This article is for users that using SRBox as a RMM solution for OPNSense.
For full-managed customers, this do not apply, just contact our support :)
Prerequisites
- Be sure that every OPNSense instance you want to manage have access to:
- TCP 22 to hub.simplerezo.com (SSH tunnel)
- TCP 443 to hub.simplerezo.com (plugin repository)
- TCP 443 to www.simplerezo.com (API communication with SRBox)
- TCP 10050 to zabbix.simplerezo.com (monitoring)
- A SimpleRezo customer account :)
- When logged in, go on "SR-WebAdmin", and there you will find your SRBox adoption key (click on it to copy)
- In the left menu, click on "Profiles", to create your first "SRBox profile", and then "New"
- Name: name of the profile
- Domain: box DNS domain
- Root keys: (optional) one or more public SSH keys that will be configured on the SRBox
- Root password: (optional) encrypted root password that will be set. If left empty, root password will be untouched.
Howto encrypt a password? Using OPNsense shell, replacing <PASSWORD> with the password to encrypt :) :php -r 'echo password_hash("<PASSWORD>", PASSWORD_BCRYPT, ["cost" => 10]);' - TOTP seed (2FA): (optional) enable 2FA authentication using TOTP (official documentation)
- Name: name of the profile
- And of course, at least one OPNSense instance installed ;) (Official OPNSense installation documentation)
- Minimal required version: 23.1 (some functions requires last OPNsense version)
Device setup / adoption
- Login into your OPNSense instance with SSH
- Request shell using "8" entry of OPNSense menu:
- Launch the adoption process with this command, replacing "MYKEY" by your adoption key
curl -L 'https://www.simplerezo.com/sr-box-init?k=MYKEY' | sh
This will install our plugin and launch adoption process (the script will wait for adoption for 20 minutes) :
Updating OPNsense repository catalogue... OPNsense repository is up to date. Updating SimpleRezo repository catalogue... SimpleRezo repository is up to date. All repositories are up to date. Checking integrity... done (0 conflicting) The following 1 package(s) will be affected (of 0 checked): Installed packages to be REINSTALLED: os-SRBox-2.0.1 [SimpleRezo] Number of packages to be reinstalled: 1 Proceed with this action? [y/N]: y [1/1] Reinstalling os-SRBox-2.0.1... [1/1] Extracting os-SRBox-2.0.1: 100% >>> Init Invite succeed! Now waiting for adoption...Go to our panel, you should have a notification about "a pending adoption", and click on "Inventory" (left menu)
The waiting adoption should be displayed, click on "Adopt":
- You are redirected to adoption page
- Select desired profile
- Select a network (for organization in our panel) : create a new one if not already done ;)
- Create a new SRBox instance using "New" button or select a previously created/adopted instance. The only necessary information here is the hostname of the instance (without domain, since it's configured in the profile).
- Finally click on Adopt !
- Select desired profile
- On the OPNSense instance, you should see adoption completion:
Invite succeed! Now waiting for adoption................. adopted \o/ >>> Configure Zabbix Stopping cron. Waiting for PIDS: 86922. Starting cron. Stopping zabbix_agentd. Waiting for PIDS: 20172. >>> GPG import >>> Restart GUI Stopping configd...done Starting configd. >>> Reload templates OK >>> Update authorizations OK >>> Start SSH/AutoSSH OK OK >>> Backup OK >>> Finished
Finally, you can click on the hostname on adoption page to go directly to administration panel !