OPNsense on Proxmox in the Cloud

Dec 20, 2021

OPNsense makes an excellent firewall on premise as well as in the cloud. I have a post coming for parity with my YouTube content showing my Proxmox server hosted on a dedicated box at Hetzner. This post however is a quick how-to on how I setup my OPNsense VM there.

First, some prerequisites and a note that this may differ from provider to provider.

Dedicated server hosted in the cloud
Hypervisor installed and configured
ISOs uploaded
Multiple IPs available

First, make sure you have multiple IPs available, if not, you'll need to purchase another. By default, many hosting providers will assign the new IP to the same MAC. You should be able to request via the panel that it be assigned to a virtual MAC. This will allow you to assign that MAC address to a VM so their DHCP servers hand that IP out to the VM.

The below except from Hetzner's documentation describes the process

If you want to use the bridged mode, and you need additional single IPs, you need to request virtual MAC addresses. You can get a MAC address for your additional single IP by going to your Robot account. Simply login, select your server, and then go to the IPs tab. Here, you will see a small button next to the additional single IP address. Clicking on that button will give the IP address a virtual MAC.

https://docs.hetzner.com/robot/dedicated-server/virtualization/general/

On the robot panel, when looking at your server, open the IPstab. You'll see your second IP address followed by an icon.

You want to click that button to request a virtual MAC address. It should give it to you once you request it. Once it's assigned the screen will appear like this, showing you the new virtual MAC.

Now we'll go over to our Proxmox host and do some networking work. You want to create 2 bridges; a WAN bridge and a LAN bridge. For the WAN bridge, first copy down the information for your main NIC, in my case enp0s31f6, to assign that to the WAN bridge. Once all of the information is written down somewhere, clear all of the boxes out so it's blank as below:

Then, click Create -> Linux Bridge to create our WAN bridge. With the dialog box open, paste in the information you took down from the parent interface. For Bridge ports enter the name of the parent NIC.

With that created, click Create -> Linux Bridgeagain to create the LAN bridge, you don't need any information here but the comment.

With our bridges created, move to your OPNsense / PFsense VM and make sure you have 2 NICs. The first should be connected to the WAN bridge and the second connected to the LAN bridge.

After both are setup, double click on net0 (connected to WAN) and we need to adjust the MAC address to match the one earlier. This will allow the VM to pull DHCP from the hosting company's DHCP server.

After that, connect the ISO to the VM and fire it up. Install OPNsense, PFsense, or any other firewall of your choice as you normally would. Follow the prompts and just make sure you match up ports to WAN and LAN by referencing the MAC addresses of each virtual NIC on the VM.

Setting up XCP-NG in the Cloud

Getting Started with XCP-NG and Xen Orchestra

Best Bang for the Buck NVMe and SATA M.2 Enclosure? Checking out Sabrent's EC-SNVE

Installing Docker with Ansible on Ubuntu 20.04