Netify Netify logo Contact Us
Products Resources Documentation Blog Sign In

Installation on OPNsense

OPNsense is an open-source, easy-to-use and feature-rich firewall and routing platform that is based on FreeBSD. It is designed to provide a robust and secure network infrastructure by offering a range of networking and security features. OPNsense is often used as a firewall, router, and VPN (Virtual Private Network) gateway, making it suitable for both home and business environments.

Requirements

At the time of writing, Netify is a command line installation. There have been no integrations with OPNsense's web-based administration tool. Installing Netify on OPNsense provides administrators with a 'single pane of glass' when used with Netify Informatics.

As a dedicated gateway distribution, it is no surprise that 2 or more network interfaces are required:

  • LAN Interface: client devices connecting to the internal network. This is the ideal interface for Netify to be configured to listen on as it provides flow analysis at client device resolution (ex. Apple iPhone 14 did X).
  • WAN Interface: used to connect upstream to the ISP. Admins may choose to monitor on this interface, however, it's not always that interesting as most of the data is duplicated with "North/South" bound traffic from the LAN.

You will also need to know which version of OPNsense you are running in order to access the correct binaries. If you're not sure, use the opnsense-version command:

opnsense-version
OPNsense 23.7.12 (amd64/LibreSSL)

In version 5, the Netify Agent and plugin architecture was extended. It would be very unusual to only install the agent without one or more plugins. However, we keep these steps separate for clarity.

Adding the Netify Repository vs Command Line

Adding the Netify repository to your OPNsense server has three main advantages:

  • Automatically resolves and installs dependencies
  • Increases security through the use of signed packages
  • Allows for auto or simplified updates in the future

If you are a Netify Integrator/OEM or you have licensed proprietary plugins, do not add the public repositories below. Packages for your purposes are provided under a verified binary SLA to ensure compatibility.

OPNsense 25.7 - Visionary Viper

Adding Netify Repository

mkdir -p /usr/local/etc/pkg/fingerprints/Netify/trusted
curl https://download.netify.ai/5/opnsense/fingerprint -o /usr/local/etc/pkg/fingerprints/Netify/trusted/fingerprint
cat << EOF >  /usr/local/etc/pkg/repos/Netify.conf
Netify: {
fingerprints: "/usr/local/etc/pkg/fingerprints/Netify",
url: "https://download.netify.ai/5/opnsense/25.7",
signature_type: "fingerprints",
mirror_type: "http",
priority: 11,
enabled: yes
}
EOF

pkg update

After executing this command, you should see: 

Updating Netify repository catalogue...
Netify repository is up to date.
..
.
All repositories are up to date.

You can now install the agent with this command: 

pkg install netifyd

Command Line Installation

pkg add https://download.netify.ai/5/opnsense/25.7/amd64/netifyd-5.0.44-1.pkg

The above command is an example only and version specific. Use a browser to navigate to the repository to find and copy the package you wish to install.

OPNsense 24.7 - Thriving Tiger

Adding Netify Repository

mkdir -p /usr/local/etc/pkg/fingerprints/Netify/trusted
curl https://download.netify.ai/5/opnsense/fingerprint -o /usr/local/etc/pkg/fingerprints/Netify/trusted/fingerprint
cat << EOF >  /usr/local/etc/pkg/repos/Netify.conf
Netify: {
fingerprints: "/usr/local/etc/pkg/fingerprints/Netify",
url: "https://download.netify.ai/5/opnsense/24.7",
signature_type: "fingerprints",
mirror_type: "http",
priority: 11,
enabled: yes
}
EOF

pkg update

After executing this command, you should see: 

Updating Netify repository catalogue...
Netify repository is up to date.
..
.
All repositories are up to date.

You can now install the agent with this command: 

pkg install netifyd

Command Line Installation

pkg add https://download.netify.ai/5/opnsense/24.7/amd64/netifyd-5.0.44-1.pkg

The above command is an example only and version specific. Use a browser to navigate to the repository to find and copy the package you wish to install.

OPNsense 24.1 - Savvy Shark

Adding Netify Repository

mkdir -p /usr/local/etc/pkg/fingerprints/Netify/trusted
curl https://download.netify.ai/5/opnsense/fingerprint -o /usr/local/etc/pkg/fingerprints/Netify/trusted/fingerprint
cat << EOF >  /usr/local/etc/pkg/repos/Netify.conf
Netify: {
fingerprints: "/usr/local/etc/pkg/fingerprints/Netify",
url: "https://download.netify.ai/5/opnsense/24.1",
signature_type: "fingerprints",
mirror_type: "http",
priority: 11,
enabled: yes
}
EOF

pkg update

After executing this command, you should see: 

Updating Netify repository catalogue...
Netify repository is up to date.
..
.
All repositories are up to date.

You can now install the agent with this command: 

pkg install netifyd

Command Line Installation

pkg add https://download.netify.ai/5/opnsense/24.1/amd64/netifyd-5.0.44-1.pkg

The above command is an example only and version specific. Use a browser to navigate to the repository to find and copy the package you wish to install.

OPNsense 23.7 - Restless Roadrunner

Support for OPNsense 23.7 has been deprecated. Packages for 23.8 use FreeBSD 13.2 buildroot and are not 100% binary compatible. Please consider upgrading to 24.1 if a Netify integration is required.

Adding Netify Repository

mkdir -p /usr/local/etc/pkg/fingerprints/Netify/trusted
curl https://download.netify.ai/5/freebsd/fingerprint -o /usr/local/etc/pkg/fingerprints/Netify/trusted/fingerprint
cat << EOF >  /usr/local/etc/pkg/repos/Netify.conf
Netify: {
fingerprints: "/usr/local/etc/pkg/fingerprints/Netify",
url: "https://download.netify.ai/5/freebsd/13.2",
signature_type: "fingerprints",
mirror_type: "http",
priority: 11,
enabled: yes
}
EOF

pkg update

After executing this command, you should see: 

Updating Netify repository catalogue...
Netify repository is up to date.
..
.
All repositories are up to date.

You can now install the agent with this command: 

pkg install netifyd

Command Line Installation

pkg add https://download.netify.ai/5/opnsense/13.2/amd64/netifyd-5.0.44.pkg

The above command is an example only and version specific. Use a browser to navigate to the repository to find and copy the package you wish to install.

Post Installation

After installing the agent, verify the installation and some path information using the -s (status) argument.

Terminal - Netify
× 
$ netifyd -s
Netify Agent/5.0.44-1-HEAD-nnnn-aaaaaaaa (debian; linux-gnu; x86_64; conntrack; netlink; dns-cache; tpv3; tcmalloc; regex)
✗ agent is not running: PID 0
• persistent state path: /etc/netifyd
• volatile state path: /var/run/netifyd
! agent run-time status could not be determined.

The Netify agent is not configured to start post install. It will not be running by default and should expect to see the 'not running' and 'run-time status could not be determined' messages.