pfSense on GCP

Roma Golbraich

unread,

Jul 1, 2017, 4:41:21 PM7/1/17

to gce-discussion

Can anyone help with running pfsense on GCP?

Carlos (Cloud Platform Support)

unread,

Jul 3, 2017, 3:55:58 PM7/3/17

to gce-discussion

There is some information in this URL that might help. You might also want to make some research on how to install pfsense on KVM since GCE VMs are based on it.

Beside that I would suggest posting the issue in Stackoverflow.

Route Card

unread,

Nov 21, 2017, 9:03:26 AM11/21/17

to gce-discussion

I found these instructions and they worked for me

http://desrablog.blogspot.com/2017/11/using-t1n1wall-on-google-compute-engine.html

you change the pfsense image, create a gcp image from it , boot it and configure via serial port.

Gustavo Marrara

unread,

Nov 22, 2017, 2:00:34 PM11/22/17

to gce-discussion

Sorry, but what do you mean by change the image? The ISO file, or a disk you created on your own environment?

thanks

Route Card

unread,

Nov 24, 2017, 9:09:30 AM11/24/17

to gce-discussion

the pfsense downloads contain a disk image inside, the instructions say that you extract it, rename it (to the convention gce expects) and compress it again. you can do this in your cloud console or a linux system

wget https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img.gz
gunzip pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img.gz
mv pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img disk.raw
tar -Sczf pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img.tar.gz disk.raw

then copy to your bucket

gcloud cp pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img.tar.gz gs://mybucket

and create the image for gcp by following https://console.cloud.google.com/compute/imagesAdd

Gustavo Marrara

unread,

Nov 26, 2017, 3:44:20 PM11/26/17

to gce-discussion

Thanks Route Card!! Working perfectly!!

Gustavo Marrara

unread,

Nov 27, 2017, 5:08:21 AM11/27/17

to gce-discussion

Hi all,

here are all the steps I´ve done to complete the PFSense installation on a GCP instance:

References (Credits):

- Route Card: https://groups.google.com/forum/#!topic/gce-discussion/tPYonu9dwbc

- nlienard: https://gist.github.com/nlienard/0ca5aa8397af6e90d70f

- Desra Blog: http://desrablog.blogspot.co.uk/2017/11/using-t1n1wall-on-google-compute-engine.html

- Google Cloud Documentation

- The pfsense downloads contain a disk image inside, the instructions say that you extract it, rename it (to the convention gce expects) and compress it again. you can do this in your cloud console or a linux system:

wget https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img.gz

gunzip pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img.gz

mv pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img disk.raw

tar -Sczf pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img.tar.gz disk.raw

- Create an image based on the file you uploaded to the bucket:

- Activate the serial console on the project:

sudo ./google-cloud-sdk/bin/gcloud compute project-info add-metada --metadata=serial-port-enable

- Create an instance and add a second disk to it:

- Use the serial console to perform the install:

sudo ./google-cloud-sdk/bin/gcloud compute connect-to-serial-port [INSTANCE_NAME] -- zone [ZONE]

- Install the PFSense on the second disk:

- Create a snapshot from this disk you created:

Create an instance from this disk:

Use the serial to perform the setup:

sudo ./google-cloud-sdk/bin/gcloud compute connect-to-serial-port [INSTANCE_NAME] -- zone [ZONE]

- Using the shell, disable HTTP REFERER:

"pfSsh.php playback disablereferercheck"

from that point on, you can access the GUI with the external IP address provided on the instance.

Hope it helps someone.

Route Card

unread,

Nov 28, 2017, 3:59:09 PM11/28/17

to gce-discussion

Thats great it worked !

I see t1n1wall now has a gce image for download, that might make some steps easier if you like that distro.

for the disablereferercheck step, I didn't need it as I ssh'd into pfsense and did port forwarding to access the UI.

Gustavo Marrara

unread,

Nov 30, 2017, 10:37:27 AM11/30/17

to gce-discussion

Never used t1n1wall but worth it a try :)

thanks,

Kyle Manna

unread,

Dec 9, 2017, 8:55:56 PM12/9/17

to gce-discussion

Thanks all for the guidance here. Just used this guide for getting over some bumps and ran in to another: MTU. The MTU needs to be 1460 on Google Cloud. This may be common knowledge on this list, but it tripped me up for longer then it should have.

For anyone who comes after me, I scribbled up my notes on my blog here: https://blog.kylemanna.com/cloud/pfsense-on-google-cloud/

Jose Bisconti

unread,

Mar 14, 2018, 11:24:24 AM3/14/18

to gce-discussion

Hi All, my name is Jose, nice to meet you all.

I hope can some one clarify my question.

Regarding what we talk, i like to consult if this PFSense image can have two interfaces with different network (and zones) for each interface. I mean, i need made a FW/GW normally for this, i saw we use in similar environments two interface (WAN and LAN).

And here the question: can a PFSense have two interfaces with the WAN and LAN as DMZ. And routing to other interfaces in the same DMZ. Can that possible ?

Reply all

Reply to author

Forward