https://kb.unixservertech.com/ 2026-04-18T10:41:29+00:00 https://kb.unixservertech.com/ https://kb.unixservertech.com/_media/wiki/dokuwiki.svg text/html 2022-12-16T23:22:34+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/accessnodefromrw?rev=1671232954&do=diff Access N2N node from Road Warrior With OpenVPN, you can have one router connected to another via a “Net-to-Net” (N2N) connection. This connection is established at startup (generally) and is maintained at all times (as long as both routers are on), connecting both networks over an encrypted connection. This is commonly used to connect branch offices which may be geographically separated. text/html 2020-01-12T01:17:16+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/cron-jobs?rev=1578791836&do=diff opnSense Cron Jobs Basically, it uses configd, so you have to create a service definition for your new script. cd /usr/local/opnsense/service/conf/actions.d Create a file with the name actions_NAME.conf, where NAME is something meaningful to you. The file should have a basic win ini format, with the action needed, then a bunch of lines describing what to do. text/html 2020-03-14T02:45:06+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/dhcponly?rev=1584153906&do=diff Stand-alone DHCP server Discussion OPNSense is a full blown firewall/router, but in one case, we needed to disable everything except the dhcp and dns servers. This is very inefficient, from what I can see, but there were not any DHCP/DNS appliances that I had found, and the stability and usability of OPNSense made it the choice. text/html 2023-09-27T15:22:53+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/dmz?rev=1695828173&do=diff opnSense DMZ DMZ The goal here is to create a DMZ on the same router as our LAN. A DMZ a separate network, which a LAN has access to, but does not have access to the LAN. We can then put servers in the DMZ which we can make publicly available (ie, accessed via public IP's) while maintaining the integrity of our text/html 2021-06-20T07:11:04+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/high_availability?rev=1624173064&do=diff High Availability in opnSense This is just notes on how we built one. Both of our routers are virtuals, running under the KVM hypervisor. That allowed a bunch of shortcuts, such as defining vlans at the hypervisor levels and replicating a running router for the second one. We used two separate machines; the hypervisor was mainly so we could put some additional low resource virtuals on the same physical machine. text/html 2017-12-10T20:45:46+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/manualbackup?rev=1512938746&do=diff Manual Config Backup The configuration file for opnSense is stored in /conf/config.xml. To back up this file, simply use scp to copy it. The directory /conf/backup contains all of the configurations back to the first one you did, so if you want that, grab that entire directory (plus /conf/config.xml). text/html 2023-11-23T06:18:37+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/monitor_remotely?rev=1700720317&do=diff Monitor OpnSense Remotely with Zabbix text/html 2024-12-15T08:12:47+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/multiwan?rev=1734250367&do=diff Multiple External WAN connections Occasionally, you need more than one external network connections. If one outside (WAN, Internet, whatever you want to call it) fails, your router should automatically swap to a second. OpnSense has done an excellent job of setting this up. text/html 2025-07-12T06:23:17+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/nordvpn?rev=1752301397&do=diff NORD VPN on opnSense Setting up NordVPN on an opnsense router is poorly documented (several years old) and assumes all LAN traffic will be pushed through Nord. This document will set up an opnSense firewall using the OpenVPN configuration for NordVPN. When done, all network traffic from the text/html 2025-07-12T07:39:14+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/nordvpnplus?rev=1752305954&do=diff opnSense + NordVPN + otherVPN This document assumes you have a working NordVPN instance which handles all network traffic from your LAN. This is described in the article NORD VPN on opnSense It also assumes you have a second VPN connection already created, and you want to route some traffic through that, with the NordVPN being the default for everything else (aka text/html 2025-01-11T01:59:55+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/quickreferences?rev=1736560795&do=diff opnSense Quick Reference Initial Setup * Do all firmware updates * System | Settings | Administration * Set console for serial, if you want * Enable SSH (Secure Shell) * Choose whether to allow root to log in, and whether to allow password auth text/html 2022-11-10T05:41:50+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/resizevirt?rev=1668058910&do=diff Resizing opnSense virtual Steps are mostly as follows * shutdown the vm & snapshot or back up image * resize the disk image. NOTE: must be larger to retain contents. Use one of the following, depending on where the disk image is stored * truncate -s 10G target.img # local image as a file text/html 2019-07-31T04:18:11+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/roadwarrior?rev=1564546691&do=diff opnSense Road Warrior * Create a Certificate of Authority (hint, use an existing one if you want) * System | Trust | Authorities * Add and select Create Internal * Name - System CA (or something) * Lifetime - 3650 (10 years) * text/html 2023-09-27T13:19:58+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/site-to-site?rev=1695820798&do=diff OPNsense openVPN N2N Planning Considerations To set up a site-to-site (aka net-to-net or lan-to-lan) OpenVPN connection, you have several things you must consider. * You must designate one router to be the “master.” * If you are connecting multiple remote sites to one, it is pretty obvious which would be the central location (the text/html 2017-02-21T03:28:15+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/start?rev=1487647695&do=diff OPNsense Router This is for the OPNsense router appliance software. See them at <https://opnsense.org/> text/html 2025-04-02T06:56:06+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/tablefull?rev=1743576966&do=diff opnSense Table Entries Full We have some servers which use LetsEncrypt, but are blocked by our firewalls from being accessed by anyone outside the US. We have a rule in the firewall that we can turn on, run certbot renew , then turn off. It simply drops the protection from the servers. text/html 2025-09-21T23:47:21+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/totp?rev=1758498441&do=diff TOTP Authentication in OPNSense Time based One Time Password authentication Wikipedia has become more commonly used in Multi-Factor Authentication (MFA) for additional security in various areas. Generally used by authenticators such as FreeOTP, Microsoft Authenticator, Google Authenticator and many more. My preference is FreeOTP due to the ability to back up the configuration without having to use a proprietary system. text/html 2024-09-27T21:06:22+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/upgrade?rev=1727471182&do=diff Easy Multi-version upgrade of opnSense WARNING When I tried to do an upgrade from 24.1 to 24.7, the tool attempted to download from the wrong URL (FreeBSD13: instead of FreeBSD14:) and bricked my router. I ended up reinstalling. However, that is the only time the tool has caused problems for me. text/html 2025-08-24T07:43:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/windowsdns?rev=1756021422&do=diff Windows DNS integration with DHCP Windows DNS integration with DHCP text/html 2023-11-23T06:15:31+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/other/networking/opnsense/zabbix_external?rev=1700720131&do=diff Monitor opnSense remotely with Zabbix