Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense on Hetzner Cloud

    Scheduled Pinned Locked Moved
    Virtualization
    4
    10
    5.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zsx
      last edited by

      Hi, I have an issue while setting up pfSense on Hetzner Cloud.
      This is the instruction I follow.
      https://community.hetzner.com/tutorials/how-to-route-cloudserver-over-private-network-using-pfsense-and-hcnetworks

      I have no problem up till "On step 4, un-check the option Block bogon networks." After I configure the next steps to "Apply the changes and go back to Interfaces -> LAN and also apply the changes", I will lose connectivity to pfSense via WAN public IP after a few moments. Please advise why this is so.

      Screenshot 2021-01-25 150929.png

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        It's when you enable the LAN interface the default allow rule moves to it as a full firewall and incoming connections on the WAN are blocked unless you have already added a firewall rule to pass them.
        You can temporarily disable the firewall at the console in order to add a pass rule to WAN from your IP. Or you should still be able to connect to pfSense from the client via the LAN.

        I can see no reason to uncheck 'block bogon networks' on the WAN. Those should be blocked as source IPs.

        Steve

        Z 1 Reply Last reply Reply Quote 0
        • Z
          zsx @stephenw10
          last edited by

          @stephenw10 Thank you. I configured OpenVPN for access to the router.
          Noted on Block bogon networks.

          1 Reply Last reply Reply Quote 0
          • B
            bsakizli
            last edited by

            Hello, I have the same problem, can you help? How can I install this build.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Which build? To where? What problem are you actually seeing?

              The problem as described here was that WAN access is blocked by the firewall rules.

              Steve

              1 Reply Last reply Reply Quote 0
              • jimpJ jimp moved this topic from Problems Installing or Upgrading pfSense Software on
              • B
                bsakizli
                last edited by bsakizli

                Thank you.. I have configured server. I have pfsense settings, I have internet access. I can ping IP addresses, but I cannot access web pages. IP addresses are active. When I enter as DNS, the pages do not open.

                https://prnt.sc/92loMjANcDoY

                There is internet on the client side, but I cannot access the websites. I may have missed something. I proceeded according to the instructions.

                I solved the problem, I entered manual DNS related to DNS, the problem was solved. But it can't get DNS by pfSense.

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  So it's a DNS problem. Is the Unbound service running on pfSense?

                  By default pfSense will pass the LAN IP to clients via DHCP to use for DNS. Is that happening?

                  Steve

                  B kiokomanK 2 Replies Last reply Reply Quote 0
                  • B
                    bsakizli @stephenw10
                    last edited by bsakizli

                    @stephenw10 pfsense LAN is not authorized to distribute IP as DHCP, Hetzner distributes IP address as DHCP. DNS service is running. I am sharing pictures. Thank you.

                    There is such information available on the official forum.

                    Add the DNS servers by adding the line dns-nameservers 213.133.100.100 213.133.99.99 213.133.98.98 to /etc/network/interfaces under the post-up line.

                    If DNS is still not working systemd-resolved ignores this parameter.

                    alt text

                    alt text

                    alt text

                    1 Reply Last reply Reply Quote 0
                    • kiokomanK
                      kiokoman LAYER 8 @stephenw10
                      last edited by kiokoman

                      i have 10.0.0.0/24 network on hetzner, the gateway is 10.0.0.1 assigned by hetzner

                      10.0.0.3/24 -> gateway 10.0.0.1 -> pfsense 10.0.0.2 -> internet
                      Internet -> pfsense 10.0.0.2 -> gateway 10.0.0.1 -> 10.0.0.3/24

                      this is what i have on my notes

                      Configure route for private networking
                      Add the following configuration to /etc/network/interfaces:

                      auto ens10
iface ens10 inet dhcp
	post-up ip route add default via 10.0.0.1 # <---- check if you have this route
        dns-nameserver 10.0.0.2

                      Add the DNS servers by adding the line dns-nameservers 10.0.0.2 to /etc/network/interfaces under the post-up line.

                      DNS needs to be configured in file /etc/systemd/resolved.conf. There should be a line like #DNS under the line [Resolve]. Un-comment the DNS line by removing the # and type in some DNS servers or use the DNS servers by Hetzner:
                      DNS=10.0.0.2
                      Save the file and restart the server.

                      on ubuntu machines you need to: first disable hetzner config on cloudinit then remove/uninstall the package cloudinit

                      Disable all services (uncheck everything except "None"): <-- this is important or you leave junk behind

                      sudo dpkg-reconfigure cloud-init

                      Uninstall the package and delete the folders

                      sudo apt-get purge cloud-init
sudo rm -rf /etc/cloud/ && sudo rm -rf /var/lib/cloud/

                      Restart the computer

                      after that you need to configure netplan.io instead of /etc/network/interfaces <------ !!!
                      https://netplan.io/examples

                      I personally uninstalled that as well and use ifupdown

                      i don't understand why ubuntu chose to replace ifupdown with netplan ... but that's another story..

                      apt remove --purge netplan.io
apt install ifupdown

                      on pfsense check if you have 2 gateway one for WAN and one for LAN, gateway for LAN on my network is 10.0.0.1

                      on pfsense you need to add the network on the access list if you want to use dns resolver like me

                      Services / DNS Resolver / Access Lists
                      Immagine.jpg
                      Immagine2.jpg
                      169.254.169.254 if i remember well it's for Hetzner Cloud CLI (hcloud) tools

                      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                      Please do not use chat/PM to ask for help
                      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                      1 Reply Last reply Reply Quote 2
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Ah, so more like a full AWS/Azure setup. That seems...complex!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post