Things I learn’t while installing the pfsense
The VHD for import into Azure has to be specially configured. A good blog article with screen shots is https://www.christofvg.be/2019/01/12/pfSense-on-Azure-Part-1-Create-pfSense-Virtual-Machine/
VHD format, Fixed Size
When you add it to the VM remove checkpointing
Powershell script to import the pfsense VHD
When creating the VM in Azure make sure you define the NICs in the right order (WAN nic first). To have a 2 NIC pfsense install you need to create the VM using powershell see below
This assumes you have created a storage account and virtual network with two subnets “frontend” and “backend”
$storageAccountName = "tgnmystorage"
$publicIpName = "tgn-mypublicip-01"
$pfsenseResourceGroupName = "tgn-resourcegroup-01"
$vnetResourceGroup = "tgn-resourcegroup-01"
$storageAccount = Get-AzStorageAccount -Name $storageAccountName -ResourceGroupName $pfsenseResourceGroupName
$storageAccountId = $storageAccount.Id
$location = $storageAccount.PrimaryLocation
$vmName = "tgn-mypfsense-vm"
$vmSku = "Standard_B1ms"
$frontendSubnet = "frontend"
$backendSubnet = "backend"
$vnetName = "tgn-pfsense-vnet-01"
# storage account append the SAS to this url if you are copying from another Account
$vhd = "https://tgnmystorage.blob.core.windows.net/pfsense/PFS-VHD-03.vhd"
$diskConfig = New-AzDiskConfig -SkuName Standard_LRS -Location $location -CreateOption Import `
-StorageAccountId $storageAccountId `
-SourceUri $vhd
$managedDiskName = "mypfsense_disk1"
New-AzDisk -Disk $diskConfig -ResourceGroupName $pfsenseResourceGroupName -DiskName $managedDiskName
$disk = Get-AzDisk -DiskName $managedDiskName -ResourceGroupName $pfsenseResourceGroupName
$vnet = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $vnetResourceGroup
$frontendId = (Get-AzVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name $frontendSubnet).Id
$backendId = (Get-AzVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name $backendSubnet).Id
$virtualMachine = New-AzVMConfig -VMName $vmName -VMSize $vmSku
$pubip = New-AzPublicIpAddress -Name $publicIpName -ResourceGroupName $pfsenseResourceGroupName `
-Location $location -AllocationMethod Dynamic
$virtualMachine = Set-AzVMOSDisk -VM $virtualMachine -ManagedDiskId $disk.Id -CreateOption Attach -Linux
$frontendNic = New-AzNetworkInterface -Name tgn-pfs-frontend-nic -ResourceGroupName $pfsenseResourceGroupName `
-Location $location -SubnetId $frontendId -PublicIpAddressId $pubip.Id
$backendNic = New-AzNetworkInterface -Name tgn-pfs-backend-nic -ResourceGroupName $pfsenseResourceGroupName `
-Location $location -SubnetId $backendId
$virtualMachine = Add-AzVMNetworkInterface -VM $virtualMachine -Id $frontendNic.Id -Primary
$virtualMachine = Add-AzVMNetworkInterface -VM $virtualMachine -Id $backendNic.Id
Set-AzVMBootDiagnostic -VM $virtualMachine -Enable
New-AzVM -VM $virtualMachine -ResourceGroupName $pfsenseResourceGroupName -Location $location
Here is a list of URLs I used to get the Community Edition PFSense working on Azure
https://www.christofvg.be/2019/01/12/pfSense-on-Azure-Part-2-Install-pfSense/
https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-mschapv2.html
0 Comments