PFsense on VMWare ESXi setup zerotier
Mau paham tentang PFsense on VMWare ESXi setup zerotier, hanya disiniaja
PFsense on VMWare ESXi setup zerotier
Pre-reqs
1. PFsense with installed packages
• Cron
• Open-VM-Tools
2. PFsense package to support zerotier.
The binary package is part of the FreeBSD ports and in PFsense versions you can build from the distribution's repository. For this tutorial in another post.
For PFsense 2.7.2-RELEASE (amd64)
FreeBSD 14.0-CURRENT
USED THIS FILE (download here)
3. Putty & WINSCP installed on your Windows PC
4. Familiar with WEBGUi PFsense interfaces, putty and winscp
Install and configure pfSense
Open putty and login with root
pkg-static upgrade -f pkg
On PFsense webgui set
System>Advanced>System Tunables
net.link.tap.up_on_open=1
and
net.ipv4.ip_forward=1
SAVE & APPLY CHANGES
then reboot
Disable local packages:
Open winscp
Edit /usr/local/etc/pkg/repos/pfsense.conf
FreeBSD: { enabled: yes }
pfSense-core: {
url: "pkg+https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core",
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/local/share/pfSense/keys/pkg",
enabled: no
}
pfSense: {
url: "pkg+https://pkg.pfsense.org/pfSense_v2_7_2_amd64-pfSense_v2_7_2",
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/local/share/pfSense/keys/pkg",
enabled: no
}
Edit /usr/local/etc/pkg/repos/FreeBSD.conf
FreeBSD: { enabled: yes }
open putty by root
pkg install net/zerotier
echo zerotier_enable=\"YES\" >> /etc/rc.conf.local
cd /usr/local/etc/rc.d/
ln -s zerotier zerotier.sh
/usr/local/etc/rc.d/zerotier.sh start
/usr/local/etc/rc.d/zerotier.sh status
Open browser then go to zerotier.com and get network ID
/usr/local/bin/zerotier-cli join your networkID
go to zerotier.com check new interfaces
Go back to the pfSense WEB interface and go to “Interfaces” -> “Assignments” . Under “Available network ports” the VPN interface will be listed. Click on “Add” ;
AND SAVE
add new ZT interfaces
Interfaces / ZT (ztaugau91nl4o1e)
Description : ZT
IPv4 Configuration Type : None
IPv6 Configuration Type : None
SAVE & APPLY CHANGES
Upload file pfSense-pkg-zerotier-0.00.1.pkg pfSense package to support zerotier.
For build this package tutorial another post in here.
then Install packages
cd /tmp
pkg add -f pfSense-pkg-zerotier-0.00.1.pkg
by WINSCP edit /usr/local/pkg/zerotier.inc
function zerotier_sync() {
global $config;
$zerotier_config = $config['installedpackages']['zerotier']['config'][0];
if(!($zerotier_config['enable'])) {
if(is_process_running("zerotier")) {
stop_service("zerotier");
}
return;
}
if(is_process_running("zerotier")) {
stop_service("zerotier");
}
start_service("zerotier");
}
AFTER EDIT
function zerotier_sync() {
global $config;
start_service("zerotier");
}
Create alias for netlocal and zeronet
and Port alias for ZT
Setting NAT OUTBOUND
SAVE & APPLY CHANGES
Add New Mapping
Then SAVE > Apply Changes
Make Dummy GATEWAY FOR ZT Interface
Create Firewall rules for All Interfaces
For Rule ZT interface
if PFsense with multiple GW, click on DIsplay Advanced and set to your current GW Group
For Rule WAN1 interface
For Rule WAN2 interface
For Rule LAN interface
Move firewal for Dummy Gateway to the top LAN RULES
For sample, make Port Forwarding MS RDP to your current windows
Add new alias for your current windows
ADD NEW NAT FOR MSRDP
SAVE & APPLY CHANGES
Then Go to Firewall for your New Zerotier interface
Firewall / Rules / ZT(NEW INTERFACES ZEROTIER)
Drag to change top firewall rule for NAT ZT for RDP
Then SAVE
To implement autorun, create service cron.
Minute : @reboot
User : root
Command : /usr/local/etc/rc.d/zerotier.sh start
Reboot and test connection
OK REBOOT YOUR PFSENSE THEN TEST WHAT YOU WANT
http://ZEROTIER-IP:port/
SEE YOU………..
You can watch this lesson on YouTube to understand better. Don't forget to help our channel to develope further so that, there is nothing that can't be done except https://disiniaja.id.
What's Your Reaction?
