{"id":19837,"date":"2026-04-16T17:47:02","date_gmt":"2026-04-16T14:47:02","guid":{"rendered":"https:\/\/unihost.com\/help\/?p=19837"},"modified":"2026-04-16T17:47:02","modified_gmt":"2026-04-16T14:47:02","slug":"configuring-opnsense-in-a-proxmox-ve-virtual-machine","status":"publish","type":"post","link":"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/","title":{"rendered":"Configuring OPNsense in a Proxmox VE Virtual Machine"},"content":{"rendered":"<h2 data-section-id=\"13ax1s5\" data-start=\"0\" data-end=\"15\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Introduction<\/span><\/h2>\n<p data-start=\"17\" data-end=\"233\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">OPNsense can be used in Proxmox VE as a virtual firewall, router, and VPN gateway. In this setup, it separates external traffic from the internal network of virtual machines and also allows secure VPN access to them.<\/span><\/p>\n<p data-start=\"235\" data-end=\"424\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">OPNsense supports several VPN technologies, including WireGuard and OpenVPN. In addition, it can publish internal services externally through NAT \/ Port Forward and reverse proxy scenarios.<\/span><\/p>\n<p data-start=\"426\" data-end=\"457\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">In this article, we will cover:<\/span><\/p>\n<ul data-start=\"459\" data-end=\"673\">\n<li data-section-id=\"1mmj2cx\" data-start=\"459\" data-end=\"501\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">creating a virtual machine with OPNsense<\/span><\/li>\n<li data-section-id=\"1eqs4m1\" data-start=\"502\" data-end=\"525\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">assigning WAN and LAN<\/span><\/li>\n<li data-section-id=\"1m4p2gs\" data-start=\"526\" data-end=\"555\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">basic network configuration<\/span><\/li>\n<li data-section-id=\"wki7u0\" data-start=\"556\" data-end=\"605\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">connecting a Windows VM to the internal network<\/span><\/li>\n<li data-section-id=\"qp5b4e\" data-start=\"606\" data-end=\"673\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">configuring WireGuard for access to OPNsense and virtual machines<\/span><\/li>\n<\/ul>\n<p data-start=\"675\" data-end=\"786\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">In this scenario, OPNsense is used primarily as a central point for routing, traffic filtering, and VPN access.<\/span><\/p>\n<h2 data-section-id=\"kelkox\" data-start=\"788\" data-end=\"805\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Network layout<\/span><\/h2>\n<p data-start=\"807\" data-end=\"839\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">We will use the following setup:<\/span><\/p>\n<ul data-start=\"841\" data-end=\"1084\">\n<li data-section-id=\"wtgfuy\" data-start=\"841\" data-end=\"879\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">OPNsense WAN is connected to vmbr0<\/span><\/li>\n<li data-section-id=\"bwmrao\" data-start=\"880\" data-end=\"918\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">OPNsense LAN is connected to vmbr1<\/span><\/li>\n<li data-section-id=\"8obxiv\" data-start=\"919\" data-end=\"957\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Windows VMs are connected to vmbr1<\/span><\/li>\n<li data-section-id=\"1458hv3\" data-start=\"958\" data-end=\"1010\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">a remote client connects to OPNsense via WireGuard<\/span><\/li>\n<li data-section-id=\"352aqb\" data-start=\"1011\" data-end=\"1084\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">after connecting, access to OPNsense and internal VMs becomes available<\/span><\/li>\n<\/ul>\n<h2 data-section-id=\"16pdxtp\" data-start=\"1086\" data-end=\"1127\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Step 1. Prepare the OPNsense ISO image<\/span><\/h2>\n<p data-start=\"1129\" data-end=\"1200\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">If the image was downloaded in .iso.bz2 format, it must be extracted:<\/span><\/p>\n<div class=\"relative w-full mt-4 mb-1\">\n<div class=\"\">\n<div class=\"relative\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"border border-token-border-light border-radius-3xl corner-superellipse\/1.1 rounded-3xl\">\n<div class=\"h-full w-full border-radius-3xl bg-token-bg-elevated-secondary corner-superellipse\/1.1 overflow-clip rounded-3xl lxnfua_clipPathFallback\">\n<div class=\"pointer-events-none absolute inset-x-4 top-12 bottom-4\">\n<div class=\"pointer-events-none sticky z-40 shrink-0 z-1!\">\n<div class=\"sticky bg-token-border-light\">\u00a0<\/div>\n<\/div>\n<\/div>\n<div class=\"relative\">\n<div class=\"\">\n<div class=\"relative z-0 flex max-w-full\">\n<div id=\"code-block-viewer\" class=\"q9tKkq_viewer cm-editor z-10 light:cm-light dark:cm-light flex h-full w-full flex-col items-stretch \u037ck \u037cy\" dir=\"ltr\">\n<div class=\"cm-scroller\">\n<div class=\"cm-content q9tKkq_readonly\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">bzip2 <span class=\"\u037cu\">-dk<\/span> OPNsense-26.1.2-dvd-amd64.iso.bz2<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"\">\n<div class=\"\">\u00a0<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p data-start=\"1271\" data-end=\"1348\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">This will produce an .iso file that can be uploaded to Proxmox ISO storage.<\/span><\/p>\n<h2 data-section-id=\"1kusc4t\" data-start=\"1350\" data-end=\"1396\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Step 2. Create the OPNsense virtual machine<\/span><\/h2>\n<p data-start=\"1398\" data-end=\"1467\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">In Proxmox, create a new virtual machine and attach the OPNsense ISO.<\/span><\/p>\n<p data-start=\"1469\" data-end=\"1495\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">At minimum, you will need:<\/span><\/p>\n<ul data-start=\"1497\" data-end=\"1547\">\n<li data-section-id=\"ljouvm\" data-start=\"1497\" data-end=\"1519\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">2 network interfaces<\/span><\/li>\n<li data-section-id=\"nv2xin\" data-start=\"1520\" data-end=\"1533\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">one for WAN<\/span><\/li>\n<li data-section-id=\"nv3gvo\" data-start=\"1534\" data-end=\"1547\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">one for LAN<\/span><\/li>\n<\/ul>\n<p data-start=\"1549\" data-end=\"1744\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">If you are using an additional public IP, the WAN interface must be connected to the external bridge and, if required, use the MAC address provided by the hosting provider for that additional IP.<\/span><\/p>\n<p data-start=\"1746\" data-end=\"1838\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">After creating the VM, you may only have one Network Device. In that case, add a second one:<\/span><\/p>\n<p data-start=\"1840\" data-end=\"1883\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Your VM \u2192 Hardware \u2192 Add \u2192 Network Device<\/span><\/p>\n<p data-start=\"1885\" data-end=\"1926\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">For the second interface, select vmbr1.<\/span><\/p>\n<p data-start=\"1928\" data-end=\"1947\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Recommended layout:<\/span><\/p>\n<ul data-start=\"1949\" data-end=\"1986\">\n<li data-section-id=\"bz28em\" data-start=\"1949\" data-end=\"1967\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Net0 \u2192 vmbr0<\/span><\/li>\n<li data-section-id=\"1jd9kzy\" data-start=\"1968\" data-end=\"1986\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Net1 \u2192 vmbr1<\/span><\/li>\n<\/ul>\n<p data-start=\"1988\" data-end=\"2042\" data-is-last-node=\"\" data-is-only-node=\"\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Both network adapters can be configured as <strong data-start=\"2031\" data-end=\"2041\">VirtIO<\/strong>.<\/span><\/p>\n<p><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-19799\" src=\"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-25-47.png\" alt=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Image 1\" width=\"526\" height=\"96\" \/ title=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Image 1\"><\/span><\/p>\n<h2 data-section-id=\"nr35ec\" data-start=\"0\" data-end=\"27\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Step 3. Install OPNsense<\/span><\/h2>\n<p data-start=\"29\" data-end=\"95\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">After booting from the ISO, choose the system installation option.<\/span><\/p>\n<p data-start=\"97\" data-end=\"174\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">In live mode, you will see options for logging in and starting the installer.<\/span><\/p>\n<p data-start=\"176\" data-end=\"201\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Installation credentials:<\/span><\/p>\n<ul data-start=\"203\" data-end=\"254\">\n<li data-section-id=\"1b4vrhj\" data-start=\"203\" data-end=\"227\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong>login<\/strong>: installer<\/span><\/li>\n<li data-section-id=\"1a5lto2\" data-start=\"228\" data-end=\"254\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong>password<\/strong>: opnsense<\/span><\/li>\n<\/ul>\n<p data-start=\"256\" data-end=\"399\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">After the installation is complete, set a new password for root. You will need it later to log in to the system and access the web interface.<\/span><\/p>\n<p data-start=\"401\" data-end=\"435\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Once the installation is finished:<\/span><\/p>\n<ul data-start=\"437\" data-end=\"502\">\n<li data-section-id=\"hx65pw\" data-start=\"437\" data-end=\"467\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">reboot the virtual machine<\/span><\/li>\n<li data-section-id=\"rs5uce\" data-start=\"468\" data-end=\"502\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">boot into the installed system<\/span><\/li>\n<\/ul>\n<h2 data-section-id=\"la1myb\" data-start=\"504\" data-end=\"548\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Step 4. Assign the WAN and LAN interfaces<\/span><\/h2>\n<p data-start=\"550\" data-end=\"617\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">After the first boot of OPNsense, assign the interfaces as follows:<\/span><\/p>\n<ul data-start=\"619\" data-end=\"660\">\n<li data-section-id=\"mina3z\" data-start=\"619\" data-end=\"639\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">WAN \u2192 vtnet0<\/span><\/li>\n<li data-section-id=\"u5qiwl\" data-start=\"640\" data-end=\"660\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">LAN \u2192 vtnet1<\/span><\/li>\n<\/ul>\n<p data-start=\"662\" data-end=\"740\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">If OPNsense only detects one interface, it usually means one of the following:<\/span><\/p>\n<ul data-start=\"742\" data-end=\"869\">\n<li data-section-id=\"xcmq3i\" data-start=\"742\" data-end=\"809\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">the second network adapter was not added to the virtual machine<\/span><\/li>\n<li data-section-id=\"23d8y2\" data-start=\"810\" data-end=\"869\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">the internal bridge has not yet been created in Proxmox<\/span><\/li>\n<\/ul>\n<p data-start=\"871\" data-end=\"943\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">To assign the interfaces in the OPNsense console, press <code data-start=\"927\" data-end=\"930\">1<\/code> and specify:<\/span><\/p>\n<ul data-start=\"945\" data-end=\"978\" data-is-last-node=\"\" data-is-only-node=\"\">\n<li data-section-id=\"on4nhr\" data-start=\"945\" data-end=\"961\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">WAN \u2192 vtnet0<\/span><\/li>\n<li data-section-id=\"xdi7md\" data-start=\"962\" data-end=\"978\" data-is-last-node=\"\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">LAN \u2192 vtnet1<\/span><\/li>\n<\/ul>\n<h2><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-19800\" style=\"color: initial;\" src=\"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-25-56.png\" alt=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Image 2\" width=\"903\" height=\"218\" \/ title=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Image 2\"><\/span><\/h2>\n<h2 data-section-id=\"1avf92s\" data-start=\"0\" data-end=\"49\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Step 5. Configure the WAN and LAN IP addresses<\/span><\/h2>\n<h3 data-section-id=\"elme32\" data-start=\"51\" data-end=\"72\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">WAN configuration<\/span><\/h3>\n<p data-start=\"74\" data-end=\"154\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">To configure the IP address, press 2, select the <strong data-start=\"125\" data-end=\"132\">WAN<\/strong> interface, and enter:<\/span><\/p>\n<ul data-start=\"156\" data-end=\"237\">\n<li data-section-id=\"iv2vae\" data-start=\"156\" data-end=\"192\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">the additional public IP address<\/span><\/li>\n<li data-section-id=\"e7hhcx\" data-start=\"193\" data-end=\"221\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">the subnet mask \/ prefix<\/span><\/li>\n<li data-section-id=\"9fy0mh\" data-start=\"222\" data-end=\"237\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">the gateway<\/span><\/li>\n<\/ul>\n<p data-start=\"239\" data-end=\"303\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Use the network settings provided by your hosting provider here.<\/span><\/p>\n<h3 data-section-id=\"1dtag7p\" data-start=\"305\" data-end=\"326\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">LAN configuration<\/span><\/h3>\n<p data-start=\"328\" data-end=\"491\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Now configure the LAN interface so that virtual machines can automatically receive IP addresses from the internal network and access the Internet through OPNsense.<\/span><\/p>\n<p data-start=\"493\" data-end=\"553\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">In the OPNsense console, press 2 again and select <strong data-start=\"545\" data-end=\"552\">LAN<\/strong>.<\/span><\/p>\n<p data-start=\"555\" data-end=\"570\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Example values:<\/span><\/p>\n<ul data-start=\"572\" data-end=\"1122\">\n<li data-section-id=\"1ai6n2h\" data-start=\"572\" data-end=\"630\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"574\" data-end=\"624\">Configure IPv4 address LAN interface via DHCP?<\/strong> \u2192 n<\/span><\/li>\n<li data-section-id=\"4u4voi\" data-start=\"631\" data-end=\"684\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"633\" data-end=\"667\">Enter the new LAN IPv4 address<\/strong> \u2192 192.168.10.1<\/span><\/li>\n<li data-section-id=\"1y8h92m\" data-start=\"685\" data-end=\"737\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"687\" data-end=\"730\">Enter the new LAN IPv4 subnet bit count<\/strong> \u2192 24<\/span><\/li>\n<li data-section-id=\"1bf4c4k\" data-start=\"738\" data-end=\"798\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"740\" data-end=\"777\">For a LAN, press &lt;ENTER&gt; for none<\/strong> \u2192 just press Enter<\/span><\/li>\n<li data-section-id=\"unjd54\" data-start=\"799\" data-end=\"869\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"801\" data-end=\"852\">Configure IPv6 address LAN interface via DHCP6?<\/strong> \u2192 n or Enter<\/span><\/li>\n<li data-section-id=\"19cbu7n\" data-start=\"870\" data-end=\"916\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"872\" data-end=\"906\">Enter the new LAN IPv6 address<\/strong> \u2192 Enter<\/span><\/li>\n<li data-section-id=\"dajz1f\" data-start=\"917\" data-end=\"974\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"919\" data-end=\"968\">Do you want to enable the DHCP server on LAN?<\/strong> \u2192 y<\/span><\/li>\n<li data-section-id=\"4w0b8e\" data-start=\"975\" data-end=\"1011\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"977\" data-end=\"992\">Range start<\/strong> \u2192 192.168.10.100<\/span><\/li>\n<li data-section-id=\"1ie4ff6\" data-start=\"1012\" data-end=\"1046\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"1014\" data-end=\"1027\">Range end<\/strong> \u2192 192.168.10.200<\/span><\/li>\n<li data-section-id=\"nu1e65\" data-start=\"1047\" data-end=\"1122\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"1049\" data-end=\"1116\">Do you want to revert to HTTP as the web configurator protocol?<\/strong> \u2192 n<\/span><\/li>\n<\/ul>\n<p data-start=\"1124\" data-end=\"1184\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">As a result, OPNsense will hand out LAN addresses over DHCP.<\/span><\/p>\n<h2 data-section-id=\"1lzydut\" data-start=\"1186\" data-end=\"1222\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Step 6. Verify the network layout<\/span><\/h2>\n<p data-start=\"1224\" data-end=\"1251\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Example of a working setup:<\/span><\/p>\n<ul data-start=\"1253\" data-end=\"1316\" data-is-last-node=\"\" data-is-only-node=\"\">\n<li data-section-id=\"11v6xnv\" data-start=\"1253\" data-end=\"1286\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"1255\" data-end=\"1262\">WAN<\/strong> \u2014 a public IP address<\/span><\/li>\n<li data-section-id=\"jux5rh\" data-start=\"1287\" data-end=\"1316\" data-is-last-node=\"\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"1289\" data-end=\"1296\">LAN<\/strong> \u2014 192.168.10.1\/24<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"> <img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-19801\" src=\"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-26-04.png\" alt=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Image 3\" width=\"817\" height=\"596\" \/ title=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Image 3\"><\/span><\/p>\n<h2 data-section-id=\"1mzbxjo\" data-start=\"0\" data-end=\"42\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Step 7. Connect a Windows VM to the LAN<\/span><\/h2>\n<p data-start=\"44\" data-end=\"345\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">At this stage, you need to create a separate Windows VM, because it will be used to open the OPNsense web interface from the internal network and perform the initial setup. The virtual machine is created in Proxmox from a Windows ISO image, using the same general approach as when installing OPNsense.<\/span><\/p>\n<p data-start=\"347\" data-end=\"828\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">When creating the Windows VM, make sure it is connected to vmbr1 so that it is placed in the internal LAN behind OPNsense. You should also use <strong data-start=\"492\" data-end=\"502\">VirtIO<\/strong> for the virtual disk and network adapter. This is important because without the VirtIO drivers, the Windows installer usually cannot detect the disk or the network interface. For this reason, you should attach the <strong data-start=\"717\" data-end=\"738\">VirtIO driver ISO<\/strong> together with the Windows ISO, so the required drivers can be loaded during installation.<\/span><\/p>\n<p data-start=\"830\" data-end=\"1052\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">After the Windows VM is installed, it should receive an internal IP address from the DHCP service on the OPNsense LAN interface. You can then use it to open the OPNsense address in a browser and continue the configuration.<\/span><\/p>\n<p data-start=\"1054\" data-end=\"1107\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">After Windows boots, check the network settings with:<\/span><\/p>\n<div class=\"relative w-full mt-4 mb-1\">\n<div class=\"\">\n<div class=\"relative\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"border border-token-border-light border-radius-3xl corner-superellipse\/1.1 rounded-3xl\">\n<div class=\"h-full w-full border-radius-3xl bg-token-bg-elevated-secondary corner-superellipse\/1.1 overflow-clip rounded-3xl lxnfua_clipPathFallback\">\n<div class=\"pointer-events-none absolute inset-x-4 top-12 bottom-4\">\n<div class=\"pointer-events-none sticky z-40 shrink-0 z-1!\">\n<div class=\"sticky bg-token-border-light\">\u00a0<\/div>\n<\/div>\n<\/div>\n<div class=\"relative\">\n<div class=\"\">\n<div class=\"relative z-0 flex max-w-full\">\n<div id=\"code-block-viewer\" class=\"q9tKkq_viewer cm-editor z-10 light:cm-light dark:cm-light flex h-full w-full flex-col items-stretch \u037ck \u037cy\" dir=\"ltr\">\n<div class=\"cm-scroller\">\n<div class=\"cm-content q9tKkq_readonly\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">ipconfig<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"\">\n<div class=\"\">\u00a0<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p data-start=\"1142\" data-end=\"1165\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">The expected result is:<\/span><\/p>\n<ul data-start=\"1167\" data-end=\"1244\" data-is-last-node=\"\" data-is-only-node=\"\">\n<li data-section-id=\"1lejsy0\" data-start=\"1167\" data-end=\"1219\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">an IPv4 address from the 192.168.10.0\/24 network<\/span><\/li>\n<li data-section-id=\"1rzcitn\" data-start=\"1220\" data-end=\"1244\" data-is-last-node=\"\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">gateway 192.168.10.1<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"> <img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-19802\" src=\"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-26-16.png\" alt=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Image 4\" width=\"535\" height=\"322\" \/ title=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Image 4\"><\/span><\/p>\n<h2 data-section-id=\"2fgqhi\" data-start=\"0\" data-end=\"39\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Step 8. Connect to OPNsense over LAN<\/span><\/h2>\n<p data-start=\"41\" data-end=\"137\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">For the initial setup, it is more convenient to first access OPNsense from the internal network.<\/span><\/p>\n<p data-start=\"139\" data-end=\"231\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">On the Windows VM, open a browser and go to the OPNsense LAN address. In our example, it is:<\/span><\/p>\n<div class=\"relative w-full mt-4 mb-1\">\n<div class=\"\">\n<div class=\"relative\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"border border-token-border-light border-radius-3xl corner-superellipse\/1.1 rounded-3xl\">\n<div class=\"h-full w-full border-radius-3xl bg-token-bg-elevated-secondary corner-superellipse\/1.1 overflow-clip rounded-3xl lxnfua_clipPathFallback\">\n<div class=\"pointer-events-none absolute end-1.5 top-1 z-2 md:end-2 md:top-1\">\u00a0<\/div>\n<div class=\"relative\">\n<div class=\"pe-11 pt-3\">\n<div class=\"relative z-0 flex max-w-full\">\n<div id=\"code-block-viewer\" class=\"q9tKkq_viewer cm-editor z-10 light:cm-light dark:cm-light flex h-full w-full flex-col items-stretch \u037ck \u037cy\" dir=\"ltr\">\n<div class=\"cm-scroller\">\n<div class=\"cm-content q9tKkq_readonly\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">https:\/\/192.168.10.1\/<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"\">\n<div class=\"\">\u00a0<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p data-start=\"280\" data-end=\"304\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Enter the login details:<\/span><\/p>\n<ul data-start=\"306\" data-end=\"393\">\n<li data-section-id=\"1glqnhz\" data-start=\"306\" data-end=\"325\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"308\" data-end=\"318\">login:<\/strong> root<\/span><\/li>\n<li data-section-id=\"fd4dfs\" data-start=\"326\" data-end=\"393\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"328\" data-end=\"341\">password:<\/strong> the one you set when the installation was completed<\/span><\/li>\n<\/ul>\n<h2 data-section-id=\"16xe426\" data-start=\"395\" data-end=\"457\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Step 9. Allow external access to OPNsense only from your IP<\/span><\/h2>\n<p data-start=\"459\" data-end=\"624\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">For convenience during \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438, you can temporarily allow access to the OPNsense web interface from the outside, but only from your external IP address.<\/span><\/p>\n<p data-start=\"626\" data-end=\"632\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Go to:<\/span><\/p>\n<p data-start=\"634\" data-end=\"658\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Firewall \u2192 Rules \u2192 WAN<\/span><\/p>\n<p data-start=\"660\" data-end=\"722\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Click <strong data-start=\"666\" data-end=\"673\">Add<\/strong> and create a rule with the following parameters:<\/span><\/p>\n<ul data-start=\"724\" data-end=\"818\">\n<li data-section-id=\"ylmchp\" data-start=\"724\" data-end=\"744\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"726\" data-end=\"737\">Action:<\/strong> Pass<\/span><\/li>\n<li data-section-id=\"1hzd3ov\" data-start=\"745\" data-end=\"767\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"747\" data-end=\"761\">Interface:<\/strong> WAN<\/span><\/li>\n<li data-section-id=\"hzp82q\" data-start=\"768\" data-end=\"796\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"770\" data-end=\"789\">TCP\/IP Version:<\/strong> IPv4<\/span><\/li>\n<li data-section-id=\"1pk4n8j\" data-start=\"797\" data-end=\"818\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"799\" data-end=\"812\">Protocol:<\/strong> TCP<\/span><\/li>\n<\/ul>\n<p data-start=\"820\" data-end=\"846\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">In the <strong data-start=\"827\" data-end=\"837\">Source<\/strong> section:<\/span><\/p>\n<ul data-start=\"848\" data-end=\"919\">\n<li data-section-id=\"n3aqpi\" data-start=\"848\" data-end=\"886\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"850\" data-end=\"861\">Source:<\/strong> Single host or Network<\/span><\/li>\n<li data-section-id=\"2akn37\" data-start=\"887\" data-end=\"919\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">enter your external IP address<\/span><\/li>\n<\/ul>\n<p data-start=\"921\" data-end=\"952\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">In the <strong data-start=\"928\" data-end=\"943\">Destination<\/strong> section:<\/span><\/p>\n<ul data-start=\"954\" data-end=\"988\">\n<li data-section-id=\"xxlnuu\" data-start=\"954\" data-end=\"988\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"956\" data-end=\"972\">Destination:<\/strong> This Firewall<\/span><\/li>\n<\/ul>\n<p data-start=\"990\" data-end=\"1032\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">In the <strong data-start=\"997\" data-end=\"1023\">Destination Port Range<\/strong> section:<\/span><\/p>\n<ul data-start=\"1034\" data-end=\"1071\">\n<li data-section-id=\"1u2m3rj\" data-start=\"1034\" data-end=\"1053\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"1036\" data-end=\"1045\">From:<\/strong> HTTPS<\/span><\/li>\n<li data-section-id=\"z43k1u\" data-start=\"1054\" data-end=\"1071\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"1056\" data-end=\"1063\">To:<\/strong> HTTPS<\/span><\/li>\n<\/ul>\n<p data-start=\"1073\" data-end=\"1102\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"1073\" data-end=\"1088\">Description<\/strong>, for example:<\/span><\/p>\n<p data-start=\"1104\" data-end=\"1144\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Allow HTTPS to OPNsense GUI from my IP<\/span><\/p>\n<p data-start=\"1146\" data-end=\"1188\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Save the rule and click <strong data-start=\"1170\" data-end=\"1187\">Apply Changes<\/strong>.<\/span><\/p>\n<p data-start=\"1190\" data-end=\"1278\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">After that, the OPNsense web interface will be accessible from your external IP address.<\/span><\/p>\n<h2 data-section-id=\"i4spet\" data-start=\"1280\" data-end=\"1320\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Step 10. Install the WireGuard plugin<\/span><\/h2>\n<p data-start=\"1322\" data-end=\"1359\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">In the OPNsense web interface, go to:<\/span><\/p>\n<p data-start=\"1361\" data-end=\"1390\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">System \u2192 Firmware \u2192 Plugins<\/span><\/p>\n<p data-start=\"1392\" data-end=\"1425\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Install the <strong data-start=\"1404\" data-end=\"1417\">WireGuard<\/strong> plugin.<\/span><\/p>\n<p data-start=\"1427\" data-end=\"1452\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">After installation, open:<\/span><\/p>\n<p data-start=\"1454\" data-end=\"1471\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">VPN \u2192 WireGuard<\/span><\/p>\n<p data-start=\"1473\" data-end=\"1700\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">WireGuard is one of the most convenient options for accessing OPNsense and internal virtual machines. However, OPNsense is not limited to it: the system also supports OpenVPN, as well as road warrior and site-to-site scenarios.<\/span><\/p>\n<p data-start=\"1702\" data-end=\"1914\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">For small infrastructures, WireGuard is usually simpler and easier to maintain. OpenVPN is also a good option if you need a more traditional SSL VPN approach or the ability to export ready-to-use client profiles.<\/span><\/p>\n<h2 data-section-id=\"1m9w3a1\" data-start=\"1916\" data-end=\"1955\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Step 11. Create a WireGuard instance<\/span><\/h2>\n<p data-start=\"1957\" data-end=\"1972\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">In the section:<\/span><\/p>\n<p data-start=\"1974\" data-end=\"2003\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">VPN \u2192 WireGuard \u2192 Instances<\/span><\/p>\n<p data-start=\"2005\" data-end=\"2037\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">create an instance, for example:<\/span><\/p>\n<ul data-start=\"2039\" data-end=\"2124\">\n<li data-section-id=\"1l12s71\" data-start=\"2039\" data-end=\"2059\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"2041\" data-end=\"2050\">Name:<\/strong> wgroad<\/span><\/li>\n<li data-section-id=\"1u0170c\" data-start=\"2060\" data-end=\"2086\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"2062\" data-end=\"2078\">Listen Port:<\/strong> 51820<\/span><\/li>\n<li data-section-id=\"1sykrjv\" data-start=\"2087\" data-end=\"2124\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"2089\" data-end=\"2108\">Tunnel Address:<\/strong> 10.10.10.1\/24<\/span><\/li>\n<\/ul>\n<p data-start=\"2126\" data-end=\"2168\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Generate a key pair and save the instance.<\/span><\/p>\n<h2 data-section-id=\"2713zo\" data-start=\"2170\" data-end=\"2221\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Step 12. Prepare the WireGuard client on your PC<\/span><\/h2>\n<p data-start=\"2223\" data-end=\"2327\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">To connect to the local network via WireGuard, install it on your computer and generate the client keys.<\/span><\/p>\n<p data-start=\"2329\" data-end=\"2368\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Below is one working example for Linux.<\/span><\/p>\n<h3 data-section-id=\"1m3svec\" data-start=\"2370\" data-end=\"2394\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">1. Install WireGuard<\/span><\/h3>\n<div class=\"relative w-full mt-4 mb-1\">\n<div class=\"\">\n<div class=\"relative\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"border border-token-border-light border-radius-3xl corner-superellipse\/1.1 rounded-3xl\">\n<div class=\"h-full w-full border-radius-3xl bg-token-bg-elevated-secondary corner-superellipse\/1.1 overflow-clip rounded-3xl lxnfua_clipPathFallback\">\n<div class=\"relative\">\n<div class=\"\">\n<div class=\"relative z-0 flex max-w-full\">\n<div id=\"code-block-viewer\" class=\"q9tKkq_viewer cm-editor z-10 light:cm-light dark:cm-light flex h-full w-full flex-col items-stretch \u037ck \u037cy\" dir=\"ltr\">\n<div class=\"cm-scroller\">\n<pre class=\"cm-content q9tKkq_readonly\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><span class=\"\u037cs\">sudo<\/span> apt update<\/span><br \/><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><span class=\"\u037cs\">sudo<\/span> apt install <span class=\"\u037cu\">-y<\/span> wireguard wireguard-tools<\/span><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p data-start=\"2483\" data-end=\"2526\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Check that the installation was successful:<\/span><\/p>\n<div class=\"relative w-full mt-4 mb-1\">\n<div class=\"\">\n<div class=\"relative\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"border border-token-border-light border-radius-3xl corner-superellipse\/1.1 rounded-3xl\">\n<div class=\"h-full w-full border-radius-3xl bg-token-bg-elevated-secondary corner-superellipse\/1.1 overflow-clip rounded-3xl lxnfua_clipPathFallback\">\n<div class=\"relative\">\n<div class=\"\">\n<div class=\"relative z-0 flex max-w-full\">\n<div id=\"code-block-viewer\" class=\"q9tKkq_viewer cm-editor z-10 light:cm-light dark:cm-light flex h-full w-full flex-col items-stretch \u037ck \u037cy\" dir=\"ltr\">\n<div class=\"cm-scroller\">\n<pre class=\"cm-content q9tKkq_readonly\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">which wg<\/span><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p data-start=\"2562\" data-end=\"2578\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Expected result:<\/span><\/p>\n<div class=\"relative w-full mt-4 mb-1\">\n<div class=\"\">\n<div class=\"relative\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"border border-token-border-light border-radius-3xl corner-superellipse\/1.1 rounded-3xl\">\n<div class=\"h-full w-full border-radius-3xl bg-token-bg-elevated-secondary corner-superellipse\/1.1 overflow-clip rounded-3xl lxnfua_clipPathFallback\">\n<div class=\"relative\">\n<div class=\"pe-11 pt-3\">\n<div class=\"relative z-0 flex max-w-full\">\n<div id=\"code-block-viewer\" class=\"q9tKkq_viewer cm-editor z-10 light:cm-light dark:cm-light flex h-full w-full flex-col items-stretch \u037ck \u037cy\" dir=\"ltr\">\n<div class=\"cm-scroller\">\n<pre class=\"cm-content q9tKkq_readonly\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">\/usr\/bin\/wg<\/span><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<h3 data-section-id=\"1rguys5\" data-start=\"2617\" data-end=\"2648\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">2. Generate the client keys<\/span><\/h3>\n<div class=\"relative w-full mt-4 mb-1\">\n<div class=\"\">\n<div class=\"relative\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"border border-token-border-light border-radius-3xl corner-superellipse\/1.1 rounded-3xl\">\n<div class=\"h-full w-full border-radius-3xl bg-token-bg-elevated-secondary corner-superellipse\/1.1 overflow-clip rounded-3xl lxnfua_clipPathFallback\">\n<div class=\"relative\">\n<div class=\"\">\n<div class=\"relative z-0 flex max-w-full\">\n<div id=\"code-block-viewer\" class=\"q9tKkq_viewer cm-editor z-10 light:cm-light dark:cm-light flex h-full w-full flex-col items-stretch \u037ck \u037cy\" dir=\"ltr\">\n<div class=\"cm-scroller\">\n<pre class=\"cm-content q9tKkq_readonly\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><span class=\"\u037cs\">mkdir<\/span> <span class=\"\u037cu\">-p<\/span> ~\/wireguard<\/span><br \/><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><span class=\"\u037cs\">chmod<\/span> <span class=\"\u037cq\">700<\/span> ~\/wireguard<\/span><br \/><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">wg genkey | <span class=\"\u037cs\">tee<\/span> ~\/wireguard\/client.key | wg pubkey &gt; ~\/wireguard\/client.pub<\/span><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p data-start=\"2794\" data-end=\"2821\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">You can view the keys with:<\/span><\/p>\n<div class=\"relative w-full mt-4 mb-1\">\n<div class=\"\">\n<div class=\"relative\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"border border-token-border-light border-radius-3xl corner-superellipse\/1.1 rounded-3xl\">\n<div class=\"h-full w-full border-radius-3xl bg-token-bg-elevated-secondary corner-superellipse\/1.1 overflow-clip rounded-3xl lxnfua_clipPathFallback\">\n<div class=\"relative\">\n<div class=\"\">\n<div class=\"relative z-0 flex max-w-full\">\n<div id=\"code-block-viewer\" class=\"q9tKkq_viewer cm-editor z-10 light:cm-light dark:cm-light flex h-full w-full flex-col items-stretch \u037ck \u037cy\" dir=\"ltr\">\n<div class=\"cm-scroller\">\n<pre class=\"cm-content q9tKkq_readonly\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><span class=\"\u037cs\">cat<\/span> ~\/wireguard\/client.pub<\/span><br \/><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><span class=\"\u037cs\">cat<\/span> ~\/wireguard\/client.key<\/span><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<ul data-start=\"2902\" data-end=\"3081\">\n<li data-section-id=\"taodyj\" data-start=\"2902\" data-end=\"2993\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">client.pub \u2014 the client\u2019s public key, which will be needed for the <strong data-start=\"2973\" data-end=\"2981\">Peer<\/strong> in OPNsense<\/span><\/li>\n<li data-section-id=\"18sv9r5\" data-start=\"2994\" data-end=\"3081\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">client.key \u2014 the client\u2019s private key, which will be needed for the wg0.conf file<\/span><\/li>\n<\/ul>\n<h2 data-section-id=\"43ytct\" data-start=\"3083\" data-end=\"3117\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Step 13. Create the client peer<\/span><\/h2>\n<p data-start=\"3119\" data-end=\"3134\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">In the section:<\/span><\/p>\n<p data-start=\"3136\" data-end=\"3161\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">VPN \u2192 WireGuard \u2192 Peers<\/span><\/p>\n<p data-start=\"3163\" data-end=\"3199\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">create a peer for the client system.<\/span><\/p>\n<p data-start=\"3201\" data-end=\"3209\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Example:<\/span><\/p>\n<ul data-start=\"3211\" data-end=\"3337\">\n<li data-section-id=\"1kqq6vd\" data-start=\"3211\" data-end=\"3227\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"3213\" data-end=\"3222\">Name:<\/strong> os<\/span><\/li>\n<li data-section-id=\"xj3s4t\" data-start=\"3228\" data-end=\"3280\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"3230\" data-end=\"3245\">Public Key:<\/strong> paste the contents of client.pub<\/span><\/li>\n<li data-section-id=\"1f7emb7\" data-start=\"3281\" data-end=\"3315\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"3283\" data-end=\"3299\">Allowed IPs:<\/strong> 10.10.10.2\/32<\/span><\/li>\n<li data-section-id=\"1v21lkp\" data-start=\"3316\" data-end=\"3337\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"3318\" data-end=\"3332\">Keepalive:<\/strong> 25<\/span><\/li>\n<\/ul>\n<p data-start=\"3339\" data-end=\"3391\" data-is-last-node=\"\" data-is-only-node=\"\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">After that, attach the peer to the created instance.<\/span><\/p>\n<p><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"> <img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-19803\" src=\"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-26-26.png\" alt=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Image 5\" width=\"584\" height=\"204\" \/ title=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Image 5\"><\/span><\/p>\n<h2 data-section-id=\"u074en\" data-start=\"0\" data-end=\"37\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Step 14. Enable WireGuard globally<\/span><\/h2>\n<p data-start=\"39\" data-end=\"83\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">At the bottom of the WireGuard page, enable:<\/span><\/p>\n<ul data-start=\"85\" data-end=\"107\">\n<li data-section-id=\"v36zs5\" data-start=\"85\" data-end=\"107\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"87\" data-end=\"107\">Enable WireGuard<\/strong><\/span><\/li>\n<\/ul>\n<p data-start=\"109\" data-end=\"130\" data-is-last-node=\"\" data-is-only-node=\"\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Then click <strong data-start=\"120\" data-end=\"129\">Apply<\/strong>.<\/span><\/p>\n<p><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"> <img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-19804\" src=\"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-26-34.png\" alt=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Image 6\" width=\"549\" height=\"187\" \/ title=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Image 6\"><\/span><\/p>\n<section class=\"text-token-text-primary w-full focus:outline-none [--shadow-height:45px] has-data-writing-block:pointer-events-none has-data-writing-block:-mt-(--shadow-height) has-data-writing-block:pt-(--shadow-height) [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto scroll-mt-(--header-height)\" dir=\"auto\" data-turn-id=\"2f5e9898-39d4-48a7-a6ac-4657987af7d7\" data-testid=\"conversation-turn-67\" data-scroll-anchor=\"false\" data-turn=\"user\"><\/section>\n<section class=\"text-token-text-primary w-full focus:outline-none [--shadow-height:45px] has-data-writing-block:pointer-events-none has-data-writing-block:-mt-(--shadow-height) has-data-writing-block:pt-(--shadow-height) [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-69df5660-de20-8395-9948-4081a1a07c05-26\" data-testid=\"conversation-turn-68\" data-scroll-anchor=\"true\" data-turn=\"assistant\">\n<div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n<div class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n<div class=\"flex max-w-full flex-col gap-4 grow\">\n<div class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" dir=\"auto\" tabindex=\"0\" data-message-author-role=\"assistant\" data-message-id=\"7b4fca38-7cc8-448e-bbf2-1c04fcc3e7c2\" data-message-model-slug=\"gpt-5-4-thinking\" data-turn-start-message=\"true\">\n<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n<div class=\"markdown prose dark:prose-invert w-full wrap-break-word dark markdown-new-styling\">\n<h2 data-section-id=\"15x7f4c\" data-start=\"0\" data-end=\"42\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Step 15. Assign the WireGuard interface<\/span><\/h2>\n<p data-start=\"44\" data-end=\"50\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Go to:<\/span><\/p>\n<p data-start=\"52\" data-end=\"78\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Interfaces \u2192 Assignments<\/span><\/p>\n<p data-start=\"80\" data-end=\"108\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Add the following interface:<\/span><\/p>\n<ul data-start=\"110\" data-end=\"138\">\n<li data-section-id=\"1o9u5y8\" data-start=\"110\" data-end=\"138\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">wg0 (WireGuard &#8211; wgroad)<\/span><\/li>\n<\/ul>\n<p data-start=\"140\" data-end=\"187\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">After adding it, open the interface and enable:<\/span><\/p>\n<ul data-start=\"189\" data-end=\"211\">\n<li data-section-id=\"17u1s6k\" data-start=\"189\" data-end=\"211\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"191\" data-end=\"211\">Enable Interface<\/strong><\/span><\/li>\n<\/ul>\n<p data-start=\"213\" data-end=\"247\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">You can use a description such as:<\/span><\/p>\n<ul data-start=\"249\" data-end=\"255\">\n<li data-section-id=\"1j3aye0\" data-start=\"249\" data-end=\"255\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">wg0<\/span><\/li>\n<\/ul>\n<p data-start=\"257\" data-end=\"316\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">In most cases, no other settings are required on this page:<\/span><\/p>\n<ul data-start=\"318\" data-end=\"395\" data-is-last-node=\"\" data-is-only-node=\"\">\n<li data-section-id=\"97dqoz\" data-start=\"318\" data-end=\"356\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"320\" data-end=\"347\">IPv4 Configuration Type<\/strong> \u2192 None<\/span><\/li>\n<li data-section-id=\"1nji1k1\" data-start=\"357\" data-end=\"395\" data-is-last-node=\"\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"359\" data-end=\"386\">IPv6 Configuration Type<\/strong> \u2192 None<\/span><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<p><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"> <img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-19805\" src=\"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-26-48.png\" alt=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Image 7\" width=\"519\" height=\"314\" \/ title=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Image 7\"> <img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-19806\" src=\"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-26-54.png\" alt=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Image 8\" width=\"620\" height=\"164\" \/ title=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Image 8\"> <img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-19807\" src=\"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-27-00.png\" alt=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Image 9\" width=\"462\" height=\"182\" \/ title=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Image 9\"><\/span><\/p>\n<h2 data-section-id=\"9mobha\" data-start=\"0\" data-end=\"47\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Step 16. Create firewall rules for WireGuard<\/span><\/h2>\n<h3 data-section-id=\"1auiub3\" data-start=\"49\" data-end=\"64\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">1. WAN rule<\/span><\/h3>\n<p data-start=\"66\" data-end=\"72\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Go to:<\/span><\/p>\n<p data-start=\"74\" data-end=\"98\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Firewall \u2192 Rules \u2192 WAN<\/span><\/p>\n<p data-start=\"100\" data-end=\"123\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Add the following rule:<\/span><\/p>\n<ul data-start=\"125\" data-end=\"291\">\n<li data-section-id=\"ylmchp\" data-start=\"125\" data-end=\"145\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"127\" data-end=\"138\">Action:<\/strong> Pass<\/span><\/li>\n<li data-section-id=\"1pk5fr9\" data-start=\"146\" data-end=\"167\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"148\" data-end=\"161\">Protocol:<\/strong> UDP<\/span><\/li>\n<li data-section-id=\"10100l5\" data-start=\"168\" data-end=\"187\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"170\" data-end=\"181\">Source:<\/strong> any<\/span><\/li>\n<li data-section-id=\"xxlnuu\" data-start=\"188\" data-end=\"222\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"190\" data-end=\"206\">Destination:<\/strong> This Firewall<\/span><\/li>\n<li data-section-id=\"1cb61zd\" data-start=\"223\" data-end=\"254\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"225\" data-end=\"246\">Destination Port:<\/strong> 51820<\/span><\/li>\n<li data-section-id=\"rhu9j5\" data-start=\"255\" data-end=\"291\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"257\" data-end=\"273\">Description:<\/strong> Allow WireGuard<\/span><\/li>\n<\/ul>\n<p data-start=\"293\" data-end=\"327\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Save the rule and click <strong data-start=\"317\" data-end=\"326\">Apply<\/strong>.<\/span><\/p>\n<h3 data-section-id=\"4p5zsm\" data-start=\"329\" data-end=\"368\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">2. Rules on the WireGuard interface<\/span><\/h3>\n<p data-start=\"370\" data-end=\"376\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Go to:<\/span><\/p>\n<p data-start=\"378\" data-end=\"401\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Firewall \u2192 Rules \u2192 wg<\/span><\/p>\n<p data-start=\"403\" data-end=\"420\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Create two rules.<\/span><\/p>\n<h4 data-start=\"422\" data-end=\"453\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Rule 1 \u2014 access to the LAN<\/span><\/h4>\n<ul data-start=\"455\" data-end=\"653\">\n<li data-section-id=\"ylmchp\" data-start=\"455\" data-end=\"475\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"457\" data-end=\"468\">Action:<\/strong> Pass<\/span><\/li>\n<li data-section-id=\"1lllryf\" data-start=\"476\" data-end=\"497\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"478\" data-end=\"492\">Interface:<\/strong> wg<\/span><\/li>\n<li data-section-id=\"1j92ols\" data-start=\"498\" data-end=\"519\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"500\" data-end=\"514\">Direction:<\/strong> in<\/span><\/li>\n<li data-section-id=\"hzp82q\" data-start=\"520\" data-end=\"548\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"522\" data-end=\"541\">TCP\/IP Version:<\/strong> IPv4<\/span><\/li>\n<li data-section-id=\"1pkiouq\" data-start=\"549\" data-end=\"570\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"551\" data-end=\"564\">Protocol:<\/strong> any<\/span><\/li>\n<li data-section-id=\"1dntg3k\" data-start=\"571\" data-end=\"593\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"573\" data-end=\"584\">Source:<\/strong> WG net<\/span><\/li>\n<li data-section-id=\"1x6wks2\" data-start=\"594\" data-end=\"622\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"596\" data-end=\"612\">Destination:<\/strong> LAN net<\/span><\/li>\n<li data-section-id=\"g5b8xo\" data-start=\"623\" data-end=\"653\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"625\" data-end=\"641\">Description:<\/strong> WG to LAN<\/span><\/li>\n<\/ul>\n<h4 data-start=\"655\" data-end=\"694\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Rule 2 \u2014 access to OPNsense itself<\/span><\/h4>\n<ul data-start=\"696\" data-end=\"905\">\n<li data-section-id=\"ylmchp\" data-start=\"696\" data-end=\"716\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"698\" data-end=\"709\">Action:<\/strong> Pass<\/span><\/li>\n<li data-section-id=\"1lllryf\" data-start=\"717\" data-end=\"738\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"719\" data-end=\"733\">Interface:<\/strong> wg<\/span><\/li>\n<li data-section-id=\"1j92ols\" data-start=\"739\" data-end=\"760\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"741\" data-end=\"755\">Direction:<\/strong> in<\/span><\/li>\n<li data-section-id=\"hzp82q\" data-start=\"761\" data-end=\"789\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"763\" data-end=\"782\">TCP\/IP Version:<\/strong> IPv4<\/span><\/li>\n<li data-section-id=\"1pkiouq\" data-start=\"790\" data-end=\"811\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"792\" data-end=\"805\">Protocol:<\/strong> any<\/span><\/li>\n<li data-section-id=\"1dntg3k\" data-start=\"812\" data-end=\"834\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"814\" data-end=\"825\">Source:<\/strong> WG net<\/span><\/li>\n<li data-section-id=\"xxlnuu\" data-start=\"835\" data-end=\"869\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"837\" data-end=\"853\">Destination:<\/strong> This Firewall<\/span><\/li>\n<li data-section-id=\"1es8y4x\" data-start=\"870\" data-end=\"905\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"872\" data-end=\"888\">Description:<\/strong> WG to Firewall<\/span><\/li>\n<\/ul>\n<p data-start=\"907\" data-end=\"943\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Save both rules and click <strong data-start=\"933\" data-end=\"942\">Apply<\/strong>.<\/span><\/p>\n<p data-start=\"945\" data-end=\"999\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">After that, the following will be accessible over VPN:<\/span><\/p>\n<ul data-start=\"1001\" data-end=\"1059\">\n<li data-section-id=\"1v5t5iu\" data-start=\"1001\" data-end=\"1018\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">OPNsense itself<\/span><\/li>\n<li data-section-id=\"w2xjx7\" data-start=\"1019\" data-end=\"1059\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">the internal network 192.168.10.0\/24<\/span><\/li>\n<\/ul>\n<h2 data-section-id=\"1ta2b1n\" data-start=\"1061\" data-end=\"1117\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Step 17. Configure the WireGuard client configuration<\/span><\/h2>\n<p data-start=\"1119\" data-end=\"1175\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">On the client Linux system, create a configuration file:<\/span><\/p>\n<div class=\"relative w-full mt-4 mb-1\">\n<div class=\"\">\n<div class=\"relative\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"border border-token-border-light border-radius-3xl corner-superellipse\/1.1 rounded-3xl\">\n<div class=\"h-full w-full border-radius-3xl bg-token-bg-elevated-secondary corner-superellipse\/1.1 overflow-clip rounded-3xl lxnfua_clipPathFallback\">\n<div class=\"relative\">\n<div class=\"\">\n<div class=\"relative z-0 flex max-w-full\">\n<div id=\"code-block-viewer\" class=\"q9tKkq_viewer cm-editor z-10 light:cm-light dark:cm-light flex h-full w-full flex-col items-stretch \u037ck \u037cy\" dir=\"ltr\">\n<div class=\"cm-scroller\">\n<pre class=\"cm-content q9tKkq_readonly\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">nano ~\/wireguard\/wg0.conf<\/span><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p data-start=\"1228\" data-end=\"1244\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Example content:<\/span><\/p>\n<div class=\"relative w-full mt-4 mb-1\">\n<div class=\"\">\n<div class=\"relative\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"border border-token-border-light border-radius-3xl corner-superellipse\/1.1 rounded-3xl\">\n<div class=\"h-full w-full border-radius-3xl bg-token-bg-elevated-secondary corner-superellipse\/1.1 overflow-clip rounded-3xl lxnfua_clipPathFallback\">\n<div class=\"relative\">\n<div class=\"\">\n<div class=\"relative z-0 flex max-w-full\">\n<div id=\"code-block-viewer\" class=\"q9tKkq_viewer cm-editor z-10 light:cm-light dark:cm-light flex h-full w-full flex-col items-stretch \u037ck \u037cy\" dir=\"ltr\">\n<div class=\"cm-scroller\">\n<pre class=\"cm-content q9tKkq_readonly\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">[Interface]<\/span><br \/><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">PrivateKey = &lt;client private key&gt;<\/span><br \/><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Address = 10.10.10.2\/32<\/span><br \/><br \/><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">[Peer]<\/span><br \/><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">PublicKey = &lt;server public key&gt;<\/span><br \/><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Endpoint = &lt;WAN-IP&gt;:51820<\/span><br \/><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">AllowedIPs = 10.10.10.0\/24, 192.168.10.0\/24<\/span><br \/><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">PersistentKeepalive = 25<\/span><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p data-start=\"1475\" data-end=\"1481\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Where:<\/span><\/p>\n<ul data-start=\"1483\" data-end=\"1689\">\n<li data-section-id=\"x3y72r\" data-start=\"1483\" data-end=\"1539\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"1485\" data-end=\"1499\">PrivateKey<\/strong> \u2014 the contents of the client.key file<\/span><\/li>\n<li data-section-id=\"1lcfw9e\" data-start=\"1540\" data-end=\"1619\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"1542\" data-end=\"1555\">PublicKey<\/strong> \u2014 the server public key from the WireGuard instance in OPNsense<\/span><\/li>\n<li data-section-id=\"65p0ha\" data-start=\"1620\" data-end=\"1689\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"1622\" data-end=\"1634\">Endpoint<\/strong> \u2014 the external IP address of OPNsense and port 51820<\/span><\/li>\n<\/ul>\n<p data-start=\"1691\" data-end=\"1711\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Bring the tunnel up:<\/span><\/p>\n<div class=\"relative w-full mt-4 mb-1\">\n<div class=\"\">\n<div class=\"relative\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"border border-token-border-light border-radius-3xl corner-superellipse\/1.1 rounded-3xl\">\n<div class=\"h-full w-full border-radius-3xl bg-token-bg-elevated-secondary corner-superellipse\/1.1 overflow-clip rounded-3xl lxnfua_clipPathFallback\">\n<div class=\"relative\">\n<div class=\"\">\n<div class=\"relative z-0 flex max-w-full\">\n<div id=\"code-block-viewer\" class=\"q9tKkq_viewer cm-editor z-10 light:cm-light dark:cm-light flex h-full w-full flex-col items-stretch \u037ck \u037cy\" dir=\"ltr\">\n<div class=\"cm-scroller\">\n<pre class=\"cm-content q9tKkq_readonly\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><span class=\"\u037cs\">sudo<\/span> wg-quick up ~\/wireguard\/wg0.conf<\/span><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p data-start=\"1776\" data-end=\"1797\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Check the connection:<\/span><\/p>\n<div class=\"relative w-full mt-4 mb-1\">\n<div class=\"\">\n<div class=\"relative\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"border border-token-border-light border-radius-3xl corner-superellipse\/1.1 rounded-3xl\">\n<div class=\"h-full w-full border-radius-3xl bg-token-bg-elevated-secondary corner-superellipse\/1.1 overflow-clip rounded-3xl lxnfua_clipPathFallback\">\n<div class=\"relative\">\n<div class=\"\">\n<div class=\"relative z-0 flex max-w-full\">\n<div id=\"code-block-viewer\" class=\"q9tKkq_viewer cm-editor z-10 light:cm-light dark:cm-light flex h-full w-full flex-col items-stretch \u037ck \u037cy\" dir=\"ltr\">\n<div class=\"cm-scroller\">\n<pre class=\"cm-content q9tKkq_readonly\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><span class=\"\u037cs\">ping<\/span> <span class=\"\u037cu\">-c<\/span> <span class=\"\u037cq\">4<\/span> <span class=\"\u037cq\">10<\/span>.10.10.1<\/span><br \/><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><span class=\"\u037cs\">ping<\/span> <span class=\"\u037cu\">-c<\/span> <span class=\"\u037cq\">4<\/span> <span class=\"\u037cq\">192<\/span>.168.10.1<\/span><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p data-start=\"1868\" data-end=\"1955\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">If everything works, then check access to the Windows VM using its internal IP address.<\/span><\/p>\n<h2 data-section-id=\"1ahsh4e\" data-start=\"1957\" data-end=\"2003\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Step 18. Connect to the Windows VM over VPN<\/span><\/h2>\n<p data-start=\"2005\" data-end=\"2086\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">After the VPN connection is established, the remote client should have access to:<\/span><\/p>\n<ul data-start=\"2088\" data-end=\"2165\">\n<li data-section-id=\"1809j06\" data-start=\"2088\" data-end=\"2118\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"2090\" data-end=\"2103\">OPNsense:<\/strong> 192.168.10.1<\/span><\/li>\n<li data-section-id=\"12nh393\" data-start=\"2119\" data-end=\"2165\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"2121\" data-end=\"2136\">Windows VM:<\/strong> for example 192.168.10.109<\/span><\/li>\n<\/ul>\n<p data-start=\"2167\" data-end=\"2303\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">If Windows does not respond to ping, this is often related to Windows Firewall. At the same time, RDP may already work if it is enabled.<\/span><\/p>\n<p data-start=\"2305\" data-end=\"2326\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">It is recommended to:<\/span><\/p>\n<ul data-start=\"2328\" data-end=\"2407\">\n<li data-section-id=\"xjknzz\" data-start=\"2328\" data-end=\"2355\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">enable <strong data-start=\"2337\" data-end=\"2355\">Remote Desktop<\/strong><\/span><\/li>\n<li data-section-id=\"1kr0ndh\" data-start=\"2356\" data-end=\"2407\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">allow <strong data-start=\"2364\" data-end=\"2377\">ICMP Echo<\/strong> in Windows Firewall if needed<\/span><\/li>\n<\/ul>\n<h2 data-section-id=\"gaq4l9\" data-start=\"2409\" data-end=\"2466\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Additional information: OPNsense is not limited to VPN<\/span><\/h2>\n<p data-start=\"2468\" data-end=\"2573\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Although OPNsense is used in this article as a firewall and VPN gateway, its capabilities go beyond that.<\/span><\/p>\n<p data-start=\"2575\" data-end=\"2626\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">In addition to WireGuard and OpenVPN, OPNsense can:<\/span><\/p>\n<ul data-start=\"2628\" data-end=\"2879\">\n<li data-section-id=\"bu2ibl\" data-start=\"2628\" data-end=\"2705\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">publish internal services externally through Destination NAT \/ Port Forward<\/span><\/li>\n<li data-section-id=\"1c1xk8x\" data-start=\"2706\" data-end=\"2774\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">use reverse proxy for HTTP(S), TCP, and in some cases UDP services<\/span><\/li>\n<li data-section-id=\"13sflw2\" data-start=\"2775\" data-end=\"2879\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">proxy not only websites, but also other applications depending on the selected reverse proxy component<\/span><\/li>\n<\/ul>\n<p data-start=\"2881\" data-end=\"3054\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">The OPNsense ecosystem includes solutions based on <strong data-start=\"2932\" data-end=\"2941\">nginx<\/strong>, <strong data-start=\"2943\" data-end=\"2954\">HAProxy<\/strong>, and <strong data-start=\"2960\" data-end=\"2969\">Caddy<\/strong>, which are suitable not only for websites but also for more general proxy scenarios.<\/span><\/p>\n<p data-start=\"3056\" data-end=\"3392\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">In other words, OPNsense can be used not only as a \u201cVPN box,\u201d but also as a central point for publishing internal services. In terms of approach, this is indeed similar to Nginx Proxy Manager, but in a more flexible and infrastructure-oriented form, with firewall rules, NAT, segmentation, VPN, and additional services in a single node.<\/span><\/p>\n<p data-start=\"3394\" data-end=\"3687\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">At the same time, the firewall itself is better used as a routing and publishing point rather than as a place to host websites, applications, or databases. For a website, panel, application, or database, it is safer to allocate a separate internal VM and publish it through OPNsense as needed.<\/span><\/p>\n<h2 data-section-id=\"19bx0oh\" data-start=\"3689\" data-end=\"3720\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Why this setup is convenient<\/span><\/h2>\n<p data-start=\"3722\" data-end=\"3757\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">This approach makes it possible to:<\/span><\/p>\n<ul data-start=\"3759\" data-end=\"4026\">\n<li data-section-id=\"4k86az\" data-start=\"3759\" data-end=\"3804\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">avoid exposing RDP directly to the Internet<\/span><\/li>\n<li data-section-id=\"1dcwo50\" data-start=\"3805\" data-end=\"3844\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">use OPNsense as a central VPN gateway<\/span><\/li>\n<li data-section-id=\"52mtuw\" data-start=\"3845\" data-end=\"3892\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">securely connect to multiple virtual machines<\/span><\/li>\n<li data-section-id=\"1jmvtad\" data-start=\"3893\" data-end=\"3931\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">manage access through firewall rules<\/span><\/li>\n<li data-section-id=\"1ja98al\" data-start=\"3932\" data-end=\"4026\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">publish internal web services and other applications externally through OPNsense when needed<\/span><\/li>\n<\/ul>\n<h2 data-section-id=\"8dtpi\" data-start=\"4028\" data-end=\"4041\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">Conclusion<\/span><\/h2>\n<p data-start=\"4043\" data-end=\"4098\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">After completing these steps, you get a complete setup:<\/span><\/p>\n<ul data-start=\"4100\" data-end=\"4394\">\n<li data-section-id=\"9kslw8\" data-start=\"4100\" data-end=\"4134\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"4102\" data-end=\"4116\">Proxmox VE<\/strong> as the hypervisor<\/span><\/li>\n<li data-section-id=\"1sepkgr\" data-start=\"4135\" data-end=\"4196\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"4137\" data-end=\"4149\">OPNsense<\/strong> as a virtual firewall, router, and VPN gateway<\/span><\/li>\n<li data-section-id=\"qso79n\" data-start=\"4197\" data-end=\"4237\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\"><strong data-start=\"4199\" data-end=\"4213\">Windows VM<\/strong> in the internal network<\/span><\/li>\n<li data-section-id=\"gqxqjd\" data-start=\"4238\" data-end=\"4288\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">access to <strong data-start=\"4250\" data-end=\"4262\">OPNsense<\/strong> and <strong data-start=\"4267\" data-end=\"4274\">VMs<\/strong> via WireGuard<\/span><\/li>\n<li data-section-id=\"1q6hua4\" data-start=\"4289\" data-end=\"4394\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">the ability to use OpenVPN, NAT, and reverse proxy later for more advanced service publishing scenarios<\/span><\/li>\n<\/ul>\n<p data-start=\"4396\" data-end=\"4593\" data-is-last-node=\"\" data-is-only-node=\"\"><span style=\"font-family: Ubuntu, sans-serif; font-size: 12pt;\">This setup is safer and more convenient than exposing individual services directly to the Internet, and it works well for a small or medium-sized infrastructure that needs to be expanded gradually.<\/span><\/p>\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction OPNsense can be used in Proxmox VE as a virtual firewall, router, and VPN gateway. In this setup, it separates external traffic from the internal network of virtual machines and also allows secure VPN access to them. OPNsense supports several VPN technologies, including WireGuard and OpenVPN. In addition, it can publish internal services externally [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[158],"tags":[],"class_list":["post-19837","post","type-post","status-publish","format-standard","hentry","category-dedicated-servers"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Configuring OPNsense in a Proxmox VE Virtual Machine - Unihost.FAQ<\/title>\n<meta name=\"description\" content=\"OPNsense can be used in Proxmox VE as a virtual firewall, router, and VPN gateway. In this setup, it separates external traffic from the internal network of virtual machines and also allows secure VPN access to them.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Configuring OPNsense in a Proxmox VE Virtual Machine - Unihost.FAQ\" \/>\n<meta property=\"og:description\" content=\"OPNsense can be used in Proxmox VE as a virtual firewall, router, and VPN gateway. In this setup, it separates external traffic from the internal network of virtual machines and also allows secure VPN access to them.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/\" \/>\n<meta property=\"og:site_name\" content=\"Unihost.FAQ\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/unihost\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-16T14:47:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-25-47.png\" \/>\n\t<meta property=\"og:image:width\" content=\"526\" \/>\n\t<meta property=\"og:image:height\" content=\"96\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Unihost Support\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@unihost\" \/>\n<meta name=\"twitter:site\" content=\"@unihost\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Unihost Support\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/\"},\"author\":{\"name\":\"Unihost Support\",\"@id\":\"https:\/\/unihost.com\/help\/#\/schema\/person\/bb5ae95f38577c920e6a7507888b715a\"},\"headline\":\"Configuring OPNsense in a Proxmox VE Virtual Machine\",\"datePublished\":\"2026-04-16T14:47:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/\"},\"wordCount\":1940,\"publisher\":{\"@id\":\"https:\/\/unihost.com\/help\/#organization\"},\"image\":{\"@id\":\"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-25-47.png\",\"articleSection\":[\"02. Dedicated servers\"],\"inLanguage\":\"en\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/\",\"url\":\"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/\",\"name\":\"Configuring OPNsense in a Proxmox VE Virtual Machine - Unihost.FAQ\",\"isPartOf\":{\"@id\":\"https:\/\/unihost.com\/help\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-25-47.png\",\"datePublished\":\"2026-04-16T14:47:02+00:00\",\"description\":\"OPNsense can be used in Proxmox VE as a virtual firewall, router, and VPN gateway. In this setup, it separates external traffic from the internal network of virtual machines and also allows secure VPN access to them.\",\"breadcrumb\":{\"@id\":\"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/#breadcrumb\"},\"inLanguage\":\"en\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en\",\"@id\":\"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/#primaryimage\",\"url\":\"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-25-47.png\",\"contentUrl\":\"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-25-47.png\",\"width\":526,\"height\":96},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Unihost\",\"item\":\"https:\/\/unihost.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Help\",\"item\":\"https:\/\/unihost.com\/help\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Configuring OPNsense in a Proxmox VE Virtual Machine\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/unihost.com\/help\/#website\",\"url\":\"https:\/\/unihost.com\/help\/\",\"name\":\"Unihost.FAQ\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/unihost.com\/help\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/unihost.com\/help\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/unihost.com\/help\/#organization\",\"name\":\"Unihost\",\"alternateName\":\"Unihost\",\"url\":\"https:\/\/unihost.com\/help\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en\",\"@id\":\"https:\/\/unihost.com\/help\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/unihost.com\/help\/minio.php?2026\/01\/minio.png\",\"contentUrl\":\"https:\/\/unihost.com\/help\/minio.php?2026\/01\/minio.png\",\"width\":300,\"height\":300,\"caption\":\"Unihost\"},\"image\":{\"@id\":\"https:\/\/unihost.com\/help\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/unihost\/\",\"https:\/\/x.com\/unihost\",\"https:\/\/www.instagram.com\/unihost\/?hl=en\",\"https:\/\/www.linkedin.com\/company\/unihost-com\",\"https:\/\/www.youtube.com\/channel\/UCITKsxMDnslQY8brN3advgw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/unihost.com\/help\/#\/schema\/person\/bb5ae95f38577c920e6a7507888b715a\",\"name\":\"Unihost Support\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en\",\"@id\":\"https:\/\/unihost.com\/help\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a0c9db17c2a0d93e8a0d5ac123f8c5db750ad4d3d5657369c0c4e480f5af77b8?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a0c9db17c2a0d93e8a0d5ac123f8c5db750ad4d3d5657369c0c4e480f5af77b8?s=96&d=mm&r=g\",\"caption\":\"Unihost Support\"},\"sameAs\":[\"https:\/\/unihost.com\/\"],\"url\":\"https:\/\/unihost.com\/help\/author\/support\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Configuring OPNsense in a Proxmox VE Virtual Machine - Unihost.FAQ","description":"OPNsense can be used in Proxmox VE as a virtual firewall, router, and VPN gateway. In this setup, it separates external traffic from the internal network of virtual machines and also allows secure VPN access to them.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/","og_locale":"en_US","og_type":"article","og_title":"Configuring OPNsense in a Proxmox VE Virtual Machine - Unihost.FAQ","og_description":"OPNsense can be used in Proxmox VE as a virtual firewall, router, and VPN gateway. In this setup, it separates external traffic from the internal network of virtual machines and also allows secure VPN access to them.","og_url":"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/","og_site_name":"Unihost.FAQ","article_publisher":"https:\/\/www.facebook.com\/unihost\/","article_published_time":"2026-04-16T14:47:02+00:00","og_image":[{"width":526,"height":96,"url":"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-25-47.png","type":"image\/png"}],"author":"Unihost Support","twitter_card":"summary_large_image","twitter_creator":"@unihost","twitter_site":"@unihost","twitter_misc":{"Written by":"Unihost Support","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/#article","isPartOf":{"@id":"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/"},"author":{"name":"Unihost Support","@id":"https:\/\/unihost.com\/help\/#\/schema\/person\/bb5ae95f38577c920e6a7507888b715a"},"headline":"Configuring OPNsense in a Proxmox VE Virtual Machine","datePublished":"2026-04-16T14:47:02+00:00","mainEntityOfPage":{"@id":"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/"},"wordCount":1940,"publisher":{"@id":"https:\/\/unihost.com\/help\/#organization"},"image":{"@id":"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/#primaryimage"},"thumbnailUrl":"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-25-47.png","articleSection":["02. Dedicated servers"],"inLanguage":"en"},{"@type":"WebPage","@id":"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/","url":"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/","name":"Configuring OPNsense in a Proxmox VE Virtual Machine - Unihost.FAQ","isPartOf":{"@id":"https:\/\/unihost.com\/help\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/#primaryimage"},"image":{"@id":"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/#primaryimage"},"thumbnailUrl":"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-25-47.png","datePublished":"2026-04-16T14:47:02+00:00","description":"OPNsense can be used in Proxmox VE as a virtual firewall, router, and VPN gateway. In this setup, it separates external traffic from the internal network of virtual machines and also allows secure VPN access to them.","breadcrumb":{"@id":"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/#breadcrumb"},"inLanguage":"en","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/"]}]},{"@type":"ImageObject","inLanguage":"en","@id":"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/#primaryimage","url":"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-25-47.png","contentUrl":"https:\/\/unihost.com\/help\/minio.php?2026\/04\/Screenshot-at-11-25-47.png","width":526,"height":96},{"@type":"BreadcrumbList","@id":"https:\/\/unihost.com\/help\/configuring-opnsense-in-a-proxmox-ve-virtual-machine\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Unihost","item":"https:\/\/unihost.com\/"},{"@type":"ListItem","position":2,"name":"Help","item":"https:\/\/unihost.com\/help\/"},{"@type":"ListItem","position":3,"name":"Configuring OPNsense in a Proxmox VE Virtual Machine"}]},{"@type":"WebSite","@id":"https:\/\/unihost.com\/help\/#website","url":"https:\/\/unihost.com\/help\/","name":"Unihost.FAQ","description":"","publisher":{"@id":"https:\/\/unihost.com\/help\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unihost.com\/help\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en"},{"@type":"Organization","@id":"https:\/\/unihost.com\/help\/#organization","name":"Unihost","alternateName":"Unihost","url":"https:\/\/unihost.com\/help\/","logo":{"@type":"ImageObject","inLanguage":"en","@id":"https:\/\/unihost.com\/help\/#\/schema\/logo\/image\/","url":"https:\/\/unihost.com\/help\/minio.php?2026\/01\/minio.png","contentUrl":"https:\/\/unihost.com\/help\/minio.php?2026\/01\/minio.png","width":300,"height":300,"caption":"Unihost"},"image":{"@id":"https:\/\/unihost.com\/help\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/unihost\/","https:\/\/x.com\/unihost","https:\/\/www.instagram.com\/unihost\/?hl=en","https:\/\/www.linkedin.com\/company\/unihost-com","https:\/\/www.youtube.com\/channel\/UCITKsxMDnslQY8brN3advgw"]},{"@type":"Person","@id":"https:\/\/unihost.com\/help\/#\/schema\/person\/bb5ae95f38577c920e6a7507888b715a","name":"Unihost Support","image":{"@type":"ImageObject","inLanguage":"en","@id":"https:\/\/unihost.com\/help\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a0c9db17c2a0d93e8a0d5ac123f8c5db750ad4d3d5657369c0c4e480f5af77b8?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a0c9db17c2a0d93e8a0d5ac123f8c5db750ad4d3d5657369c0c4e480f5af77b8?s=96&d=mm&r=g","caption":"Unihost Support"},"sameAs":["https:\/\/unihost.com\/"],"url":"https:\/\/unihost.com\/help\/author\/support\/"}]}},"_links":{"self":[{"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/posts\/19837","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/comments?post=19837"}],"version-history":[{"count":4,"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/posts\/19837\/revisions"}],"predecessor-version":[{"id":19863,"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/posts\/19837\/revisions\/19863"}],"wp:attachment":[{"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/media?parent=19837"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/categories?post=19837"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/tags?post=19837"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}