tutorial

2- Create another additional network interface      https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface

3- Attach the NIC to a VM   https://www.petri.com/add-network-interface-azure-vm

4- Connect with ssh MV
Before we have to enable the root user by ssh
$ sudo vi / etc / ssh / sshd_config
Locate the following line that is disabled
#PermitRootLogin on

Uncomment the line and change it in yes
PermitRootLogin yes
$ sudo /etc/rc.d/sshd restart
$ sudo passwd root
Changing local password for root
New Password:
Retype New Password:

5- Follow the next steps on the page   https://github.com/opnsense/update#
$ sudo pkg install ca_root_nss
$ sudo fetch https://raw.githubusercontent.com/opnsense/update/master/bootstrap/opnsense-bootstrap.sh

Connect with WinSCP Transfer Attachment file configure.xml
Edit the opnsense-bootstrap.sh file and comment the line
$ sudo vi opnsense-bootstrap.sh
   #reboot
$ sudo sh ./opnsense-bootstrap.sh

Before the MV restarts you must do this step, otherwise you will not have access to the MV
Open another end with the root user and copy the file
#cp config.xml /usr/local/etc/config.xml
After a successful restart, OPNsense should be up and running, Can improve the configuration to your liking
Connect via web interface https://<ip>/

6- Portal Azure Configure Route Table   https://campus.barracuda.com/product/nextgenfirewallf/article/NGF62/AzureARMUDRWebPortal/
Rute table does operation NAT  and redirection traffic the OPNsense

If there is anything else to improve, please suggest

Thanks OPNsense Teams, that's what I can contribute

Hi Bulmaro,

Thank you very much for this. Your English is just fine. :)

May I move this to the Tutorial / How-To forum?

Small improvements:

o "sudo" should always be lowercase
o config.xml, not configuration.xml
o copying config.xml can be done before package install, /usr/local/etc/config.xml should not be overwritten by the bootstrap process
o the former makes the opnsense-bootstrap.sh edit obsolete


Cheers,
Franco

Thanks Franco for the observation, I made small changes of your observation.
I think it's a good idea to move to the Tutorial section

I would suggest you to use sudo -s or sudo -i as all operations require root privileges. This way you don't have to type sudo all the time and you should use code tags.


Hi,

Thanks for the instructions - I've successfully installed and can access OPNsense via web interface, but I'm having a couple of big initial problems with the Azure FreeBSD VM.

1. Immediately after restarting the Azure vm (after installing OPNsense) I am unable to SSH to the VM - I can only access OPNsense and the VM generally via web interface
2. I am unable to create an azure backup of the VM - there appears to be a problem with the azure agent following OPNsense install and first restart.

Any idea why I am doing wrong or what I can do to fix?

Thanks in advance.

check
System> Settings> Administration
if it is enabled Secure Shell
Enable Secure Shell
Permit password login

Open the ssh port on the WAN interface
I attached the image

Hi all,
is this still the way to go for OPNsense on Azure? I'm looking for a firewall for a small project. Have used pfSense and a couple of commercial firewalls before but never tried OPNsense. But I was told how much better OPNsense is compared to pfSense so I would like to give it a try for this new project.

Best regards, Karsten