Le Goût du Libre

User Tools

Site Tools

Trace: opnsensegettingstartedandmaintenance
opnsensegettingstartedandmaintenance

This is an old revision of the document!

Table of Contents

OPNsense Setup and Maintenance Guide

This guide outlines the essential configuration steps after installing OPNsense, followed by recommended maintenance tasks to ensure long-term stability, security, and performance.

Essential Steps After a Fresh Install

  • Go to System → Settings → General:
    • Set your local timezone (e.g. `America/Montreal`)
    • Define hostname (e.g. `router.home`) and local domain if needed
  • Go to System → Settings → Time:
    • Enable NTP sync with reliable servers (e.g. `0.ca.pool.ntp.org`)
  • Go to System → Access → Users:
    • Change the password for the `admin` account
    • Optionally create a new user with limited privileges
  • Go to Interfaces → Assignments:
    • Confirm WAN and LAN mappings
  • Go to Interfaces → WAN:
    • Configure PPPoE, static IP, or DHCP depending on your ISP
  • Go to Services → DHCP Server:
    • Enable DHCP on LAN
    • Configure static leases if needed
  • Go to Services → Unbound DNS → Blocklist:
    • Add blocklists (e.g. StevenBlack’s hosts) to filter ads, malware, and adult content
  • Go to Firewall → Rules → LAN:
    • Allow outbound traffic by default
    • Optionally block private IP ranges or sensitive ports
  • Go to Firewall → Rules → WAN:
    • Block all unsolicited inbound traffic
  • Go to System → Settings → Administration:
    • Enable SSH access if needed
    • Restrict access to trusted IPs
  • Go to System → Configuration → Backups:
    • Download encrypted configuration file manually
    • Set up automated backups to online or offline

Weekly Maintenance Tasks

  • Check for firmware updates
    • Menu: System → Firmware → Updates
    • Duration: 5–10 minutes
    • Notes: Some updates may trigger a reboot; OPNsense will notify you before applying
  • Review system logs and interface status
    • Menu: System → Diagnostics → Logs & Interfaces
    • Duration: 5–10 minutes
    • Notes: Look for errors, dropped packets, or unusual activity

Monthly Maintenance Tasks

  • Verify backup integrity and schedule
    • Menu: System → Configuration → Backups
    • Duration: 5 minutes
    • Notes: Ensure remote backups are recent and restorable
  • Check email notifications
    • Menu: System → Settings → Notifications
    • Duration: 5 minutes
    • Notes: Confirm SMTP settings and test alert delivery
  • Monitor traffic usage
    • Menu: Reporting → NetFlow
    • Duration: 5–15 minutes
    • Notes: Useful for identifying bandwidth hogs or suspicious traffic

Quarterly Maintenance Tasks

  • Test DNS filtering effectiveness
    • Menu: Services → Unbound DNS → Blocklist
    • Duration: 10 minutes
    • Notes: Update blocklists and verify that filtering is active
  • Verify firewall rules
    • Menu: Firewall → Rules → LAN / WAN
    • Duration: 10–20 minutes
    • Notes: Ensure rules match current network needs and security posture
  • Review VPN configuration
    • Menu: VPN → WireGuard / OpenVPN
    • Duration: 10–15 minutes
    • Notes: Test connectivity and update keys or endpoints if needed

Semi-Annual Maintenance Tasks

  • Audit user accounts and privileges
    • Menu: System → Access → Users / Groups
    • Duration: 10 minutes
    • Notes: Remove unused accounts and verify privilege scopes
  • Reboot the system (if uptime exceeds 6+ months)
    • Menu: System → Diagnostics → Reboot
    • Duration: 2–3 minutes
    • Notes: Prevents memory leaks and applies kernel-level updates
opnsensegettingstartedandmaintenance.1762459157.txt.gz · Last modified: by Fabián Rodríguez