In this blog, we are going to cover how you can install pfSense on a virtual box hypervisor. Since Oracle VirtualBox is free and it supports Windows and MAC operating systems, it is a great option for someone who wanted to start off with pfSense. However, if you want good performance, I would recommend you try Pfsense on either in KVM if you are a Linux user or a VMware workstation if you are windows or MAC user.
Can I install pfSense on VirtualBox to replace my home router?
Though it can be done, it’s not the recommended method, as you would virtualize the network stack and you won’t get good throughput. Moreover, it adds more latency to the network. If you are still planning to virtualize the PfSense to replace your home router then the recommended method is to use KVM with PCI passthrough that will give a good performance. As we are connecting the network interface directly to the VM that is running in the KVM hypervisor. And we will not be virtualizing the network.
How To Configure Port Forwarding in pfSense?
How To Configure OpenVPN On PfSense?
How To Configure IPsec Site To Site Tunnel In PfSense?
How to Setup IPsec Tunnel between Paloalto and PFsense?
How Do I Turn My Old Computer Into A Firewall?
Below is the topology that we are going to work on, first we will install the pfSense firewall on the Virtualbox and configure it with WAN and LAN interfaces. After Pfsense connected to the internet, we can then go ahead and simulate the end-user machine by using the Linux mint as well as the Ubuntu on the LAN side and test the connectivity further.
- Download and install the latest Oracle VirtualBox software.
- pfSense image, you can download it here.
Note: While downloading, make sure to select DVD Image (ISO) Installer and the mirror nearest to you.
Steps to install pfSense on VirtualBox.
I am going to install pfSense on VirtualBox in Windows 10, however, the steps mentioned here are similar to other operating systems as well, for example, MAC or Linux. Just that you will have to download and install the respective Virtualbox software packages.
- Setup the pfSense VM in VirtualBox.
- Configure the pfSense Memory.
- Setup the hard disk.
- Set up the Network.
- Attach the PfSense ISO image.
- Start the pfSense VM instance.
- Initiate the pfSense installation.
- Detach the pfSense disk image.
- Validate the configuration.
- Access the pfSense web GUI in VirtualBox.
- Finish the initial setup wizard.
- Test the connectivity with the end-user machine.
- Verify the DHCP lease.
1. Setup the pfSense VM in VirtualBox.
Open VirtualBox software and click on New to create new virtual machine.
A new window will pop up, you will have to define the name of the VM, for example, pfSense-fw. Also, choose the location where you wanted to save the pfSense virtual hard disk files.
In the Type, you need to make sure that you select BSD as the type and FreeBSD (64bit) as the version.
Click on Next.
2. Configure the pfSense Memory.
You need to define the memory for the pfSense virtual machine here, I am giving here 2GB.
The 1GB would work just fine as well. Once you defined the memory click on Next.
3. Setup the hard disk.
Next, we are going to configure the Hard Disk for the VM, choose Create a virtual hard disk now and click on Create.
By default, VirtualBox should pick up VDI as the hard disk, you can still choose the VDI, but I wanted this VM hard disk to be used by other hypervisors such as VMware workstation in the future hence I selected VMDK and as the hard disk file type and clicked on Next.
In the Storage on Physical hard disk, choose Dynamically allocated option.
You now need to define the hard disk storage size, I am choosing 20GB as the storage, you may choose the same or different size depends on your usage and click on Create.
4. Set up the Network.
Before you start the VM, you need to configure the Pfsense Network adapter in VirtualBox that we are going to use for the pfSense VM.
As we would require two interfaces one for the WAN and another for the LAN. Select the pfSense VM and click on Settings.
Choose the first adapter as NAT which will act as the WAN interface. This interface would start sharing the host internet access to the Pfsense Guest VM using the Network Address Translation..
and second adapter as VirtualBox host only adapter, that will act as a LAN adapter.
If you are planning to add optional adapter, you can click on Adapter 3 and 4 and enable it. I am okay with just the WAN and LAN for now.
Note: To create an extra adapter you may go to file, host network manager, and create the adapter as needed.
5. Attach the PfSense ISO image.
While you are on the settings, let’s go ahead and add the ISO image image that we have downloaded earlier.
- Click on Storage.
- Under storage devices choose Empty Disk file.
- Click on the Disk icon and click on Choose a disk file to attach the ISO file that we had downloaded.
And Click on OK.
6. Start the pfSense VM instance.
Our prerequisite configuration has been completed, now let’s go ahead and start the VM, by selecting the VM and click on Start.
As soon as the VM instance boots up, it would prompt you to choose the ISO bootable image, and since we already attached the Pfsense ISO image to the virtualbox, it would ask you to choose image.
Select PfSense image from the list and click on continue.
7. Initiate the pfSense installation.
After few seconds, you will get a pfSense installer prompt, you may click on Accept to begin the installation.
Click on install now to begin the installation.
On the Keymap choose the default one or choose based on your language.
In the partitioning wizard, choose Auto (UFS) BIOS and click on Ok.
The installation will now proceed automatically and will finish them in few seconds. Once completed it would ask you whether you want to get into the shell to make further changes or not. Click on No.
8. Detach the pfSense disk image.
Eventually, you will be asked to reboot the pfSense, before you proceed with the reboot, you need to remove the ISO image that we have added earlier.
- Click on Devices.
- Under Optical Drives, choose Remove disk from the virtual drive.
You will get a security warning, click on Force Unmount.
9. Validate the configuration.
Once rebooted the pfSense will configure the WAN interface with DHCP from the VirtualBox NAT adapter and the LAN with the default IP addresses 192.168.1.1
Basically, we have configured the pfSense on the VirtualBox successfully. One advantage of pfSense is that it is very is easy to configure and you don’t need to configure any policies or Nat if you wanted to access the internet. It should be taken care once you have the WAN and the LAN configured.
Let’s try to ping the internet IP address by pressing the 7, and as you can see, I am able to reach the internet IP just fine.
10. Access the pfSense web GUI in VirtualBox.
Post installation of the PfSense for any other configurations you will have do via the Web GUI.
So how do we access the pfSense web GUI in VirtualBox.
We have already configured the Linux Mint operating system on the VirtualBox, I am going to use the same virtual machine to access the pfSense web GUI.
Connect the Linux mint to the PfSense LAN side.
Right click on the Linux mint, and click on settings.
In the Network it is configured with the NAT by default, you must change that to host only adapter, and choose Virtual box host only ethernet adapter. And click on OK.
Note: You need to make sure that you connect the same interface that you configured on the pfSense LAN side for the communication between the end host and the firewall LAN side to happen.
Start the VM, Open Firefox and access the pfSense web GUI by typing https://192.168.1.1
You may ignore the security warning and you will get the login prompt.
Enter the username as admin and password as admin and click on Sign in.
11. Finish the initial setup wizard.
You will be presented with the initial setup wizard, I am leaving the default settings, and on step 6 to configure the admin password, you may set your own admin password.
Note: Though I left the default settings in the setup wizard, you may change it if needed.
At the end of the wizard, you will get a message that says the pfSense installed successfully message.
Click on Finish on the screen.
We have now successfully installed the pfSense firewall in the VirtualBox, you can now start making configuration changes using the web GUI, let’s go ahead and do one more test to make sure everything is working fine.
12. Test the connectivity with the end-user machine.
To test the connectivity, I am going to use Linux mint as well use Ubuntu desktop as end-user hosts, that I have deployed previously on the VirtualBox.
Just like Linux mint I have also changed the Ubuntu desktop network configuration to be part of the VirtualBox host-only adapter that is configured on the pfSense LAN side.
- Check the IP configuration.
As you can see, I have got the first IP from the pfSense DHCP server to the Linux mint, and I can also ping the pubic IP address.
And we can also browse the internet on the Linux mint box.
Similarly, on the Ubuntu desktop, I have already got the IP address 192.168.1.101 from the pfSense DHCP server. which is the second IP from the subnet.
I can also ping the internet Public IP.
I can ping the IP, to make sure it is taking the correct path, you can do a traceroute on the Ubuntu machine and it will show you the path that the packet is taking.
You can type the command
mtr 188.8.131.52 to see the traceroute in Ubuntu.
And the traceroute shows it is going via pfSense firewall.
Also, I can browse the internet using the Firefox browse.
13. Verify the DHCP lease.
When we setup the VM’s it automatically got the IP address right?
That was assigned by the pfSense on the LAN side of the firewall, by default it configured the DHCP with the IP address scope 192.168.1.0/24.
The same can be verified by going to the DHCP lease on the PfSense firewall by clicking on the status and DHCP leases, as you can see, I have two IP’s that I received from the DHCP server.