pfsense vs opnsense

Trying out different firewall specific builds. One small gotcha. If you are trying pfsense, then you download the memstick version if you want to make a usb stick and you need to use dd to create a 16k sector size system

 


gzcat pfsense-memstick.img | dd of=/dev/rdisk2 bs=16k

But if you are using VMWare Fusion to test it, then you need the CD image because the way that VMWare works, it emulates a CD. If you try to use the memstick version it complains about no operating system.

Note that what happens is that the LiveCD version then runs and it looks like all is well, but you won’t be able to install packages (since the CD is read only!). So it looks fine, but it is not, you have to select option ’99’ and do a “hard disk” install. Don’t take the default which is “multi user” as that is misleading.

Notes about using VMWare Fusion 7 networking

This is actually pretty mysterious, but here is what is happening on the Mac side:

vmnet8 is the fake adapter on the Mac side. It is what connects to the NAT on the Fusion side. It is called Share via Mac as it’s friendly graphical interface name. If you want to configure out it works, then http://willwarren.com/2015/04/02/set-static-ip-address-in-vmware-fusion-7/ explains there is a magic file in /Library/VMWare Fusion/vmnet8 where you can edit the dhcpd.conf file to work for you. You can change the ip addresses handed out and so forth.

vmnet0 is the bridged adapter on the Mac side. This make it look like a VM is another physical device on the WAN.

vmnet1 is the host only adapter on the Mac side. This means it is a private network that only the Mac and other VMs can see. It is not connected to the WAN side of the Mac.

You can with VMWare Fusion 7 have the same features as the Windows version (VMWare Workstation) and now you can create a custom network by running VMWare Fusion and choosing Preferences/networking and clicking on the + to add a network. You can uncheck supply DHCP and so you can have your VM supply addresses. Very nice for network testing. These start as vmnet{5,6,…} and there is a bug where when you select, it shows a greyed out ip address and subnet mask so it appears that the Mac still gets an ip address from vmware even though it should be served by a virtual machine.