dave/site
1
0
Fork 0
mirror of https://github.com/davegallant/davegallant.github.io.git synced 2025-08-06 00:33:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
66cff08323ed444f2c261166ea8582edadf9c242
site/public/blog/2022/04/02/virtualizing-my-router-with-pfsense/index.html
Dave Gallant 66cff08323 Switch to gruvbox theme
2024-01-02 00:36:41 -05:00

12 lines
36 KiB
HTML
Raw Blame History

<!doctype html><html lang=en data-theme=light><head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><link rel=preload as=font type=font/woff2 href=/fonts/roboto-slab-latin-400.woff2 crossorigin=anonymous><link rel=preload as=font type=font/woff2 href=/fonts/roboto-slab-latin-700.woff2 crossorigin=anonymous><link rel=preload as=font type=font/woff2 href=/fonts/fira-code-latin-300.woff2 crossorigin=anonymous><link rel=preload as=font type=font/woff2 href=/fonts/fira-code-latin-400.woff2 crossorigin=anonymous><link rel=preload as=font type=font/woff2 href=/fonts/fira-code-latin-700.woff2 crossorigin=anonymous><meta name=robots content="index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1"><title>Virtualizing my router with pfSense</title>
<meta name=description content="My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I&amp;rsquo;ve connected some standalone wireless access points, I&amp;rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&amp;rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
"><link rel=canonical href=https://davegallant.ca/blog/2022/04/02/virtualizing-my-router-with-pfsense/><meta name=twitter:card content="summary"><meta name=twitter:title content="Virtualizing my router with pfSense"><meta name=twitter:description content="My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I&rsquo;ve connected some standalone wireless access points, I&rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!"><meta property="og:title" content="Virtualizing my router with pfSense"><meta property="og:description" content="My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I&rsquo;ve connected some standalone wireless access points, I&rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!"><meta property="og:type" content="article"><meta property="og:url" content="https://davegallant.ca/blog/2022/04/02/virtualizing-my-router-with-pfsense/"><meta property="article:section" content="post"><meta property="article:published_time" content="2022-04-02T18:50:09-04:00"><meta property="article:modified_time" content="2022-04-02T18:50:09-04:00"><meta itemprop=name content="Virtualizing my router with pfSense"><meta itemprop=description content="My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I&rsquo;ve connected some standalone wireless access points, I&rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!"><meta itemprop=datePublished content="2022-04-02T18:50:09-04:00"><meta itemprop=dateModified content="2022-04-02T18:50:09-04:00"><meta itemprop=wordCount content="890"><meta itemprop=keywords content="pfsense,router,openwrt,router-on-a-stick,proxmox,vlan,self-hosted,"><style>@font-face{font-display:swap;font-family:Roboto Slab;font-style:normal;font-weight:100;src:local("Roboto Slab Thin "),local("Roboto Slab-Thin"),url(/fonts/roboto-slab-latin-100.woff2) format("woff2"),url(/fonts/roboto-slab-latin-100.woff) format("woff")}@font-face{font-display:swap;font-family:Roboto Slab;font-style:normal;font-weight:200;src:local("Roboto Slab Extra Light "),local("Roboto Slab-Extra Light"),url(/fonts/roboto-slab-latin-200.woff2) format("woff2"),url(/fonts/roboto-slab-latin-200.woff) format("woff")}@font-face{font-display:swap;font-family:Roboto Slab;font-style:normal;font-weight:300;src:local("Roboto Slab Light "),local("Roboto Slab-Light"),url(/fonts/roboto-slab-latin-300.woff2) format("woff2"),url(/fonts/roboto-slab-latin-300.woff) format("woff")}@font-face{font-display:swap;font-family:Roboto Slab;font-style:normal;font-weight:400;src:local("Roboto Slab Regular "),local("Roboto Slab-Regular"),url(/fonts/roboto-slab-latin-400.woff2) format("woff2"),url(/fonts/roboto-slab-latin-400.woff) format("woff")}@font-face{font-display:swap;font-family:Roboto Slab;font-style:normal;font-weight:500;src:local("Roboto Slab Medium "),local("Roboto Slab-Medium"),url(/fonts/roboto-slab-latin-500.woff2) format("woff2"),url(/fonts/roboto-slab-latin-500.woff) format("woff")}@font-face{font-display:swap;font-family:Roboto Slab;font-style:normal;font-weight:600;src:local("Roboto Slab SemiBold "),local("Roboto Slab-SemiBold"),url(/fonts/roboto-slab-latin-600.woff2) format("woff2"),url(/fonts/roboto-slab-latin-600.woff) format("woff")}@font-face{font-display:swap;font-family:Roboto Slab;font-style:normal;font-weight:700;src:local("Roboto Slab Bold "),local("Roboto Slab-Bold"),url(/fonts/roboto-slab-latin-700.woff2) format("woff2"),url(/fonts/roboto-slab-latin-700.woff) format("woff")}@font-face{font-display:swap;font-family:Roboto Slab;font-style:normal;font-weight:800;src:local("Roboto Slab ExtraBold "),local("Roboto Slab-ExtraBold"),url(/fonts/roboto-slab-latin-800.woff2) format("woff2"),url(/fonts/roboto-slab-latin-800.woff) format("woff")}@font-face{font-display:swap;font-family:Roboto Slab;font-style:normal;font-weight:900;src:local("Roboto Slab Black "),local("Roboto Slab-Black"),url(/fonts/roboto-slab-latin-900.woff2) format("woff2"),url(/fonts/roboto-slab-latin-900.woff) format("woff")}@font-face{font-display:swap;font-family:Fira Code;font-style:normal;font-weight:300;src:local("Fira Code Light "),local("Fira Code-Light"),url(/fonts/fira-code-latin-300.woff2) format("woff2"),url(/fonts/fira-code-latin-300.woff) format("woff")}@font-face{font-display:swap;font-family:Fira Code;font-style:normal;font-weight:400;src:local("Fira Code Regular "),local("Fira Code-Regular"),url(/fonts/fira-code-latin-400.woff2) format("woff2"),url(/fonts/fira-code-latin-400.woff) format("woff")}@font-face{font-display:swap;font-family:Fira Code;font-style:normal;font-weight:500;src:local("Fira Code Medium "),local("Fira Code-Medium"),url(/fonts/fira-code-latin-500.woff2) format("woff2"),url(/fonts/fira-code-latin-500.woff) format("woff")}@font-face{font-display:swap;font-family:Fira Code;font-style:normal;font-weight:600;src:local("Fira Code SemiBold "),local("Fira Code-SemiBold"),url(/fonts/fira-code-latin-600.woff2) format("woff2"),url(/fonts/fira-code-latin-600.woff) format("woff")}@font-face{font-display:swap;font-family:Fira Code;font-style:normal;font-weight:700;src:local("Fira Code Bold "),local("Fira Code-Bold"),url(/fonts/fira-code-latin-700.woff2) format("woff2"),url(/fonts/fira-code-latin-700.woff) format("woff")}
/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}main{display:block}h1{font-size:2em;margin:.67em 0}hr{box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent}abbr[title]{border-bottom:none;-webkit-text-decoration:underline;text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:1px dotted ButtonText}fieldset{padding:.35em .75em .625em}legend{box-sizing:border-box;color:inherit;display:table;max-width:100%;padding:0;white-space:normal}progress{vertical-align:baseline}textarea{overflow:auto}[type=checkbox],[type=radio]{box-sizing:border-box;padding:0}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}details{display:block}summary{display:list-item}[hidden],template{display:none}
/*! CC BY-SA 3.0 License | https://stackoverflow.com/a/36118384/1154965 */@keyframes blink{50%{opacity:0}to{opacity:1}}
/*! MIT License | github.com/schnerring/hugo-theme-gruvbox */:root[data-theme=light]{--bg:var(--bg0);--bg0:#fbf1c7;--bg0_h:#f9f5d7;--bg0_s:#f2e5bc;--bg1:#ebdbb2;--bg2:#d5c4a1;--bg3:#bdae93;--bg4:#a89984;--fg:var(--fg1);--fg0:#282828;--fg1:#3c3836;--fg2:#504945;--fg3:#665c54;--fg4:#7c6f64;--gray1:var(--fg4);--gray2:#928374;--red1:#cc241d;--red2:#9d0006;--green1:#98971a;--green2:#797403;--yellow1:#d79921;--yellow2:#b57614;--blue1:#458588;--blue2:#076678;--purple1:#b16286;--purple2:#8f3f71;--aqua1:#689d6a;--aqua2:#427b58;--orange1:#d65d0e;--orange2:#af3a03}:root[data-theme=dark]{--bg:var(--bg0);--bg0:#282828;--bg0_h:#1d2021;--bg0_s:#32302f;--bg1:#3c3836;--bg2:#504945;--bg3:#665c54;--bg4:#7c6f64;--fg:var(--fg1);--fg0:#fbf1c7;--fg1:#ebdbb2;--fg2:#d5c4a1;--fg3:#bdae93;--fg4:#a89984;--gray1:var(--fg4);--gray2:#928374;--red1:#cc241d;--red2:#fb4934;--green1:#98971a;--green2:#b8bb26;--yellow1:#d79921;--yellow2:#fabd2f;--blue1:#458588;--blue2:#83a598;--purple1:#b16286;--purple2:#d3869b;--aqua1:#689d6a;--aqua2:#8ec07c;--orange1:#d65d0e;--orange2:#fe8019}:root{--primary:var(--blue1);--primary-alt:var(--blue2);--font-monospace:"Fira Code","Lucida Console",Monaco,monospace;--font-sans-serif:Verdana,Helvetica,sans-serif;--font-serif:"Roboto Slab",Georgia,serif}::-moz-selection{background:var(--bg4);color:var(--fg0)}::selection{background:var(--bg4);color:var(--fg0)}.search{display:flex;grid-area:search;margin:0 1rem}#search__text{background:var(--bg2);border:1px solid var(--bg2);border-radius:.2rem;caret-color:var(--fg);color:var(--fg);outline:none;padding:0 .5rem;width:100%}#search__text:hover{border-color:var(--bg3)}#search__text:focus{border-color:var(--bg4)}#search__text::-moz-placeholder{color:var(--fg3)}#search__text::placeholder{color:var(--fg3)}#search__text[type=search]::-webkit-search-cancel-button{-webkit-appearance:none;appearance:none}#search__suggestions{background:var(--bg);border-radius:.2rem;box-shadow:0 .5rem 1rem var(--bg1);font-family:Roboto Slab,Georgia,serif;font-family:var(--font-serif);left:0;margin-top:2rem;position:absolute;width:95vw;z-index:1000}@media (min-width:768px){.search{position:relative}#search__suggestions{width:60vw}}.search__suggestions--hidden{display:none}.search__suggestion-item{border-bottom:1px dashed var(--bg2);display:grid;grid-template-columns:1fr 2fr}.search__suggestion-item:focus,.search__suggestion-item:focus-visible,.search__suggestion-item:hover{background:var(--bg1);cursor:pointer;outline:none}.search__suggestion-item:last-child{border:none}.search__suggestion-description,.search__suggestion-title{margin:1rem 0;padding:0 1rem}.search__suggestion-title{font-weight:700}.search__suggestion-description{border-left:1px solid var(--bg2)}.search__no-results{padding:.75rem}</style><link rel=preload href="/css/non-critical.10bf652274d1149570c93631c19d9e068c317875079471d2fda62260a2d40136a468ceb49a9b091ce868ae2db84cbfdb5e4eab1b465fb9710247eb86f36275a0.css" as=style onload='this.onload=null,this.rel="stylesheet"' integrity="sha512-EL9lInTRFJVwyTYxwZ2eBowxeHUHlHHS/aYiYKLUATakaM60mpsJHOhori24TL/bXk6rG0ZfuXECR+uG82J1oA=="><link id=prism-dark rel=preload href=/prism-themes/prism-gruvbox-dark.min.54aecc64074623a4f9898544dcbdab9e804f1560ef0b38f4cf8e10fcaaf72264e798cb407c601aca6ecd833ec4eb93d66535581f18d45ba202cf848b70dbc332.css as=style onload='this.onload=null,this.rel="stylesheet"' integrity="sha512-VK7MZAdGI6T5iYVE3L2rnoBPFWDvCzj0z44Q/Kr3ImTnmMtAfGAaym7Ngz7E65PWZTVYHxjUW6ICz4SLcNvDMg==" disabled><link id=prism-light rel=preload href=/prism-themes/prism-gruvbox-light.min.42a221741efe997fcc94187c39d63c555560678789ac9ca856c74a5f0ddb2aa6c50d38b2ffbecc7a99038cbbd2efa99746e862267f781c559e0cfec10b88a5fc.css as=style onload='this.onload=null,this.rel="stylesheet"' integrity="sha512-QqIhdB7+mX/MlBh8OdY8VVVgZ4eJrJyoVsdKXw3bKqbFDTiy/77MepkDjLvS76mXRuhiJn94HFWeDP7BC4il/A=="><noscript><link rel=stylesheet href=/prism-themes/prism-gruvbox-light.min.42a221741efe997fcc94187c39d63c555560678789ac9ca856c74a5f0ddb2aa6c50d38b2ffbecc7a99038cbbd2efa99746e862267f781c559e0cfec10b88a5fc.css integrity="sha512-QqIhdB7+mX/MlBh8OdY8VVVgZ4eJrJyoVsdKXw3bKqbFDTiy/77MepkDjLvS76mXRuhiJn94HFWeDP7BC4il/A=="><link rel=stylesheet href="/css/non-critical.10bf652274d1149570c93631c19d9e068c317875079471d2fda62260a2d40136a468ceb49a9b091ce868ae2db84cbfdb5e4eab1b465fb9710247eb86f36275a0.css" integrity="sha512-EL9lInTRFJVwyTYxwZ2eBowxeHUHlHHS/aYiYKLUATakaM60mpsJHOhori24TL/bXk6rG0ZfuXECR+uG82J1oA=="></noscript><script>(()=>{function n(){if(localStorage&&localStorage.getItem("theme"))return localStorage.getItem("theme");if(window.matchMedia)return window.matchMedia("(prefers-color-scheme: light)").matches?"light":"dark"}function e(e){document.documentElement.setAttribute("data-theme",e);let t=document.getElementById("prism-dark"),n=document.getElementById("prism-light");t.toggleAttribute("disabled",e==="light"),n.toggleAttribute("disabled",e==="dark"),localStorage.setItem("theme",e)}var t=n();t&&e(t);function s(t){let n=t.currentTarget.classList.contains("light--hidden")?"light":"dark";e(n)}document.addEventListener("DOMContentLoaded",function(){document.querySelectorAll(".theme__toggle").forEach(e=>{e.addEventListener("click",s)})})})()</script><link rel=apple-touch-icon sizes=180x180 href=/apple-touch-icon.png><link rel=icon type=image/png sizes=32x32 href=/favicon-32x32.png><link rel=icon type=image/png sizes=16x16 href=/favicon-16x16.png><link rel=manifest href=/site.webmanifest><link rel=mask-icon href=/safari-pinned-tab.svg color=#282828><meta name=msapplication-TileColor content="#282828"><meta name=theme-color content="#282828"></head><body><div class=layout><header><a class=logo href=/><div class=logo__text>davegallant.ca</div><div class=logo__chevron>></div><div class=logo__cursor></div></a><div class=search><input id=search__text type=search placeholder=Search... aria-label=Search autocomplete=off><div id=search__suggestions class=search__suggestions--hidden></div></div><nav id=menu><ul class=menu--horizontal><li class=menu__item><a href=/index.xml>RSS</a></li></ul><div class=menu__burger><input class=menu__item type=checkbox aria-label="Open main menu"><svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-menu-2" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentcolor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"/><path d="M4 6h16"/><path d="M4 12h16"/><path d="M4 18h16"/></svg><ul class=menu--vertical><li><a class=menu__item href=/index.xml>RSS</a></li></ul></div></nav><button class="theme__toggle light--hidden" aria-label="Toggle light mode">
<svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-sun" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentcolor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"/><path d="M12 12m-4 0a4 4 0 108 0 4 4 0 10-8 0"/><path d="M3 12h1m8-9v1m8 8h1m-9 8v1M5.6 5.6l.7.7m12.1-.7-.7.7m0 11.4.7.7m-12.1-.7-.7.7"/></svg></button>
<button class="theme__toggle dark--hidden" aria-label="Toggle dark mode"><svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-moon" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentcolor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"/><path d="M12 3c.132.0.263.0.393.0a7.5 7.5.0 007.92 12.446A9 9 0 1112 2.992z"/></svg></button></header><main><div class=content><article class=post><div class=post-header><h1>Virtualizing my router with pfSense</h1><div class=post-meta><span>2022-04-02</span><div class=post-tags><a class=post-tag href=https://davegallant.ca/tags/pfsense>pfsense</a><a class=post-tag href=https://davegallant.ca/tags/router>router</a><a class=post-tag href=https://davegallant.ca/tags/openwrt>openwrt</a><a class=post-tag href=https://davegallant.ca/tags/router-on-a-stick>router&#8209;on&#8209;a&#8209;stick</a><a class=post-tag href=https://davegallant.ca/tags/proxmox>proxmox</a><a class=post-tag href=https://davegallant.ca/tags/vlan>vlan</a><a class=post-tag href=https://davegallant.ca/tags/self-hosted>self&#8209;hosted</a></div></div></div><div class=post-content><p>My aging router has been running <a href=https://en.wikipedia.org/wiki/OpenWrt class=link--external target=_blank rel=noreferrer>OpenWrt</a> for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a <a href=https://openwrt.org/packages/index/start class=link--external target=_blank rel=noreferrer>large index of packages</a>. Ever since I&rsquo;ve connected some standalone wireless access points, I&rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!</p><h2 id=pfsense>pfSense<a href=#pfsense class=post-heading__anchor aria-hidden=true>#</a></h2><p>I figured this would be a good opportunity to try <a href=https://en.wikipedia.org/wiki/PfSense class=link--external target=_blank rel=noreferrer>pfSense</a>. I&rsquo;ve heard nothing but positive things about pfSense and the fact it&rsquo;s been around since 2004, based on FreeBSD, and written in PHP gave me the impression that it would be relatively stable (and I&rsquo;d expect nothing less because it has an important job to do!). pfSense can be run on many different machines, and there are even some <a href=https://www.netgate.com/appliances class=link--external target=_blank rel=noreferrer>officially supported appliances</a>. Since I already have a machine running Proxmox, why not just run it in a VM? It&rsquo;d allow for automatic snapshotting of the machine. There is a good <a href="https://www.youtube.com/watch?v=hdoBQNI_Ab8" class=link--external target=_blank rel=noreferrer>video</a> on this by Techno Tim. Tim has a lot of good videos, and this one is about virtualizing pfSense.</p><h2 id=router-on-a-stick>Router on a stick<a href=#router-on-a-stick class=post-heading__anchor aria-hidden=true>#</a></h2><p>I had initially made the assumption that in order to build a router, you would need more than a single NIC (or a dual-port NIC) in order to support both WAN and LAN. This is simply <a href=https://en.wikipedia.org/wiki/Router_on_a_stick class=link--external target=_blank rel=noreferrer>not the case</a>, because VLANs are awesome! In order to create a router, all you need is a single port NIC and a network switch that supports VLANs (also marketed as a managed switch). I picked up the Netgear GS308E because it has both a sufficient amount of ports for my needs, and it supports VLANs. It also has a nice sturdy metal frame which was a pleasant surprise.</p><p>After setting up this Netgear switch, it shoud be possible to access the web interface at <a href=http://192.168.0.239 class=link--external target=_blank rel=noreferrer>http://192.168.0.239</a>. It may be at a different address. To find the address, try checking your DHCP leases in your router interface (if you plugged it into an existing router). I realized I was unable to access this interface because I was on a different subnet, so I set my machine&rsquo;s address to <code>192.168.0.22</code> in order to temporarily setup this switch. I assigned a static ip address to the switch (in <code>System > Switch Information</code>) so that it was in the same subnet as the rest of my network.</p><p>The web interface is nothing spectactular, but it allows for managing VLANs.</p><p>The following configuration will:</p><ul><li>assign port 1 to be the LAN (connected to the Proxmox machine)</li><li>assign port 8 to be the WAN (connected to my ISP&rsquo;s modem)</li></ul><p>In the switch&rsquo;s web interface, I went to <code>VLAN</code> and then <code>802.1Q</code>, and then clicked on <code>VLAN Configuration</code>. I configured the ports to look like this:</p><p><picture><source type=image/webp srcset="/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_300x0_resize_q75_h2_box_3.webp 300w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_500x0_resize_q75_h2_box_3.webp 500w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_700x0_resize_q75_h2_box_3.webp 700w" sizes="(max-width: 499px) 300px,(max-width: 699px) 500px,700px"><img src=/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration.png srcset="/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_300x0_resize_box_3.png 300w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_500x0_resize_box_3.png 500w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_700x0_resize_box_3.png 700w" sizes="(max-width: 499px) 300px,(max-width: 699px) 500px,700px" alt=vlan-config loading=lazy width=1005 height=414></picture></p><p>Note that the <code>VLAN Identifier Setting</code> has been setup already with two VLANs (1 and 10). More VLANs can be created (i.e. to isolate IoT devices), but 2 VLANs is all we need for the initial setup of a router.</p><p>To replicate the above configuration, add a new VLAN ID 10 (1 should exist by default).</p><p>Next, go into <code>VLAN Membership</code> and configure VLAN 1&rsquo;s port membership to be the following:</p><p><picture><source type=image/webp srcset="/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_300x0_resize_q75_h2_box_3.webp 300w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_500x0_resize_q75_h2_box_3.webp 500w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_700x0_resize_q75_h2_box_3.webp 700w" sizes="(max-width: 499px) 300px,(max-width: 699px) 500px,700px"><img src=/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1.png srcset="/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_300x0_resize_box_3.png 300w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_500x0_resize_box_3.png 500w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_700x0_resize_box_3.png 700w" sizes="(max-width: 499px) 300px,(max-width: 699px) 500px,700px" alt=vlan-membership-1 loading=lazy width=1007 height=396></picture></p><p>and then configure VLAN 10&rsquo;s port membership to be the following:</p><p><picture><source type=image/webp srcset="/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_300x0_resize_q75_h2_box_3.webp 300w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_500x0_resize_q75_h2_box_3.webp 500w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_700x0_resize_q75_h2_box_3.webp 700w" sizes="(max-width: 499px) 300px,(max-width: 699px) 500px,700px"><img src=/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10.png srcset="/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_300x0_resize_box_3.png 300w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_500x0_resize_box_3.png 500w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_700x0_resize_box_3.png 700w" sizes="(max-width: 499px) 300px,(max-width: 699px) 500px,700px" alt=vlan-membership-10 loading=lazy width=1007 height=396></picture></p><p>Now, go into <code>Port PVID</code> and ensure that port 8 is set to PVID 10.</p><p><picture><source type=image/webp srcset="/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_300x0_resize_q75_h2_box_3.webp 300w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_500x0_resize_q75_h2_box_3.webp 500w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_700x0_resize_q75_h2_box_3.webp 700w" sizes="(max-width: 499px) 300px,(max-width: 699px) 500px,700px"><img src=/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid.png srcset="/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_300x0_resize_box_3.png 300w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_500x0_resize_box_3.png 500w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_700x0_resize_box_3.png 700w" sizes="(max-width: 499px) 300px,(max-width: 699px) 500px,700px" alt=vlan-port-pvid loading=lazy width=1007 height=439></picture></p><p>This above configuration will dedicate two of the eight ports to WAN and LAN. This will allow the internet to flow into the pfSense from the modem.</p><h2 id=setting-up-pfsense>Setting up pfSense<a href=#setting-up-pfsense class=post-heading__anchor aria-hidden=true>#</a></h2><p>pfSense is fairly easy to setup. Just <a href=https://www.pfsense.org/download/ class=link--external target=_blank rel=noreferrer>download the latest ISO</a> and boot up the virtual machine.
When setting up the machine, I mostly went with all of the defaults. Configuration can be changed later in the web interface, which is quite a bit simpler.</p><p>Since VLANs are going to be leveraged, when you go to <code>Assign Interfaces</code>, VLANs should be setup now like the following:</p><ul><li><code>WAN</code> should be <code>vtnet0.10</code></li><li><code>LAN</code> should be <code>vtnet0</code></li></ul><p>After going through the rest of the installation, if everything is connected correctly it should display both WAN and LAN addresses.</p><p>If all goes well, the web interface should be running at <a href=https://192.168.1.1 class=link--external target=_blank rel=noreferrer>https://192.168.1.1</a>.</p><p><picture><source type=image/webp srcset="/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_300x0_resize_q75_h2_box_3.webp 300w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_500x0_resize_q75_h2_box_3.webp 500w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_700x0_resize_q75_h2_box_3.webp 700w" sizes="(max-width: 499px) 300px,(max-width: 699px) 500px,700px"><img src=/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard.png srcset="/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_300x0_resize_box_3.png 300w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_500x0_resize_box_3.png 500w,/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_700x0_resize_box_3.png 700w" sizes="(max-width: 499px) 300px,(max-width: 699px) 500px,700px" alt=pfsense-dashboard loading=lazy width=905 height=478></picture></p><p>And this is where the fun begins. There are many tutorials and blogs about how to setup pfSense and various services and packages that can be installed. I&rsquo;ve already installed <a href=https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html class=link--external target=_blank rel=noreferrer>pfBlocker-NG</a>.</p><h2 id=summary>Summary<a href=#summary class=post-heading__anchor aria-hidden=true>#</a></h2><p>It is fairly simple to setup a router with pfSense from within a virtual machine. A physical dedicated routing machine is not necessary and often does not perform as well as software running on faster and more reliable hardware. So far, pfSense has been running for over a week without a single hiccup. pfSense is a mature piece of software that is incredibly powerful and flexible. To avoid some of the instability I had experienced with OpenWrt, I enabled <a href=https://docs.netgate.com/pfsense/en/latest/backup/autoconfigbackup.html class=link--external target=_blank rel=noreferrer>AutoConfigBackup</a>, which is capable of automatically backing up configuration upon every change. I plan to explore and experiment with more services and configuration in the future, so the ability to track all of these changes gives me the peace of mind that experimentation is safe.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#458588","F1F2S4LWI"),kofiwidget2.draw()</script><section id=comments class=comments><div class='container sep-before'><div class=comments><script>var getTheme=window.localStorage&&window.localStorage.getItem("theme-storage"),getTheme=getTheme??"light";let theme=getTheme==="dark"?"github-dark":"github-light",s=document.createElement("script");s.src="https://utteranc.es/client.js",s.setAttribute("repo","davegallant/davegallant.github.io"),s.setAttribute("issue-term","pathname"),s.setAttribute("theme",theme),s.setAttribute("crossorigin","anonymous"),s.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(s)</script></div></div></section></article></div><div class=sidebar><aside class=bio><div class="jr__item jr-basics__item"><div class=jr-basics__name>Dave Gallant</div><div class=jr-basics__label>Software Engineer</div><div class=jr-basics__email>me@davegallant.ca</div><div class=jr-basics__summary>I'm a software tinkerer passionate about infra, security and self-hosting 👋.</div><hr><div class="jr-basics__profile jr-basics__profile--row"><a href=https://linktr.ee/davegallant target=_blank rel="noreferrer me"><div class=jr-basics__profile-item><div class=jr-basics__profile-icon><svg role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>Linktree</title><path d="m13.73635 5.85251 4.00467-4.11665 2.3248 2.3808-4.20064 4.00466h5.9085v3.30473h-5.9365l4.22865 4.10766-2.3248 2.3338L12.0005 12.099l-5.74052 5.76852-2.3248-2.3248 4.22864-4.10766h-5.9375V8.12132h5.9085L3.93417 4.11666l2.3248-2.3808 4.00468 4.11665V0h3.4727zm-3.4727 10.30614h3.4727V24h-3.4727z"/></svg></div></div></a><a href=https://github.com/davegallant target=_blank rel="noreferrer me"><div class=jr-basics__profile-item><div class=jr-basics__profile-icon><svg role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>GitHub</title><path d="M12 .297c-6.63.0-12 5.373-12 12 0 5.303 3.438 9.8 8.205 11.385.6.113.82-.258.82-.577.0-.285-.01-1.04-.015-2.04-3.338.724-4.042-1.61-4.042-1.61C4.422 18.07 3.633 17.7 3.633 17.7c-1.087-.744.084-.729.084-.729 1.205.084 1.838 1.236 1.838 1.236 1.07 1.835 2.809 1.305 3.495.998.108-.776.417-1.305.76-1.605-2.665-.3-5.466-1.332-5.466-5.93.0-1.31.465-2.38 1.235-3.22-.135-.303-.54-1.523.105-3.176.0.0 1.005-.322 3.3 1.23.96-.267 1.98-.399 3-.405 1.02.006 2.04.138 3 .405 2.28-1.552 3.285-1.23 3.285-1.23.645 1.653.24 2.873.12 3.176.765.84 1.23 1.91 1.23 3.22.0 4.61-2.805 5.625-5.475 5.92.42.36.81 1.096.81 2.22.0 1.606-.015 2.896-.015 3.286.0.315.21.69.825.57C20.565 22.092 24 17.592 24 12.297c0-6.627-5.373-12-12-12"/></svg></div></div></a><a href=https://mastodon.social/@davegallant target=_blank rel="noreferrer me"><div class=jr-basics__profile-item><div class=jr-basics__profile-icon><svg role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>Mastodon</title><path d="M23.268 5.313c-.35-2.578-2.617-4.61-5.304-5.004C17.51.242 15.792.0 11.813.0h-.03c-3.98.0-4.835.242-5.288.309C3.882.692 1.496 2.518.917 5.127.64 6.412.61 7.837.661 9.143c.074 1.874.088 3.745.26 5.611.118 1.24.325 2.47.62 3.68.55 2.237 2.777 4.098 4.96 4.857 2.336.792 4.849.923 7.256.38.265-.061.527-.132.786-.213.585-.184 1.27-.39 1.774-.753a.057.057.0 00.023-.043v-1.809a.052.052.0 00-.02-.041.053.053.0 00-.046-.01 20.282 20.282.0 01-4.709.545c-2.73.0-3.463-1.284-3.674-1.818a5.593 5.593.0 01-.319-1.433.053.053.0 01.066-.054c1.517.363 3.072.546 4.632.546.376.0.75.0 1.125-.01 1.57-.044 3.224-.124 4.768-.422.038-.008.077-.015.11-.024 2.435-.464 4.753-1.92 4.989-5.604.008-.145.03-1.52.03-1.67.002-.512.167-3.63-.024-5.545zm-3.748 9.195h-2.561V8.29c0-1.309-.55-1.976-1.67-1.976-1.23.0-1.846.79-1.846 2.35v3.403h-2.546V8.663c0-1.56-.617-2.35-1.848-2.35-1.112.0-1.668.668-1.67 1.977v6.218H4.822V8.102c0-1.31.337-2.35 1.011-3.12.696-.77 1.608-1.164 2.74-1.164 1.311.0 2.302.5 2.962 1.498l.638 1.06.638-1.06c.66-.999 1.65-1.498 2.96-1.498 1.13.0 2.043.395 2.74 1.164.675.77 1.012 1.81 1.012 3.12z"/></svg></div></div></a><a href=https://www.linkedin.com/in/dave-gallant target=_blank rel="noreferrer me"><div class=jr-basics__profile-item><div class=jr-basics__profile-icon><svg role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>LinkedIn</title><path d="M20.447 20.452h-3.554v-5.569c0-1.328-.027-3.037-1.852-3.037-1.853.0-2.136 1.445-2.136 2.939v5.667H9.351V9h3.414v1.561h.046c.477-.9 1.637-1.85 3.37-1.85 3.601.0 4.267 2.37 4.267 5.455v6.286zM5.337 7.433c-1.144.0-2.063-.926-2.063-2.065.0-1.138.92-2.063 2.063-2.063 1.14.0 2.064.925 2.064 2.063.0 1.139-.925 2.065-2.064 2.065zm1.782 13.019H3.555V9h3.564v11.452zM22.225.0H1.771C.792.0.0.774.0 1.729v20.542C0 23.227.792 24 1.771 24h20.451C23.2 24 24 23.227 24 22.271V1.729C24 .774 23.2.0 22.222.0h.003z"/></svg></div></div></a></div></div></aside></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.27c23e9259a01acff79c2e4d6c0e56713673c603840d96e8a252b6167e3108706294f823212428068f89451f34415ed350980671eacda0cb92f5fd6291d1ff4a.js integrity="sha512-J8I+klmgGs/3nC5NbA5WcTZzxgOEDZboolK2Fn4xCHBilPgjISQoBo+JRR80QV7TUJgGcerNoMuS9f1ikdH/Sg=="></script><script src=/js/flexsearch.6008453bea2c3113a5612f78b88f04db99ba8fb4ce62b8ee2facd2970062f3f2cf949bebc2b610a40366d44598c9a453b7c6d502e4089844ce707f118ae649db.js integrity="sha512-YAhFO+osMROlYS94uI8E25m6j7TOYrjuL6zSlwBi8/LPlJvrwrYQpANm1EWYyaRTt8bVAuQImETOcH8RiuZJ2w=="></script></div></body></html>
Reference in New Issue View Git Blame Copy Permalink