Installing OPNsense in 5 Easy Steps

How to Install OPNsense in 5 Easy Steps

OPNsense is a FreeBSD-based firewall and routing software. It is a fork of pfSense, which in turn is a fork of the m0n0wall project. OPNsense launched in January 2015; it was named OPNsense when m0n0wall closed down in February 2015.

OPNsense can run on x86_64 processors, and as it’s based on Free BSD, a Unix derivative, it can run on more lightweight hardware than Windows. And it is free; you can download it from the OPNsense website with no licensing involved. Although configuring OPNsense requires more time and resources than commercial software, you can install OPNsense in five easy steps and start tinkering with the settings, and see if OPNsense meets your requirements. If it does, you will likely save money.

1. Find out if your hardware meets the minimum hardware requirements. If your hardware does not meet the minimum specifications, it seems logical that you cannot install OPNsense. Fortunately, the hardware requirements are fairly simple, and are listed on the OPNsense website as minimum specification, reasonable specification, and recommended specification. These requirements are summarized in the following table:

	Minimum	Reasonable	Recommended
Processor	1 GHz dual core CPU	1 GHz dual core CPU	1.5 GHz multi core CPU
RAM	2 GB	4 GB	8 GB
Install method	Serial console or video (VGA)	Serial console or video (VGA)	Serial console or video (VGA)
Install target	SD or CF card with a minimum of 4 GB; use nano images for installation	40 GB SSD; a minimum of 2 GB is needed for the installer to run	120 GB SSD

If you are purchasing hardware or installing it on a virtual machine, it behooves you to use the reasonable or recommended specifications to inform your decisions. But if you have existing hardware, the minimum specification should clue you in as far as the hardware is concerned.

2. Download OPNsense. You can download OPNsense at the official OPNsense website [https://opnsense.org/download/]. Although there is only one option for the CPU (amd64), there are several options for the image type:
   1. DVD (ISO image installer with live system capabilities running in VGA mode; UEFI boot is supported, as well as legacy boot)
   2. VGA (USB installer image with live system capabilities running in VGA mode; again, UEFI and legacy boot are supported)
   3. Serial (USB installer image with live system capabilities running in serial mode; supports UEFI and legacy boot)
   4. Nano (a preinstalled serial image for USB sticks, SD or CF card as MBR boot; these images are 3G in size and automatically adapt to the installed media after the first boot

After you have downloaded the image, it is probably a good idea to run a checksum on the downloaded image. The checksum is listed on the download page on the official OPNsense website. Verifying the checksum guarantees:

• that the downloaded file downloaded successfully;
• that the downloaded file was not corrupted in any way.

You can download a checksum checker from these sites:

• MD5 and SHA Checksum Utility
• MD5 Checker

3. Transfer the image file to the appropriate media for installation. As of now, you have the OPNsense image file. You need to transfer the image to the installation media. If you are installing OPNsense to a virtual machine, then you can skip this step; you just need to specify the image file when you are configuring settings for the virtual machine. If the system to which you are installing OPNsense has an optical drive, you may burn the image to a DVD. But if the system does not have an optical drive and has a USB interface, you might write the image to a USB thumb drive. Writing an image to a USB drive has several advantages:

• It’s easy to do with the right software;
• It’s relatively cheap, with a 16 GB Sandisk thumb drive costing only $5;
• It’s very compact, as compared to a DVD;
• Depending on the speed of your USB interface, it may be faster than a DVD;
• Unlike a DVD, you can rewrite the image.

Keep in mind that your device may not support USB (although at this point, with USB having been produced since May 1996, it’s harder to see this as a rationale), and continued writes will reduce the life span of the device. But in reality, you’re more likely to physically damage a USB thumb drive than reach the end of life for a thumb drive by constant re-writes.

In any case, here are some programs you can use to write images to a thumb drive:

• ImageUSB (for Windows only)
• Balena Etcher (for Linux and Windows)
• Rufus image writer (for Windows only) [

If you want to burn an image to a DVD, there’s the always excellent CD Burner XP available

4. Using the installation media, boot the target system and begin installation. If you are using a DVD, this may be as easy as inserting the DVD into the optical drive and booting the system, as many systems check the optical drive first. If this is not the case, or if you are using a USB thumb drive, you may have to run the BIOS/UEFI settings, or run a one-time boot menu.

Once the system boots, OPNsense will detect the system hardware, and OPNsense will load from the optical drive. Then OPNsense will prompt you for a username and password. You can log in with the default username and password:

• Username: root/installer
• Password: opnsense

Since you want to install OPNsense, you should use username “installer” and password “opnsense”. This will take you to the installation software, in which you can configure the following:

• The keymap
• The mode of installation (UFS, ZFS, or extended installation, using a previously save configuration, a password reset, or, if everything else fails, rebooting)

I could easily get bogged down in the minutia of the different installation options, but that’s a topic for a different article.

5. Now that the installation is complete, remove the installation media and reboot. You should be booting up the installation from the target drive. While it would be tempting to declare success, you should be mindful of two crucial elements:
   1. Change the default password. This is extremely important, for security reasons.
   2. Assign the interfaces. If the default interface assignments are not what you expected, assign at least the WAN and LAN interfaces.
   3. Assign an IP address for each interface. Remember that in most cases, the WAN interface is assigned by your ISP via DHCP; the LAN interface is statically assigned, and in most cases is 192.168.1.1.

Now that you have configured these parameters, you can do the rest of the configuration using the web-based graphical user interface (GUI) by accessing http://192.168.1.1 on your browser. You may still have some configuration to do, but you have successfully installed OPNsense.