Install pfSense Qemu Guest Agent

Software Versions

The following software versions were used in this post.

  • pfSense Community Edition – 2.6.0
  • QEMU Guest Agent – 5.0.1

Install the qemu-guest-agent package.

pkg install -y qemu-guest-agent

Once installed, there is a note on how to setup the agent.

Modify your `/etc/rc.conf` by adding these settings

qemu_guest_agent_enable="YES"
qemu_guest_agent_flags="-d -v -l /var/log/qemu-ga.log"

and run

Read more

Share

Extreme slow internet speed pfsense over proxmox

For a qemu proxmox guest PFSense acts weriedly with the network speed- it gets extremely slow. So her goes the little tweaks that worked for me-

First, I chose Intel E1000 Interfaces instead VirtIO.

Second, in the PFSense webconsole-

In pfSense GUI, System > Advanced > Networking > Tick on-

  • Disable hardware checksum offload
  • Disable hardware TCP segmentation offload
  • Disable hardware large receive offload
Share

pfSense firewall rules for WhatsApp

For simplicity, you can also follow the step by step instructions from your pfSense WebGUI below:

1. Create a PORT alias:

Firewall -> Aliases -> Ports -> + AddName: WhatsAppPortsTCP
Port: 443
-> + Add PortPort: 5222
Save (bottom) -> Apply Changes (top right)

2. Create a URL alias:

Firewall -> Aliases – URLs -> + AddName: WhatsAppIPv4_URL
Type: URL Table (IPs)
URL Table (IPs): https://adamnetworks.dev/pub/fwaliases/raw/master/ips/whatsapp.txt /(update frequency): 1
Save (bottom) -> Apply Changes (top right)

Read more

Share

Mount CDROM to Pfsense

  1. Go to a shell.
  2. Make a directory to mount the CD at:
    mkdir /tmp/cdrom
  3. Mount the CD:
    mount_cd9660 /dev/acd0 /tmp/cdrom or mount_cd9660 /dev/cd0 /tmp/cdrom
  4. CD is now mounted at /tmp/cdrom. When finished unmount:
    umount /tmp/cdrom

* Note: If your cdrom device is not acd0, check the bootup messages for the proper device. 

Share

Running pfSense in a XenServer with xenguest

If you deploy pfSense on a XenServer, you may be shocked at the performance loss-specially on interface speed! But wait, there are some tweaks to make this usable.

Installing pfSense

Go ahead and setup pfSense like normal, and when you are done, perform the following tweaks. (the day till it’s tested on pfsense version 2.5.2 and xen on scp-ng 8.1)

XenServer tweaks

Find UUID for the pfSense VM you just installed.

xe vm-list

You should get something like the following

uuid ( RO) : b435d920-eb22-b45d-5058-091619ed427f
name-label ( RW): pfSense
power-state ( RO): running

uuid ( RO) : 42626f69-6185-4aa6-a125-839700f96828
name-label ( RW): Control domain on host: xenserver-000
power-state ( RO): running

We want the UUID of the instance running pfSense, b435d920-eb22-b45d-5058-091619ed427f in this case.

Read more

Share

Set Up a Radius Server on pfSense

Installing the Package

The pfSense 2.X package manager includes both FreeRadius and FreeRadius2 as installation options. For this example, I’m going to be using FreeRadius2 since it has some additional features not found in the previous version.

Only one version of radius can be installed on pfSense at a time. If you previously installed any radius packages, go ahead and remove them first.

The package installation will briefly interrupt traffic passing through the router as the service starts, so be careful when running the installation on a production system.

  • Open the package manager in the system menu of the web interface.
  • Click the plus symbol next to FreeRadius2 to begin the installation.
  • Click ‘Ok’ to confirm the package installation.

You cannot run both FreeRadius and FreeRadius2 on the same pfSense system. Make sure to remove one before installing the other. The setup process will automatically download and install the radius package along with all of its dependencies. The installation normally takes a couple of minutes to complete.

After it’s finished, there will be a new menu item for the package in the services menu. The FreeRadius installation normally takes a couple minutes to complete.

Read more

Share

PFSense SNMP Configuration

Open a browser software, enter the IP address of your Pfsense firewall and access web interface. In our example, the following URL was entered in the Browser:

https://192.168.15.11

The Pfsense web interface should be presented. After a successful login, you will be sent to the Pfsense Dashboard.

Access the Pfsense Services menu and select the SNMP option.

Read more

Share

Build PPPoE server using PfSense

Before building a PPoE system, it is estimated to assume that we’re building it on the following principal and prerequisite conditions-

  1. It’ll be a NAT PPPoE router
  2. At least 2 Interface we’ll be needing- 1 for WAN/Internet/Uplink and the other for LAN/PPoE user.
  3. A reserved LAN IP for PPPoE server itself (other than the LAN IP)
  4. Disable DHCP service if it’s running
  5. Prefereably disable DNS Resolver and enable DNS forwarder
  6. As of this pfsense/Netgate tutorial is being written the version is 2.6
  7. A

For easy understanding here goes my mockup instace WAN and LAN IP-

  1. WAN IP- 114.130.95.196/27, 114.130.95.193
  2. LAN IP- 192.168.1.1/24
  3. PPoE Reserved IP- 172.16.16.1
  4. DNS- 8.8.8.8
  5. LAN port is connected to the LAN switch or alternativey you can connect it to your PC
  6. Assuming you have an operting pfsense using static IP endpoint and you can use internet using static gateway configuration.

So here goes the steps-

Step 1: Create and Configure PPPoE Server:

  1. Go to services > PPoE Server section and click on ADD
  2. On the PPPoE Server Configuration page do the followings-

Read more

Share

Testing Freeradius of Pfsense

FreeRADIUS offers an easy to use command line tool to check if the server is running and listening to incoming requests. Aninterface, a NAS/Client and a user must all be configured:

  • Add a User with the following configuration:Username: testuser
    Password: testpassword
  • Add a Client/NAS with the following configuration:IP-Address: 127.0.0.1
    Shared Secret: testing123
  • Add an interface with the following configuration:IP-Address: 127.0.0.1
    Interface-Type: Auth
    Port: 1812
  • SSH to the pfSense firewall and type in the following on the command line while FreeRADIUS is running (check before in System Log):
    radtest testuser testpassword 127.0.0.1:1812 0 testing123

The following output should appear if everything was setup correctly:

Read more

Share