This guide is to show how to install OPNsense server and run it in Google Cloud Platform using GCE VMs.
1) Download amd64 serial installer from https://opnsense.org/download/
2) bunzip2 OPNsense-21.7.1-OpenSSL-serial-amd64.img.bz2
3) dd if=OPNsense-21.7.1-OpenSSL-serial-amd64.img of=disk.raw bs=4M conv=sparse
4) tar -Sczf OPNsense-21.7.1-OpenSSL-serial-amd64.img.tar.gz disk.raw
5) Upload the tar file to GCS bucket and Create installer custom GCE image called opnsense-21.7.1:
export MY_PROJECT=my-project-id
export MY_IMAGE=opnsense-21-7-1
export MY_GCS_BUCKET=my-gcs-bucket
gsutil cp OPNsense-21.7.1-OpenSSL-serial-amd64.img.tar.gz gs://$MY_GCS_BUCKET
gcloud compute images --project $MY_PROJECT create $MY_IMAGE --family=freebsd --source-uri=https://storage.googleapis.com/${MY_GCS_BUCKET}/OPNsense-21.7.1-OpenSSL-serial-amd64.img.tar.gz
6) Launch the instance. Disk 1 is the installer, and to install opnsense to disk2.
export MY_NETWORK=default
export MY_SUBNET=default
export MY_ZONE=us-west1-a
export MY_INSTANCE=opnsense-01
gcloud compute instances create $MY_INSTANCE \
--project=$MY_PROJECT \
--network=$MY_NETWORK --subnet=$MY_SUBNET --zone=$MY_ZONE \
--machine-type=e2-medium \
--image=$MY_IMAGE \
--tags=vpn,openvpn-server-tcp,openvpn-server-udp,ipsec-server,https-server \
--can-ip-forward \
--create-disk=name=${MY_INSTANCE}-os,size=80GB,auto-delete=no \
--metadata=serial-port-enable=true
7) Connect serial console to complete the opnsense install to disk2
gcloud compute connect-to-serial-port $MY_INSTANCE \
--project=$MY_PROJECT --zone=$MY_ZONE
Login as "installer/opnsense" to start installation. Make sure you pick the disk2 (da1) to install on.
8) Remove disk 1 (installer), and put disk2 as the boot disk. Once instalation completes, instance will reboot into installer again. We can now safely stop the instance and change disks.
gcloud compute instances stop ${MY_INSTANCE} \
--project=$MY_PROJECT --zone=$MY_ZONE
gcloud compute instances detach-disk ${MY_INSTANCE} \
--project=$MY_PROJECT --zone=$MY_ZONE \
--disk=${MY_INSTANCE}
#delete the disk that is no longer needed
gcloud compute disks delete ${MY_INSTANCE} \
--project=$MY_PROJECT --zone=$MY_ZONE
gcloud compute instances detach-disk ${MY_INSTANCE} \
--project=$MY_PROJECT --zone=$MY_ZONE \
--disk=${MY_INSTANCE}-os
gcloud compute instances attach-disk ${MY_INSTANCE} \
--project=$MY_PROJECT --zone=$MY_ZONE \
--disk=${MY_INSTANCE}-os --boot
9) Start the instance again, with the real disk as boot disk now:
gcloud compute instances start ${MY_INSTANCE} \
--project=$MY_PROJECT --zone=$MY_ZONE
10) Login serial console to complete initial setup before using UI.
gcloud compute connect-to-serial-port ${MY_INSTANCE} \
--project=$MY_PROJECT --zone=$MY_ZONE
from the menu:
select 1. assign interface: no vlan, vtnet0 as wan, no lan, no opt
select 8. get to shell:
ifconfig vtnet0 mtu 1460
touch /tmp/disable_security_checks
pfctl -d
20) Login from Web UI, and complete full configurations
Set WAN Interface MTU to 1460
Firewall -> Rules -> WAN: allow ICMP, HTTPS and SSH
System -> Settings -> Administration:
Disable HTTP_REFERER enforcement check
Enable Secure Shell (if needed)
- Log in to post comments