Skip to main content

Virtual Networks, Real Security: My OPNsense Journey

 

I’ve not posted in a while, so I think it’s time for an update. In this blog post, I am installing the OPNSense firewall in my home lab. After evaluating different firewalls like pfSense and IPFire, I decided to go with OPNSense due to its comprehensive set of features and robust performance.

To begin, I downloaded a virtual machine image from the OPNSense website. OPNSense is an open-source, feature-rich firewall and routing platform that offers cutting-edge network protection. I opted for the AMD64 version, which is well-suited for my system's architecture.

Next, I prepared my virtual environment using VirtualBox. I created a new VM specifically for OPNSense and loaded the downloaded image into it. Setting up the VM involved configuring the virtual hardware, such as assigning adequate memory, processor cores, and network adapters to ensure optimal performance.

With the VM prepared, I proceeded to boot it up and eagerly watched as the system initiated its detailed boot sequence. The screen displayed intricate loading processes, initializing various hardware components and setting up sophisticated network configurations. It was fascinating to observe how the firewall system meticulously prepared itself for operation, checking each component and ensuring everything was in place for a secure and stable environment.

Once the VM was fully booted, I accessed the web dashboard through one of my Linux VMs, choosing the Linux Mint VM for this purpose. However, I encountered an issue with the IP address of the OPNSense machine not being on the correct network. Determined to resolve this, I conducted a quick Google search and found the necessary command to change the IP addressing. Although I forgot to take a screenshot of this step, it was a crucial part of the setup process.

Upon resolving the IP address issue, I successfully loaded the web dashboard on my Mint VM. I used the default credentials to log in and was immediately impressed by the comprehensive and user-friendly interface of the web dashboard. The dashboard provided a wealth of features and tools, each designed to enhance network security and management. I spent considerable time exploring these features, configuring settings, and appreciating the depth of customization options available to users.

I was particularly interested in the firewall rules and how they could be configured to provide robust security for my home lab network. The ability to create detailed firewall rules based on various criteria such as IP addresses, ports, and protocols was impressive. Additionally, the built-in intrusion detection and prevention systems (IDS/IPS) added an extra layer of security, allowing me to monitor and block suspicious activities effectively.

Another standout feature was the traffic shaping capability, which enabled me to prioritize certain types of traffic over others, ensuring that critical applications received the necessary bandwidth. This was particularly useful in a home lab environment where multiple virtual machines might compete for network resources.

Overall, the configuration phase of OPNsense was an enlightening experience, revealing the full potential of this powerful firewall and routing platform. The system's versatility and advanced features made it an excellent choice for both home and professional use, providing reliable and cutting-edge network protection.

Although I am yet to explore a lot of the features, I am already convinced of OPNsense's capabilities. Above are some screenshots to show just a few of the features that are available in OPNsense.

Next, I booted the VM and waited for it to load.

A screenshot of a computer AI-generated content may be incorrect.

This image shows part of the boot sequence for the OPNSense VM.

After creating the VM and loading the image, I proceeded to boot the VM and watched as the system initiated its boot sequence. The screen displayed the intricate and detailed loading processes, initializing various hardware components, and setting up sophisticated network configurations. It was fascinating to observe how the firewall system meticulously prepared itself for operation, checking each component and ensuring that everything was in place for a secure and stable environment. With the boot sequence completed, I eagerly moved on to the configuration phase, eager to see what OPNSense had to offer.

Once the VM was fully booted, my next step was to access the web dashboard through one of my Linux VMs; for this, I chose the Linux Mint VM. However, I encountered issues with the IP address of the OPNsense machine not being on the correct network. Determined to resolve this, I conducted a quick Google search and found the necessary command to change the IP addressing. Although I forgot to take a screenshot of this step, it was a crucial part of the setup process.

Upon resolving the IP address issue, I successfully loaded the web dashboard on my Mint VM. I used the default credentials to log in and was immediately impressed by the comprehensive and user-friendly interface of the web dashboard. The dashboard provided a wealth of features and tools, each designed to enhance network security and management. I spent considerable time exploring these features, configuring settings, and appreciating the depth of customization options available to users.

I was particularly interested in the firewall rules and how they could be configured to provide robust security for my home lab network. The ability to create detailed firewall rules based on various criteria such as IP addresses, ports, and protocols was impressive. Additionally, the built-in intrusion detection and prevention systems (IDS/IPS) added an extra layer of security, allowing me to monitor and block suspicious activities effectively.

Another standout feature was the traffic shaping capability, which enabled me to prioritize certain types of traffic over others, ensuring that critical applications received the necessary bandwidth. This was particularly useful in a home lab environment where multiple virtual machines might compete for network resources.

Overall, the configuration phase of OPNsense was an enlightening experience, revealing the full potential of this powerful firewall and routing platform. The system's versatility and advanced features made it an excellent choice for both home and professional use, providing reliable and cutting-edge network protection.

Although I am yet to explore a lot of the features.

A screenshot of a computerA screenshot of a computer AI-generated content may be incorrect.A screenshot of a computer AI-generated content may be incorrect.

 

Above are some screen shots to show just a few of the many features that are available in OPNSense.

Aside from the IP address issues, which were straightforward to resolve, it is important to note that the virtual machine needs to be configured with two network adapters in VirtualBox. I used one adapter in bridged mode and another in NAT mode for my setup. Among all the virtual machines in my lab, I found this one to be relatively easy to set up.

The reason for using two network adapters is to take advantage of different networking features. The bridged mode adapter allows the virtual machine to appear as a physical device on the same network as the host machine, which is useful for direct communication and accessing shared resources. On the other hand, the NAT mode adapter provides the virtual machine with internet access through the host's connection, creating a layer of isolation and improved security.

Furthermore, setting up the IP addresses was simplified by assigning static IPs for consistent connectivity. This approach ensured seamless interaction between the virtual machine and other devices within the lab environment. To enhance performance, I allocated sufficient memory and CPU cores, balancing resource usage to avoid overwhelming the host system while maintaining efficient operation of the virtual machine.

In conclusion, careful configuration of network adapters, thoughtful resource allocation, and strategic IP management collectively contributed to a successful and smooth setup of the virtual machine, underscoring its relative ease compared to others in my lab.

Here is the plan going forward:

·        Add another physical machine.

·        Integrate Active Directory.

·        Connect both Windows and Linux endpoints.

·        Connect all my endpoints in to my Wazuh SIEM.

Labels:

Comments

Post a Comment

Popular posts from this blog

Retail Ransom: The UK's Cyber Crisis

In the last few weeks, Recent cyberattacks on the UK retail sector have made headlines in particular M&S, Harrods, and the CO-OP. These attacks have hit retailers hard, with M&S losing £1 billion in market value alone. Retailers have faced empty shelves, electronic payment failures, and delayed deliveries as a result. A blog post from the NCSC on the 4 th May 2025 says  “Whilst we have insights, we are not yet in a position to say if these attacks are linked, if this is a concerted campaign by a single actor or whether there is no link between them at all. We are working with the victims and law enforcement colleagues to ascertain that.”   Quote from NCSC blog post https://www.ncsc.gov.uk/blog-post/incidents-impacting-retailers A cybercriminal group known as Scattered Spider appears to be the likely culprit. Who is Scattered Spider? Scattered Spider is a cybercriminal group known for targeting large organizations, particularly in retail, finance, telecoms,...
Post a Comment
Read more

Root of the Problem: Linux Flaws That Give Attackers Admin Rights

 I realised that I haven’t posted to my blog in a long time and this week an article about CVE’s in linux caught my eye and that was the perfect excuse to write another blog post. Cybersecurity researchers at Qualys have uncovered two critical local privilege escalation (LPE) flaws that are shaking the foundations of Linux security. These aren't your run-of-the-mill vulnerabilities; we're talking about direct, express lanes to full root access on major Linux distributions. If you use Ubuntu, Debian, Fedora, openSUSE Leap 15, or SUSE Linux Enterprise 15, you need to pay close attention. The Double Threat: CVE-2025-6018 & CVE-2025-6019 An article detailing the CVE’s can be found at the link below ( CVE-2025-6018 and CVE-2025-6019 Vulnerability Exploitation: Chaining Local Privilege Escalation Flaws Lets Attackers Gain Root Access on Most Linux Distributions | SOC Prime )     Qualys has pulled back the curtain on two distinct, yet chainable, vulnerabilit...
Post a Comment
Read more

Virtual Beginnings: The First Layers of My Lab

Thank you for joining me on this journey in to cybersecurity, I have a home lab and will be posting here about how I set it up and the practical exercises I do along my journey. Currently I have a Windows 11 PC with virtualbox installed. I have kali linux, metasploitable, and 4 Linux distros for endpoints. (mint, fedora, elementary and zorin). I will be expanding and changing my lab as my journey progresses. My next steps will be to install a SIEM for this I’ll be using wazuh and elastic stack.
Post a Comment
Read more