This article is for users that using SRBox as a RMM solution for OPNSense.

For full-managed customers, this do not apply, just contact our support :)


Prerequisites


  • Be sure that every OPNSense instance you want to manage have access to:
    • TCP 22 to hub.simplerezo.com (SSH tunnel)
    • TCP 443 to hub.simplerezo.com (plugin repository)
    • TCP 443 to www.simplerezo.com (API communication with SRBox)
    • TCP 10050 to zabbix.simplerezo.com (monitoring)

  • A SimpleRezo customer account :)

  • When logged in, go on "SR-WebAdmin", and there you will find your SRBox adoption key (click on it to copy)


  • In the left menu, click on "Profiles", to create your first "SRBox profile", and then "New"
    • Name: name of the profile
    • Domain: box DNS domain
    • Root keys: (optional) one or more public SSH keys that will be configured on the SRBox
    • Root password: (optional) root password that will be set. The password must be encrypted using bcrypt (password encryption)
    • TOTP seed (2FA): (optional) enable 2FA authentication using TOTP (official documentation

  • And of course, at least one OPNSense instance installed ;) (Official OPNSense installation documentation)
    • Required version: 21.1



Device setup / adoption


  • Login into your OPNSense instance with SSH

  • Request shell using "8" entry of OPNSense menu:


  • Launch the adoption process with this command, replacing "MYKEY" by your key
    curl -L https://www.simplerezo.com/sr-box-init?k=MYKEY | sh

  • This will install our plugin and launch adoption process (the script will wait for adoption for 20 minutes) :

    Updating OPNsense repository catalogue...
    OPNsense repository is up to date.
    Updating SimpleRezo repository catalogue...
    SimpleRezo repository is up to date.
    All repositories are up to date.
    Checking integrity... done (0 conflicting)
    The following 1 package(s) will be affected (of 0 checked):
    
    Installed packages to be REINSTALLED:
            os-SRBox-2.0.1 [SimpleRezo]
    
    Number of packages to be reinstalled: 1
    
    Proceed with this action? [y/N]: y
    [1/1] Reinstalling os-SRBox-2.0.1...
    [1/1] Extracting os-SRBox-2.0.1: 100%
    
    >>> Init
    Invite succeed! Now waiting for adoption...


  • Go to our panel, you should have a notification about "a pending adoption", and click on "Inventory" (left menu)

  • The waiting adoption should be displayed, click on "Adopt":


  • You are redirected to adoption page
    1. Select desired profile

    2. Select a network (for organization in our panel) : create a new one if not already done ;)

    3. Create a new SRBox instance using "New" button or select a previously created/adopted instance. The only necessary information here is the hostname of the instance (without domain, since it's configured in the profile).

    4. Finally click on Adopt !

  • On the OPNSense instance, you should see adoption completion:

    Invite succeed! Now waiting for adoption................. adopted \o/
    >>> Configure Zabbix
    Stopping cron.
    Waiting for PIDS: 86922.
    Starting cron.
    Stopping zabbix_agentd.
    Waiting for PIDS: 20172.
    >>> GPG import
    >>> Restart GUI
    Stopping configd...done
    Starting configd.
    >>> Reload templates
    OK
    >>> Update authorizations
    OK
    >>> Start SSH/AutoSSH
    OK
    OK
    >>> Backup
    OK
    >>> Finished


  • Finally, you can click on the hostname on adoption page to go directly to administration panel !