I recently setup a pfSense firewall + VPN for on the go travelling. Setting it up wasn't the most straight forward path, so I've created this little tutorial to help. Looking for reasons on why you should setup a cloud firewall? Checkout this post!

  1. Create a new $5 Droplet (this is all you will realistically need), select FreeBSD 11.1 (x64) as the distribution to use.
  2. Enable Private Networking (if you have other droplets, useful) and IPv6 networking
  3. Add your SSH key
  4. Set your hostname (eg. mine is otg-cloud-fw-01)
  5. Create droplet

Once it's up, ssh into the droplet. Make sure to sign-in as root (or, someone with sudo permissions), as you will need it.

Now, let's install pfSense!

  1. You'll need to go to https://www.pfsense.org/download/ and download the AMD64 (64-bit) distribution image (curl it from server) - options: USB Memstick, VGA console

To execute, run these commands:

cd /tmp
curl -O https://{download.mirror.url.here}/
swapoff /dev/gpt/swap # disable swap
sysctl kern.geom.debugflags=0x10 # enable geom debug mode

Now that we've enabled GEOM debug mode, disabled swap, and downloaded the pfSense image, let's write it over the drive:

gunzip <pfSense.img.gz> | dd of=/dev/vtbd0 bs=512k

Now, you can execute "reboot" to restart the droplet. From here on-in you'll need to install pfSense via the Console on DigitalOcean for this droplet. Head to DigitalOcean, click on your Droplet, hit Access, then Console. Follow the installation as normal.

NOTE: Delete everything listed EXCEPT for vtbd0, vtbd0s2 and vtbd0s2a (manual installation), Highlight vtbd0 and press ‘C’ and choose ‘OK’, Select vtbd0s1 and press ‘C’, set the mount point to / and choose 'C', click 'Finish' and 'Mount', then hit 'Commit'

Lastly, select 'No' then 'Reboot'

You'll now have the pfSense web interface available to you, and can configure as necessary.

tutorial pfsense cloud digitalocean


Senior Software Engineer, Labber, Sysadmin. I make things scale rapidly. Optimize everything.

Read More