Note:
- This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
- It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.
Install and Configure pfSense on Oracle Cloud Infrastructure
Introduction
Note: pfSense is not officially supported on Oracle Cloud Infrastructure by Netgate or Oracle. Contact the pfSense support team before trying this tutorial.
Oracle Cloud Infrastructure (OCI) is a set of complementary cloud services that enable you to build and run a wide range of applications and services in a highly available hosted environment. Oracle Cloud Infrastructure (OCI) offers high-performance compute capabilities (as physical hardware instances) and storage capacity in a flexible overlay virtual network that is securely accessible from your on-premises network.
pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.
Objective
Install and setup pfSense virtual appliance in Oracle Cloud Infrastructure (OCI).
Prerequisites
- Access to an Oracle Cloud tenancy
- A Virtual Cloud Network setup in your tenancy
- All the policy setups for Object Storage, Virtual Cloud Networks, Compute and Custom Images.
Task 1: Prepare the pfSense installation image
-
Download pfSense Serial USB Memstick version from the pfSense official repository.
-
Log in to the Oracle Cloud console, create an Oracle Cloud Object Storage Bucket and upload the pfSense image file you downloaded in the previous step.
-
Import the pfSense image from the Object Storage Bucket.
-
From the left navigation pane, click Compute, then click Custom Images, and then click Import image
-
Enter the image Name.
-
Select the Import from Object Storage Bucket option.
-
Select the Compartment, bucket and image object.
-
For Image Type, select the VMDK option.
Note: Leave the rest of the configuration as default.
-
Click Import image.
-
Wait for the import job to complete. The following screen is displayed once the image is imported.
Task 2: Install pfSense on a Compute Instance
-
Once the pfSense custom image is available, click Create instance.
-
Select the desired VM shape and the Virtual Cloud Network and subnet to associate the virtual machine with and click Create.
Note: We need a way to connect and configure the pfSense virtual appliance, Assign a public IP or setup a private network to be able to connect and configure the virtual appliance.
-
Once the instance is in running state, click Console connection and then click Launch Cloud Shell connection. This will initiate a connection through the cloud shell.
Note: The pfSense image is based on FreeBSD Operating system and to initiate a installation we need to setup serial console connection.
-
The pfSense installation screen will display. Follow the steps mentioned in the pfSense Official Documentation to proceed with the install.
-
When prompted, select manual partitioning and create a swap partition and a root “/” partition.
-
Confirm changes and proceed with the installation.
-
Once the installation process is complete you will be prompted to reboot.
-
Click Reboot and wait for pfSense to start and configure itself. It will come to a halt and prompt you to assign interfaces.
-
At this point pfSense prompts you to assign LAN interfaces, we are going to skip the LAN interfaces for now and setup the WAN interface which we need to be able to connect to the cloud console.
-
When asked enter the WAN interface name (in this tutorial, we are using its
vtnet0
) and continue with the setup. Once the setup is complete, the Welcome screen is displayed.
Task 3: Enable the pfSense WebGUI
To log in to the pfSense WebGUI, you must disable the referrer check.
-
On the pfSense Welcome screen, enter 8 to access the pfSense shell and run the following command:
pfSsh.php playback disablereferercheck
Task 4: Allow HTTPS traffic in your VCN security list
pfSense by default uses HTTPS to access the WebGUI. You must allow traffic to the 443 port in the subnet security list.
Note: In this tutorial, we are allowing public access, however if you have a private connectivity setup, you can allow only the source address you want the access from.
Task 5: Open the pfSense web console in the web browser
-
Open your browser and enter the public IP with https. The login screen is displayed.
-
Log in with the admin credentials.
Points to Note:
-
Create an installation image so you don’t have to do a fresh installation every time. On completion of step 7 in Task 2: Install pfSense on a Compute Instance, when you are prompted to reboot, go to the Oracle Cloud Console, navigate to the Instance details page and click Create custom image.
Now you can use this newly created image to create other instances where you do not need to install from scratch and you will start directly from step 8 onwards where you just have to configure the network interfaces.
-
If you try and add another interface with private ip later, you must add https access to the pfSense firewall.
Once you add another interface pfSense will automatically remove the WAN firewall https rule and you will lose access to the web console.
Related Links
Acknowledgments
Author - Mayank Kakani (OCI Cloud Architect)
More Learning Resources
Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.
For product documentation, visit Oracle Help Center.
Install and Configure pfSense on Oracle Cloud Infrastructure
F62218-01
August 2022
Copyright © 2022, Oracle and/or its affiliates.