Please enter at least 3 characters
Sep 7, 2022 4 min read

OPNSense HomeLab on ESXi 7 (Part 1)

Chris Freeman
OPNSense HomeLab on ESXi 7 (Part 1)

Use Case

The idea to finally add a true firewall to my home network started when my old home server died. It had 3.5-inch hard drives and one power outage with no UPS took the entire set out. I couldn't salvage much of it so I set out to build a new one. I gathered parts I had laying around and had to order a couple of things to fill in the blanks. This time I had a new project though. The project was to add a firewall to my home network. When opening services up to the real world a lot of home server users just port forward or VPN but this time I was going to open the whole thing. This would include creating a DMZ and adding in a software firewall.

The Firewall

There are many choices out there for OSS, FOSS, and commercial firewalls. For a home network, the commercial ones aren't worth the bill they come with. As for the OSS and FOSS, it comes down to a few. PFsense is more than likely the first one that comes to mind but the community fork OPNSense is the interesting one. With PFsense losing traction and OPNSense looking more and more user-friendly by the update it depends on what you want to look at and the plugins you want to support. In the end, for this build, I have gone with OPNSense and hopefully, I don't have to put another write-up on here about how to switch from OPNSense to PFsense!

The How To

Building ESXi 7

As I said above I started this new build with spare parts that I could get to connect. This build resembles more of a Medium Grade Gaming PC than a server but it will do for the first ESXi host in this new cluster. As of ESXi 7, VMware has stopped shipping a lot of the common network drivers. As this was a PC Gamer grade motherboard, a little extra work needed to be done.

VMUG

This entire ESXi and vCenter build were done using the license from my VMUG subscription. I highly recommend that if you are going into the industry or have a passion for Virtualization you pay for this service to get all these licenses included. Most places you will work for will not be using FOSS for virtualization.

A custom image for ESXi had to be built to include drivers for a generic Intel NIC. To build a new image I use the Powershell tool here.

There is no online ESXi 7 bundle at the moment so you will need to download the ESXi Depot zip from the VMware website.

You will also need ESXi Community Networking Driver found here.

After that is all downloaded put your fling vib in the same folder as your Powershell and run the command below.

.\ESXi-Customizer-PS-v2.6.0.ps1 -izip .\"ESXI_DEPOT_FILE_HERE" -dpkg PATH_TO_VIB

At this point, we should have a bootable ESXi 7 image with networking drivers for almost any system.

Adding In the Extra Network Adapter

For the Firewall to work correctly you need to have two NICs dedicated to the firewall for LAN & WAN. Since this is an ESXi host with a virtual Firewall I needed to grab a PCI-E Network Card that was compatible with ESXi 7. After some research, I finally found a two-port 1.25 Gb card that was ESXi 7 compatible out of the box. The link for that on Amazon is below.

Installing ESXi

This is just a quick rundown of how the ESXi host installation will go in case it is something you are not familiar with.

Booting from USB

  1. Download Rufus.
  2. Plug in your USB Drive and open Rufus.
  3. Select your device. If it's not showing you can use ALT + F to refresh your devices.
  4. Select your ISO (that we created earlier) creating a bootable image.
  5. If any warning pop up about MBR files just accept and move through.
  6. After this is completed you should now have a bootable USB ESXi 7 image.

Installing - NON RAID

For this installation, I did not have a hardware raid to use on my motherboard. Usually, you will create your hardware raid in the bios before installing ESXi. I will be setting up TrueNAS in a later write and link it here for you to see.

Virtualization Enabled

Since this install was done on a PC-grade motherboard I got a warning during installation about virtualization not being enabled. All you need to do to enable it is to boot into your bios and under your advanced settings enable VT Virtualization. If you can not find it, a quick google with your motherboard name and "enable virtualization" will help out.

Post Install Setup

After the installation, you will need to set your IP settings to be able to reach it from your LAN. By now you should have at least a small plan for what the IP scheme will be and set it accordingly.

firewall vmware
Chris Freeman
You might also like
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Nimbus Code.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.