pfsense

pfSense 2.x runs on FreeBSD 8, instead of the previous 7. I wanted to get istatd working on my router, so I fetch'd libxml2 from here and the istatd binary (version 0.5.7) compiled against FreeBSD 7 from my previous blog post, here. For this to work, you'll also need the iOS app. When running istatd, it complained about some libraries. I simply created symlinks from the old library to the new one and everything worked fine, see below.

ln -s /lib/libz.so.5 /lib/libz.so.4
ln -s /lib/libkvm.so.5 /lib/libkvm.so.4

You can get a template for the configuration file here and put it in a nice place, like /etc/istat.conf 

Create your user, group and socket file and you're good to go:

pw user add -n istat
pw useradd istat -G istat
touch /tmp/istatd.sock

Then, you can run the istatd daemon with just

istatd -d -c /etc/istat.conf

 Now, you'll be able to monitor your pfSense box with iStat!

One of my most favourite apps for my iPhone is iStat. It lets me monitor all my *nix servers in a beautiful interface. For my Linux clients, all I had to do was download the client, extract and compile. And since my router is running pfSense (FreeBSD 7.2) I thought I might as well get iStat on there.

Apparently, the developers edition of pfSense has all the goodies to compile stuff. Without even thinking of cross compiling, I quickly set up a VM of FreeBSD 7.1 (I know little to nothing of FreeBSD so I opted to get something near 7.2) and started to compile it. I had to get libxml2 first though and for FreeBSD 7. Anyway, logged into pfSense via SSH, fetch'd libxml2 and installed it. Now, since my router had nothing to compile packages with, I built iStat in the FreeBSD virtual machine and transfered the resulting mess to pfSense via SFTP. Now, since I couldn't have run make install in pfSense, I had to create /usr/local/etc/istat.conf and filled it in with the configuration file from another Linux client. I also edited the configuration file to fit the network interface (xl0 instead of eth0).

Looking back, I probably could have done things a little different. Either way, I got the job done. Now I'm happy that I can monitor my entire network with one app. I recommend for those that are in need of a functional server monitor to check out iStat for the iPhone. Be warned that iStat only supports one interface so far.

 One of the servers that are at my disposal has a very low CPU usage percentage (if that makes sense). On my way to set up a PPTP VPN server on the box, I realized my router running pfSense could do it out of the box. In this short tutorial, I'll show you how to get a PPTP VPN working so that you can connect to it anywhere.

Head under VPN -> PPTP

Next, click on the Enable PPTP server radio button. For the Server address put in your WAN (public) IP. For the Remote address range, put in a local IP of which the range will start at. Near the end of the page, check Require 128-bit encryption.

I recently swapped out my router (a PIII) running Smoothwall with pfSense. I'll say that I'm glad I switched. Anyway, what I found is that Smoothwall wouldn't let me add another LAN interface, making it a real router.

So, once you get pfSense installed, go to Interfaces->(assign)