Table of contents : Practical OPNsense Practical OPNsense Preface Preface of the third edition Preface of the first and second edition Overview Resources Legal Introduction Evolving. Open Source. Try before Buy. Hardware-independent. Unix. Best Of. History Part I For Beginners Chapter 1: Quickstart What is OPNsense? IP address Setup Overview Summary Chapter 2: Lab Network Resources Virtualization Hardware Networks Separate by switches Separate by VLANs Firewall Addressing Lab Server Utilization Chapter 3: Platform Preparation VMware Workstation Pro Workstation Player ESXi VirtualBox vboxnet Virtual machines Hardware Embedded systems Chapter 4: Installation Operating system Storage Post-installation tasks VMware tools Keyboard layout System sounds Chapter 5: Initial Setup Initial setup Defaults Assigning the network adapter Assigning IP addresses Secondary setup Security Miscellaneous Network card IPv6 Routing Final testing Summary Part II For Intermediates Chapter 6: Firewall OPNsense as a firewall Lab setup Firewall rules Logging Throughput Best practice Additional filter Time-based rules Anti-spoofing GeoIP Technical background Order of processing Troubleshooting Summary Chapter 7: Transparent Firewall Pros and cons Lab setup Configuration Filter operation Ruleset Connection test Uncover transparent firewall Technical background Summary Chapter 8: Network Address Translation Lab setup Scenarios One-to-One NAT Simple outbound translation Advanced outbound translation Port forward IPv6 NAT Reflection Technical background Summary Chapter 9: Management Interface Create a management interface Secure management interface Define management subnets Firewall rules Separate from end-user traffic Bandwidth limitation Two-factor authentication Summary Part III For Experts Chapter 10: IPsec VPN Security Lab setup Connection setup Firewall Status Address translation Dead Peer Detection IPv6 VPN throughput Troubleshooting Error pattern Technical background Outlook IKEv2 Mobile clients Tinc VPN ZeroTier Summary Chapter 11: OpenVPN Operation Authentication Username Pre-shared key Certificates Differences to IPsec Lab setup Site-to-Site tunnel Client Ruleset Connectivity Client-server tunnel Client Troubleshooting Certificates Technical background Summary Chapter 12: High Availability Basics Lab network CARP group Stateless Address translation State tables Synchronization of sessions Synchronization of configuration Best practice Asymmetric routing Master election Synchronization Quicker failover Load balancing IP version 6 Technical background Summary Chapter 13: NetFlow The content of a flow Lab setup Collector Troubleshooting Insight Technical background IPv6 Summary Chapter 14: Web Proxy Lab setup Explicit proxy URL filter Filter by category Blacklists and whitelists Troubleshooting Proxy cluster Functional test TLS Inspection Certificate Authority Configuration Client Functional test Transparent proxy IPv6 Technical background Limitations Outlook Summary Chapter 15: Central Authentication Protocols LDAP RADIUS Lab setup Microsoft Server LDAP RADIUS Directory-as-a-Service OPNsense as LDAP client OPNsense as RADIUS client Two-factor authentication Troubleshooting LDAP RADIUS Technical background Summary Part IV For Hackers Chapter 16: Multi-WAN Requirements Load distribution in the WAN Lab environment Web server Operation Configuration Gateways Health check Gateway Groups Firewall Address translation Scenario Failure Monitoring IPv6 Technical background Summary Chapter 17: DSL router DSL types Lab setup PPPoE Dial-in LAN adapters Network Bridge DNS and DHCP IPv4 with Address Translation IPv6 with prefix delegation Firewall IPv4/IPv6 Management access Technical background Summary Chapter 18: Intrusion Detection IPS and IDS Network integration Lab setup Attack Activate IDS Next attack Fine tuning Activate IPS Transparent IDS Network bridge Technical background Rules Summary Chapter 19: Command Line configd Configuration changes Extension opn-cli Undo changes Updates Packages Summary Chapter 20: Performance Tuning Lab setup Baseline Virtual network adapter Routing throughput IPsec throughput Measuring method Increasing performance AES-NI Multiple CPU cores MTU and MSS Populate ARP cache Summary Part V For Admins Chapter 21: Best Practice Factory reset Thorough Benchmark throughput SSH login without password Generate key pair Display public key Link public key with a firewall Login with the private key Password reset Chapter 22: Configuration Dropbox Automatic backup Google Drive Access the API Set up Drive Upload Automatic backup Summary Chapter 23: Life Hacks Access from Windows Span port Telegram Firewall rules with category Quick search Chapter 24: Application Programming Interface How does the API work? Model View Controller Documentation Read Access Write Access What does the API cover? API browser Security Technical background Outlook Summary Appendix A: IP Version 6 Crash course Appendix B: Editing Files in FreeBSD Show content of a file Edit a file Easy Editor Vi IMproved Appendix C: Pattern Matching Selections Quantifiers Characters Special characters Examples Testing Appendix D: Bonus Material Bibliography Index Impressum