PFSense Migration guide
First thing you will need to do is get into your PFSense and document EVERYTHING you want to keep/replicate on NS.
-
LAN subnet(s)
-
Guest subnet(s)
-
Special interfaces like tunnels or VLANs
-
WAN IP(s) if static and/or PPPoE credentials
-
Firewall rules in any direction between network subnets
-
Port forwarding rules
-
VPN details/credentials
-
Local network services such as DHCP/DNS IP reservations and domain names
-
Note any aliases that have been defined for port ranges or hosts
Once you are confident you have all your needed info documented in Word or some other format that is available offline you can start.
IF USING HARDWARE I STRONGLY SUGGEST USING A NEW HARD DRIVE! SET THE PFSENSE DRIVE ASIDE SO YOU CAN USE IT IF THINGS DO NOT WORK OUT.
NethServer install
Configure time zone
Hard Drive config may require you to delete the content on it by selecting “I will configure” then removing all the partitions listed and then clicking the link telling the installer to “create them automatically”
Networking My server has only 2 physical interfaces. I statically set both interfaces to private /24 networks that I do not use and connected my laptop to the port I intend to be external(red). Be sure to set both network interfaces to AUTOSTART and on the general tab “automatically connect to this network when available".
Begin Install
I only set up the root user
Post Install
Statically assign an IP from one of the private networks you setup on the interfaces to a laptop connected via ethernet to the WAN port.
Try to connect to the IP for the firewall in a web browser, for example https://192.168.1.1:9090/. If this fails change the static IP on the laptop to the other /24 and try to reach the server on that IP, for example https://192.168.2.1:9090/.
It is important to connect to the port that I wanted to be the WAN port because the LAN port in my setup uses tagged VLANs and configuring the router through the port you intend to setup for VLANs didn’t seem straight forward.
Once you are able to connect to the web interface, log in with the root user and the password created at setup.
Go to System - Network and configure your VLANs/subnets for the LAN port.
Below Network you will find DHCP. Setup the DHCP server for your VLANS all your address reservations.
At this point I could disconnect the laptop and plug the WAN cable back into my ISP fiber network terminal and continue setup from my desktop PC connecting through the VLAN interface.
Back at the System - Networking area, setup PPPoE using your ISP provided credentials and telling it to use the WAN ethernet port. At this point PPPoE will not work because you have to tell it to connect via a tagged VLAN, in my case that is VLAN 201.
Open the terminal into the firewall and issue the following commands:
db networks setprop eth? role ‘’
db networks set eth?.201 vlan role pppoe
db networks settype ppp0 xdsl
db networks setprop ppp0 linux_plugin /usr/lib64/pppd/2.4.5/rp-pppoe.so
db networks setprop ppp0 role red user ISPUSERNAME Password ISPPASSWORD
signal-event interface-update
*where the eth? is replaced with the name of your wan adapter, mine is enp2s0
The PPPoE connection should be up now.
Go to Software Center Install packages Basic Firewall and OpenVPN then update system.
Head over to Applications - Firewall - Objects and get any port ranges or subnet aliases entered.
Go to Port Forward right below Objects and input all your port forwarding settings.
At this point the firewall should be passing traffic in both directions.
Go to System - DNS and add all your custom DNS entries.
While you are on the subject of DNS you may subscribe to a dynamic DNS provider and would like to use that.
Open terminal and enter the commands below:
yum install http://mirror.de-labrusse.fr/NethServer/7/x86_64/nethserver-stephdl-1.1.7-1.ns7.sdl.noarch.rpm
yum install nethserver-ddclient –enablerepo=stephdl
Go to Applications – Dynamic DNS to setup your account.
I setup NTP at this point.
Go to System – Dashboard and click on the date and time to gain access to NTP upstream server settings.
Now that I have accurate system time I setup OpenVPN.
Applications – VPN – OVPN tunnels – Tunnel clients – Add client tunnel
My tunnel uses certificate authentication and the one “gotcha” I found was NethServer expects 3 certs in the certificate box in a particular order. The order I found works is client certificate followed by client key followed by the CA certificate.
The final step was setting up SNMP for my network monitoring application. I found out the only good way to set this up is to install the old server manager.
Head back to Software Center and install the old server manager.
Once it is installed point your browser to your firewalls IP at port 980 using HTTPS.
On the left side bar scroll down to SNMP and fill out the requested info.
FIN