Christof VG

You don't need to come out of your comfort zone, if automation is in it!

pfSense on Azure - Part 2 - Install pfSense

Series / Azure / pfSense

Read time: 5 minutes
Execution time: 15 minutes

Series overview

Introduction

In the previous part, we created the virtual machine that we will use to install pfSense on, with custom settings specific for Azure. As a recap, here an overview of the settings we made to make the virtual machine compatible with Azure:

  • The virtual machine type is created as a generation 1 virtual machine.
  • The virtual hard disk is configured with a fixed disk size.
  • The Virtual hard disk type is set to VHD.
  • Checkpoints are disabled.

We also added an extra NIC. This is not for compatibility with Azure, but it is necessary to configure pfSense as a router.

Installation of pfSense

With everything set, we can install pfSense. When we boot the virtual machine, it will boot from the ISO file and should enter the installation menu.

The installation process is very straight-forward and basically next-next-finish. When finished, the installer asks to reboot. Don’t forget to remove the ISO from the DVD drive.

Initial configuration of pfSense

After the reboot, the pfSense wizard should start. We don’t need to setup any VLAN’s.

Now we have arrived to some very important settings. In Azure the first (primary) NIC will receive a gateway by DHCP. We need a gateway on the second NIC as well, but that will be configured later on manually. So, it is very important to configure hn0 as the WAN interface, and hn1 as the LAN interface.

The configuration will start now. When finished, the configuration menu is shown.

The WAN interface will receive a DHCP address by default, which is a good thing. But we need access to the LAN interface as well, since this is the only port where the web interface is accessible out-of-the-box.

All interfaces must be configured as DHCP client. But this cannot be done using this menu. So first we need to assign a temporary fixed address to the LAN port. Enter a fixed IP address using menu 2. In my case, I will use IP 10.0.0.123.

We don’t need a gateway on this interface for now and we don’t need IPv6 settings.

Now, the web interface is accessible at https://10.0.0.123/ (in my case).

We will use menu 14 now to enable SSH on pfSense.

Install necessary packages

Since we have an IP assigned to the LAN interface, it is accessible and SSH is installed, we can use Putty to do the rest of the configuration. By default the login is admin/pfsense.

Use menu 8 to enter the shell.

Some packages are required to function properly in Azure. Following packages are needed:

  • Python (already installed in the downloaded image)
  • Python setuptools (already installed in the downloaded image)
  • Bash
  • Sudo
  • Git

We also need the Azure Linux Agent, but is installed from GitHub instead of using a package.

Before we install the packages, it is recommended to upgrade the packaged software distribution.

1
pkg upgrade

To install bash, sudo and git:

1
pkg install -y sudo bash git

Python must be available as command as well, but by default the command to run Python is python2.7. To enable python as command, we need to add a symbolic link.

1
ln -s /usr/local/bin/python2.7 /usr/local/bin/python

With all packages installed, we can install the Linux Agent for Azure. The Agent is first cloned from the GitHub repository. Then, the latest version is selected using the tag in Git and the installation is performed using Python.

1
2
3
4
5
6
7
8
9
10
# Clone the Git repository
git clone https://github.com/Azure/WALinuxAgent.git
# Enter the WALinuxAgent directory
cd WALinuxAgent
# List all available versions
git tag
# Checkout the latest (stable) version of the agent
git checkout v2.2.34
# Install the agent
python setup.py install

We also need to create a link to the waagent executable.

1
ln -sf /usr/local/sbin/waagent /usr/sbin/waagent

Configure the LAN interface

The last step in the preparation of pfSense is to configure the LAN interface as DHCP client. To do so, we need to browse to the LAN interface using a web browser. In my case, this is https://10.0.0.123.

The default login is the same as the SSH login (admin/pfsense).

The initial configuration process is very straight forward. Since you are creating your own default deployment, you can actually choose the settings you want.

There are 2 settings that are important during the initial configuration:

  • The IP address of the LAN interface: This should remain the static IP you entered for now.
  • Block private networks from entering via WAN: disabled.

Now we are ready to configure the LAN interface. Go to menu Interfaces > LAN. Change “IPv4 Configuration Type” to DHCP and Save.

At this point, the configuration is finished and the image is prepared. In the pfSense menu, enter 6 to halt the system.

Conclusion

We configured the image so it can be deployed in Azure. Both the WAN and LAN interface are configured with a dynamic IP address, required packages are installed and the Linux Agent is installed from git.

In the next post, we will upload pfSense to the Azure Storage Account and deploy the image.

About

Working in the cloud is nothing more than working in someone else's datacenter. With this blog I'd like to make this journey more fun and easier!

Blog site build:

Build Status

Blog site staging release:

Staging Release

Blog site production release:

Staging Release

Categories

Tags

Tag Cloud

AKS ARM Agile Azure CLI Design DevOps Docker Firewall Infrastructure-as-Code Kubernetes Network PowerShell Series UI pfSense vDC

Archives

Recents