Setup Steps for Single NIC Hetzner Root Server, ESXi, and pfSense.

Last Updated on October 5, 2020

  1. Order a Hetzner Dedicated Root Server with no operating system, called a “Rescue Server”.
    1. Purchase an add-on IP address for the server and request a separate MAC address for it.
    2. Request a LARA Console session from Hetzner with a VMWare ESXi installer USB inserted in the server. (Transferring iso over the web takes longer than LARA console is provided.)
    3. Once LARA Console is started and you are connected, set up RAID on your hard drives if you are going to use it.
  2. Install ESXi to Hetzner root server, in ESXi Developer Tools enable SFTP or SSH.
    1. Transfer your pfSense installation image and other guest operating system images to the server datastore via SFTP or SSH.
    2. Login to the ESXi host control panel using the vSphere Client or Web UI.
    3. On the Configuration tab of the ESXi host, go into the Networking settings.
    4. Create a new Standard Switch, name it “vSwitch1” by default with it’s network named “VM Network 2”.
      (So now you should have a vSwitch0 on VM Network and vSwitch1 on VM Network 2.)
  3. Create a virtual machine named “Router” on the ESXi host with 2 NICS, 1 Core, 1GB RAM, 8GB HDD, OS set to “Other”, and choose FreeBSD OS.
    1. Assign one of the Router virtual machine NICs to “VM Network” and the other to “VM Network 2”.
    2. Assign a CD/DVD Drive to the Router virtual machine and point it to the pfSense image transfered to the datastore.
    3. Power on the Router Virtual Machine and install pfSense with all the default settings.
      (You will end up with one NIC acting as WAN using your Hetzner main IP and one NIC acting as LAN with no IP.)
  4. Create another virtual machine on the ESXi host with your desired main operating system and NIC on VM Network 2.
    1. Install your operating system to the “Main VM” and start it, you should have local network access but no internet access.
    2. Open the Main VM’s web browser and go to the pfSense UI url, which is http://192.168.1.1 by default.
    3. Login to pfSense with the default credential “admin” and “pfSense”, start the pfSense setup wizard/walkthrough.
    4. When setting up WAN Interface, choose the option to Spoof MAC Address and enter the MAC from the Add-on IP bought from Hetzner.
      1. (Do NOT manually set Static IP, use MAC Address Spoofing and ONLY enter the MAC Address… learn from my mistakes.)
  5. Restart the Router VM – the Main VM should now have a local IP, an external IP, and internet access!

That’s it! The process really is simple, the main bulk of time spent will be waiting on OS iso’s to transfer to the ESXi datastore plus a bit of time for the actual OS installations.

Please comment below with any questions, suggestions, or anything else!

EDIT 04-28-18: This is one of the most popular articles on the site. It sits at the top of Google Search and has daily visits, which is rather surprising to me since this was more of a note to myself than a guide for others! However, since there is nobody in the comments calling me stupid, complaining, or asking for advice, then I assume it’s a good guide? ?