No description
Find a file
2025-03-27 13:56:54 +01:00
.gitignore Updated to STACKIT provider 2025-03-27 09:36:50 +01:00
00-provider.tf Updated to STACKIT provider 2025-03-27 09:36:50 +01:00
01-config.tf Updated to STACKIT provider 2025-03-27 09:36:50 +01:00
02-pfsense-image.tf Updated to STACKIT provider 2025-03-27 09:36:50 +01:00
03-pfsense-network.tf Changed Network 2025-03-27 13:56:54 +01:00
04-pfsense-appliance.tf Updated to STACKIT provider 2025-03-27 09:36:50 +01:00
deployment.d2 init 2023-08-29 14:34:54 +02:00
deployment.svg init 2023-08-29 14:34:54 +02:00
LICENSE Initial commit 2023-08-29 14:30:11 +02:00
pfsense.qcow2 Create pfsense.qcow2 2025-03-27 09:41:06 +01:00
README.md Update README.md 2025-03-27 09:45:18 +01:00

STACKIT pfSense Deployment

Terraform script to deploy an pfSense firewall into STACKIT Cloud.

Deployment overview:

The Terraform deployment consists of:

  • WAN Network
  • WAN Router with external RouterIP
  • LAN Network
  • LAN Router with static default gateway router to the pfSense firewall
  • pfSense firewall VM + disk volume
  • FloatingIP for firewall VM
  • deactivating port security on firewall ports

Setup

Requirements:

  • Terraform installed
  • Access to a STACKIT project
  • STACKIT Service-Account-Token

Installation

  1. Clone Repo
  2. Setup enviroment (.env) variables
  3. Run Terraform terraform apply

Default Configuration

Interfaces

  1. vtnet0 WAN
  2. vtnet1 LAN

NAT

Masqurade (Outbound NAT) Traffic from LAN to WAN

DNS

Disable build in unbound DNS resolver and forward all DNS queries to public DNS Servers OpenDNS & Quad9

Dashboard

Customized Widgets and CSS settings

Password

Set default password for admin to STACKIT123!

Interface Access

Disabled Referer-Check Enable allow all wan adresses to connect to the WebUI

Now you can enter the WebUI via the FloatingIP on port 443 the default login is admin:STACKIT123!