Installing pfSense on SOAHost VPS

Before starting, ensure you have the following requirements:

• A SOAHost KVM VPS with at least 1GB RAM (2GB recommended)
• Root access to your VPS
• Basic understanding of networking concepts
• SSH client for remote access
• VNC or console access through SOAHost control panel

Initial VPS Setup

1. Order your VPS: Choose a KVM-based plan from SOAHost with sufficient resources
2. Access your VPS: Use the provided IP address and root credentials to SSH into your server
3. Update the system: Run initial updates on your base OS

# For Debian/Ubuntu base
apt update && apt upgrade -y

# For CentOS/RHEL base
yum update -y

Configure Virtual Network Interfaces

Since pfSense expects separate WAN and LAN interfaces, you'll need to configure additional network interfaces:

# Check current network configuration
ip addr show

# Create additional virtual interface (example for Debian/Ubuntu)
cat >> /etc/network/interfaces << EOF

# Virtual LAN interface
auto eth0:1
iface eth0:1 inet static
address 192.168.1.1
netmask 255.255.255.0
EOF

Download pfSense ISO

# Create working directory
mkdir -p /opt/pfsense
cd /opt/pfsense

# Download latest pfSense CE ISO (adjust URL for current version)
wget https://www.pfsense.org/download/mirror.php?section=downloads

# Verify the download
sha256sum pfSense-*.iso

Prepare Installation Environment

For VPS installation, you'll typically need to:

1. Mount the ISO: Use your VPS provider's control panel to mount the pfSense ISO
2. Boot from ISO: Configure your VPS to boot from the mounted ISO
3. Access console: Use VNC or similar console access provided by SOAHost

Boot and Initial Setup

1. Boot from ISO: Restart your VPS and boot from the pfSense ISO
2. Choose Installation: Select "Install pfSense"
3. Disk Configuration: Choose your VPS disk for installation
4. Complete Installation: Follow the installation wizard

Post-Installation Configuration

After installation completes:

# Remove the ISO mount
# Reboot the system
reboot

The system will boot into pfSense and present you with interface assignment options.

Interface Assignment

When prompted, configure your interfaces:

WAN interface: vtnet0 (your primary VPS interface)
LAN interface: vtnet1 (virtual interface or secondary IP)

Initial Network Setup

1. Set WAN Interface: Configure with your VPS public IP, set gateway to your VPS provider's gateway, configure DNS servers
2. Set LAN Interface: Use private IP range (192.168.1.1/24), enable DHCP if desired

Example Network Configuration

WAN (vtnet0):
- IP Address: [Your VPS Public IP]
- Subnet Mask: /24 (typically)
- Gateway: [Provider Gateway]
- DNS: 8.8.8.8, 1.1.1.1

LAN (vtnet1):
- IP Address: 192.168.1.1
- Subnet Mask: 255.255.255.0 (/24)
- DHCP Range: 192.168.1.100 - 192.168.1.200

Basic Firewall Rules

# Allow LAN to WAN (default)
Action: Pass
Interface: LAN
Source: LAN subnets
Destination: any

# Block private networks on WAN
Action: Block
Interface: WAN
Source: RFC1918 networks
Destination: any

# Allow specific services
Action: Pass
Interface: WAN
Protocol: TCP
Destination Port: 443 (HTTPS admin)

DHCP Configuration

DHCP Server Settings:
- Range: 192.168.1.100 - 192.168.1.200
- DNS Servers: 8.8.8.8, 1.1.1.1
- Domain: local.domain
- Lease Time: 24 hours

Enable Web Configurator

1. Set Admin Password: Configure during initial setup
2. Access Web Interface: Navigate to https://[LAN_IP]:443
3. Complete Wizard: Run through the initial configuration wizard

Security Considerations

# Change default passwords
# Enable HTTPS with proper certificates
# Configure appropriate firewall rules
# Limit administrative access

Use Case 1: VPN Server

Transform your pfSense VPS into a VPN server:

1. Install OpenVPN Package: Navigate to System → Package Manager, Install OpenVPN Client Export package
2. Configure OpenVPN Server: Go to VPN → OpenVPN → Servers, Create new server configuration, Generate certificates
3. Export Client Configurations: Use Client Export tab to generate .ovpn files

Use Case 2: Site-to-Site VPN

Connect remote networks:

1. Configure IPsec Tunnel: Navigate to VPN → IPsec, Create Phase 1 and Phase 2 configurations, Exchange pre-shared keys or certificates
2. Set Up Routing: Configure static routes, Adjust firewall rules for tunnel traffic

Use Case 3: Load Balancer

Distribute traffic across multiple servers:

1. Configure Virtual IPs: Go to Firewall → Virtual IPs, Add VIP for load balancing
2. Set Up Server Pool: Navigate to Services → Load Balancer, Define server pools and health monitoring
3. Create Load Balance Rule: Configure load balancing algorithm, Set up failover options

System Monitoring

Access monitoring tools through:

• Status → System Logs: View system and firewall logs
• Status → Monitoring: Real-time traffic graphs
• Diagnostics → Traffic Capture: Packet analysis

Regular Maintenance Tasks

# Update pfSense regularly
# Monitor resource usage
# Review firewall logs
# Backup configuration files
# Test disaster recovery procedures

Performance Optimization

For VPS deployments:

1. Resource Allocation: Monitor CPU and memory usage, Adjust VPS plan as needed
2. Network Optimization: Tune network buffers, Optimize firewall rules, Use traffic shaping if needed

Configuration Backup

1. Manual Backup: Go to Diagnostics → Backup & Restore, Download configuration XML
2. Automated Backup: Install AutoConfigBackup package, Configure automatic cloud backups

Disaster Recovery

# Document recovery procedures
# Test restoration process
# Maintain offline configuration copies
# Plan for VPS provider outages

Hardening Your Installation

1. Change Default Credentials: Never use default passwords
2. Enable HTTPS: Use SSL certificates for web interface
3. Limit Admin Access: Restrict administrative interface access
4. Regular Updates: Keep pfSense updated to latest version
5. Monitor Logs: Regularly review system and security logs

Firewall Rule Best Practices

# Default deny policy
# Least privilege principle
# Regular rule audits
# Proper rule documentation
# Geographic blocking if needed