Accessing the PFSENSE console in an AWS instance
-
Greetings,
As some of you might remember a power surge disabled my SG-2440 while I was in the process of reconfiguring it a few weeks ago...
So, I am now currently evaluating PFSENSE on the AWS cloud (no vulnerable hardware to maintain) a rather nice offering.
I can access the PFSENSE GUI via putty but the default user/password do not work, I have to reset via the CONSOLE. How do I access the CONSOLE in the cloud via putty as I did my old SG-2440?
I have loads of documentation, perhaps a new keypair for SSH etc. so I could use some help, I am by no means a networking or security expert.
Thank you,
Jean-Pierre (JP)
-
There is now serial console access in AWS. Go to the instance then Actions > Monitor and Troubleshoot > EC2 Serial Console.
-
Hello Stephen,
It is nice to be in touch with you again.
In parallel I am trying to find a local electronics shop to quote the fried "Marvell 88E1543" IC replacement part and installation (a challenge).
I will let you know on both accounts, thank you for the help.
Jean-PIerre (JP)
-
-
Success?
-
Hello Stephen,
One small step for me, one giant leap for my security! LOL
Yes, I was able to access the serial console on AWS, it was a lot easier than with SSH, thank you for the help.
I changed the login credentials, accessed pfsense in the CLOUD and I am in the process of configuring it (load packages, etc.). I don´t khow to or if configuring the LAN interfaces is a requirement to configuring the VPN.
So I am reading the documentation to complete the setup and start enjoying the added protection.
Any and all tips are wellcome, thank you.
Jean-Pierre (JP)
PS As far as the SG-2440, like I said a challenge finding someone competent and willing to replace the IC ... no progress there.
-
You only need one NIC configured to act as an VPN server.
-
@stephenw10 Sure, I don't have a pro installation, no secondary NIC on my equipment nor in the cloud, just trying to figure out the difference between setting up a LAN on my local network vs LAN in the AWS cloud.
-
Deppends what your goal is here really?
-
Stephen,
Thank you for the response, I realize I should probably open a new thread.
I am trying the PFSENSE on AWS Software as a Service.
I am by no means an expert at security/networking, I am just trying to protect my home office, dealing with a considerable learning curve, several unexpected problems e.g. my SG-2440 is fried, etc.
I am getting help from directly from NETGATE tomorrow but I am doing my homework and might set it up by myself, I got this far didn´t I, it can´t be that complicated, there are instructions for everything.
Thank you.
Jean-Pierre
-
Hmm, well to use a cloud based firewall like that you would need to redirect all your traffic through it. That means setting up a VPN from AWS to something at your home office, usually a router there.
Running pfSense in AWS would usually be as a VPN server or to protect other VMs running in AWS behind it.
-
@stephenw10 Hello Stephen, that is correct, however, the VPN software can run on your local machine, no need for hardware there. I will send a diagram as soon as I find it.
-
Yes, you can certainly do that. A lot of people setup something like that for connecting back to when using public wifi etc
-
@stephenw10 Yes. I am doing this because 1. My SG-2440 is fried 2. When I succeed I take the service with me wherever I go (hardware independence). Obviously, it is much better to have a router in the cloud and on premise, that is why I am fixing my SG-2440. Also, I can help others I already have a couple of people interested. See the possible architectues below. FYI .png](/assets/uploads/files/1726448505763-image-1-resized.png)
image url)) -
@dareys
Is that what are you looking for?Has the microchip already been desoldered? Theoretically, the firewall should already be loading if the problem was indeed in the chip.
-
@w0w No, it has not, I will be getting the device back this week.
-
Indeed as I said on the other thread, a bad PHY would not stop the console working or the BIOS POSTing. It's almost certainly a bad CPU IMO.
-
@stephenw10 Thank you for the feedback. In other words, not worth the time to continue troubleshooting?
-
Probably not. Unfortunately.
Other than for interest.
-
I understand. A good side project, time permitting, as well as an opportunity to learn more about hardware. ...
