Install and config pfSense for one-node infrastructure and access it from anywhere with DDNS on Cloudflare
Having a single, beefy server can be a problem sometimes. We needed a fleet of virtual servers for various applications and tests and the posibility to access each server separatly from anywhere. In order to do this we need a router for all of them, but because this is a home setup and we only have a single physical machine for thit, the only viable solution is to have a virtual router and that will be pfSense
We came up with a solution that uses various technologies from the virtualization world. A few
key points must be met:
- Capable hypervisor
- pfSense in VM
Our machine is a Dell PowerEdge R420 with the following relevant specifications:
- 2x Intel Xeon E5-2420 1.9 Ghz, 8 cores
- 8x 16GB ECC RAM
- 2x 500GB SSD
- 2x Gigabit NICs
There are various hypervisors capable of doing what we needed, like Proxmox, ovirt, KVM, Hyper-V, ESXi etc. We opted for KVM on Ubuntu because it’s stable and it’s free.
Our ISP requires PPPoE authentication, and at each reconnect, our public IP changes. We needed a router for the VMs and for the office, but we first need to take care of the network virtualization part. We created networks, called VM Network and WAN.
- VM Network – this is the equivalent of LAN. All VMs will be connected to this network.
- WAN – our ISP
Prerequisites before installing pfSense
In order to have good performance with the virtual router the VM should have enough resources. We chose next specs
- 4 CPUs
- 8 GB RAM
- 10 GB storage
First make sure you have root access
sudo su -
Now go to pfsense website and download the image from there. Select the Architecture: AMD64(64-bit) and Installer: CD image (ISO) Installer
or simply download it with next command
Unzip the archive you just download either way
Install KVM and bridge-utils to set up the VMs and network
apt install -y qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils virt-manager
Set up the network creating the bridges. Like we said earlier we need 2 networks so we have to create 2 network bridges on the server. In the bridge virbr0 we will add the interface connected to the ISP line and the other bridge, virbr1 will be used for future VM’s created in our one-node infrastructure.
brctl addbr virbr0 && brctl addbr virbr1
Add the inteface conected to ISP line to virbr0. In our case the interface name was eno1
brctl addif eno1 virbr0
To have your things a little in order let’s create a folder for your VM disk’s called vmdisks
If you are not directly at the console of the server but connected through ssh connection make sure you use -X argument when connecting so you can directly see VM console. If this does not work for you then you will have to connect with a VNC viewer to VM’s console
ssh -X user@host
Create the VM named pfsense with next comand
sudo virt-install --name pfsense --ram 8048 --disk path=./vmdisks/pfsense.qcow2,size=10 --vcpus 4 --os-type linux --os-variant generic --network bridge=virbr0 --network bridge=virbr1 --graphics vnc --console pty,target_type=serial --cdrom 'pfSense-CE-2.4.5-RELEASE-amd64.iso'
The VM it’s created and a welcome screen should appear. You can hit Enter
Accept the End User License Agreement.
Select keyboard layout
Select the Auto(UFS) option
Select the No
Press Enter to reboot the VM
After rebooting, it will ask to configure VLANs. If your env does not have any vlans insert no, if it has, insert yes
The system will list all available network interfaces. Chose the parent interface name of the vlan
Enter the vlan tag
Next the system will ask you to choose 1 interface as the external interface [WAN] and 1 for [LAN]. In our example we have em0 for WAN and em1 for LAN
pfSense Dashboard Login
Log in using the following URL https://10.10.1.1 and default credentials
- Username: admin
- Password: pfsense
pfSense Setup Wizard
On step 1 simply click Next. On second step set a hostname and a domain if you have one and the Primary and Secondary DNS Server 220.127.116.11 or 18.104.22.168 and 22.214.171.124
Step 3 perform the Timezone and NTP server configuration.
Step 4 select the configuration of the WAN interface. If there is a router conected to your ISP, leave on DHCP if not select the option that meets your needs.
Step 5 configure the LAN interface
Step 6 set up the admin password
On step 7 check and on 8 reload the pfSense configuration and you are done
Supposing you already have a domain and an account set up on Cloudflare log in and go to My Profile
Select API Tokens and click on View on Global API key
You should get something like this. Take care not to share the API key
Set up pfSense DDNS
Go to your pfSense dashboard and from the Service menu, select Dynamic DNS
Click on add and then on Service Type select Cloudflare and then insert your hostname and your domain name
Lower insert your username and on password you have to introduce the API key you just copied.