pfsense - "I am stuck in the mud"

Discussion in 'privacy technology' started by Palancar, Apr 1, 2014.

Thread Status:
Not open for further replies.
  1. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Sorry for the drama in the title but it sums it up. LOL! I started a new thread because my project takes a new twist. A couple of weeks ago I started a project where I would use windows for a host OS and then I would use pfsense for my vpn connection, lockdown, etc..... Pfsense now works fine on my windows machine to the extent I can easily configure it and it finds wan, etc...

    I now want to do the same thing with 100% Linux. I loaded 13.10 bare metal and updated the OS and virtualbox. I am using /boot on a flash stick and all is booting fine. I grabbed the 2.0.3 official ova and setup a pfsense VM using it. The linux partition is lvm encrypted but that should not play a factor here.

    I am stuck in that I cannot get pfsense to find wan or even to bring up the configurator. On my windows box pfsense "sees" the intel hardware (or is provided the info by pfsense/windows) and the connection is solid as can be. When I look at the settings - network - adapters for pfsense under Linux the adapter shows as bridged el0 but there is nothing at all specific for the connection.

    I am unable to pull up either LAN. I use two 192.168.1.1 router panel and 192.168.2.1 pfsense Lan (I assigned the pfsense lan). On the host linux OS I can instantly pull up the router panel and my root connection is all there.

    Maybe someone here can give me a clue how to setup wan and ntp in pfsense on the linux platform. If I could gain access to the configurator that would be a start of course.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I don't recommend using the ova. Just use the standard LiveCD installer.

    Also, use the 2.10 release. There are many cool features.

    It should work following my guide at <https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-6>.

    What version of VirtualBox are you using? Version 4.3.8 had a serious bug (I forget what it was) and so does 4.3.10 (the latest). Shared folders don't mount in Linux, unless to add a link. See <https://forums.virtualbox.org/viewtopic.php?f=3&t=60921>.
     
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I noticed the post over on Air about pfsense 2.1.1. Do you have any better idea of when that will be released? I might wait a day or so if that is all it is.

    I am not on my Linux machine right now. I updated/upgraded virtualbox in the last week to whatever version "linux" is using on ubuntu 13.10. I grabbed it directly from the software center there.

    BTW - for security reasons I don't use shared folders at all. I do use the extension pack so I can personally enable/authorize a specific usb flash to connect to a VM. I use that flash to move files between VM's and the host as needed. The flash is 100% encrypted and I have TrueCrypt on all the machines. Its inconvenient but quite secure.

    Thanks for the suggestions.
     
    Last edited: Apr 2, 2014
  4. root_my_face

    root_my_face Registered Member

    Joined:
    Feb 11, 2014
    Posts:
    10
    IIRC there are 2 'configurators' in pfsense. One is the remote web interface and one is the localhost command line / terminal. Are you unable to access both/either?
     
  5. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I have tried to open the configurator via pfsense LAN in Firefox and no other way. Firefox was in another VM sharing the private internal network adapter. I assigned a new pfsense LAN of 192.168.2.1 and it works slick on my windows machine via a 2.0.3 virtualbox VM (ova). I needed to change pfsense's LAN so I can still use 192.168.1.1 to open my router admin panel when I want to. Works slick on 7. Trying to get this over to 13.10 host using pfsense, virtualbox, linux VM.

    Do you think moving/copying the VM's from windows and simply changing the adapters would cause a problem? I did not rebuild the Linux VM from scratch. fyi - the linux VM I am testing with is a 12.04 machine, linked to a 2.0.3 pfsense ova, hosted on a 13.10 updated host. The host is connected with a normal router method for now and the connection is solid as hell.

    pfsense does not see wan. I cannot open the configurator on the linux box. I am downloading 2.1 livecd to build another pfsense machine shortly. When I build it my main concern is to figure out how to find wan and by default then ntp. Once I gain configurator access I can edit ntp. Suggestions?
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    The WebGUI configurator is available only via browser on separate machines with GUI desktop environments. The console (pfSense VM window) has only basic commands, and some things (such as changing interfaces and IP addresses) are best done there, rather than in the WebGUI.

    If pfSense has just one interface, WAN, it will auto-create a rule allowing WebGUI access. Once it has a second interface, which by default it considers to be LAN, it auto-creates a rule allowing WebGUI access on LAN, and removes the one on WAN.

    It will do that, by the way, even if the second interface is a VPN, and you will lose WebGUI access unless you've created a custom rule allowing WebGUI access on WAN ;)

    I've never tried that. I just use a browser on another machine on physical LAN to manage the router.

    I don't see the necessity of physical router access from the Linux VM. Mixing layers like that seems like a security risk, actually.

    I don't know. VirtualBox may do things differently on Windows vs Linux.

    If that's so, WAN is misconfigured. Start pfSense, and reassign interfaces in the console. pfSense will prompt you with the interfaces that it sees, typically em0 and em1 for Intel PRO/1000. Unless you know otherwise, let it get its WAN IP via DHCP.

    If you don't see em0 and em1, stop and go back to the VirtualBox network setup window, and set both adapters to Intel PRO/1000 MT Desktop. If you don't even see two interfaces in the pfSense console, there may be a hardware/driver problem that's preventing VirtualBox from providing usable virtual adapters to pfSense.

    When configuring LAN in the pfSense console, did you enable DHCP server? If you didn't do that, your Linux VM won't get an IP address, and so won't connect to anything.

    pfSense will guide you through configuring WAN and LAN, when you boot the first time after completing the install process. There are (at least) two ways to go wrong with the pfSense install. First, if you don't hit "i" as the LiveCD is booting, it will go into LiveCD mode. It will accept WAN and LAN configurations, but they will be gone after reboot. Second, if you don't stop pfSense after the install finishes, and remove the LiveCD ISO, it will boot into LiveCD mode, rather than booting from the virtual HDD.
     
    Last edited: Apr 2, 2014
  7. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Agreed. You may have misunderstood my post. I only access the physical router from LAN using FF on the host OS and not from any VM's. I just thought that pfsense could use a different LAN so I created 192.168.2.1 just to be sure. And again it works like a charm on 7 Pro.


    After reading your post and thinking about this: I am going to rebuild the Pfsense and Linux VM's using virtualbox in LINUX just to eliminate that as a possible error source (meaning not just using machines/VM's created in windows and its virtualbox version). It may make no difference but it won't take that long to find out.

    You may be unto something about my adapters being missing/messed up. On my windows machine all the intel stuff shows up fine, but not on linux. I really think once I rebuild and use only linux to do it I may have much better results.

    Stay tuned!
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    OK, cool. I did misunderstand you.

    If pfSense (or any machine) sees the same network on two interfaces, it won't route between them, or typically even at all unless they're teamed.
     
  9. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    fyi. considering taking some time off this project.

    For some reason pfsense loves 7 Pro but doesn't like Linux AND its on the exact same machine. Go figure.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I suspect that it's some hardware/driver issue. In particular, do you have Realtek NICs?
     
Loading...
Thread Status:
Not open for further replies.