From 7f0d72bbcdb67e231220bd97c8ce4d839d96869d Mon Sep 17 00:00:00 2001 From: pkubaj Date: Thu, 31 Aug 2017 19:38:17 +0200 Subject: [PATCH 1/3] Create OPNSense.md --- docs/OPNSense.md | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 docs/OPNSense.md diff --git a/docs/OPNSense.md b/docs/OPNSense.md new file mode 100644 index 0000000..7192bf4 --- /dev/null +++ b/docs/OPNSense.md @@ -0,0 +1,39 @@ +In order to boot OPNSense via PXE, +you need to do the following: + +1. Download ISO from http://opnsense.mirrorhost.pw/releases/17.7/OPNsense-17.7-OpenSSL-serial-amd64.img.bz2 + + Optionally, you can verify signature of the file, to make sure + it wasn't tampered: + https://opnsense.org/opnsense-17-7-released/ + + You should also check the SHA256 hash: + `sha256 OPNsense-17.7-OpenSSL-serial-amd64.img.bz2` + and compare it to the one in http://opnsense.mirrorhost.pw/releases/17.7/OPNsense-17.7-OpenSSL-checksums-amd64.sha256 + +2. Extract the ISO contents to a directory called + `images/opsense` in TFTP root: + `bzip2 -d OPNsense-17.7-OpenSSL-serial-amd64.img.bz2` + + In order to extract the contents, you need to mount + the ISO with following commands (example from FreeBSD): + `mount /dev/$(mdconfig -a -t vnode -f OPNsense-17.7-OpenSSL-serial-amd64.img)a /mnt` + Then: + `rsync -avvP /mnt/ /srv/tftp/images/opnsense/` + You need to have `rsync` installed. + +2. Relevant entry in DHCP server config: + `option root-path /srv/tftp/images/opnsense;` + `/srv/tftp/images/opnsense` is the path to the extracted ISO. + +3. Relevant entries in PXELINUX config: +``` +label OPNSense + menu label OPNSense + pxe images/OPNSense/boot/pxeboot +``` + +The path `images/pfsense/boot/OPNSense` is relative to TFTP root directory. +It's a path to the PXE loader in the extracted OPNSense installation image. + +Unfortunately, there's no mechanism for unattended installation of OPNSense. From 8f957a45b0c0696ca44eac12dd02bec49f485a49 Mon Sep 17 00:00:00 2001 From: pkubaj Date: Thu, 31 Aug 2017 19:43:58 +0200 Subject: [PATCH 2/3] Show how to compare hashes --- docs/OPNSense.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/OPNSense.md b/docs/OPNSense.md index 7192bf4..f58e04d 100644 --- a/docs/OPNSense.md +++ b/docs/OPNSense.md @@ -8,7 +8,7 @@ you need to do the following: https://opnsense.org/opnsense-17-7-released/ You should also check the SHA256 hash: - `sha256 OPNsense-17.7-OpenSSL-serial-amd64.img.bz2` + `sha256 -c bc8b529accab5609aafaac04504cae48cbb69eb2320b72eadb9c3a1f1b0d4832 OPNsense-17.7-OpenSSL-serial-amd64.img.bz2` and compare it to the one in http://opnsense.mirrorhost.pw/releases/17.7/OPNsense-17.7-OpenSSL-checksums-amd64.sha256 2. Extract the ISO contents to a directory called From cc1a578bfd1a2ac005dc6057ecd11639e6e0d20b Mon Sep 17 00:00:00 2001 From: pkubaj Date: Fri, 1 Sep 2017 20:13:00 +0200 Subject: [PATCH 3/3] Small corrections --- docs/OPNSense.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/docs/OPNSense.md b/docs/OPNSense.md index f58e04d..2149abc 100644 --- a/docs/OPNSense.md +++ b/docs/OPNSense.md @@ -1,4 +1,4 @@ -In order to boot OPNSense via PXE, +In order to boot OPNSense via iPXE, you need to do the following: 1. Download ISO from http://opnsense.mirrorhost.pw/releases/17.7/OPNsense-17.7-OpenSSL-serial-amd64.img.bz2 @@ -18,6 +18,10 @@ you need to do the following: In order to extract the contents, you need to mount the ISO with following commands (example from FreeBSD): `mount /dev/$(mdconfig -a -t vnode -f OPNsense-17.7-OpenSSL-serial-amd64.img)a /mnt` + + To mount the ISO from GNU / Linux use: + `mount -o loop pfSense-CE-2.3.4-RELEASE-amd64.iso /mnt` + Then: `rsync -avvP /mnt/ /srv/tftp/images/opnsense/` You need to have `rsync` installed. @@ -30,10 +34,11 @@ you need to do the following: ``` label OPNSense menu label OPNSense - pxe images/OPNSense/boot/pxeboot + pxe images/opnsense/boot/pxeboot ``` The path `images/pfsense/boot/OPNSense` is relative to TFTP root directory. It's a path to the PXE loader in the extracted OPNSense installation image. -Unfortunately, there's no mechanism for unattended installation of OPNSense. +Unfortunately, there's no mechanism for unattended installation of OPNSense: +https://github.com/opnsense/core/issues/18