Welcome at the Ebkoz-Lab

OPNsense - Xs4all with separate VLAN
 - on bare metal

Configuration of an OPNsense router / firewall for ISP Xs4all (former Kpn subsidiary)

This document is created based on various sources on the internet (see appendix).

ii. Prepare OPNsense installation

In order to install OPNsense, we need to prepare some things, so we can install it properly, without interrupting our current network. Below is a list of all the requirements.

Hardware

For the bare metal pc, a keyboard and display is required. You will need a monitor, either connected directly or with a suitable cable adapter. The keyboard simply attaches to a USB port, with a cable or wireless, but do not use one with a bluetooth dongle.

Besides the bare metal pc, we need a pc or laptop with a wired Ethernet connection. Obvious, a laptop is easier, because it comes with display and keyboard. A mouse or touchpad is only needed after successfully installing OPNsense on the bare metal.

Software

You will have to download the latest OPNsense live distribution, see https://opnsense.org/download/. You will need the vga/USB release for this. The extracted image of this download, needs to be branded on a USB stick (4 GB or more). The USB stick will be erased and any data on it is lost.

The latest version as of this writing was 25.1, released Jan 2025. We will be using this version.

Please note : The menu structure for OPNsense version 25.1 and differs from version 24.7 and some settings have been (re)moved. Please see the release notes for details.

Check bare metal pc

Connect the monitor and keyboard to the bare metal pc and check out what is installed. Sometimes a router package is already installed, it might even be OPNsense. But we will reinstall it anyway, since we want to have the latest release installed.

Watch which BIOS system is used and search the internet for the setup key, since more often then not, documentation is limited or even missing. Besides that, the BIOS setup wait time is usually very short. So hit that key the moment you see the BIOS logo, to enter the BIOS setup.

Once inside the BIOS, check that the boot order lists the USB first, if not change the order accordingly. You might also want to set a bit longer Setup wait time. When done, save the changes and exit the BIOS. You can then shutdown.

Start the live installation

At this point, we are finally ready to install OPNsense onto the bare metal pc. With your monitor and keyboard still attached, plug the previously prepared USB stick in the bare metal pc and switch the power on.

If all goes well, the OPNsense live installation should load itself into memory.

Install OPNsense on the bare metal pc

Using the keyboard on the bare metal, login as "installer", with the default password "opnsense". This will start the installation. After a bit, you will be prompted for the keyboard layout. Usually this can be left as suggested. Press Enter to proceed.

Next, we need to select the SDD for the installation. It is usually already selected, but please check it is the right one. Hit te space bar to mark the SDD for installation. An asterix will show in front of the line with the SDD. Press Enter to proceed.

Wait until OPNsense is installed and the system has rebooted and remove the USB stick when prompted. The bare metal will now boot into the new OPNsense installation. Wait until the login prompt appears.

Default interface assignment

OPNsense will assign the first interface it finds as the LAN interface and the second as the WAN interface. If you are ok with this assignment, you can skip the next paragraph.

Manual interface assignment

If you do not react to the prompt, the process will run as normal and assign the interfaces automatically. If you however hit any key on the keyboard within 10 seconds, the assignment is halted and can now be done manually.

You will be asked for each interface on your bare metal pc, to assign a port to it. Starting with the WAN interface, followed by the LAN interface and then all other ports as OPTx, where x is the number in order OPT1, OPT2, ... and so on.

You will also see a pool of the available physical ports, from which you can choose, in order of discovery. Now enter for each interface the port you want to use. Here, we will select 3 interfaces:

igc0 -> WAN
igc1 -> LAN
igc2 -> OPT1 (will be used for IPTV)

OPT2 is left not assigned for now, just hit enter to skip it and let the boot continue. When the login prompt is displayed, go and connect the laptop to the LAN interface and start the setup of OPNsense.

Are you ready ? Let's go !

Now that OPNsense is installed on our bare metal pc, we are ready to start with the configuration of OPNsense. From here on we will be using the web interface of OPNsense. Under normal circumstances we won't be using the local prompt again.

20250203-01