Table of Contents
PFSense - Install pfSense - Installation of pfSense
Download pfSense image
Go to https://www.pfsense.org/download/ and select the USB Memstick Installer.
NOTE: The options here are what I use.
- Architecture: AMD64 (64-bit). As I use an AMD or Intel device as the router.
- Installer: USB Memstick Installer. As I will install from a USB.
- Console: VGA. As I will plug a Keyboard and Monitor into the router; and will not be setting this up via a Serial cable.
Choose different options as required.
Burn the pfSense image on to a USB drive
sudo dd if=pfSense-CE-memstick-2.4.5-RELEASE-amd64.img of=/dev/sdb
ALERT: Make sure that if= specifies the exact location of the downloaded file and of= specifies your USB device.
If you make a mistake here, you might overwrite your hard drive!
There are many ways to check which device is connected to the USB including:
dmesg
returns:
... [411849.265872] usb 3-2: new high-speed USB device number 6 using xhci_hcd [411849.418209] usb 3-2: New USB device found, idVendor=048d, idProduct=1234 [411849.418210] usb 3-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [411849.418211] usb 3-2: Product: Disk 2.0 [411849.418212] usb 3-2: Manufacturer: USB [411849.418212] usb 3-2: SerialNumber: 2146711134684684 [411849.418481] usb-storage 3-2:1.0: USB Mass Storage device detected [411849.418603] scsi host12: usb-storage 3-2:1.0 [411850.422697] scsi 12:0:0:0: Direct-Access VendorCo ProductCode 2.00 PQ: 0 ANSI: 4 [411850.422989] sd 12:0:0:0: Attached scsi generic sg1 type 0 [411850.423703] sd 12:0:0:0: [sdb] 3891200 512-byte logical blocks: (1.99 GB/1.86 GiB) [411850.423817] sd 12:0:0:0: [sdb] Write Protect is off [411850.423819] sd 12:0:0:0: [sdb] Mode Sense: 03 00 00 00 [411850.423936] sd 12:0:0:0: [sdb] No Caching mode page found [411850.423941] sd 12:0:0:0: [sdb] Assuming drive cache: write through [411850.426796] sdb: sdb1 sdb2 sdb3 sdb2: <bsd: sdb5 > [411850.427528] sd 12:0:0:0: [sdb] Attached SCSI removable disk
In this example, the device is shown as sdb.
NOTE: If you are using Windows, use Rufus: https://rufus.akeo.ie/.
For creating a bootable USB with a Mac, try Etcher: https://etcher.io/,
Verify the BIOS settings for Booting
Ensure BIOS is set to boot from USB.
While powering up the device, press the DEL key and verify that it boots to the BIOS.
NOTE: If DEL does not boot into the BIOS, try other keys such as F2, F11, F12.
Verify the BIOS settings for Power Cuts
Make sure the power state is set to ON after a power cut.
NOTE: This ensures that pfSense functions like a normal router and maintains your network connectivity by bringing the router backup as soon as there is power cut.
Boot from the USB
Connect USB drive.
Start the router device.
NOTE: This menu will time out after a few seconds and option 1 will be used by default.
NOTE: An alternative to booting up from USB is to connect using a Console Cable.
Determine Networks
By default, only 2 networks will be set up. WAN and LAN.
WAN (wan) -> igb0 -> DHCP LAN (lan) -> igb1 -> v4: 192.168.1.1/24
NOTE: By default, the installer configures the first hardware NIC as the WAN port obtaining an address via DHCP from your modem.
The second NIC will be configured as your local LAN interface at 192.168.1.1.
TIP: You may want to leave the WAN connection modem disconnected until the configuration is finished.
There is a DHCP server running on the LAN interface so if you connect your PC to this port, you should be able to obtain an IP address which will allow you to access the pfSense web configurator to continue the configuration process.
Optional: At the Console (WebConfigurator), but easier to do in the WebGUI, which is next.
- Assign Interfaces
- No VLANs
- WAN, Autodetect, Plug the WAN (PPPoE modem) cable into the onboard network socket, Press enter
- LAN, Autodetect, Plug the LAN cable into the top socket (port 0) on the Intel low profile NIC, press enter
- Add no more
- Accept settings
- Set Interface(s) IP address
- Set LAN
- IPv4 = 192.168.1.1
- Subnet: 24 (255.255.255.0)
- No LAN IPv6 (enable at a later date)
- Enable DHCP on LAN
- Client address range = 192.168.1.100 –> 192.168.1.199
- Do you want to revert to HTTP as the webConfigurator protocol?
- Currently the web-server is using HTTPS and this is asking if you want to downgrade to HTTP
- Select No
Return to Install pfSense or continue to Initial Configuration.