Don’t you feel safe while working from home remotely? Do you need to access your home network resources via VPN when you’re away? Don’t you use VPN to your company all the time? Do you want to block ads while surfing on the web? Does your router provided by the ISP suck? If yes, don’t wait to install your own Firewall at home for free! 

Read More on what is and why you should have a Firewall at home: https://us.norton.com/internetsecurity-emerging-threats-what-is-firewall.html

pfSense is a free and open source firewall computer software distribution based on FreeBSD. You can install it almost on any hardware that meets your requirements. 

I have decided to buy a bare metal server to replace my Funbox 3.0 provided by my ISP – Orange. I’ve got FTTH (Fibre to the home), hence I had to ask the ISP to provide ONT (Optical Network Terminal), which in the short term translates light signals from the fibre optic into electronic signals – ethernet (See picture below).

Bear in mind you cannot use your own ONT. ISPs validate all the connected ONTs by their S/Ns. They can verify S/Ns with the help of protocols called PLOAM & OMCI. I have decided to buy the below hardware.

It can be found on Aliexpress under the following name: BKHD G40-4L-WIF.

The most important specifications:

8GB of RAM is an overkill for home use, however the difference in price between 4GB and 8GB is worth grabbing the 8GB. 

Installation

1. Go to https://www.pfsense.org/download/ and download the latest version of PfSense

2. Create a bootable USB using Rufus: https://rufus.ie/en/
3. Connect the box to the monitor via either HDMI or VGA and plug the USB keyboard & pendrive. Connect the LAN2 port to your Laptop/PC for the GUI Access. By default it’s 192.168.1.1.
4. Accept the agreements.

5. Install pfSense

6. You can choose your keyboard settings

7. Continue with Auto (ZFS)

8. Press Install

9. Choose stripe as we don’t have any redundancy

10. For the sake of this tutorial I have used my VmWare ESXI 6.5 to go with you step by step as I have configured my PfSense a while ago. You would have different, just one disk to use. Tick it and press OK. 

11. Confirm by pressing YES and the installation of PfSense will start. 

12. If you don’t have any experience with pfSense just press NO
    
13. The last step is to reboot the box. 

14. After the reboot you should see your connected interface as igb1 (which is in my case em0 as I am using ESXI 6.5 for demonstration). You will also get a prompt about VLANs creation. Press no. We will do it later.

15. Now specify your WAN interface. It will be igb0. (For me it’s em0).
16. For the LAN interface please put “igb1” and then proceed with “y”. 
17. Now access the GUI using the browser on http://192.168.1.1 default credentials are username: admin password: pfsense. You can go through the Wizard. 
18. You can name your Firewall and set the domain if you have any. For DNS I personally use Cloudflare. To don’t Override your DNS servers once you connect your FW to the ONT untick “Override DNS”.

19. Now you can specify your NTP Server to provide the time. I just use the default one which works just fine. 

20. For the next step you need to ask your ISP for login details and VLAN that they use. I use Orange which uses PPPoE and VLAN 35.

21. Choose PPPoE. Scroll down and provide your PPPoE username and password. Make sure you tick “Block RFC1918 Private Networks” The rest just leave as default.

22. In the next step you just need to set up your admin password for entering the pfSense, after it just reload the box with your new configuration. 
23. Now let’s configure the WAN interface. go to the Interfaces -> Assignments -> VLANs. Press add to create a new VLAN as below. (Here I am using my own pfSense so you can see it’s now igb0 as it should be).
    
24. Now go back to Interface Assignments and choose igb0.35 for the WAN Interface
25. Let’s configure the LAN interface. Interfaces -> LAN.

Change the address of the interface to the static one. We can take 192.168.1.1 (Bear in mind your router will be replaced soon).

26. We are ready to set up the DHCP scope. Services -> DHCP Server. We will just change the basic configuration under General Options as per below:

27. Congratulations! You can now replace your Funbox Router from Orange with yours!