Skip to content

Instantly share code, notes, and snippets.

@mkhon

mkhon/pfsense-gce.md

Last active December 18, 2017 21:27
Show Gist options
  • Save mkhon/0d8867e07c6b325ae228 to your computer and use it in GitHub Desktop.
Save mkhon/0d8867e07c6b325ae228 to your computer and use it in GitHub Desktop.
Download ZIP
pfSense 2.2.2 on Google Compute Engine
Raw
pfsense-gce.md

Initial install (virt-manager on Linux)

virt-install --name pfsense --ram 1024 --vcpus=1 --os-variant freebsd7 --hvm --vnc \
--controller type=scsi,model=virtio-scsi --disk path=pfSense-2.2.2.raw,size=4,bus=scsi \
--network=bridge:br0,model=virtio \
--cdrom pfSense-LiveCD-2.2.2-RELEASE-amd64.iso

Configure vtnet0 as WAN.

Post-configuration

  1. Interfaces/WAN:
    • General configuration/MTU: 1460
    • DHCP client configuration/Advanced: Checked
    • DHCP client configuration/Option Modifiers: supersede subnet-mask 255.255.0.0
  2. System/Advanced:
    • webConfigurator/Browser HTTP_REFERER enforcement: Checked
    • Secure Shell/Secure Shell Server: Checked (optional)

Install/configure gcloud

curl https://sdk.cloud.google.com | bash
gcloud auth login
gcloud config set project endless-gamma-92206

Import image

gsutil mb gs://pfsense
gsutil cp pfSense-2.2.2-1.tar.gz gs://pfsense
gcloud compute images create pfsense-2-2-2-1 --source-uri gs://pfsense/pfSense-2.2.2-1.tar.gz

Create instance

  1. Allow HTTPS: Checked
  2. Allow HTTP: Checked (optional)

References

  1. https://gist.github.com/mmitchel/8661983
  2. http://blog.philippklaus.de/2011/02/install-pfsense-in-kvm-on-ubuntu-10-10/
  3. https://groups.google.com/forum/#!starred/gce-discussion/YWoa3Aa_49U
@gmarrara
Copy link

Hi all,
here are all the steps I´ve done to complete the PFSense installation on a GCP instance:

References (Credits):

  • Route Card: https://groups.google.com/forum/#!topic/gce-discussion/tPYonu9dwbc

  • nlienard: https://gist.github.com/nlienard/0ca5aa8397af6e90d70f

  • Desra Blog: http://desrablog.blogspot.co.uk/2017/11/using-t1n1wall-on-google-compute-engine.html

  • Google Cloud Documentation

  • The pfsense downloads contain a disk image inside, the instructions say that you extract it, rename it (to the convention gce expects) and compress it again. you can do this in your cloud console or a linux system:
    wget https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img.gz
    gunzip pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img.gz
    mv pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img disk.raw
    tar -Sczf pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img.tar.gz disk.raw

  • Create an image based on the file you uploaded to the bucket:

  • Activate the serial console on the project:
    sudo ./google-cloud-sdk/bin/gcloud compute project-info add-metada --metadata=serial-port-enable

  • Create an instance and add a second disk to it:

  • Use the serial console to perform the install:
    sudo ./google-cloud-sdk/bin/gcloud compute connect-to-serial-port [INSTANCE_NAME] -- zone [ZONE]

  • Install the PFSense on the second disk:

  • Create a snapshot from this disk you created:
    Create an instance from this disk:
    Use the serial to perform the setup:
    sudo ./google-cloud-sdk/bin/gcloud compute connect-to-serial-port [INSTANCE_NAME] -- zone [ZONE]

  • Using the shell, disable HTTP REFERER:
    "pfSsh.php playback disablereferercheck"

from that point on, you can access the GUI with the external IP address provided on the instance.

Hope it helps someone.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment