Jump to content
SpaceInvaderOne

*VIDEO GUIDE* A comprehensive guide to pfSense both unRAID VM and physical

44 posts in this topic Last Reply

Recommended Posts

Posted (edited)

I am starting a series of videos on pfSense. Both physical and VM instances will be used. Topics such as using a failover physical pfSense to work with a VM pfSense. Setting up OpenVPN (both an OpenVPN server and OpenVPN multiple clients). Using VLANs. Blocking ads. Setting up squid and squid guard and other topics. T

 

This part is an introduction part gives an overview of the series of videos and talks about pfSense and its advantages.

 

 

 

Second part of is on hardware and network equipment

 

 

Part 3 install and basic config

 

 

 

Part 4 customize backup and aupdate

 

 

 

 

Part 5   DHCP, Interfaces and WIFI

 

 

Part 6  Pfsense and DNS

 

 

Part 7 - Firewall rules, Portforwarding/NAT, Aliases and UPnp

 

 

Part 8  Open NAT for XBOX ONE and PS4

 

 

Edited by gridrunner
  • Like 4
  • Upvote 3

Share this post


Link to post

This is great! I've always wondered if something like this existed, i kept thinking about setting up old Cisco routers to get better performance. but this makes more sense. 

 

Share this post


Link to post
Posted (edited)

@gridrunner

I noticed in your video you mentioned something about sending a WOL packet to your backup pfSense box to initiate a startup when your VM switches off. Do you mind sharing how you implemented this solution?

 

Don't you have to shutdown your backup pfSense in such a way that keeps the NIC powered so that you can send a WOL packet when you need to wake it up?

 

I also have some other questions and posted it in the general support

 

Thanks.

Edited by joelones

Share this post


Link to post
Posted (edited)

Hi @joelones Just set in the bios of the pfsense to enable wake on lan. When the machine is off it will still power the lan port for wake on lan.

I use @Squid excellent user script plugin to send a wol ping using etherwake command

This script runs on array stop

 

etherwake 00:01:3e:4e:5a:b8

 

I also use another script for when the array starts

This uses ssh to login to the pfsense machine and shut it down this way only one pfsense is running at a time

ie 

ssh admin@10.10.20.1 /etc/rc.halt

You will need to generate some ssh key pairs on unRAID and copy the public key to the admin user in pfsense.

 

All of this will be covered in my pfsense videos

Edited by gridrunner

Share this post


Link to post
Posted (edited)
1 hour ago, gridrunner said:

Hi @joelones Just set in the bios of the pfsense to enable wake on lan. When the machine is off it will still power the lan port for wake on lan.

I use @Squid excellent user script plugin to send a wol ping using etherwake command

This script runs on array stop

 


etherwake 00:01:3e:4e:5a:b8

 

I also use another script for when the array starts

This uses ssh to login to the pfsense machine and shut it down this way only one pfsense is running at a time

ie 


ssh admin@10.10.20.1 /etc/rc.halt

You will need to generate some ssh key pairs on unRAID and copy the public key to the admin user in pfsense.

 

All of this will be covered in my pfsense videos

 

@gridrunner

Thanks for the info.

Edited by joelones

Share this post


Link to post

Editing right now. Should be up tomorrow :) 

Work has been really busy and getting in the way !!! Always the way for me at work, a job I think will be a couple of hours turns into all day O.o

  • Like 2

Share this post


Link to post

@gridrunner

 

If there was any way of showing how you would setup pfSense with VPN functionality (PIA for example) but excludes the Plex Media Server so that sits outside the VPN network to allow remote connections... then sire I will have your babies

Share this post


Link to post
7 hours ago, gridrunner said:

second part now up

awesome job!!

Share this post


Link to post

Thanks for the awesome videos, also appreciated are the buying tips, found a quad intel nic on ebay for $20 (best offer)

 

Share this post


Link to post

Hey Grid.  First of all thanks for all the videos.  I watched the first pfsense sense video but ventured out on my own before the 2nd was released.  I'll check it out now.

 

This weekend past I had my first taste of pfsense and VLANs (in general I'm good with unRAID, unifi and VMs).

 

After about 3 days of effort between premise wiring, pfsenseVM configuration, netgear switch, unraid VLANs and unifi controller (in a docker no less) things are going well.

 

My setup is as follows:

 

PFSense has the two physical NICs passed each with 1 port.

1. WAN from cable modem.

2. Original SSID and my existing items still on 192.168.147.1/24 LAN.

 

Other interfaces are:

3. VLAN10 is at 10.10.10.1/24.  It has its own SSID as well as a guest SSID with a captive portal through the unifi controller.

4. Virtual interface is one of the virtual bridges in unRAID but as of now IS NOT USED in PFSense.

 

Now that things work and are settled down the remaining question for anybody is one of efficiency/optimization.

The physical LAN connection to PFSense has my main LAN untagged and VLAN10 tagged.

The physical LAN connection to unRAID has my main LAN untagged and VLAN10 tagged.

 

You see where this is going...  I can save a switch port, gain a PCI x1 slot back and maybe gain some speed if I eliminate the physical LAN NIC and pass through the VM unraid br0 (or maybe BOTH unraid br0 and br0.10) to pfsense.  I would think the virtual 10gig network is hella fast.  

 

Am I asking for trouble here?  Again, this is my first experience with VLans and my first experience with pfSense so I'm not sure if I should just leave well enough alone.  What do ya'll think?

 

Thanks,

 

--dimes

Share this post


Link to post
On 4/28/2018 at 1:57 AM, dimes007 said:

Hey Grid.  First of all thanks for all the videos.  I watched the first pfsense sense video but ventured out on my own before the 2nd was released.  I'll check it out now.

 

This weekend past I had my first taste of pfsense and VLANs (in general I'm good with unRAID, unifi and VMs).

 

After about 3 days of effort between premise wiring, pfsenseVM configuration, netgear switch, unraid VLANs and unifi controller (in a docker no less) things are going well.

 

My setup is as follows:

 

PFSense has the two physical NICs passed each with 1 port.

1. WAN from cable modem.

2. Original SSID and my existing items still on 192.168.147.1/24 LAN.

 

Other interfaces are:

3. VLAN10 is at 10.10.10.1/24.  It has its own SSID as well as a guest SSID with a captive portal through the unifi controller.

4. Virtual interface is one of the virtual bridges in unRAID but as of now IS NOT USED in PFSense.

 

Now that things work and are settled down the remaining question for anybody is one of efficiency/optimization.

The physical LAN connection to PFSense has my main LAN untagged and VLAN10 tagged.

The physical LAN connection to unRAID has my main LAN untagged and VLAN10 tagged.

 

You see where this is going...  I can save a switch port, gain a PCI x1 slot back and maybe gain some speed if I eliminate the physical LAN NIC and pass through the VM unraid br0 (or maybe BOTH unraid br0 and br0.10) to pfsense.  I would think the virtual 10gig network is hella fast.  

 

Am I asking for trouble here?  Again, this is my first experience with VLans and my first experience with pfSense so I'm not sure if I should just leave well enough alone.  What do ya'll think?

 

Thanks,

 

--dimes

 

I would probably replace the 2 nics to one dual or quad port card.

You could use a virtual nic. I have found sometimes problems using the virtio nic and have used an emulated e1000. Seems with virtio pfsense doesnt always see the card on boot when it is on some buses. However manually assigning to a different bus it is detected.

Also when using a virtual nic be sure to disable checksum hardware offload in the pfsense settings.

 

Share this post


Link to post
On 4/27/2018 at 2:30 PM, soana said:

Thanks for the awesome videos, also appreciated are the buying tips, found a quad intel nic on ebay for $20 (best offer)

 

Great glad you got a good deal :)

Share this post


Link to post

I'm too impatient to wait for the video on the failover automation so I'm going for it blind, lol. I've so far successfully got a PfSense VM and Physical box working that I can swap between manually. Now for the automation...

 

Wish me luck ;)

Share this post


Link to post

mmm, Not sure my Jetway JBC313 supports WOL :(

Share this post


Link to post

Just spent the last few hours rattling my brain after watching part 3. My board (MSI P55-GD65) has 2 network ports so I was thinking I could use one for the connection to the internet and the other to my internal network but I just cannot get it to work. If you could suggest where I'm going wrong that would be mighty helpful. Awesome videos by the way. You're videos are the reason I'm using unraid at all. ?

Share this post


Link to post

I've been using pfsense in a VM for about a year now, so I've been eagerly awaiting your videos as I think I've cobbled together a good setup, but it's nice to have a more knowledgeable source run through it.  I've been sharing useful stuff I've found here 

I have a few questions about your VM setup in part 3:

 

  1. Why did you go with OVMF?  I used seabios as I thought this was correct.  Are there any benefits to me switching to OVMF?  (easy to do as I'll just restore my config in a new VM)
  2. Ditto with qcow2?  I thought RAW was better for performance
  3. you mention switching from SATA to virtio - will this significantly impact performance

Thanks

 

Share this post


Link to post

Not sure if anyone else if facing this problem, but for me OVMF only works in conjunction with Q35-2.6

 

The boots stops halfway when using Q35-2.11

 

 

** never mind, forgot to change to sata instead of virtio

Share this post


Link to post

Thanks for the great videos - no problem with setting up stand alone PC (seems to work a lot better with Fast boot enabled though) but can not get VM to work:

  • With OVMF the VNC hangs on start up and install does not progress.
  • With SeaBIOS the install progresses to the copyright screen but then asks for a terminal type - this loops no matter what type of terminal I select

I've used different configurations of Machine with each BIOS but still the same.

 

Any ideas?

 

Thanks

Share this post


Link to post
Posted (edited)
On 5/1/2018 at 6:37 PM, gridrunner said:

 

I would probably replace the 2 nics to one dual or quad port card.

You could use a virtual nic. I have found sometimes problems using the virtio nic and have used an emulated e1000. Seems with virtio pfsense doesnt always see the card on boot when it is on some buses. However manually assigning to a different bus it is detected.

Also when using a virtual nic be sure to disable checksum hardware offload in the pfsense settings.

 

 

Thanks for the advise.  I unplugged the physical LAN NIC and went for it.

 

So the LAN nic in pfsense is now vtnet0 (br0) passed from unRAID.  as of now still using virtio but pfsense hasn't had any trouble seeing it on boots.

WAN nic is still the physical x1 intel nic passed through.

 

DHCP is working on LAN through virtio. 

 

To be clear I'm passing unraid br0 through to pfsense.   I'm not passing br0.XX for tagged packets because I don't really want separate virtual nics in pfsense.   my vlans are already defined in pfsense.   I want all br0 traffic, even tagged packets to get to pfsense on the same virtio interface but maybe what I'm trying to do isn't possible with unraid implementation of vlans and I need to pass each vlan as a different nic to pfsense.  

Edited by dimes007
udpate.

Share this post


Link to post

A few new pfsense videos added at top of post.  Part four, five and six.

  • Upvote 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now