James McDonald Watch on YouTube

Deploy OPNSense in Azure from Scratch

4 min read 6 hours ago
Published on Jan 31, 2025 This response is partially generated with the help of AI. It may contain inaccuracies.

Table of Contents

Introduction

This tutorial provides a comprehensive guide on deploying OPNSense in Microsoft Azure from scratch. By following these steps, you'll learn how to create and configure an OPNSense Hyper-V image, set up necessary Azure resources, and establish a secure connection for remote access. This process is essential for anyone looking to manage network security and routing in a cloud environment effectively.

Step 1: Create and Configure OPNSense Hyper-V VHD Disk

  • Download OPNSense ISO: Obtain the latest OPNSense ISO file from the official website.
  • Set Up Hyper-V:
    • Open Hyper-V Manager.
    • Create a new virtual machine.
    • Assign memory and configure network interfaces (2 NICs).
  • Install OPNSense:
    • Boot the VM from the ISO and complete the installation.
    • After installation, shut down the VM and convert it to a VHD disk.

Step 2: Create a Storage Account in Azure

  • Sign in to Azure Portal.
  • Create a Storage Account:
    • Navigate to "Storage accounts" and select "Add."
    • Fill in the required fields: Subscription, Resource Group, and Storage Account Name.
    • Choose performance and replication options as needed.

Step 3: Upload the VHD to Azure

  • Install Azure Storage Explorer: Download and install Azure Storage Explorer on your local computer.
  • Upload VHD:
    • Open Azure Storage Explorer and connect to your Azure account.
    • Navigate to the storage account created in Step 2.
    • Upload your OPNSense VHD file to the Blob Container.

Step 4: Create Azure Virtual Network and Configure Subnets

  • Create a Virtual Network:
    • In Azure Portal, go to "Virtual networks" and select "Add."
    • Specify the name, address space, and subnets.

Step 5: Convert the VHD to a Managed Disk

  • Convert VHD:
    • Go to "Disks" in the Azure Portal.
    • Click on "Create" and select "Managed Disk."
    • Choose the VHD uploaded in Step 3 as the source.

Step 6: Create OPNSense VM from Managed Disk

  • Create the VM:
    • In Azure Portal, go to "Virtual machines" and select "Add."
    • Choose the managed disk created in Step 5.
    • Configure settings such as VM size and network interfaces.

Step 7: Create the Backend NIC

  • Add Network Interface:
    • In the VM settings, navigate to "Networking."
    • Click on "Add network interface" and configure it for backend connectivity.

Step 8: Enable IP Forwarding on Backend NIC

  • Enable IP Forwarding:
    • Go to the backend NIC settings.
    • Under "IP configurations," enable the IP forwarding option.

Step 9: Connect to OPNSense Serial Console in Azure Portal

  • Access Serial Console:
    • In the Azure Portal, select your VM.
    • Go to "Serial console" to view the console output.

Step 10: Identify Frontend and Backend NICs

  • Check MAC Addresses:
    • In the console, run ifconfig to identify the MAC addresses of the frontend and backend NICs.

Step 11: Assign Frontend and Backend Interfaces

  • Configure Interfaces:
    • Access OPNSense Web Config through its IP.
    • Navigate to "Interfaces" and assign WAN to the frontend NIC and LAN to the backend NIC.

Step 12: Create a Route Table to Route through OPNSense

  • Set Up Route Table:
    • Go to "Route tables" in Azure.
    • Create a new route table and configure routes to send traffic through the OPNSense appliance.

Step 13: Create a Ubuntu VM for Backend Testing

  • Set Up Ubuntu VM:
    • In Azure Portal, create a new virtual machine using an Ubuntu image.
    • Configure the VM to connect to the backend NIC.

Step 14: Configure Port Forwarding to Ubuntu VM

  • Set Up Port Forwarding:
    • In OPNSense, go to "Firewall" > "NAT" > "Port Forward."
    • Create rules to forward SSH (non-standard port) and HTTP traffic to the Ubuntu VM.

Step 15: Set Up OpenVPN for Remote Access

  • OpenVPN Configuration:
    • In OPNSense, go to "VPN" > "OpenVPN" and create a new server instance.
    • Configure settings such as authentication and encryption options.

Step 16: Export Client OVPN File

  • Export Configuration:
    • In the OpenVPN settings, generate and download the client OVPN file for use with the OpenVPN Connect client.

Step 17: Access Ubuntu VM Across the VPN

  • Test the VPN Connection:
    • Use the OpenVPN Connect client on your Windows 11 machine to connect to OPNSense.
    • Verify connectivity to the Ubuntu VM via SSH and HTTP.

Conclusion

You have successfully deployed OPNSense in Azure, set up a backend Ubuntu VM, and configured secure remote access using OpenVPN. This setup enhances your network security and provides a robust platform for managing cloud resources. Next steps could include exploring additional OPNSense features or integrating other services for enhanced functionality.

Table of Contents

Recent