How I built a powerful custom router using pfSense

The router that your Internet service provider (ISP) provides for your connection to the outside world is sufficient for home use, but as more devices rely on the Internet and data traffic in homes increases, it may be time to consider the router for Retiring a custom router solution. Enter pfSense. This legacy open source firewall and router networking solution offers advanced features without the limitations of a proprietary device. While the owners and lead developers of pfSense remain committed to a free release, a commercial version and officially licensed hardware are optionally available. I threw away my old router and created a powerful routing superbox using nothing more than a NUC.




What is pfSense?

pfsense

At the heart of any router software is a wealth of tools for managing a network. From port forwarding to securing external access, you can do some cool things with a feature-rich router. The same applies to pfSense. This software is designed for high traffic use, enthusiast use, and your home. It's powerful enough that you can spend hours tinkering with different parts of the system, but it can be up and running in under 10 minutes. Developed and maintained by Netgate, you can download and enjoy a community edition of pfSense for free without paying a cent.


With pfSense installed, you can handle dynamic DNS (DDNS), configure a VPN connection for the entire LAN, and view beautiful graphics on the dashboard. If you want to learn more about your home network and how everything works within a router and firewall, tinkering with your own pfSense installation is a great way to learn something new. Although a custom router with pfSense might be considered overkill for your standard home LAN, it's easy to set up, takes up less space than your current router, and gives you more control over how everything runs. Think about adding a WiFi access point or repurposing your old router!

Related

3 reasons why you don't need to create your own firewall with pfSense or OPNsense

It goes against my nature, but here are some reasons why you don't need to build your own router.


How to build a router with pfSense

Added firewall NAT outbound rule for pfSense

First, you need something to run pfSense on. The system requirements are so low that you could run the software on a Raspberry Pi or other single-board computer (SBC). Once you have a device ready, we can begin the installation. Luckily it's straightforward!

  1. Download the latest pfSense Community Edition. (For us it is pfSense-CE-2.7.2-RELEASE-amd64.iso.gz.)
  2. Write the downloaded image in a USB drive.
  3. Connect the USB drive to your chosen pfSense device.
  4. Turn on the system with the keyboard and monitor connected.
  5. Accept that User Agreement.

  1. Choose Install (Standard).
  2. Press input.
  3. Choose yours Keyboard layout (or “keymap”).
  4. Press input.
  5. Choose Auto (ZFS)unless you know what you're doing.

  1. Press input.
  2. Choose Install (Standard).
  3. Press input.
  4. Choose stripes (default), unless you prefer to use RAID.
  5. Press input.
  6. Choose the one drive to install pfSense on it.
  7. Press input.
  8. Confirm reformatting the selected hard drive.


You can now remove the keyboard and monitor from the pfSense device and connect your LAN and WAN cabling to the available ports. After powering on, pfSense should automatically create a network with the gateway 192.168.1.1. Connect your PC to the router or a switch to continue.

  1. Load 192.168.1.1 in your browser.
  2. Log in with the default user and password “admin” and “pfsense”.
    Sign up for pfSense

  3. Follow the quick pfSense assistant.


Now you can get started! The default settings for pfSense are sufficient for operating a home network. I recommend spending an hour or two browsing through all the menus and reviewing the available documentation. One thing to note is that pfSense is incredibly well documented. With so many years and an active community behind it, there is no shortage of resources to get almost anything done. As long as your interfaces are configured correctly, the DHCP server is assigning IP addresses, and nothing has been added to the firewall to block traffic, you will be online through your custom router.

Make some more advanced changes

Protection of data traffic and the LAN

Although pfSense is great with its default configuration, it doesn't protect everything on the network. Physically, your hardware is protected from outside attacks, but all your data traffic remains accessible to prying eyes. This isn't pfSense's fault, but I wanted to install a VPN to fix this glaring issue. Luckily, setting up a VPN with pfSense is straightforward. Simply download the certificate from your provider, make a few (quite extensive) changes to various parts of pfSense, and you'll have a VPN that protects every device connected to your LAN. This is ideal as it eliminates the need to install clients on each piece of hardware.


Another cool thing you can do with pfSense is use DDNS and reverse proxies to provide more convenient external access. The DDNS tracks your dynamic IP address and updates a domain accordingly, while a reverse proxy is great for routing traffic to specific devices and services via pfSense and your LAN. With everything configured, I now have a media server, a photo server, a web server, a gaming server and a Proxmox test device available to the outside world without affecting the rest of the local network. Building your own router with software like pfSense is a great first step in building your home lab.

Related

Here's how to stop everyone from spying on you with a VPN and pfSense

Set up and run your own VPN across your entire home network.

Leave a Comment