Breadcrumbs

1. Introduction

I love to try new technical challenges for curiosity and learning purposes. i was before using Orange ISP in France and i was very unhappy about their router for many reasons (bug, crash, packet loss, NAT working ... when it wanted, NAT impossible on specific port ... like PPTP port ... awesome ...). So because of Orange i started looking into a way to get rid of their router, unfortunately at that time i discover it's very annoying (see previous article): you will lose TV & phone or you will need a lot of configuration... So since i knew i had to move soon, i never actually took the time to try it.

But since I moved, I changed my ISP and went to Free ISP (French ISP) with optical fiber. it also have its issues, but at least you can easily set the given router to bridge mode! much easier and you still can keep TV (girlfriend is happy!) & phone!

But in addition i'm very impressed by the huge improvement i had to use my own router! for clarification here are 2 bandwidth tests i made before and after changing my router (tried several time always same 2 results):

Here is the state of my mind after i run the tests:

click below to see why!

 Standard router given by ISP (French Freebox 4k):

 Own made pfsense (using VMware ESXI):

 

it's crazy right ? i won almost 700Mbps of bandwidth ! i didn't made any tweaks. my assumption is that the ISP router have cheap CPU/RAM and can't handle huge bandwidth (packet management & Co).

 so now when people ask me : "why did you change your router?", i send them this 2 pictures! no more details needed: if they don't understand, no need to go further, if they are making the same face than me, it worse explaining other reasons!

 So here are the other reasons i want to use another router than my ISP one:

  • With pfsense you have an open source router: i'm sure there is no backdoor from my ISP (no idea what i'm talking about!),
  • It has embebbed real firewall (not crappy one like most of the time in ISP router),
  • I can use it for home lab for VLAN & Co
  • I can build network segregation to seperate my home network from my server side (DNS, gatessh, domotique etc).
  • I can try to put an IDS (my next plan) like suricata
  • Because i can & for fun ? ok ... i'm a geek ...

 So pfsense itself is pretty easy to install, i will try to guide you through it then show you some trick to avoid trouble ! most of them will be link the freebox 4k but you might find some equivalent!

 Be careful this tutorial is made for advance user with at least basic knowledge on network. If you don't know these terms or if they freak you out don't try it : IP, netmask, DHCP, DNS, WAN, LAN. You don't need to know too much about these, just know them and more or less what they are used for!

 

2. pfsense

2.1 what is pfsense ?

here is a short description of pfsense by pfsense :

The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality. pfSense software, with the help of the package system, is able to provide the same functionality or more of common commercial firewalls, without any of the artificial limitations. It has successfully replaced every big name commercial firewall you can imagine in numerous installations around the world, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and more.

pfSense software includes a web interface for the configuration of all included components. There is no need for any UNIX knowledge, no need to use the command line for anything, and no need to ever manually edit any rule sets. Users familiar with commercial firewalls catch on to the web interface quickly, though there can be a learning curve for users not familiar with commercial-grade firewalls.  

 

2.1 Architecture

 first of all here is a schematic of how i plug my network:

Schematic A:

  

My network is actually a bit more complex but for installation details only it's not necessary. I will soon post another thread with more details of my infrastructure. Indeed my pfsense router is actually an ESXI server with several VM installed. One of them is pfsense, the other one are my DNS, DHCP, etc.

For the installation and configuration I plug my pfsense a bit different ... if you think about it, it's ibvious ... it's no router yet, so if i plug it like above... i won't have access to it, nor have access to internet !

So here is how i must have my architecture for installation and settings:

Schematic B:

 

the router is actually plug like any other device in my home network using its LAN interface. the WAN isn't plug yet.

 

  2.2 Installation

To start the installation, you need to go download the last iso of pfsense on their website : https://www.pfsense.org/download/

i personally took the AMD64 live installer with installer but depending on your hardware you might need another version. (my pfsense router is a VM). Once you got the iso, burn it on a CD or put onto your USB key or mount your iso into your VM, and boot onto it. 

 be aware that by default the keyboard is in qwerty, it means that to select a number you must NOT press the "shift" if you are in azerty like me.

 once you boot on your pfsense cd/iso/usb, you will have a screen like this :

 

 

 you just have to let it boot automaticaly or select the "1" and let it go through.

be careful during the installation at a moment, it will ask you if you want to install it or keep running the live cd. be aware that there is an automatic time out and by default it continues on live cd.

for installation you must press "I", you will have several screen like this : 

most of the time you can take "easy/quick install", it's only if you want to use partitioning & Co like on Linux, but on my personal opinion (may be i'm wrong) on a router i don't really care.

it will start installing on your HDD (personally since my pfsense is a virtual machine hosted on my ESXI, I have an SSD).

Finally you will have these:

after clicking reboot you can safely remove the CD/iso/USB. Not before (i tried and it crashed ...)

 

once you have remove the cd/iso/USB, and reboot, you should have this screen. Just press F1 to start on pfSense, or just wait.

 

 2.3 Configuration

once it's done, you will need to setup your interface. you need to now which interface is what: which cable will be plug to your personal network (LAN), which cable to the freebox (internet side: WAN). To find out, dont be afraid to make test, it doesnt matter for the moment. 

here is my configuration console once i set up my interface:

to do so, you need to select "1" : say "no" to VLAN, to setup your WAN, select DHCP settings and go through, to the LAN settings you must chose an IP. Mine is written above because my home network is : 192.168.42.0/24 (my computer is 192.168.42.5 for example).

 

 

you might need your ISP information. for free you can find it into your client profil : 

once you have set up your LAN interface you should have a message telling you that you can access the webinterface through : http://X.X.X.X (the IP you chose).

it's almost over now!

go to the interface, the default login/password should be: admin/pfsense.

First of all, change them ! ;)

Then go through the web interface to get used to it (as a reminder, my pfsense is a VM, it's not actually its real CPU no worries ! ;) ):

 

For the moment your WAN interface should not be set, or should have a local IP assigned. it's normal since you are still in configuration schematic B

 The first thing to do, is to fix your computer IP on your home network (same subnet as your pfsense LAN interface). Indeed you will need to disconnect your freebox from your LAN and expect if you have another DHCP server, you won't have a valid IP afterward!

Once it's done, you can go to your freebox interface using mafreebox.freebox.fr from your LAN (it's working even in bridge mode). Then you must set it to bridge mode like below. 

Be careful, once it's down, you could need to make a full reset to get it to work again ;) (http://www.free.fr/assistance/31.html). No big deal, just be aware of it, and don't plan anything important using internet that day ! ;)

To set your freebox 4k in Bridge mode, you must go through this settings :

Once it's done, plug your router WAN interface to the freebox server to be in the configuration of the schematic A. You might need to restart your switch also if you have any (reset table). You should still be able to access pfsense interface. after a couple of minute, the Free DHCP (WAN interface side) should kick in and give you your IP. You can check it through the main page of your pfsense webinterface or directly through the console.

 the first time you connect it might request you some information like DNS. you could use your ISP one, or any other you want. i personaly use server from https://www.opennicproject.org/

 

 2.4 DHCP LAN

 

I actually didnt go through this because i have another server in charge of my DHCP and DNS but it might be useful for you to also use pfsense. it's quiet easy : use the webinterface and go through : services > DHCP server. Enable the server, set up your static IP for your computer if you need.

 

2.5 Firewall/NAT

pfsense is a powerful firewall, it's a complete other full topic, but just for information because it make me lose 1 or 2hours at first: when you set up a NAT rule (to enable access to another computer from the outside, like a gatessh), there is a checkbox to auto generate the firewall rule also! make sure to check it ! ;)

 

3. troubleshoting

if you have issue finding the right interface, think about unplugging them to see which one are up and which one are down.

if you have trouble with your WAN interface, you might be able to acces your freebox through: mafreebox.freebox.fr

 

4.Conclusion

if you need more information, help etc don't hesitate to leave me a comment or send me an email.

i will probably right another article on how i set up my pfsense using VMware ESXI.

 

4. sources

https://www.pfsense.org/

http://www.sky-future.net/wp-content/uploads/2015/01/Installation+pfSense.pdf

http://www.sky-future.net/2014/03/tuto-installation-de-pfsense/

 

Add comment


Security code
Refresh

Go to Top
Template by JoomlaShine