Difficulties Getting Pfsense on GCP

  • I tried looking for this topic on the forums, but I couldn't find anything on it.

    I've been trying to export an instance from KVM to GCP but I haven't been successful. I've successfully gotten all of my instances recognized as bootable in Google Compute Engine, but they would not respond to SSH, web, or anything else. Connecting to the serial port via the GCP console reveals that it doesn't respond after attempting to boot up from disk 0. I've tried testing the same process with FreeBSD 10.3 and it works flawlessly; so I'm starting to think it could be because Pfsense runs on a stripped down version which could be missing some components which GCP needs (KVM seems to run them all fine though).

    I've discussed with a Google contact and he has pointed me to https://cloud.google.com/compute/docs/images/building-custom-os but I don't know how to proceed from here, having never poked into the inner workings of Pfsense despite configuring it for quite a number of deployments.

    Does anyone have any pointers on how to get the information?

    VirtIO components should be okay, since I can get my instances to boot up and run in KVM  :)

  • Did you figure this out? I'm having the same issue.

  • Hi all,
    here are all the steps I´ve done to complete the PFSense installation on a GCP instance:

    References (Credits):

    • Route Card: https://groups.google.com/forum/#!topic/gce-discussion/tPYonu9dwbc

    • nlienard: https://gist.github.com/nlienard/0ca5aa8397af6e90d70f

    • Desra Blog: http://desrablog.blogspot.co.uk/2017/11/using-t1n1wall-on-google-compute-engine.html

    • Google Cloud Documentation

    • The pfsense downloads contain a disk image inside, the instructions say that you extract it, rename it (to the convention gce expects) and compress it again.  you can do this in your cloud console or a linux system:
      wget https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img.gz
      gunzip pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img.gz
      mv pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img disk.raw
      tar -Sczf pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img.tar.gz disk.raw

    • Create an image based on the file you uploaded to the bucket:

    • Activate the serial console on the project:
      sudo ./google-cloud-sdk/bin/gcloud compute project-info add-metada –metadata=serial-port-enable

    • Create an instance and add a second disk to it:

    • Use the serial console to perform the install:
      sudo ./google-cloud-sdk/bin/gcloud compute connect-to-serial-port [INSTANCE_NAME] – zone [ZONE]

    • Install the PFSense on the second disk:

    • Create a snapshot from this disk you created:
      Create an instance from this disk:
      Use the serial to perform the setup:
      sudo ./google-cloud-sdk/bin/gcloud compute connect-to-serial-port [INSTANCE_NAME] – zone [ZONE]

    • Using the shell, disable HTTP REFERER:
      "pfSsh.php playback disablereferercheck"

    from that point on, you can access the GUI with the external IP address provided on the instance.

    Hope it helps someone.


Log in to reply