forked from NationTech/harmony
109 lines
3.6 KiB
Markdown
109 lines
3.6 KiB
Markdown
# OPNsense PXE Lab Environment
|
|
|
|
This project contains a script to automatically set up a virtual lab environment for testing PXE boot services managed by an OPNsense firewall.
|
|
|
|
## Overview
|
|
|
|
The `pxe_vm_lab_setup.sh` script will create the following resources using libvirt/KVM:
|
|
|
|
1. **A Virtual Network**: An isolated network named `harmonylan` (`virbr1`) for the lab.
|
|
2. **Two Virtual Machines**:
|
|
* `opnsense-pxe`: A firewall VM that will act as the gateway and PXE server.
|
|
* `pxe-node-1`: A client VM configured to boot from the network.
|
|
|
|
## Prerequisites
|
|
|
|
Ensure you have the following software installed on your Arch Linux host:
|
|
|
|
* `libvirt`
|
|
* `qemu`
|
|
* `virt-install` (from the `virt-install` package)
|
|
* `curl`
|
|
* `bzip2`
|
|
|
|
## Usage
|
|
|
|
### 1. Create the Environment
|
|
|
|
Run the `up` command to download the necessary images and create the network and VMs.
|
|
|
|
```bash
|
|
sudo ./pxe_vm_lab_setup.sh up
|
|
```
|
|
|
|
### 2. Install and Configure OPNsense
|
|
|
|
The OPNsense VM is created but the OS needs to be installed manually via the console.
|
|
|
|
1. **Connect to the VM console**:
|
|
```bash
|
|
sudo virsh console opnsense-pxe
|
|
```
|
|
|
|
2. **Log in as the installer**:
|
|
* Username: `installer`
|
|
* Password: `opnsense`
|
|
|
|
3. **Follow the on-screen installation wizard**. When prompted to assign network interfaces (`WAN` and `LAN`):
|
|
* Find the MAC address for the `harmonylan` interface by running this command in another terminal:
|
|
```bash
|
|
virsh domiflist opnsense-pxe
|
|
# Example output:
|
|
# Interface Type Source Model MAC
|
|
# ---------------------------------------------------------
|
|
# vnet18 network default virtio 52:54:00:b5:c4:6d
|
|
# vnet19 network harmonylan virtio 52:54:00:21:f9:ba
|
|
```
|
|
* Assign the interface connected to `harmonylan` (e.g., `vtnet1` with MAC `52:54:00:21:f9:ba`) as your **LAN**.
|
|
* Assign the other interface as your **WAN**.
|
|
|
|
4. After the installation is complete, **shut down** the VM from the console menu.
|
|
|
|
5. **Detach the installation media** by editing the VM's configuration:
|
|
```bash
|
|
sudo virsh edit opnsense-pxe
|
|
```
|
|
Find and **delete** the entire `<disk>` block corresponding to the `.img` file (the one with `<target ... bus='usb'/>`).
|
|
|
|
6. **Start the VM** to boot into the newly installed system:
|
|
```bash
|
|
sudo virsh start opnsense-pxe
|
|
```
|
|
|
|
### 3. Connect to OPNsense from Your Host
|
|
|
|
To configure OPNsense, you need to connect your host to the `harmonylan` network.
|
|
|
|
1. By default, OPNsense configures its LAN interface with the IP `192.168.1.1`.
|
|
2. Assign a compatible IP address to your host's `virbr1` bridge interface:
|
|
```bash
|
|
sudo ip addr add 192.168.1.5/24 dev virbr1
|
|
```
|
|
3. You can now access the OPNsense VM from your host:
|
|
* **SSH**: `ssh root@192.168.1.1` (password: `opnsense`)
|
|
* **Web UI**: `https://192.168.1.1`
|
|
|
|
### 4. Configure PXE Services with Harmony
|
|
|
|
With connectivity established, you can now use Harmony to configure the OPNsense firewall for PXE booting. Point your Harmony OPNsense scores to the firewall using these details:
|
|
|
|
* **Hostname/IP**: `192.168.1.1`
|
|
* **Credentials**: `root` / `opnsense`
|
|
|
|
### 5. Boot the PXE Client
|
|
|
|
Once your Harmony configuration has been applied and OPNsense is serving DHCP/TFTP, start the client VM. It will automatically attempt to boot from the network.
|
|
|
|
```bash
|
|
sudo virsh start pxe-node-1
|
|
sudo virsh console pxe-node-1
|
|
```
|
|
|
|
## Cleanup
|
|
|
|
To destroy all VMs and networks created by the script, run the `clean` command:
|
|
|
|
```bash
|
|
sudo ./pxe_vm_lab_setup.sh clean
|
|
```
|