Installing OPNsense on nixOS Latest
OPNsense is an open-source and easy-to-use firewall and routing platform that offers many features such as VPN, Intrusion Detection, Traffic Shaping, DNS blocking, etc. In this tutorial, we will be discussing how to install and configure OPNsense on nixOS Latest.
Prerequisites
Before we begin, there are a few prerequisites that we need to meet:
- A 64-bit system running nixOS Latest (version 21.05 or newer)
- A minimum of 2 GB of RAM and 8 GB of storage
- A network interface card (NIC) to connect to the internet
- A computer to act as a client to remotely log in to OPNsense's web interface
Step 1: Set up a nixOS base system
First, let's set up a nixOS base system. You can download the nixOS Latest from the official website and install it based on the provided User Guide. After that, you need to make some changes to the configuration.nix file to enable the NIC and connect to the internet. Here's an example configuration.nix file that you can use:
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
networking.hostName = "opnsense";
networking.interfaces.enp0s3.useDHCP = true;
networking.interfaces.enp0s3.enable = true;
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
networking.firewall.allowedUDPPorts = [];
environment.systemPackages = with pkgs; [
wget
vim
];
}
Now, we can install the base system by running:
$ sudo nixos-install
Step 2: Download and extract OPNsense
Next, we need to download and extract the OPNsense installation file. You can download the latest version of OPNsense from the official website:
$ wget https://opnsense.org/download/ -O opnsense-latest.tar.bz2
After that, extract the archive to /mnt, which is our nixOS root directory:
$ sudo tar -xvf opnsense-latest.tar.bz2 -C /mnt
Step 3: Configure OPNsense
Now, we need to configure OPNsense before we can boot into it. First, we need to mount the necessary filesystems:
$ sudo mount -t devtmpfs dev /mnt/dev
$ sudo mount -t proc proc /mnt/proc
$ sudo mount -t sysfs sys /mnt/sys
Then, we can chroot into the /mnt directory:
$ sudo chroot /mnt
Now, we need to configure the network interfaces in OPNsense. By default, OPNsense will assign the lan interface to the first interface detected and the wan interface to the second interface detected. In our case, we only have one NIC connected, so we will assign it to both lan and wan. To do that, run the following command:
# opnsense-bootstrap
This will launch the OPNsense bootstrap script, which will guide you through the initial configuration process. Choose option 1 to set up the network interfaces, and follow the prompts to configure both the lan and wan interfaces.
After completing the configuration, you can exit the chroot environment and unmount the filesystems:
# exit
$ sudo umount /mnt/sys
$ sudo umount /mnt/proc
$ sudo umount /mnt/dev
Step 4: Boot into OPNsense
Finally, we can boot into OPNsense by rebooting the system:
$ sudo reboot
Once the system is booted up, you should be able to access the OPNsense web interface from a client computer by visiting http://
Conclusion
That's it! You have successfully installed OPNsense on a nixOS Latest system. You can now configure and customize the firewall according to your needs. If you face any issues during the installation or configuration process, don't hesitate to refer to the OPNsense documentation or ask for help on their forums.