I love your choice of background pictures on the wall behind you. Those women are so iconic! Thanks for the video as well. As a retired software developer, engineer, and system architect I have needed to make this jump to a firewall/router of my own making for some time, as my off the shelf Linksys has long been without any security updates. This is probably the main reason we should all consider making and configuring our own, assuming we have the fundamental understanding of what makes it all tic. Your average user really has no clue and should probably use whatever their ISPs can provide. Those of us in the know understand those are not adequate either to really protect our internet lives, though complete internet safety is, as we all know, a myth. Making our own is the best we can do though. Thanks for the pointers.
No idea why, but that iconic photo of Ms Hepburn was the start and after a while I felt the wall was missing something so... Anyway, good to know the video was helpful And given the way things are going, open source seems to be the way to go
Just recently found your channel while looking for info about USB passthrough. Great videos, and very thoroughly explained! Upgraded one of my server hosts at work to XCP-ng from XenServer after watching it :) We recently purchased a Protectli with OPNsense for our main site and are setting it up. I hope you explore some more of the configurability in future videos! :D
Another great tutorial I know that u may not prefer to use virtual firewall as your main one. Nonetheless, I’d be greatly appreciate a tutorial on how to harden proxmox and use pfsense/opnsense as the main home router Many thanks
the annoying thing about both open sense and pfsense is that there is not enough guidance out there as far as managing it, it seems all the content out there is a fork of the installation process.No one is making structred content on how to really really use it.
I must admit I've only covered High Availability and ZenArmor for opnSense Although I did do firewall rules in general in other videos I'll have a look and see what else I might be able to contribute, but I like to keep things simple so I only run it as a basic firewall If you start adding extra features to a firewall, like making it your DHCP server, you reduce the security because you're exposing it to more potential bugs and vulnerabilities on the internal network
Loved your straight forward approach. Although I had to download it and watch it as OPNsense would not connect to the internet. Where is the next instalment? How to connect/protect from/to the internet. I am not really excited about pulling our the cable every time I want to print, watch a video or connect to my other PC's on the network. What is the next set of instructions.
Thanks for the feedback, much appreciated I suggest checking out this video which covers the basics of firewall rules ruclips.net/video/PBLFYvUIU54/видео.html
@@TechTutorialsDavidMcKone there are a lot of videos about ventoy, look it up... been useing it for 3-4 years...i just made an 32gb stick with it, then i copy paste all my iso files on the stick, and you can boot anything you want from just that 1 stick... no more 1 stick for windous 10, 1 for win11 and 1 for linux :)
@@TechTutorialsDavidMcKone Actually I just tried to use my Ventoy USB stick to install OPNsense this afternoon and it doesn't complete the initial stage. Now that could easily be my fault using Ventoy wrong - but the fact is that when I just burned the OPNsense image to its own flash drive in the normal way, using Etcher, it completed without issue. That all said, Ventoy is fantastic working 90% fo the time, even for me.
I'm not quite sure what you mean by 100 computer unit, can you rephrase the question please? If you're asking can OPNSense handle the throughput of 100 computers then it depends on the computer the OS is installed on, how many CPUs and how much RAM it has, how fast the network interface is and so on
Yes sir i mean the troughput. I am planning to use this device as firewall server for 100 computer if it can handle it. The device would be. Celeron N5105(10W TDP) Fanless Mini PC 4x Intel i225/i226 2.5G LAN CPU: Intel Jasper Lake Celeron Processor N5105, 4 core 4 threads,64 bit, 10nm, 2.0GHz up to 2.9GHz, 4M cache RAM: 16GDDR4 2666MHz SSD: 256GB M.2 2280 NVMe SSD.. thank you sir..
@@TheInspiration152 As a rough guide it's best to check the vendor's website docs.opnsense.org/manual/hardware.html That seems to suggest the computer specs would be fine for 100 users, but they can't account for things like traffic throughput or CPU load due to encryption like TLS hand off or VPNs E.g. if all the computers operate at the same time and have 1Gb network cards for instance the firewall may be limited by its own interface capacity and so can't cope On the other hand, if they mostly access the Internet through the firewall and that's limited to 1Gb, then the firewall will probably be fine because the limit is now the Internet connection Another challenge is if you plan to use encryption services as they place a lot of load on the CPU Again you need to know how much of that traffic will be in use to understand if the firewall would cope If it's a new network, you just don't know and all you can do is install the firewall and see if it copes, if not then it will need upgrading But if it's an existing network, the assumption would be there is already a firewall in place for instance to provide the details
Having an issue getting a Wan IP ....plugged in an ethernet cable and restarted the router and then the laptop with Opnsense downloaded Still no Wan IP appears
Hi David, great tutorial and very well explained however it doesn't work on the physical PC, I am able to create the installation USB boot from USB, install and when it reboots, there is no operating system available, and I did try the UEFI and the ZFS with no luck and also checked the legacy/UEFI options on the computer BIOS, do you know for this type of installation is there anything missing on my side? Cheers, Dan.
I did use 3 different storages to install 1 SSD 128gb 1 Toshiba HDD sata 500gb 1 Seagate Barracuda 500gb I also created the boot use from 2 different usb (same steps) Boot order HDD/SSD always on first Tried all Boot Mode Auto Boot Mode UEFI only Boot Mode Legacy only I am using a lenovo computer i5 with 8gb ram and last bios update is 2014
Someone reported an install problem, but found it worked after a 2nd attempt Others have suggested making sure all partitions on the drive are removed Have you tried UFS instead of ZFS? One common theme I'm picking up about FreeBSD and no operating system being found is partition problems You could try GParted for instance which can erase things I also came across a mention that Lenovo computers can have issues with partition tables as well it seems which may or may not be related forums.freebsd.org/threads/operating-system-not-found-on-thinkpad-edge-e120.28389/
@Tech Tutorials - David McKone Hi mate, sorry to take long to reply, and Yes Lenovo BIOS can't boot OpenSense I spent a few hours trying changing settings on its BIOS with no luck. The Lenovo I have is a bit old it is from 2016 maybe it couldn't boot because of that, so I also had a Dell Optplex and worked after removing a security check on BIOS. Cheers Dan.
could i pls pick your brain ? Have an Acer Veriton N N4640G with an i5-6500T (4 cores 4 threads) 8gb ram + Intel PRO 1000 VT, 10/100/1000, 4 Porturi RJ-45... Want to transform it into a router/nas... How should i go about it ? Proxmox > pfsense/opnsense as vm and another vm as truenas for plex/jelly or directrly truenas scale > opnsense vm ? Do i even have the horse power for what i try to do ?
Proxmox and TruneNAS Scale both run on Debian so under the hood they're basically the same thing But I'd rather have a NAS that can run other VMs rather than a hypervisor running a NAS as a VM I do run TrueNAS as a VM in my labs but it adds extra latency I did notice a forum post about having to do PCI passthrough mind for something like pfSense as otherwise the throughput could be bad Plex would benefit from its own GPU for transcoding and you'd probably benefit from more memory as even TrueNAS suggests a minimum of 8GB
@@TechTutorialsDavidMcKone I’ve got my router up and running now. Had a weird issue where my ISP wouldn’t issue the new router an IP address right off the bat, but all it took was a little time. Apparently it refreshes the system every 8 hours, with a limit of 4 routers (devices).
@@TechTutorialsDavidMcKone My house had phone jacks throughout, and found out it was utilizing Ethernet. So I swapped all the jacks, set the network up with switches and etc, and now the only thing left is to migrate the system over during a time it won’t potentially disrupt my wife’s work.
@@HydroKyl240COG That's extremely convenient I had heard of cablers putting in RJ45 cables instead of RJ11 for telephone systems Just wish they'd all do that
I love your choice of background pictures on the wall behind you. Those women are so iconic! Thanks for the video as well.
As a retired software developer, engineer, and system architect I have needed to make this jump to a firewall/router of my own making for some time, as my off the shelf Linksys has long been without any security updates. This is probably the main reason we should all consider making and configuring our own, assuming we have the fundamental understanding of what makes it all tic. Your average user really has no clue and should probably use whatever their ISPs can provide. Those of us in the know understand those are not adequate either to really protect our internet lives, though complete internet safety is, as we all know, a myth. Making our own is the best we can do though. Thanks for the pointers.
No idea why, but that iconic photo of Ms Hepburn was the start and after a while I felt the wall was missing something so...
Anyway, good to know the video was helpful
And given the way things are going, open source seems to be the way to go
Just recently found your channel while looking for info about USB passthrough. Great videos, and very thoroughly explained! Upgraded one of my server hosts at work to XCP-ng from XenServer after watching it :) We recently purchased a Protectli with OPNsense for our main site and are setting it up. I hope you explore some more of the configurability in future videos! :D
Thanks for the feedback I really appreciate it
There is other work in the pipeline
Another great tutorial
I know that u may not prefer to use virtual firewall as your main one. Nonetheless, I’d be greatly appreciate a tutorial on how to harden proxmox and use pfsense/opnsense as the main home router
Many thanks
Thanks for the feedback, I appreciate it
Love your channel. Please keep making videos.
Thanks for the feedback, I really appreciate it
the annoying thing about both open sense and pfsense is that there is not enough guidance out there as far as managing it, it seems all the content out there is a fork of the installation process.No one is making structred content on how to really really use it.
I must admit I've only covered High Availability and ZenArmor for opnSense
Although I did do firewall rules in general in other videos
I'll have a look and see what else I might be able to contribute, but I like to keep things simple so I only run it as a basic firewall
If you start adding extra features to a firewall, like making it your DHCP server, you reduce the security because you're exposing it to more potential bugs and vulnerabilities on the internal network
Loved your straight forward approach. Although I had to download it and watch it as OPNsense would not connect to the internet. Where is the next instalment? How to connect/protect from/to the internet. I am not really excited about pulling our the cable every time I want to print, watch a video or connect to my other PC's on the network. What is the next set of instructions.
Thanks for the feedback, much appreciated
I suggest checking out this video which covers the basics of firewall rules
ruclips.net/video/PBLFYvUIU54/видео.html
you could also use a stick with ventoy instead of rufus, thanks for the videos
That's an interesting option but few details about who actually makes this
@@TechTutorialsDavidMcKone there are a lot of videos about ventoy, look it up... been useing it for 3-4 years...i just made an 32gb stick with it, then i copy paste all my iso files on the stick, and you can boot anything you want from just that 1 stick... no more 1 stick for windous 10, 1 for win11 and 1 for linux :)
@@TechTutorialsDavidMcKone Actually I just tried to use my Ventoy USB stick to install OPNsense this afternoon and it doesn't complete the initial stage. Now that could easily be my fault using Ventoy wrong - but the fact is that when I just burned the OPNsense image to its own flash drive in the normal way, using Etcher, it completed without issue. That all said, Ventoy is fantastic working 90% fo the time, even for me.
Hi sir, would like to ask if the device can handle 100 computer unit? Thanks for you tutorial. It's a big help...
I'm not quite sure what you mean by 100 computer unit, can you rephrase the question please?
If you're asking can OPNSense handle the throughput of 100 computers then it depends on the computer the OS is installed on, how many CPUs and how much RAM it has, how fast the network interface is and so on
Yes sir i mean the troughput. I am planning to use this device as firewall server for 100 computer if it can handle it. The device would be.
Celeron N5105(10W TDP) Fanless Mini PC 4x Intel i225/i226 2.5G LAN
CPU: Intel Jasper Lake Celeron Processor N5105, 4 core 4 threads,64 bit, 10nm, 2.0GHz up to 2.9GHz, 4M cache
RAM: 16GDDR4 2666MHz
SSD: 256GB M.2 2280 NVMe SSD.. thank you sir..
@@TheInspiration152 As a rough guide it's best to check the vendor's website
docs.opnsense.org/manual/hardware.html
That seems to suggest the computer specs would be fine for 100 users, but they can't account for things like traffic throughput or CPU load due to encryption like TLS hand off or VPNs
E.g. if all the computers operate at the same time and have 1Gb network cards for instance the firewall may be limited by its own interface capacity and so can't cope
On the other hand, if they mostly access the Internet through the firewall and that's limited to 1Gb, then the firewall will probably be fine because the limit is now the Internet connection
Another challenge is if you plan to use encryption services as they place a lot of load on the CPU
Again you need to know how much of that traffic will be in use to understand if the firewall would cope
If it's a new network, you just don't know and all you can do is install the firewall and see if it copes, if not then it will need upgrading
But if it's an existing network, the assumption would be there is already a firewall in place for instance to provide the details
@@TechTutorialsDavidMcKone thank you sir. I'll give it a try on the device i mentioned then if it will not work, probably i will to upgrade. 🙂🙏
Having an issue getting a Wan IP ....plugged in an ethernet cable and restarted the router and then the laptop with Opnsense downloaded
Still no Wan IP appears
It needs to obtain that IP address from a DHCP server
Otherwise you will have to give it static IP address
Hi David, great tutorial and very well explained however it doesn't work on the physical PC, I am able to create the installation USB boot from USB, install and when it reboots, there is no operating system available, and I did try the UEFI and the ZFS with no luck and also checked the legacy/UEFI options on the computer BIOS, do you know for this type of installation is there anything missing on my side? Cheers, Dan.
That's odd as I checked it on my laptop
What type of storage did you install it on?
And is that at the top of the boot order of the BIOS?
I did use 3 different storages to install
1 SSD 128gb
1 Toshiba HDD sata 500gb
1 Seagate Barracuda 500gb
I also created the boot use from 2 different usb (same steps)
Boot order
HDD/SSD always on first
Tried all
Boot Mode Auto
Boot Mode UEFI only
Boot Mode Legacy only
I am using a lenovo computer i5 with 8gb ram and last bios update is 2014
Xubuntu and Windows 10 works fine
Someone reported an install problem, but found it worked after a 2nd attempt
Others have suggested making sure all partitions on the drive are removed
Have you tried UFS instead of ZFS?
One common theme I'm picking up about FreeBSD and no operating system being found is partition problems
You could try GParted for instance which can erase things
I also came across a mention that Lenovo computers can have issues with partition tables as well it seems which may or may not be related
forums.freebsd.org/threads/operating-system-not-found-on-thinkpad-edge-e120.28389/
@Tech Tutorials - David McKone Hi mate, sorry to take long to reply, and Yes Lenovo BIOS can't boot OpenSense I spent a few hours trying changing settings on its BIOS with no luck. The Lenovo I have is a bit old it is from 2016 maybe it couldn't boot because of that, so I also had a Dell Optplex and worked after removing a security check on BIOS.
Cheers
Dan.
Outstanding, thank you.
Thanks for the feedback, I really appreciate it
could i pls pick your brain ? Have an Acer Veriton N N4640G with an i5-6500T (4 cores 4 threads) 8gb ram + Intel PRO 1000 VT, 10/100/1000, 4 Porturi RJ-45... Want to transform it into a router/nas... How should i go about it ? Proxmox > pfsense/opnsense as vm and another vm as truenas for plex/jelly or directrly truenas scale > opnsense vm ? Do i even have the horse power for what i try to do ?
Proxmox and TruneNAS Scale both run on Debian so under the hood they're basically the same thing
But I'd rather have a NAS that can run other VMs rather than a hypervisor running a NAS as a VM
I do run TrueNAS as a VM in my labs but it adds extra latency
I did notice a forum post about having to do PCI passthrough mind for something like pfSense as otherwise the throughput could be bad
Plex would benefit from its own GPU for transcoding and you'd probably benefit from more memory as even TrueNAS suggests a minimum of 8GB
@@TechTutorialsDavidMcKone i can expand the memory to 16gb... so should i go for truenas ?
I think TrueNAS would be the better option when a NAS is involved
Ty very much. Certainly not as intuitive as other SW, imo.
That's always the challenge
Companies create standards for doing things, yet everybody comes up with different ways to do installations
@@TechTutorialsDavidMcKone I’ve got my router up and running now. Had a weird issue where my ISP wouldn’t issue the new router an IP address right off the bat, but all it took was a little time. Apparently it refreshes the system every 8 hours, with a limit of 4 routers (devices).
@@TechTutorialsDavidMcKone My house had phone jacks throughout, and found out it was utilizing Ethernet. So I swapped all the jacks, set the network up with switches and etc, and now the only thing left is to migrate the system over during a time it won’t potentially disrupt my wife’s work.
@@HydroKyl240COG Wow, that's a long time for a customer to wait
@@HydroKyl240COG That's extremely convenient
I had heard of cablers putting in RJ45 cables instead of RJ11 for telephone systems
Just wish they'd all do that