Installation & Setup Guide
PfSense Installation & Configuration
WiFi-CPA supports Pfsense v1.2. Pfsense can be installed two ways:
‐ ISO (Live CD)
‐ Embedded image
Downloading PfSense
Both
versions can be downloaded from the WiFi-CPA Licensing System. If you
plan on installing PfSense on Compact Flash (CF) or other flash media
please only use the embedded image (pfSense-1.2-RC1-Embedded.img.gz).
It has been optimized to perform minimal writes to disk, as CF cards
have limited write cycles. The pfSense-1.2-RC1-LiveCD-Installer.iso can
be used for running PfSense from CD or installation onto a hard disk.
It is recommended that running PfSense from a CD is only used for trial
purposes - for any production installations, the install to hard drive
option should be used.
Standard (ISO) Installation
- Restart your computer and enter your BIOS configuration screen.
- Find and turn off the Plug-and-Play OS, and any ACPI/APM options. Disable any unnecessary onboard
- devices, such as sound cards, parallel ports and internal modems.
- Change the primary boot device to your CD-ROM drive, insert the PfSense Live CD and restart your
- computer, saving the BIOS changes.
ISO installation step-by-step
A quick how to for installing PfSense using an ISO.
First
step, install a Video card, Keyboard, a CD-ROM drive, an IDE hard Disk
drive, 128MB of ram or more and at least three Network interfaces in
your target machine. Do not install any unnecessary hardware like a
modem because Pfsense cannot use it. The hardware setup for the
installation tested was Pentium Pro 200, 128MB EDO ram, Floppy 1.4MB,
Trident VGA, 4 Realtek 8139D PCI cards, ATAPI CD_ROM 24X, 2 IDE 1GB
drives. As you can see it was quite an old system but it all still
worked quite well. Pfsense was also installed on a DELL Dimension 4100
800MHz without any problems.
Next, download
pfSense-1.2-RC1-LiveCD-Installer.iso.gz from the WiFi-CPA Licensing
Manager. Once the download is complete uncompress the file and burn the
CD. Set up your BIOS to boot from the CD and then insert the CD into
the drive. Reboot the machine and watch the FreeBSD 6.2 operating
system boot up your machine. Do not worry if you cannot catch
everything that is scrolling by because you can see all of it when the
boot is complete by pressing the Scroll LOCK on your keyboard and using
the Page UP/DN keys. The boot process should stop and ask you to
configure the network interfaces. If you managed to make it that far,
the rest of the installation, most likely, will be successful.
Answer
no to the first prompt asking to setup Virtual Interface/Lan by typing
n. Now it will ask you to select the LAN interface. This is the
interface that you will attach to an Ethernet switch if more than one
computer will be accessing Pfsense to get to the internet. To select
this interface use the automatic procedure by disconnecting all
interface cables from all the network interfaces of Pfsense. Follow the
instructions on the screen and then attach the computer via an Ethernet
cable to the LAN port. Mark this interface as the LAN interface.
Next
it will ask you to select the WAN port. In a Dual Wan configuration the
Wan port is the primary wan. If you have not set up your DSL/CABLE
modem/routers yet, select an interface by specifying the name of
the
interface as shown on the display. This interface can be changed later
on. Then select the OPT1 port specifying the name of the next interface
as shown on the display. The OPT1 port will become your secondary Wan
port. Even if you have more interfaces to configure press enter at the
next interface request to end the configuration.
Pfsense
will start to load and configure itself. With a little luck, you will
pass the point where Pfsense configures the WAN interface. This is
where the interrupts are tested and checks if your hardware is set up
properly, or if you have a newer computer, it will breeze through and
arrive at the Pfsense Console Setup page. Here you will install Pfsense
to your hard disk by entering 99. If you do not make it to this page
you have a hardware compatibility problem with the FreeBSD operating
system. Installation is pretty painless, tell it to format and make a
new partition if you want everything cleaned off, and once complete
you'll see FreeBSD loading. The loading will take some time . This time
can be used to determine how you will connect the Pfsense wan ports to
the internet.
Embedded (Compact Flash) Installation
Windows
NOTE: Embedded by default boots on the 1st serial port at 9600 8N1.
WARNING:
There is a possibility to overwrite the wrong drive/device if you input
the wrong number when prompted for what drive to write to. Read this
tutorial carefully and only proceed if you are sure of what you are
doing. (On the contrary physdiskwrite will not write to disks of more
than 2 GB size, if you only have larger harddrives it is pretty safe to
use!)
You will need Manuel Kasper's phydiskwrite to write the
image to the CF card. Download it and put it in the same folder you
stored the pfSense-1.2-RC1-Embedded.img.gz, we'll assume this is
C:\pfsense.
Open a command prompt (Start -> Run... -> cmd) and 'cd' to C:\pfsense:
C:\> cd C:\pfSense
Make sure your CF card is not attached to your computer, run
'physdiskwrite a' and note the output which will look similar to this:
C:\pfSense>physdiskwrite a
physdiskwrite v0.5 by Manuel Kasper <mk@neon1.net>
Searching for physical drives...
Information for \\.\PhysicalDrive0:
Windows: cyl: 14596
tpc: 255
spt: 63
C/H/S: 16383/16/63
Model: SAMSUNG SP1203N
Serial number: S00QJ10W504631
Firmware rev.: SN100-20
Which disk do you want to write? (0..0)
Abort physdiskwrite (press ctrl+c) and attach your CF media. Run 'physdiskwrite' again, this time
specifying the image:
C:\pfSense>physdiskwrite pfSense-1.2-RC1-Embedded.img
Compare the output to the former. You will notice that a new physical
drive appeared, which will most likely be your CF media. When prompted,
input the right number and watch physdiskwrite writing the image to
your CF media. After physdiskwrite exits you can disconnect your CF
card and put it into your PfSense box.
For additional help installing Pfsense, refer to http://www.pfsense.com
The default ADMIN GUI Username & Password: Username: admin Password: pfsense
The default ADMIN SSH Username & Password: Username: root Password: pfsense
Enable SSH Access
This
section explains how to enable SSH access to your PfSense box. Note
that you normally will not need to enable this; it's typically only
used for debugging and troubleshooting purposes.
In order to enable SSH, you'll need to go under the System -> Advanced menu in the WebGUI.
At the top, there should be a setting for Enable Secure Shell.
Click the checkbox to enable SSH access (by default, it's only allowed
from your LAN subnet) and click Save. Don't forget to apply changes if
prompted.
Firewall Rules
This article explains the necessary Firewall Rules to setup to allow HTTP and Radius traffic to pass
though.
Allow TCP/UDP 1812 - 1813 to WAN (Radius)
Allow TCP/UDP 80 to WAN (HTTP)
Allow TCP/UDP 443 to WAN (HTTPS)
Don't forget to apply changes if prompted.
WiFi-CPA System Installation
WiFi-CPA Enterprise version install is simple. The installation is a single shell install script.
wifi-cpa_preinstall.sh
It can be downloaded from the WiFi-CPA Licensing System. It is advised
to do ALL system configurations from the LAN side of the router.
(default 192.168.1.1)
Uploading Installation Script
Transfer ‘wifi-cpa_preinstall.sh’ to /tmp using WinSCP.
WinSCP :: Free SFTP and FTP client for Windows - http://winscp.net/
CHMOD 755 /tmp/ wifi-cpa_install.sh using a SSH Client.
PuTTY: A Free Telnet/SSH Client - http://www.chiark.greenend.org.uk/~sgtatham/putty/
From the /tmp directory, execute ‘./wifi-cpa_preinstall.sh’.
Choose
option "15" from the terminal menu. This will download, install and
complete the installation process. The server will reboot once
completed.
WiFi-CPA System Configuration
Once WiFi-CPA Enterprise version has installed, point a browser to:
http://xxx.xxx.xxx.xxx/WiFi-CPA-Setup
License Key:
Copy
& Paste exactly as assigned in the WiFi-CPA Licensing System.
Upgrading from the 14 Day Trial is as simple as updating your License
Key.
Once the license key has been registered, the IP Address & Hostname of your server becomes registered to that Key.
WiFi-CPA URL:
This
is the URL of your WiFi-CPA Server. This can be an IP Address or FQDN
(fully qualified domain name), i.e. wifi-cpa.yoursitename.com, mapped
to an Internet routable IP address.
HeartBeat Expected Interval:
This
setting sets the “Expected Lapse” of AccessPoint HeartBeats on the
Dashboard within the ControlPanel. Setting is in minutes.
Note: This setting ONLY applys to WiFi-CPA Enterprise Broadcom Firmware.
SMTP Server:
An external SMTP Server is required for all email notifications & receipts sent out from WiFi-CPA.
(Signup, Renewal, ect) Optional SMTP Authentication is supported.
GoogleMap Key:
GoogleMaps
is a FREE service provided by Google. A GoogleMap Key is required if
you plan to use the GoogleMaps feature within WiFi-CPA. (on login
Support page) A GoogleMap Key is assigned to an IP Address or FQDN
(fully qualified domain name).
Create Additional ControlPanel Accounts:
This
allows you to create additional ControlPanel Accounts in addition to
the default account. By creating additional ControlPanel Accounts, it
makes it easy to organize multiple HotSpot Networks
Getting Started with WiFi-CPA
Once WiFi-CPA Enterprise version is configured, point a browser to:
http://xxx.xxx.xxx.xxx/WiFi-CPA-ControlPanel
If everything is configured correctly, you will be prompted to Login. The default login information:
Username: admin & Password: admin
WiFi-CPA Enterprise AccessPoint Firmware (Broadcom)
Within
the WiFi-CPA-Setup page, you will find the AccessPoint Firmware tab. As
new versions of the Enterprise Version firmware is released, your
AccessPoint Firmware page will automatically update to reflect any
changes.