Useful pfSense Links


DZMM

Recommended Posts

I thought it'd be useful to create a thread with useful pfSense links as more and more users seem to be creating VMs or building standalone boxes.  Please share any useful links or tips and I'll add them to this post.

 

I returned to the pfSense fold last week and here are some great guides I used to setup my VM.

 

nguvu.org Guides - great guides as the instructions are all interlinked

  1. pfSense baseline guide with VPN, Guest and VLAN support: great guide from nguvu.org which pretty much got everything running for me, allowing me to choose what traffic including dockers, goes through the VPN or not.  It also provides an easy framework for selectively routing sites outside the VPN (hint: added IPs or FQDN like plex.tv to the SELECTIVE_ROUTING alias - simple).  It's very similar to the official AirVPN pfSense setup guide, but this one covers more bases IMO

  2. pfSense multi VPN WAN: follow-up from nguvu.org that creates three simultaneous VPN connections to provide protection if one failsover - solved the problem I was having when my VPN went down

  3. pfSense remote access via OpenVPN: a bit more convuluted than using the OpenVPN-AS docker, but I prefer this as I feel more in control by building from scratch

  4. pfSense port forwarding for torrent client: how to correctly allow torrent clients to access the torrent network via AirVPN utilising pfSenses port forwarding capability. 

  5. Unifi setup: how to correctly setup VLANs and some useful performance tweaks in there

 

Other Guides:

  1. How to setup Snort
  2. How to block ads using pfblockerngExcellent guide covering ads and malicious sites
  3. How To Run Pfsense with PIA VPN, but still use Plex Remote Access: the pfsense baseline guide above also has a solution for this

  4. Guide: How To Traffic Shape with PfSense: simple introduction to traffic shaping

  5. How to Cast Between VLANs: How to get the most out of Google Homes, Android TVs and Chromecasts

 

Video Guides:

  1. Comprehensive Guide to pfSense 2.3: Over 10 hours of content, so covers a lot!
  2. How to create a secure shell connection

 

Scripts:

  1. Update godaddy A records automatically

 

I haven't posted guides for traffic shaping (I had a stab at writing one here, but I need to recheck it as I think there are errors in there) or setting up Squid cache as I'm still testing my setup works properly.

 

Please share any other useful guides, including installation - a @gridrunner video would be perfect!

Edited by DZMM
added traffic shaping guide
  • Like 1
Link to comment
18 hours ago, DZMM said:

 

 

Please share any other useful guides, including installation - a @gridrunner video would be perfect!

 
 

 

@DZMM I am planning a series of video tutorials on setting up pfsense. Both for a real and VM  instance. Actually, I have just bought a Zotac min pc with dual LAN ports off eBay for £60 and it arrived yesterday and is sitting on my desk to make a little Pfsense box!

DSC_0995.thumb.JPG.00f0109743f4114e0c76d46567491d04.JPG

 

Also, I have been thinking of trying out something with Pfsense but I don't know how well it would work. 
I have recently added 10gbe to my unRAID servers. It is just peer to peer. I cant afford a 10gbe switch (even the cheaper quanta lb6m is around £300 second hand in the UK, also its huge and not girlfriend friendly in the house !!)

I don't need many ports anyway. So I thought it would be fun to build my own 10gbe switch. I was thinking of putting 2 dual port 10gbe cards and 1 quad port gigabit ethernet card. Then bridging all of the gigabit LAN and 10gbe ports. I know the performance will not be as good as a dedicated switch (?) but hopefully good enough. 
I was thinking of using VyOS to do this ( https://vyos.io/ ) . But it would be kind of cool to build it in pfsense instead and have everything in one box but I am not sure what the performance would be like. Guess I will find out :)

Edited by gridrunner
Link to comment

That's a sweet deal for £60 - it's why I think more people should try pfsense as Vs an ISP provided box that ISPs purchase for around £40-50 (BT's boxes have better specs) that have to function as a modem and wireless router as well, even low priced equipment like this will provide a much better router.

 

The homebuilt switch sounds like an interesting project.  I'm planning on upgrading my mobo soon to one which will have a dual nic which will give me a total of 4, so I'm going to move my VLANs onto the new NIC (currently 1x unRAID, 2x pfSense VM (WAN+LAN with VLANs over LAN).  I rarely saturate my network at the moment, but I'll be getting gigabit internet next year (just waiting for when I can cancel my BT contract) so in preperation I've put my bandwidth hoggers (nzbget, deluge, plex etc) on VLANs so they'll be able to use that route to the WAN, leaving my LAN nic free for my home network.

Link to comment

I've added a link for the traffic shaping guide as I've reviewed the first post and it's actually correct (phew!)

 

Once I got my head around how pfSense applies the traffic shaping rules, it became quite easy to do

 

Quote

pfSense runs through the following questions when it traffic shapes each packet:

  1. For the given queue, does it have a Real Time allocation and is this enough or does it need queuing?
  2. If Real Time allocation isn't enough, does the packet have enough Link Share to be sent or does it need queuing?
  3. If using Link Share, is there an Upper Limit set that needs to be obeyed, potentially overriding the Link Share?

 

Link to comment
On 11/15/2017 at 7:09 PM, wgstarks said:

While waiting for @gridrunner‘s video I found these. They're a little outdated (version 2.3) and not directly related to unRAID of course, but still very informative so far. I’ve only had a chance to watch the first four.

Thanks - added to the first post.  I've also watched a few and they're a bit long, but there's tonnes of useful information in there.

Link to comment
7 hours ago, CHBMB said:

@gridrunner Before you get too stuck in with that Zotac box, might be worth checking this link out.  pfsense 2.5 requires AES-NI to be supported by the CPU.

Yeah, my Zotac only has a Celeron ULV 847 so no AES-NI :( so I won't be able to use 2.5. It is 64 bit though so I can use 2.4 until the 2.5 is released.

After that, there's always the pfsense fork opnsense 

Link to comment

This script was a lifesaver for me.  My domain-name is with godaddy who don't support DDNS, so I was having to use services like duckdns and CNAMEs to be able to use my domain.  However, this caused problems with some LE configs.


This script updates godaddy's A record so you pfsense can ensure godaddy has your latest IP address.  Use a tool like cron package to run the script frequently

 

 

Link to comment
  • 1 month later...

With Amazon Prime, Netflix, BBC iPlayer etc blocking VPNs it was causing havoc in my VLAN setup e.g. having to keep moving chromecasts between VLANs depending on which device wanted to cast, as chromecasts only work on one subnet at a time. 

 

I've just found a fix to be able to cast (Android TVs, Google Homes, Chromecasts etc) between VLANs:

 

- install Avahi package with default settings

- allow Chromecast ports below (also removes the need to enable uPnP)

 

Quote
Which ports does Chromecast use when connecting to external services?
  • HTTP:  TCP/80
  • HTTPS:  TCP/443
  • DNS:  UDP/53
  • SNTP:  UDP/123

Which ports are used by Chromecast to communicate with computer/phone/tablet in the same network?

  • SSDP:  UDP/1900/multicast
  • mDNS:  UDP/5353/multicast
  • TCP/8008
  • TCP/8009

 

https://productforums.google.com/forum/#!msg/chromecast/G3E2ENn-YZI/s7Xoz6ICCwAJ

 

Edited by DZMM
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.