Building a Business - Ep. 2 - Firewalls | pfSense vs OPNsense
hi guys and welcome back to another ibra corp video really appreciate you guys coming and checking out today's video this is the next episode in our series on starting a business based on open source products and in this episode we're looking at setting up some little advanced networking which involves pfsense and opensense as well this will work hand-in-hand with our last episode where we've shown you now the setup of proxmox and getting ready to get our business server up and running now it's worth noting that it's not essential for you to necessarily have to use pfsense or opensense whatever you prefer we'll go through all that stuff in the video and you can make your mind up whether it's something you want to use but we're going to show you anyway because we do highly recommend you guys look at some advanced firewalls but at the same time this will actually make your life easier when handling proxmox because we want the firewall to be something independent at times and that can make things a lot easier to manage also a big thank you to brian from the awesome open source channel thank you for covering me this week for this video i was absent due to some family issues and just needed some time off make sure you check out the content from both our channels if you're interested links in the description there's plenty of content there i think all of you guys really enjoy please don't forget to like and subscribe with all that said let's just jump into the video where brian will now show us pf sense and open sense on our home lab and see how we can get going with some advanced networking it's europa source advocate and i'm back with another video and today we're continuing our building of business on open source series now today i wanted to talk about some networking because the first video that evoke and i did was really about setting up the backbone of our infrastructure and in that case we're using a server and we're running proxmox on it now proxmox is terrific for several reasons i've looked at some other open source virtualization servers and there's some really great stuff out there so there is xcpng with zen orchestra on top of it that's awesome it's a really amazing system but it doesn't support lx containers out of the box now you could do that on a vm that you set up inside of there but now you're setting up a vm to set up virtual machines on top of and it just kind of continues so in order to get the best performance we're really going to use the proxmox layer with lxc on top of it or we're going to use the proxmox layer with a vm on top of it but today building on that momentum of having proxmox as our backbone for our infrastructure our server our starting place of where we're going to build our business and really take this as i'm not trying to jump out and build a 700 person company day one i'm starting off and it's me and maybe me and two other people you know a small group of people trying to accomplish something and we expect that the company will grow over time and we can grow our infrastructure with it we just need to plan ahead it is so vital that we plan ahead for what we want to do in the long run so today i'm going to cover two things i'm going to cover installing pf sense and just getting it up and running at the basic level because we will add vpns and we will add vlans and we'll add all kinds of things to it as we go along in the series and as those things become necessary again planning ahead is really important so we know that we want to do those things but first step is just get it installed and get it to where you can use it now i'm going to cover both pf sense and open synths today because i know you guys are kind of split on which one is better i have used both for my purposes as a home user who just wants a little bit of extra control they have both been terrific tools they are both incredible tools there's just not enough difference for me to be able to say one is better than the other the only thing i can say for sure is that open sense definitely gets updates much more often much more frequently and that's because that's how their model kind of works they give you updates much more frequently now pfsense will give you security updates if you need them but as far as like new features and new rollouts that's a very timed thing and they do it on a very um i guess gradual pace it is definitely not the same the same fast pace that open sense does so with open sense you get a lot more updates but that also leaves room for breakage so you got to be a little bit careful about that again planning ahead making sure you've got good backups in case something goes wrong and then you can pull that system back up to the way it was right before you did the the upgrade things like that are really important okay all that said we're going to jump into the install right after this all right first thing you want to do is actually get a copy of pf sensor open sense now for our purposes we're going to start with the open source version that's fine they have other options where you can definitely pay you can go and buy an appliance from pfsense if you want to from netgate really great software really great hardware working together that makes it really an amazing product so definitely get over there and check out their products as well we're gonna move over here to the download link we're just gonna click it's going to bring you to this page and it's going to take the latest stable version in the community edition so down here is 260 you're just going to hit on select right here for the architecture you need to pick whether it's a netgate adi or amd 64-bit now this is expecting amd 64-bit there is not an arm version for pf sense next thing you want to do is get the type of installer you want so if you're if you're going to install this like i am on proxmox you're probably going to want to get the dvd iso installer if you're going to put it on usb stick and then use that to boot up some hardware and i'll show you a couple of different things that we could use it on you get this one so just kind of know what you're going to be putting it on ahead of time and then click on the one you want and then pick a place that's close to you and click on the download button that's going to start downloading the image that you need and then just let it finish now we're going to jump over to opensense it's the same exact process same thing we're going to go up here to the download in the upper menu we're going to click we're just going to move down here and you're going to again pick your architecture they've got it defaulted to amd64 that's really the only architecture type they're giving me now vga is a little bit confusing but if you're going to do this off of like a usb memory stick i think the vga is the one you want if you're gonna do this off of a dvd where it's an iso you're gonna pick dvd if you're gonna try to do it through a serial port you'd do that so you have a few different options here but so just remember vga if you're gonna do a usb memory stick or dvd if you're gonna do this on proxmox like we are today pick your mirror location so again pick a place that's close to you so this one kind of picked one that's not too close to me so i'd go here and pick something like leaseweb east coast and then again click download and it's going to start downloading that iso file that you need now i've already got these downloaded and set up but once you get them downloaded you can go into proxmox and we'll go into proxmox right here and if you've set up proxmox the way that we did last week what you're going to find is that if you expand your your node you should have a volume that says local if you didn't set up a special folder to store your iso images or your ct images your container images then you're going to have this kind of local drive and you're going to click over here and you'll see isos now mine's empty right now but that's because i've set up a special folder it doesn't really matter how you do it as long as you have room to hold the isos that you're going to be building from that's the only thing so if you start seeing like i've got 30 iso's in here and i'm running out of drive space go and get rid of some of the isos that you don't actually need anymore if you've done the install you're not going to install it again you're just going to use backups of the one you did just get rid of those isos that are that'll free up room it's not a big deal but for us i'm going to go to my iso's collection here here you can see i've got all my iso images so some things that we're going to be working on later some things that we're going to be working on today but right here you can see i've got pf sense and then right up here i've got open sense so we're just going to do these installs today so if you don't have them there yet if you're on this local and you go to your iso images and there's nothing there you just do upload and then go select that file from your local machine and then upload it it's really simple it's going to upload right to here you'll see it when it finishes and do the same thing with your uh opensense iso as well just make sure they're both uploaded right to where you need them here on the isos area and then when you're ready you're going to go back up to your node now you can do this several ways you can right click here and say create vm you're going to want that first option that says create vm or you can go over here and click this button at the top that says create vm just click on that button it's going to come up and start asking you for some information now so i'm going to start at 130. i haven't used 130 in the past i'm going to call this pf sense really simple i don't have to do anything else on this screen i'm just going to click next the second screen wants to know where do i get this iso from so it automatically picks ct images because the first thing in the list i'm just going to switch that to my isos file i'm going to drop this down and i'm just going to go down and find pf sense in the list and i'm going to click it we're going to leave it as linux and just leave it on the 5 4 kernel and click on next now once you get to the graphics screen we're just going to leave this alone we don't need to change anything here so we can just click on next now it wants to know where do you want to put this thing so hopefully you've got your storage already set up if you watched our first episode about installing proxmox you'll have heard the part where i said make sure you have your storage in place before you install proxmox it just makes it easier because proxmox just finds that storage that's in place when you're doing the install so i'm going to go and pick a different location because ct images where i store my container images isos is where i can store my isos so as i go down the list here i can see different places where i have storage and i know that some of the storage is ssd and some of the storage is regular spinning drive so i want to use something that's an ssd and in this case i've named them so it's easy to find so i've got one called vms and i've got one called vm clones now i don't really use vm clones for the clones right now but i will in the future so right now i'm just going to start with vms and then you can see here that it allocates a little bit of space i'm going to set this to 40. i don't think there's anything else that we need to do here so just click next now here they want to know how many cores and how many sockets do you want to use so my my server has two sockets so two different cpus and then it has 12 cores per cpu which is really 24 threads so it sees that it's 24 cores per cpu i don't need all of that for psense to run so i'm just going to give it four cores now kind of you can run this on two cores with two gigs of ram i think you don't have to have four cores just do what makes sense for the hardware that you have i'm gonna give it four cores because i've got enough space to do that now all this stuff if you don't see this it's because i have the advanced checkbox checked if you if you uncheck it this is what it looks like so this may be what you're seeing but if you just check the advanced checkbox you'd see all this stuff down below there's nothing that we need to change on the screen from the advanced checkbox so just set your course and click next now also know how we want to allocate memory so remember i said it could use 2 gigs you could just leave it at 2 gigs i'm going to do 40 96 that's 4 gigs and then i'm going to click on next the next thing it wants to know is our network setup now this is the reason we're installing pf sense so you need to understand what you have for network hardware on the server if you're going to run this on proxmox so i'm going to uncheck this because i actually have so this is the back of my server and if you look right here it says 10 gigabit these two ports are 10 gigabit ports now this is my my bridge my my actual internet coming in right now but then you can see these are one gigabit so i've got two 10 gigabit ports and two one gigabit ports on the back of this server that i can choose from to actually set up proxmox so what are actually set up pf sense so what i'm going to do is set up these two ports for psense and i'll use the same two ports for the open sense install just so you can see what we're going to do to set those up and you just need to figure out which one is which now when we set up the wan and the lan i'll show you in the interface you can just switch the ports if you get them set wrong you can just switch the wires literally because these are so close but if you're setting this up on other hardware it may make a difference on how you set it up the other hardware that i have that i'm going to run this on is actually an hp um thing that i bought online it was pretty cheap and it's it comes with a four port one gigabit each each one of these is one gigabit and then i've got this one up here that's built in that's a one gigabit so i've got this card plus this one so i've got five ports here so i can use one for the wan and one for the land or i can have multiple lands i can set up separate vlans off these different ports if i want to so there's a lot of options you can do with this little kind of mini sized hp box so i've got actually two pieces of hardware and it depends on what you're running as to how you'll do it but just know what you have for your network hardware and how you want to run that and that'll really help you out in the long run all right so we're going to say no network on the proxmox install for now we're going to click on next so we're just going to double check that everything here looks good and if it does you're just going to click on finish and it's going to go ahead and allocate that space and kind of create that starting virtual machine for us and if you look we have 130 right here that's psense now before we start it we're going to click on it we're going to click over here on the hardware section and we're going to kind of check out the hardware section you'll notice we don't have any network stuff here that's because we didn't create any so we're going to do is we're going to click on add and now my network card in this in this server is a pci e pci express card so i'm going to go down here to pci i'm going to click on it now i'm going to expand this drop down and this is going to show me all of my pci devices let me let me make this a little bit bigger for you guys on the on the mobile devices if i scroll down i'm going to see here's one that says ethernet controller 10 gigabit ethernet controller 10 gigabit and then it's going to have a blank space and then i have my two one gigabit ethernet controllers so these are the ones that i want to allocate so i'm going to click on this first one in the list and then i'm just going to let it kind of be there and i'm going to click on all functions and we're just going to click on add so i've now added that 10 gigabit ethernet card i'm going to go add the second one because i want to have at least two for pf sense i want one to be wan that's the internet coming in and i want one to be the land which is going out to my local area network so i'm going to go back to pci and i'm going to drop this down i'm just going to go find that second one gigabit a card right here that one gigabit slot i'm going to click on it and again i'm going to click on all functions and then i'm going to click on add so now i've got these two pci cards set up right here that's what we're wanting now from here we can start the virtual machine and actually get it running um so i'm going to do that and then i'll go and we'll do open synths and we'll do the exact same process honestly if you're following along and you're already got open sense there you're going to go through the exact same process that we just went through for psense except you're gonna pick the open sense iso at step two okay so to set up opensense as a virtual machine inside of your proxmox box we're going to do the same exact process that we did for pfsense we're just going to either right click here and say create vm or we can go over here and click on the button for create vm it's kind of up to you how you do that but if we click and we do create vm we're going through the same process we're going to give this a number that's not already been used and then we're going to give it a name that we can identify it with so open sense should work fine we're going to hit next we're going to tell it where the image is for open sense so you pick your images file and we're going to go down here to open sense right there we're going to click next here we're just going to leave the default graphics card nothing there to change and then here we're going to tell it where we wanted to create this vm so we'll do it on vms we're going to give it 40 gigabytes we're going to hit next here we're going to do again four cores i have i have the head space for four cores you can do what you need to for whatever you're going to want to install and then on the ram again i'm going to do 4096 i think you only need like 512 to run these things but two gigs should be plenty i'm gonna do four gigs just in case but network so you can check no network for now and then hit next double check your settings and then you're gonna click on finish so just like before i'm going in and setting up my network and i've picked the 10 gigabit network device this time so i don't have a conflict with the pf sense box that i just created but make sure you go in again and if you're going to do this pick the network cards uh nics that you want and then set those up the other thing i didn't show you on open sense or on pfsense but that you want to do is you want to go to options you want to go here where it says start at boot and you want to double click where it says no check the box click ok and you'll see it turns to yes because you do want this to start it boot whenever you boot up your server if you have to reboot it for some reason because you won't have any any local area network when you do that unless you have redundancy with another server that's handling that job for you until this one comes back up so you definitely want this to start up whenever the server starts now that we've got our virtual machine set up we can just right click on the virtual machine and click on start you can you'll want to have the console highlighted here in the second panel or you can click on start over here we're going to click on start now this is going to start up our virtual machine and it should connect us to the console and we'll see the proxmox logo i'll go ahead and make this full screen and this is going to start logging us in now here you get some options but it's going to just auto start into the boot multi-user which is what we really want so option one there if you don't do anything it's just gonna start there so just let that run this is gonna do a bit of a startup process so it may take a minute be patient but this should bring us to a wizard that will run us through the installation of pfsense again this is going to be a very similar process for when we do open sense so we'll get to that one here in a minute once you get to this screen you want to check out the terms of service of course if you're going to accept that just go ahead and hit enter for accept next we do want to install psense if you have some other reason later to rerun this installer or this iso you can launch a shell so that if you're trying to do some kind of recovery a rescue shell you could do a record you know recover a config.xml so basically if anything happens that's where those backups come into play again we're doing this in a virtualized way so we can have a full backup and just bring that back up if we need to but for now we're going to choose install psense and hit ok if you need to change your keyboard layout or your language for any reason this is where you're going to do that so just arrow down until you find the one that you want so we'd come down let's just say we're going to do kha'zik we would highlight kazak and then hit select in my case i'm going to go right back to the top i just need to go with the default key map so i'm just going to do that and then if you tab you'll see it goes to cancel if you tab again it goes back to select we're just going to hit select now this part is really something for you to make a decision on and for you to understand how your system is set up i'm going to go with ufs bios which is the guided disk setup you could do guided route on zfs if you understand zfs really well and you want to use zfs for that you could also go with guided disk setup using uefi boot it's kind of up to you how you're going to set this up but it also depends on how you have your vm set up for me i'm just going to do bios and i'm just going to go ahead and hit ok so it's going to basically unpack the stuff that it needs it's going to go over and grab some some information that it needs so it's going to go through this kind of install process here just give it a few minutes to let that run so once that's completed it's going to say the installation is now finished and it says before exiting the installer would you like to open a shell in the new system to make any final manual modifications right now we're just going to say no if you do want to do that you can just tab to go to yes and hit enter and it would bring you to the shell so you can make changes we're going to do no and then it's going to ask us to go ahead and reboot the system and once we reboot the system we should come up into our regular install pf sense but one thing we might want to do is actually shut down the system versus reboot so you still have an option to get to the shell if you want to um so we're going to reboot and i'm going to escape out of this full screen and you'll see that it's going to shut down here very quickly there we go we want to go to our hardware list so you'll see that we have two drives we have our hard disk which is where we just installed pfsense and then we have our iso dvd so we just want to go ahead and click on that iso dvd we're going to click on remove and then just say yes so we remove the dvd now we can start psense again and again you get this similar selection menu again it starts on its own it'll always go into multi-user unless you tell it to do something different whenever it starts up like that but let it run to the startup and again i'll bring this up full screen all right so you can see that my lan has gotten 192.168.1.1 my wan does not have a cable connected
so your lan always is going to land on this 1.1 if everything is set up correctly you can change this whenever you're ready now the first thing you want to do is make sure you have the correct output ports set for your wan and your lan so i've got igb0 and igb1 set for my wan and for my lan so i can go to my actual hardware and plug in a cable and see if that comes up on my wan with an ip address all right i've plugged in my cable i'm going to try to get this view to refresh i don't see anything for igb0 yet let's go to one so we can see here we've got the we've got the bridge and then we've got igb0 uh we don't want to set up vlans right now so that's what it's asking about we will want to set up vlans eventually but for now we're going to say no so i'm going to leave our wan on igb 0 for now and our lan on igb1 and then i'm going to hit enter i'm going to say yes i'm just going to see if it pulls an ip address for this thing after it reconfigures it so it did not pull an ip address so we have kind of two options i can go physically switch the wire and see if that makes a difference to see if it's in a different port or i can switch which cable or which port is set up as the lan and the lan here in the interface it's kind of up to you how you do that but you'd go through the same process you would hit one you would hit no for vlan right now and then we would put igb1 as our wan and igb0 as our lan and then hit enter again and then say yes i want to proceed so this is just switching it through the software we'll see if that gets it i've got four ports i could be using just the wrong port completely but i think i'm on one of the right ones there we go so yes i switched it and i just had my ports backwards so yeah i've got my wand set now so this is my home ip address uh range so i know that i'm on the right port and now this is handing out 1.1 the way my home's set up i don't have the ability to connect my modem directly to the back of my box here in the office my server but i can see that i am pulling the address which is good that's what i want and this is the address that we're signing out now i can go to the web interface and configure my ip address for my lan if i want to but i can also do it here so i want to go through that for you guys as well and this is the same process for open sense just so you know so we're going to do two we're going to set interface ip address and we're going to set our lan so we're going to enter 2 again and now we're going to enter the new ipv4 address so if i wanted to go with uh 10.100.0.1 i can press enter and also know the subnet masks uh enters as bit counts so as in the cider notation so we're gonna do 24 because we want these three this is the subnet mask that we're looking for now if you want to do something a little bit bigger on your network you can absolutely do a 16 you get into a little bit more complex networking whenever you do this but for now if we just say again it's it's me two other people and some services we're gonna run this should give us plenty of space and plenty of headroom to grow a little before we have to switch out our networking at some later point so i'm going to say 24 for now then it says for when enter the new lan ipv4 upstream gateway address for a lan press enter for none so basically we're setting the lan this is really going to be our upstream gateway so we don't need to set an upstream gateway address that's why it says if this is if this is for your lan just print it press enter now if you're going to do ipv6 you are welcome to set this up i am not an ipv6 expert i do understand a little bit about how ipv6 is intended to work so right now i'm just going to leave this alone i'm just going to press enter and then do we want to enable dhcp server on the lan yes we do um a lot of times you want to have static addresses for a lot of things but you want to leave a little bit of room for some dhcp just because it makes things simpler sometimes especially when you're first starting out so we're going to say yes and it's going to ask us what do we want for the start address in the client address range so we're going to do 10.100.0.50
and then we're going to do 10.100.0.1 that'll give us 50 addresses or i think 50 yeah 51 addresses basically for dhcp and this is basically from our start to our end range and then we have all the rest of that for static addresses if we want to set those up and it says do you want to revert to http as the web no we want to use https for sure so don't always hit no on this question it's going to reset some things and it looks like everything took so we're just going to hit enter and you can see now instead of 192.168.1.1 we've got 10.100.0.1 as long as you fall in a private ip range for your lan you're fine so just just realize that you need to to make sure you have this set up correctly but this is pulling an address from my from my local network which means my wan is working correctly it's it's doing what i expect if it was connected to my um modem it would pull an address from my isp that's what i want okay i plugged in a cable to my system and i got an ip address so i am now 10.100.0.50 on my wired
connection and then i went to the 10.100.0.1 address and basically had to go through the prompt of a of a non-certified certificate so when you get to that you do have to go through that and then you'll log in with admin as the username and pf sends all lowercase as the password and when you come here it's going to tell you hey your psense password is it needs to be changed because the admin password is not secure so go ahead and click here it's going to bring you to the page where you're going to change the password and right here you can put in a more strong password and we should be set and it says let's see if you decide to purchase a net gate so they give you a little bit of information here but down here you can see that we've got our wan and it's in an upstate and we can check out our dashboard later but there we go we've got psense basically up and running that's great now we just need to get our open sense system set up all right we've set up our open sense the same way as we had our pfsense setup so i'm just going to click on start and again we'll just go full screen here and you'll notice it's very much similar menu it's just going to say open sense instead of pf sense and again it's going to kick into number one automatically unless you stop it and tell it to do something different so just let it run it's going to go out and try to find all the things that it needs as far as cables connections things like that just just like on psense it's going to run through some startup stuff and then we'll get into the actual installation wizard so the difference between pf sense and open sense is that it kind of runs through a setup that you can run it off of the iso um so if you look here it's already got uh it's it picked these things as the lan 192.168.1.1 and it picked the wan because it was able to detect a signal and already set it so it's actually got them set correctly igb0 igb1 but we want to install this we don't want to be running it off of a live iso all the time we don't have it installed so we can make changes and those changes are kept and so on so whenever you do an open sense installation you need to set it to you basically need to log in as the installer user and so there's a special login for that that basically tells it when you log in as that user to start the installation so if you look here it says you can log in as root to continue in live mode so that's what we're in now or you can log in as installer to start the installation so that's what we want to do so we want to do installer and then the password i believe is just o p n s e n s e yes so you're just going to use installer as the username and then o-p-n-s-e-n-s-e open sense as the password it's opn not o-p-e-n so detected my keyboard is us this is the same exact thing as we had on pf sense so if your if your keyboard is detected correctly hit enter if not move down and then make sure that you get the right one and then hit enter again the installation is kind of up to you you do ufs zfs extended local config it just kind of depends or load configuration file it kind of depends i'm just going to do the ufs gpt uefi hybrid is fine it's not something where i really have to have anything zfs wise so i'm just going to hit enter and now this is going to ask you which drive is your hard drive that you want to install on so if you're using like a 32 gig usb stick to put this on a different piece of physical hardware then i would suggest try to find a usb stick that's a different size from your internal hard drive so you can easily tell so in this case it shows one gig which is our dvd rom and it tells you it's dvd rom sometimes it doesn't tell you sometimes it says hard disk hard disk if you're using a usb drive so just just know that if it if it's not easy for you to tell try to use the size of the drive over here to help so in my case i made it a 40 gig drive so that's that's what i want to use for my installation media so i'm going to select that one and hit ok it says continue with a recommended swap partition size of 8 gigs yeah that's fine and then it says last chance are you sure you want to destroy the current contents so this is going to destroy whatever drive you're about to put it on so make sure and then use the left arrow to move over to yes or tab and then hit enter and it's basically going to go through the same thing as you saw with pf sends where it's going to extract some stuff it's going to do some installations and then it'll come up and it'll be ready so it says set up your open system is nearly complete and they have the root password change here so instead of going to the web gui you would do it here so we're just going to say change root password we're going to go ahead and say uh yeah let's do that and we'll type in whatever we want for our root password so make a nice long strong password and then you're going to retype it make sure it's the same both times and once you're done you can arrow down to complete the install and that'll exit and reboot and then press enter and it should reboot the system now again once it does the reboot you want to stop it here real quick if it's a if it's a virtual machine otherwise just pull your physical media real quick in between the reboot once it powers down you just want to go to your hardware tab find that cd iso and just do remove confirm it and then you can go right back to your console and start it back up so it's going to boot from the hard disk that's what we want again you can just let it go into the multi-user that's what we want so again a little difference from pf sense pss just loads right up to the menu on the attached monitor you're not really expected to run it with a attached monitor expected to run it headless but a little extra security here is nice so you do have to log in so if you ever start typing you don't see it typing in the window or if this thing minimizes again you need to click on the window just to get it active and then you can enter your password and now we've got basically the same options that we had in pf sense so we can do our interface assignments but you can see that our interface assignments are already good but if we need to change our assignments we can do it the same way we did by using number one and going in and telling it which interfaces should be what um the interface ip address stuff again we can we can change that so let's do that let's do number two and then we're going to do the interface which is the lan that's number one and it says configure ipv4 address lan interface via dhcp no we want to make it a static address and we want to give this one so the last one we did was 10.100.0 so i'm going to do 10.100.10.1 and then again we're going to give it the 24. we want this this top one if you if you really know what you're doing you want to set a little bit bigger thing you could do a 16 but for now we're going to do 24 because again we're considering ourselves starting out as a small business so again if if this was going to be something where we're setting up the win we would enter the lan ipv4 upstream but we don't need to do that we're just going to go ahead and hit enter here because it's the lan and configure ipv6 again um via wan tracking you can say yes or no we could say yes and do you want to enable dhcp dhcp server on the lan yes we do and then we're going to set up our range again so we're going to do 10.100.10.50
and remember you want to use the same ip range that you set up here now if you're doing this you shouldn't be doing both don't do psense and open sense for now you should be picking one i'm just showing you that it's almost the same process no matter which one you choose and then we're going to do 10.1.10.1 which gives us 50 or 51 dhcp addresses and do we want to change that to http uh from https no we want to leave it https and we don't need a new certificate that's fine they're self-signed no matter what you do and then restore the web gui access defaults no we'll just keep it the way it is it's going to reset up our interfaces and we should be back at this menu so if you want to reset your root password you can do that from here you can reset this thing to factory defaults if you mess something up you can always come here and use number four to reset the factory defaults and just try to start your configuration again so you've got room to make errors without having to just completely reinstall the system again five powers off the system six will reboot the system so so for some reason you can't reach the web ui and you need to reboot the system to see if that fixes it six okay um you can ping a host with seven you can get to the shell with eight which is a little bit different than what we're doing here this is a an interactive prompt set up here if you want to get to the main shell you can use number eight and get to the show and use commands if you want to do pf top from nine you can if you want to do the firewall log you can from 10 and and so on so you've got all these options of things that you can do here in the cli if you need to so if you ever need to connect a monitor and a keyboard to your system you can it's not really something you should have to do but in in this case we're running a proxmox that the nice thing is we've got this ability to kind of get to this setup without having to really mess with doing all of the other things that go along with really trying to get get to a head on a headless system so we can just come into this console and really kind of get to it so we should be able to open up the browser and go to 10.100.10.1 and we're going to get this warning again about the certificate so just whatever browser you use use the method to get through this and then accept it and here instead of psense you use admin as the login here you use root and the password that you created and the interface just looks a little bit different so you'll see that the starting in the initial configuration you know welcome to open sense and again they want to run us through a wizard that's fine we didn't go through the one on psense because we wouldn't change the user password and added a new user they have a few things they want to ask you but pfsense has the wizard as well so don't don't think that it doesn't so setting up your domain setting up the host name you know everything like that you can do those things it's important to kind of do those things so thinking of what your business is going to be and what you're going to call yourself could help you come up with what you want your domain to be um so if you want to call this opensense you can if you want to call it firewall you can that's fine i'm here on the domain we might want to call this let's just call this tech tech consult dot loc you shouldn't use local this is a windows type domain you could use like home if you want to things like that that aren't normal outside domains are probably better than using you don't want to use net unless you actually own this domain so you know you could use something like loc i think is fine english is my language if it's not your language or you're not your primary language you can change the language here your primary dns server in my case is just going to be some servers on my regular lan so i can do that 214 and 192.168.10.211. for you you would want to use whatever you're you're going to have but in my case i've got some pi holes set up that that would be the great dns setting here i'm override dns so allow dns servers to be overridden by dhcp ppp or wan no i don't want that now if you don't mind your your wide area network telling you what the dhcp server should be you can leave that check just fine it's kind of up to you how you set that up if you have unbound dns you can set that up as well so we're just going to hit next so this is talking about your time servers really nothing here for me to change except for my time zone so i want to go to america and i'm in america chicago so that's what i'm looking for should be close past it right there and then we'll do next make sure you set your time zone correctly finally ipv4 configuration type dhcp we've already kind of set this up there's really nothing for us to change in this case so we can just kind of move through this and just hit next and then here's our lan ip address we already set that we can just go to next so we did a lot of this stuff in the command line so that makes it a little bit easier to run through this again root password we've already changed we're good and now we're just going to reload it so it's going to reload everything in the background all of our configurations and our setup wizard reload is in progress so now we can click on our dashboard and we're going to see a very similar dashboard as to what we get with psense so i'm going to zoom this back out a little bit you guys will be able to see what's going on here so you get a lot of a lot of very similar information and again you can see your lan and your wan and and you can reconfigure this dashboard i've gone over this in other videos this is not something that's really pertinent to what we need to do today but right now as this sits with the setup that we've done we've got a firewall that we can use to connect to our modem and get our incoming information from our isp and connect out to our network and we can start actually adding devices and we can start adding things like that that we want to have on our network and we can start actually doing some stuff with our applications that we want to set up to support our business so we've really gone a long way here even though it may not seem like that you're actually set already now there's other things that we're going to want to do with our networking at some point we're going to want to set up a vpn for sure we want to set up a vpn if not a couple of vpns we want to set up vlans and set up kind of different i guess the best thing to say would be different zones in our vlans that do different tasks and kind of keep our stuff separated a bit so we'll we'll go through that and then we're going to want to set up some things like monitoring to make sure our network's healthy make sure we're keeping an eye on what's going on here and then you're going to want to set up access points and wireless access points at some point because you're going to have people coming in who have wireless devices that you want to use and today we don't have a wireless access point set up because we're using this through proxmox and proxmox myproxmox at least does not have a wireless radio so we'll go through those things we'll build this out we'll build our network as we're building out our business and we'll continue with this i hope this was useful for you guys i hope you enjoyed it if you did like subscribe tell your friends about it so they can come along on the journey with us guys i hope you enjoyed that video thank you for tuning in we really appreciate it from both of our channels next week we'll be looking at some more topics that build on what we've already done and slowly but surely we're getting to a point where we can have a base infrastructure that can really be easy to scale out and that's the idea and hopefully we can stay on that path so that we can show you guys how you can grow from something small to something big really easily without having to redo all the work you've already done if you like what we're doing please don't forget to like and subscribe on both of our channels we would really appreciate it every little thing you guys do really helps our channels out and makes a world of difference so thank you very much for taking the time to do that we really appreciate it and we can't wait to see you in the next ibra corp and awesome open source video you
2022-09-06 20:05
