Building the Ultimate VirtualBox Lab – Install pfSense

Continuing on with our self-learning to become a System Administrator, this article of Building the Ultimate VirtualBox Lab series we are focusing on how to install pfSense in VirtualBox.

If you didn’t read the previous article (Building the Ultimate VirtualBox Lab – 1 – Configure VBox), I suggest you check it out since it has a couple key configuration changes in VBox that will save you some headaches later.

Install pfSense in VirtualBox

Before we get started I would like to explain the reason I have decided to use pfSense within our virtual lab for learning. When setting up a virtual server test lab, I like to try and mimmic an actual business environment as closely as possible. Because we want to use virtualization for this task, what pfSense will do is act as our virtual test lab’s router (to allow the virtual machines access to the internet). This will keep my host’s machine safe as well as any computers/devices on my host’s network. I guess you can look at it as my host’s network is acting as an ISP for my virtual environment.

Another reason why I wanted to use pfSense is so I can produce some tutorials on some key features of pfSense in the future when things settle down here at the house (remodeling/selling/buying another new house, etc.)

This article is part 3 of 6 in the series:

Let’s Get Started

We need to setup pfSense first so that during the other VM setups we can get out to the internet to install updates.

You can find the download links on this page.

Normally I like to include a lot of screenshots within these tutorials, but I think since the below instructions are pretty straight forward (and there is an associated video), I think I will hold off on the screenshots. If you feel they would help with this tutorial, please let me know in the comments section below and I will happily add them.

Create a new VM with minimum specs (pfSense doesn’t need to be run on a powerful machine).

  • Name: pfSense
  • Type: Linux
  • Version: Other Linux
  • 256MB of RAM
  • 8GB for the Dynamically allocated vdi (hard drive) should work out fine. You don’t need this one to be stored on an SSD but if you have the space, go for it.
  • 1 CPU
  • 2 NICs
    • Adapter 1: Enable Network Adapter
      • Attached to: Bridged (This will be our WAN port in pfSense)
    • Adapter 2: Enable Network Adapter
      • Attached to: Internal (This will be our LAN port in pfSense)
  • Attach the pfSense ISO to the CDRom drive so we can boot off of the CD
  • Disable:
    • Floppy drive
    • Enable absolute pointing device
    • USB Controller
    • Audio
  • If using an SSD, tell VBox that the VM is stored on an SSD
    • Select the vdi under the SATA Controller
    • Put a check in the Solid-state drive option under Attributes (This tells the guest OS that it’s drive is an SSD so it can take appropriate actions to deal with an SSD such as Windows disabling defrag, etc..)

Power on the VM and begin the setup

  • Select option 1 to boot pfSense
  • Pay attention during the install, you will see an option to select “I” to install, otherwise it will auto continue with running the live CD. Select “I”
  • Follow the prompts to install pfSense (I selected the Quick/Easy install)
  • During the first boot off of the hard drive, we need to configure a few things
    • Do you want to set up VLANs now: N
    • Enter the WAN interface name: em0
    • Enter the LAN interface name: em1
    • Optional 1 Interface: (leave blank and press Enter)
    • Let’s configure our WAN port to be static
      • Select number 2 (Set interface(s) IP address
      • Select number 1 (WAN)
      • Configure WAN interface via DHCP?: N
      • Type in the IP you want to give it (has to be on your host’s subnet) (I’m setting mine to 10.2.0.199)
      • Type in the Subnet mask (more than likely you will be using 24)
      • Revert to HTTP….: N

At this point we are done setting up pfSense. Once we setup our first Windows VM we will web into pfSense to finish a couple small configuration changes to allow our VMs access to the internet.

Pretty painless wouldn’t you say? Please leave your comments and/or questions below. I’m always open to suggestions as well.

About Chris Davis

Computer / Technology enthusiast. Very passionate about Systems Administration. I enjoy helping others try and reach their goals. You can follow Chris on if you'd like.

Comments

  1. Quick question to you all: Would you prefer I added some screenshots to this tutorial?

    • American Paratrooper says:

      If you watch the video, you see all of what you are doing. However, your posts would look more professional at the cost of additional photoshop work.

    • Has anyone had any issues with virtual machine on the LAN being unable to connect to the internet via pfsense? In my setup the ethernet adapter in pfsense for the LAN was sending and receiving packets.

      But for the WAN it was only sending packets and not receiving any.

      Could this be a firewall block? I did look at the firewall settings and everything seemed ok.

      I have one VM (as in the above post) in a virtual machine with pfsense running in there too. I then on the box connected directly to my router which has the gateway 192.168.0.1. My LAN was setup as in the video. The LAN VM could ping pfsense just fine, there weren’t any issues there.

      Has anyone experienced this?

    • guille rdguez says:

      Hello Chris and thank you for this awesome tutorial,
      I’m trying to configure my virtual pfsense machine using the same settings that you used and everything works like a charm until I get to part where it asks to configure the WAN interface. It doesn’t let me add a name to it, I also tried “a” with no luck. It says that WAN interface is not connected.

  2. American Paratrooper says:

    After my 20th try, I finally got this to work! I believe my problem all along had to do with the NIC settings. After going under advanced settings and using Intel PRO, my pfsense VM finally took. Boom1!

    • Wow, 20th time?? You are dedicated and determined! That’s what I like to see! Glad you figured out it was the Advanced Settings section that caused the problem. I too had a tough time finding that one out on this system.

  3. American Paratrooper says:

    One last thing. I am aware that pfsense uses https:// (SSL) in order to gain access to it’s browser administration features. ATM, I’m not able to access them and need to do some research. Going forward, you may want to add a ‘rider’ video to expand on these feature sets. Just a suggestion.

  4. Jose Moreira says:

    Amazing Tutorial! Just what I needed!
    Plans for the next videos?
    Good luck with your renovations. It always turns out to be more work (and money) than antecipated, but worth it!
    Thanks

    • Thanks for the comment! I am hoping to put out the next video within a week or so… trying to finish a couple huge projects on the house (almost done!! WOOHOO!!!) and then start hitting the videos pretty hard again.

  5. Hi, I like your tutorials. I try to install the pfsense in vm workstation 9. I see that you have Wan and Lan connect. I know the Wan is the bridge. but what do I use for Lan? Is it the Nat or Host that I need to use.

    Thanks

    • Thanks for the comment! I actually use “Internal” for my pfSense’s LAN connection as well as all other VMs. I’m not sure with VMWare Workstation 9 (I really need to set that up and just purchase it so I can fully test it).

  6. I can’t seem to get into the GUI. I get to a log in screen, enter the default pw , and get the pf sense logo with a box that says:
    Welcome to pfSense!
    One moment while we start the initial setup wizard.

    Embedded platform users: Please be patient, the wizard takes a little longer to run than the normal GUI.

    To bypass the wizard, click on the pfSense logo on the initial page.

    Nothing happens. waited 5 hours. still there. tried re-installing, nothing.

  7. Hey Chris,

    Awesome tutorial! However, I am running into a problem trying to install pfsense. My wan does not have an ip address. Any suggestions? Thanks again!

  8. Oh man, I don’t know what I did.. I set up everything as you said, but I can’t even access my wan interface web front from outside pfsense….. :-( See screenshot here: https://www.dropbox.com/s/t8x4v0dd9n6fn74/pfsense.png
    Thanks for the Help!

    • By default I don’t think you can access it from the ‘outside’ (WAN). You will have to configure that setting within pfSense. What I do is just setup a client VM and then access the web interface from that client VM via the LAN interface.

  9. Hi Chris,

    Thanks for posting this as well as the YouTube videos. They really helped me get things started. I do have a problem with pfsense on virtual box and wonder if you are the right person to ask. I have been researching the topic on and off in the last two weeks and couldn’t get it to work.

    What I have is and old pc (Phenom II on 8gb of ram) with 2 nics and an USB wifi (requires zd1211rw driver) running virtual box in Debian Wheezy.

    I want to bridge my wifi with all VMs running on my old PC. The bridge will also act as a DHCP server handing out IPs in 192.168.21.0/24 and connect to the internet via one of the nics. Separately, there will be an independent wired network connected to the other physical nic under 192.168.22.0/24.

    Here is the setup.

    (internet) => pc (virtual box running pfsense 2.0.3-release AMD64, this is imported from the ova file from the pfsense website) =>
    WAN=em3 (dhcp)
    LAN=bridge0 (dhcp server ip 192.168.21.1, 255.255.255.0 mask)
    OPT1=em1 (dhcp server ip 192.168.22.1, 255.255.255.0 mask)
    OPT2=em2 (no dhcp server)
    OPT3=em0 (no dhcp server)

    Where
    em3=adapter 1=bridge adapter, eth0, deny promiscuous in virtual box network setting, currently connected to my router that connects to my isp for testing, eventually it will connect directly to my ISP.
    em0=adapter 2=internal network, internet, deny promiscuous in virtual box network setting
    em1=adapter 3=bridge adapter, eth1, deny promiscuous in virtual box network setting
    em2=adapter 4=bridge adapter, wlan0*, deny promiscuous in virtual box network setting
    bridge0= OPT2, OPT3

    *wlan0 is setup by hostapd on Wheezy, wpa2 authenticated. It is not bridged to anything. Unfortunately, my zd1211rw is not detected by pfsense therefore I can’t set it up from within pfsense as an wifi adapter.

    Advance:System Tunables:net.link.bridge.pfil_member =0; net.link.bridge.pfil_bridge =1
    firewall rules:
    LAN: any LAN subnet can go to any, any OPT2 subnet can go to LAN subnet, any OPT3 subnet can go to LAN subnet
    OPT1: any OPT1 subnet can go to any
    OPT2: any OPT2 subnet can go to any, any LAN subnet can go to OPT2 subnet
    OPT3: any OPT3 subnet can go to any, any LAN subnet can go to OPT3 subnet

    Firewall:NAT:Outbound: set mode to “Automatic” all default rules were deleted.

    My problem:
    I can connect to internet, get ips from OPT2 (192.168.22.x) and it just works.
    I can get ips (192.168.21.x) from bridge0 in my vms running in Wheezy and my laptop connected via wifi which is setup by hostapd on Wheezy.

    The problem is none of the 192.168.21.x machines can connect to the internet. I monitored the firewall log but nothing seemed out of the ordinary.

    I have googled quite a bit but couldn’t find anything definite and none of the solutions work with my setup. I am still learning pfsense. As such, I would be grateful if someone can give me pointers to the right direction as I can’t even narrow things down to whether it is a problem with pfsense, wheezy, virtual box or hostapd on wheezy, or my wifi adapter.

    As a side note, I have tried without any bridges and therefore 3 separate interfaces. em0 and em1 always work but the em3 (wifi, setup on host and linked to pfsense vm as a regular network adapter) only gets an IP but no internet access.

    Many thanks in advance.

    p.s. I have also posted this on the pfsense forum but haven’t gotten a response yet…

  10. Hey, question, what screen recorder are you using?

    • For this video, I am pretty sure I was using my MacBook Air and remoting into my desktop which is the VirtualBox host. The recording software is QuickTime (ya I know, they actually do have a screen recording option for free).

  11. amer1canparatrooper says:

    Chris, I have to say, I really didn’t get pfSense to work when I mentioned that I did. I ended up having a hiccup where I thought that I had the firewall working. Well, let me just say, I have finally corrected the issue. It seems as if pfSense would not allow me to access the WebGUI via my host machine after I added a LAN card. Once I added a LAN (set to intnet), I would be locked out. Just curious, did you access the WebGUI via another host machine, one that did not have the pfSense VM running on?

    It was driving me nuts that I couldn’t get it to work. I then took to the pfSense forums and got it ironed out. Here’s the thread just in case someone else has the same difficulties:

    http://forum.pfsense.org/index.php/topic,64889.0.html

    As it turns out, I had to turn off the firewall via the console in order to continue to gain access to the WebGUI. Once my client VM was able to obtain an IP address via DHCP (added to LAN interface/intnet), I was able to turn the firewall back on and access the WebGUI via the host machine.

    This problem made me crazy but I realized I had to be determined to make this work. I can now finally follow you completely with the tutorials now that I have the firewall/DHCP server situation corrected.

    Hope this helps everyone else out. The people within the pfSense forum were very giving and made sure that success was the only outcome.

    Play on guys. Cheers!

    • I access my pfSense web interface from another VM within the same environment (since by default trying to access the web interface is disabled via WAN interface).

      Glad ya got it figured out and thank you for posting your experience / fix here! I’m sure it will help many people with the same issue!

  12. Hi I’m having problem installing pfsense. I downloaded the image extracted it and converted to vdi and tried to run and nothing happens. What should I do?

  13. Hey Chris, just wanted to mention that in this article your setup for pfSense doesn’t match what you have on your Youtube video. Here you have Type: Linux Version: Other Linux and on the video you set it as Type: BSD Version: FreeBSD (64 bit). The reason I am pointing this out is because setting the Type as Linux did not allow me to install pfSense which I am sure is why a lot of the “It’s not working” comments are popping up on this article. Hope this helps out.

    Keep up the great tutorials!

  14. Greetings,
    you have a very nice videos, however after two weeks of trouble shooting it is not working :)
    I successfully downloaded the pfsense and a windows work station in an Oracle vm
    I can’t ping to the internet from the server neither I can open the webGUi page.
    do we open it from the work station in the vm ?

    I set my default gate way(wan + Lan Necs) of the pfsense server = ip gate way of the host machine
    I set my default gate way of the work station inside the vm = the server lan nec Ip
    I am new to this I could use any help
    Thanks
    Adam

    • Adam,

      I had problems as well and it boiled down to the IP addresses I was using. I searched around quite a bit and it turns out that the WAN IP and the LAN IP can’t be on the same subnet to allow access. I was using 192.168.1.X for both and that apparently won’t allow the connection.

      I was trying to use the settings below and encountered the same issues as you.
      WAN: 192.168.1.130
      Gateway: 192.168.1.1

      LAN: 192.168.1.201

      To fix this in pfSense, I used the settings below

      WAN (DHCP disabled): 192.168.1.132
      24
      Gateway: 192.168.1.1

      LAN: 192.168.2.2
      24

      Server 2K12 Ethernet Settings
      IP Address
      IP: 192.168.2.10 (Make sure this is on the same 192.168.2.X as the LAN)
      Subnet Mask: 255.255.255.0
      Default Gateway: 192.168.2.2 (LAN Address)

      DNS
      Preferred DNS server: 192.168.1.1 (Router IP)

      From there I was able to access the GUI and enter the settings as instructed in the video.

      • Greetings Tim,
        Thanks man I tried what you told me but it di not work. what you said was right but I also found out the setting of the Nics on the server were wrong. Fixing that and with your advice It is woooorking now Thanks a lot for your help maan. :)

      • That helped me Tim. Thanks.

  15. Hey guys, I have a bit of a trouble configuring my pfSense box as well (but I’m using in the form of a “virtual machine” like VirtualBox).

    Currently my Windows Server 2012 IP address is as follows:
    IP adresss: 192.168.2.10
    Subnet mask: 255.255.255.0
    Default Gateway: 192.168.2.1 (this is the gateway configured for my pfSense box)
    DNS: 192.168.2.1

    As for my pfSense configuration, it goes as follows:
    WAN (DHCP disabled): 192.168.1.106/24
    LAN: 192.168.2.1

    I was able to ping to other sites (such as google.ca) on my Windows Server 2012, but as for the pfSense box, it gives me an error that the “host name lookup could not be resolved” or this: “ping: cannot resolve http://www.google.ca: Host name lookup failure”.

    My home router’s LAN IP address is 192.168.1.1. That’s where I statically configured the WAN IP address portion (which is 192.168.1.106) for my pfSense box.

    Is there anything missing?

    Also, while I can ping to http://www.google.ca on my Server 2012 box, I can’t ping http://www.google.com for obvious reasons. Any suggestions?

  16. arnel gomez says:

    gud day sir … i dont know how to set up thru hard the pfsense pc…. this is my devices…. tp link load balncer TL-R470T+…asus routerrtn65U…..D-link 10/100 switch ….. 1 server and 12 client computers.. what would be the best set up for less online gaming lag and smooth browsing… i didnt know where to put the pc where the pf sense installed… pls help… thank you and god bless

  17. hey guys,

    i’m having no luck as well with accessing the gui – i’m getting “website is online but isn’t responding to connection attempts”. will try some tweaks as per simon and tim’s configs.

    i’ve tried every which way to get this going so many times that i could recite it, however i do notice that when i’m asked for my ipv4 for the wan and lan, i’m also asked for an ipv6 (of which, i’ve been leaving blank). i don’t see this in option in chris’ video and was wondering if this could be affecting my luck at at all…

    best,

    bobo

  18. Chris I cannot get the VB to attach the pfSense ISO can you assist please

    I have used botht the i386 and the AMD64 ISO i get same message “could not get the storage of the medium” VERR_NOT_SUPPORTED
    VBOX_E_IPRT_ERROR

    I have a DL 365 AMD64 server with 2 processors that has server 2012 installed Virtual box install as per your first and second videos

    • Sunil,

      You may have to enable virtualization in your BIOS. Otherwise VB will not recognize the x64 version of pfSense.

      • doh

        cheers for your reply

      • Did you create the Windows 2012 VM before or after you enabled virtualization? If you did it before I would recommend deleting the box and rebuilding it using the Windows 64 bit option.

        • Tim I have valid ISO of 2012. I have also successfully built a vm of windows 7
          But not server 2012

          I deleted the vm and started again. Cannot see anything on log file. I had also got a new ISO that has not worked I have feeling it is something to do with virtual box . I had selected the x64 windows 2012 and also windows other bit still no joy.

          I have a dl365 16G ram 2 CPU’s the pfSense and windows workstation built fine not issues.

          I am nearly there I hope you have enough info to get picture. Another thing I used the same ISO image from DVD to build the dl365 server

        • Tim
          One major question here is VB not compatible with R2 version of Windows 2012?

  19. Caleb Huggins says:

    how do I find the IP of my router?

  20. Alistair Green says:

    Why am I having such grief downloading a pfSense ISO? I have already got Win Server 2012 and Win 7 VM in VirtualBox and they were pretty straight forward.

Trackbacks

  1. [...] 19. pfSense is now configured 20. If that didn’t make sense here’s a video link from pcaddicts explaining the [...]

  2. [...] ^ What teejay said. VB is amazing for tinkering! If you set up a virtual pfsense router, and stick everything else on an internal network you can have a REAL LIFE domain all sitting in the virtual realm! If all that sounds like greek check this out [...]

Leave a Reply