Joseph Lee

A full-stack engineering mindset

2 minute read

0. Summary

I’m currently planning to test Azure VPN configuration. To do so, I’m setting up my own pfSense environment. In this post, I’ll walk you through the pfSense installation process and briefly share my on-premises network setup. In the next post, I’ll go over the Azure VPN configuration I applied.

Architecture

For now, I’ve set up the environment as shown in the architecture below. The configuration might change as I proceed with the Azure VPN setup, but this is the initial setup for now.

image

1. On-premises Pfsense and switches

1. Prerequsites

Based on the Pfsense article, we are getting started. Ref) https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-hyper-v.html

Ensure that the virtual machine for the Pfsense have to unchecked the Secure Boot. image

2. Installation Pfsense

Ref)https://www.youtube.com/watch?v=wUD1ZjPb4kw

Select 1 to proceed the installation image

Loading.. image

Hit Enter to Accept image

Select Install pfSense image

Select Auto(ZFS) Guided Root-on-ZFS image

Select Install Proceed with Installation image

Select Stripe image

Hit ‘Space’ key to select the disk image

In this step, it says it’s the last chance. After this step, all of the content in the disk will be destroyed. We will proceed to ‘YES’ image

The installation is in progress image

image

Hit enter to reboot image

image

Enter VLANs ‘N’ image

Enter WAN interface name for ‘hn0’ image

Enter LAN interface name for ‘hn1’ image

Enter ‘y’ image

Wait for a moment image

So, here we are, the basic setup has done image

3. Configure WAN/LAN IP address

At this phase, I will skip the configuration of the set each interfaces(WAN/LAN) IP address. It’s not hard to configure at all. You can process enter an option with ‘2) Set interface(s) IP address’ image

Anyway,this pfsense ip address is as following WAN(hn0): 192.168.75.1 LAN(hn1): 10.1.1.1 image

4. WebConfigurator access

If you try to access 10.1.1.1 from other computer which has the same network interface(hn1 from the pfsense), you might encounter this web page hosting by pfsense server. This is the web GUI control panel of pfsense.

The default account is: ID: admin PW: pfsense Please change the password.. image

I loged in from 10.1.1.2 image

From pfsense console, you can check the login log. image

5. NAT Reflection to publish WebConfigurator to the internet(Not recommanded)

You can publish this web configurator to the internet whenever modify your private network. To do this, we have to enable NAT reflection(or NAT LOOP).

From up stream pfsense:

Obviously, you have to make the internet trafic from up stream pfsense to down stream pfsense. image

From down stream pfsense:

So at this moment, it’s quite tricky when you are first. The NAT reflection needed.

You might need to disable HTTP_REFERER enforcement check first. image

  • Change webConfigurator TCP Port(System / Advanced / Admin Access) image

  • Port Forwarding Both of Dest and NAT should be WAN address(192.168.75.1/24). image

  • NAT Reflection (System / Advanced / Firewall & NAT) image

So, let’s try to connect from internet. We got the down stream pfsense web configurator. image

Leave a comment

You may also enjoy

Understanding Digital Signing

4 minute read

0. Overview You’ve probably seen a message like “This software is from a trusted publisher” — or the opposite, a Windows Defender warning that says “This fil...

ADFS Deep-Dive

1 minute read

0. Overview This post is just a introduce the techcommunity post from Microsoft. Please refer the link below: https://techcommunity.microsoft.com/blog/cor...

MacOS Entra joined with PSSO

4 minute read

0. Overview In this post, we will learn how to make the mac device “Microsoft Entra joined” The result would be like: