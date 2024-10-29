The router your internet service provider (ISP) supplies with your connection to the outside world is decent enough for home usage, but with more and more devices requiring internet and households becoming busier with traffic, it may be time to retire the router for a custom solution. Enter pfSense. This old open-source firewall and router networking solution offers advanced features without the limitations of a proprietary device. While the owners and primary developers of pfSense remain committed to a free release, an optional commercial version and officially licensed hardware are available. I've thrown my old router out and created a powerful routing super box with nothing more than an NUC.

What is pfSense?

At the heart of any router software offers a wealth of tools for managing a network. From port forwarding to securing external access, you can do some cool things with a feature-rich router. The same goes for pfSense. This software is designed for high-traffic deployments, enthusiast usage, and your home. It's powerful enough that you can spend hours tinkering with various parts of the system, but it can be set up and running in less than 10 minutes. Developed and maintained by Netgate, you can download a community edition of pfSense for free and enjoy using it without paying a penny.

With pfSense installed, you'll be able to handle dynamic DNS (DDNS), configure one VPN connection for the entire LAN, and enjoy gazing at pretty graphs on the dashboard. If you're interested in finding out more about your home network and how everything works within a router and firewall, tinkering with your own pfSense installation is a great way to learn something new. Although a custom router running pfSense could be seen as overkill for your standard home LAN, it's easy to set up, can use less space than your current router, and gives you more control over how everything runs. Just remember to add a wireless access point or re-purpose your old router!

How to build a router with pfSense

First, you'll need something to run pfSense on. The system requirements are so low you could run the software on a Raspberry Pi or other single-board computer (SBC). Once you have a device at the ready, we can crack on with the installation process. Luckily, it's straightforward!

Download the latest pfSense Community Edition. (For us, it's pfSense-CE-2.7.2-RELEASE-amd64.iso.gz.) Write the downloaded image to a USB drive. Connect the USB drive to your chosen pfSense device. Power up the system with a keyboard and monitor attached. Accept the user agreement. Choose Install (default). Press enter. Choose your keyboard layout (or "keymap"). Press enter. Choose Auto (ZFS), unless you know what you're doing. Press enter. Choose Install (default). Press enter. Choose Stripe (default), unless you prefer using RAID. Press enter. Choose the drive to install pfSense on. Press enter. Confirm the reformatting of the chosen disk.

You can now remove the keyboard and monitor from the pfSense device and connect your LAN and WAN cabling to the available ports. Once powered up, pfSense should automatically create a network with the gateway 192.168.1.1. Connect your PC to the router or a switch to progress.

Load 192.168.1.1 in your browser. Sign in using the default user and password "admin" and "pfsense". Follow the quick pfSense wizard.

You're now up and running! The default settings for pfSense are good enough for running a home network. I recommend spending an hour or two browsing around all the menus and checking available documentation. One thing to note is that pfSense is ridiculously well-documented. With so many years and an active community behind it, there's no shortage of resources for getting almost anything done. So long as your interfaces are correctly configured, the DHCP server is handing out IP addresses, and nothing has been added to the firewall to block traffic, you'll be online using your custom router.

Making some more advanced changes

Protecting traffic as well as the LAN

Although pfSense is great with its default configuration, it doesn't protect everything on the network. Physically, your hardware is safe from outside attacks, but all your traffic remains available for prying eyes. That's not the fault of pfSense, but I wanted to install a VPN to fix this glaring issue. Thankfully, setting up a VPN with pfSense is straightforward. Simply download the certificate from your provider, make a few (it's fairly extensive) changes to various parts of pfSense, and you'll have a VPN protecting every device connected to your LAN. This is great for negating the need to install clients on every piece of hardware.

Another cool thing you can do with pfSense is use DDNS and reverse proxies to allow for more convenient external access. The DDNS will track your dynamic IP address and update a domain accordingly, while a reverse proxy is great for directing traffic through pfSense and your LAN to specific devices and services. With everything configured, I now have a media server, photo server, web server, game server, and Proxmox test rig available to the outside world without affecting the rest of the local network. Building your own router with software such as pfSense is a great first step in building your homelab.