In this blog, we are going to cover how you can install pfSense on a virtual box hypervisor. Since VirtualBox is free and it supports Windows and MAC operating systems that is a great option for someone who wanted to start off with pfSense. However, if you want good performance, I would recommend you try to install either on KVM if you are a Linux user or a VMware workstation if you are windows or MAC user.
Can I install pfSense on VirtualBox to replace my home router?
Though it can be done, it’s not the recommended method, as you would virtualize the network stack and you won’t get good throughput. Moreover, it adds more latency to the network. If you are still planning to virtualize the PfSense to replace your home router then the recommended method is to use KVM with PCI passthrough that will give a good performance. As we are connecting the network interface directly to the VM that is running in the KVM hypervisor. And we will not be virtualizing the network.
- Download and install the latest VirtualBox software.
- pfSense image.
Steps to install pfSense on VirtualBox.
I am going to install pfSense on VirtualBox in Windows 10, however, the steps mentioned here are similar to other operating systems as well, for example, MAC or Linux. Just that you will have to download and install the respective software packages.
- Setup the pfSense VM in VirtualBox.
- Configure the pfSense Memory.
- Setup the hard disk.
- Set up the Network.
- Start the pfSense VM instance.
- Initiate the pfSense installation.
- Detach the pfSense disk image.
- Validate the configuration.
- Access the pfSense web GUI in VirtualBox.
- Finish the initial setup wizard.
- Test the connectivity with the end-user machine.
- Verify the DHCP lease.
1. Setup the pfSense VM in VirtualBox.
Open VirtualBox software and click on New to create new virtual machine.
A new window will pop up, you will have to define the name of the VM, for example, pfSense-fw. Also, choose the location where you wanted to save the pfSense virtual hard disk files.
In the type, you need to make sure that you select BSD as the type and FreeBSD (64bit) as the version.
Click on Next.
2. Configure the pfSense Memory.
You need to define the memory for the pfSense virtual machine here, I am giving here 2GB.
The 1GB would work just fine as well. Once you defined the memory click on Next.
3. Setup the hard disk.
Next, we are going to configure the Hard Disk for the VM, choose Create a virtual hard disk now and click on Create.
By default, VirtualBox should pick up VDI as the hard disk, you can still choose the VDI, but I wanted this VM hard disk to be used by other hypervisors such as VMware workstation in the future hence I selected VMDK and as the hard disk file type and clicked on Next.
In the Storage on Physical hard disk, choose Dynamically allocated option.
You now need to define the hard disk storage size, I am choosing 20GB as the storage, you may choose the same or different size depends on your usage and click on Create.
4. Set up the Network.
Before you start the VM, you need to configure the Pfsense Network adapter in VirtualBox that we are going to use for the pfSense VM.
As we would require two interfaces one for the WAN and another for the LAN. Select the pfSense VM and click on Settings.
Choose first adapter as NAT.
and second adapter as VirtualBox host only adapter, if you are planning to add more adapter, you can click on Adapter 3 and 4 and enable it.
Note: To create an extra adapter you may go to file, host network manager, and create the adapter as needed.
5. Start the pfSense VM instance.
Our prerequisite configuration has been completed, now let’s go ahead and start the VM, by selecting the VM and click on Start.
As soon as the VM started, you would be prompted to choose the installation image. Click on the folder icon next to it, and you would get a prompt to choose the Optical Disk Selector.
To choose the pfSense iso image click on Add and attach the iso image that we have downloaded earlier to the startup disk selector.
Once the image has been attached click on Start.
6. Initiate the pfSense installation.
After few seconds, you will get a pfSense installer prompt, you may click on Accept to begin the installation.
Click on install now to begin the installation.
On the Keymap choose the default one or choose based on your language.
In the partitioning wizard, choose Auto (ZFS) and click on Ok.
Click on Install to proceed.
For the ZFS hard disk configuration choose Stripe and click on Ok.
You will be asked to choose the hard disk, use the space key to select the hard disk and click on OK.
Click on Yes, when it prompts you with the warning, that basically says you are going to format the drive.
I am not going to make any changes on the pfSense by going to the shell, hence clicked on No.
7. Detach the pfSense disk image.
Eventually, you will be asked to reboot the pfSense, before you proceed with the reboot, you need to remove the ISO image that we have added earlier.
- Click on Devices.
- Under Optical Drives, choose Remove disk from the virtual drive.
You will get a security warning, click on Force Unmount.
8. Validate the configuration.
Once rebooted the pfSense will configure the WAN interface with DHCP from the VirtualBox NAT adapter and the LAN with the default IP addresses 192.168.1.1
Basically, we have configured the pfSense on the VirtualBox successfully. One advantage of pfSense is that it is very is easy to configure and you don’t need to configure any policies or Nat if you wanted to access the internet. It should be taken care once you have the WAN and the LAN configured.
Let’s try to ping the internet IP address by pressing the 7, and as you can see, I am able to reach the internet IP just fine.
9. Access the pfSense web GUI in VirtualBox.
Post installation of the PfSense for any other configurations you will have do via the Web GUI.
So how do we access the pfSense web GUI in VirtualBox.
We have already configured the Linux Mint operating system on the VirtualBox, I am going to use that machine to access the pfSense web GUI.
Connect the Linux mint to the PfSense LAN side.
Right click on the Linux mint, and click on settings.
In the Network it is configured with the NAT by default, you must change that to host only adapter, and choose Virtual box host only ethernet adapter. And click on OK.
Note: You need to make sure that you connect the same interface that you configured on the pfSense LAN side for the communication between the end host and the firewall LAN side to happen.
Start the VM, Open Firefox and access the pfSense web GUI by typing https://192.168.1.1
You may ignore the security warning and you will get the login prompt.
Enter the username as admin and password as admin and click on Sign in.
10. Finish the initial setup wizard.
You will be presented with the initial setup wizard, I am leaving the default settings, and on step 6 to configure the admin password, you may set your own admin password.
Note: Though I left the default settings in the setup wizard, you may change it if needed.
At the end of the wizard, you will get a message that says the pfSense installed successfully message.
Click on Finish on the screen.
We have now successfully installed the pfSense firewall in the VirtualBox, you can now start making configuration changes using the web GUI, let’s go ahead and do one more test to make sure everything is working fine.
11. Test the connectivity with the end-user machine.
To test the connectivity, I am going to use Linux mint as well use Ubuntu desktop as end-user hosts, that I have deployed previously on the VirtualBox.
Just like Linux mint I have also changed the Ubuntu desktop network configuration to be part of the VirtualBox host-only adapter that is configured on the pfSense LAN side.
- Check the IP configuration.
As you can see, I have got the first IP from the pfSense DHCP server to the Linux mint, and I can also ping the pubic IP address.
And we can also browse the internet on the Linux mint box.
Similarly, on the Ubuntu desktop, I have already got the IP address 192.168.1.101 from the pfSense DHCP server. which is the second IP from the subnet.
I can also ping the internet Public IP.
I can ping the IP, to make sure it is taking the correct path, you can do a traceroute on the Ubuntu machine and it will show you the path that the packet is taking.
You can type the command
mtr 18.104.22.168 to see the traceroute in Ubuntu.
And the traceroute shows it is going via pfSense firewall.
Also, I can browse the internet using the Firefox browse.
12. Verify the DHCP lease.
When we setup the VM’s it automatically got the IP address right?
That was assigned by the pfSense on the LAN side of the firewall, by default it configured the DHCP with the IP address scope 192.168.1.0/24.
The same can be verified by going to the DHCP lease on the PfSense firewall by clicking on the status and DHCP leases, as you can see, I have two IP’s that I received from the DHCP server.