pfSense

pfSense

  • mdo  k3tan
  •   FOSS
  •   January 21, 2021

pfSense is a router software built on the FreeBSD operating system. It allows advanced functionality with your home or business network. Out of the box, pfSense is configured to protect your network by default.

If there's one video that I wish was available when I was first getting started using pfSense, it would be this one by Tom Lawrence. It is lengthy, but is well worth your time. His entire channel is an excellent resource.

Why pfSense?

Here's what I've been able to do on my home network with pfSense. These are not all the features, but they're the ones I have tried.

  1. Connect to a VPN client such as Mullvad, ProtonVPN or IVPN. All devices on the network are tunneled over the VPN. Pick and choose which devices get tunneled and which don't.
  2. Host a VPN server to retrieve data from home network and access information from anywhere in the world.
  3. Install a package called pfblockerNG to remove ads at the router level, protecting all devices on the network.
  4. Set up guest networks and sub-networks for specific use cases. Segregate devices to different networks so certain devices can't access other devices on different networks.
  5. Inspect data usage of particular devices.
  6. Monitor traffic download/upload speeds and throttle if necessary
  7. Use the router as a reverse proxy with HAProxy package, create ACME certificates for hosting websites.
  8. Set up a fail-over, whereby if the primary internet connection goes down, the secondary connection will automatically kick in.

pfSense has plenty more features to explore and experiment with.

Hardware Requirements

To use pfSense, it is ideal to run this on a spare computer (not a virtual machine). It needs at least 2 network ports. Make sure they are Intel network cards (as opposed to RealTek). You can use an old desktop computer.

It's up to you what hardware you want to run pfSense on. Here's some ideas:

  • QotomPC - China based MiniPC. Can be found on Aliexpress.
  • Protectli - US based MiniPC.
  • PC Engines - EU based MiniPC.
  • pfSense - buy the cheapest unit from Netgate, the developers of pfSense, directly. Take a look at their forums for more Hardware ideas.
  • Any spare PC with a 2 or 4 port NIC. Look up Intel i340 or i350 on eBay or gumtree and put it into your computer.

One network port will be the Wide Area Network (WAN). The other port will be for the Local Area Network (LAN). The WAN will connect to your modem and is generally assigned an IP address by your Internet Service Provider (ISP).

I would suggest utilising your existing consumer grade wifi router and putting it into Access Point mode. Plug one end of the ethernet cable into the LAN port of your pfSense router and the other end in to the WAN port of your existing wifi router. This will allow you to access wifi and plug into the remaining 4 ports of your consumer grade router.

Software requirements

If you've bought hardware with a preinstalled software, you should be good to go from the moment it arrives. But if you're using your own device, you'll need to install pfSense. The download page can be a little confusing. What you're likely after is

  • AMD64 (64-bit)
  • USB Memstick installer
  • VGA

Download this file, flash it on to a USB drive using Etcher and boot from it on the device you want to install pfSense on.

The setup wizard is fairly intuitive. Follow Tom's video from here.

Resources


made with 💛 | k3tan.com