• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

pfSense on Hetzner Cloud

Virtualization
4
10
7.0k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Z
    zsx
    last edited by Jan 25, 2021, 7:11 AM

    Hi, I have an issue while setting up pfSense on Hetzner Cloud.
    This is the instruction I follow.
    https://community.hetzner.com/tutorials/how-to-route-cloudserver-over-private-network-using-pfsense-and-hcnetworks

    I have no problem up till "On step 4, un-check the option Block bogon networks." After I configure the next steps to "Apply the changes and go back to Interfaces -> LAN and also apply the changes", I will lose connectivity to pfSense via WAN public IP after a few moments. Please advise why this is so.

    login-to-view

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by Jan 25, 2021, 2:26 PM

      It's when you enable the LAN interface the default allow rule moves to it as a full firewall and incoming connections on the WAN are blocked unless you have already added a firewall rule to pass them.
      You can temporarily disable the firewall at the console in order to add a pass rule to WAN from your IP. Or you should still be able to connect to pfSense from the client via the LAN.

      I can see no reason to uncheck 'block bogon networks' on the WAN. Those should be blocked as source IPs.

      Steve

      Z 1 Reply Last reply Jan 26, 2021, 4:28 AM Reply Quote 0
      • Z
        zsx @stephenw10
        last edited by Jan 26, 2021, 4:28 AM

        @stephenw10 Thank you. I configured OpenVPN for access to the router.
        Noted on Block bogon networks.

        1 Reply Last reply Reply Quote 0
        • B
          bsakizli
          last edited by Sep 30, 2022, 11:41 AM

          Hello, I have the same problem, can you help? How can I install this build.

          1 Reply Last reply Reply Quote 0
          • S
            stephenw10 Netgate Administrator
            last edited by Sep 30, 2022, 12:22 PM

            Which build? To where? What problem are you actually seeing?

            The problem as described here was that WAN access is blocked by the firewall rules.

            Steve

            1 Reply Last reply Reply Quote 0
            • J jimp moved this topic from Problems Installing or Upgrading pfSense Software on Sep 30, 2022, 5:20 PM
            • B
              bsakizli
              last edited by bsakizli Oct 1, 2022, 10:48 AM Oct 1, 2022, 10:13 AM

              Thank you.. I have configured server. I have pfsense settings, I have internet access. I can ping IP addresses, but I cannot access web pages. IP addresses are active. When I enter as DNS, the pages do not open.

              https://prnt.sc/92loMjANcDoY

              There is internet on the client side, but I cannot access the websites. I may have missed something. I proceeded according to the instructions.

              I solved the problem, I entered manual DNS related to DNS, the problem was solved. But it can't get DNS by pfSense.

              1 Reply Last reply Reply Quote 0
              • S
                stephenw10 Netgate Administrator
                last edited by Oct 1, 2022, 12:16 PM

                So it's a DNS problem. Is the Unbound service running on pfSense?

                By default pfSense will pass the LAN IP to clients via DHCP to use for DNS. Is that happening?

                Steve

                B K 2 Replies Last reply Oct 2, 2022, 7:59 AM Reply Quote 0
                • B
                  bsakizli @stephenw10
                  last edited by bsakizli Oct 2, 2022, 8:24 AM Oct 2, 2022, 7:59 AM

                  @stephenw10 pfsense LAN is not authorized to distribute IP as DHCP, Hetzner distributes IP address as DHCP. DNS service is running. I am sharing pictures. Thank you.

                  There is such information available on the official forum.

                  Add the DNS servers by adding the line dns-nameservers 213.133.100.100 213.133.99.99 213.133.98.98 to /etc/network/interfaces under the post-up line.

                  If DNS is still not working systemd-resolved ignores this parameter.

                  alt text

                  alt text

                  alt text

                  1 Reply Last reply Reply Quote 0
                  • K
                    kiokoman LAYER 8 @stephenw10
                    last edited by kiokoman Oct 2, 2022, 10:16 AM Oct 2, 2022, 9:46 AM

                    i have 10.0.0.0/24 network on hetzner, the gateway is 10.0.0.1 assigned by hetzner

                    10.0.0.3/24 -> gateway 10.0.0.1 -> pfsense 10.0.0.2 -> internet
                    Internet -> pfsense 10.0.0.2 -> gateway 10.0.0.1 -> 10.0.0.3/24

                    this is what i have on my notes

                    Configure route for private networking
                    Add the following configuration to /etc/network/interfaces:

                    auto ens10
iface ens10 inet dhcp
	post-up ip route add default via 10.0.0.1 # <---- check if you have this route
        dns-nameserver 10.0.0.2

                    Add the DNS servers by adding the line dns-nameservers 10.0.0.2 to /etc/network/interfaces under the post-up line.

                    DNS needs to be configured in file /etc/systemd/resolved.conf. There should be a line like #DNS under the line [Resolve]. Un-comment the DNS line by removing the # and type in some DNS servers or use the DNS servers by Hetzner:
                    DNS=10.0.0.2
                    Save the file and restart the server.

                    on ubuntu machines you need to: first disable hetzner config on cloudinit then remove/uninstall the package cloudinit

                    Disable all services (uncheck everything except "None"): <-- this is important or you leave junk behind

                    sudo dpkg-reconfigure cloud-init

                    Uninstall the package and delete the folders

                    sudo apt-get purge cloud-init
sudo rm -rf /etc/cloud/ && sudo rm -rf /var/lib/cloud/

                    Restart the computer

                    after that you need to configure netplan.io instead of /etc/network/interfaces <------ !!!
                    https://netplan.io/examples

                    I personally uninstalled that as well and use ifupdown

                    i don't understand why ubuntu chose to replace ifupdown with netplan ... but that's another story..

                    apt remove --purge netplan.io
apt install ifupdown

                    on pfsense check if you have 2 gateway one for WAN and one for LAN, gateway for LAN on my network is 10.0.0.1

                    on pfsense you need to add the network on the access list if you want to use dns resolver like me

                    Services / DNS Resolver / Access Lists
                    login-to-view
                    login-to-view
                    169.254.169.254 if i remember well it's for Hetzner Cloud CLI (hcloud) tools

                    ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                    Please do not use chat/PM to ask for help
                    we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                    Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                    1 Reply Last reply Reply Quote 2
                    • S
                      stephenw10 Netgate Administrator
                      last edited by Oct 2, 2022, 12:59 PM

                      Ah, so more like a full AWS/Azure setup. That seems...complex!

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.