Tag Archives: pfsense

Setting up a VPN on pfSense 2.0

Since I recently upgraded my firewall to pfSense 2.0-RC3 I had a look today at setting up a VPN.
Those who have looked at getting VPN up with the OpenVPN system in 1.2.3 knows that it is a bit fiddly, with manually generating certificates and keys and then uploading them to the firewall and pairing this with users etcetera..

In 2.0 however it is a completely different story!
I actually used the guide just to test it out, and it gives some good default values. Setting up the CA and generating certificates blows by in a second. Set up the IP range for you VPN clients in cidr, specify the net they should get linked to and off you go.
I then set up a user, generated his key and exported the settings using the export vpn settings plugin.

After installing tunnelblick(OpenVPN GUI for OS X) on my mbp I imported the settings and certificates.
Then it was just a matter of connecting using the credentials given to the user created above.

All in all it took less then 5 minutes!
Big kudos to the pfSense team.


Booting PfSense from USB

Today I helped a friend with his PfSense firewall that had died due to hardware issues.
We put in my Intel USB SSD (it had gotten left over from my FreeNAS server) and was identic to the one he used previously.

Since we reinstalled we used the chance to try out AMD64 2.0-BETA5.
All was well through the installation but after reboot the system could not mount the disk.
We rebooted and opted for “Boot from USB” in the menu wich worked just fine.

excerpt from /boot/beastie.4th in PfSense 2.0BETA5
This led us to some digging, me in the loader and him on google.
We both came up with the solution at the exact same time..

Just set the sysctl option
in /etc/loader.conf to make the system wait a little longer when mounting from USB.

This solution probably works across all the FreeBSD derivatives.


domain dns redirect in pfsense

Say you have a domain connected to just one site or application and this site is hosted on a server on your internal net.
This server address is then nat’ed in you firewall from an external address to an internal host.

If this is the case you probably want to redirect the dns lookups for the host to stay within your internal net.
If it would have been in the form of host.domain.tld things would have been simpler.
Turns out it is not that complicated to redirect just example.tld either..
Just add your domain as the host and the tld as domain and you are good to go!


pfsense and internal ftp

If you are running an internal ftp server and your traffic passes your pfSense system, chances are it might not work. This was the case for me, and the documentation and forums did little to help. I just simply could not connect at all.

After some experimentation this is what I came up with.

Simply disable the ftp helper on all internal interfaces (on by default in at least 1.2.2-RELEASE and 1.2.3-RELEASE)

pfsene ftp helper
After that it runs smooth as butter!

Lucky i noticed something awry in the states table wich led me to the solution..
pfsense states table