*VIDEO GUIDE* A comprehensive guide to pfSense both unRAID VM and physical


SpaceInvaderOne

Recommended Posts

I am starting a series of videos on pfSense. Both physical and VM instances will be used. Topics such as using a failover physical pfSense to work with a VM pfSense. Setting up OpenVPN (both an OpenVPN server and OpenVPN multiple clients). Using VLANs. Blocking ads. Setting up squid and squid guard and other topics. T

 

This part is an introduction part gives an overview of the series of videos and talks about pfSense and its advantages.

 

 

 

Second part of is on hardware and network equipment

 

 

Part 3 install and basic config

 

 

 

Part 4 customize backup and aupdate

 

 

 

 

Part 5   DHCP, Interfaces and WIFI

 

 

Part 6  Pfsense and DNS

 

 

Part 7 - Firewall rules, Portforwarding/NAT, Aliases and UPnp

 

 

Part 8  Open NAT for XBOX ONE and PS4

 

 

Edited by gridrunner
  • Like 6
  • Thanks 1
  • Upvote 4
Link to comment

@gridrunner

I noticed in your video you mentioned something about sending a WOL packet to your backup pfSense box to initiate a startup when your VM switches off. Do you mind sharing how you implemented this solution?

 

Don't you have to shutdown your backup pfSense in such a way that keeps the NIC powered so that you can send a WOL packet when you need to wake it up?

 

I also have some other questions and posted it in the general support

 

Thanks.

Edited by joelones
Link to comment

Hi @joelones Just set in the bios of the pfsense to enable wake on lan. When the machine is off it will still power the lan port for wake on lan.

I use @Squid excellent user script plugin to send a wol ping using etherwake command

This script runs on array stop

 

etherwake 00:01:3e:4e:5a:b8

 

I also use another script for when the array starts

This uses ssh to login to the pfsense machine and shut it down this way only one pfsense is running at a time

ie 

ssh [email protected] /etc/rc.halt

You will need to generate some ssh key pairs on unRAID and copy the public key to the admin user in pfsense.

 

All of this will be covered in my pfsense videos

Edited by gridrunner
Link to comment
1 hour ago, gridrunner said:

Hi @joelones Just set in the bios of the pfsense to enable wake on lan. When the machine is off it will still power the lan port for wake on lan.

I use @Squid excellent user script plugin to send a wol ping using etherwake command

This script runs on array stop

 


etherwake 00:01:3e:4e:5a:b8

 

I also use another script for when the array starts

This uses ssh to login to the pfsense machine and shut it down this way only one pfsense is running at a time

ie 


ssh [email protected] /etc/rc.halt

You will need to generate some ssh key pairs on unRAID and copy the public key to the admin user in pfsense.

 

All of this will be covered in my pfsense videos

 

@gridrunner

Thanks for the info.

Edited by joelones
Link to comment

Hey Grid.  First of all thanks for all the videos.  I watched the first pfsense sense video but ventured out on my own before the 2nd was released.  I'll check it out now.

 

This weekend past I had my first taste of pfsense and VLANs (in general I'm good with unRAID, unifi and VMs).

 

After about 3 days of effort between premise wiring, pfsenseVM configuration, netgear switch, unraid VLANs and unifi controller (in a docker no less) things are going well.

 

My setup is as follows:

 

PFSense has the two physical NICs passed each with 1 port.

1. WAN from cable modem.

2. Original SSID and my existing items still on 192.168.147.1/24 LAN.

 

Other interfaces are:

3. VLAN10 is at 10.10.10.1/24.  It has its own SSID as well as a guest SSID with a captive portal through the unifi controller.

4. Virtual interface is one of the virtual bridges in unRAID but as of now IS NOT USED in PFSense.

 

Now that things work and are settled down the remaining question for anybody is one of efficiency/optimization.

The physical LAN connection to PFSense has my main LAN untagged and VLAN10 tagged.

The physical LAN connection to unRAID has my main LAN untagged and VLAN10 tagged.

 

You see where this is going...  I can save a switch port, gain a PCI x1 slot back and maybe gain some speed if I eliminate the physical LAN NIC and pass through the VM unraid br0 (or maybe BOTH unraid br0 and br0.10) to pfsense.  I would think the virtual 10gig network is hella fast.  

 

Am I asking for trouble here?  Again, this is my first experience with VLans and my first experience with pfSense so I'm not sure if I should just leave well enough alone.  What do ya'll think?

 

Thanks,

 

--dimes

Link to comment
On 4/28/2018 at 1:57 AM, dimes007 said:

Hey Grid.  First of all thanks for all the videos.  I watched the first pfsense sense video but ventured out on my own before the 2nd was released.  I'll check it out now.

 

This weekend past I had my first taste of pfsense and VLANs (in general I'm good with unRAID, unifi and VMs).

 

After about 3 days of effort between premise wiring, pfsenseVM configuration, netgear switch, unraid VLANs and unifi controller (in a docker no less) things are going well.

 

My setup is as follows:

 

PFSense has the two physical NICs passed each with 1 port.

1. WAN from cable modem.

2. Original SSID and my existing items still on 192.168.147.1/24 LAN.

 

Other interfaces are:

3. VLAN10 is at 10.10.10.1/24.  It has its own SSID as well as a guest SSID with a captive portal through the unifi controller.

4. Virtual interface is one of the virtual bridges in unRAID but as of now IS NOT USED in PFSense.

 

Now that things work and are settled down the remaining question for anybody is one of efficiency/optimization.

The physical LAN connection to PFSense has my main LAN untagged and VLAN10 tagged.

The physical LAN connection to unRAID has my main LAN untagged and VLAN10 tagged.

 

You see where this is going...  I can save a switch port, gain a PCI x1 slot back and maybe gain some speed if I eliminate the physical LAN NIC and pass through the VM unraid br0 (or maybe BOTH unraid br0 and br0.10) to pfsense.  I would think the virtual 10gig network is hella fast.  

 

Am I asking for trouble here?  Again, this is my first experience with VLans and my first experience with pfSense so I'm not sure if I should just leave well enough alone.  What do ya'll think?

 

Thanks,

 

--dimes

 

I would probably replace the 2 nics to one dual or quad port card.

You could use a virtual nic. I have found sometimes problems using the virtio nic and have used an emulated e1000. Seems with virtio pfsense doesnt always see the card on boot when it is on some buses. However manually assigning to a different bus it is detected.

Also when using a virtual nic be sure to disable checksum hardware offload in the pfsense settings.

 

Link to comment

Just spent the last few hours rattling my brain after watching part 3. My board (MSI P55-GD65) has 2 network ports so I was thinking I could use one for the connection to the internet and the other to my internal network but I just cannot get it to work. If you could suggest where I'm going wrong that would be mighty helpful. Awesome videos by the way. You're videos are the reason I'm using unraid at all. ?

Link to comment

I've been using pfsense in a VM for about a year now, so I've been eagerly awaiting your videos as I think I've cobbled together a good setup, but it's nice to have a more knowledgeable source run through it.  I've been sharing useful stuff I've found here 

I have a few questions about your VM setup in part 3:

 

  1. Why did you go with OVMF?  I used seabios as I thought this was correct.  Are there any benefits to me switching to OVMF?  (easy to do as I'll just restore my config in a new VM)
  2. Ditto with qcow2?  I thought RAW was better for performance
  3. you mention switching from SATA to virtio - will this significantly impact performance

Thanks

 

Link to comment

Thanks for the great videos - no problem with setting up stand alone PC (seems to work a lot better with Fast boot enabled though) but can not get VM to work:

  • With OVMF the VNC hangs on start up and install does not progress.
  • With SeaBIOS the install progresses to the copyright screen but then asks for a terminal type - this loops no matter what type of terminal I select

I've used different configurations of Machine with each BIOS but still the same.

 

Any ideas?

 

Thanks

Link to comment
On 5/1/2018 at 6:37 PM, gridrunner said:

 

I would probably replace the 2 nics to one dual or quad port card.

You could use a virtual nic. I have found sometimes problems using the virtio nic and have used an emulated e1000. Seems with virtio pfsense doesnt always see the card on boot when it is on some buses. However manually assigning to a different bus it is detected.

Also when using a virtual nic be sure to disable checksum hardware offload in the pfsense settings.

 

 

Thanks for the advise.  I unplugged the physical LAN NIC and went for it.

 

So the LAN nic in pfsense is now vtnet0 (br0) passed from unRAID.  as of now still using virtio but pfsense hasn't had any trouble seeing it on boots.

WAN nic is still the physical x1 intel nic passed through.

 

DHCP is working on LAN through virtio. 

 

To be clear I'm passing unraid br0 through to pfsense.   I'm not passing br0.XX for tagged packets because I don't really want separate virtual nics in pfsense.   my vlans are already defined in pfsense.   I want all br0 traffic, even tagged packets to get to pfsense on the same virtio interface but maybe what I'm trying to do isn't possible with unraid implementation of vlans and I need to pass each vlan as a different nic to pfsense.  

Edited by dimes007
udpate.
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.