Managing a VPC Instance¶
Once the instance is launched, connect to it via the Elastic IP address attached to the primary interface during the provisioning phase.
In order to manage the configuration of the instance, connect to it via HTTPS or SSH. A limited set of configurations is possible through the SSH interface, the preferred method for managing most of the configurations or viewing data on the status of the Netgate® pfSense® Plus instance is through the HTTPS GUI.
Connecting via SSH¶
To connect via SSH, use the key pair chosen while creating the instance to
connect to the
admin account. From the command line on a Unix/Linux host,
use a command similar to:
ssh -i my_ec2_key email@example.com
Where the appropriate private key file and public IP address or hostname are substituted.
The first time logging into the instance, the SSH key for the instance will
not be cached locally, type
yes when asked whether to continue
connecting. This should not be necessary on subsequent sessions.
Once logged in, the client will display the console menu similar to the following:
Connecting via HTTPS¶
To connect via HTTPS, enter an
https:// URL containing the public IP address
or hostname of the instance into a web browser. For example,
There will likely be a browser warning indicating that the security certificate of the site is not trusted, because the instance uses a self-signed certificate for HTTPS communication. Click on the option to proceed to the site anyway and a login screen with the Netgate logo should appear.
The username to log in with is
admin. The password to use is either a value
set in the User Data during the creation of the instance or a random
The best practice is to explicitly set a password by passing a value in with the User Data field so the password will be known in advance, and then to change it after logging in the first time.
If a specific password was not set, The value of the random password can be found through one of two different means:
The first method is to log in over SSH with the key pair selected when the instance was created and examine the contents of the file located at
/etc/motd-passwd. Do this by selecting option
8) Shellin the console menu that is presented when connecting via SSH, then run this command in the shell:
Alternatively, view the System Log for the instance in the EC2 Management Console. After the messages that are displayed that show the status of the boot process, a message should appear that indicates the value of the administrative password.
The System Log output in the EC2 Management Console is not updated in real time and may take a few minutes to show up. It is preferable to explicitly set a password by passing a value in with the User Data field so the password will be known in advance. To allow a random password to be set, connect via SSH and find the value of the password after the instance is up without any delay.
The message, using either of the methods mentioned, will look like this
*** *** *** Admin password changed to: abcdefg *** ***
In this example, the password was changed to
Once the password has been determined and entered into the login form, the pfSense® Plus GUI should be available.