<aside> 👉 This article is for users that using SRBox as a RMM solution for OPNSense. For our full-managed customers, this do not apply, just contact our support by Tickets :)

</aside>

Prerequisites

• Be sure that every OPNSense instance you want to manage have access to:

  • TCP 22 to hub.simplerezo.com (SSH tunnel)
  • TCP 443 to hub.simplerezo.com (plugin repository)
  • TCP 443 to www.simplerezo.com (API communication with SRBox)
  • TCP 10050 to zabbix.simplerezo.com (monitoring)

• A SimpleRezo customer account :)

• When logged in, go on "SR-WebAdmin", and there you will find your SRBox adoption key (click on it to copy)

  

• In the left menu, click on "Profiles", to create your first "SRBox profile", and then "New"

  • Name: name of the profile

  • Domain: box DNS domain

  • Root keys: (optional) one or more public SSH keys that will be configured on the SRBox. Please note that existing /root/.ssh/authorized_keys will be overwritten (you can still use authorized_keys2).

  • Root password: (optional) encrypted root password that will be set. If left empty, root password will be untouched.Howto encrypt a password? Using OPNsense shell, replacing <PASSWORD> with the password to encrypt :) :

    php -r 'echo password_hash("<PASSWORD>", PASSWORD_BCRYPT, ["cost" => 10]);'
    

  • TOTP seed (2FA): (optional) enable 2FA authentication using TOTP (official documentation)

• And of course, at least one OPNSense instance installed ;) (Official OPNSense installation documentation)

  • Minimal required version: 23.1 (some functions requires last OPNsense version)

Device setup / adoption

• Login into your OPNSense instance through SSH

• Request shell using "8" entry of OPNSense menu:

  

• Launch the adoption process with this command, replacing "MYKEY" by your adoption key

  curl -L '<https://www.simplerezo.com/sr-box-init?k=MYKEY>' | sh
  

  Note: adoption process will change hostname (using the one defined on panel) and also defined profile settings.

• This will install our plugin and launch adoption process (the script will wait for adoption for 60 minutes) :

  Updating OPNsense repository catalogue...
  OPNsense repository is up to date.
  Updating SimpleRezo repository catalogue...
  SimpleRezo repository is up to date.
  All repositories are up to date.
  Checking integrity... done (0 conflicting)
  The following 1 package(s) will be affected (of 0 checked):
  
  Installed packages to be REINSTALLED:
          os-SRBox-2.0.1 [SimpleRezo]
  
  Number of packages to be reinstalled: 1
  
  Proceed with this action? [y/N]: y
  [1/1] Reinstalling os-SRBox-2.0.1...
  [1/1] Extracting os-SRBox-2.0.1: 100%
  
  >>> Init
  Invite succeed! Now waiting for adoption...
  

• Go to our panel, you should have a notification about "a pending adoption", and click on "Inventory" (left menu)

• The waiting adoption should be displayed, click on "Adopt":

  

• You are redirected to adoption page

  1. Select desired profile
  2. Select a network (for organization in our panel) : create a new one if not already done ;)
  3. Create a new SRBox instance using "New" button or select a previously created/adopted instance. The only necessary information here is the hostname of the instance (without domain, since it's configured in the profile).
  4. Finally click on Adopt !

• On the OPNSense instance, you should see adoption completion:

  Invite succeed! Now waiting for adoption................. adopted \\o/
  >>> Configure Zabbix
  Stopping cron.
  Waiting for PIDS: 86922.
  Starting cron.
  Stopping zabbix_agentd.
  Waiting for PIDS: 20172.
  >>> GPG import
  >>> Restart GUI
  Stopping configd...done
  Starting configd.
  >>> Reload templates
  OK
  >>> Update authorizations
  OK
  >>> Start SSH/AutoSSH
  OK
  OK
  >>> Backup
  OK
  >>> Finished
  

• Finally, you can click on the hostname on adoption page to go directly to administration panel !