Pfsense

Comprehensive Guide to pfSense - Traffic Shaper

GoTos

• Diagnostics / pfTop
• Diagnostics / Test Port

  Installation

https://www.youtube.com/watch?v=pykWp1RCYHg

Short vid on private network config on proxmox (you might need to forward DNS in pfsense - see video below) https://www.youtube.com/watch?v=2YZ_C8Ze0CM

Common Settings:

• System/Advanced:
  • change tcp port from default 443 / disable WebGUI redirect
  • Firewall & NAT
    • NAT Reflection mode for port forward: Pure NAT

      Firewall Rules

Priority order, start with block rules https://youtu.be/eb1pTs7XamA?si=eX3Yz47B4L5dwxwx

Connected devices

Status/DHCP Server -> Status/Leases icon ### DNS Redirect for LAN

if you want to specify DNS server: Services -> DHCP Server -> DNS Servers

Check DNS Leak:

• https://www.dnsleaktest.com/
• https://whoer.net/
• curl https://ifconfig.co/json

https://www.youtube.com/watch?v=2g0VoMrJA5c

1. Check your DNS: Status -> Interfaces
2. Set: System -> General Setup

| | Prime | Secondary | | ———- | —————– | —————– | | CloudFlare | 1.1.1.1 | 1.0.0.1 | | Troogle | 8.8.8.8 | 8.8.4.4 | | OpenDNS | 208.67.222.222 | 208.67.220.220 | | NordVPN | 103.86.96.100
| 103.86.99.100
|

1. Services: DNS Resolver
2. Firewall -> NAT ->Add
   1. Protocol: TCP/UDP
   2. Destination: Invert match. of your LAN interface
   3. Redirect target IP: 127.0.0.1
3. Check and relocate Firewall RUle to highest priority for DNS?:
   1. Status -> DNS Resolver
   2. Firewall

      VPN

• Great Tutorial on defining FireWall/Aliases/etc rules

  NordVPN

• terrible video tutorial - use it only to configure openVPN with NordVPN cred’s, don’t set rules/etc according to it.(stop at minute 5)
  • • Nord VPN links
      1. Add Certificate (only need one per provider)
      2. Add VPN Client 1. Server host or address: 2. Client Certificate: GUI default or whatever 3. Username/Pass: not your NordVPN email - find it in WebUI setting in NordVPN 4. TLS Configuration:
      3. Use a TLS Key
      4. NO=Automatically generate a TLS Key.
         1. import yours from NordVPN file (they are all the same across endpoints)
            1. Data Encryption Algorithms:
      5. AES-256-GCM
      6. AES-256-CBC Fallback: AES-256-GCM 5. Auth digest algorithm SHA512 6. Don’t add/remove routes: YES 7. Don’t pull routes: YES (IMPORTANT) 8. Exit Notify: Disabled 9. Gateway creation: ipv4 10. Verbosity level:3 11. Custom options:

         tls-client;
         remote-random;
         tun-mtu 1500;
         tun-mtu-extra 32;
         mssfix 1450;
         persist-key;
         persist-tun;
         reneg-sec 0;
         remote-cert-tls server;
         

auth-retry interact; ????

1. check open VPN client worked and ONLINE
2. Assign Interface to it, so we can use as a Gateway. (YOU WILL USE THESE ASSIGNMENTS TO CHANGE VPN LOCATIONS; you might need to Status / OpenVPN: Restart service after switch)
3. OPTIONAL: System -> Routing -> Gateway: edit Monitor IP: i.e. 9.9.9.9, NordVPN puts it’s own\
4. Firewall -> NAT -> Outbound -> Add Rule
   1. Interface
   2. Source: 192.168.3.0 or you LAN in pfSense you want to target
   3. Address of interface
5. Firewall / Aliases
6. Firewall / Rules -> Add
   1. Protocol any
   2. Source: your alias or IP
   3. Desc:
   4. Display adfvanced:
      1. Tag: you_tag - tag for the packets (copy-to-paste it )
   5. Gateway:

Debugging:

1. Status / OpenVPN: Restart service
2. Status/Filter Reload
3. Diagnostic / Reboot ---

NordVPN DNS Servers (wasn’t neccassary)

103.86.96.100
103.86.99.100

---

Full Config Playlist: https://www.youtube.com/watch?v=fsdm5uc_LsU&list=PLjGQNuuUzvmsuXCoj6g6vm1N-ZeLJso6o

Packages

SystemPackage ManagerPackage Installer:

• Service WatchDog

---

Legacy notes:

1. Proxmox —> Ensure you create a virtual network bridge that you can use as LAN for PFSense, because as soon as you create another WLAN / network firewall will block all you from accessing original ETH/WAN ip address
2. pfSense/Interfaces: Create new LAN assigngment for your LAN bridge
3. pfSense/Interfaces: Create new OPT assigngment for your WLAN
4. DHCP Server: Enable DHCP server for WLAN