6 pfSense Configurations To Do After Install

So, you’ve read through all the good reasons to use pfSense as your router and decided to give it a go. You first went through the task of selecting the hardware for your pfSense build and finished up installation. Now what? Now you should consider making a few quick pfSense configurations to improve your home network security and capabilities. Here are 6 pfSense configurations you should consider.

Configure Your DHCP Server

DHCP makes your network much easier to administer, especially if you have a lot of devices on your network. If you have a lot of machines on your network. What’s even more useful is setting up static DHCP leases. Static DHCP leases allow the computers on your network to always receive the same IP address when they connect (based on their MAC address). If you have devices on your network that are easier to use if they keep a constant IP and have a hostname associated with that IP then static DHCP leases are for you.

You could set up static IP addresses in each device (although, some devices don’t have any way of doing this), but that usually takes more time. It’s also easier to have a central location for all of your static leases and DNS hostnames.

You can learn more about setting up DHCP pfSense configurations here.

Lock down access to your pfSense configurations

One of the main reasons I chose pfSense was for its security features. But I also need to control what machines on my network can access the pfSense interface in order to keep my configuration secure. Using firewall rules and aliases you can easily control which computers on your network can access the pfSense interface. I would limit it to just a device or two that you normally use to access pfSense.

See also  7 Reasons pfSense Is Better Than Your Router Software

Block known bad actors with pfBlocker

pfBlockerNG is a very powerful pfSense tool that can block advertisements, malicious content, and geography-based blocking to your home network. It’s a great tool that I use to block known actors for interfering on my network. Here are some good instructions for configuring it.

While you are working on securing your home network with your router, you should also read our article about configuring your pfSense firewall.

Install OpenVPN for secure remote access

openvpn

OpenVPN is an Open Source VPN client and server supported by many platforms, including pfSense. Although it can be used for site-to-site secure communication, a great way for home users to use it is for secure remote access to their home networks. Want to access a web server, printer, or video camera away from your home network? VPN is great for that. In many cases, it can more securely replace your port forwarding needs. Fortunately, OpenVPN is pretty easy to configure using pfSense.

Configure QOS (traffic shaper) for prioritized network speed

Wouldn’t it be great if you had a gigabit fiber connection to the Internet that you never got close to maxing out? This isn’t a possibility for many people. They end up competing with video games, torrents, and videoconferencing when all they want to do is stream a movie on Netflix. Next thing you know… buffering. Don’t let the wrong things hog your traffic. QOS (Quality of Service) is a feature in many routers that allows you to prioritize network traffic. In pfSense, this feature is called the traffic shaper. It can allow you to prioritize your video streaming over services like torrenting and your kid’s games so you can have the best experience.

See also  2022 HomeTechHacker Year In Review

Set up an automatic backup of your pfSense configurations

I’ve got so many pfSense configurations that I would be in a world of hurt if I had to rebuild all of it from scratch. This is why configuration backups are essential (and you should always do them before you upgrade pfSense). pfSense allows you to use the web interface to make a backup whenever you want, but backups work better when they are automated. With pfSense, you have a few backup automation choices:

  • Use the AutoConfigBackup Service – This is a built-in feature of pfSense that lets you schedule and store backups on a regular basis.
  • Use wget or curl – This method is a little more “hacky” but allows you more control over where your backups are stored.
  • Write your own script using an ssh key. You can set up access to your pfSense server via an ssh key. Then a remote machine can use scp or the like to copy the config file to your preferred location at whatever interval you like. The config file is located at /cf/conf/config.xml. This is the method I primarily use. I also regularly copy over a couple of other files in the same script for good measure.

Final thoughts

I hope these have given you some good ideas of some pfSense configurations you should consider. Honestly, even if you are running other router software you should consider these configurations. The beauty of pfSense is that these are all pretty easy and standard features to implement.

What configurations did you do or recommend after installation? Let me know in the comments or on Twitter.

See also  9-Step Tech Checklist for Moving Into a New Home
Interested in supporting HomeTechHacker?

Have you found the content on this site useful? If so, are you interested in supporting me and this site? There’s no obligation of course, but I would really appreciate any support you can give. Below are a few ways you can show support:


Thank you! I really appreciate it!
Share this:

6 pfSense Configurations To Do After Install

by HomeTechHacker time to read: 3 min