Contact UsGet started

OPNsense

Updated April 7, 2025

OPNsense is an open-source operating system powered by FreeBSD. It is designed as a network firewall and router with lots of features such as routing, firewall protection, NAT, DHCP server, load balancing, VPN, DDNS, PPPoE, IDS, and proxying.

Benefits

  • Modular architecture that allows users to only select the features they need.
  • A built-in package manager that makes it easy to install and update packages.
  • Support for fault-tolerant clustering to ensure high-availability and reliable network performance.
  • Embedded monitoring, logging, and report generation features to help users monitor their network status and detect issues.
  • A firewall, intrusion detection and prevention systems (IDS/IPS), antivirus.
  • Integration with Security Onion, Wazuh etc.
Deployment instructions

  1. Get an SSH key pair to connect to a virtual machine (VM).

  2. Create a VM from a public image. Under Image/boot disk selection, go to the Cloud Marketplace tab and select OPNsense. Under Access:

    • Enter freebsd in the Username field.
    • Paste the contents of the public SSH key file in the SSH key field.

    Save the VM public IP address.

  3. Connect to the VM over SSH. To do this, use the freebsd username and the private SSH key you created earlier.

  4. Run the following commands:

    sudo su

  5. Choose 8 for access to terminal.

    A password to the web interface will be generated at the first run. You can find the password in the /conf/root_password file.

  6. Open https://<VM_public_IP_address>/ in your browser and log in with the password from the /conf/root_password file and the root username.

Instead of the standard freebsd username, you can specify a custom one when creating a VM. To do this:

  1. Create a configuration file for the cloud-init utility, such as config.yaml.

  2. Copy and add the following metadata to the file:

    #cloud-config
datasource:
  Ec2:
    strict_id: false
system_info:
  distro: freebsd
  default_user:
    name: <username>
    ssh_authorized_keys:
      - <public_part_of_SSH_key>
    groups: [wheel]
    sudo: ["ALL=(ALL) NOPASSWD:ALL"]
    shell: /usr/local/bin/bash
  network:
      renderers: ['freebsd']
bootcmd:
  - rmuser -y freebsd

    Where:

    • name: Username.
    • ssh_authorized_keys: Contents of the public SSH key file.

    In FreeBSD, bash is stored in /usr/local/bin/.

  3. Create a VM using the CLI and provide the user metada:

    yc compute instance create \
  --name <VM_name> \
  --zone <availability_zone> \
  --network-interface subnet-name=<subnet_name>,nat-ip-version=ipv4 \
  --create-boot-disk name=disk1,size=20,image-id=fd8t7dhq1pt5gidofilh \
  --metadata-from-file <config.yaml_file_path>

    Where:

    • name: VM name.
    • zone: Availability zone.
    • subnet-name: Subnet name.
    • image-id: FreeBSD image ID.
    • metadata-from-file: Path to the metadata file with user settings.

You can also use cloud-init to manage SSH keys, create multiple users, and install software packages.

Sample cloud-init configuration file for managing user SSH keys:

#cloud-config
datasource:
  Ec2:
    strict_id: false
users:
  - gecos: freebsd
    name: freebsd
    ssh_authorized_keys:
      - <public_part_of_SSH_key>
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: [wheel, sudo]

Where ssh_authorized_keys stands for the contents of the public SSH key file.

Sample cloud-init configuration file for creating multiple users and installing software packages:

#cloud-config
datasource:
  Ec2:
    strict_id: false
users:
  - gecos: <user_details>
    name: <username>
    ssh_authorized_keys:
      - <public_part_of_SSH_key>
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: [wheel, sudo]
  - gecos: <user_details>
    name: <username>
    ssh_authorized_keys:
      - <public_part_of_SSH_key>
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: [wheel, sudo]
packages:
  - curl
  - py39-pip
package_update: true
package_upgrade: false

Where:

  • gecos: Information about the user.
  • name: Username.
  • ssh_authorized_keys: Contents of the public SSH key file for each user.
  • packages: List of software packages to be installed.
Create VM
Billing type
Hourly (Pay as you go)
Type
Virtual Machine
Category
Network infrastructure
Security
Publisher
OpenNix Cloud security
Use cases
  • Creating a VPN connection to provide remote access to resources or interconnect physical and cloud infrastructures.
  • Protecting sites and applications.
  • Translating addresses.
  • Filtering traffic.
  • Routing on the internet.
Links
Official documentation
Technical support

OpenNix
OpenNix provides technical support to OPNsense users in Yandex Cloud. You can contact their technical support by email at support@opennix.ru. Support engineers are available on business days from 9 am to 6 pm GMT+3.

Yandex Cloud
Yandex Cloud does not provide technical support for this product. If you have any issues, please refer to the respective developer’s information resources.

Product IDs
image_id:
fd8i8i03obddu4qk7khe
family_id:
opennix-opnsense
Product composition
SoftwareVersion
FreeBSD14.2-RELEASE-p2
OPNsense25.1.4_1
Terms
By using this product you agree to the Yandex Cloud Marketplace Terms of Service and the terms and conditions of the following software: End user license agreement
Create VM
Billing type
Hourly (Pay as you go)
Type
Virtual Machine
Category
Network infrastructure
Security
Publisher
OpenNix Cloud security