pfSense is one of the most widely used open source firewall solutions. We have been using it in our school for several years now and are very satisfied with it because it simply offers many features for which you have to invest a lot of money elsewhere. Today I want to show you how to install pfSense and how to set it up. Before that, I’d like to talk about various hardware that is suitable for running pfSense.
This allowed me to play with the configuration without affecting the network. Connect the RPi4 built-in RJ45 to your router (or wireless, if you want). With Raspbian, the easiest way to do this is using the GUI. From the desktop, click the Raspberry Icon Preferences Raspberry Pi Configuration. Be sure to enable SSH and VNC.
What hardware do I need?
In general, you can say that you can theoretically use any computer with at least two network cards to run pfSense. This could be, for example, an old computer which you no longer need and which you equip with a second network card. But often an old computer is not very energy efficient and other alternatives are more appropriate. In addition to power consumption, the intended use case plays a decisive role. It makes a difference whether I use the firewall at home with a few users or in a school or a company with considerably more accesses.
For home use the APU2C4 board from PC Engine is popular (mainly in Europe), but also passively cooled mini computers like this or that one. For a school or company, a board with at least 4 network cards is recommended, depending on the requirements. We use a SG-4860 from Netgate. If you search for pfSense at Amazon or AliExpress, you will find many offers. The only important thing is that the CPU supports AES-NI, because this feature of pfSense will be absolutely necessary in future versions.
On the website of the pfSense project there are some general hints about the hardware requirements:
This allowed me to play with the configuration without affecting the network. Connect the RPi4 built-in RJ45 to your router (or wireless, if you want). With Raspbian, the easiest way to do this is using the GUI. From the desktop, click the Raspberry Icon Preferences Raspberry Pi Configuration. Be sure to enable SSH and VNC. Dec 17, 2019.
Minimum → 512MB RAM, 500 Mhz CPU
Recommended → 1GB RAM, 1Ghz CPU
The available bandwidth should also be taken into account when selecting hardware, otherwise pfSense could become a bottleneck.
10-20 Mbps → Intel or AMD CPU with at least 500MHz.
21-100 Mbps → current Intel or AMD CPU with 1Ghz
101-500 Mbps → current Intel or AMD CPU with at least 2 Ghz and one PCI-e network card
501+ Mbps → Server hardware with multi-core CPUs with at least 2 Ghz each, PCI-e network card
Preparing the pfSense Installation
Download image
Before starting the installation, you need to know which pfSense image you need. This depends, for example, on whether the hardware used has a VGA/HDMI output or only a serial console. Or whether you want to install via CD, USB flash drive or directly on the hard disk. Therefore I would like to give some hints here:
Architecture:
You only need Netgate ADI if you also use a Netgate product.
AMD64 for everything else (Intel / AMD 64bit CPU)
Type of image
USB Memstick Installer is required for the installation with a USB stick.
CD Image (ISO) Installer is used for installation with a CD or for virtual machines
Serial – if only one serial port is available (USB or RS-232)
VGA – if the hardware used has a VGA/DVI or HDMI output.
If you know which image you need, you can download it from the pfSense website.
Prepare USB Flash Drive
The pfSense documentation contains a lot of information about preparing a USB flash drive. In our example we assume a USB Memstick VGA Installer. First you should format or empty the USB stick. This is very easy under Linux with
Note: It is essential to pay attention to which device is specified after of=/dev/. Otherwise it can happen that you empty your main partition and data is irretrievably lost! To find out the device name, it is best to plug in the USB stick and then run dmesg in a terminal. Then you can see which device name the USB stick got (often it is /dev/sdb).
Instructions for clearing a USB flash drive under Windows or macOS can be found in the documentation linked above.
Now you can write the downloaded image to the USB flash drive.
ESC then use use arrow keys to move the cursor x deletes, i puts you back into insert mode now save the file (in vi hit ESC then :wq! then ENTER) this script will make a https request and log the output in the file duck.log now make the duck.sh file executeable next we will be using the cron process to make the script get run every 5 minutes copy this text and paste it at the bottom of the crontab now save the file (CTRL+o then CTRL+x) lets test the script this should simply return to a prompt we can also see if the last attempt was successful (OK or bad
Opnsense Raspberry Pi
KO) if it is KO check your Token and Domain are correct in the duck.sh