OPNsense Basic Configuration Guide (2025) | WAN/LAN, DNS, Updates & Admin

After installing OPNsense (whether on physical hardware or a virtual machine like Proxmox), the next critical step is to configure its network interfaces so it can function as a firewall and router. This involves assigning the WAN (Wide Area Network) and LAN (Local Area Network) IPs and setting up core services like DHCP.

This guide covers the crucial initial setup steps using OPNsense’s web-based initial configuration wizard.

1. Preparation: Ensuring Both Interfaces Exist

Before booting, ensure your OPNsense installation has at least two network interfaces:

  1. WAN Interface: Connects to the internet/upstream network (e.g., your modem).

  2. LAN Interface: Connects to your internal private network (where your local devices live).

If you are using a virtual environment (like Proxmox), you must first add a second network adapter to the virtual machine.

2. Accessing the Web Interface

By default, OPNsense sets a default configuration that may allow web access via the WAN IP or a temporary LAN IP.

  1. Log in to the Console: Log in to the OPNsense console as root.

  2. Find the IP: Determine the IP address OPNsense is currently using for its WAN interface (or the LAN interface if assigned).

  3. Access the Wizard: Open a web browser on a computer that can reach that IP address and navigate to it (e.g., https://10.0.5.2).

    • Log in with the default credentials: Username: root, Password: opnsense.

3. The Initial Configuration Wizard

The setup wizard guides you through the most important basic settings.

Step 1: Hostname and DNS Settings

Configure your firewall’s basic identity and internet resolution settings.

  • Hostname and Domain: Set a descriptive Hostname (e.g., FW2) and your Domain (e.g., zoloul.uk).

  • DNS: Set preferred DNS Servers (e.g., 8.8.8.8 or your own internal DNS).

Step 2: WAN Interface Configuration

The WAN interface requires a static IP address if you have a non-DHCP ISP connection, or DHCP if your ISP automatically assigns an address.

  • Type: Set the IPv4 configuration type (e.g., Static).

  • WAN IP: Enter the WAN IP Address and CIDR mask (e.g., 10.0.5.2/8).

  • Gateway: Enter the Default Gateway for the WAN network.

  • Block Options: Leave the “Block RFC1918 Private Networks” unchecked if you need to access the web portal via the WAN IP, though it’s typically checked for security. (Screenshot Suggestion: The WAN Configuration screen showing the Static IP, Gateway, and CIDR mask.)

Step 3: LAN Interface Configuration

The LAN interface is the gateway for your local network. It usually gets a private IP address.

  • LAN IP: Set a private IP Address and CIDR mask (e.g., 172.16.0.1/16) .

  • DHCP Server: Check the box to enable the DHCP Server on the LAN interface. This allows OPNsense to hand out IP addresses to all your connected local devices.

Step 4: Final Steps

  • Root Password: Optionally change the root administrative password.

  • Apply Changes: Click Apply to finalize all settings. The firewall will reload its services.

4. Verification

After the services restart, any virtual machine or client device connected to the LAN bridge (VMBBR1 in the video’s example) should automatically receive an IP address from the new DHCP range.

You can then test accessing the firewall’s web interface using the newly configured LAN IP address.

Leave a Reply

Your email address will not be published. Required fields are marked *