DZMM Posted November 14, 2017 Share Posted November 14, 2017 (edited) I thought it'd be useful to create a thread with useful pfSense links as more and more users seem to be creating VMs or building standalone boxes. Please share any useful links or tips and I'll add them to this post. I returned to the pfSense fold last week and here are some great guides I used to setup my VM. nguvu.org Guides - great guides as the instructions are all interlinked pfSense baseline guide with VPN, Guest and VLAN support: great guide from nguvu.org which pretty much got everything running for me, allowing me to choose what traffic including dockers, goes through the VPN or not. It also provides an easy framework for selectively routing sites outside the VPN (hint: added IPs or FQDN like plex.tv to the SELECTIVE_ROUTING alias - simple). It's very similar to the official AirVPN pfSense setup guide, but this one covers more bases IMO pfSense multi VPN WAN: follow-up from nguvu.org that creates three simultaneous VPN connections to provide protection if one failsover - solved the problem I was having when my VPN went down pfSense remote access via OpenVPN: a bit more convuluted than using the OpenVPN-AS docker, but I prefer this as I feel more in control by building from scratch pfSense port forwarding for torrent client: how to correctly allow torrent clients to access the torrent network via AirVPN utilising pfSenses port forwarding capability. Unifi setup: how to correctly setup VLANs and some useful performance tweaks in there Other Guides: How to setup Snort How to block ads using pfblockerng: Excellent guide covering ads and malicious sites How To Run Pfsense with PIA VPN, but still use Plex Remote Access: the pfsense baseline guide above also has a solution for this Guide: How To Traffic Shape with PfSense: simple introduction to traffic shaping How to Cast Between VLANs: How to get the most out of Google Homes, Android TVs and Chromecasts Video Guides: Comprehensive Guide to pfSense 2.3: Over 10 hours of content, so covers a lot! How to create a secure shell connection Scripts: Update godaddy A records automatically I haven't posted guides for traffic shaping (I had a stab at writing one here, but I need to recheck it as I think there are errors in there) or setting up Squid cache as I'm still testing my setup works properly. Please share any other useful guides, including installation - a @gridrunner video would be perfect! Edited February 6, 2018 by DZMM added traffic shaping guide 1 Quote Link to comment
wgstarks Posted November 14, 2017 Share Posted November 14, 2017 Thanks for this. I’ve got a MacPro (my primary work station) which I’m researching running pfsense on in a Parallels VM. Want to see if I can set it up as a test bed without disrupting the Mac side of things. Was hoping to play around with pfsense before eventually getting dedicated hardware to run it. Quote Link to comment
SpaceInvaderOne Posted November 15, 2017 Share Posted November 15, 2017 (edited) 18 hours ago, DZMM said: Please share any other useful guides, including installation - a @gridrunner video would be perfect! @DZMM I am planning a series of video tutorials on setting up pfsense. Both for a real and VM instance. Actually, I have just bought a Zotac min pc with dual LAN ports off eBay for £60 and it arrived yesterday and is sitting on my desk to make a little Pfsense box! Also, I have been thinking of trying out something with Pfsense but I don't know how well it would work. I have recently added 10gbe to my unRAID servers. It is just peer to peer. I cant afford a 10gbe switch (even the cheaper quanta lb6m is around £300 second hand in the UK, also its huge and not girlfriend friendly in the house !!) I don't need many ports anyway. So I thought it would be fun to build my own 10gbe switch. I was thinking of putting 2 dual port 10gbe cards and 1 quad port gigabit ethernet card. Then bridging all of the gigabit LAN and 10gbe ports. I know the performance will not be as good as a dedicated switch (?) but hopefully good enough. I was thinking of using VyOS to do this ( https://vyos.io/ ) . But it would be kind of cool to build it in pfsense instead and have everything in one box but I am not sure what the performance would be like. Guess I will find out Edited November 15, 2017 by gridrunner Quote Link to comment
DZMM Posted November 15, 2017 Author Share Posted November 15, 2017 That's a sweet deal for £60 - it's why I think more people should try pfsense as Vs an ISP provided box that ISPs purchase for around £40-50 (BT's boxes have better specs) that have to function as a modem and wireless router as well, even low priced equipment like this will provide a much better router. The homebuilt switch sounds like an interesting project. I'm planning on upgrading my mobo soon to one which will have a dual nic which will give me a total of 4, so I'm going to move my VLANs onto the new NIC (currently 1x unRAID, 2x pfSense VM (WAN+LAN with VLANs over LAN). I rarely saturate my network at the moment, but I'll be getting gigabit internet next year (just waiting for when I can cancel my BT contract) so in preperation I've put my bandwidth hoggers (nzbget, deluge, plex etc) on VLANs so they'll be able to use that route to the WAN, leaving my LAN nic free for my home network. Quote Link to comment
wgstarks Posted November 15, 2017 Share Posted November 15, 2017 4 hours ago, gridrunner said: Both for a real and VM instance. That would be great. My attempts with Parallels haven’t had much success so far. Lose the webgui every time I save settings. Maybe I’m using the wrong network type? Quote Link to comment
wgstarks Posted November 15, 2017 Share Posted November 15, 2017 While waiting for @gridrunner‘s video I found these. They're a little outdated (version 2.3) and not directly related to unRAID of course, but still very informative so far. I’ve only had a chance to watch the first four. Quote Link to comment
DZMM Posted November 17, 2017 Author Share Posted November 17, 2017 I've added a link for the traffic shaping guide as I've reviewed the first post and it's actually correct (phew!) Once I got my head around how pfSense applies the traffic shaping rules, it became quite easy to do Quote pfSense runs through the following questions when it traffic shapes each packet: For the given queue, does it have a Real Time allocation and is this enough or does it need queuing? If Real Time allocation isn't enough, does the packet have enough Link Share to be sent or does it need queuing? If using Link Share, is there an Upper Limit set that needs to be obeyed, potentially overriding the Link Share? Quote Link to comment
DZMM Posted November 19, 2017 Author Share Posted November 19, 2017 On 11/15/2017 at 7:09 PM, wgstarks said: While waiting for @gridrunner‘s video I found these. They're a little outdated (version 2.3) and not directly related to unRAID of course, but still very informative so far. I’ve only had a chance to watch the first four. Thanks - added to the first post. I've also watched a few and they're a bit long, but there's tonnes of useful information in there. Quote Link to comment
CHBMB Posted November 19, 2017 Share Posted November 19, 2017 @gridrunner Before you get too stuck in with that Zotac box, might be worth checking this link out. pfsense 2.5 requires AES-NI to be supported by the CPU. Quote Link to comment
SpaceInvaderOne Posted November 19, 2017 Share Posted November 19, 2017 7 hours ago, CHBMB said: @gridrunner Before you get too stuck in with that Zotac box, might be worth checking this link out. pfsense 2.5 requires AES-NI to be supported by the CPU. Yeah, my Zotac only has a Celeron ULV 847 so no AES-NI so I won't be able to use 2.5. It is 64 bit though so I can use 2.4 until the 2.5 is released. After that, there's always the pfsense fork opnsense Quote Link to comment
DZMM Posted November 23, 2017 Author Share Posted November 23, 2017 This script was a lifesaver for me. My domain-name is with godaddy who don't support DDNS, so I was having to use services like duckdns and CNAMEs to be able to use my domain. However, this caused problems with some LE configs. This script updates godaddy's A record so you pfsense can ensure godaddy has your latest IP address. Use a tool like cron package to run the script frequently Quote Link to comment
DZMM Posted January 22, 2018 Author Share Posted January 22, 2018 (edited) With Amazon Prime, Netflix, BBC iPlayer etc blocking VPNs it was causing havoc in my VLAN setup e.g. having to keep moving chromecasts between VLANs depending on which device wanted to cast, as chromecasts only work on one subnet at a time. I've just found a fix to be able to cast (Android TVs, Google Homes, Chromecasts etc) between VLANs: - install Avahi package with default settings - allow Chromecast ports below (also removes the need to enable uPnP) Quote Which ports does Chromecast use when connecting to external services? HTTP: TCP/80 HTTPS: TCP/443 DNS: UDP/53 SNTP: UDP/123 Which ports are used by Chromecast to communicate with computer/phone/tablet in the same network? SSDP: UDP/1900/multicast mDNS: UDP/5353/multicast TCP/8008 TCP/8009 https://productforums.google.com/forum/#!msg/chromecast/G3E2ENn-YZI/s7Xoz6ICCwAJ Edited January 22, 2018 by DZMM Quote Link to comment
DZMM Posted February 6, 2018 Author Share Posted February 6, 2018 Added a better link for blocking ads and malicious sites with pfsense to the first post: https://forum.it-monkey.net/index.php?topic=22.0 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.