Update: iStat on pfSense

 

pfSense 2.x runs on FreeBSD 8, instead of the previous 7. I wanted to get istatd working on my router, so I fetch'd libxml2 from here and the istatd binary (version 0.5.7) compiled against FreeBSD 7 from my previous blog post, here. For this to work, you'll also need the iOS app. When running istatd, it complained about some libraries. I simply created symlinks from the old library to the new one and everything worked fine, see below.

ln -s /lib/libz.so.5 /lib/libz.so.4
ln -s /lib/libkvm.so.5 /lib/libkvm.so.4

You can get a template for the configuration file here and put it in a nice place, like /etc/istat.conf 

Create your user, group and socket file and you're good to go:

pw user add -n istat
pw useradd istat -G istat
touch /tmp/istatd.sock

Then, you can run the istatd daemon with just

istatd -d -c /etc/istat.conf

 Now, you'll be able to monitor your pfSense box with iStat!

 

 

 

 

 

iStat on pfSense and server monitoring

One of my most favourite apps for my iPhone is iStat. It lets me monitor all my *nix servers in a beautiful interface. For my Linux clients, all I had to do was download the client, extract and compile. And since my router is running pfSense (FreeBSD 7.2) I thought I might as well get iStat on there.

 

Apparently, the developers edition of pfSense has all the goodies to compile stuff. Without even thinking of cross compiling, I quickly set up a VM of FreeBSD 7.1 (I know little to nothing of FreeBSD so I opted to get something near 7.2) and started to compile it. I had to get libxml2 first though and for FreeBSD 7. Anyway, logged into pfSense via SSH, fetch'd libxml2 and installed it. Now, since my router had nothing to compile packages with, I built iStat in the FreeBSD virtual machine and transfered the resulting mess to pfSense via SFTP. Now, since I couldn't have run make install in pfSense, I had to create /usr/local/etc/istat.conf and filled it in with the configuration file from another Linux client. I also edited the configuration file to fit the network interface (xl0 instead of eth0).

Looking back, I probably could have done things a little different. Either way, I got the job done. Now I'm happy that I can monitor my entire network with one app. I recommend for those that are in need of a functional server monitor to check out iStat for the iPhone. Be warned that iStat only supports one interface so far.

 

Since I have one Windows server I like to monitor that too. And for that, I have WinAdmin for remote RDP (great app) and Weave, which is almost a Windows version of iStat (but not). Awesome monitoring gauges in there. And, since it uses push notifications, it can alert me when the CPU usage is above 92% for example.

Another great agent-less monitoring app is Net Status. It simply pings the most comment ports on your IP of choice.

Also, see the attachment for the agent compiled on FreeBSD (i386). I can't guarantee that this will work for you.

 

PPTP server on pfSense

 One of the servers that are at my disposal has a very low CPU usage percentage (if that makes sense). On my way to set up a PPTP VPN server on the box, I realized my router running pfSense could do it out of the box. In this short tutorial, I'll show you how to get a PPTP VPN working so that you can connect to it anywhere.

Head under VPN -> PPTP

Next, click on the Enable PPTP server radio button. For the Server address put in your WAN (public) IP. For the Remote address range, put in a local IP of which the range will start at. Near the end of the page, check Require 128-bit encryption.

Click save and click on the Users tab. Add a user, in this example, test and a password. You can enter an IP of which the user will be assigned but it's not neccesary.

And that's it! You now have a working PPTP server.

Now, I tried to connect with my iPhone 3G over Wifi. Worked fine. Over 3G? Nope. Did some Googling, it seems like you have to pay an additional $10 for a VPN option (I'm on Rogers) since Rogers gives you a LAN IP (such as 10.x.x.x) and firewalls the GRE protocol (of which is needed for a PPTP VPN to work).

It looks like the only way to get around this is to buy the $10 package, browse over to unlockit.co.nz on your iPhone, change your APN settings and voila.

 

Any comments are appreciated :)

 

Adding another LAN NIC in pfSense

 

I recently swapped out my router (a PIII) running Smoothwall with pfSense. I'll say that I'm glad I switched. Anyway, what I found is that Smoothwall wouldn't let me add another LAN interface, making it a real router.

So, once you get pfSense installed, go to Interfaces->(assign) 

Assuming you already configured both your LAN and WAN interfaces, it should be clear which interface to choose for the extra port.

Then go Interfaces-><interface name> in my case, OPT1. Enable the interface, change the Type to Static (static worked for me), change Bridge with to LAN and Gateway to your gateway address (ie, 192.168.0.1)

Apparently, I can't read and didn't read the small print at the bottom. I forgot to add the proper firewall rules to make it work. Go to Firewall->Rules, click on the new interface tab and configure appropriately. To make it exactly the same as your LAN, change the source to <interface name> Subnet.

This is a somewhat short tutorial. If you're using pfSense, you're probably already know what you're doing. Now I can eliminate the switch I was using and go directly to the router.