Skip to content

Instantly share code, notes, and snippets.

@mkhon

mkhon/pfsense-gce.md

Last active December 18, 2017 21:27
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save mkhon/0d8867e07c6b325ae228 to your computer and use it in GitHub Desktop.
Save mkhon/0d8867e07c6b325ae228 to your computer and use it in GitHub Desktop.
Download ZIP
pfSense 2.2.2 on Google Compute Engine
Raw
pfsense-gce.md

Initial install (virt-manager on Linux)

virt-install --name pfsense --ram 1024 --vcpus=1 --os-variant freebsd7 --hvm --vnc \
--controller type=scsi,model=virtio-scsi --disk path=pfSense-2.2.2.raw,size=4,bus=scsi \
--network=bridge:br0,model=virtio \
--cdrom pfSense-LiveCD-2.2.2-RELEASE-amd64.iso

Configure vtnet0 as WAN.

Post-configuration

  1. Interfaces/WAN:
    • General configuration/MTU: 1460
    • DHCP client configuration/Advanced: Checked
    • DHCP client configuration/Option Modifiers: supersede subnet-mask 255.255.0.0
  2. System/Advanced:
    • webConfigurator/Browser HTTP_REFERER enforcement: Checked
    • Secure Shell/Secure Shell Server: Checked (optional)

Install/configure gcloud

curl https://sdk.cloud.google.com | bash
gcloud auth login
gcloud config set project endless-gamma-92206

Import image

gsutil mb gs://pfsense
gsutil cp pfSense-2.2.2-1.tar.gz gs://pfsense
gcloud compute images create pfsense-2-2-2-1 --source-uri gs://pfsense/pfSense-2.2.2-1.tar.gz

Create instance

  1. Allow HTTPS: Checked
  2. Allow HTTP: Checked (optional)

References

  1. https://gist.github.com/mmitchel/8661983
  2. http://blog.philippklaus.de/2011/02/install-pfsense-in-kvm-on-ubuntu-10-10/
  3. https://groups.google.com/forum/#!starred/gce-discussion/YWoa3Aa_49U
@mmelosinewave
Copy link

I have my instance created in GCE thanks in-part to this. But It does not recognize the LAN interface in GCE. Any tips?

@marcoforese
Copy link

marcoforese commented May 27, 2016
edited

Hi man,
thanks on first for your job, been traveling and mindscrapping for a WHILE before I got here, and THIS ONE WORKS.

But....would be more useful if you define some details of the environment.

For example:
I used your script syntax on a Debian VM machine inside a Virtualbox environment, it has to be updated, and some details for virt-manager can be found here:

https://virt-manager.org/

The machine itself must have a second interface, virtual or not, to fulfill that br0 so some editing should be done to "interfaces" file.
You probably started from an already double homed machine, but I did all this stuf above a virtualized Debian on my laptop.
OK, you could excerpt that a single homed firewall makes no sense, but I was in need to bring up the machine in GCE on first , and after that to mess up with the network settings.
Anyhow, is much (let me say MUCH) better to let the machine get ready while creating the image above the homing virt-manager environment, whatever it is.
If any will redo the process, the PfSense image will have to install these stuff too:

https://cloud.google.com/compute/docs/tutorials/building-images#os

before you shot it down and transfer it to GCE.

Going on, its better to create a working directory in a place outside home, because the script operates with a user different from "root", for example.
Last thing: the created image in raw format needs a rename first and a compress last.
GCE accepts images only if the tar.gz contains a file named disk.raw, and the tar command needs qualifiers czvf (having DEEP troubles to find this out, in between GCE docs and vids) if not GCE says it's not a correct tar format.

Afak that's all.

@0x616d616e
Copy link

@marcoforese
i am a noob at pfsense and google cloud & I need you help please can you leave a mail on amanrao1997@gmail.com

@gmarrara
Copy link

Hi all,
here are all the steps I´ve done to complete the PFSense installation on a GCP instance:

References (Credits):

  • Route Card: https://groups.google.com/forum/#!topic/gce-discussion/tPYonu9dwbc

  • nlienard: https://gist.github.com/nlienard/0ca5aa8397af6e90d70f

  • Desra Blog: http://desrablog.blogspot.co.uk/2017/11/using-t1n1wall-on-google-compute-engine.html

  • Google Cloud Documentation

  • The pfsense downloads contain a disk image inside, the instructions say that you extract it, rename it (to the convention gce expects) and compress it again. you can do this in your cloud console or a linux system:
    wget https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img.gz
    gunzip pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img.gz
    mv pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img disk.raw
    tar -Sczf pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img.tar.gz disk.raw

  • Create an image based on the file you uploaded to the bucket:

  • Activate the serial console on the project:
    sudo ./google-cloud-sdk/bin/gcloud compute project-info add-metada --metadata=serial-port-enable

  • Create an instance and add a second disk to it:

  • Use the serial console to perform the install:
    sudo ./google-cloud-sdk/bin/gcloud compute connect-to-serial-port [INSTANCE_NAME] -- zone [ZONE]

  • Install the PFSense on the second disk:

  • Create a snapshot from this disk you created:
    Create an instance from this disk:
    Use the serial to perform the setup:
    sudo ./google-cloud-sdk/bin/gcloud compute connect-to-serial-port [INSTANCE_NAME] -- zone [ZONE]

  • Using the shell, disable HTTP REFERER:
    "pfSsh.php playback disablereferercheck"

from that point on, you can access the GUI with the external IP address provided on the instance.

Hope it helps someone.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment