Security & Anonymization: pfSense Router

Seite_0_Router

Security & Anonymization is not an easy task and often frustatrating. It took hours to fiddle out how it can be working. This is the 2nd post about Anonymisation. The first post you can see here: Hardware Anonymisation (with an OpenWRT/Tomato Router). This new post is about “pfSense” with an APU 1D4 Router. With pfSense you can add easily the Snort IDS (Intrusion Detection System and prevention toolkit).

 

What you need:

APU 1D4 Router + Aluminium Case (for cooling!) ~200€
– pfSense 2.2.2 image file (4 GB)
– SDCard (I’ve used a 8 GB Class 10 SDCard)
– USB/RS232 Interface + Null Modem Cable
– System Settings File (attached to this post)


Installation Guide (10 Steps):

1. Download the pfSense Image (Download ,  AMD64, Embedded NanoBSD, Serial, 4 GB), write the pfSense image to the SDCard (with a flash app like this: RasPiFlasher) and put it in the internal SDCard slot
2. Connect your USB/RS232 Adapter with your computer (USB Port)
3. Connect the USB/RS232 Adapter and the APU Router with the Null Modem Cable
4. Open a Terminal app to connect the APU Router and select: 115200/8N1
5. Power on the APU Router and wait a while (maybe 1 minute)
6. After some time you will see the initial sequence with some questions

seite25

7. Answer the Questions:

VLAN: n
WAN: re0
LAN: re1
OPT1: re2
OPT2: <enter>

8. Then you will hear a “beep” and see the pfSense Menu.
9. Open a browser and type: 192.168.1.1

Enter the Login Name and Password: admin / pfsense
Now you can change the pfSense settings via hand… or …

10. You can import the Settings via config file (see attachment)

 

 

 

Here are the Settings for the privatevpn.com provider (Pictures):

 

1. VPN -> OpenVPN -> Client

Seite1_openVPN_Client

 

2. Interfaces (assign): Select “Available network ports:” <ovpnc1> and press +

Seite2_Interface

 

Then you will see this:
Seite3_Interface_long

 

3. Firewall -> NAT -> Outbound (Press “+” at WAN 192.168.1.0/24 to add a new rule, this will copy the WAN settings)

Seite4_Firewall_NAT

 

Make this settings for the new rule:

Seite5_Firewall_NAT

That’s it. The whole router system settings are attached as a downloadable file to this post (include the OpenVPN Settings you have to modify). To upload it in the APU Router go to  “Diagnostics -> Backup/Restore”

You can test your anonymized IP here: https://www.whatismyip.com

If you want to install the “Snort IDS” package, then you have to now, that this thread will use about 10-15 minutes!

Download: <In order to finance everything that belongs to it, the downloads will be activated after a donation>

Thanks for your support!