How To Update OPNsense From Web UI or Terminal Console

OPNsense is known to be the best open-source alternative to pfSense firewall solution. OPNsense is build from FreeBSD operating system to provide firewall and router functionalities. Some capabilities of OPNsense were lifted from pfSense and M0n0wall. Periodic updates of OPNsense firewall are key to ensure security patches and recent applications are running on OPNsense.

In this article we show you how to update the firewall by following best practices and giving a guarantee you won’t run into issues, and if it does happen we can recover. The developers of OPNsense will release new functionalities and features, as well as bug fixes regularly. The only way to enjoy these new goodies is updates on the system.

How to Update OPNsense Using Best Practices

We follow general OPNsense recommendations they suggest you perform before attempting to update your system.

1. Take a backup of your entire OPNsense configuration.
   • (OPTIONAL): If you’re running pfSense as a VM, take a snapshot before proceeding.
2. Reboot your OPNsense firewall.
3. Update OPNsense to the latest version.
4. Validate updated OPNsense is working as expected.

Let’s go straight into the process of performing the updates. My OPNsense installation is on Protectli, but they’re the exact same on other hardware.

1. Backup OPNsense

Login to OPNsense and select System –> Configuration –> Backups –> Download –> “Download Configuration”

Select Download Configuration and save the file in a save place.

2. Reboot OPNsense firewall

It’s recommended to reboot the firewall to make sure you’re on a good code base in case some updates were applied earlier.

1) Update from Web UI

To update the firewall, go to System –> Firmware –> Updates.

Click “Check for updates” to update package database index.

If new updates are available, apply them by hitting on “Upgrade” button to begin the process.

The firewall will download all firewall sets and it may reboot many times in the process.

The process can take upwards of 5-10 minutes or so.

Once the update process is finished, log back in and select System –> Firmware –> Status, recheck for updates and if available apply them again.

2) Update from terminal console

You need to have SSH configured on the firewall.

• How To Enable and Start SSH Server on OPNsense

Then login and choose option 12) Update from console.

Hit y key to proceed.

The update process should begin shortly. Re-apply until there are no new updates.

3. Testing and Validation

It’s crucial to perform the testing and validation of the updates. The step can be different depending on OPNsense configurations. In my setup I will perform the following few tests.

1. Confirm that there is internet access on LAN devices
2. Test VPN connectivity (this can be OpenVPN or WireGuard) as you configured.
3. Check services running in OPNsense and all the packages to ensure they’re running and don’t have any issues.

Conclusion

In this article we’ve covered all the steps required to update OPNsense. It’s evident this is fairly straightforward, and using the steps above will ensure you’re following best practices. Applying new updates can be essential in patching a vulnerability, or getting new features that can be helpful. It’s highly recommended you test and validate updates in a test environment before you apply them in a production setup.