pfSense

 

Introduction

 

pfSense is an awesome project for the home tech enthusiast. It’s much more powerful than any Asus, Apple, Google, or Linksys router. While it’s true that those routers are built for the general consumer, with easy setup and minimal administration, pfSense takes those types of routers to the next level.

 

  • Features
  • Reliability
  • Ease-of-use
  • Price
  • Documentation
  • Support

Summary

pfSense is a firewall/router that is jam-packed with features. There's too many great features to list in a summary. In two years of using pfSense, it's needed one reboot to function correctly. It's not the easiest router in the world to configure unless you're a network administrator, as it's designed for enterprise more so than a home network. So be prepared to do some learning. pfSense has a large user base and an active forum. Most features are well-documented on pfSense's website. You have the option to purchase a technical support plan for $99, otherwise, it's completely free!

4.3
User Rating 0 (0 votes)
Sending

 

 

Why consider pfSense?

 

First, before I begin touting the features of pfSense that you simply can’t find in most home routers, let’s discuss the disadvantages of pfSense and why it might not be the router of choice for you.

1) Price. This may or may not be a factor if you have an old PC lying around. If you want to buy a new PC, you’re probably going to exceed the $100-200 that you would spend on a big-box store router . For a mini-ATX motherboard with a fanless CPU, hard drive, and a case, I spent close to $375. You can also buy directly from the pfSense Store, but again you’ll be shelling out $300 for their cheapest model. However, pfSense- which is based on FreeBSD- is absolutely free to download and use.

2) Administration. Again, this may or may not be a factor. If you don’t want any of the frills of pfSense then this router can be just as easy to administrate as any other home router. In fact, most people could install pfSense, throw it on their network, and be done with it. It’ll just work. However, if you want to use add-ons or download software updates, it’s like any other operating system, there may be hiccups that arise every once in a while.

The advantages? The biggest for me…it’s the last router I’ll ever need. The software is updated frequently and the developers are always looking for ways to make things work faster, better, and more securely. Here are some more advantages:

1) Flexibility. You can set your network up the way YOU need it, not the way a manufacturer thought you might like it. For instance, a problem I ran into with the Apple Airport Extreme was with the DHCP reservation limit of 25. We have about 50 online devices in our household, and that just wasn’t cutting it. For access control, the Airport Extreme was limited to MAC filtering. With pfSense, I can assign each device a static mapping based on MAC address or hostname, group those devices together using aliases (think kid’s iPod, Nintendo 3DS , and laptop), and limit network access during their homework period or bedtime. This greatly reduces the administrative burden.

2) Static mappings. This is pretty much a static IP address, but it’s assigned by the DHCP server. This means I don’t need to go to each device to configure a static IP. I prefer static IP addresses for certain devices for different reasons. For the kids, this allows me a way to monitor their online activity using NxFilter (by intercepting DNS requests) and also to prevent access during certain times of the day or week. Additionally, I have a number of IP cameras on the network, and my Blue Iris camera server that they record to needs to know their addresses. I do use a DHCP range, but mostly for “smart” devices, such as our SmartThings hub, and also as a guest network for visitors.

3) Add-ons. pfSense, a Linux variant, appropriately calls these packages. There are a number of available, useful packages such as Squid proxy server, SoftFlowd network analyzer for data redirection, and OpenVPN client export for setting up your Windows, Android, or Apple VPN client.

4) Traffic shaper. Have a teenager that likes to bog down your network streaming music and videos? This is the solution.

5) Statistics. If you have an ISP that has a data cap (here’s looking at you Comcast) and you are worried about going over your monthly cap, pfSense gives you a ton of information that you can use to track your usage.

6) Scheduling. Whereas most routers give you relatively few options as far as when to enforce access rules, pfSense gives you a lot more flexibility. Again, let’s take the Airport Extreme for example. With that router, I could limit access during specific times for each day of the week (Monday through Sunday), during the weekdays (M – F), or during the weekends (Saturday & Sunday). While this is fine in most cases, with pfSense I can take my kids’ school schedule and enter it for the entire year so I don’t have to worry about editing schedules for those days! You can read more about using pfSense schedules here.

Installation

 

So let’s get started. This tutorial installs pfSense in a virtual machine for illustrative purposes, but the steps are exactly the same for actual hardware. The version being installed is pfSense 2.3. pfSense requires a minimum of 2 available Ethernet ports (one for WAN, one for LAN). You can follow the slideshow below to install your new router:


Slideshow- Tap or click to view

pfSense begins scanning the available hardware. This will take a few seconds.

After pfSense knows what you have in your machine, you are greeted and again you will see an autoboot timer at the bottom counting down. You can wait for the timer to expire again or press “I” to skip to the installation.

Next you’ll see a screen reminiscent of a Windows XP installation. Unless you have special requirements just arrow down to “Accept these settings”.

For an automated setup, choose “Quick/Easy Install”. If you need to partition the hard drive or have other special requirements, choose “Custom Install”.

pfSense will now give you a warning letting you know you are about to format your hard drive. If you have multiple drives or drives that contain valuable information (I cannot imagine this scenario for a router, but who knows?), you may want to take a second to verify that you have the correct hard drive selected. Otherwise select “OK”.

The installation continues, showing you the progress along the way. On decent hardware, this will only take a minute or so.

Unless you have a reason to choose the embedded kernel, select “Standard Kernel”.

Again, pfSense will show a bar indicating installation progress. Afterwards, you will receive this message. Choose “Reboot”. On a Hyper-V VM I had to manually turn off the device. Whether performing an installation on a VM or actual hardware, ensure you remove the USB or LiveCD so pfSense doesn’t try to install itself again.

Upon reboot without the USB or CD, you’ll get a screen that looks like this. Press F1 to continue.

pfSense will again go through an initialization phase. Once it’s complete, you’ll begin setup. The first question is about VLANs. Choose “n” unless you have a pressing need to configure a VLAN now. You can always do this from the web GUI later on.

Next pfSense will want to associate your Ethernet ports with each interface (WAN, LAN, and optional). To me, it makes the most sense to configure port 0 as the WAN, port 1 as the LAN, then any additional ports as the optional ports. Of course, you can configure these however you like, according to your setup. The WAN port will be the internet-facing port, and will be where you will connect to your modem. The LAN port will connect to your network switch, hub, or WiFi access point.

If you don’t have any optional ports, leave it blank and press Enter. pfSense will ask you if your settings are OK. If everything looks good, go ahead and enter “y” then press Enter.

pfSense begins the configuration process. Note that the 3 questions pfSense asks you are just to get enough information from you to get you to the web interface where you will repeat this setup, plus a more in-depth setup wizard.

Finally, if you made it to this screen you are done with the initial setup, and you should now have a working router (unless you have special ISP requirements, which will be covered in the setup wizard from the web interface). Note here that I’m running pfSense in a VM on my LAN, and you can see that my WAN address is a private IP address (10.0.1.133). Normally you would see your public IP address (an IP address that isn’t 10.x.x.x, 172.16.x.x, or 192.168.x.x). If you want to change your LAN side IP address, you can do that here (select option 2) or you can do it from the web interface. To start the configuration of your new router, note the LAN address, open up a browser from any device on your network, and enter the same LAN address (in this example, 192.168.1.1).

If everything went well, you are now presented with the login screen. The default username is admin  and the default password is pfsense.

As promised, pfSense continues with the full setup. Click “Next”.

On this screen you have the option to purchase a pfSense Gold Subscription. It costs $99 and gives you access to customer support, a pfSense PDF how-to guide, and a few extra options. pfSense is free (for now), and this seems like a donation offer. I don’t subscribe, but you may want to.

Here you can set up hostname, domain, and your DNS servers. For the DNS servers, you can use your ISP provided DNS server (such as 75.75.75.75 for Comcast), a Google DNS server (8.8.8.8), or any other DNS server you have access to and want to use.

Set your timezone. If you don’t want to use the default time server, you can change it here.

For configuring the WAN interface, we’re only going to focus on the first section. For me, DHCP is fine. If you have a PPTP, PPPoE username/password, or use a static IP address via your ISP, you’ll want to change the “Selected Type” accordingly. Additionally, if you don’t want your network adapter’s MAC address floating around the internet, you can set a spoofed MAC address. As I have no need for this feature, I left it blank. All other options are left at the default values. Click “Next”.

If you want to make any changes to the LAN interface you can do it here. This is a repeat of the LAN initialization we did earlier. If you make any changes, you should be redirected to the new IP address. If not, you will need to manually enter it in your browser. If you need to do subnetting (probably not for a home network), you can do it here.

It’s highly recommended that you change the default password. If not, any intruder will have easy access to your entire network. I chose the most complex password that I could remember for my home network (not what you see in the above example).

After completing the setup, the router will save your changes and reload. Now you can move on to configuring the router.



The hardware- building your own




I decided to start with a Mini-Box M250 Mini-ATX case simply because it was small (about the size of a hardback Stephen King novel) and I liked the design. I also wanted to keep the noise down and needed a well-ventilated case that would adequately support a fanless CPU. This was a great choice, and at the current price of $50, it’s a steal.







I added a Jetway NF9HG-2930  Mini-ATX motherboard, mostly due to the 4 Gigabit network ports to include the possibility for future expansion. The Intel Celeron N2930 provides a clock speed of 1.83 GHz, with boosts up to 2.16 GHz. This was my first time using a processor with a heat sink that I didn’t have to install. I was a little worried about that but it worked out ok. Additionally, the power supply is built into the motherboard so you won’t need to install an external one. I didn’t really know what to expect as far as memory went, and 8 GB of Crucial memory was probably a little overkill. 4 GB would be plenty for pfSense. All that’s left to do is slap a hard drive in. I went with a Sandisk 120GB SSD and haven’t had any problems yet.

The entire build consists of opening the case up, mounting the motherboard, and installing the RAM and hard drive. Much simpler than building a high-end gaming PC.

This build gets you a pfSense router comparable to this one  from the pfSense store that costs $500.

Related topics: