Netgate is offering COVID-19 aid for pfSense software users, learn more.
Managing a VPC Instance¶
Once the instance is launched, you can connect to it via the Elastic IP that was attached to the primary interface during the provisioning phase.
In order to manage the configuration of the instance, you can connect to it via https or ssh. A limited set of configurations is possible through the SSH interface, the preferred method for managing most of the configurations or viewing data on the status of the pfSense® instance is through the https webGUI.
Connecting via SSH¶
To connect via SSH, you would use the key pair you chose while creating the instance to connect to the admin account. From the command line on a Unix/Linux host, you would use a command similar to:
ssh -i my_ec2_key firstname.lastname@example.org
Where the appropriate private key file and public IP or hostname are substituted.
The first time you log into your instance, the SSH key of the instance
will not be cached on your computer and you will need to type
asked whether you want continue connecting. This should not be necessary on
Once logged in, you should see the console menu similar to the one below:
Connecting via HTTPS¶
To connect via https, you would enter a URL containing the public IP address or
hostname of your instance into a web browser. For example,
https://188.8.131.52. It’s very likely that you will receive a browser
warning indicating that the security certificate of the site is not trusted.
This is because the instance uses a self-signed certificate for https
communication. You should click on the option to proceed to the site anyway. The
pfSense login screen with the Netgate logo should appear.
The username to log in with is
admin. The password to use is either a value
that you set in the User Data during the creation of the instance or a
It is preferable to explicitly set a password by passing a value in with the User Data field so the password will be known in advance.
If you did not set a specific password, you can find out that value that the random password was set to through one of 2 different methods.
The first method is to log in over SSH with the key pair that you selected when the instance was created and examine the contents of the file located at /etc/motd. You would do this by selecting option
8) Shellin the console menu that is presented when you SSH in, then run this command in the shell:
The second method is to view the System Log for the instance in the EC2 Management Console. After the messages that are displayed that show the status of the boot process, a message should appear that indicates what the administrative password was changed to. Be aware that the System Log output in the EC2 Management Console is not updated in real time and may take a few minutes to show up.
The message you should look for using either of the methods mentioned about will look like this:
*** *** *** Admin password changed to: abcdefg *** ***
Once you’ve determined your password and entered it into the login form, the pfSense WebGUI should be available to you.