simshadows
About Web Apps Blog

Homelab Reproduction: OPNsense

The contents on this page aren’t ready yet. I’m still working things out! Come back later.

Setting up the Proxmox VM

Some things to note:

  • General
    • Start at boot: true
    • Start/Shutdown order: 1 (so that it starts first)
  • CPU
    • Cores: 4
  • Memory:
    • Memory (MiB): 8192
  • Network
    • Bridge: (set it to the WAN bridge)
    • Firewall: false
    • Multiqueue: 4 (match the number of cores)

TODO: also need to uncheck pre-enroll keys

Before launching the VM, add in the LAN network bridge as well with the same settings as the WAN bridge.

Launch the VM and set up network interfaces:

  • Do you want to configure LAGGs now? [y/N]: N
  • Do you want to configure VLANs now? [y/N]: N
  • Then enter the WAN and LAN interfaces.

Wireguard VPN

Let’s suppose we have these values (substitute your own as required):

  • WAN subnet: 192.168.0.0/24
  • LAN subnet: 10.0.1.0/24
  • WireGuard subnet: 10.0.2.0/24
  • OPNsense WAN address: 192.168.0.53
  • And we want to use the default WireGuard port 51820.

Start by going:

  • VPN > WireGuard > Instances
    • Set up an instance. Generate a keypair (by clicking the gear button).
    • Listen port: 51820

Now, we generate a peer:

  • VPN > WireGuard > Peer generator
    • Instance: (the new instance you just made)
    • Endpoint: 192.168.0.53:51821
    • Name: (whatever you want)
    • Public key: (it should be auto-generated)
    • Private key: (it should be auto-generated)
    • Address: (this should be an autogenerated [next available] IP address in the WireGuard subnet. The first generated address is probably 10.0.2.2/32.)
    • Allowed IPs: 10.0.1.0/24
    • DNS Servers: 10.0.2.1
    • Enable WireGuard: (you should probably tick that)