HomeVirtualizationVDIVDI-LAB-2018 - Part 2 - Pfsense vRouter configuration

VDI-LAB-2018 - Part 2 - Pfsense vRouter configuration

Summary:

In this part, we are going to download and install pfSense vRouter. We are going to create the first VM of the environment, then install and configure pfSense router. Also, we will add openVPN to the router, configure the server and the client. Skip this section if you don’t need a router or already have one.

This is part 2 out of 12 of the VDI LAB series. Check out the introduction first.

The ultimate VDI deployment guide (from scratch) with VMware vSphere 6.5 and Horizon View 7.3 - 2018. 😉

1. Prerequisites

  1. Download pfSense open source firewall and router: https://www.pfsense.org/download/
Download pfsense
  1. Copy the ISO to an accessible datastore.

NOTE: Create a folder to store all software ISOs to be used during the whole VDI deployment

NOTE: Skip this section if you don’t need a router or already have one. The use of this virtual router is for lab purposes. An enterprise router or software should be used for a production environment.

2. The first VM

@ESXI host

  1. Go to Create / Register VM.
Image 1.1
  1. Select: Create New Virtual Machine.
Image 02 1
  1. Name your VM and choose the operating system (as image below will do).
Image 03 1
  1. Select datastore:
Image 04 1
  1. From Customize Settings: Modify CPU, RAM and Hard disk (Consider at least 1GB of RAM). Add a second Network Adapter and select the WAN network created before and VM Network
Image 05 1
  1. Select Datastore ISO File from CD/DVD Drive
Image 06 1
  1. Select the pfSense ISO file.
Image 07 1
  1. ISO will be mounted in the Drive as shown in the image below.
Image 08 1
  1. Review your configuration and click Finish.
Image 09 1

3. PfSense Installation

  1. Power on the VM.
  2. For pfSense version 2.4.2, follow the images below, it is a straightforward installation, just left everything by default, just hit lots Enter and then reboot.
pfsense installation
  1. After reboot pfSense welcome page will be displayed. From this page, let’s set the LAN interface, that will be used for Web Configuration later.
Image 11 1
  • Hit number 2 to access Set interface(s) IP address option.
  • Select option 2 for LAN and follow the steps,
  • Input IP address for the router and mask. Mine will be 10.0.0.1/20.
  • I won’t use DHCP into the router, I will configure the DHCP services into the Active Directory server.

4. PfSense Configuration

  1. Access your router via web from the LAN IP address, 10.0.0.1. Pfsense default User/Password is: admin/pfSense
pfsense
  1. First, go to Interfaces / WAN and disable the last two options, Block private networks and loopback address and Block bogon networks.
Image 13 1

Don’t make any other change and don’t click in Apply changes yet.

  1. Go to Firewall / Rules. Let's add two rules, first click on the Add button.
Image 14 1
  1. For the first rule, change only Source and Destination sections as the image below and leave the rest as default, click Save.
Image 15 1
  1. Add a second rule for ICMP, configure as the image below and click Save.
Image 16 1
  1. Reboot the system from Diagnostics / Reboot and click Reboot. Wait for the system and access to the web GUI again.
  2. Now, Let’s configure the Interfaces, Go back to Interfaces / WAN. Make sure that the interface is enabled, I am going to use DHCP for my WAN interface and disable IPv6 Configuration Type, the rest is left by default. If static IP is needed, change IPv4 Configuration Type to Static and add the IPv4 Address and Upstream gateway. Click Save.
Image 17

LAN interface was previously configured from the CLI, so I won’t change it but can be modified if needed, just like the WAN.

5. PfSense OpenVPN

This section can be skipped. For the sake of easily accessing the whole VDI-LAB remotely, openVPN will be installed into this router. I consider this important to manage and monitor all the components form my Client PC.

First, we need to create certificates that will be needed for the connection, then install openVPN Server into the virtual router and the openVPN client in the Client PC.

NOTE: Port 1194 must be open in the router providing internet on this virtual router.

5.1 PfSense certificates

  1. Go to System / Cert. Manager / CAs and click the Add button.
  2. Name the certificate authority (VMlab-CA) and change Method to Create an internal Certificate Authority. The form will change, fill it out as the image below and click Save.
pfsense openvpn
  1. Go to System / Cert. Manager / Certificates and click Add/Sign button
  2. Name the certificate (firewall.demo.vmlab.com) and change Method to Create an internal Certificate. Select the certificate authority created before and fill it out as the image below
pfsense openvpn
  1. Select Server Certificate and click Save
pfsense openvpn

5.2 PfSense OpenVPN - Server Configuration

  1. Install OpenVPN. Go to System / Package Manager / Available Package
  2. Search for “openvpn”, click Install and then Confirm.
pfsense openvpn
  1. The installation will be successfully completed.
pfsense openvpn
  1. Go to VPN / OpenVPN / Wizards
  2. In the type of server select Local User Access.
Image 22
  1. Choose a Certificate Authority previously created and click Next.
Image 23
  1. Choose a Certificate previously created and click Next.
Image 24
  1. In Server Setup, In General OpenVPN Server Information, left as the image below.
Image 25
  1. Left Cryptographic Settings by default.
  2. In Tunnel Settings, input Tunnel Network, as preferred, this is the range of IP addresses that the Client PC will get. Also, input Local Network (same as LAN interface), left the rest by default.
Image 26
  1. In Client Settings input the DNS Server 1, in my case is the IP address that I will use for my Active Directory.
Image 27
  1. Click Next.
  2. Click Both traffic rules, as the image below. This is important, without these traffic rules there will be issues pairing the connection from the Client PC.
Image 28
  1. Click Finish.
Image 29
  1. Edit new server created.
Image 30
  1. In Server Mode select Remote Access (user Auth). Or as preferred. Click Save.
Image 31

5.3 PfSense OpenVPN - Client Configuration

@pfsense router

  1. Create a new user for remote access. Go to System / User Manager and click Add.
Image 32
  1. Add username and password, click Certificate and add certificate created before. left the rest by default, click Save.
Image 33
  1. Go to VPN / OpenVPN / Client Export and Search for OpenVPN Clients, select the client to export according to your OS, in my case Windows Vista and Later. Note: Run it on the computer you want to use as a client for the remote access.
Image 34

@Client PC

  1. Run OpenVPN client. Follow the installation wizard and leave Components to install by default and click Finish
Image 35
  1. Run OpenVPN GUI, it should appear now in the Taskbar.
  2. Right Click on the OpenVPN GUI and click settings.
  3. From the setting check Launch on Windows startup, click OK.
Image 36
  1. Double Click OpenVPN GUI to launch the connection. Input username and password created in previous steps. Click OK.
Image 37

The connection will be established and we will be ready to connect remotely to our lab.

Juan Mulford
Juan Mulford
Hey there! I've been in the IT game for over fifteen years now. After hanging out in Taiwan for a decade, I am now in the US. Through this blog, I'm sharing my journey as I play with and roll out cutting-edge tech in the always-changing world of IT.

Leave a Reply

- Advertisement -

Popular Articles

mulcas.com-Raspberry-Pi

Raspberry Pi OS in a Virtual Machine with VMware

4
Although the Raspberry Pi OS is designed and optimized for the Raspberry Pi module, it is possible to test and use it without its hardware, with VMware. This solution can be useful if you are a developer (or just a curious guy) and don't have a Raspberry Pi module with you
Unable to delete inaccessible datastore

Unable to delete an "inaccessible" datastore

7
I was switching my storage array, so I migrated the VMs from that old datastore/storage to a new datastore/storage. The old datastore was shared by 3 ESXi hosts, no cluster. After migrating the VMs and unmount/delete the datastore, it was still presented in two of the ESXi hosts and was marked as inaccessible.
This is not a valid source path / URL

This is not a valid source path / URL - SourceTree and Gitlab

1
I have been working on a project with a friend who set up a repository in Gitlab but even though I was able to view all projects on it, I couldn’t really join the repository. I was using SourceTree and Gitlab.
mulcas.com-VMware-OVF-Tool

How to export a Virtual Machine using the VMware OVF Tool

9
The VMware OVF Tool is implemented by VMware for easily importing and exporting virtual machines in Open Virtualization Format (OVF) standard format. Here, I want to show you how to download and install it, and then how to use it from a Windows machine.
Couldn't load private key - Putty key format too new - mulcas.com

Couldn't load private key - Putty key format too new

5
couldn't load private key - Putty key format too new.” This issue happens when you use PuTTygen to generate or convert to a ppk key. Here is how to fix it. 
- Advertisement -

Recent Comments