How to install pfSense in DigitalOcean

Inspired by this post, I’m basically re-creating it with copy/paste commands instead of images of the commands and updating the partitioning portion as I found some steps the original author took are no longer required.

Create your droplet

  1. Login to your DigitalOcean Dashboard and create a new droplet
  2. Select ‘FreeBSD 11.1 x64’ as your droplet image
  3. Select the data center region of your choice
  4. Check mark ‘Private Networking’ and ‘IPv6’ if you want it
  5. Add your SSH key
  6. Enter a hostname
  7. Click ‘Create’

Once the droplet has been created boot it up, grab the public IP and SSH into it as root.

Note: If you don’t SSH in as root put “sudo” in front of all of the commands after step 7

  1. Go to https://www.pfsense.org/download/
  2. Select ‘AMD64 (64-bit)’ as the architecture
  3. Select ‘USB Memstick Installer’ as the installer
  4. Select ‘VGA’ for the console
  5. Pick which ever mirror you want
  6. Right click the ‘Download’ button and choose ‘Copy Link Location’
  7. On your SSH connection to your droplet run the following command:
    cd /tmp
    curl -O <URL FROM STEP 6>
    
    # Example
    curl -O https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-memstick-2.4.4-RELEASE-p1-amd64.img.gz
  8. Disable SWAP
    swapoff -a
  9. Enable debug mode for GEOM, more info on why here
    sysctl kern.geom.debugflags=0x10
  10. Write the ISO of pfSense to /dev/vtbd0
    gunzip <PFSENSE DOWNLOAD> | dd of=/dev/vtbd0 bs=512k
    
    # Example:
    gunzip -c pfSense-CE-memstick-2.4.4-RELEASE-p1-amd64.img.gz | dd of=/dev/vtbd0 bs=512k

     

  11. You can now reboot the droplet and the the pfSense installer will start
    reboot

Go back to the DigitalOcean interface, select your droplet and open the console window

  1. Once the installer starts hit <ENTER> to accept the copy right notice
  2. Choose ‘Install’
  3. Choose ‘>>> Continue with default keymap’
  4. Choose ‘Manual’
  5. Delete everything listed EXCEPT for vtbd0, vtbd0s2 and vtbd0s2a
  6. Highlight vtbd0 and press ‘C’ and choose ‘OK’
  7. Select vtbd0s1 and press ‘C’
  8. Change the mount point to “/” and choose ‘OK’
  9. Choose ‘Finish’
  10. Choose ‘Commit’
  11. The installation will now progress, once complete choose ‘No’ and ‘Reboot’

Once the droplet reboots you’ll be at the initial configuration wizard for setting up pfSense. Since this is deployment specific I will leave it to you to configure.

19 thoughts on “How to install pfSense in DigitalOcean”

  1. Thanks for sharing this small and to the point setup. You have really done it the easy way. However, I don’t have the normal server of DO but instead I own the managed DigitalOcean web hosting server which is powered by Cloudways. So, can I pursue the installation of pfsense with the managed DO server. You can check the features of the managed DO server by clicking on the below mentioned link: cloudways.com/en/digital-ocean-cloud-hosting.php

    Reply
  2. …can’t get this working.  I get this message on the very last step: “No root partition was found. The root pfSense partition must have a mount point of ‘/’.”

    note: FreeBSD 11.1 is no longer available. I’m using 11.2.

     

     

    Reply
        • Thanks for putting this documentation together. I’ve had to do it a couple of times now and I can get through it in less than 10 min.

          In case you want to update the article, swapoff /dev/gpt/swap does not work. You have to do swapoff /dev/gpt/swap0 or swapoff -a

          Hope this helps.

          Thanks again,

          Reply
  3. I have gotten this to install pfSense successfully, but on boot my digital ocean pfSense box won’t detect network settings for the interface. It continuosly gets stuck in Configuring WAN interface….and then shows either “interface down” or it’s not drawing DHCP on the WAN interface.

    Could this have something to do that the earliest version of FreeBSD I can select is v11.3? I have options for 11.3 or 12.0 in UFS or ZFS but no 11.1.

    Thank you

    Reply
    • I honestly do not know. I’m no longer using my pfSense Droplet so I can’t test if these steps still work on 11.3.

      You might try the pfSense Forums or IRC.

      Reply
      • Try configuring the server with a static ip instead of dhcp.

        You can find the settings on the networking option tab in the control panel.

        i configured it with a static ip and it is working for me.

        Reply
  4. I did not have success running these exact steps using FreeBSD 11.3 ZFS. When I ran gunzip, it didn’t write anything to the disk (indicated by 0 bytes written). Instead, what I needed to was write the .img file using dd (like dd if=pfSense.img of=/dev/vtbd0 bs=1m).

    Reply
    • It’s been a while since I wrote this and I don’t use pfsense anymore.

      Verify that the disk is still ‘/dev/vtdb0’ and hasn’t changed to something else with the newer version of FreeBSD and ZFS. You should be able to list the disks attached to the VM with ‘fdisk -l’

      Reply
  5. Hi All, just adding that step 8 required me to add “sudo” infront.

    $ sudo swapoff -a
    swapoff: removing /dev/gpt/swap as swap device

    As without the sudo the droplet just doesn’t want to do it.

    Reply
  6. Digitalocean removed FreeBSD support from the droplet creation process.

    Anyone tried to create a pfsense droplet with an uploaded custom image?

    Reply
  7. Salut , j’espère que vous allez bien ?
    Quand j’essaye d’installer sur la partion j’ai l’erreur (error mounting partition /mnt: mount: /dev/ada0s2a: operation not permited ) quelqu’un pourra t’il m’aider svp??

    Reply
    • Désolé, je ne parle pas français, j’utilise donc Google Translate. La meilleure hypothèse est que ce volume n’existe pas ? Je n’utilise plus PFSense dans DigitalOcean, désolé.

      Reply

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.