===== OPNsense Setup and Maintenance Guide ===== This guide outlines the essential configuration steps after installing OPNsense, followed by recommended maintenance tasks to ensure long-term stability, security, and performance. ==== Essential Steps After a Fresh Install ==== * Go to **System → Settings → General**: * Set your local timezone (e.g. `America/Montreal`) * Define hostname (e.g. `router.home`) and local domain if needed * Check for firmware updates (see below under Maintenance) * Go to **System → Access → Users**: * Change the password for the `root` account * Optionally create a new user with limited privileges * Configure Internet accerss : go to **Interfaces → [WAN]**: * Configure PPPoE, static IP, or DHCP depending on your ISP * Configure your LAN : go to **Services → ISC DHCPv4 [LAN]**: * Check **Enable DHCP server on the LAN interface** * Configure static leases if needed, by going to the **DHCP Static Mappings for this interface** (click **+**). * Go to **Services → Unbound DNS → Blocklist**: * Add blocklists under **Type of DNSBL** (e.g. AdGuard List, Steven BlackList) to filter ads, malware, and adult content * Whitelist domains * Enable **Advanced mode** to add custom URLs of Blocklists * Go to **System → Settings → Administration**: * Enable SSH access if needed * Restrict access to trusted IPs * Go to **System → Configuration → Backups**: * Download encrypted configuration file manually * Set up automated backups to online or offline ==== OPNsense recommended maintenance tasks ==== === Weekly Maintenance Tasks === * **Check for firmware updates** * Menu: **System → Firmware → Updates** * Duration: 5–10 minutes * Notes: Some updates may trigger a reboot; OPNsense will notify you before applying * **Review system logs and interface status** * Menu: **System → Diagnostics → Logs & Interfaces** * Duration: 5–10 minutes * Notes: Look for errors, dropped packets, or unusual activity === Monthly Maintenance Tasks === * **Verify backup integrity and schedule** * Menu: **System → Configuration → Backups** * Duration: 5 minutes * Notes: Ensure remote backups are recent and restorable * **Check email notifications** * Menu: **System → Settings → Notifications** * Duration: 5 minutes * Notes: Confirm SMTP settings and test alert delivery * **Monitor traffic usage** * Menu: **Reporting → NetFlow** * Duration: 5–15 minutes * Notes: Useful for identifying bandwidth hogs or suspicious traffic === Quarterly Maintenance Tasks === * **Test DNS filtering effectiveness** * Menu: **Services → Unbound DNS → Blocklist** * Duration: 10 minutes * Notes: Update blocklists and verify that filtering is active * **Verify firewall rules** * Menu: **Firewall → Rules → LAN / WAN** * Duration: 10–20 minutes * Notes: Ensure rules match current network needs and security posture * **Review VPN configuration** * Menu: **VPN → WireGuard / OpenVPN** * Duration: 10–15 minutes * Notes: Test connectivity and update keys or endpoints if needed === Semi-Annual Maintenance Tasks === * **Audit user accounts and privileges** * Menu: **System → Access → Users / Groups** * Duration: 10 minutes * Notes: Remove unused accounts and verify privilege scopes * **Reboot the system (if uptime exceeds 6+ months)** * Menu: **System → Diagnostics → Reboot** * Duration: 2–3 minutes * Notes: Prevents memory leaks and applies kernel-level updates