pfSense on Hetzner Cloud
-
Hi, I have an issue while setting up pfSense on Hetzner Cloud.
This is the instruction I follow.
https://community.hetzner.com/tutorials/how-to-route-cloudserver-over-private-network-using-pfsense-and-hcnetworksI have no problem up till "On step 4, un-check the option Block bogon networks." After I configure the next steps to "Apply the changes and go back to Interfaces -> LAN and also apply the changes", I will lose connectivity to pfSense via WAN public IP after a few moments. Please advise why this is so.
-
It's when you enable the LAN interface the default allow rule moves to it as a full firewall and incoming connections on the WAN are blocked unless you have already added a firewall rule to pass them.
You can temporarily disable the firewall at the console in order to add a pass rule to WAN from your IP. Or you should still be able to connect to pfSense from the client via the LAN.I can see no reason to uncheck 'block bogon networks' on the WAN. Those should be blocked as source IPs.
Steve
-
@stephenw10 Thank you. I configured OpenVPN for access to the router.
Noted on Block bogon networks. -
Hello, I have the same problem, can you help? How can I install this build.
-
Which build? To where? What problem are you actually seeing?
The problem as described here was that WAN access is blocked by the firewall rules.
Steve
-
J jimp moved this topic from Problems Installing or Upgrading pfSense Software on
-
Thank you.. I have configured server. I have pfsense settings, I have internet access. I can ping IP addresses, but I cannot access web pages. IP addresses are active. When I enter as DNS, the pages do not open.
https://prnt.sc/92loMjANcDoY
There is internet on the client side, but I cannot access the websites. I may have missed something. I proceeded according to the instructions.
I solved the problem, I entered manual DNS related to DNS, the problem was solved. But it can't get DNS by pfSense.
-
So it's a DNS problem. Is the Unbound service running on pfSense?
By default pfSense will pass the LAN IP to clients via DHCP to use for DNS. Is that happening?
Steve
-
@stephenw10 pfsense LAN is not authorized to distribute IP as DHCP, Hetzner distributes IP address as DHCP. DNS service is running. I am sharing pictures. Thank you.
There is such information available on the official forum.
Add the DNS servers by adding the line dns-nameservers 213.133.100.100 213.133.99.99 213.133.98.98 to /etc/network/interfaces under the post-up line.
If DNS is still not working systemd-resolved ignores this parameter.
-
i have 10.0.0.0/24 network on hetzner, the gateway is 10.0.0.1 assigned by hetzner
10.0.0.3/24 -> gateway 10.0.0.1 -> pfsense 10.0.0.2 -> internet
Internet -> pfsense 10.0.0.2 -> gateway 10.0.0.1 -> 10.0.0.3/24this is what i have on my notes
Configure route for private networking
Add the following configuration to /etc/network/interfaces:auto ens10 iface ens10 inet dhcp post-up ip route add default via 10.0.0.1 # <---- check if you have this route dns-nameserver 10.0.0.2Add the DNS servers by adding the line dns-nameservers 10.0.0.2 to /etc/network/interfaces under the post-up line.
DNS needs to be configured in file /etc/systemd/resolved.conf. There should be a line like #DNS under the line [Resolve]. Un-comment the DNS line by removing the # and type in some DNS servers or use the DNS servers by Hetzner:
DNS=10.0.0.2
Save the file and restart the server.on ubuntu machines you need to: first disable hetzner config on cloudinit then remove/uninstall the package cloudinit
Disable all services (uncheck everything except "None"): <-- this is important or you leave junk behind
sudo dpkg-reconfigure cloud-initUninstall the package and delete the folders
sudo apt-get purge cloud-init sudo rm -rf /etc/cloud/ && sudo rm -rf /var/lib/cloud/Restart the computer
after that you need to configure netplan.io instead of /etc/network/interfaces <------ !!!
https://netplan.io/examplesI personally uninstalled that as well and use ifupdown
i don't understand why ubuntu chose to replace ifupdown with netplan ... but that's another story..
apt remove --purge netplan.io apt install ifupdownon pfsense check if you have 2 gateway one for WAN and one for LAN, gateway for LAN on my network is 10.0.0.1
on pfsense you need to add the network on the access list if you want to use dns resolver like me
Services / DNS Resolver / Access Lists
169.254.169.254 if i remember well it's for Hetzner Cloud CLI (hcloud) tools -
Ah, so more like a full AWS/Azure setup. That seems...complex!
