How to make the best router possible with PfSense

Why should you use PfSense instead? Nowadays when people connect to the internet, they just simply use a modem/router provided to them by their ISP, plug it in and get going. Many of these routers are small in nature that provide you with the minimal configuration needed and simplicity that is only meant for a single family home. While that may seem like an ideal solution, there are actually caveats to it:

  • A majority of the time they do not get proper firmware updates which is crucial for security.
  • The performance depends on whether or not your router can handle the internet connection speed(gigabit fiber for instance).
  • Configuration through the Web UI can be a pita sometimes with web pages failing to load and eventually crashing the router which forces you to reboot it.

What if I were to tell you that there’s a much better router out there. One with unparalleled perforamance and a near-limitless feature set that puts other routers to shame. What if this router was actually an old PC of yours sitting in a closet or basement collecting dust. We now can thanks to PfSense.

PfSense

PFsense is one of the most widely used open-source router operating systems in the world. Based on FreeBSD – a Unix operating system – it is capable of functioning as a dedicated firewall as well as an incredibly powerful router. Even PCs from the late 2000s are considered to be extraordinary compared to a SOHO router. Companies utilize PfSense as alternatives to other platforms such as Cisco or Juniper for routing/firewall, simplicity, and cost-effectiveness for deployment. Here’s what you’ll need to get started:

  • A PC, preferably one that you plan on not using.
  • A NIC(Network Interface Card) with 2 or more ports, depending on how many devices you plan on plugging into this router you can also opt for a network switch to get the job done.
  • PfSense installer Image which can be downloaded here.
  • USB Drive for installation of PfSense.
  • Image burning software such as Rufus(URL https://rufus.ie/) to create our bootable USB drive.

Note: When you are selecting an PfSense image to download, make sure the architecture is set to: AMD64 (64-bit), Installer: USB Memstick Installer, and Console: VGA.

Insert your USB drive and open Rufus, click on select and navigate to the folder where the image was extracted.

Rufus running displaying image burning settings.

As you can see, the PfSense installer image uses a different format which doesn’t require further configuration in Rufus. Click on start and then OK to confirm.

Once that’s done, go ahead and eject the USB stick from the PC, insert it into your PfSense machine and boot it up.

At the pre-boot screen, let PFsense auto boot into the installer.

Go ahead and hit accept by pressing the enter key.

Make sure that the option “Install” is highlighted and press the enter key.

Continue by highlighting the “Continue with default keymap” option and hit select by pressing enter once more, unless you prefer another keyboard language simply navigate up and down the menu using the arrow keys and hit enter once selected.

For this installation, we will be using the Auto (UFS) option for partitioning. Press enter, and wait for it to complete the installation.

Once installation is complete, press enter and enter again to reboot. At this point you should remove the USB stick from the PC.

After boot you will arrive at the setup screen. Valid interfaces are listed above which will be crucial to define during setup. You are asked if VLANs should be set up now? Lets leave this option for another time, type n and hit enter. You will then be asked to define a WAN port for your PfSense router. This is the port where all of your internet traffic will be going in and out. At this point plug in your modem/router to your PfSense system using an ethernet cable and type in the letter a, wait a few seconds then press enter. If it is unable to detect your NIC interface, type a valid interface listed above and press enter. For the LAN interface plug your computer into a port and type the letter a. Make sure your interfaces are correct, then type the letter y to proceed.

Wait for configuration to complete.

Your interfaces should look something like this. We will be using (LAN) ip address to log into the Web UI for setup.

Make sure your computer is connected to the LAN port of your PfSense machine. Open up your perferred web browser and type in the ip address into the address bar and hit enter.

A warning pops up, this is absolutely normal because PfSense uses something called a “self-signed certificate” by default and all web browsers do not recognize it as a trusted root authority. If you’re on Firefox, go ahead and click on advanced->Accept the Risk and Continue, Google Chrome advanced->Proceed to x.x.x.x. Once you have arrived at the sign in page, type in admin for the user and PfSense for the password. We can change them later.

Here you will be taken to the setup wizard to configure your PfSense machine with relative ease, click next and next again.

You will now enter some general configuration for PfSense.

Hostname – The name of your PfSense router to be identified on your LAN.
Domain – a domain name for your LAN only, it can be anything you want. e.g. myrouter.fun
Primary DNS Server – all queries made through your PfSense machine will be resolved by your WAN/ISP if left blank, but lets go ahead and put 1.1.1.1
Secondary DNS Server – Same as above, only if a domain cannot be resolved through the primary dns server, the second one will be queried. Put in 1.0.0.0
Override DNS – Make sure this one is checked so that we are enforcing the above configured dns servers.

Click next.

Change the timezone adjacent to yours. Click next.

You are now at the configure WAN interface page. If your PfSense machine is already connected to an existing router, it is best to leave the SelectedType on DHCP or if you have a cable modem that has been switched to bridge mode. If you have an ADSL/VDSL line, you can use SelectedType PPPoE and configure the PPPoE settings below if the modem is in bridge mode. Refer to your ISP/modem manufacturer’s guide for proper configuration. You can skip all of this otherwise and click next.

You will be asked to provide a new admin password for the WebGUI and SSH and to confirm it again, after that’s done click next. Click reload to reload the changes and click finish right after.

That’s it! You’ve finally finished setting up your spectacular PfSense router. This is just simply scratching the surface and there’s so much more that can be done in PfSense to expand and increase your overall performance/security. Next, we will adding Wifi functionality to our PfSense router. Click Here for more information.