Table of Contents

1. Introduction

This section provides information that will assist you in creating a Cloud Gateway (CGW) template based on pfSense 2.2 that will be used by Cloud OSS during IaaS services provisioning. Instructions provided herein are for implementation on VMWare.

In order to follow these instructions successfully, you will need:

• Administrative access to VMWare
• The required pfSense 2.2 ISO image. 

In this guide we will first create a Cloud Gateway Virtual Machine and then create a Template based on this Virtual Machine.  

2. Downloading the pfSense 2.2 image 

The pfSense 2.2 installation image can be downloaded by using this link.

In Computer Architecture drop-down list select AMD64 (64-bit) . Select LiveCD with installer in the Platfrom drop-down list.
A list of mirrors is displayed. Click on the closest one to your location in order to begin downloading the requested image.

Later on, the uncompressed .ISO image will have to be uploaded to a VMWare datastore. 

3. Creating a Cloud Gateway Virtual Machine

1) Open VMWare vSphere Client and login.

Fig 1. Logging in to the vSphere Client

2) Click View -> Inventory -> Datastores and Datastore Clusters.

Fig 2. Navigating to view Datastores and Datastore Clusters

3) Select a datastore.

Fig 3. Selecting a datastore

4) Click on "Browse this datastore".

Fig 4. Browsing a datastore

5) Select a folder from the list, in which you will upload the pfsense ISO image. Else, you can create a new folder should you wish so.
 

Fig 5. Selecting a folder in the datastore

6) Click on the upload icon.

Fig 6. Clicking the upload button

7) Select "Upload File".

Fig 7. Selecting to upload a file

8) Browse for the pfsense ISO image file, select the file and click on Open. Click on Yes in the appearing warning message.

Fig 8. Browsing for the pfsense ISO image

9) Wait for the file to be uploaded. When the upload process is finished, the file should appear in the folder that you have selected in step 6. Close the Datastore Browser window.

Fig 9. The pfsense ISO image has been uploaded

10) We will now create a Virtual Machine (VM) based on the uploaded ISO image. On vSphere client click View->Inventory->VMs and Templates.

Fig 10. Navigating to VMs and Templates

11) Right click on a Datacenter and select "New Virtual Machine".

Fig 11. Creating a new virtual machine

12) Select "Custom configuration" and click on Next.

Fig 12. Selecting custom configuration

13) Type in a name and select a location for the new VM. Click on Next.

Fig 13. Typing a name for the new VM

14) Select a host or cluster for the new VM. Click on Next.

Fig 14. Selecting a host or cluster

15) Select a datastore where the new VM will be stored. Click on Next.

Fig 15. Selecting a datastore

16) Select the latest Virtual Machine Version. Click on Next.

Fig 16. Selecting the virtual machine version

17) In order to choose an OS type, click on Other and select FreeBSD (64 bit) from the drop down list. Click on Next.

Fig 17. Selecting an OS type

18) Set the minimum recommended resources for running a Cloud Gateway VM (1 processor / 1core / 512 MB Memory / 5 GB hard disk).

Fig18. Selecting the number of sockets and cores per socket.                                           Fig 19. Selecting the amount of memory

19) A CGW has three network interfaces, so, select 3 and connect the virtual networks as shown below. Click on Next.

Fig 20. Defining the network interfaces

20) Leave the SCSI controller selection as is and click on Next.

Fig 21. SCSI controller selection

21) Leave the selection as is to Create a new virtual disk and click on Next.

Fig 22. Selecting to create a new virtual disk

22) Type in 5 to select 5 GB of storage and select "Thin Provision". Click on Next.

Fig 23. Selecting disk type and provisioning

23) Leave the default options as they are. Click on Next.

Fig 24. Choosing the virtual controller on which to connect the new virtual disk

24) Click "Edit the virtual machine settings before completion" and click on Continue.

Fig 25. Reviewing the settings and selecting to edit them before completion

25) A new window with all the VM settings is displayed.

Fig 26. Viewing all VM settings

26) Select "New CD/DVD".

Fig 27. Installing a new CD/DVD drive

27) Select "Datastore ISO File" and click on Browse.

Fig 28. Selecting a datastore

28) Navigate to find the ISO image that you uploaded earlier. Click on OK.

Fig 29. Navigating the datastore to find the pfsense ISO image

29) Click "Connect at power on". Click on Finish.

Fig 30. Having chosen the datastore ISO file

30) Click on "Apply Recommendations".

Fig 31. Viewing and applying recommendations for VM placement

31) Wait for the VM to be created.

32) Right click on the VM and click "Open Console".

Fig 32. Opening the VM console

33) Click on the green arrow to start the VM.

Fig 33. Starting the VM

4. Installing pfSense

34) Now we have opened VM console.

                                    Fig 34. The VM console

35) Wait until the following screen shows up during boot process and type "i" to install pfSense on the VM hard disk.

                    Fig 35. Selecting installation on the local VM hard disk

36) Select "Accept these Settings" via the keyboard arrows and press Enter.

                            Fig 36. Accepting the default console settings

37) Select "Quick/Easy Install" and press Enter.

                                  Fig 37. Selecting installation type

38) Select OK and press Enter.

                                  Fig 38. Installation approval

39) Wait until the set up process of pfSense is completed. 

                          Fig 39. Waiting for the installation to complete

40) Select "Standard Kernel" and press Enter.

                                    Fig 40. Selecting kernel type

41) Select "Return to Select Task" and press Enter.

                                 Fig 41. Returning from installation

42) Select Exit and press Enter.

                                       Fig 42. Exiting installation

43) Wait for the VM to reboot.

             Fig 43. pfSense rebooting upon installation process completion

44) Click VM->Power->Power Off to stop the VM.

                                           Fig 44. Powering off

45) Close the VM console session.

46) Right click on the VM and click on "Edit Settings".

Fig 45. Navigating to edit the VM settings

47) Select the DVD drive, uncheck "Connect at power on", select "Client Device" and click on OK.

Fig 46. Disconnecting the CD/DVD virtual drive

48) Power on the VM and connect to its console as previously. Wait for the following screen to appear:

                Fig 47. Powering up for the first time after the OS installation

49) Type 1 and press Enter to assign names to the network interfaces.

Fig 48. Assigning names to the network interfaces

50) VLAN configuration is not required at this point, therefore type "n" and press Enter. 

                                       Fig 49. Denying VLAN setup

51) Assign names to the three (3) network interfaces as follows: 

 em0 -> wan -> WAN interface
 em1 -> lan -> LAN interface
 em2 -> opt -> OPTIONAL1(OPT1) interface

• • Type em0 and press Enter.

                                          Fig 50. Assigning name to WAN interface

• • Type em1 and press Enter.
    
    
                                  Fig 51. Assigning name to LAN interface
    
    

• • Type em2 and press Enter.
    
    
                                 Fig 52. Assigning name to OPT1 interface
    
    
    
    

• • There are no more network interfaces, so, press Enter to continue.
    
    
                            Fig 53. Finished naming network interfaces
    
    

• • Type "y" and press Enter to accept interface assignments.
    
    
                     Fig 54. Saving network interface name assignments

• • Allow the VM to proceed until the screen below appears:
    
    
                           Fig 55. The pfsense basic options console menu

52) You will now need to configure IP addresses for all interfaces. On the LAN interface we should set an appropriate IP address so that you can use your workstation for accessing the Cloud Gateway via this interface for initial configuration purposes.
      At this point, you may set 'dummy' IP addresses for the WAN and OPT1 (MGMT) interfaces that are required for configuring routing and firewall rules. The actual IP address are automatically set based on the CloudWorks Service Manager configuration.

      In our example, IP addresses are assigned as follows:

      WAN: 192.168.72.2/24
      LAN: 192.168.2.210/24, gateway 192.168.2.3
      OPT1: 192.168.199.4/24, gateway 192.168.199.1

• Type "2" and press Enter.

Fig 56. pfSense basic options console menu

• • Type "1" to select the WAN interface and press Enter.

Fig 57. Choosing to configure WAN interface

• • Type "n" and press Enter when asked to configure the interface via DHCP. Type in the WAN interface IP address and press Enter.

Fig 58. Configuring an IP Address for the WAN interface

• Type in the subnet mask for WAN interface and press Enter.

Fig 59. Configuring a subnet mask for the WAN interface

• Press Enter without setting a gateway IP address for the WAN interface.

Fig 60. Skipping gateway configuration for the WAN interface

• Type "n" and press Enter in order to skip DHCP for IPv6 addresses.

Fig 61. Skipping DHCP IPv6 configuration for the WAN interface

• Press Enter to skip IPv6 address configuration.

Fig 62. Skipping IPv6 address configuration for the WAN interface

• Type "n" and press Enter.

Fig 63. Choosing not to revert webConfigurator to HTTP

• Press Enter to continue.

Fig 64. Finishing WAN interface configuration 

53) Continue with assigning an IP address and gateway for the LAN interface as done in the previous step for the WAN interface.

• Type "2" and press Enter.

• Type "2" and press Enter.

• Enter the IP address and press Enter.

• Enter the subnet mask and press Enter.

• Enter the gateway IP address and press Enter.

• Press Enter.

• Type "n" and press Enter.

• Type "n" and press Enter.

• Press Enter to continue.

54) Continue with assigning an IP address and gateway for the OPT1 interface as done in the previous step for the LAN interface.

• Type "2" and press Enter.

• Type "3" and press Enter.

• Enter the OPT1 interface IP address and press Enter.

• Enter the subnet mask and press Enter.

• Enter the gateway address and press Enter.

• Press Enter.

• Type "n" and press Enter.

• Type "n" and press Enter.

• Press Enter to continue.

55) The pfSense web interface can now be accessed with a web browser via the LAN interface's IP address (in our example 192.168.2.210) and by using the following credentials:

Username: admin

Password: pfsense

Fig 65. pfSense web login interface

Since this is the first time you login, the setup wizard is presented to you:

Fig 66. pfSense setup wizard

Click on pfSense logo to close the wizard and go to pfSense setup interface.

Fig 67. Exiting the setup wizard

56) Rename the OPT1 interface to MGMT by clicking on Interfaces -> OPT1 and changing the Description field to MGMT. Save and Apply.

Fig 68. Navigating to the OPT1 interface settings                                                                                Fig 69. Renaming the OPT1 interface

Fig 70. Saving OPT1 interface changes                                                                           Fig 71. Applying changes to OPT1 interface settings

57) Configure a gateway for the WAN interface by clicking on System -> Routing.

Fig 72. Navigating to routing settings

Click on the plus icon at the bottom right to add a gateway.

Fig 73.  Adding a gateway for the WAN interface

Fill in the appropriate fields as shown below and click on Save.

Fig 74. Configuring a gateway for the WAN interface

Click on Apply changes.

Fig 75. Applying gateway configuration changes

58) Add the required static Routes by selecting the Routes tab and by clicking on the plus icon at the bottom right.

Fig 76. Selecting to add a route

Fill in the appropriate fields as shown below, click Save and Apply.

Fig 77. Configuring an additional static route.

Click on the plus icon at the bottom right and fill in the required fields as shown below. Click Save and Apply.

Fig 78. Configuring an additional static route.

59) Configure NAT (Network Address Translation) by clicking on Firewall -> NAT and then click on Outbound.

Fig 79. Configuring NAT outbound options

Select "Manual Outbound NAT rule generation" and click on Save.

Fig 80. Selecting manual outbound rule generation

60) You will now need to add the required firewall rules on the WAN interface. Click on Firewall -> Rules and select the WAN tab.

Fig 81. WAN interface firewall rules

Click on the "plus" sign at the bottom right to add a firewall rule.

Fig 82. Adding a firewall rule for the WAN interface

Fill in the appropriate fields as shown below and click on Save.

Fig 83. Configuring the additional firewall rule on the WAN interface

Click on the "plus" sign at the bottom right to add a firewall rule.

Fig 84. Adding a firewall rule for the WAN interface

Fill in the appropriate fields as shown below and click on Save.

Fig 85. Configuring the additional firewall rule on the WAN interface                                                                                 Fig 86. Applying changes

61) You will now need to add the required firewall rules on the LAN interface. Click on Firewall -> Rules and select the LAN tab.

Fig 87. LAN interfaces firewall rules

Remove the last two rules by selecting them and clicking on the "x" sign at the bottom right. Approve removal when asked. Click on the "plus" sign icon to add a rule.

Fig 88. Removing existing LAN interface firewall rules

Fill in the appropriate fields as shown below and click on Save and Apply changes.

Fig 89. Configuring the additional firewall rule on the WAN interface                                                                                 Fig 90. Applying changes

62) You will now need to add the required firewall rules on the MGMT interface. Click on Firewall -> Rules and select the MGMT tab. Click on "plus" sign at the bottom right to add a rule.
       Fill in the appropriate fields as shown below:

Fig 93. Configuring an additional rule for the MGMT interface

Add a rule to the MGMT interface with the settings shown below. Click on Save and Apply.

User - VPN - IPsec xauth Dialin
User - VPN - L2TP Dialin
User - VPN - PPTP Dialin
WebCfg - Dashboard (all)
WebCfg - Dashboard widgets (direct access).
WebCfg - Diagnostics: System Activity
WebCfg - Diagnostics: ARP Table page
WebCfg - Diagnostics: Authentication page 
WebCfg - Diagnostics: Backup/restore page
WebCfg - Diagnostics: Configuration History page
WebCfg - Diagnostics: CPU Utilization page
WebCfg - Crash reporter|
WebCfg - Diagnostics: Factory defaults page
WebCfg - Diagnostics: Logs: DHCP page
WebCfg - Diagnostics: Logs: Firewall page
WebCfg - Diagnostics: Logs: VPN page
WebCfg - Diagnostics: Logs: Settings page
WebCfg - Diagnostics: Logs: System page
WebCfg - Diagnostics: Packet Capture page
WebCfg - Diagnostics: Patterns page
WebCfg - Diagnostics: Ping page
WebCfg - Diagnostics: Reboot System page
WebCfg - Diagnostics: Reset state page
WebCfg - Diagnostics: Restart HTTPD : System page
WebCfg - Diagnostics: Routing tables page
WebCfg - Diagnostics: Show States page
WebCfg - Diagnostics: States Summary page
WebCfg - Diagnostics: PF Table IP addresses
WebCfg - Diagnostics: Traceroute page
WebCfg - Firewall: Alias: Edit page
WebCfg - Firewall: Alias: Import page
WebCfg - Firewall: Aliases page
WebCfg - Firewall: NAT: 1:1 page
WebCfg - Firewall: NAT: 1:1: Edit page
WebCfg - Firewall: NAT: Outbound page
WebCfg - Firewall: NAT: Outbound: Edit page
WebCfg - Firewall: NAT: Port Forward page
WebCfg - Firewall: NAT: Port Forward: Edit page \
WebCfg - Firewall: Rules page
WebCfg - Firewall: Rules: Edit page
WebCfg - Firewall: Schedules page
WebCfg - Firewall: Schedules: Edit page
WebCfg - Firewall: Traffic Shaper page
WebCfg - Firewall: Traffic Shaper: Layer7 page
WebCfg - Firewall: Traffic Shaper: Limiter page
WebCfg - Firewall: Traffic Shaper: Queues page
WebCfg - Firewall: Traffic Shaper: Wizard page
WebCfg - Firewall: Virtual IP Address: Edit page
WebCfg - Firewall: Virtual IP Addresses page
WebCfg - AJAX: Get Service Providers
WebCfg - AJAX: Get Stats
WebCfg - Diag IPsec XML page
WebCfg - OpenVPN: Client page
WebCfg - OpenVPN: Client Specific Override page
WebCfg - OpenVPN: Server page
WebCfg - Required for javascript page
WebCfg - Services: Captive portal page
WebCfg - Services: Captive portal: Allowed Hostnames page
WebCfg - Services: Captive portal: Allowed IPs page
WebCfg - Services: Captive portal: Edit Allowed Hostnames page
WebCfg - Services: Captive portal: Edit Allowed IPs page
WebCfg - Services: Captive portal: Edit MAC Addresses page
WebCfg - Services: Captive portal: File Manager page
WebCfg - Services: Captive portal: Mac Addresses page
WebCfg - Services: Captive portal Voucher Rolls page
WebCfg - Services: Captive portal Vouchers page
WebCfg - Services: SNMP page
WebCfg - Status: Captive portal page
WebCfg - Status: Captive portal test Vouchers page
WebCfg - Status: Captive portal Voucher Rolls page 
WebCfg - Status: Captive portal Vouchers page 
WebCfg - Status: CARP page 
WebCfg - Status: CPU load page 
WebCfg - Status: DHCP leases page 
WebCfg - Status: Filter Reload Status page 
WebCfg - Status: Gateway Groups page 
WebCfg - Status: Gateways page 
WebCfg - Status: IPsec page 
WebCfg - Status: IPsec: SAD page 
WebCfg - Status: IPsec: SPD page 
WebCfg - Status: OpenVPN page 
WebCfg - Status: RRD Graphs settings page 
WebCfg - Status: RRD Graphs page 
WebCfg - Status: Services page 
WebCfg - Status: System logs: IPsec VPN page 
WebCfg - Status: System logs: OpenVPN page 
WebCfg - Status: System logs: Portal Auth page 
WebCfg - Status: System logs: IPsec VPN page 
WebCfg - Status: Traffic Graph page 
WebCfg - Status: Traffic shaper: Queues page 
WebCfg - Status: UPnP Status page 
WebCfg - System: Advanced: Firewall and NAT page 
WebCfg - System: Login / Logout page / Dashboard 
WebCfg - System: Static Routes page 
WebCfg - System: Static Routes: Edit route page 
WebCfg - VPN: IPsec page 
WebCfg - VPN: IPsec: Edit Pre-Shared Keys 
WebCfg - VPN: IPsec: Edit Phase 1 page 
WebCfg - VPN: IPsec: Edit Phase 2 page
WebCfg - VPN: IPsec: Pre-Shared Keys List 
WebCfg - VPN: IPsec: Mobile page 
WebCfg - VPN: VPN L2TP page
WebCfg - VPN: VPN L2TP : Users page 
WebCfg - VPN: VPN L2TP : Users : Edit page 
WebCfg - VPN: VPN PPTP page 
WebCfg - VPN: VPN PPTP: User: Edit page 
WebCfg - VPN: VPN PPTP: Users page 
WebCfg - XMLRPC Interface Stats page 
WebCfg - XMLRPC Library page 
WebCfg - Services: DNS Forwarder page 
WebCfg - Services: DNS Forwarder: Edit Domain Override page 
WebCfg - Services: DNS Forwarder: Edit host page 
WebCfg - Services: Igmpproxy page 
WebCfg - System: Advanced: Admin Access Page 
WebCfg - System: Advanced: Miscellaneous page 
WebCfg - System: Advanced: Network page 
WebCfg - System: Advanced: Notifications page 
WebCfg - System: Advanced: Tunables page 
WebCfg - System: Authentication Servers 
WebCfg - System: CA Manager 
WebCfg - System: Certificate Manager
WebCfg - System: CRL Manager 
WebCfg - System: Gateway Groups page
WebCfg - System: Gateways page 
WebCfg - System: Gateways: Edit Gateway page 
WebCfg - System: Gateways: Edit Gateway Groups page 
User - System - Shell account access 
WebCfg - Services: DHCP Relay page
WebCfg - Services: DHCP server page 
WebCfg - Services: DHCP Server : Edit static mapping page 
WebCfg - Services: Dynamic DNS client page 
WebCfg - Services: Dynamic DNS clients page 
WebCfg - Status: Interfaces page 
WebCfg - Help pages 
WebCfg - OpenVPN: Client Export Utility
WebCfg - System: User Manager page 
WebCfg - System: User Manager: Add Privileges page 
WebCfg - System: User Password Manager page 
WebCfg - System: User Manager: settings page 
WebCfg - System: User Manager: Settings: Test LDAP page

64) You will now need to add users to user groups. Go to System -> User manager and click on the "plus" sign at the bottom right to add a new user.

Fig 99. Adding a new user

65) Go to System -> Advanced and Enable Secure Shell. Then click on Disable HTTP_REFERER enforcement check. Click on Save.

66)  You now need to edit pfSense file /usr/local/www/fbegin.inc so that the following lines are added after line 262:

// 1. REMOVE UNNECESSARY MENU ITEMS CODE

function removeNotAllowedItems (&$menuArray,$menuAllowedItems) 
{global $_SESSION;
if (!is_array($menuArray))
$menuArray = array();
foreach ($menuArray as $itemIndex => $item) {
$itemBaseName = basename($item[1]);
//Remove unnecesary Items from menu
if (!cmp_page_matches($itemBaseName,$_SESSION['page-match']))
unset($menuArray[$itemIndex]);
}
}

// 2. RUN REMOVE UNNECESSARY MENU ITEMS CODE IN MENUS SPECIFIED BELLOW

removeNotAllowedItems($system_menu, $menuAllowedItems);
removeNotAllowedItems($interfaces_menu, $menuAllowedItems);
removeNotAllowedItems($firewall_menu, $menuAllowedItems);
removeNotAllowedItems($services_menu, $menuAllowedItems);
removeNotAllowedItems($vpn_menu, $menuAllowedItems);
removeNotAllowedItems($status_menu, $menuAllowedItems);
removeNotAllowedItems($diagnostics_menu, $menuAllowedItems);

Fig 106. Pasting the code inside fbegin.inc

require_once("config.inc");
require("auth.inc");
require_once("functions.inc");
global $g, $config, $argv, $userindex;
$userindex = index_users();
$args = array_slice($argv, 3);
$password = "";
$confpassword = "";
$username = "";
$ForceEnable = "y";
$ClearExpiration = "y";
$fp = fopen('php://stdin', 'r');
// If the first parameter is empty, ask for username
if (empty($args[0])) {
echo gettext("Enter username: ");
$username = fgets($fp);
} else {
$username = $args[0];
}
$username = trim($username);
// If the user does not exist, bail
$user =& getUserEntry($username);
if ($user == NULL) {
printf(gettext("User '%s' does not exist.\n"), $username);
exit(-1);
} else {
printf(gettext("Changing password for '%s'.\n"), $username);
}
// If the user does exist, get password from command line (if provided as argument, else prompt for password)
if (empty($args[1])) {
$password = "";
} else {
$password = $args[1];
}
$password = trim($password);
$confpassword = $password;
while (empty($password)) {
echo gettext("New Password") . ": ";
exec('/bin/stty -echo');
$password = trim(fgets($fp));
exec('/bin/stty echo');
echo "\n";
}
// Confirm password
while (empty($confpassword)) {
echo gettext("Confirm New Password") . ": ";
exec('/bin/stty -echo');
$confpassword = trim(fgets($fp));
exec('/bin/stty echo');
echo "\n";
}
// Check if user is disabled
if (is_account_disabled($username)) {
if (strcasecmp($ForceEnable, "n") == 0) {
echo gettext("Acount is disabled, would you like to re-enable? [y|n]") . ": ";
if (strcasecmp(chop(fgets($fp)), "y") == 0) {
unset($user['disabled']);
}
} else {
unset($user['disabled']);
}
}
// Check if user is expired
if (is_account_expired($username)) {
if (strcasecmp($ClearExpiration, "n") == 0) {
echo gettext("Acount is expired, would you like to clear the expiration date? [y|n]") . ": ";
if (strcasecmp(chop(fgets($fp)), "y") == 0) {
unset($user['expires']);
}
} else {
unset($user['expires']);
}
}
fclose($fp);
// Compare password and confirm
if ($password == $confpassword) {
//Reset password
local_user_set_password($user, $password);
local_user_set($user);
write_config(sprintf(gettext("password changed for user '%s' from console."), $username));
exit(0);
} else {
echo gettext("New and Confirm passwords did not match.") . "\n";
exit(-1);
}

Go to folder /etc/phpshellsessions by using WinSCP.

Fig 107. Accessing /etc/phpshellsessions folder

Right click on windows and select New -> File.

Fig 108. Creating a new file

Type in ChangePassword for file name (case sensitive) and click on OK.

Fig 109. Setting file name

Copy the lines of code in file editor window and save file.

5. Installing and Configuring VMWare Tools on pfSense 2.2 (64-bit)

68)  To install the required packages for VMware Tools, run:                        

                              "pkg bootstrap"
                              "pkg install perl5"
                              "pkg install compat6x-amd64"

69) To update shared libraries, just run:                   

                              "/etc/rc.d/ldconfig start"

70) Create a symlink for the perl executable, because the VMware Tools install script expects it in /usr/bin:

                              "ln -s /usr/local/bin/perl /usr/bin/perl"

71) Attach the VMware Tools ISO to the VM's CD drive by choosing "Install/Upgrade VMware Tools" in the VM/guest menu of the vSphere Client.  Then, in the VM run these commands:

                              "mkdir -p /mnt/cdrom"
                              "mount_cd9660 /dev/cd0 /mnt/cdrom"
                              "cd /tmp"
                              "tar xvzf /mnt/cdrom/vmware-freebsd-tools.tar.gz"
                              "cd vmware-tools-distrib"
                              "./vmware-install.pl -d --clobber-kernel-modules=vmxnet3,pvscsi,vmmemctl"

72) Reboot the VM.

73) Disable VMware Tools script actions by executing the following commands:

                             "ln -s /usr/local/lib/vmware-tools/lib64-63/libpcre.so.0/libpcre.so.0 /usr/local/lib/"
                             "ln -s /usr/local/lib/vmware-tools/lib64-63/libintl.so.8/libintl.so.8 /usr/local/lib/"
                             "ln -s /usr/local/lib/vmware-tools/lib64-63/libiconv.so.3/libiconv.so.3 /usr/local/lib/"

                             "/etc/rc.d/ldconfig start"

                             "vmware-toolbox-cmd script power disable"
                             "vmware-toolbox-cmd script resume disable"
                             "vmware-toolbox-cmd script suspend disable"
                             "vmware-toolbox-cmd script shutdown disable"

74) Restart boot script:

                              "/usr/local/etc/rc.d/vmware-guestd.sh restart"

75) Check that all modules are correctly loaded by running:

                              "kldstat" 

       You should see a listing of the modules (one line per module):

                               kernel
                               vmxnet3.ko
                               vmmemctl.ko

6. Creating a VM Template based on the Cloud Gateway Virtual Machine

76) You will now need to disable the LAN and WAN interfaces prior to creating a VM Template based on the CGW VM. Gain console access to Cloud Gateway (CGW) via the vSphere console.

Fig 110. Connecting to CGW console

In order to disable the WAN and LAN interfaces, type "2" and press Enter.

Configure the WAN interface by typing "1" and press Enter.

Type "n" at IPv4 DHCP configuration and press Enter.

Press Enter at WAN IPv4 address for no IP address.

Type "n" at IPv6 DHCP configuration and press Enter.

Press Enter at WAN IPv6 address for no IP address.

Type "n" at HTTP for webConfigurator and press Enter.

Press Enter to continue.

The WAN interface is now disabled. To continue with disabling the LAN interface, type "2" and press Enter.

Type "2" to configure the LAN interface and press Enter. Disable the LAN interface following the same steps provided in this paragraph for the WAN interface.

77) After disabling the LAN and WAN interface, type "6" in basic menu and press Enter, then press "y" in order to shut down the Cloud Gateway. Wait for the VM to shut down.

Fig 111. Shutting down pfsense

78) Return to the vSphere client, find the new VM, right click on it, and go to Template->Clone to Template to create the new template.

Fig 112. Navigating to clone the template

79) Type in a name for the new template

Fig 113. Naming the template

80) Select a location to save the template and click on Next.

Fig 114. Selecting a location to save the template

81) Select a cluster in which you will store this template and click on Next.

Fig 115. Selecting a cluster to store the template

82) Select "Thin Provision" as a virtual disk format.

Fig 116. Selecting a virtual disk format

83) Select a datastore for the template.

Fig 117. Selecting a datastore for the template

84) Click on Next.

Fig 118. Viewing all the previous selections

85) Click on Finish.

Fig 119. Finishing the template creation wizard

86) Wait until the creation Tasks are completed.

Fig 120. Viewing the progress of the tasks that lead to the template creation

87) The new template should now exist in the folder where we created it.

Fig 121. Viewing the new template in its folder

88) Congratulations! Your Cloud Gateway (CGW) template has been created.  You may proceed with creating the Guest OS Templates for your Cloud Servers.