oO.o
October 17, 2019, 10:21pm
968
Did this today…
Context
I’m going through the process of recording my configuration processes so that I can automate as much of them as possible. This is roughly the config I run on a standalone OPNsense gateway. A configuration with a Gateway, DMZ and internal router is preferable, but I wanted to start with something simpler.
So far, this configures OPNsense as a Gateway, connected to one switch, with networking, administrative and server VLANs.
Questions and feedback are welcome.
Required
Public IP and DNS
ISP IP address, subnet and gateway (unless provided via DHCP)
Preferably public FQDN is already configured
Installation Media
OPNsense VGA image block copied to a USB Drive or OPNsense ISO image copied to the _iso directory on an Iodd Virtual Disk Drive .
Gateway
Processor: amd64, AES-NI
2+ Network Ports
Managed Switch
Admin Workstation
Process
Physical Prep
Plug install media into gateway
Plug WAN uplink into port 2 on the gateway
Plug all other gateway ports into LAN switch
Plug admin computer into LAN switch
Admin Workstation Prep
On admin workstation, add a virtual interface with VLAN 3 to the physical interface plugged into the switch
LAN Switch Prep
Turn on the switch
Onboard switch (use VLAN2 for management)
Configure all ports connected to the gateway as VLAN trunks
Install OPNsense on the Gateway
Turn on the gateway
Configure BIOS to boot from installation media
Click through default OPNsense installation (select MBR when prompted)
When the system reboots, ensure BIOS is configured to boot into local media where OPNsense was installed
Configure Admin User
On admin computer, navigate to https://192.168.1.1
Log in as root with password set during installation
Navigate to System > Access > Users
Click + Add
Enter randomly generated strings for Username and Password fields
Set Login shell to /sbin/sh
Move admins group to Member Of
Click Save and go back
Click on the edit icon to the ri…
Does anyone know to get Dnsmasq to use the DHCP domain for resolving hosts instead of the system domain? It works that way in EdgeOS and I’d like to get it working like that here as well.
Example is:
Public domain is company.tld. Gateway is configured as whatever.company.tld.
I have DHCP running on VLAN3, with domain admin.company.tld.
computer1 gets a lease. I want host computer1.admin.company.tld to be fqdn for computer1, but instead, dnsmasq is using the system domain, so it’scomputer1.company.tld without the subdomain.
I know it’s a setting somewhere but I forget what it is and it’s difficult to Google.