Author Topic: Edd Noman's Guide to pfSense 01 - How-To install and configure pfSense as a VM  (Read 5095 times)

Offline Edd Noman

  • Administrator
  • Newbie
  • *****
  • Posts: 33
  • Karma: +2/-0
    • View Profile
Edd Noman's Guide to pfSense 01 - How-To Install and Configure pfSense 2.3 inside a VM using VMware workstation

This is not an in-depth guide for Networking, pfSense, or VMware Workstation. It will provide you with a basic working setup covering the most important components you need to configure 
For you virtual environment and pfSense to run smoothly.

1. Preparations, what do you need to follow this guide

1. PC with local Internet connection
2. VMware Workstation - http://www.vmware.com/products/workstation/workstation-evaluation
3. pfSense ISO file - https://www.pfsense.org/download/ 
4. Windows or Linux installation ISO file
5. Good time, you should have about 2 - 3 hours free to do this if you are completely fresh in the area. Do you have network experience before you can do this in about 1 hour

1.a PC recommended specification:
CPU: i5 4-cores at 2.5 GHz and supports VD-T, VD-X
RAM: 8 GB ++
HDD: 120 GB

You can run on lower hardware but then it will be a slow and painful experience, also AMD equivalent is ok

1.b Internet connection: I recommend you have minimum connection of 10/5Mbps or you are going to wait forever on the files to download, if you are on a slow connection I recommend 
Downloading all the needed files before you start on this project.

2. Network preparation and layout

In this guide, your normal home router and network will act as the ISP and the WAN connection for the VM LAB network that we create in Workstation, so we need to create a layout and map 
Out how everything is going to be connected together otherwise it is easy to get lost and then end up whit a broken configuration, and you need to start over from scratch since you have 
No point of reference to start troubleshooting the issues.

My home network layout and configuration is pretty simple, and it is what I am going to use as an example in this guide:

Home Router: D-link DIR-855
WAN: DHCP IP X.X.X.X  <- This is given from your Service Provider, you have no control of this
LAN Network: 192.168.1.0
LAN Broadcast: 192.168.1.255
LAN Subnet: 255.255.255.0 = /24 in CIDR notation as used in pfSense
LAN IP: 192.168.1.1
LAN DHCP: 192.168.1.100 to 192.168.1.200

PC whit VMware workstation installed has the local IP of 192.168.1.199

Now I want to define the VM LAB network before I start so we know what parameters to use when asked to provide the different network settings in the pfSense installer and the 
Workstation network configurator that we need to setup before we can create our Virtual Machines

LAB Router: pfSense 2.3
WAN: DHCP IP 192.168.1.xx <- the 1.xx is going to be the next unused and available IP from your Home Router in my case that should be 192.168.1.197
LAN Network: 10.99.99.0
LAN Broadcast: 10.99.99.255
LAN Subnet: 255.255.255.0 = /24 in CIDR notation as used in pfSense
LAN IP: 10.99.99.1
LAN DHCP: 10.99.99.100 to 10.99.99.200

Now you are probably wondering why I chose to go whit a 10.99.99.0 network and IP range for my VM LAB setup and there are 2 good main reasons for that

1. Your VM LAB network cannot be the same as your Home Router network that will only make problems and issues for anyone that connect to the internet from your home

2. If something is to go bad an you need to troubleshoot a network issue it is easy to identify that anything whit a 10.99.99.xx IP is from your VM LAB network and anything whit a 
192.168.1.xx IP is from your normal Home Router network that is having or creating issues.

3. Configuring the virtual network infrastructure in VMware Workstation

Now that we have done all of our preparations and network planning we are ready to start configuring and installing the VM LAB network, we start by configuring the network configuration 
Settings by opening Virtual Network Manager from Edit -> Virtual Network Manager

Here you should see 3 different types of networks already defined for you, those should be Bridge, NAT and Host-Only, all this is fine what we want to do is to Add Network and create a 
Custom Host-Only types of network for our LAN interface, to do this click on the Add Network button choose a "VMnet #" I usually go for VMnet3 then click OK



Now back at the Virtual Network Editor you should see 4 for networks in the list the same 3 as before and our newly created VMnet3, you would need to select that in the list and edit 
Its network values according to our VM LAB requirements witch is:

VMnet Info = Host-only
Connect to a host virtual adapter to this network = NO (not checked)
Use local DHCP service = NO (not checked)
Subnet IP = 10.99.99.0 (this is the LAN Network of the VM LAB environment)
Subnet mask = 255.255.255.0

Save these changes by clicking Apply then OK to go back to the main window of VMware workstation.



[Some info about the different types of networks used in VMware workstation for quick reference]
- Bridged type means that the virtual machine shares the physical network port and connection whit the computer, our pfSense will use this for its WAN interface.
- NAT type means it is a translated network that is given to the virtual machine, essentially workstation will act as its own router
- Host-Only type means that only that specific virtual Machine can use that network, it is used to emulate an isolated network whit no internet access or access to other devices

4. Configuring the Virtual Machin Settings and Hardware

Now is the time to define your hardware to be used for pfSense VM, to do this navigate to File -> Create a New Virtual Machine
Here we will be following the on-screen wizard so select typical and click next



Select I will install Operating System later, the virtual machine will be created whit a blank hard disk and press next



Set the guest operating system option to Other -> FreeBSD 64-Bit then click next



Now give the virtual machine a proper identifying name and where one the system you would store the system files then click next

Name: pfSense 2.3 Router
Location: C:\VirtualMachines\pfsense2.3\



Select the amount of storage and hard drive space to be used by the pfSense VM, this would depend on what you are going to use the system for some add-on packages and features would 
Require lager amount of storage than others, for a base system and learning pfSense anything between 5 GB to 10 GB is fine I select 10 GB as that is a nice round nr that allows for growth 
And space to test out most of the features and add-on packages whit ease

I choose 10 GB and single file, then next



At this point you should be looking at a summary page of all the options you have chosen and workstation recommendation of hardware for a FreeBSD system, however we are setting up a 
firewall and router system that does not need many of the hardware options like a normal system would have benefits of using so we would need to edit the selected hardware to fit our 
Install of pfSense, you do this by clicking Customize Hardware button



Now you should see the Hardware selection list, here you should set the following hardware and settings

Memory = 2048mb
Processor = 4 \ 2 processors and 2 cores per processor
Hard Disk = 10 GB
DVD = ISO Image: File location of pfSense iso file, mine is "C:\Users\noman\Downloads\pfSense.iso"
Network Adapter 1 = Bridged (Automatic)
Network Adapter 2 = Custom (VMnet3) 
Display = Auto Detect

As you can see I removed the sound card and usb controller since this is a Virtual Machine you do not have access to put an usb drive to it nor dose a router need a soundcard so removing 
This will save some resources of your system, however if this was a physical install on a machine I do recommend usb ports.
I have also added a second Network adapter whit different types of VMnet networks







When you have set the hardware to your liking you click Close to go back to the summary picture and then press Finish to complete the creation of the virtual machine and return to the 
Main menu of the VMware Workstation.



5. Installation of pfSense software

From this point is going to be a normal installation process for pfSense, and you can follow the normal installation guide from https://doc.pfsense.org/index.php/Installing_pfSense
However when the installation process is done this do not cover the optimizations steps needed for running smoothly in a VM environment

Whit that said we are now ready to start up the new virulent machine, which is done by pressing the green play button and you will open a new window that represents a physical display 
Connected to the machine you just created and the first menu in pfSense

The first screen that we get is the pre-boot option where pfSense ask what type of environment we would like to use, you have a 10 second window to select it manually after that the 
Autoboot will boot the default recommended environment for us



Now you will see a lot of text fly over the screen until it stops and prompt you to select between Recovery mode or Installation mode, again you have 10 seconds to select otherwise it 
Will start the installation mode

[Recovery mode is used to recover the configuration xml files from a non-working system before you wipe the drive and reinstall pfSense on to it]



Now at this screen it will ask you to set your current screen resolution, keyboard layout and video fonts, I just accept the default settings



Next it will ask you if you want to do a quick and easy install or if you want to set some advances options like raid and other custom hardware option, you will once again get the 
option to do a recovery of the system if you missed the first selection, since this is a brand new install as a VM I select quick and easy option



It will now ask for confermation on your settings and warn you about this option is going to wipe and formant the disk and all you files will be lost, dont worry you will not lose anything as it uses a virtual file as its hard drive, however if it had been a physical device it would have wiped all the files from it



Now that the installation has started it will progress up to 50% and then I will ask you for what kernel you want to use, the option are Standard Kernel and Embedded Kernel, No VGA the 
Only difference here is that embedded kernel is to be used on devices where you have no graphical connection for a monitor, so I select Standard Kernel





Now after the selection of what kernel to install it will finish up the installation process and when it reaches 100% it will ask you to reboot or drop down to the console and shell menu 
In case you want to make some last minute custom changes to the system, I choose reboot



Now if everything went ok whit the installation process you should see the same preboot options for multi user or single user mode, when the timer has expired it should fly a lot of text 
Over the screen and you should end up whit a screen saying "Welcome to pfSense 2.3.3" and then give you 16 different options like this



As you can see I have gotten an IP address of 192.168.1.198/24 on my WAN interface but I am missing the famous 192.168.1.1 IP on the LAN interface, the reason for this is that pfSense 
Default settings uses NAT and whit that enabled you are not allowed to have the same network on both LAN and WAN interface so we need to manually tell it what network and IP to use on 
LAN interface so that we can connect to it and configure it from the WEBGUI, to set a network and IP manually enter option 2 Set Interface(s) IP Address

[At this stage I have seen some issues where it mixes the LAN and the WAN interfaces so that it assigns the LAN interface as WAN and gives you the 192.168.1.1 IP on LAN but no IP on 
WAN, if that is the case you need to use option 1 assign interfaces]

You will now get a series of questions about what interface to change, what the new IP Address and Subnet mask for this interface would be, it will also ask me about Gateway options and 
DHCP Server and if we would like to set the WEBGUI access to HTTP instead of HTTPS access

I select the following

Option 2 Set Interface(s) IP Address
2 for LAN
IP: 10.99.99.1
Subnet: /24  - 255.255.255.0
Gateway: blank - press enter to skip
DHCP Start: 10.99.99.100
DHCP Stop: 10.99.99.200
Set WEBGUI to HTTP: NO





When all the option is set and pfSense is finished whit processing the new values you are given a summary page of what has been done in this case changed the LAN IP and enabled WEBGUI 
Access on https://10.99.99.1 and ask you to press enter to continue back to the shell menu



Now at the shell menu you should verify that WAN interface have the same IP range and network as your Home Router and your main computer 192.168.1.XX and that LAN interface have the 
correct IP that we just set to 10.99.99.1, if all this match up then congratulations we are now don whit the installation process and are ready to connect to the pfSense WEBGUI where all 
The magic and configuration happens



6. Configuration of a LAN client

So far we have installed and configured pfSense inside a VM in VMware workstation, but we have no access to actually connect to it and use its feature in any meaningful way, so the next 
step needed is to create a second VM and install your favorite desktop OS, what you use here should be the OS you prefer for simplicity I use a Window 7 install whit Firefox installed 
On it so everyone can follow, I use Widows 7 as that is what I have access to and a license for when writing this guide

For my Windows 7 LAN client I use the following setup

Memory = 4096Mb
Processor = 4 \ 1 processors and 4 cores per processor
Hard Disk = 25 GB
DVD = ISO Image: File location of pfSense iso file, mine is "C:\Users\noman\Downloads\Win7.iso"
Network Adapter = Custom (VMnet3) 
Display = Auto Detect
 
You would need to adjust these settings accordingly to what your selected OS has as a minimum requirement, the only important part here is that you set the Network Adapter to Custom on 
VMnet3 so that it will be connected to the same network as our pfSense LAN interface



Now when you boot your LAN-Client you should verify network connectivity and check that you have been assigned the correct IP and network, since I am using Windows 7 as my client 
Computer I verify this by using CMD.exe and ipconfig and ping command

1. Open CMD.exe
2. Run command ipconfig /all
Here you would look for the following details

IPv4: 10.99.99.100
Subnet mask: 255.255.255.0
Gateway: 10.99.99.1
DHCP: 10.99.99.1
DNS: 10.99.99.1

3. Check for internet connectivity using ping command

Ping 8.8.8.8

Ping google.com

This will check that you have the basic internet connectivity and that you can access google from both IP and DNS URL



If all of this is working as it should and you can access the internet we are now ready to start configuring pfSense from its WEBGUI

4. Connecting to pfSense WEBGUI for the first time

Now it is time for us to open up our favorite web browser and navigate to the pfSense WEBGUI using the following web address http://HTTPS://10.99.99.1/ now you would probably expect a login 
Page for pfSense but instead are met by an error message saying this site is not secure or the connection is not private, do not worry this is to be expected as pfSense uses a self 
signed SSL cert and any of the new web browsers have been set to not accept self-signed SSL certs, so you can safely ignore this error \ waring and move on



In Firefox you do the following:

1. Click on Advanced button
2. In this new box click Add exceptions



Finally you now should see a webpage whit the pfSense logo on it and asking for a username and password to login when you enter the username and password pfSense will ask you to follow 
A setup wizard and it is recommended that you follow it the first times you configure it.

7. pfSense Setup Wizard and General Settings

Now is the time we are able to login to pfSense whit the default username and password to start the online setup process of the Wizard

Username: admin
Password; pfsense



Since it's the first time you log in to the pfSense WEBGIU, you will be prompted to follow a configuration wizard, if you feel that you have a clear understanding of firewall and router 
Setups, you can skip out of it by clicking on one of the pfSense logos that appear on the screen, I recommend that you complete the wizard as the first time user of pfSense



On the next screen you get information about "Gold Subscription" for only $ 99 USD This year, this is strongly recommended when using pfSense in a production network, as you get things 
like auto backup feature, access to the full version of the book , As well as monthly hangouts with pfSense people who show tips and tricks on what and how to configure a lot of the 
Advanced features, but for a test setup like this you can skip this



Now you are prompted to set the general information about your system and asked about Hostname, Domain and DNS Server. I use the following settings

Hostname: pfSense
Domain: vmlab.lan
Primary DNS: 192.168.1.1
Secondary DNS: 8.8.8.8
Override DNS: NO (Unchecked)



Next we are asked to select our location and time zone for the NTP service to sync our clocks, I use the generic time server of 0.pfsense.pool.ntp.org and select the city closest to me 
That is Europe/Oslo, you have to select what is the closest one to you, and you can also find local NTP servers at ntp.org, more on that in a later guide



Now we get setup for the WAN \ Internet access, here you usually enter the information received from your ISP but in our setup it is your normal Home Router network that serves as 
Internet access so that information you set here depends on the settings you have on the Home Router. My recommendation is to leave it to default settings and only set the DHCP Hostname 
Value

Type: DHCP
MTU: 1500
DHCP Hostname: pfSense.vmlab.lan
Do not Block RFC1918 Networks (not checked)
Block BOGON Networks (not checked)



Next page you get questions about the LAN settings, since we already set this in the shell console, just go ahead. No things needed to be changes



Set new administrator password, this is completely up to you but is highly recommended



Press reload to load all the settings we set and move on



Confirmation that the wizard is complete and that pfSense is ready for use, click on the logo to get to the main page also called the dashboard in pfSense



Now you want to see a fancy status page, this is the dashboard page where you can quickly get information about what is moving on your server, this is also the first page you see when 
You usually log in.



8. Driver installation

If this had been a normal physical machine, we would have finished this guide now, but since we run this in a virtual machine, we will install VMware Tools that is the "driver" package 
For all the machines you install in VMware, go to System -> Package Manager



Select Available Packages and search for "open" then open vm tools will appear, then click install



You will now be asked if you confirm the installation of this additional package



It now wants to start working, you want to see a status bar at the top and some text flies over the screen while it is working



Get back to the dashboard so you can always press the pfSense logo, congratulations, you now have a fully functional installation of pfSense running in the VMware Workstation on a 
Separate test network.

This concludes this part of the guide series, I have content for a lot more guides and tutorial for pfSense packages and configurations that I will use this as a base system to work out of so everyone have a common point of reference to the core system and settings when we get into a lot more advances features of pfSense

If you follow this guide and it is not working for you and it broke your system, I am not responsible or liability for that as you should not take anything you read on the internet at face value and you should test settings like this in a lab environment and not on your production servers.

« Last Edit: May 01, 2017, 07:16:45 PM by noman »