How to Install and Set Up OPNsense with IDS in Virt-Manager
What is OPNsense?
OPNsense is an open-source, easy-to-use, and powerful firewall and routing platform. It is based on FreeBSD and designed to offer enterprise-grade features with a user-friendly interface. OPNsense supports features like VPN, intrusion detection, traffic shaping, and advanced routing options. It’s widely used for securing network environments in both small businesses and enterprise networks.
What is an Intrusion Detection System (IDS)?
An Intrusion Detection System (IDS) is a security tool that monitors network or system activities for malicious activities or policy violations. The primary function of an IDS is to detect attacks and unauthorized access attempts by analyzing traffic patterns, logs, and system behavior. If suspicious activity is detected, the IDS generates alerts to notify the network administrator. IDS systems can be signature-based, anomaly-based, or a combination of both.
OPNsense includes an IDS feature that can help protect your network from threats by analyzing traffic passing through the system and alerting you if potential attacks are detected.
Step-by-Step OPNsense Installation and Configuration
1. Install OPNsense
First, download the latest version of OPNsense from the official website.
2. Open Virt-Manager
Next, open Virt-Manager, which is a graphical tool for managing virtual machines.
3. Load the ISO
In Virt-Manager, point it to the OPNsense ISO that you downloaded in step 1. This will be used to install the operating system on your virtual machine.
4. Set the OS to FreeBSD 14.0
When setting up your virtual machine in Virt-Manager, make sure you choose FreeBSD 14.0 as the operating system type.
5. Configure Resources for the Virtual Machine
Allocate the following resources to your virtual machine:
- 2 CPU cores
- 2GB of RAM
- 40GB of storage
These specs will provide enough resources for OPNsense to function properly in a virtualized environment.
6. Select Custom Install
When prompted during the setup process, make sure you choose the Custom Install option to proceed with the OPNsense installation.
7. Set Boot Options
Go to the Boot Options in Virt-Manager, and ensure that the ISO is set as the first boot device. This will allow the virtual machine to boot from the OPNsense installation ISO.
8. Add Another Network Card
Add a second network card to the virtual machine for a separate network. This is necessary for configuring both the WAN and LAN interfaces.
9. Install OPNsense
During the OPNsense installation process, simply choose the default options for all prompts. This makes the process easier and ensures that the basic configuration is set up correctly.
10. Login to OPNsense
Once the installation is complete, you’ll be prompted to log into OPNsense using the default credentials:
- Username:
root - Password:
opnsense
11. Assign Interfaces
After logging in, type 1 to assign interfaces. This will guide you through configuring the WAN and LAN interfaces on your system.
12. Skip Lagg and VLANs
When asked about LAGG (Link Aggregation) and VLANs, respond with No to skip configuring these features for now.
13. Assign WAN and LAN
Assign the interfaces as follows:
- WAN: Assign to vtnet0
- LAN: Assign to vtnet1
This setup will enable internet access on the WAN interface and a local network on the LAN interface.
Setting Up Intrusion Detection System (IDS)
14. Enable Intrusion Detection
Once your OPNsense is up and running, we’ll configure the Intrusion Detection System (IDS). To begin, go to:
- System > Settings > Advanced
- Under the Intrusion Detection tab, click Enable.
15. Enable Syslog Alerts
Next, enable Syslog alerts to ensure that you’ll be notified of any security events detected by the IDS.
16. Set Pattern Match to Aho-Corasick
For improved pattern matching, set the Pattern Match option to Aho-Corasick. This algorithm is efficient for detecting a wide variety of attack signatures.
17. Select WAN Interface
Make sure the IDS is configured to monitor the WAN interface for incoming threats. This will allow it to detect any suspicious activity from the internet.
18. Download IDS Rules
Go to the Download section under the IDS settings and click Download & Update Rules to fetch the latest attack patterns.
19. Select Rules for Download
You’ll be prompted to choose which rules you want to download. For this lab, we recommend downloading all of the available rules for comprehensive protection.
20. Test the IDS
To test the IDS in action, try visiting an IP address from one of the block lists (e.g., a known malicious IP). This will trigger the IDS if the network traffic matches any of the patterns in the rule set.
21. Check IDS Logs
Finally, navigate to the Intrusion Detection Log to confirm that the traffic was detected and blocked. If everything is set up correctly, you should see an entry indicating that the traffic was blocked.
Conclusion
Congratulations! You’ve successfully installed OPNsense in Virt-Manager, set up interfaces, and configured the Intrusion Detection System to monitor and protect your network. By following this guide, you’ve taken an important step in securing your network with OPNsense.