5 minute read
Requirements: Keyboard (with English layout), mouse, computer monitor, password generator (e. g. BitWarden), (optional) device connected via WAN port with the final network
Requirements: Computer connected with the same network as the edge device with its WAN port
<https://IP:8006
> in your browsernano /etc/network/interfaces
Now you have two options to setup the final networking:
Delete the existing file and add the following lines:
auto lo
iface lo inet loopback
iface enp6s0 inet manual
iface enp7s0 inet manual
iface enp8s0 inet manual
auto vmbr0
iface vmbr0 inet dhcp
bridge-ports enp6s0
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet manual
bridge-ports enp7s0
bridge-stp off
bridge-fd 0
auto vmbr2
iface vmbr2 inet manual
bridge-ports enp8s0
bridge-stp off
bridge-fd 0
Just add the following lines at the end of the file:
auto vmbr1
iface vmbr1 inet manual
bridge-ports enp7s0
bridge-stp off
bridge-fd 0
auto vmbr2
iface vmbr2 inet manual
bridge-ports enp8s0
bridge-stp off
bridge-fd 0
You can close the file with Control + X
. Reboot the system using reboot
.
Go into the console and enter:
cd /var/lib/vz/template/iso/ && wget https://mirror.dns-root.de/opnsense/releases/20.7/OPNsense-20.7-OpenSSL-dvd-amd64.iso.bz2 && bunzip2 OPNsense-20.7-OpenSSL-dvd-amd64.iso.bz2 && wget https://github.com/rancher/k3os/releases/download/v0.11.1/k3os-amd64.iso && qm create 100 --memory 1024 --sockets 1 -ostype l26 --onboot yes --name opnsense --net0 virtio,bridge=vmbr0 --net1 virtio,bridge=vmbr1 --net2 virtio,bridge=vmbr2 --cdrom local:iso/OPNsense-20.7-OpenSSL-dvd-amd64.iso --virtio0 local-lvm:4 --bootdisk virtio0 && qm create 101 --memory 6144 --sockets 3 -ostype l26 --onboot yes --name k3OS --net0 virtio,bridge=vmbr1 --cdrom local:iso/k3os-amd64.iso --virtio0 local-lvm:200 --bootdisk virtio0 && qm start 100 && qm start 101
This sets up two VMs:
100
with 1024 MB RAM, 1 CPU, 4GB file storage with OPNsense101
with 6114 MB RAM, 3 CPU, 200 GB file storage with k3OSYou should adjust the RAM, CPUs and file storage if you are using a different device.
Requirements: Passwort generator (e. g. BitWarden)
1
and then select no VLAN
, WAN --> vtnet0
, LAN --> vtnet1
, Optional interface 1 --> vtnet2
, Optional interface 2 –> just press enter to abort. Confirm with y
.6
and press enter<https://192.168.1.100
> or <https://192.168.1.1
> (random what works and what not) and login with your selected credentialsThe following steps can be skipped if no VPN is desired by the customer. Continue with step 17.
Retry DNS resolution
Enable authentification of TLS packets
Peer Certificate Authority
and Client certificate
AES-256-CBC
as Encryption algorithm
IPv4 Remote Network
, e.g., 172.16.106.0/24add
. Use all default values and press save
.Apply changes
up
Continue here:
save
.TODO: SETUP PLC NETWORKTODO: Reserve IP for k3OS
sudo k3os install
y
and then enterNow go back to the web interface of OPNsense and give k3OS a reserved IP:
save
Apply changes
reboot
)Now setup k3OS according to the documentation.
Requirements: Python previously installed on your computer.
C:\Users\YOURNAME
mkdir NAME
cd NAME
python -m http.server
localhost:8000
Now you can easily add files to your new folder and host them locally.