My packages with pfSense

Another topic I want to explore from my homelab post is pfSense, which is an open source enterprise solution for network security. pfSense is so powerful to secure my network, and also very convenient to extend its usecases with packages. The key pfSense packages in my lab are HAProxy Acme Tailscale Wireguard iperf

PfSense Setup

Virtualizing pfSense Software with Hyper-V was my first step with pfSense - to build a separate router for my lab. My home internet connection is coming from a consumer router, it has minimal security level for easy daily use of home devices. This router provides the internet connection for my PC, which makes it the WAN interface for my pfSense VM. I bought a 2nd Network Card (2.5Gb), connected to my PC using a PCIe 1x lane, and this NIC is the LAN interface for my pfSense. I connect this LAN to a Switch and this Switch to other lab devices, and that's it I have a pfSense router to manage network security for my lab.

Reverse Proxy and Load Balancer

Beside the built-in Firewall and DHCP server, my pfSense also act as the Reverse Proxy and Load Balancer server, they are necessary to expose backend services.

The key package to install is HAProxy , it's a powerful tool to set up frontends to listen for network requests, and backends to route traffic from requests to my BE instances. I can also set up HAProxy to load balance between BE instances using its built-in algorithms: Round Robin, Least Connections, etc. HAProxy makes it so easy to scale my backend to multiple instances and deployed to multiple computers.

Another package to add is Acme, it helps to create and manage Let's Encrypt SSL certificates. Cloudflare has built-in SSL certificates for my public services, and Acme helps to add SSL certificates for my internal services.

It was confusing at first to set up a Reverse Proxy, but services become so easy to expose once I get used to HAProxy. Two tutorials helped me alot with my setup: pfsense + HAProxy + Let's Encrypt Howto and How To Guide For HAProxy and Let's Encrypt on pfSense: Detailed Steps for Setting Up Reverse Proxy. I later discovered another great video to understand HAProxy: HAProxy Crash Course

Other Packages

Tailscale: this helps pfSense to route traffic to other nodes of tailscale overlay network. It's possible to make pfSense a Subnet router and allow access from other nodes to the local subnet, mark pfSense as an exit node will route internet traffic of connected machines through pfSense (like a VPN server).

Wireguard: this package can be installed to manage Wireguard VPN tunnels and peers, allow dirrect connection to pfSense and act as a VPN server. Howerver, its Web UI is harder to set up if compare to wg-easy.

iperf: a useful tool to test local network speed, I install this package to make a performance server then test the spead with iperf3 -c command from client nodes.

Subscribe to vmh@me

Sign up now to get access to the library of members-only issues.
Jamie Larson
Subscribe