Le Goût du Libre

This guide outlines the essential configuration steps after installing OPNsense, followed by recommended maintenance tasks to ensure long-term stability, security, and performance.

• Go to System → Settings → General:
  • Set your local timezone (e.g. `America/Montreal`)
  • Define hostname (e.g. `router.home`) and local domain if needed

• Check for firmware updates (see below under Maintenance)

• Go to System → Access → Users:
  • Change the password for the `root` account
  • Optionally create a new user with limited privileges

• Configure Internet accerss : go to Interfaces → [WAN]:
  • Configure PPPoE, static IP, or DHCP depending on your ISP

• Configure your LAN : go to Services → ISC DHCPv4 [LAN]:
  • Check Enable DHCP server on the LAN interface
  • Configure static leases if needed, by going to the DHCP Static Mappings for this interface (click +).

• Go to Services → Unbound DNS → Blocklist:
  • Add blocklists under Type of DNSBL (e.g. AdGuard List, Steven BlackList) to filter ads, malware, and adult content
  • Whitelist domains
  • Enable Advanced mode to add custom URLs of Blocklists

• Go to System → Settings → Administration:
  • Enable SSH access if needed
  • Restrict access to trusted IPs

• Go to System → Configuration → Backups:
  • Download encrypted configuration file manually
  • Set up automated backups to online or offline

• Check for firmware updates
  • Menu: System → Firmware → Updates
  • Duration: 5–10 minutes
  • Notes: Some updates may trigger a reboot; OPNsense will notify you before applying

• Review system logs and interface status
  • Menu: System → Diagnostics → Logs & Interfaces
  • Duration: 5–10 minutes
  • Notes: Look for errors, dropped packets, or unusual activity

• Verify backup integrity and schedule
  • Menu: System → Configuration → Backups
  • Duration: 5 minutes
  • Notes: Ensure remote backups are recent and restorable

• Check email notifications
  • Menu: System → Settings → Notifications
  • Duration: 5 minutes
  • Notes: Confirm SMTP settings and test alert delivery

• Monitor traffic usage
  • Menu: Reporting → NetFlow
  • Duration: 5–15 minutes
  • Notes: Useful for identifying bandwidth hogs or suspicious traffic

• Test DNS filtering effectiveness
  • Menu: Services → Unbound DNS → Blocklist
  • Duration: 10 minutes
  • Notes: Update blocklists and verify that filtering is active

• Verify firewall rules
  • Menu: Firewall → Rules → LAN / WAN
  • Duration: 10–20 minutes
  • Notes: Ensure rules match current network needs and security posture

• Review VPN configuration
  • Menu: VPN → WireGuard / OpenVPN
  • Duration: 10–15 minutes
  • Notes: Test connectivity and update keys or endpoints if needed

• Audit user accounts and privileges
  • Menu: System → Access → Users / Groups
  • Duration: 10 minutes
  • Notes: Remove unused accounts and verify privilege scopes

• Reboot the system (if uptime exceeds 6+ months)
  • Menu: System → Diagnostics → Reboot
  • Duration: 2–3 minutes
  • Notes: Prevents memory leaks and applies kernel-level updates