Running pfSense in a XenServer with xenguest

If you deploy pfSense on a XenServer, you may be shocked at the performance loss-specially on interface speed! But wait, there are some tweaks to make this usable.

Installing pfSense

Go ahead and setup pfSense like normal, and when you are done, perform the following tweaks. (the day till it’s tested on pfsense version 2.5.2 and xen on scp-ng 8.1)

XenServer tweaks

Find UUID for the pfSense VM you just installed.

xe vm-list

You should get something like the following

uuid ( RO) : b435d920-eb22-b45d-5058-091619ed427f
name-label ( RW): pfSense
power-state ( RO): running

uuid ( RO) : 42626f69-6185-4aa6-a125-839700f96828
name-label ( RW): Control domain on host: xenserver-000
power-state ( RO): running

We want the UUID of the instance running pfSense, b435d920-eb22-b45d-5058-091619ed427f in this case. Continue reading “Running pfSense in a XenServer with xenguest” »

Share

Set Up a Radius Server on pfSense

Installing the Package

The pfSense 2.X package manager includes both FreeRadius and FreeRadius2 as installation options. For this example, I’m going to be using FreeRadius2 since it has some additional features not found in the previous version.

Only one version of radius can be installed on pfSense at a time. If you previously installed any radius packages, go ahead and remove them first.

The package installation will briefly interrupt traffic passing through the router as the service starts, so be careful when running the installation on a production system.

  • Open the package manager in the system menu of the web interface.
  • Click the plus symbol next to FreeRadius2 to begin the installation.
  • Click ‘Ok’ to confirm the package installation.

You cannot run both FreeRadius and FreeRadius2 on the same pfSense system. Make sure to remove one before installing the other. The setup process will automatically download and install the radius package along with all of its dependencies. The installation normally takes a couple of minutes to complete.

After it’s finished, there will be a new menu item for the package in the services menu. The FreeRadius installation normally takes a couple minutes to complete. Continue reading “Set Up a Radius Server on pfSense” »

Share

PFSense SNMP Configuration

Open a browser software, enter the IP address of your Pfsense firewall and access web interface. In our example, the following URL was entered in the Browser:

https://192.168.15.11

The Pfsense web interface should be presented. After a successful login, you will be sent to the Pfsense Dashboard.

Access the Pfsense Services menu and select the SNMP option. Continue reading “PFSense SNMP Configuration” »

Share

Allow Ping on PFSense WAN interface

This article shows you how to allow ##ping## on the WAN side of your pfSense firewall. By default, ping to WAN address is disabled on pfSense for security reason. However, you may want to allow ping for different reasons, here is how:

# Login to pfSense
# Open Firewall > Rules.


# Change Interface to wAN.
# Change Protocol to ICMP. Continue reading “Allow Ping on PFSense WAN interface” »

Share

Build PPPoE server using PfSense

Before building a PPoE system, it is estimated to assume that we’re building it on the following principal and prerequisite conditions-

  1. It’ll be a NAT PPPoE router
  2. At least 2 Interface we’ll be needing- 1 for WAN/Internet/Uplink and the other for LAN/PPoE user.
  3. A reserved LAN IP for PPPoE server itself (other than the LAN IP)
  4. Disable DHCP service if it’s running
  5. Prefereably disable DNS Resolver and enable DNS forwarder
  6. As of this pfsense/Netgate tutorial is being written the version is 2.6
  7. A

For easy understanding here goes my mockup instace WAN and LAN IP-

  1. WAN IP- 114.130.95.196/27, 114.130.95.193
  2. LAN IP- 192.168.1.1/24
  3. PPoE Reserved IP- 172.16.16.1
  4. DNS- 8.8.8.8
  5. LAN port is connected to the LAN switch or alternativey you can connect it to your PC
  6. Assuming you have an operting pfsense using static IP endpoint and you can use internet using static gateway configuration.

So here goes the steps-

Step 1: Create and Configure PPPoE Server:

  1. Go to services > PPoE Server section and click on ADD
  2. On the PPPoE Server Configuration page do the followings-

Continue reading “Build PPPoE server using PfSense” »

Share

Testing Freeradius of Pfsense

FreeRADIUS offers an easy to use command line tool to check if the server is running and listening to incoming requests. Aninterface, a NAS/Client and a user must all be configured:

  • Add a User with the following configuration:Username: testuser
    Password: testpassword
  • Add a Client/NAS with the following configuration:IP-Address: 127.0.0.1
    Shared Secret: testing123
  • Add an interface with the following configuration:IP-Address: 127.0.0.1
    Interface-Type: Auth
    Port: 1812
  • SSH to the pfSense firewall and type in the following on the command line while FreeRADIUS is running (check before in System Log):
    radtest testuser testpassword 127.0.0.1:1812 0 testing123

The following output should appear if everything was setup correctly: Continue reading “Testing Freeradius of Pfsense” »

Share

Remote Administering pfsense

To open the firewall GUI up completely, create a firewall rule to allow remote firewall administration – do not create a port forward or any other NAT configuration.

Example Firewall Rule Setup

  • Firewall > Rules, WAN Tab
  • Action: pass
  • Interface: WAN
  • Protocol: TCP
  • Source: Any (or restrict by IP/subnet)
  • Destination: WAN Address
  • Destination port range: HTTPS (Or the custom port)
  • Description: Allow remote management from anywhere (Dangerous!)

Continue reading “Remote Administering pfsense” »

Share

Creating PPTP on Pfsense 2.2.4

If you want to build a PPTP server graphically build using pfsense nice looking interface, then please do follow the steps below. Here I assume, a proper NAT firewall is already running in the pfsense configuration.

Step-1

  1. Go to VPN > PPTP from top menu
  2. Under “Configuration” tab-
    1. PPTP redirection > Enable PPTP server
    2. Define “No of user”
    3. Server Address- type 1.2.3.4 (trust me, it works no matter whatever your WAN or LAN IP is!)
    4. Remote Address Range- <your LAN IP>
    5. PPTP DNS Server- I used- 114.130.5.5 and 8.8.8.8
    6. Place a ‘tick’ “Require 128-bit encryption”
    7. Save
    8. Continue reading “Creating PPTP on Pfsense 2.2.4” »

Share

1:1 NAT firewall using pfsense

Assuming you are planning to setup your server infrastructure behind firewall- pfsense. You have a Public IP- 114.130.56.x to be pointed to your private lan server with 192.168.14.x.

Let’s begin-

Step-1

Adding public IP to the WAN interface “Firewall > Virtual IPs ” as below-

1-1-Nat-1

Step-2

Now move on the “Firewall > NAT > 1:1” menu as below- Continue reading “1:1 NAT firewall using pfsense” »

Share