How to Install OPNsense on the Vault

Last Updated On January 11, 2018
You are here:

To either install or re-install a fresh instance of OPNsense onto the Vault, there is a relatively straight forward process that is very similar to installing any operating system onto any computer.

  1. Obtain the installation image
  2. Download software to transfer the installation image to a USB drive
  3. Install the new image

There are a few steps along the way that I’ll highlight so as to make sure that the process is very clear

Note: If using the Vault FW1x, FW2x, or FW4x, be sure to use a USB stick and the USB keyboard with a plug that is relatively skinny.  The 2 USB ports on the Vault are very close to each other and if either the USB stick or the USB keyboard plug is too wide, you will not be able to plug both in at the same time, which will prevent you from doing the installation.

Verify Hardware Recommendations

OPNSense has good documentation regarding hardware recommendations on their web site. Be sure to review this link to verify that  the proper memory and storage is available for the inteneded application.

Obtain the Installation Image and Uncompress it

The OPNsense installation image (IMG) can be downloaded from The same image can be used to install OPNense on any of the Vault platforms. It is important to choose the correct options when downloading the image including “Architecture”, “Image Type”.  The proper selections are as follows and shown in the screenshot below:

Architecture: AMD64 (64 bit)

Image Type: VGA or Serial as needed

OPNsense Download Page

The Vault has been tested with version 17.7 of OPNsense and it is one of the latest versions. , so be sure to download the latest available version.  Your download should begin immediately and when it is completed you should have a compressed IMG file (an example file name is: OPNsense-17.7-OpenSSL-vga-amd64.img.bz2) downloaded that is ~300MB in size.

Now that the compressed image file has been downloaded, you will need to use a program like “7-zip” to decompress the file.  The resulting file should look the same, except that the file name will now end in “.img” instead of “.img.bz2”.

Download software to transfer the installation image to a USB drive

The easiest way to transfer the installation image to a USB drive is by using a piece of software called “Rufus” to ‘install’ the disk image on the USB stick.  Rufus can be downloaded from  It’s a windows only program and it works very quickly.  A screenshot of Rufus with the proper settings can be seen below. More details are at this link.

When in Rufus, selecting the disk image file to use, be sure to select the image file that is the uncompressed version of OPNsense which was extracted in the preceding step.

Rufus application after selecting OPNsense image

  • Verify that the USB memory stick is large enough to hold the uncompressed image.
  • Insert the USB memory stick into a USB port on the Windows PC.
  • Select “Start” in Rufus and the installation image will be copied to the USB.

Install the new image

Once the OPNsense installation image is properly copied to the USB drive, it is ready to be installed on the Vault.

  • Verify that the Vault is powered down.
  • Verify that the VGA monitor is connected.
  • Verify that the USB keyboard is plugged in.
  • Insert the USB install drive into the other USB port on the Vault.
  • While powering up the Vault, press “F11” repeatedly until it boots to the BIOS ‘boot options’ menu.
    • Pressing “F11” needs to be done as soon as the Vault is powered on, so be sure to repeatedly press and release “F11” as soon as you apply power, until you see the boot options screen.
  • Select the USB drive to boot from.
  • Verify that the Vault boots from the USB and when it finishes there is a “login” prompt.
  • In order to install OPNsense onto the SSD, login as user “installer” with password “opnsense”
  • Follow the prompts on the screen to complete the installation of OPNsense from the USB

When OPNsense is installed, the USB can be removed, the Vault repowered and verify the system boots to the login prompt.

At this point, the user can browse to the OPNsense dashboard at the default IP address of and configure the system, other ports, services, etc.

Important Note: The ports marked “WAN” and “LAN” are reversed when using OPNsense. The LAN port with default IP address of is actually marked “WAN”. The WAN port that comes with some default rules applied is marked “LAN”. 


0 Comment