Skip to content
Homelab Infrastructure
OPNsense
Post-Installation Setup

Post-Installation Setup

Networking

Interface attribution

For OPNsense to function properly as a router, two interfaces must be set: a WAN and a LAN. Let us create and assign these in proxmox.

  1. Create a Linux Bridge in Proxmox by clicking your target node, then System > Network > Create > Linux Bridge. Validate without any modification.
  2. Add this network interface to the OPNsense VM by clicking it, then Hardware > Add > Network Device.
  3. Select the new bridge you have just created and uncheck Firewall.
  4. Reboot the VM if needed, login as root, and type 1 to enter the interface assignment menu.
  5. Skip LAGG and VLAN setups for now.
  6. In WAN, type the name of the first interface according to OPNsense (it should be written in the terminal menu); and in LAN, the name of the second interface.
  7. Skip the next prompt and confirm changes when asked to.
  8. You may optionally want to setup a custom address space for your LAN and enable DHCP on it.

Note

At this point, any VM that has your new bridge as its ethernet adapter should have an IP address in the range you have configured in step 8.

Accessing the Web GUI from a device in the same network as the WAN interface
  1. Under Interfaces > [WAN], uncheck Block private networks.
  2. Under Firewall > Settings > Advanced, check Disable reply-to on WAN rules.
  3. Add a rule to allow traffic from the desired device:
    • In Firewall > Rules > WAN, click the + button.
    • Under Protocol, select TCP.
    • Scroll to Source and select WAN net.
    • Under Destination, select WAN address (the address of the router’s WAN interface).
    • Select a Destination port range (HTTPS).
    • Enter a description.
  4. Save and apply your rule.

User management

Enabling MFA in the web GUI
  1. Add an authentication server in System > Access > Servers.
  2. Give it a name.
  3. In the Type drop-down, choose Local + Timebased One Time Password.
  4. Tick the Reverse token order box.
  5. Navigate to System > Settings > Administration.
  6. If you have not done so by now, by all means TEST YOUR OTP (read next sections).
  7. Under AUthentication, add your server in the Server drop-down.
Adding an admin user
  1. Navigate to System > Users
  2. Click the + icon in the bottom right-hand corner.
  3. Fill out the form for regular credentials.
  4. Select a group, like admins.
  5. For a privileged user, you can enable privileges on All pages.
  6. If you have enabled 2FA, reveal the seed and scan it with your authenticator.
  7. Optionally, if you need to access the router using SSH, add an entry to Authorized Keys.
Testing MFA before validating
  1. Navigate to System > Tester and type you login.
  2. Type your password followed by the OTP given by your password manager in the same box as Password123456 (if 123456 is your OTP code).
Last updated on
Installation Procedure