[

KINGWERX

]
← PFSENSE PROJECTS

INSTALLATION GUIDE

pfUI Dashboard Setup Instructions

OVERVIEW INSTALLATION LIVE DEMO

// DOWNLOAD PACKAGE

DOWNLOAD INSTALLPFDASH.ZIP
WINDOWS
LINUX / MAC
1
ENABLE SSH ON PFSENSE

Enable SSH access on your pfSense firewall if not already enabled:

# In pfSense Web UI:
System → Advanced → Admin Access → Secure Shell

# Check "Enable Secure Shell"
# Save and Apply
2
EXTRACT THE INSTALLER

Extract the downloaded installpfdash.zip to a folder on your computer.

3
RUN THE DEPLOYMENT SCRIPT

Open PowerShell, navigate to the extracted folder, and run the deployment script:

cd C:\path\to\installpfdash
.\deploy.ps1

The script will prompt you for:

  • pfSense IP address
  • SSH port (default: 22)
  • Username (default: root)
  • Password

It will then automatically upload all files and run the installer on pfSense.

Tip: If PowerShell blocks the script, run: powershell -ExecutionPolicy Bypass -File deploy.ps1

Note: The script works with Windows built-in OpenSSH (Windows 10/11). If you have PuTTY installed, it will use plink/pscp for a smoother experience (enter password once). Without PuTTY, you may need to enter your password multiple times.

4
ACCESS THE DASHBOARD

Open your browser and navigate to the dashboard:

http://YOUR_PFSENSE_IP:5000

Default Login:

  • Username: admin
  • Password: admin

Important: Change your password immediately in Settings!

1
ENABLE SSH ON PFSENSE

Enable SSH access on your pfSense firewall if not already enabled:

# In pfSense Web UI:
System → Advanced → Admin Access → Secure Shell

# Check "Enable Secure Shell"
# Save and Apply
2
UPLOAD FILES TO PFSENSE

Extract the zip and upload the installer folder to pfSense:

# Extract the zip
unzip installpfdash.zip

# Upload the entire folder to pfSense (use -P for custom SSH port)
scp -P 22 -r installpfdash root@YOUR_PFSENSE_IP:/tmp/
3
RUN THE INSTALLER

SSH into pfSense and run the install script:

# Use -p for custom SSH port
ssh -p 22 root@YOUR_PFSENSE_IP
cd /tmp/installpfdash
sh install.sh

The installer will automatically install Python, dependencies, and configure the service.

4
ACCESS THE DASHBOARD

Open your browser and navigate to the dashboard:

http://YOUR_PFSENSE_IP:5000

Default Login:

  • Username: admin
  • Password: admin

Important: Change your password immediately in Settings!

5
ENABLE KEA DHCP SERVER

The dashboard requires Kea DHCP for device tracking and hostname resolution. Enable it in pfSense:

# In pfSense Web UI:
System → Advanced → Networking

# Scroll to "DHCP Server Backend"
# Select "Kea DHCP" from the dropdown
# Click "Save"

After saving, go to your DHCP Server settings and click Apply Changes to restart the DHCP service with Kea:

# In pfSense Web UI:
Services → DHCP Server → [Your LAN Interface]

# Click "Apply Changes" at the top

Note: Kea DHCP stores leases in /var/lib/kea/dhcp4.leases which the dashboard uses for device hostname detection. ISC DHCP (the old default) uses a different format that is not supported.

6
ENABLE DNS QUERY LOGGING

The dashboard displays DNS queries from your network devices. This requires enabling query logging in the DNS Resolver:

# In pfSense Web UI:
Services → DNS Resolver

# Scroll to the bottom and find "Custom options"
# Add the following:

server:
log-queries: yes

# Click "Save" then "Apply Changes"

Note: Without this setting, the DNS Query Log in the dashboard will be empty. The resolver.log file will only contain service status messages instead of actual queries.

7
INSTALL GEOIP DATABASE (OPTIONAL)

For country flags and location data on the threat map, download the free GeoLite2 database from MaxMind:

1. Create a free account at MaxMind GeoLite2

2. Download GeoLite2-City.mmdb (the binary .mmdb file, not CSV)

3. Upload it to pfSense:

# Use -P for custom SSH port
scp -P 22 GeoLite2-City.mmdb root@YOUR_PFSENSE_IP:/opt/dashboard/

4. Go to the dashboard Settings page and click Restart Dashboard to load the database. Flags will appear on new threats after the restart.

8
CONFIGURE ABUSEIPDB API KEY (OPTIONAL)

AbuseIPDB provides threat intelligence data for suspicious IPs. To enable this feature:

1. Create a free account:

Go to https://www.abuseipdb.com/ and click "Sign Up"

2. Get your API key:

  • After logging in, go to Account → API
  • Click "Create Key"
  • Give it a name (e.g., "pfUI Dashboard")
  • Copy the generated API key

3. Add the key to pfUI Dashboard:

  • In the dashboard, go to Settings
  • Paste your API key in the "AbuseIPDB API Key" field
  • Click "Save Settings"

Note: The free tier allows 1,000 API lookups per day, which is sufficient for most home networks. The dashboard caches results to minimize API usage.

9
CONFIGURE EMAIL NOTIFICATIONS (OPTIONAL)

The dashboard can send email alerts when your WAN goes down/recovers and when monitored devices go offline. Configure SMTP in Settings:

SMTP Settings:

  • SMTP Host: Your email provider's SMTP server
  • SMTP Port: 587 (TLS) or 465 (SSL)
  • SMTP Username: Your email address
  • SMTP Password: Your email password or app password
  • From Address: The address emails will be sent from
  • Recipients: Up to 3 email addresses to receive alerts

Gmail Setup:

Gmail requires an App Password instead of your regular Google password. Here's how to set it up:

# Gmail SMTP Settings:
SMTP Host:     smtp.gmail.com
SMTP Port:     587
TLS:           Enabled
SMTP Username: [email protected]
SMTP Password: (App Password - see below)
From Address:  [email protected]

How to create a Gmail App Password:

Tip: After saving, use the "Send Test" button in Settings to verify your email configuration is working.

Other Email Providers:

# Outlook / Hotmail:
SMTP Host: smtp.office365.com  Port: 587

# Yahoo Mail:
SMTP Host: smtp.mail.yahoo.com  Port: 587

# iCloud Mail:
SMTP Host: smtp.mail.me.com     Port: 587

# Note: Most providers require an App Password.
# Check your provider's security settings.
10
SET UP WIREGUARD VPN (OPTIONAL)

pfUI includes full WireGuard VPN management. To set it up:

  • Click the VPN Config link on the Settings page (or the lock icon in the nav bar)
  • Click Create Server to set up a WireGuard server with auto-generated keys
  • Add peers and scan the QR code with the WireGuard app on your phone, or download the .conf file for desktop clients

Note: The dashboard automatically creates firewall rules (WAN allow + pfctl anchor) when you create a server. No manual firewall configuration needed.

11
CONFIGURE OTHER SETTINGS (OPTIONAL)

In the Settings page you can also configure:

  • Network Detection: Click "Re-Detect Network" to auto-detect your subnets and interfaces
  • Password: Change the default admin password
  • Session Timeout: Auto-logout after a period of inactivity
  • Themes: Switch between dark theme variants
  • Backup & Restore: Download or restore a full backup of your dashboard config and data
  • Speed Test: Test your WAN download and upload speeds

// SERVICE COMMANDS

  • service dashboard start - Start the dashboard
  • service dashboard stop - Stop the dashboard
  • service dashboard restart - Restart the dashboard
  • service dashboard status - Check if running

// SECURITY REMINDER

  • Disable SSH: After installation is complete, disable SSH on your pfSense firewall to improve security:
# In pfSense Web UI:
System → Advanced → Admin Access → Secure Shell

# Uncheck "Enable Secure Shell"
# Click "Save"
  • SSH is only needed during installation. Leaving it enabled increases your attack surface. You can always re-enable it temporarily if you need to update the dashboard later.

// NOTES

  • Auto-Start: The dashboard automatically starts on boot. No additional configuration needed.
  • Log File: View logs at /var/log/dashboard.log
  • Updates: To update, download the latest package and run the installer again. (Remember to temporarily enable SSH)
  • Firewall Rules: Port 5000 should be accessible from your LAN by default. Add a rule if needed.