Howto: TeamSpeak 3 server in pfSense 2.0



  • Warning!!! This is probably not a good idea since most people want their firewalls to have minimal attack footprints and to be as secure as possible.
    But it is nice to have a TS server without requiring another power sucking box. :)

    1.) Download teamspeak 3 FreeBSD archive from http://www.teamspeak.com
    
    2.) Upload arcive to /root
    
    3.)  `tar -xvf teamspeak3-server_freebsd-x86-3.0.7.1.tar.gz`
    
    4.)  `mv teamspeak3-server_freebsd-x86 /usr/local/lib/`
    
    5.)  `pw user add -n teamspeak -c "TeamSpeak User" -d /usr/local/lib/teamspeak3-server_freebsd-x86 -s /usr/sbin/nologin`
    
    6.)  `passwd teamspeak`  (Set the user's password for added security even though it will not be used because the shell is nologin`
    
    7.)  `chown -R teamspeak:teamspeak /usr/local/lib/teamspeak3-server_freebsd-x86`
    
    8.)  `vi /usr/local/lib/teamspeak3-server_freebsd-x86/ts3server.sh`
    
    #!/bin/sh
    
    export LD_LIBRARY_PATH=".:$LD_LIBRARY_PATH"
    export PATH=".:$PATH"
    cd "$(dirname "${0}")"
    /usr/sbin/daemon -f -p ts3server.pid ts3server_freebsd_x86 $@
    
    9.)  `chown teamspeak:teamspeak /usr/local/lib/teamspeak3-server_freebsd-x86/ts3server.sh`
    
    10.)  `chmod 755 /usr/local/lib/teamspeak3-server_freebsd-x86/ts3server.sh`
    
    11.)  `vi /usr/local/etc/rc.d/teamspeak3-server`
    
    #!/bin/sh
    #
    # PROVIDE: teamspeak3
    # REQUIRE: DAEMON
    # KEYWORD: shutdown
    #
    # Add the following lines to /etc/rc.conf.local or /etc/rc.conf
    # to enable this service:
    #
    # teamspeak3_enable (bool):     Set to NO by default.
    #                               Set it to YES to enable teamspeak3.
    #
    
    . /etc/rc.subr
    
    name="teamspeak3"
    rcvar=`set_rcvar`
    teamspeak3_user="teamspeak"
    command="/usr/local/lib/teamspeak3-server_freebsd-x86/ts3server.sh"
    procname="ts3server_freebsd_x86"
    pidfile="/usr/local/lib/teamspeak3-server_freebsd-x86/ts3server.pid"
    
    load_rc_config $name
    run_rc_command "$1"
    
    12.)  `chmod 755 /usr/local/etc/rc.d/teamspeak3-server`
    
    13.) Disable the teamspeak server during reboot by adding "/usr/local/etc/rc.d/teamspeak3-server stop" to
         /etc/rc.reboot right before the line that says "# If PLATFORM is pfSense then remove":
    
    	example:
    		sleep 1
    
    		/usr/local/etc/rc.d/teamspeak3-server stop
    
    		# If PLATFORM is pfSense then remove
    
         Disable the teamspeak server during shutdown by adding "/usr/local/etc/rc.d/teamspeak3-server stop" to
         /etc/rc.shutdown right before the line that says "# If PLATFORM is pfSense then remove":
    
    	example:
    		export PATH
    
    		/usr/local/etc/rc.d/teamspeak3-server stop
    
    		# If PLATFORM is pfSense then remove
    
    14.)  `vi /usr/local/etc/rc.d/run_teamspeak3-server.sh`
    
    #!/bin/sh
    
    /usr/local/etc/rc.d/teamspeak3-server onestart
    
    15.)  `chmod 755 /usr/local/etc/rc.d/run_teamspeak3-server.sh`
    
    16.) Open the appropriate network ports for local and remote access to the teamspeak server:
    
    	WAN UDP 9987
    
    17.) Check the logs for your ServerAdmin privilege key:
    
    	/usr/local/lib/teamspeak3-server_freebsd-x86/logs
    
         ***Check the latest log for the key.***
    
    ex:
    	ServerAdmin privilege key created, please use the line below
    	token=v1H32gAavrEI8U718bK0WZssL9Cl39OxktQS2Q3Z
    
    18.) When connecting your Client enter this token in the "One-Time Privelege Key:" field.
    
    	You are now the Admin of this TS server.
    
    


  • This is how we upgrade the server:

    1.) Shutdown the teamspeak server:
    
    	a.) `/usr/local/etc/rc.d/teamspeak3-server stop`
    
    2.) `cd /usr/local/lib/`
    
    3.) Backup the teamspeak server:
    
    	a.) `tar -pczvf teamspeak3-server_freebsd-x86.tar.gz teamspeak3-server_freebsd-x86`
    
    4.) Verify the backup contains our server files:
    
    	a.) `tar -ztvf teamspeak3-server_freebsd-x86.tar.gz`
    
    5.) Download teamspeak 3 FreeBSD archive from http://www.teamspeak.com
    
    6.) Upload arcive to /root
    
    7.) `cd /root`
    
    8.) `tar -xzvf teamspeak3-server_freebsd-x86-3.0.8.tar.gz -C /usr/local/lib`
    
    9.) `chown -R teamspeak:teamspeak /usr/local/lib/teamspeak3-server_freebsd-x86`
    
    10.) Start the teamspeak server and verify everything works:
    
    	a.) `/usr/local/etc/rc.d/teamspeak3-server onestart`
    
    11.) If you wish to, restart the router and verify the teamspeak server starts as expected.
    


  • This sounds like something I would like to try, I am running 2 24/7 computers. My power bill is sometimes a bit high due to all my "hobbies" in light of that, I would like to make my self more efficient and run a ts3 server and pfsense on one box, if my TS3 server were to be hacked or compromised in anyway, what are the implications of this? Or I guess what I am asking, would this method still be safer than a traditional home firewall?



  • @virtualliquid:

    This sounds like something I would like to try, I am running 2 24/7 computers. My power bill is sometimes a bit high due to all my "hobbies" in light of that, I would like to make my self more efficient and run a ts3 server and pfsense on one box, if my TS3 server were to be hacked or compromised in anyway, what are the implications of this? Or I guess what I am asking, would this method still be safer than a traditional home firewall?

    Having a dedicated TS3 box would probably be safer. If you add TS3 to your pfsense box and it gets compromized the hacker could do some nasty things with your internet traffic. sniffing/DDOS stuff like that. The hacker would need to be able to compromize The OS to become root if they wanted to cause real damage of course. I do this to save power. Remember nothing is 100% safe. :)



  • I have been looking for some info on this for a while.
    Every thing worked nicely until i got to this part:

    8.)  `vi /usr/local/lib/teamspeak3-server_freebsd-x86/ts3server.sh`
    
    #!/bin/sh
    
    export LD_LIBRARY_PATH=".:$LD_LIBRARY_PATH"
    export PATH=".:$PATH"
    cd "$(dirname "${0}")"
    /usr/sbin/daemon -f -p ts3server.pid ts3server_freebsd_x86 $@
    

    i'm very new to linux/FreeBSD and i have no clue on how to get this to work.

    i did try ./ts3server_startscript.sh start and the server started and gave me my superadmin info and server admin Token.

    the server is up and running :D

    Also is there a way to make it a LAN only server? Like block anyone from connecting from the WAN interface?



  • @HooKed:

    I have been looking for some info on this for a while.
    Every thing worked nicely until i got to this part:

    8.)  `vi /usr/local/lib/teamspeak3-server_freebsd-x86/ts3server.sh`
    
    #!/bin/sh
    
    export LD_LIBRARY_PATH=".:$LD_LIBRARY_PATH"
    export PATH=".:$PATH"
    cd "$(dirname "${0}")"
    /usr/sbin/daemon -f -p ts3server.pid ts3server_freebsd_x86 $@
    

    i'm very new to linux/FreeBSD and i have no clue on how to get this to work.

    i did try ./ts3server_startscript.sh start and the server started and gave me my superadmin info and server admin Token.

    the server is up and running :D

    Also is there a way to make it a LAN only server? Like block anyone from connecting from the WAN interface?

    The vi command edits a new file. You need to enter the proceeding lines into the file.

    To make this a LAN only TS server on step 16 only open the port on the LAN and not the WAN interface.



  • Ok i will try this soon.

    I didn't know #!/bin/sh is the start of a file  ;)

    I have to update the server anyway.

    Also i haven't tried to get anyone to connect to to see if its blocked on the WAN side.
    It works very well via lan only  8)



  • @HooKed:

    Ok i will try this soon.

    I didn't know #!/bin/sh is the start of a file  ;)

    I have to update the server anyway.

    Also i haven't tried to get anyone to connect to to see if its blocked on the WAN side.
    It works very well via lan only  8)

    Unix like operating systems use the she-bang to start a script. That is how the operating system knows what shell to use when reading the script. Consider it the same as a batch script(.bat file) in windows.

    Source: http://en.wikipedia.org/wiki/Shebang_(Unix)



  • Thank you for the info :D



  • Nice :) to see more people are using Teamspeak on their PFSense box. I have created a package to install, update and manage Teamspeak using the webinterface. I have also made a few modification to run the service as a non-root user; to minimize the security risk (in similar way you are doing). I still agree on the warning; you should only use this in your home environment, never install such service in a corporate or production network!

    But I wondering if people would like to use this package?



  • @Sander88:

    Nice :) to see more people are using Teamspeak on their PFSense box. I have created a package to install, update and manage Teamspeak using the webinterface. I have also made a few modification to run the service as a non-root user; to minimize the security risk (in similar way you are doing). I still agree on the warning; you should only use this in your home environment, never install such service in a corporate or production network!

    But I wondering if people would like to use this package?

    I think it would be nice to have a package installer for Teamspeak for pfSense.

    I was thinking about doing the same thing but i don't even know how to start making a package installer.

    As soon as i can check it out i would like to see what it can do.



  • I gonna look into how to distribute this (to the packages GIT). One thing that might be a license issue: my code downloads the Teamspeak 3 binaries from their (update) servers. Teamspeak 3 is closed source, so would that be an issue? Can anyone tell if this allowed?



  • @Sander88:

    I gonna look into how to distribute this (to the packages GIT). One thing that might be a license issue: my code downloads the Teamspeak 3 binaries from their (update) servers. Teamspeak 3 is closed source, so would that be an issue? Can anyone tell if this allowed?

    I just posted on Teamspeaks forum about what you want to do. Maybe an moderator will answer soon.
    Here is the thread http://forum.teamspeak.com/showthread.php/94571-Is-This-OK-pfSense-Package-for-TS3



  • Thanks. I have sent them a message with some details about the URL we are using. So waiting for them to reply if this is allowed.



  • @Sander88:

    Thanks. I have sent them a message with some details about the URL we are using. So waiting for them to reply if this is allowed.

    I have received a response: "Thank you for contacting TeamSpeak and inquiring about direct downloading of our files. Unfortunately, we only allow our files to be downloaded by the actual individuals directly from our website because the must accept the End User License Agreement (EULA) before they are allowed to download our software. This whole process is bypassed if the software is directly downloaded by any other means, and is therefore, not allowed."

    So linking directly is not allowed; I will look into another solution. I'm thinking about letting the user download the files (some kind of archive file) manually and providing an upload form to put the files on PFSense. It would do the trick and Teamspeak is happy as users have to accept their EULA.



  • Yea I kinda figured that may be the case.

    Let me know when you get it to the testing faze, I would like to help test it out.



  • Awsome Sander88! This would be great for people who are afraid to install the manual way.



  • @HooKed:

    Yea I kinda figured that may be the case.

    Let me know when you get it to the testing faze, I would like to help test it out.

    The Teamspeak 3 package is available for testing purposes in my fork of the pfSense package GIT: https://github.com/sander1988/pfsense-packages . I made some last minute modifications to make it compatible with PFSense 2.1 and added the server upload form (as discussed earlier in this thread).

    HooKed and others please test it! ;) I'm looking forward to your feedback. Please include the PFSense version and architecture in your message when you are running into any issues. Just a little reminder: it's a first test release; so don't test it on your production box at this time as it might break things!



  • Awesome! As soon as i get a little free time i'm going to check this out.

    I do have a test pfsense server to play with. :)



  • Thanks for suggestion to make teamspeak available on pfsense. I did like op wrote. Everything is working, but there is one thing i don´t understand. Every time i restart the box, teamspeak won´t come up. I have to login (ssh) and start teamspeak manually. I can´t figure out what is going on. Would be nice if someone can help me. And how do i use the scripts from Sander88? Can u get me to the point?

    Thank you all…

    Regards



  • I installed Cron package then added this

    
    minute 	hour 	mday 	month 	wday 	who 	command
    0  	*  	*  	*  	*  	root  	/usr/local/lib/teamspeak3-server_freebsd-x86/ts3server_startscript.sh start  
    

    Your install location may be different.

    There may be a better config but this works for me.

    It seems to take a few mins for the ts server to be active after reboot but it always starts up.



  • So did i. When i start TS manually, i get this:

    ts3server.pid found, but no server running. Possibly your previously started server crashed
    Please view the logfile for details.
    Starting the TeamSpeak 3 server
    
    

    I took a look to /etc/, but did not find a startscript (rc.conf or similar). Think, thats why TS don´start at boot. OP provide a script to start Ts on boot with rc.conf, how does pfsense doing this?

    So i will test your suggestion.

    So also looks like a shutdown of the box don´t proper shutdown TS. Will see if after reboot TS is coming up…

    Just one question left, what does Sander88 script doing?

    Regards



  • @citroen:

    So did i. When i start TS manually, i get this:

    ts3server.pid found, but no server running. Possibly your previously started server crashed
    Please view the logfile for details.
    Starting the TeamSpeak 3 server
    
    

    I took a look to /etc/, but did not find a startscript (rc.conf or similar). Think, thats why TS don´start at boot. OP provide a script to start Ts on boot with rc.conf, how does pfsense doing this?

    So i will test your suggestion.

    So also looks like a shutdown of the box don´t proper shutdown TS. Will see if after reboot TS is coming up…

    Just one question left, what does Sander88 script doing?

    Regards

    Thanks for testing it.

    The package installer should create a service file for Teamspeak: /usr/local/etc/rc.d/teamspeak3.sh . PFSense normally run all the service start scripts from this directory (/usr/local/etc/rc.d/). Could you please check if this file exists in your installation? And does it have the executable permission set?



  • Found a file named "teamspeak3-server.sh" with executable rights. So i think this is the one created by the OP. I didi not test the script, cause i dont know how to do this. Thats why a ask for. How do i execute this on pfsense and what does it do?

    Thank you for your response.



  • The best thing to do at this point is to wipe your pfsense box and either start with my instructions or do the easiest thing by installing the package.



  • Dear,
    as i am new to pfsense can you give detailed description on howto install your package.
    Thanks



  • If worried about attack vectors you could try making a jail first haven't tried this package yet but https://doc.pfsense.org/index.php/PfJailctl_package You could place it in a freebsd jail.



  • @afakih:

    Dear,
    as i am new to pfsense can you give detailed description on howto install your package.
    Thanks

    afakih, do you or someone else still need any help?



  • Any news on this?  I am interested in getting a TS3 server set up on my pfSense box and I'm not sure if these instructions/packages will work on the latest pfSense version.

    ETA:  The instructions in the OP didn't work for me, or maybe I'm doing something wrong.  At the last step where I check the logs, the log directory didn't even exist so I "/usr/local/lib/teamspeak3-server_freebsd-x86/ts3server.sh start" from webGUI cmd and that produced tiny logs with barely any info in them every time I started the script.  What's an easy way to wipe everything I created with these instructions in order to avoid future issues?



  • I put the source code on GitHub a year ago. That's also the version I have been using over the last year, no issues so far  :).

    Below some steps you have to take to install the package. I will also request the PFSense maintaincers to pull my package, that would make it much easier for you to install it (just a single click).

    What you should do is:
    1. Setup a private packages server (a simple Apache server would be ok). Some docs are available on this: https://doc.pfsense.org/index.php/Creating_a_Custom_Package_Repository .
    2. Git clone my GitHub repository (https://github.com/sander1988/pfsense-packages) instead of the offical one.
    3. Install the TeamSpeak 3 package using the PFSense webinterface.
    4. Follow the TeamSpeak 3 wizard to install the server binaries (the latest version is downloaded by the enduser from TeamSpeak, there are no binaries included in my package).
    5. Configure and run the TeamSpeak 3 server using the webinterface. You can find the initial TS3 administrator token in the Teamspeak > Logs tab.
    6. Disable the custom repository and don't install any other package from my repository! All other packages in my version are really outdated. I created a copy of the official repository more than a year ago.



  • Hello. Could you please write the more detailed instruction for package teamspeak3 instalation? I tried to install local XMLRPC server and to use teamspeak3 package locally, but there is a warning appeared at my screen - it says that there is no connection with my local server. I tried to solve this problem but i failed.
    I wanted to do it the way you described in your link https://doc.pfsense.org/index.php/Creating_a_Custom_Package_Repository  , but I can't install apache just because I do not know how to do it. I googled "how to install apache for freebsd" and tried to do it according to instruction but I can't do it at Pfsense



  • Yeah I'm sticking it out until the OP instructions get updated or there is an easier way to load the package.  The web server thing looks a little complicated.



  • I am sorry for not updating as I promised. Have been super buy at work. I have another igel I can test my instructions on with the latest pfSense. I will set a reminder to try tonight.  ;)



  • Awesome, thanks!  8)



  • I opened a new thread since this one is a mess. The new thread has install scripts!! Go get em!

    https://forum.pfsense.org/index.php?topic=86681.0

    Moderators: Please close this thread.


Log in to reply