OPNsense installation on Bhyve

freebsd bhyve opnsense firewall

OPNsense requirements:

Minimum required RAM is 1 GB
Minimum recommended virtual disk size of 8GB

Installation Process:

  1. Install FreeBSD 11.0
    You can also install FreeBSD 11.0 or any latest builds.
  2. Retrieve the firmware binary
    We must install “bhyve-firmware”.the best way to achieve this goal is to install with the port mechanism. this process is very time-consuming and needs very user-interaction but with some tricks, we do it very easy:
    # cd /usr/ports/sysutils/bhyve-firmware
    # make install clean -DBATCH
    -DBATCH force port building process to not prompt you for confirmation and do it automatically.
  3. Hypervisor, Network and Storage Preparation
    # kldload vmm
    this command will load bhyve kernel module or driver.
    # ifconfig tap0 create up
    this command creates a new interface and makes it up. # ifconfig bridge0 create up
    this command also creates a bridge and make it up and ready.
    # ifconfig bridge0 addm em0
    this command add em0(network interface) to bridge0
    # ifconfig bridge0 addm tap0
    this command add tap0 to bridge0.
    # truncate -s 50G OPNsense.img
    this command creates a file with 50GB size.
  4. Prepare OPNsense ISO
    # fetch http://mirror.ams1.nl.leaseweb.net/opnsense/releases/mirror/OPNsense-17.1-OpenSSL-cdrom-amd64.iso.bz2
    # bunzip2 OPNsense-17.1-OpenSSL-cdrom-amd64.iso.bz2
  5. Boot a Virtual Machine
    # bhyve -c 2 -m 4G -w -H \
    -s 0,hostbridge \
    -s 3,ahci-cd,OPNsense-17.1-OpenSSL-cdrom-amd64.iso \
    -s 4,ahci-hd,OPNsense.img \
    -s 5,virtio-net,tap0 \
    -s 29,fbuf,tcp=0.0.0.0:5900,w=800,h=600,wait \
    -s 30,xhci,tablet \
    -s 31,lpc -l com1,stdio \
    -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \
    OPNsense
    this command make a virtual machine(vm0) with 2 cores CPU and with a display resolution of 800 by 600 that can be accessed via VNC at: 0.0.0.0:5900
    The fbuf wait parameter instructs bhyve to only boot upon the initiation of a VNC connection, simplifying the installation of operating systems that require immediate keyboard input. This can be removed for post-installation use.
    The xhci, tablet parameter provides precise cursor synchronization when using VNC, but is not supported by FreeBSD.
    -H Yield the virtual CPU thread when an HLT instruction is detected. If this option is not specified, virtual CPUs will use 100% of a host CPU.
    -w Ignore accesses to unimplemented Model Specific Registers (MSRs). This is intended for debugging purposes.
  6. Connect to VM with VNC client
    # vncviewer 192.168.1.1:5900
    in VNC Client screen you can see what happening also mouse are supported.I prefer to use “tightvnc”.my hypervisor IP is “192.168.1.1”.
  7. Installation process
  8. Configure console - The default configuration should be fine for most occasions.
  9. Select task - The Quick/Easy Install option should be fine for most occasions. For installations on embedded systems or systems with minimal disk space choose Custom Installation and do not create a swap slice. Continue with default settings.
  10. Are you SURE? - When proceeding OPNsense will be installed on the first hard disk in the system.
  11. Reboot - The system is now installed and needs to be rebooted to continue with the configuration.
    You can get full edition at:
    https://bsdmag.org/download/bsd-magazine-issue-infrastructure-management/
    Or:
    https://contents.meetbsd.ir/ebook/opnsense_bhyve_bsdmag.pdf

enter image description here