OPNSense on DigitalOcean droplet

 

 

Access your DigitalOcean account and click on “Create Droplet” button

opnsense-1

 

 

Set the hostname of new Droplet

opnsense-2

 

 

 

Select Size of new Droplet.

For most common usage, the $5 Droplet is a good choice (512MB RAM, 20GB Disk)

opnsense-3

 

 

 

 

 

 

 

 

Select Region – Its a high important step if you need use OPNSense as Firewall/router/vpn on your project. So, select the SAME region of your anothers Droplets. Droplets in different regions have no connection over “Private Network (Shared Private Network)”

opnsense-4

 

 

 

 

 

 

 

 

Select Image – Select FREEBSD 10.1 image. We will run it to install/build our OPNSense.

opnsense-5

 

 

 

 

 

 

 

 

 

 

 

Aditional settings

Check “Private Networking” and select/add a SSH KEY – FREEBSD image doesnt support password authentication.

opnsense-6

 

 

 

 

 

 

 

 

 

 

Click on “Create Droplet” button and wait few seconds/minutes.

 

Now, after your Droplet creation finish, you will get IP Address as we have on image bellow (get your own ip)

opnsense-7

 

 

 

So, now access your Droplet and follow next steps

Login to new droplet:

ssh freebsd@PUBLIC_IP

Login as root using sudo
sudo su –

# Edit FreeBSD.conf file
vi /etc/pkg/FreeBSD.conf

delete lines started with:
signature_type
and
fingerprints

Change url part “pkg.FreeBSD.org” to “pkg.opnsense.org”

The final file will be like bellow:

FreeBSD: {
url: “pkg+http://pkg.opnsense.org/${ABI}/latest”,
mirror_type: “srv”,
enabled: yes
}

Save and exit.

Install os-update:

pkg install os-update

System will ask to proceed with action 2 times. reply “y” (Yes)

Proceed with this action? [y/N]: y

Install opnsense package

pkg install opnsense

System will ask to proceed with action. reply “y” (Yes)

Proceed with this action? [y/N]: y

Run opnsense-update command

opnsense-update

Reboot system

reboot

For some reason, system does not reboot right. So, go to your droplet settings on Digital Ocean Manager interface, then go to Power menu and shutdown droplet.
It will not shutdown droplet right. But, wait 5 minutes and it will forced shutdown.

Just to know, bellow we see a Digital Ocean support team response about reboot.

“Hello,

Thank you for contacting us. We recommend that you power the droplet off from the command line via SSH. FreeBSD does not respond well to a power down from the control panel. To help let the system shut itself down we send a “polite” request when you click the power off. If after 5 minutes the droplet doesn’t respond and power down, we force it off. This is not the most graceful of power off and not recommended.

I show the power off took about 5 minutes and don’t see any errors. I believe the issue here was just our system giving it the 5 minutes to power itself down. We always recommend powering the droplet off from the command line (when you are able to) instead of the control panel.

Let us know if you have any other questions!

Regards,
James
Platform Support Specialists
Check out our community for great tutorials, articles and FAQs!
https://digitalocean.com/community

Now, back to your DigitalOcean Webmanager, select your FreeBSD Droplet and

Click on access console

opnsense-9

 

 

 

 

 

 

 

– Wait to login screen (dont setup nothing)

Login: root
Password: opnsense

> 1 – Set your interfaces WAN and LAN

vtnet0 – WAN

vtnet1 – LAN
> 2 – Set interface(s) IP address

WAN – Public IP and Netmask.

Again, form some reason, gateway maybe can not work.

So you need add Gateway yourself.

On DigitalOcean Web Manager interface, when you select Droplet “Settings”, you will see Network, Netmask, Gateway from Public interface, so get GATEWAY information and run command bellow:

route add default GATEWAY_PUBLIC_INTERFACE

in my case:

route add default 45.55.128.1

 

To access OPNSense web interface, you need disable firewall (One time once)

Run this command on terminal – (Droplet web console)

pfctl -d

Access your Droplet IP on Browser

http://YOUR_DROPLET_PUBLIC_IP

if you enable remote ssh access, you will need remove key_finger from known_hosts

in ubuntu and variants, you will need run this:
ssh-keygen -f “/home/your_user/.ssh/known_hosts” -R 45.55.137.141

in others linux as me:
edit /home/your_user/.ssh/known_hosts then, delete line with ip of your server.

Now, you are ready to work with opnsense.

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s