Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Help about MediaWiki
FUTO
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Introduction to a Self Managed Life: a 13 hour & 28 minute presentation by FUTO software
(section)
Main Page
Discussion
English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
General
What links here
Related changes
Special pages
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Step 4: First-Time Configuration of pfSense == Now that you have pfSense installed on your device, it’s time to set it up and configure the basic settings. This step will cover configuring the '''WAN''' (internet) and '''LAN''' (local network) interfaces, setting IP addresses, and making sure everything is ready for further setup. <span id="connecting-and-booting-up-pfsense"></span> === 1. Connecting and Booting Up pfSense === <span id="connect-your-devices"></span> ==== 1.1 Connect Your Devices: ==== * Plug your cable modem into one of the Ethernet ports on your pfSense device. * Plug your desktop computer (the one you’re using to set everything up) into the other Ethernet port. * At this point, you don’t need more than these two connections. <span id="power-on-and-watch-the-boot-process"></span> ==== 1.2 Power On and Watch the Boot Process: ==== * Turn on your pfSense device. * You’ll see a lot of text scrolling on the screen as the system boots up. Don’t worry if it seems overwhelming—this is normal. * Pay close attention to the information displayed, especially towards the end of the boot process. Look for any text related to an '''IP address''' or '''interface name''', like what is pictured below: <blockquote>'''NOTE''': Interface names can be ascertained by looking at what is going on as the machine boots. This is helpful for later! Refer to images below. </blockquote> <span id="initial-configuration-steps"></span> === 2. Initial Configuration Steps === <span id="vlan-setup-prompt"></span> ==== 2.1: VLAN Setup Prompt ==== <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:lu55028jxaty_tmp_4cd80f0d.png </gallery> - One of the first prompts you’ll see is: '''“Should VLANs be set up now?”''' <span id="vlan-setup-prompt-1"></span> ==== 2.1: VLAN Setup Prompt ==== * What is a VLAN? VLAN stands for '''Virtual Local Area Network'''. It’s a way to create separate networks within your network. For example, if you have a switch with 52 ports and want to have five different networks all connected to your router with just one cable, you’d use VLANs. However, this is way too advanced for what we’re doing here. * You may see a bunch of random text appear before you have a chance to respond. Don’t worry, you haven’t missed your opportunity to input. You can still type ‘n’ and hit enter when you’re ready. * This is just normal open-source nerd UI/UX that is not designed for normal people. You will see a lot of this. That is why we’re here! * For now, press '''‘N’''' to skip VLAN setup. We’re setting up just one local network, so VLANs aren’t necessary at this stage. You may do this later with the wifi section to have segmented wifi networks for trusted & untrusted devices & to limit their access, '''but that does not have to be done right now and can be done later!''' <span id="wan-and-lan-interface-assignment"></span> ==== 2.2: WAN and LAN Interface Assignment ==== <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:lu55028jxaty_tmp_78cbbbb8.png </gallery> * Next, pfSense will show you which interfaces are available on your device. This is where you assign the Ethernet ports for '''WAN''' (internet) and '''LAN''' (internal network). * Pay close attention to the bottom third of the screen. You’ll see information about which interface (e.g., <code>em0</code> or <code>igb0</code>) has received an IP address. The interface that received an IP address is most likely your '''WAN interface'''. In my case, <code>em0</code> is the interface attached to Spectrum cable internet; makes sense that it’s sad… * Your desktop PC is not going to “provide” an IP address to the router; it is going to try to '''retrieve''' an IP address from the router. This is how we determine that the interface that has received an IP address is the WAN interface connected to our modem. * The names of these interfaces may vary depending on your hardware and pfSense version. Don’t worry if they don’t match exactly what you see in this guide. When prompted: # '''Enter WAN Interface Name:''' #* Input the name of the interface that received an IP address (e.g., <code>em0</code>). # '''Enter LAN Interface Name:''' #* Input the name of the other interface (e.g., <code>igb0</code>). Confirm the interface assignments when prompted. This tells '''pfSense''' which port to use for '''WAN''' (internet) and which for '''LAN''' (local network). <blockquote>'''NOTE''': This is the IP address that you would be accessing the '''pfSense''' web interface on. This is also your “gateway” address, i.e., what your computer connects to in order to get an IP address, and before it connects to any IP outside of this subnet (subnet = other devices on your LAN, e.g., cellphone, TV, file server, etc.). </blockquote> <span id="configuring-lan-ip-address"></span> === 3. Configuring LAN IP Address === <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:lu55028jxaty_tmp_ebc6f9c0.png </gallery> <span id="default-lan-ip"></span> ==== 3.1: Default LAN IP ==== After assigning interfaces, '''pfSense''' will show you the default LAN IP address, usually '''192.168.1.1'''. This is the IP address of your router ('''pfSense''') within your local network. Any device that connects to the router will be assigned an IP address in the '''192.168.1.x''' range by default. For instance, your PC may grab an IP of 192.168.1.46, 192.168.1.16, etc., if set to connect automatically via <code>DHCP</code> (Dynamic Host Configuration Protocol). <code>DHCP</code> means when you connect to a router it grabs an IP address/DNS server/etc. to you by default, “Plug N Play” style. This is the default configuration of most devices you will ever connect to the internet unless you went out of your way to re-configure them. This includes your computer, cellphone, game console, IoT devices, security cameras, etc. They’re all connecting via <code>DHCP</code>. <span id="changing-the-lan-ip-optional"></span> ==== 3.2: Changing the LAN IP (Optional) ==== Requirements: You don’t need to change this unless you have a specific reason to do so, such as conflicts with other networks you’re using. I have chosen to change it, and will be working with the following configuration throughout this guide. '''You do not have to follow what I am doing, but if you want to be able to copy & paste along with me addresses of things, feel free to do it this way, it won’t hurt.''' # '''Set Interface IP address''' #* The number for the LAN interface was <code>2</code> in my case # '''Configure the new LAN IPv4 address via DHCP''' #* Choose <code>n</code> #* This isn’t referring to having DHCP so that clients who connect can get an IP address. This means should this interface have a dynamic IP itself, meaning the the router/gateway would have a different IP each time we connect to it. There is no need for this. # '''Enter the new LAN IPv4 address''' #* <code>192.168.5.1</code> is my LAN IPv4 address that I will choose for my router. #* This is where your '''pfSense''' router will be accessible via web browser. This will be your gateway address, and this will be your DNS server. # '''Enter LAN IPv4 subnet bit count''' #* <code>24</code> is the subnet bit count #* (This is shorthand for a subnet mask of <code>255.255.255.0</code>). # '''IPv4 upstream gateway address''' #* Press enter for none. # '''Configure IPv6 address for LAN interface via DHCP6''' #* Press <code>y</code> , we’re not using IPv6 in this guide anyway. #* I hit <code>y</code>, you can hit <code>n</code> and specify an address manually, but I will not be using IPv6 so it makes no difference to me, no need to specify an address I have to remember for something I will never use. #* You’re welcome to set up an IPv6 home network if you want; I am not covering that here. <span id="dhcp-setup"></span> ==== 3.3: DHCP Setup ==== # '''DHCP (Dynamic Host Configuration Protocol)''' automatically assigns IP addresses to devices on your network. This makes it easier to connect new devices without manually configuring IP settings on each one. This is what allows clients to be able to get an IP address automatically as soon as they connect via Wi-Fi or with an ethernet cord into your switch. You want this so that by default people can go online without having to specify their IP manually. # When asked if you want to configure DHCP, choose '''Yes'''. # Set the DHCP range. This is the range of IP addresses that will be assigned to devices on your network. For example: #* '''Start Address:''' <code>192.168.5.2</code> #* '''End Address:''' <code>192.168.5.254</code> # Since we have our router on <code>192.168.5.1</code>, the next address that’s available is <code>192.168.5.2</code> which is the start, and <code>192.168.5.254</code> as the end. # For ''Do you want to revert to HTTP as the webconfigurator protocol'', choose <code>n</code>. No need to use HTTP instead of HTTPS. We’re never going to connect to this without a VPN anyway, so HTTP vs HTTPS isn’t the biggest security deal in the world, but it’s a good practice to use HTTPS whenever possible. This allows up to 254 devices on your local network, which is more than enough for most home setups. If you have more than 254 devices at home, you’re likely not reading a beginner’s guide from a board repair person cosplaying as a sysadmin. If you want to go crazy, you can do a different setup entirely: change the LAN IP to something even less common if you want to avoid conflicts, such as <code>172.16.10.1</code> as a LAN IP, subnet 24. This would allow 254 devices that would be given IPs such as <code>172.16.10.2</code>, <code>172.16.10.30</code>, etc.—and your '''pfSense''' router web interface would be accessible on <code>172.16.10.1</code>. When you connect to other people’s networks, if you don’t disable LAN access in the OpenVPN android client, and their network has a <code>192.168.1.1</code>, and yours has a <code>192.168.1.1</code>… You see where this is going. Chances are they don’t have a <code>192.168.5.1</code> though. <blockquote>'''NOTE:''' If both your home network and a remote network you’re connecting from via VPN use the same IP range, you can end up with routing & connectivity issues. Let’s say you’re at a coffee shop. You connect via wifi. On their network, you are 192.168.1.3. You connect to your home network via your VPN, and you want to connect to your local mailserver… but you both have the same pos linksys wrt54g router, which defaults everyone to 192.168.1.*. so you try to connect to 192.168.1.3. Do you see where this is going? Changing your home network to a less common IP range can mitigate this risk. Always check the IP range of networks you frequently connect to and adjust your home network accordingly. Or, just make yours some weird-ass number that nobody else will be using. The latter works for me. </blockquote> <span id="finishing-up"></span> === 4. Finishing Up === At this point, the basic configuration is complete. You can now: # Unplug the monitor, keyboard, and mouse from your '''pfSense''' device. # Put away your keyboard and mouse. # Turn your cable modem off for a minute or two, and then plug it back in. Some modems get mad when you plug in a new router. <blockquote>'''NOTE:''' Configuring the LAN IPv4 address and subnet mask sounds confusing if you’re used to plugging in your 50 year old Linksys WRT54G & getting going. It’ll get easier with time, but for now, let’s go over what some of these pieces do. You can always come back to this later. '''What is the LAN IPv4 Address?''' The LAN IPv4 address is the IP address assigned to your router on your local network. All your devices from your computer, phone, or smart TV ''(if you are reading this and still using a smart tv…)'' use that address as the “gateway” to get to the internet & also to communicate with each other. The default configuration is that pfSense assigns <code>192.168.1.1</code> as the LAN IP address. This is the norm for most routers. * This address is special because it tells devices where to send data when they want to leave your network. For example, if your PC needs to visit <code>apple.com</code>, it sends the request to the router’s LAN IP (<code>192.168.1.1</code>, otherwise known as the gateway), which then forwards it to the internet. * If you’re not changing anything, you can stick with the default (<code>192.168.1.1</code>). I change it because everyone uses <code>192.168.1.1</code>. If you use a VPN or other networks frequently, changing it to something like <code>192.168.5.1</code> can avoid headaches down the line. If I am trying to connect to <code>192.168.1.1</code> on my home network, but <code>192.168.1.1</code> is the gateway IP of the wifi router my phone is connected to at my friend’s house… you see where this gets confusing. '''What is a Subnet Mask?''' A subnet mask is what defines the “size” of your local network. Your LAN is like a neighborhood; the subnet mask is like a property line that goes over how many houses can fit in the neighborhood. * The default subnet mask for most home networks is <code>255.255.255.0</code>. This tells your router that there can be up to 254 devices (playstations, phones, computers, etc) connected to your network. That’s a lot. If you have more than 254 devices in your house, you’re probably not reading this guide. * This subnet mask is written abbreviated as <code>/24</code> because the first 24 bits (the <code>255.255.255</code> part) of the address are fixed while it’s only the last 8 bits are available for device addresses. '''Why Configure a Static LAN IP?''' When you assign a static LAN IP to your router, you’re making sure that its address never changes. It would make no sense to have a router IP that changes constantly. Your servers & devices all need to connect to the router, so keep the router where it is. Moving it around senselessly makes no sense. It would be akin to Walmart changing its address every day. * Imagine your router’s address was constantly changing. One moment it’s at <code>192.168.1.1</code>, and the next, it’s at <code>192.168.1.87</code>. Your devices would be as confused as I am when I call a [https://www.youtube.com/watch?v=qFVwQCFhKSE New York state tax office]. * By giving a static IP like <code>192.168.5.1</code> to the router, I’m making sure that everything in your network knows where to go. '''Step-by-Step explanation if you’re still confused:''' '''Set Interface IP Address:''' - When it asks you to “Set interface IP address,” this is where you’re assigning the LAN IPv4 address. Think of it as giving your router its permanent address in your local network. Enter <code>2</code> to configure the LAN interface. '''Configure the New LAN IPv4 Address:''' - Here, you’re telling '''pfSense''' what address you want to use for the router. For example, <code>192.168.5.1</code> makes your router accessible at that address. - Remember: This is the gateway address that all your devices will use to connect to the internet. Write it down somewhere because you’ll need it later to log in to the '''pfSense''' web interface. '''Enter LAN IPv4 Subnet Bit Count:''' - This is where you specify the subnet mask abbreviated. For most home setups, the bit count is <code>24</code>, aka <code>255.255.255.0</code>. This allows up to 254 devices to connect to your network. If you’re just starting out, stick with <code>/24</code>. - '''To keep it simple when you see <code>192.168.5.0/24</code> what they mean is everything from <code>192.168.5.1</code> to <code>192.168.5.254</code>. ''' - ''Why not use a bigger subnet?'' Because you’re reading a beginner’s guide. How about you get one device to work in your broom closet before going for over 254? '''IPv4 Upstream Gateway Address:''' - This is asking if your LAN interface needs a separate gateway to reach the internet. Since your router '''is''' the gateway for your LAN, just press Enter to leave this blank. - '''Your LAN doesn’t need to forward traffic anywhere else because the router handles it.''' '''Configure IPv6 Address for LAN Interface via DHCP6:''' - You’re not using IPv6. Forget about IPv6 for now. We’ll get to how this makes using your VPN a nightmare later on. If you are not a datacenter or a sysadmin for amazon web services, you have no need for ipv6 in your life at this stage. </blockquote> <span id="accessing-the-pfsense-web-interface"></span> === 5. Accessing the pfSense Web Interface === Now that the basic network setup is complete, you can access the '''pfSense''' web interface to configure more advanced settings. # On your desktop computer (connected to the LAN port), open a web browser. # Go to <code>https://192.168.5.1</code> or <code>https://pfSense.home.arpa</code>. # You may see a security warning in your browser. This is because '''pfSense''' is using a self-signed SSL certificate, which is fine for local networks. Click '''“Advanced”''' and proceed to the site. # Log in with the default credentials: #* '''Username:''' <code>admin</code> #* '''Password:''' '''pfsense''' # Once logged in, you’ll be prompted to change the default password. Set a strong password to secure your router. <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:lu55028jxaty_tmp_d07f1499.png File:lu55028jxaty_tmp_d9cfd77d.png File:lu55028jxaty_tmp_e583100f.png File:lu55028jxaty_tmp_6d87d663.png File:lu55028jxaty_tmp_c9bf064a.png </gallery> <span id="initial-web-setup-wizard"></span> ==== 5.1: Initial Web Setup Wizard ==== # '''Set the Hostname:''' * Choose a hostname for your '''pfSense''' router. This can be something simple like “pfsense” or “home-router.” You will be able to access the router at <code>pfsense.home.arpa</code> once we set everything up with DNS later, instead of having to visit the router’s web interface based on its IP address. If you typed <code>roflcopter</code> into this box, you would be able to access your router at <code>https://roflcopter.home.arpa</code> rather than typing in [https://192.168.5.1/ https://192.168.5.1] – you get the idea. <ol start="2" style="list-style-type: decimal;"> <li>'''Set DNS Servers:'''</li></ol> * For now, you can use a public DNS provider like '''Google DNS (8.8.8.8)''', but we’ll replace this with AdGuard DNS or similar later for ad-blocking. * Uncheck the option to '''“Allow DNS server list to be overridden by DHCP/PPP on WAN,”''' so your ISP cannot override the DNS settings you choose. <ol start="3" style="list-style-type: decimal;"> <li>'''Time Zone:'''</li></ol> * Set the correct time zone for your location (e.g., '''US Central''' if you’re in Texas). <ol start="4" style="list-style-type: decimal;"> <li>'''Final Steps:'''</li></ol> * Once these settings are configured, hit '''“Next.”''' It’ll ask you to configure the WAN interface. Unless you have a funky setup, you need not change anything here. This is not for you to mess with. * It’ll ask you to configure the LAN interface again, but you need not touch anything, remember we already did this and the settings you put in earlier should be what shows up. * It’ll ask you to make a secure password; it is a good idea to set a secure password and save it in a password manager. No post-it note on the monitor nonsense! * You’ll be taken to the final page where you can apply the settings and restart the web interface. <span id="final-check-and-preparing-for-the-next-steps"></span> === 6. Final Check and Preparing for the Next Steps === At this point, '''pfSense''' is fully installed, and the basic configuration is complete. Here are some final steps and checks: # It’s a good idea to restart your cable modem when you make these changes, especially if it was previously connected to another router. # You might want to reset the internet connection on the device you’re using to access the '''pfSense''' web interface, especially if it was connected to a different network before. # Before we move forward to setting up additional features (like ad-blocking), make sure your internet connection is stable and working as expected. # Test your internet connection by browsing the web from a device connected to the LAN. # Remember, you can now manage everything through the web interface. You shouldn’t need to directly connect to the '''pfSense''' device with a monitor and keyboard again unless something breaks. Put the keyboard, mouse, and monitor plugged into that '''pfSense''' device away; we’re (hopefully) never touching that again. '''If you are, that means something bad has occurred.''' # If you encounter any issues, re-check everything you did. '''Congratulations!''' Your '''pfSense''' router is now set up and ready for use. Now the real fun begins. :) <span id="setting-up-freedns-for-dynamic-dns"></span>
Summary:
Please note that all contributions to FUTO may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
FUTO:Copyrights
for details).
Do not submit copyrighted work without permission!
To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:
Cancel
Editing help
(opens in new window)