OPNSense Setup

To run the Wizzard we need to connect to the OPNSense WebUI.
We could connect via our public IPv4, but opnsense won’t allow it because it tries to connect from DNS Rebind Attacks and thus will block the login.

Connecting to WebUI

You can connect to OPNSense via a SSH-Tunnel.

• Open Windows Terminal
• Use the command: ssh root@<yourIP4> -L 443:<WAN_IP4>:443

This will open up a tunnel. After that you should be able to connect via https://localhost. To setup everything important I recommend running the setup wizard.
It will configure some important things needed for further configuration

Note

If you cannot reach the OPNSense make sure that the firewall is disabled in OPNSense.

You can do so from Proxmox in the OPNSense console by selecting option 8.
In the OPNSense console you can then type pfctl -d to disable the firewall.
It will reenable after each apply you do inside of the OPNSense WebUI or by running pfctl -e.
All Rules will be disabled when the firewall is disabled.
If every you can’t reach OPNSense on the tunnel or you need to trubbleshoot make sure to disable the firewall again.

THIS WILL HAPPEN A LOT DURING SETUP!

In the WebUI you can login to your OPNSense with the password you selected during installation or
the default password opnsense if you did not configure a password during installation.
The Username is root

Running the Wizzard

Normally you should get redirected to the Wizzard after a few seconds.
If not you can find the Wizzard unter System > Wizzard.

Now we can start running the Wizzard for further setup steps. To start the Wizzard hit Next.

I would suggest changing the domain to something like: opnsense.yourdomain.com.
We do this by changing the hostname to opnsense and the domain to yourdomain.com.
You can optionally change the language to your native language here.
We should also enter the secondary DNS server: 8.8.8.8 (google)
After that hit next.

On the next page you can set your timezone. In my case Europe/Berlin.

After that you can hit Next again.

On the next page I also leave everything as is, because I don’t want to use a LAN but multiple VLANs.
You can let it stay as is.

After that you can hit Next again.

On the next page you will have the chance to change your root password again.
If you did not already change it during installation do it now! If you already changed it you can just leave it empty.

To finish off the setup with the Wizzard you can hit Next again and after that Reload.
This will reload the OPNSense. If you cannot reach the WebUI after the reload make sure the firewall didn’t enable itself.