How to Install Tailscale on OPNsense
Instructions
-
Log in to OPNsense and activate SSH and root login and password login.
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config service sshd restart # Set root password passwd
-
Increase the disk size of OPNsense to at least 12 GB to avoid DiskPressure and Evicted Pods issues.
df -h # If the usage is high, add more space to the disk # For example, to add 10 GB of space: gpart add -s 10G -t freebsd-ufs da0 growfs /dev/da0p2
-
Update OPNsense to the latest version by going into the default menu via console or SSH and selecting 12. You might need to do this a few times to get to the final version.
opnsense-update -T opnsense-devel
When asked for updating to a major version, do not select 'y' as this will only cause a minor update. Type in the version number instead (it will be shown in the shell).
-
Additionally, enable Swap.
mdconfig -a -t swap -s 4g swapon /dev/md0
-
Follow the tutorial: WireGuard mesh network using OPNsense. You can use the following command to set it up in one step (adjust IP range to your exposed IP range):
cd /usr/ports/security/tailscale make install clean service tailscaled enable service tailscaled start tailscale up --advertise-routes=172.16.103.1/24
Note: If you still encounter problems regarding missing swap, you can shut down the k3OS VM and temporarily increase the CPU and memory of OPNsense.