Skip to main content

Virtual Networks, Real Security: My OPNsense Journey

 

I’ve not posted in a while, so I think it’s time for an update. In this blog post, I am installing the OPNSense firewall in my home lab. After evaluating different firewalls like pfSense and IPFire, I decided to go with OPNSense due to its comprehensive set of features and robust performance.

To begin, I downloaded a virtual machine image from the OPNSense website. OPNSense is an open-source, feature-rich firewall and routing platform that offers cutting-edge network protection. I opted for the AMD64 version, which is well-suited for my system's architecture.

Next, I prepared my virtual environment using VirtualBox. I created a new VM specifically for OPNSense and loaded the downloaded image into it. Setting up the VM involved configuring the virtual hardware, such as assigning adequate memory, processor cores, and network adapters to ensure optimal performance.

With the VM prepared, I proceeded to boot it up and eagerly watched as the system initiated its detailed boot sequence. The screen displayed intricate loading processes, initializing various hardware components and setting up sophisticated network configurations. It was fascinating to observe how the firewall system meticulously prepared itself for operation, checking each component and ensuring everything was in place for a secure and stable environment.

Once the VM was fully booted, I accessed the web dashboard through one of my Linux VMs, choosing the Linux Mint VM for this purpose. However, I encountered an issue with the IP address of the OPNSense machine not being on the correct network. Determined to resolve this, I conducted a quick Google search and found the necessary command to change the IP addressing. Although I forgot to take a screenshot of this step, it was a crucial part of the setup process.

Upon resolving the IP address issue, I successfully loaded the web dashboard on my Mint VM. I used the default credentials to log in and was immediately impressed by the comprehensive and user-friendly interface of the web dashboard. The dashboard provided a wealth of features and tools, each designed to enhance network security and management. I spent considerable time exploring these features, configuring settings, and appreciating the depth of customization options available to users.

I was particularly interested in the firewall rules and how they could be configured to provide robust security for my home lab network. The ability to create detailed firewall rules based on various criteria such as IP addresses, ports, and protocols was impressive. Additionally, the built-in intrusion detection and prevention systems (IDS/IPS) added an extra layer of security, allowing me to monitor and block suspicious activities effectively.

Another standout feature was the traffic shaping capability, which enabled me to prioritize certain types of traffic over others, ensuring that critical applications received the necessary bandwidth. This was particularly useful in a home lab environment where multiple virtual machines might compete for network resources.

Overall, the configuration phase of OPNsense was an enlightening experience, revealing the full potential of this powerful firewall and routing platform. The system's versatility and advanced features made it an excellent choice for both home and professional use, providing reliable and cutting-edge network protection.

Although I am yet to explore a lot of the features, I am already convinced of OPNsense's capabilities. Above are some screenshots to show just a few of the features that are available in OPNsense.

Next, I booted the VM and waited for it to load.

A screenshot of a computer AI-generated content may be incorrect.

This image shows part of the boot sequence for the OPNSense VM.

After creating the VM and loading the image, I proceeded to boot the VM and watched as the system initiated its boot sequence. The screen displayed the intricate and detailed loading processes, initializing various hardware components, and setting up sophisticated network configurations. It was fascinating to observe how the firewall system meticulously prepared itself for operation, checking each component and ensuring that everything was in place for a secure and stable environment. With the boot sequence completed, I eagerly moved on to the configuration phase, eager to see what OPNSense had to offer.

Once the VM was fully booted, my next step was to access the web dashboard through one of my Linux VMs; for this, I chose the Linux Mint VM. However, I encountered issues with the IP address of the OPNsense machine not being on the correct network. Determined to resolve this, I conducted a quick Google search and found the necessary command to change the IP addressing. Although I forgot to take a screenshot of this step, it was a crucial part of the setup process.

Upon resolving the IP address issue, I successfully loaded the web dashboard on my Mint VM. I used the default credentials to log in and was immediately impressed by the comprehensive and user-friendly interface of the web dashboard. The dashboard provided a wealth of features and tools, each designed to enhance network security and management. I spent considerable time exploring these features, configuring settings, and appreciating the depth of customization options available to users.

I was particularly interested in the firewall rules and how they could be configured to provide robust security for my home lab network. The ability to create detailed firewall rules based on various criteria such as IP addresses, ports, and protocols was impressive. Additionally, the built-in intrusion detection and prevention systems (IDS/IPS) added an extra layer of security, allowing me to monitor and block suspicious activities effectively.

Another standout feature was the traffic shaping capability, which enabled me to prioritize certain types of traffic over others, ensuring that critical applications received the necessary bandwidth. This was particularly useful in a home lab environment where multiple virtual machines might compete for network resources.

Overall, the configuration phase of OPNsense was an enlightening experience, revealing the full potential of this powerful firewall and routing platform. The system's versatility and advanced features made it an excellent choice for both home and professional use, providing reliable and cutting-edge network protection.

Although I am yet to explore a lot of the features.

A screenshot of a computerA screenshot of a computer AI-generated content may be incorrect.A screenshot of a computer AI-generated content may be incorrect.

 

Above are some screen shots to show just a few of the many features that are available in OPNSense.

Aside from the IP address issues, which were straightforward to resolve, it is important to note that the virtual machine needs to be configured with two network adapters in VirtualBox. I used one adapter in bridged mode and another in NAT mode for my setup. Among all the virtual machines in my lab, I found this one to be relatively easy to set up.

The reason for using two network adapters is to take advantage of different networking features. The bridged mode adapter allows the virtual machine to appear as a physical device on the same network as the host machine, which is useful for direct communication and accessing shared resources. On the other hand, the NAT mode adapter provides the virtual machine with internet access through the host's connection, creating a layer of isolation and improved security.

Furthermore, setting up the IP addresses was simplified by assigning static IPs for consistent connectivity. This approach ensured seamless interaction between the virtual machine and other devices within the lab environment. To enhance performance, I allocated sufficient memory and CPU cores, balancing resource usage to avoid overwhelming the host system while maintaining efficient operation of the virtual machine.

In conclusion, careful configuration of network adapters, thoughtful resource allocation, and strategic IP management collectively contributed to a successful and smooth setup of the virtual machine, underscoring its relative ease compared to others in my lab.

Here is the plan going forward:

·        Add another physical machine.

·        Integrate Active Directory.

·        Connect both Windows and Linux endpoints.

·        Connect all my endpoints in to my Wazuh SIEM.

Labels:

Comments

Post a Comment

Popular posts from this blog

Root of the Problem: Linux Flaws That Give Attackers Admin Rights

 I realised that I haven’t posted to my blog in a long time and this week an article about CVE’s in linux caught my eye and that was the perfect excuse to write another blog post. Cybersecurity researchers at Qualys have uncovered two critical local privilege escalation (LPE) flaws that are shaking the foundations of Linux security. These aren't your run-of-the-mill vulnerabilities; we're talking about direct, express lanes to full root access on major Linux distributions. If you use Ubuntu, Debian, Fedora, openSUSE Leap 15, or SUSE Linux Enterprise 15, you need to pay close attention. The Double Threat: CVE-2025-6018 & CVE-2025-6019 An article detailing the CVE’s can be found at the link below ( CVE-2025-6018 and CVE-2025-6019 Vulnerability Exploitation: Chaining Local Privilege Escalation Flaws Lets Attackers Gain Root Access on Most Linux Distributions | SOC Prime )     Qualys has pulled back the curtain on two distinct, yet chainable, vulnerabilit...
Post a Comment
Read more

From OVA to Rocky: My Wazuh Upgrade Story

  In this blog post I will be covering something I’ve covered in a previous blog post, but I’ve decided to change my home lab and put my Wazuh SIEM on a standalone rocky linux, there are several reasons I chose to do this, Performance & Scalability: The OVA VM is a pre-built virtual machine that may not be optimized for high availability or scalability. A dedicated instance on Rocky Linux allows for better resource allocation and tuning. Customization & Flexibility: The OVA VM comes with predefined configurations. Running Wazuh on Rocky Linux gives you full control over system settings, security policies, and software updates. Compatibility & Stability: Rocky Linux is a stable, enterprise-grade OS, and Wazuh has been tested for compatibility with newer versions like Rocky Linux 9.3. This ensures long-term support and reliability. Security & Isolation: A dedicated instance provides better security isolation compared to a shared virtualized environment. You can impl...
Post a Comment
Read more

Up the Wazuh: A SIEM-ple Adventure in Troubleshooting

Initial setup To start  I downloaded the .osa file from the  wazuh website ( https://wazuh.com ) and then installed it in my virtualbox hypervisor. Then I booted up my fedora linux VM and the wazuh VM with the dashboard and manager on.  After I had logged in to the wazuh VM with the default credentials I used the ip a command to find out the ip address of the wazuh VM. As from reading the documentation I’d need this later. In my fedora VM I opened a terminal and used the commands on the wazuh website to install the agent on the VM. After some time the installation was completed and I had to update the. conf file with the IP address of the wazuh manager. This is important because  the file is a generic file that needs to be modified to make it specific to each individual setup.  All was going well up to this point. I tried to get the fedora VM to talk to the wazuh VM. The problems I encountered It was here the problems started when I tried to pi...
Post a Comment
Read more