SpaceInvaderOne Posted April 21, 2018 Share Posted April 21, 2018 (edited) I am starting a series of videos on pfSense. Both physical and VM instances will be used. Topics such as using a failover physical pfSense to work with a VM pfSense. Setting up OpenVPN (both an OpenVPN server and OpenVPN multiple clients). Using VLANs. Blocking ads. Setting up squid and squid guard and other topics. T This part is an introduction part gives an overview of the series of videos and talks about pfSense and its advantages. Second part of is on hardware and network equipment Part 3 install and basic config Part 4 customize backup and aupdate Part 5 DHCP, Interfaces and WIFI Part 6 Pfsense and DNS Part 7 - Firewall rules, Portforwarding/NAT, Aliases and UPnp Part 8 Open NAT for XBOX ONE and PS4 Edited July 23, 2018 by gridrunner 6 1 4 Quote Link to comment
Brettv Posted April 21, 2018 Share Posted April 21, 2018 This is great! I've always wondered if something like this existed, i kept thinking about setting up old Cisco routers to get better performance. but this makes more sense. Quote Link to comment
joelones Posted April 22, 2018 Share Posted April 22, 2018 (edited) @gridrunner I noticed in your video you mentioned something about sending a WOL packet to your backup pfSense box to initiate a startup when your VM switches off. Do you mind sharing how you implemented this solution? Don't you have to shutdown your backup pfSense in such a way that keeps the NIC powered so that you can send a WOL packet when you need to wake it up? I also have some other questions and posted it in the general support Thanks. Edited April 24, 2018 by joelones Quote Link to comment
SpaceInvaderOne Posted April 24, 2018 Author Share Posted April 24, 2018 (edited) Hi @joelones Just set in the bios of the pfsense to enable wake on lan. When the machine is off it will still power the lan port for wake on lan. I use @Squid excellent user script plugin to send a wol ping using etherwake command This script runs on array stop etherwake 00:01:3e:4e:5a:b8 I also use another script for when the array starts This uses ssh to login to the pfsense machine and shut it down this way only one pfsense is running at a time ie ssh [email protected] /etc/rc.halt You will need to generate some ssh key pairs on unRAID and copy the public key to the admin user in pfsense. All of this will be covered in my pfsense videos Edited April 24, 2018 by gridrunner Quote Link to comment
joelones Posted April 24, 2018 Share Posted April 24, 2018 (edited) 1 hour ago, gridrunner said: Hi @joelones Just set in the bios of the pfsense to enable wake on lan. When the machine is off it will still power the lan port for wake on lan. I use @Squid excellent user script plugin to send a wol ping using etherwake command This script runs on array stop etherwake 00:01:3e:4e:5a:b8 I also use another script for when the array starts This uses ssh to login to the pfsense machine and shut it down this way only one pfsense is running at a time ie ssh [email protected] /etc/rc.halt You will need to generate some ssh key pairs on unRAID and copy the public key to the admin user in pfsense. All of this will be covered in my pfsense videos @gridrunner Thanks for the info. Edited April 24, 2018 by joelones Quote Link to comment
ijuarez Posted April 24, 2018 Share Posted April 24, 2018 ready for the next video Quote Link to comment
SpaceInvaderOne Posted April 24, 2018 Author Share Posted April 24, 2018 Editing right now. Should be up tomorrow Work has been really busy and getting in the way !!! Always the way for me at work, a job I think will be a couple of hours turns into all day 2 Quote Link to comment
Zangief Posted April 25, 2018 Share Posted April 25, 2018 @gridrunner If there was any way of showing how you would setup pfSense with VPN functionality (PIA for example) but excludes the Plex Media Server so that sits outside the VPN network to allow remote connections... then sire I will have your babies Quote Link to comment
CHBMB Posted April 25, 2018 Share Posted April 25, 2018 @Zangief Have my babies 3 Quote Link to comment
ijuarez Posted April 25, 2018 Share Posted April 25, 2018 This not a dating website 1 Quote Link to comment
SpaceInvaderOne Posted April 26, 2018 Author Share Posted April 26, 2018 second part now up Quote Link to comment
ijuarez Posted April 27, 2018 Share Posted April 27, 2018 7 hours ago, gridrunner said: second part now up awesome job!! Quote Link to comment
soana Posted April 27, 2018 Share Posted April 27, 2018 Thanks for the awesome videos, also appreciated are the buying tips, found a quad intel nic on ebay for $20 (best offer) 1 Quote Link to comment
dimes007 Posted April 28, 2018 Share Posted April 28, 2018 Hey Grid. First of all thanks for all the videos. I watched the first pfsense sense video but ventured out on my own before the 2nd was released. I'll check it out now. This weekend past I had my first taste of pfsense and VLANs (in general I'm good with unRAID, unifi and VMs). After about 3 days of effort between premise wiring, pfsenseVM configuration, netgear switch, unraid VLANs and unifi controller (in a docker no less) things are going well. My setup is as follows: PFSense has the two physical NICs passed each with 1 port. 1. WAN from cable modem. 2. Original SSID and my existing items still on 192.168.147.1/24 LAN. Other interfaces are: 3. VLAN10 is at 10.10.10.1/24. It has its own SSID as well as a guest SSID with a captive portal through the unifi controller. 4. Virtual interface is one of the virtual bridges in unRAID but as of now IS NOT USED in PFSense. Now that things work and are settled down the remaining question for anybody is one of efficiency/optimization. The physical LAN connection to PFSense has my main LAN untagged and VLAN10 tagged. The physical LAN connection to unRAID has my main LAN untagged and VLAN10 tagged. You see where this is going... I can save a switch port, gain a PCI x1 slot back and maybe gain some speed if I eliminate the physical LAN NIC and pass through the VM unraid br0 (or maybe BOTH unraid br0 and br0.10) to pfsense. I would think the virtual 10gig network is hella fast. Am I asking for trouble here? Again, this is my first experience with VLans and my first experience with pfSense so I'm not sure if I should just leave well enough alone. What do ya'll think? Thanks, --dimes Quote Link to comment
SpaceInvaderOne Posted May 1, 2018 Author Share Posted May 1, 2018 On 4/28/2018 at 1:57 AM, dimes007 said: Hey Grid. First of all thanks for all the videos. I watched the first pfsense sense video but ventured out on my own before the 2nd was released. I'll check it out now. This weekend past I had my first taste of pfsense and VLANs (in general I'm good with unRAID, unifi and VMs). After about 3 days of effort between premise wiring, pfsenseVM configuration, netgear switch, unraid VLANs and unifi controller (in a docker no less) things are going well. My setup is as follows: PFSense has the two physical NICs passed each with 1 port. 1. WAN from cable modem. 2. Original SSID and my existing items still on 192.168.147.1/24 LAN. Other interfaces are: 3. VLAN10 is at 10.10.10.1/24. It has its own SSID as well as a guest SSID with a captive portal through the unifi controller. 4. Virtual interface is one of the virtual bridges in unRAID but as of now IS NOT USED in PFSense. Now that things work and are settled down the remaining question for anybody is one of efficiency/optimization. The physical LAN connection to PFSense has my main LAN untagged and VLAN10 tagged. The physical LAN connection to unRAID has my main LAN untagged and VLAN10 tagged. You see where this is going... I can save a switch port, gain a PCI x1 slot back and maybe gain some speed if I eliminate the physical LAN NIC and pass through the VM unraid br0 (or maybe BOTH unraid br0 and br0.10) to pfsense. I would think the virtual 10gig network is hella fast. Am I asking for trouble here? Again, this is my first experience with VLans and my first experience with pfSense so I'm not sure if I should just leave well enough alone. What do ya'll think? Thanks, --dimes I would probably replace the 2 nics to one dual or quad port card. You could use a virtual nic. I have found sometimes problems using the virtio nic and have used an emulated e1000. Seems with virtio pfsense doesnt always see the card on boot when it is on some buses. However manually assigning to a different bus it is detected. Also when using a virtual nic be sure to disable checksum hardware offload in the pfsense settings. Quote Link to comment
SpaceInvaderOne Posted May 1, 2018 Author Share Posted May 1, 2018 Part 3 is up now Quote Link to comment
SpaceInvaderOne Posted May 1, 2018 Author Share Posted May 1, 2018 On 4/27/2018 at 2:30 PM, soana said: Thanks for the awesome videos, also appreciated are the buying tips, found a quad intel nic on ebay for $20 (best offer) Great glad you got a good deal Quote Link to comment
NeoDude Posted May 2, 2018 Share Posted May 2, 2018 I'm too impatient to wait for the video on the failover automation so I'm going for it blind, lol. I've so far successfully got a PfSense VM and Physical box working that I can swap between manually. Now for the automation... Wish me luck Quote Link to comment
NeoDude Posted May 2, 2018 Share Posted May 2, 2018 mmm, Not sure my Jetway JBC313 supports WOL Quote Link to comment
Tal Posted May 2, 2018 Share Posted May 2, 2018 Just spent the last few hours rattling my brain after watching part 3. My board (MSI P55-GD65) has 2 network ports so I was thinking I could use one for the connection to the internet and the other to my internal network but I just cannot get it to work. If you could suggest where I'm going wrong that would be mighty helpful. Awesome videos by the way. You're videos are the reason I'm using unraid at all. ? Quote Link to comment
DZMM Posted May 3, 2018 Share Posted May 3, 2018 I've been using pfsense in a VM for about a year now, so I've been eagerly awaiting your videos as I think I've cobbled together a good setup, but it's nice to have a more knowledgeable source run through it. I've been sharing useful stuff I've found here I have a few questions about your VM setup in part 3: Why did you go with OVMF? I used seabios as I thought this was correct. Are there any benefits to me switching to OVMF? (easy to do as I'll just restore my config in a new VM) Ditto with qcow2? I thought RAW was better for performance you mention switching from SATA to virtio - will this significantly impact performance Thanks Quote Link to comment
bmdegraaf Posted May 3, 2018 Share Posted May 3, 2018 Not sure if anyone else if facing this problem, but for me OVMF only works in conjunction with Q35-2.6 The boots stops halfway when using Q35-2.11 ** never mind, forgot to change to sata instead of virtio Quote Link to comment
Saintdelbear Posted May 6, 2018 Share Posted May 6, 2018 Thanks for the great videos - no problem with setting up stand alone PC (seems to work a lot better with Fast boot enabled though) but can not get VM to work: With OVMF the VNC hangs on start up and install does not progress. With SeaBIOS the install progresses to the copyright screen but then asks for a terminal type - this loops no matter what type of terminal I select I've used different configurations of Machine with each BIOS but still the same. Any ideas? Thanks Quote Link to comment
dimes007 Posted May 13, 2018 Share Posted May 13, 2018 (edited) On 5/1/2018 at 6:37 PM, gridrunner said: I would probably replace the 2 nics to one dual or quad port card. You could use a virtual nic. I have found sometimes problems using the virtio nic and have used an emulated e1000. Seems with virtio pfsense doesnt always see the card on boot when it is on some buses. However manually assigning to a different bus it is detected. Also when using a virtual nic be sure to disable checksum hardware offload in the pfsense settings. Thanks for the advise. I unplugged the physical LAN NIC and went for it. So the LAN nic in pfsense is now vtnet0 (br0) passed from unRAID. as of now still using virtio but pfsense hasn't had any trouble seeing it on boots. WAN nic is still the physical x1 intel nic passed through. DHCP is working on LAN through virtio. To be clear I'm passing unraid br0 through to pfsense. I'm not passing br0.XX for tagged packets because I don't really want separate virtual nics in pfsense. my vlans are already defined in pfsense. I want all br0 traffic, even tagged packets to get to pfsense on the same virtio interface but maybe what I'm trying to do isn't possible with unraid implementation of vlans and I need to pass each vlan as a different nic to pfsense. Edited May 13, 2018 by dimes007 udpate. Quote Link to comment
SpaceInvaderOne Posted June 8, 2018 Author Share Posted June 8, 2018 A few new pfsense videos added at top of post. Part four, five and six. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.