Install and Configure Pfsense 2.3.1
I had issues with my Cisco Router and I have come to the conclusion that it has completely failed. I had reverted back to my Virgin Superhub 3 that come with my Internet connection (200MB D/L 10MB U/L), I was reading the HomeLab section of Reddit (https://www.reddit.com/r/homelab/) when I come across Pfsense, a router/firewall solution that could be installed as a VM. So I decided to proceed with setting this up and I have been pleased with the results! It’s an excellent product so I thought I would create an install guide for the software.
You initially need to download the ISO from the Pfsense website. This can be found here – https://www.pfsense.org/download/ – Select the correct version of hardware you are planning on installing this on, either the x32 or the x64 bit version. Then select the mirror that is nearest to you for the fastest download speed.
Once you have downloaded the file this need to be extracted as it comes as a .iso.gz file. This can be completed using 7ZIP as an example. You will now need to create a virtual machine, I have used the following settings. Recommended specs for the VM are around 500MB RAM and 1 vCPU, I had more resources available and as I will be using this as my primary router I wanted to make sure this has sufficient resources. I have also put this on SSD storage to improve the responsiveness of the VM, after all I will be using this as a router/firewall!
When you have configured this you will need to select Edit Settings and then Connect your ISO from a Datastore.
Remember to make sure you select Connect at Power on. I would also advise removing the Floppy drive as this is not required.
At this stage I would advise to create the WAN Port group on the ESXI Host. You will need to assign a secondary adapter to this port group, this will be the network port that requires connecting directly to the router once we have configured the VM. You can create this by navigating to Configuration –> Networking –> Add Networking and select Virtual Machine Port Group. I would also recommend changing Promiscuous mode to accept on the vSwitch settings, this will be required If you are setting up OpenVPN, I will be creating a guide on how to setup OpenVPN so watch out for that shortly!
Navigate to Properties –> vSwitch then change Promiscuous mode to Accept as per the below screenshot –
This is now completed. We can now start the VM ensuring that the ISO is connected to the machine.
You can wait for the machine to Autoboot as this is the correct option.
You need to press ‘I’ when this selection comes up so it enters installer mode.
Scroll down to ‘Accept these Settings’ and press Enter.
Select Quick/Easy Install
Press Enter to select ‘Ok’ to continue.
This will now start to install the system.
Press Enter to use the Standard Kernel.
Once completed the installer will prompt you to remove the disk. You should now remove this and reboot. The machine will reboot and you will be presented with the below –
We need to select option 1 to assign the interfaces to Pfsense.
Note – em0 will be vmnic1 and em1 will be vmnic2. You can verify this by navigating to the VM Settings and selecting the network adapter. You will then see the MAC address as below –
You can verify these MAC addresses to make sure that we are assigning the correct adapter to each interface.
We need to make sure that the VM has two NIC’s. One will be for the LAN interface with a local IP address IE 192.168.0.1 and the other will be for the WAN Interface with an external IP that will be provided via the router that has been configured to be in modem mode.
I have configured these as below, you’ll notice this VM does not have an external IP as I already have another Pfsense box running on my network.
You will now need to connect to the LAN IP to continue the configuration, I have done this via a VDI machine so I added a network adapter and added the IP address 192.168.1.5 – If you have a PC you can manually set the IP so you can complete this part of the installation, before changing the IP of the Pfsense box to your LAN requirements.
You will need to login using the default username and password which is below –
Username – admin
Password – pfsense
This will log you in and take you through the setup guide.
You can setup your Hostname and DNS Settings as per the below screenshot.
Configure the NTP servers, I have left these as default apart from changing the Timezone to London.
The WAN Interface configuration can be left as default as we will be putting the router in to modem mode.
Now configure your LAN interface, I would advise not changing this until you have finished the setup wizard as you also need to change the DHCP settings to reflect the new IP. (This is assuming you have DHCP configured on your router currently)
Type a password for the router as per the below.
Reload the router to proceed with these configurations.
You can wait for this to reboot and it will come up with the completion page as below –
I would now advise to install VMware Tools before continuing with the networking configuration as we will be changing the network adapters once it has been installed.
You can complete this by navigating to System –> Package Manager –> Available Packages –> Open-VM-Tools
Select confirm as per the below screenshot to install the package.
You will see that the install has completed successfully.
I would advise now shutting down the VM and replacing the network adapters with VMXNET3 adapters, these have a lot better performance than the E1000 adapters.
The VM will ask you to re-configure the WAN and LAN Adapters. You will need to use the same ones as before, again these can be checked by viewing the MAC address of the adapters via Edit Settings on the VM.
The VM will now start and we will need to log back in to the console.
At this point you can change your LAN IP by navigating to Interfaces –> LAN
Note – You will need to configure the DHCP settings to reflect the LAN IP change, this can be completed in Services –> DHCP Server.
We now need to put the router in to modem mode. There are multiple different guides for this but I may create one for Virgin routers shortly. I will skip this step for now, I will assume you know how to complete this setup. This will be different for all types of routers.
You will need to connect the router to the correct NIC in the ESXI Host, this is the NIC that we assigned to the WAN Port group.
In my configuration I have this directly plugged in to VMNIC1 and my VMNIC0 is plugged in to my switch. You will need to reboot the VM for the Dynamic WAN IP to take effect. Make sure this is configured to use the correct port group that was created at the start of the guide.
This should be everything! If this is successful you should now be able to connect to the Internet via your Pfsense router. You will need to configure all of the devices to point to this new gateway, I have used the same gateway IP as my previous Virgin router so I didn’t have to complete this step. Stay tuned for my OpenVPN on Pfsense guide that I will be releasing shortly!
Jacob,
Nice write up!
I’ve used pfSense on and off for years via a VM / ESXI 5.5. My issue is switching from the e1000 NICs to vmxnet3. When I do, i breaks package management. I can not longer list current or available packages via GUI and when I execute a pkg update command in the shell, it fails with a SSL Cert error. Is you package manager working with the VMXNET3 NICs installed?
Hello Robert,
When Installing version 2.3.1 as per this post I remember experiencing a few issues with the NIC’s dropping packets due to high CPU usage, pfSense also used to crash due to this issue and I had to reboot the server to regain internet access. As far as I know I have always been using VMXNET3 Adapters. I have since upgraded to version 2.3.2 and It has been resolved ever since. What version are you running? Did you ever install the ‘Open-VM-Tools’ package when you configured pfSense? I only run the Open-VM-Tools, Squid Proxy and OpenVPN packages, I’ve confirmed I can successfully access the Installed packages list.
Kind regards
Jacob