Homelab Reproduction: OPNsense

The contents on this page aren’t ready yet. I’m still working things out! Come back later.

Setting up the Proxmox VM

Some things to note:

• General
  • Start at boot: true
  • Start/Shutdown order: 1 (so that it starts first)
• CPU
  • Cores: 4
• Memory:
  • Memory (MiB): 8192
• Network
  • Bridge: (set it to the WAN bridge)
  • Firewall: false
  • Multiqueue: 4 (match the number of cores)

TODO: also need to uncheck pre-enroll keys

Before launching the VM, add in the LAN network bridge as well with the same settings as the WAN bridge.

Launch the VM and set up network interfaces:

• Do you want to configure LAGGs now? [y/N]: N
• Do you want to configure VLANs now? [y/N]: N
• Then enter the WAN and LAN interfaces.

Wireguard VPN

Let’s suppose we have these values (substitute your own as required):

• WAN subnet: 192.168.0.0/24
• LAN subnet: 10.0.1.0/24
• WireGuard subnet: 10.0.2.0/24
• OPNsense WAN address: 192.168.0.53
• And we want to use the default WireGuard port 51820.

Start by going:

• VPN > WireGuard > Instances
  • Set up an instance. Generate a keypair (by clicking the gear button).
  • Listen port: 51820

Now, we generate a peer:

• VPN > WireGuard > Peer generator
  • Instance: (the new instance you just made)
  • Endpoint: 192.168.0.53:51821
  • Name: (whatever you want)
  • Public key: (it should be auto-generated)
  • Private key: (it should be auto-generated)
  • Address: (this should be an autogenerated [next available] IP address in the WireGuard subnet. The first generated address is probably 10.0.2.2/32.)
  • Allowed IPs: 10.0.1.0/24
  • DNS Servers: 10.0.2.1
  • Enable WireGuard: (you should probably tick that)