Posted on

How to Install OPNsense on the Vault

Last Updated On December 21, 2018
You are here:

Note: Since the initial article was written, OPNsense version 18.7 has been tested (OPNsense-18.7-OpenSSL-vga-amd64)

To either install or re-install a fresh instance of OPNsense onto the Vault, there is a relatively straight forward process that is very similar to installing any operating system onto any computer.

  1. Obtain the installation image
  2. Download software to transfer the installation image to a USB drive
  3. Install the new image

There are a few steps along the way that I’ll highlight so as to make sure that the process is very clear

Note: If using the Vault FW1x, FW2x, or FW4x, be sure to use a USB stick and the USB keyboard with a plug that is relatively skinny.  The 2 USB ports on the Vault are very close to each other and if either the USB stick or the USB keyboard plug is too wide, you will not be able to plug both in at the same time, which will prevent you from doing the installation.

Verify Hardware Recommendations

OPNSense has good documentation regarding hardware recommendations on their web site. Be sure to review this link to verify that  the proper memory and storage is available for the inteneded application.

Obtain the Installation Image and Uncompress it

The OPNsense installation image (IMG) can be downloaded from https://www.opnsense.org/download/. The same image can be used to install OPNsense on any of the Vault platforms. It is important to choose the correct options when downloading the image including “Architecture”, “Image Type”.  The proper selections are as follows and shown in the screenshot below:

Architecture: AMD64 (64 bit)

Image Type: VGA or Serial as needed

OPNsense Download Page

The Vault has been tested with version 18.7 of OPNsense and it is one of the latest version, so be sure to download the latest available version.  Your download should begin immediately and when it is completed you should have a compressed IMG file (an example file name is: OPNsense-18.7-OpenSSL-vga-amd64.img.bz2) downloaded that is ~300MB in size.

Now that the compressed image file has been downloaded, you will need to use a program like “7-zip” to decompress the file.  The resulting file should look the same, except that the file name will now end in “.img” instead of “.img.bz2”.

Burn the installation image to a USB drive

The easiest way to transfer the installation image to a USB drive is by using software called “Rufus” on Windows or “Etcher” on Apple OSX. See this link for detailed instructions on how to create a bootable USB drive using Rufus or Etcher

Install the new image

Once the OPNsense installation image is properly copied to the USB drive, it is ready to be installed on the Vault.

  • Verify that the Vault is powered down.
  • Verify that the VGA monitor is connected.
  • Verify that the USB keyboard is plugged in.
  • Insert the USB install drive into the other USB port on the Vault.
  • While powering up the Vault, press “F11” repeatedly until it boots to the BIOS ‘boot options’ menu.
    • Pressing “F11” needs to be done as soon as the Vault is powered on, so be sure to repeatedly press and release “F11” as soon as you apply power, until you see the boot options screen.
  • Select the USB drive to boot from.
  • Verify that the Vault boots from the USB and when it finishes there is a “login” prompt.
  • In order to install OPNsense onto the SSD, login as user “installer” with password “opnsense”
  • Follow the prompts on the screen to complete the installation of OPNsense from the USB

When OPNsense is installed, the USB can be removed, the Vault repowered and verify the system boots to the login prompt.

At this point, the user can browse to the OPNsense dashboard at the default IP address of 192.168.1.1 and configure the system, other ports, services, etc.

Important Note: The ports marked “WAN” and “LAN” are reversed when using OPNsense. The LAN port with default IP address of 192.168.1.1 is actually marked “WAN”. The WAN port that comes with some default rules applied is marked “LAN”.