OPNsense Firewall

Versions this guide is based on:

EVE Image Name Downloaded Filename Version vCPUs vRAM Console HDD Type Interface
opnsense-20.7 OPNsense-20.7-OpenSSL-dvd-amd64.iso 20.7 2 4096 vnc virtioa x4 virtio
opnsense-21.1 OPNsense-21.1-OpenSSL-dvd-amd64.iso 21.1 2 4096 vnc virtioa x4 virtio


Other versions should also be supported following bellow’s procedure.

How to is based on version OPNsense 21.1. For other image or version please change image and folder names respectively.

Download DVD/ISO install media from OPNsense: https://opnsense.org/download/

Use some suitable archivator tool and unzip downloaded OPNsense-21.1-OpenSSL-dvd-amd64.iso.bz2 image to obtain ISO file.

1. Create OPNsense image folder in the EVE-NG. Use cli:

root@eve-ng:~# mkdir /opt/unetlab/addons/qemu/opnsense-21.1

2. Upload the OPNsense-21.1-OpenSSL-dvd-amd64.iso image to the /opt/unetlab/addons/qemu/opnsense-21.1 using for example FileZilla or WinSCP. Then login in to EVE as root using SSH protocol

3. Go to created folder and rename uploaded OPNsense-21.1-OpenSSL-dvd-amd64.iso image to cdrom.iso:

root@eve-ng:~# cd /opt/unetlab/addons/qemu/opnsense-21.1/
root@eve-ng:/opt/unetlab/addons/qemu/opnsense-21.1# mv OPNsense-21.1-OpenSSL-dvd-amd64.iso cdrom.iso

4. Create HDD for OPNsense FW image install. Note: HDD size you can set per your needs, in this how to will be created 10Gb HDD

root@eve-ng:~# cd /opt/unetlab/addons/qemu/opnsense-21.1/
root@eve-ng:/opt/unetlab/addons/qemu/opnsense-21.1# /opt/qemu/bin/qemu-img create -f qcow2 virtioa.qcow2 10G
root@eve-ng:~# /opt/qemu/bin/qemu-img create -f qcow2 virtioa.qcow2 10G
Formatting 'virtioa.qcow2', fmt=qcow2 size=10737418240 encryption=off cluster_size=65536 lazy_refcounts=off refcount_bits=16

5. Fix permissions:

root@eve-ng:~# cd 
root@eve-ng:~# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

6. Create new EVE lab, and add newly created OPNsense node on the Topology

7. Start node and open console (vnc) to it

8. Wait till node fully boot from ISO and use login with username: installer password: opnsense to start OPNsense installation

9. Use all default settings and comlete installation

10.  Select “Accept and set Password”, Enter

11.  When installation is completed and installer is asking to remove ISO media, stop node on the lab, right click on the node and stop.

12. Remove cdrom.iso install media from image folder

root@eve-ng:~# cd /opt/unetlab/addons/qemu/opnsense-21.1
root@eve-ng:/opt/unetlab/addons/qemu/opnsense-21.1# ls
cdrom.iso virtioa.qcow2
root@eve-ng:/opt/unetlab/addons/qemu/opnsense-21.1# rm cdrom.iso 

13. Commit installed image for further use.

13.1. Check lab ID number on EVE side bar “Lab details”, Example:


13.2. EVE Cli: Convert image from lab tmp folder to defaults image location. In the command below is used lab ID (above) and as we added on lab single node, node ID is 1. OPNsense image foldername match what we created before. Number 0 in the line below is user POD number. Admin pod is 0.

root@eve-ng:/opt/unetlab/addons/qemu/opnsense-21.1# cd /opt/unetlab/tmp/0/516ba4d5-b43e-4dd1-a1c2-6ea1358ddddb/1
root@eve-ng:/opt/unetlab/tmp/10/516ba4d5-b43e-4dd1-a1c2-6ea1358ddddb/1# qemu-img commit virtioa.qcow2
Image committed.

14. Fix permissions:

root@eve-ng:~# cd
root@eve-ng:~# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

15. Now you can add OPNsense nodes on your topology and start use it. Default CLI access is root/opnsense, WEB UI: root/opnsense