In this tutorial I’m going to assume that you have already installed Ubuntu Server 18.04 and are connected to the internet via a DHCP interface. If you are reading this you probably already know that pfSense is a powerful, open source, FreeBSD based router distribution which can be installed on x86 hardware.
Installing VirtualBox
Being a home user like myself, with less than a dozen LAN clients and a modest internet connection you probably do not need hardware too powerful to manage your network. By using virtualization we eliminate the need to run 2 separate machines for our router and home server. There are many paid and free solutions available for Linux and including KVM, VM Ware, Xen, and Virtuzzo. I chose to use VirtualBox because I found it was supported by a large community, and easy to manage without a GUI. Also for older hardware without support for hardware virtualization it can fallback to software emulation.
sudo apt-get install virtualbox
Installing VB Extension Pack
Now we need to install the VirtualBox extension pack, this is necessary for when we want to view the screen of the VM we are installing. The commands below take care of grabbing the latest available version.
VERSION=`curl https://download.virtualbox.org/virtualbox/LATEST.TXT`
wget https://download.virtualbox.org/virtualbox/$VERSION/Oracle_VM_VirtualBox_Extension_Pack-$VERSION.vbox-extpack
VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-$VERSION.vbox-extpack
Using phpVirtualBox
Since this is Ubuntu Server and we are not using a GUI we are going to use a browser based interface instead so we don’t have to tediously enter all the commands. phpVirtualBox uses Javascript and HTML to mimic the look and functionality of the desktop VirtualBox application. Assuming you have the Apache web server installed, all you have to do is download and extract the latest zip into the web server’s root directory using these commands.
wget https://github.com/phpvirtualbox/phpvirtualbox/archive/master.zip
sudo unzip master.zip -d /var/www/phpvirtualbox
rm master.zip
Now start the VirtualBox web service by typing,
vboxwebsrv
After all that, provided that your web server is configured properly you should able to go to http://serverip/phpvirtualbox (default login is admin/admin). Now go to the next page and I’ll talk about installing pfSense now that we have VirtualBox all setup.
Setting up the Virtual Machine
Now before we create the VM we should first download pfSense. You can close vboxwebsrv
by pressing Ctrl+C and you can download pfSense by going to their downloads page, finding a mirror near you and selecting the link ending in RELEASE-i386.iso.gz then using these commands.
wget https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-2.4.3-RELEASE-amd64.iso.gz
Once it has finished downloading, start up vboxwebsrv
again and go to your browser. Other than the network adapters this process is fairly simple but I’ll walk you through it anyway with these images. Just follow along.
The disk takes a few moments to be created and formatted. After that click finish and you will be able to see your newly created virtual machine in the left sidebar. Highlight it and click settings so we can configure it to our needs. Then copy the settings in the images below. A lot of things can be disabled because they are not needed for an operating system without a graphical desktop. Then you need to add a CD-ROM to the storage controllers list and mount the install media that we downloaded earlier.
Now we want to setup 2 identical Ethernet adapters. This tutorial assumes you have 2 physical NICs in your machine and will be using one for LAN and one WAN however there are more complicated configurations that are possible but not discussed here. Then we will need to make sure remote display is enabled since we won’t be able to view the VM from the host machine since it doesn’t have a GUI.
Now you can boot the VM from phpVirtualBox and install pfSense as you would on a pure hardware installation. Make sure you are aware of which NIC is which when you set the WAN and LAN as this will come into play later on.
Configuring Host Network Adapters
Now that we have configured the virtual machine the way we want we need to setup the network adapters in the host operating system. Open the network config file by using the command,
sudo nano /etc/network/interfaces
Then you can just copy my config file below. I gave the host a static IP address and set the gateway to pfSense’s LAN address, then I gave IP’s 0.0.0.0 for each interface I configured in pfSense so that way the OS recognizes them but leaves the networking to pfSense and doesn’t mess with them.
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# Host LAN interface
auto eth0:1
iface eth0:1 inet static
address 192.168.0.2
netmask 255.255.255.0
gateway 192.168.0.1
dns-nameservers 192.168.0.1
# pfSense LAN interface
auto eth0
iface eth0 inet static
address 0.0.0.0
# pfSernse WAN interface
auto eth1
iface eth1 inet static
address 0.0.0.0
In order to use the new config you have to restart the networking service. This is done by typing,
sudo /etc/init.d/networking restart
Starting pfSense on Startup
Since this is a router, I figure its safe to assume that you will want to start it up as soon as you boot your server. There a great script that I found here that will do the trick. I’ve copied the version I modified for my use below.
#! /bin/sh
# /etc/init.d/pfsense
#
# Edit these variables!
VMUSER=administrator
VMNAME=pfsense
case $1 in
start)
echo Starting VirtualBox VM...
sudo -H -b -u $VMUSER /usr/bin/VBoxVRDP -s $VMNAME
;;
stop)
echo Saving state of Virtualbox VM...
sudo -H -u $VMUSER /usr/bin/VBoxManage controlvm $VMNAME savestate
;;
*)
echo Usage: /etc/init.d/pfsense {start|stop}
exit 1
;;
esac
exit 0
From here on configuring pfSense should be just like a regular installation and can be done using the web UI accessible through the LAN interface so just make sure your cables are plugged into the correct NIC’s and then reboot to make sure the script works. If you have any comments, questions or suggestions feel free to leave a comment and I’ll do my best to try and respond to it.