Pfsense, stylized as “pfSense” is a computer software based on FreeBSD (Unix-like OS), that can be installed on a computer and turn it into a dedicated router and firewall. It has other features like OpenVPN server, PPoE Server, DNS Server and the list goes on. This software is FREE-TO-USE and most of all it’s OpenSource. So if you’re interested in trying it out, read this guide and you’ll learn how to set things up using this software.
For this post, I’m going to show you a step-by-step guide on how to setup a pfSense instance on a PC-based machines. It can be installed on an embedded platform, but this guide is directed to PC users. Though, the installation process is very much similar to that of an Embedded platforms.
Hardware requirements is not that high, you could install pfSense in a system with as little as 256MB of RAM, Pentium II processor and 2GB of hard-disk space. But if you really want to get serious of using pfSense in your network, do yourself a favor and buy the most quality network card that you could find. Pfsense version 2.1.4 shall be use with this guide. If you’re ready to try it out, make sure you read the hardware compatibility list for FreeBSD 8.3.
Requirements To start off with this guide, make sure you have the following:
- Your target machine with at least 2 Ethernet Cards & FreeBSD compatible
- Modem – optional, only if you wanna get serious
- Network cables of course
- Your client machine
- pfSense 2.1.4 LiveCD Installer
You need at least 2 ethernet cards, 1 for your Internet connection, going from your modem, and 1 for your local network. But if you just wanted to try other features of pfSense that doesn’t require an Internet connection, then 1 Ethernet card would be enough. Say for example, you wanted to try the OpenVPN server, then you only need 1 ethernet card for this. Let’s get started when everything’s ready.
pfSense Installation: Phase 1
- Step 1: Boot from pfSense boot device, in this case, we’re booting from a LiveCD Installer. Upon booting from the CD, you should see a screen menu with various boot options to select from. At this point, you should choose
1., that is,
Boot pfSense [default]. Reference Image:
- Step 2: After selecting the boot option above, you’ll be taken to a screen with a list of options to; enter recovery mode, continue with the LiveCD or install pfSense. In our case we wanted to install pfSense, so press the corresponding hot-key to perform the install process. Press I to install Reference Image: You should be taken to a new splash screen.
- Step 3: At this point you should see a splash screen similar to the image shown below. Reference Image: Use your arrow keys to hight-light and select
Accept these Settings. Then hit
Step 4: After the above step, you’ll taken to another screen, now choose
Quick/Easy Installand press
Enterkey. Reference Image:
Step 5: pfSense is now ready to copy the core files to your hard-drive. At this point, you should see a screen similar to the image below. Reference Image: Select
OKmenu and press
Enterkey. pfSense installer should start the installation process. Reference Image:
Step 6: After the file-copy process above, another screen will show up. It offers 2 Kernel options to choose from. If you are installing pfSense in a PC or Desktop platform, you should choose the
Standard Kernel, otherwise choose
Embedded kernel. Reference Image:
Note: Only choose Embeded kernel if you are installing on a Embeded platform like router boards with built-in processor and flash storage.
Step 7: After setting the kernel from the above step, you’ll be prompted to reboot your machine. So, do so by selecting
Rebootmenu and hit
Enterkey. Eject the install media before doing this, or change back your boot device order to system drive. Reference Image:
pfSense Installation: Phase 2
Step 8: After rebooting your machine, you’ll be asked if you wanted to set up a VLAN.
Do you want to set up VLANs now [y|n?]Since we’re installing a basic setup of pfSense, you may skip this option and opt not to set it. So you may answer NO by typing
Enterkey. But when you decided to setup VLAN after this point, you could easily do that using pfSense webConfigurator, to configure VLANs later.
webConfiguratoris pfSense’s web administration GUI.
Step 9: At this point of the installation, you should know and have already decided what Ethernet port to use with your WAN and LAN connection.
So you need to designate a specific device (Ethernet Card) for your Internet and LAN connection. You’ll be prompted to enter the WAN interface name, in my case, it is
em0. So I should type
em0 and then
ENTER key. Next prompt should be asking you to enter your LAN interface name, in my case, it is
em1. So I type in
em1 and then
Enter key. Another prompt will ask you to enter an Optional interface, you may skip this for now. We only need at least 2 network interfaces for this basic pfSense installation. So just press
Enter to continue. If You Dont Know Your Interface Names Are, Read Below:
In my case, I got two identical Ethernet card installed in my machine. They are both
Intel PRO/1000 model. I need to know first their corresponding interface names, since they’re both identical, before assigning them either as a WAN interface or LAN interface. In my machine, they are identified as
em1. But I don’t know which is which. So what I did was, I used the installer’s auto-detection option. To initiate this option, disconnect all your cables from your Ethernet cards. Then type
You’ll be prompted to connect the WAN interface first, make sure the link is up and working when you do this. So plugin your cable to any of your available Ethernet card and wait for it to be detected by the installer. It should show you the interface name, like so: em0: link state changed to UP In my case, my first Ethernet card was detected as
em0. This is the card that is attached to the first PCI slot of my motherboard (counting from top). Now, this is going to be my WAN interface (Internet connection).
Now that your interface is detected, press
ENTER key to assign it as your WAN interface. Reference Images:
ato auto-detect your LAN interface name. So, connect your cable to your second Ethernet card, wait for a few seconds and it should be detected. In my case, it was detected as
Enterkey again as soon as your interface is detected. Reference Images:
- Step 10: After setting your network interfaces from the step above, continue with the next step and type in
yto commit your network settings. Reference Image:You should be now taken to a screen similar to the image show below. Reference Image:Reaching this screen means that you’ve successfully installed pfSense.
pfSense Post-install Setup: Phase 3
Before you can use your pfSense instance, you need to configure it further to make it work within your local network. You need to login to its webConfigurator page and set things up from there. To start with the configuration, login to pfSense’s administration page by accessing
192.168.1.1 from any browser you wanted to use. The IP is the default configured, you may also change this if you wish, using the webConfigurator.
- Step 11: Login by accessing
192.168.1.1from a web browser and login as
adminwhen prompted to.
When you access the Admin page for the first time, a splash page will open with a message saying either
This Connection is Untrusted or
The site's security certificate is not trusted! Reference Images:
Note: You commonly see this kind of notice if a site has a self-signed SSL certificate. BUT this should not be the case when you visit an SSL-protected website, whose certificate is validated by a known certificate authority (Symantec, GoDaddy, Comodo or GlobalSign). Because if you see this message on a site protected by SSL protocol, then probably someone is eves-dropping on your connection.
Read more about Certificate Authority here.
Just accept the connection and move on. In Firefox, just click
I Understand The Risk ->
Add Exception button, a pop-up window will open, click
Confirm Security Exception and you’re good to go. In Chrome, just click
Proceed Anyway button. Reference Image:
pfsenseYou may change this later on.
- Step 12: Upon successful login, you should be greeted by a welcome page and an initial configuration wizard page. Just click
Nextbutton to start the configuration wizard. Reference Image:
- Step 13: A new screen should open (see image below), and you need to fill up the
Domainfield. In my case, I leaved Hostname field untouched but I’ve filled up the Domain field with
local.net. I’ve skipped Primary DNS Server and Secondary Server. Click
Nextto go to the next page. Reference Image:
- Step 14: Fill up Time Server Information fields. In my case, I’ve skipped
Time server hostname, but I’ve set my
Asia. Reference Image:
- Step 15: Set up WAN information. This page should be use to configure your Internet settings. You need to input your ISP account information and configurations here. It depends what type of Internet service your ISP is offering you. Whether it be PPoE, DHCP, or Static IP. If you have a PPoE Internet connection, then choose
PPoEfrom the drop-down menu under
Configure WAN Interface. Then scroll down ’till you reach the
PPoE Configurationfield set. In this field set, you need to input your PPoE user-name and password. Reference Image:Then scroll down further and make sure that
Block RFC1918 Private Networks:and
Block bogon networks:is ticked and then finally click
Next. Reference Image:If you either have a Static or DHCP based Internet connection, then just supply the necessary info to
Static IP Configurationor
DHCP client configurationfield sets.
- Step 16: You’ll be asked to configure your LAN interface, if satisfied with the current settings, then just skip this step and move on to the next page by clicking
Nextbutton. Reference Image:
- Step 17: This step will let you change the default Admin user-name and password. You need to change the default entries and nominate your own set of Admin Username and Password. Reference Image:Click Next to continue and to load up the next page. Then finally click
Reloadto set the changes. Wait for the confirmation message
Wizard completedto pop-up before you do anything. Reference Image:Once you see the confirmation message, you can now click
hereto continue working with pfSense webConfigurator. You should be now taken to pfSense main dashboard. Reference Image:
That’s a Wrap
There you have it guys, those are the steps on how to install pfSense 2.1.4. If you’re having some issues and you’re not able to complete the install process, just feel free to ask me about it and put your comments below.