Create your own pfSense on Azure

pfSense is a widely used open-source Firewall product. Azure provides the commercial version of pfSense, but for some open-source fans, they'd like to create their own pfSense on cloud. Here is an example of how to create your own pfSense on Azure. This example requires you have a Windows 10, Windows 2016 Server, or Windows 2012R2 server, and that Hyper-V is enabled.

​Install pfSense 2.3.4 on a VHD

​Download pfSense CE 2.3.4
Create a VM with generation 1 and a 20G vhd from HyperV Manager, and install pfSense. Accept all default settings and select quick installation. Please note, using a vhd less than 20G is also okay.
After installation, log in and choose:

14) to enable sshd
8) to login shell

Install waagent​

Update pkg ('su' to become root)

# pkg upgrade

Install python, setuptools, and bash:

# pkg install -y python27-2.7.13_3
# pkg install -y py27-setuptools-32.1.0_1
# ln -s /usr/local/bin/python /usr/local/bin/python2.7
# pkg install -y bash

Download waagent (v2.2.14):

# fetch https://github.com/Azure/WALinuxAgent/archive/v2.2.14.tar.gz

untar the package, and install it:

# python setup.py install

Enable udf

Download udf.ko here or from another shared link. Please see the links at the end of this blog post for additional information.
Copy udf.ko to /boot/kernel
Add the following lines into /boot/loader.conf:

kldload udf
console="comconsole"
vfs.mountroot.timeout=300

Add autostart script for waagent

Don't forget to make it executable by "chmod +x waagent.sh"

[2.3.4-RELEASE][root@pfSense.localdomain]/usr/local/etc/rc.d: cat waagent.sh
#! /bin/sh
/usr/local/sbin/waagent –daemon
[2.3.4-RELEASE][root@pfSense.localdomain]/usr/local/etc/rc.d: chmod +x waagent.sh

Upload the VHD to Azure

Learn more about how to upload the VHD to Azure.

Links and reference

The following are udf.ko and pfsense2.3.4.vhd for your reference. The SSL certificate is self-signed, please ignore the error.

udf.ko
pfsense2.3.4

Quelle: Azure

Published by