Friday, April 27, 2007

.:: Pfsense : How To Setup Vlans ::.

Requirements:

• 1 unit of Soekris or pc install with Pfsense

Setting Vlans On Pfsense

Now we setup the vlans on the pfsense

1. Login to Pfsense
2. Go to Interfaces(assign)
3. Click on the Vlans Tab
4. Click the little + sign to create a new vlan

Now we have some settings like this :

Parent Interface: sis0 (or whatever your LAN)
VLAN Tag: 10
Description: VLAN10

Parent Interface: sis0 (or whatever your LAN)
VLAN Tag: 20
Description: VLAN20

Parent Interface: sis0 (or whatever your LAN)
VLAN Tag: 30
Description: VLAN30

Assign Vlans Interface At Pfsense

Now return to pfsense, and reboot it. Everything should work, we’re just enabling the vlans.

Now login to the pfsense again, go to interfaces(assign), go to interfaces tab, then click the + sign.

You should have:

LAN: sis0
WAN: sis1
OPT1: VLAN 10 on SIS0 (VLAN10)
OPT2: VLAN 20 on SIS0 (VLAN20)
OPT3: VLAN 30 on SIS0 (VLAN30)

Click save. Reboot the pfsense again.


Figure1 : Assign Vlan Interface at Pfsense

Now login to the pfsense again, and change the interface name from OPT1 to VLAN10, and then assign it the ip range 10.0.10.1/24 and click save. Do the same for VLAN20 (10.0.20.1/24) and VLAN30 (10.0.30.1/24)

Now go to the DHCP Server section on the pfsense, and you’ll see a new VLAN10, VLAN20 and VLAN30 at the top, which you can configure.

Make sure it is enabled, then click “Apply Changes”


Figure2 : DHCP Server For Vlan10


Figure3 : DHCP Server For Vlan20


Figure4 : DHCP Server For Vlan30

Setting Up Vlan Routing at Pfsense

After you have done that you will want to configure your firewall rules on the pfsense setup. In this example, Vlan10 can access to Vlan20 and Vlan30. Same as Vlan20, it can access Vlan10 and Vlan30. But for Vlan30, it just can access Vlan20 only.


Figure5 : Vlan10 Rules


Figure6 : Vlan20 Rules


Figure7 : Vlan30 Rules

And now, i'm finish with setup Vlans on Pfsense. U can try it by yourself.

Thursday, April 26, 2007

.:: Pfsense : How To Setup VPN (IPSec and PPTP) ::.

Now, we will go through details on how to setup VPN on pfsense.

Requirements :

• 2 unit of Soekris or pc install with Pfsense

Network Diagram :


Network Setting On Pfsense

Pfsense1 :
WAN IP : 10.10.100.222
LAN IP : 10.0.0.1
Gateway IP : 10.10.100.221

Pfsense2 :
WAN IP : 10.10.100.223
LAN IP : 10.20.20.1
Gateway IP : 10.10.100.221

Configuring the VPN Tunnel Between Pfsense (IPSec)

Now we setup the VPN tunnel on each pfsense

1. Login to Pfsense
2. Go to VPN (IPsec)
3. Click On Tunnels Tab
4. Click the little + sign to create a new VPN tunnel

Now we have some setting like this :

Pfsense1
Interface : WAN
Local Subnet : Type : LAN Subnet
Remote Subnet : 10.20.20.0/24
Remote Gateway : 10.10.100.223
Description : VPN FW 2
Phase1 proposal (Authentication)
Negotiation mode : aggressive
My identifier : My IP address
Encryption algorithm :3DES
Hash algorithm : SHA1
DH key group : 2
Lifetime : 28800
Authentication method : Pre-shared key
Pre-Shared Key : try@try@1234@aslah
Phase 2 proposal (SA/Key Exchange)
Protocol : ESP
Encryption algorithms : 3DES
Hash algorithms : SHA1
PFS key group : 2
Lifetime : 28800


Figure1 : Tunnels Configuration For Pfsense1

Pfsense2
Interface : WAN
Local Subnet : Type : LAN Subnet
Remote Subnet : 10.0.0.0/24
Remote Gateway : 10.10.100.222
Description : VPN FW 1
Phase1 proposal (Authentication)
Negotiation mode : aggressive
My identifier : My IP address
Encryption algorithm :3DES
Hash algorithm : SHA1
DH key group : 2
Lifetime : 28800
Authentication method : Pre-shared key
Pre-Shared Key : try@try@1234@aslah
Phase 2 proposal (SA/Key Exchange)
Protocol : ESP
Encryption algorithms : 3DES
Hash algorithms : SHA1
PFS key group : 2
Lifetime : 28800


Figure2 : Tunnels Configuration For Pfsense2

Configuring Remote Access IPSec VPN (PPTP)

Here we are using PPTP as a remote access VPN. The first thing we want to do is setup the PPTP server. To do this

1. Login to Pfsense
2. Go to VPN (PPTP)
3. Choose “Enable PPTP Server”

Now Pfsense have some setting like this :

Pfsense1
Server address : 10.0.0.252
Remote address range : 10.0.0.192/28

Pfsense2
Server address : 20.20.1.252
Remote address range : 20.20.1.192/28

Then we need to configure PPTP users. To do this

1. Go to VPN (PPTP)
2. Click On Users Tab
3. Click the little + sign to create a new PPTP user

Now Pfsense have some setting like this :

Username : testing
Password : test@test.com
test@test.com (confirmation)

Configure Rules For IPSec Tunnels and PPTP Users

In this example, we allowed any traffic can get through IPSec Tunnels while PPTP users can access everything.


Figure3 : IPSec Rules For Pfsense1


Figure4 : IPSec Rules For Pfsense2


Figure5 : PPTP VPN Rules For Pfsense1


Figure6 : PPTP VPN Rules For Pfsense2

Setting Up a PPTP Client on Windows XP

Here is an example to create a PPTP client on Microsoft XP

1. Accessing the Network Control Panel
2. Click “Create New Connection” in the left hand column of the “Network Connections” window
3. You are now presented with a Wizard. Click Next to continue
4. Select “Connect to the Network at my Workplace” from the menu
5. Select Virtual Private Network connection from the next panel



6. Name the connection
7. Now enter the IP or FQDN of the PPTP Server. (This can be any of the configured interfaces.)


8. If you are the system admin you will be asked if you want this to be for your use only or for anyone’s use. I suggest you limit it to your use only unless you want the VPN network to be made available to all user accounts on the workstation
9. Next you can either just finish or add a shortcut to the desktop. You are nearly done!
10. When you launch the client for the first time (hopefully from the icon you asked it to create from the wizard, if not then you will need to access the “Network Connections” window again and double click your new connection.) you will be asked for a username and password. Click connect when you are done with this and if all goes well you will connect to the PPTP Server

Wednesday, April 25, 2007

.:: Pfsense : How To Install : Part 3 ::.

Installing pfSense to harddrive

After we go through the Initial pfSense configuration, we're ready to install pfsense to the harddrive. Run option 99 from the shellmenu now. The configuration you did will be transferred to the harddrive by the installer.

First you get some settings to localize your keyboard or change your console appearance. Change what you need or just go one by accepting the settings.


Next pfSense will present a list with detected suitable install medias to you. Please make sure you are not accidently overwriting data you still need. It's recommended to have a dedicated media only for your install. Any other constelations are not officially supported. Choose your media and hit enter to continue.


You should format the disk to prepare it for the installation. Beware this will whipe your entire media!


At the next step pfSense will show you the detected drive geometry. You should leave this the way it was detected as long as you don't run into any troubles while installing with these settings. In case you get errors try to alter your bios settings before manually entering values here. Setting your drive from auto to lba or chs in bioas already might help to detect the right settings.


Now you are at the point of no return: Only hit "Format xxX" if you are really sure there is no valuable data left at this media!


The media is now prepared to continue with partitioning. Just hit enter to move on.


PfSense suggests using the complete space of your drive for the installation. You usually should just keep this setting and move on to the next step.


In case your partitioning was the same like before as this is a reinstall confirm the changes.


You typically can confirm the following step. If you encounter problems with the bootloader after the installation is done rerun the installation and check "Packet mode" at this screen.


Select the just created partition as target for your installation.


Confirm this step. In case you skipped the above settings this is the point where your data on the media will be overwritten.


PfSense suggests a setting for your subpartitioning now whcih you usually should just keep.


After accepting the above settings pfSense is starting to transfer the system to the prepared media.


You will be asked after a short time to remove the CD and reboot the system to boot your new install.


The system is now going down for reboot and your installation is finished

Monday, April 23, 2007

.:: Pfsense : How To Install : Part 2 ::.

Initial pfSense configuration

Assigning Interfaces

The first time pfSense boots up it will ask you to assign the interfaces if it has not found a config file or interface configuration is different from what was found in the config file.

VLAN's

You now have the option to assign VLANs. If you don't need VLANs or don't know what VLANs are, choose "No" here. VLANs are optional and are only needed for advanced networking. You as well need VLAN-capable equipement if you plan to use it. (Better description and config steps still needed here)

LAN, WAN, OPTx

The first interface it asks you to assign is the LAN interface. If you know the interface you want to assign to LAN, enter the name of the interface like "fxp0" and hit enter.

The second interface you have to assign is the WAN interface. Enter the appropriate interface like "fxp1" and hit enter again.

At least you need two interfaces (LAN and WAN) to setup pfSense. If you have more interfaces available, you can go on and assign them as OPTx interfaces. The procedure is the same like previous one.

Auto Assigning Interface

There is another procedure to assign interfaces which is especially designed if your Nics are all of the same kind and you don't know which physical nic matches which detected nic as they all then will appear for example as fxpX. In this case you simply can enter "a" when you are asked for the nic name.

PfSense now is waiting for a linkup event at one of the nics. Just plug in a cable to the nic you want to assign and wait for the link light to turn on at the nic. Hit enter after that. pfSense has detected the linkup and you can continue with the next interface.

If you have no more interfaces left just hit enter without entering a nic name and apply the settings by confirming them with "y".

Finishing steps

PfSense now will make the finishing touches to configure the interfaces.


After it went through the configuration you'll end up with a shell menu and a number of options.

.:: Pfsense : How To Install : Part 1 ::.

There are basically 2 different platforms :

1. Embedded
2. LiveCD / Harddisk Install

1. Embedded

The embedded builds are made for embedded hardware platforms like the popular PC-Engines WRAP and SOEKRIS 4X01 amongst many other suitable platforms.

Writing the image

You can download the embedded image from one of the pfSense mirrors. When using a windows machine the easiest way to write your media is with physdiskwrite.

Place physdiskwrite and the pfSense image in the same folder. Attach the media you want to store pfSense on (i.e. CF-Reader and CF-Card). Then issue the following command:

physdiskwrite pfSense-embedded-x.x.img.gz

Physdiskwrite will show you a numbered list of suitable devices (USB-stick, CF-cards in USB-readers, harddisks,...) . Enter the number of the desired media.

BEWARE: By choosing the wrong destination you might as well whipe one of your harddisks! Check and recheck your selection again!

Booting pfSense the first time

After your media was succesfully written place it in your system as bootmedia. Check your BIOS to select the correct bootpriority and configure the device. If everything is configured correctly you should see the kernel beginning to load. At systems with vga the output will stop displaying a "/" at the screen. From that point on all output is at COM1. Please check the bootup process there by using a null modem cable and a terminal program.

The image has a default config that works with the WRAP and the SOEKRIS. With these platforms simply connect a client to the LAN Interface and it gets an IP by DHCP. You can access pfSense at 192.168.1.1. Logon with user "admin" and password "pfsense". If you are using a direct connect from your client to the pfSense interface remember that you need a crossover cable. For other systems please continue at "Initial pfSense configuration" as you most likely have to assign interfaces before you can access pfSense's webgui.

To download physdiskwrite and the pfSense image, click url below :

Physdiskwrite :

http://www.sharebigfile.com/file/151428/physdiskwrite-exe.html

Pfsense Image :

http://www.sharebigfile.com/file/151427/pfSense-img.html

2. LiveCD / Harddisk Install

U can running pfsense on the pc using the CD as a boot drive. You need a CD-Burner and a CD-Writing application that is capable of writing a CD from an iso file. A system with at least 2 nics and a CDROM to boot from is needed.

The Install option

At the same time the LiveCD is the installer which can setup pfSense to your harddisk. It's recommended that you first configure pfSense before you run the installer (option 99 at the shell menu).

To download LiveCD, click url below :

LiveCD (ISO Format) :

http://www.sharebigfile.com/file/152148/pfSense-1-0-1-LiveCD-Installer-iso-gz.html

.:: Pfsense : An Open Source Firewall ::.

Hi. Let's start with Firewall first. I'm implementing an Open Source firewall in my network place. I'm using Pfsense. U can read it more, download it and try it at :

http://www.pfsense.com/

Minimum hardware requirements
All platforms:128 megabytes of ram
Embedded:128 megabyte compact flash card
Full installation:2gb hard drive or larger
LiveCD:USB Keychain for configuration storage

Try it out and have it fun. Later i'll describe a detail step by step installing the firewall.

Welcome

Hi, thanks for drop by, this blog represents my daily technical life and experiences that i encounter. By doing this, i can share, i learn more, the more i learn, the more i share, nice cycle.