Pfsense 101 - v2.4 - part 1 - setup 2 pfsense virtualized in proxmox hosted at ovh with failover ips

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] [Music] [Applause] hello hello in today's video we will be setting up a set of two peer senses and we will form a cart cluster so basically we have two virtual machines each virtual machine has three network interfaces so one has a public IP same on the second pfSense then we have a shared interface so both of them can talk to one another so they know which one of them is the primary and which is the backup and then we also have a local area network connected to it we will be doing it on a OVH server and to get started basically I will be using one of my dedicated servers for this I've already ordered AV rack which is for free and then you have your servers and you can add your server to AV Rick this allows you to get multiple servers with OVH in different data centers and connect them into a virtual network each physical server has two network interfaces the first network interface will be used for the public IPs and the second one will be using for a internal network so first just install proxmox on it and you will get a login information and you can login to proxmox i've already set up a small test but the machine here but then all we need to do to begin with is to configure our network so we click on the node in question then go to the network tab and here I've already added a second bridge so by default OVH installs the first VM bridge which is called VM raid 0 and I added a second one and for these I picked the 172 16.1 1 range so if I want to add further nodes into the cluster I can just add them I P addresses in this range and since the second network cut is now connected to the B rec they can communicate to one another if you also want to add more nodes to it then you basically have to form a cluster so you go in here you go to cluster and you create a cluster I've already done that stuff as well because I plan on adding further servers to the cluster in the future so basically after you do the network configuration you will have to reach this node but then it comes back online and you have the interfaces available so if I go into a shell and just type a ifconfig you can see this is the interface that ships with OVH and it's already configured to use the public IP address of the server and now we also have that second interface face which we can use for virtual machines for example the next step is to get a operating system a ISO to install and you just download that into this folder so I already grabbed the last pfsense release and unpacked it so I now have an ISO and basically this is all I need to create a new virtual machine so let's start by simply creating a pfsense I will call it gateway as a operating system I am now selecting the PSN sizer is a hard-disk you don't really need a lot of space I will be picking like 10 gigabytes because I want to store some sort of locks and history of what's happening and one core is more than enough for me and half a gig of ram it's also enough then we come to the network configuration so for that for the primary interface which will be the public interface I need a IP address so in OVH you can order so-called failover IP addresses like this one they usually have the small flag which calls them a failover a P then you right click and click on at a virtual Mac you enter a name and then it will generate a MAC address that matches the server so for the primary I will be using this IP address so I will be copying the MAC address of that you need to set a proper MAC address else OVH isn't going to allow the communication from the server and I'd simply be setting that MAC address and then I click on confirm and create the virtual machine so if we go to the hardware tab we can see that it only created one network interface but each of them needs three one for the primary to talk to the internet then one to talk to the other pfSense and the third one to talk to the local area network so the primary is set and we are going to add a second one this time I'm going to use the second bridge and I will be specifying a VLAN ID I'm just going to pick 100 to begin with so this will be for my local area network MAC address I don't have to set any because it's a local IP and as a model I'm going to pick the paravirtualized video for drivers that would be my second and then I need a third interface to be able to talk to the other pfSense this will become my sync interface and the sync interface has to be of the type until e1000 for this one I will be setting the VLAN ID 200 and that should be pretty much it then the next step would be to simply start the virtual machine head over to the console and we will go through the installation so when pfSense is being installed by default it will configure the one interface so the first primary interface to get a address from DHCP which wouldn't work for us here so we will have to set a static IP to the fight over IP okay installation is done and we can rebuild into PF sense okay and now it's basically starting a small setup routine it asked us if we want to set up VLANs I will select no because I'm doing the VLAN tagging already on proxmox level now we need to specify the one interface so this is our V teen and zero then we need to specify the LAN interface which is VT net one and then we can specify the optional interface which has a different naming convention cause it's a different type so that call is called em0 and we want to proceed and now it will try to grab a new IP address by asking for a DHCP lease but OVH doesn't use the HTTP leases so it will not get a response and basically be and configured okay so as you can see it didn't get any IP address so we have to set one now manually it is a little bit tricky because by default the Gateway is outside of the network of the IP address so in this example we have this one seven eight three three three six two two three and this is the IP address of the hypervisor so of the proxmox server so the gateway of the failover IP would be the three first octet plus eight 255 at the end so basically the first is the actual IP and this would be the gateway and this is outside of this range so we have to use a little trickier to get that up and running so first we have to add a route to tell pfSense we have to find the Gateway - link - I face BT net zero so this basically means that a route to the IP address of our gateway always goes through the BT net zero interface so now we should be able to ping that route oh no I forgot to it the seventh mask I guess so let's move that round again and edit again and also specify a slash 232 subnet mask oh yes yeah okay if we look at the interface and we now basically have a route set but we don't have a Internet address set yet so now let's go to exit and we assign an interface IP address and we will be specifying it for the one interface and we don't want it to be configured by DHCP but we want to enter the IP address of the failover IP now we should specify the subnet mask which is 32 but for now we can only enter 31 which will work then we need to specify a P address for the LAN interface which we are not going to do and we are going to disable IP version 6 and we still want to use HTTPS for the login to the web configurator if we now take a look at the interface again we can see it now has a tiara set if we take a look at the routes we see that our route is still missing so we are going to edit in one one time the route basically disappeared after raising the interface so I should have set the IP address first and then set the route now you can see the route now we should finally be able to ping the Gateway okay so basically we can ping the Gateway but if we were to ping the internet it still doesn't work because it doesn't know how to reach the internet and for that we simply set a default route and now we can ping the Internet so my next step would be to just copy the IP address enter it into a browser and hopefully access the web interface but that is not going to work because by default the primary interface so VT net-zero or t1 interface is not about to reach any connections so now I have to disable the pfSense firewall and once that is done I can reload the page and the page displays because now the firewall Assaf I login with the username admin and the password pfSense and this will start the setup guard setup process I don't need that because I already set my IP addresses so I will just click on the top left to get out of there and first step is to just change a password and whenever you do changes pfsense reloads and on some changes the firewall will kick back in so then we would have to disable it okay so now that is done we now go to the one interface because those two routes changes they will not persist after the next reboot they will be missing and we need to make a way to get them to remain so first I go to the one interface I select a static IP I have list set and now I can change my subnet mask to 32 over here click Save but I don't want to reload it yet I also want to go to the routing section and I want to create a default gateway so on the one interface this is my default gateway I can now specify the IP of the Gateway here and also use it for monitoring and then I click Save now it tells me that the Gateway doesn't lie inside the same subnet mask so I also need to go to the Advanced Settings and set this checkbox here at the bottom and now I could apply the changes and that would basically be the first step where we set the gateway so that pf7 knows that any traffic go into what's this IP has to go over the primary interface what we also need is the second change and for that we are going to the package manager and we will be configuring the shell command which is a small little add-on that we can use to run additional commands after Piacenza started but after installing that the firewall will kick in so I have to go back to the command line PF control - d and reload the page and yeah it already is here I can enter my first command so when PSN starts to summarize it and when PSN starts this will be executed first and help you a sense that it can reach this IP by using BBT NetZero interface and after that is done the default route will kick in which we set here and tell that all the traffic going to what the Internet has to go over this gateway now that is done and we can apply the route changes then we can go to the one interface disable firewall and then we can apply these changes as well okay so pretty much everything is done here each of disable the firewall one more time pretty much everything is done I will now go to the rule section and I will first start us just at my IP address on the one interface so I can access the web interface without having to disable the firewall so on the one interface for IP version 6 TCP traffic coming from a single host or address will be a allowed then we apply the changes and the first time you reload it might take a little bit to update but if you open a private tab you should see the page instantly so you know the firewall rule works but I sometimes just have to reload that page okay there we go now the last step is to go to the start page and check if there are any updates available and install these and this will trigger a reboot of the pearsons shortly okay as you can see the virtual machine is back up we still have the network connectivity and we are white listed on the firewall so we can login and now I am going to do basically the same and create a secondary although I will be changing is just using the the second IP and using the different but should make address they both run on the same hypervisor so they both have the same gateway I will also be setting the same admin password you virtual machine has done as well so they are both in the same stage this is usually a good place in time to create a backup if you haven't done so in case you want to test and revert to the backup I highly recommend that and we have locked in and in the next part we will go through setting up the carp stuff [Music] [Applause] [Music]
Info
Channel: loeken
Views: 7,502
Rating: 4.6781611 out of 5
Keywords: pfsense, pfsense carp, pfsense setup, tutorial, linux, proxmox, opensource, devops, ovh, failoverip, failover ip, proxmox 5, kvm, virtualized, it security, security
Id: PwBanc4IGsI
Channel Id: undefined
Length: 23min 16sec (1396 seconds)
Published: Sun May 19 2019
Related Videos
build a home lab server with proxmox
OneMarcFifty
132K
✅ pfsense on 1 network/ethernet port PC using VLANS
Nick's Hardware
122K
Installing Plex in Proxmox CT with NFS Share
TrillasAdventures
12K
My Home Virtualization Server Running pfsense Inside of Citrix XEN Server & Autostarting VM's in XEN
Lawrence Systems
117K
Building a quality USB-C microphone
DIY Perks
636K
How to make a NAS from an old PC! Cheap! (Beginners Guide) (FreeNas 11.3-U2)
Tech Weekend
10K
Using Nginx Proxy Manager with pfSense, Proxmox, and Docker
Allen Sampsell
15K
Raspberry Pi Zero 2 W: We have a new Pi!
ExplainingComputers
221K
Road to Kubernetes - 05 - Kubernetes K3s Cluster Using K3sup Multi Master - k3s/k8s
loeken
663
Install Kasm Server in Proxmox LXC
Allen Sampsell
3.3K
XCP NG Xenserver 7.4 Install Tutorial. From bare metal to loaded VM using XenCenter
Lawrence Systems
109K
pfsense Firewall Setup and Features in Depth Version 2.4
Lawrence Systems
271K
Proxmox VE 6.0 Beginner Tutorial - Installing Proxmox & Creating a virtual machine.
Proxmox HHS
132K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.