Next generation of pfSense embedded now available
Embedded has historically been a second class citizen, with most development focus and most users ( > 80% of downloads) using full installs. Taking advantage of what a full install offers was in fact the original reason for this project, though embedded was later added. This has now changed considerably, with the introduction of the next generation of pfSense embedded. It’s been on the snapshot server for quite some time and been a work in progress for months, but now we want to alert people of its presence for wider testing. It is based on nanobsd, a standardized build methodology for FreeBSD embedded applications.
The changes it brings:
- Reliable upgrades – Finally, no longer is there a need to re-flash your CF and restore your configuration.
- Multiple firmware support – there are two partitions, each containing their own separate pfSense install. To test upgrades, you can upgrade the second partition, and roll back to the first if necessary.
- Package support – packages that are suitable for an embedded platform are supported.
- Multiple hardware architecture support – with some additional changes that are currently in the works, this will allow us to support non-x86 architectures in the future, where FreeBSD supports those architectures and specific platforms. Expect to see MIPS and ARM first, with others possible. Historically, these platforms had such limited CPU, RAM and flash that we would have been forced to spend an inordinate amount of time trimming things down, removing numerous features only to end up with a much less attractive offering. That development time is better spent elsewhere. With new MIPS and ARM platforms offering considerably more flash and RAM, this is no longer the case. Though these hardware limits are still applicable to your typical consumer grade Linksys and similar routers, they will never be supported. Specific information on supported hardware will come in the future.
There are 512 MB, and 1, 2 and 4 GB images available. The 4 GB images work fine with larger size CF cards. For now there won’t be any images larger than 4 GB, though expect that to change for 2.0.
1.2.3 embedded will be released based on nanobsd, and the old means of doing embedded will be discontinued. This means the minimum CF size for 1.2.3 embedded will be 512 MB. This is necessary because of the dual firmware support, it has to be twice as big, and we want to leave plenty of space for future upgrades.
What about my smaller than 512 MB CF card?
There isn’t an easy way to accommodate CF cards less than 512 MB. A 512 MB card can be found for under $20 USD including shipping, you’ll need to upgrade.
Download
You’ll find images in the nanobsd folders on the snapshot server.
Support
For problem reporting, please use the 1.2.3 board on the forum, or the mailing list.
July 14th, 2009 at 8:50 pm
You guys never cease to amaze me. Whatever can possibly be done with FreeBSD, you guys do it. AND, you wrap a nice GUI around it.
Keep up the fantastic work! Maybe since this is done you could finish up that book we’ve been hearing about. 
July 14th, 2009 at 9:10 pm
Tim: book is just about done finally.
It’s getting finishing touches as we speak. Details as soon as I have them from the publisher.
July 14th, 2009 at 10:56 pm
Just a thought on publishing your own book. http://www.brianmadden.com/blogs/brianmadden/archive/2002/10/31/questions-about-my-book-publishing.aspx
July 14th, 2009 at 11:15 pm
Reed Media is publishing it, it’s not self-published. But it’s also not the racket that Brian Madden describes, which is common to the major publishers. For niches like this, a major publisher doesn’t bring any benefits, and has the downfalls Brian mentions. I’ve done work for O’Reilly in the past, and they were good to work with. The royalty rate was a bit higher than Brian describes, but still very low, a small fraction of what we’ll get on this.
July 14th, 2009 at 11:16 pm
For those wondering about VGA vs. serial console:
These images are serial console only. We’re currently looking at options for building both VGA and serial, as many embedded boards have VGA and many people don’t care to use serial consoles.
July 15th, 2009 at 2:13 am
This makes me say just: wow.
personally I think that pfSense is one of the key factors of Alix boards’ success…
July 15th, 2009 at 2:16 am
Marco: I think PC Engines feels that way too, they’ve helped us out quite a bit by equipping our developers with hardware. Also Netgate, who sells pfSense pre-installed ALIX hardware, is a huge contributor.
July 15th, 2009 at 4:42 am
AWESOME! Thank you so much!! Both reliable upgrades and multiple firmware support are extremely welcome features.
July 15th, 2009 at 6:20 am
Great news. I will gladly through away my 128MB flash, when I can use packages now! Thanks a lot you guys are great. I already recommended you to be used on the alix platform and I will continue to do so.
THANKS
July 15th, 2009 at 6:51 am
Hey!
This is great news! I waited for these changes! Thank you so much for your effort!
Chris
July 15th, 2009 at 7:13 am
I’ve been using pfSense for 3 or so years now and have nothing but good things to say — and I’ve only ever run embedded. I used to use ALIX but now have a 1GHz EPIA board and would love to use a bit of that extra beef available for some of the packages that make sense to run on embedded.
Thanks for not leaving us behind, pfSense developers!
July 15th, 2009 at 3:39 pm
I have several dozen firewalls that will be migrated to this over monowall in the future. The upgrade feature was a major sticking point to not being able to use the older pfsense embedded stuff.
A big feature that pfsense has over monowall is having tcpdump part of the package so that troubleshooting is actual possible when networking issues arise.
July 15th, 2009 at 5:22 pm
Adam: I agree, tcpdump is vital to troubleshooting issues, putting in a tap or hub or span port just isn’t reasonable in a lot of scenarios. As much as I love m0n0wall too, it makes it impossible for any sort of troubleshooting without an additional box to do the troubleshooting.
July 16th, 2009 at 12:00 pm
Thank you for new embedded pfSense. I hesitated to get an energy efficient Alix board earlier because I relied on a few packages. This is great news. Soon my router will be running greener.
July 18th, 2009 at 7:46 pm
Currently, Digitec’s cheapest CF is 4 GB and 28 CHF (in Switzerland).
Hm. How time has passed. Seems like yesterday that I bought a WRAP with (I think) 128 MB CF at EuroBSDCon 2005.
I think I’ll order next week, to be able to update to 1.2.3 quickly (though, because of the hassle of opening the box, I went literally years without upgrading).
If the new system means I don’t have to dismantle the ALIX anymore to upgrade – even better.
July 19th, 2009 at 6:45 am
“Snapshots are offline.”.
When will they be up again?
July 19th, 2009 at 2:22 pm
ESX crash hosed the builders, but they’re back now. Not all the folders/versions are populated yet but will be with time.
July 20th, 2009 at 6:18 pm
Thanks PFSense team ..now i can have my embedded and BGP package in one flash. Keep up the great work. Soon i’ll have a reason to reboot this:
# uptime
4:13PM up 486 days, 2:34, 2 users, load averages: 0.65, 0.36, 0.31
July 27th, 2009 at 6:28 am
Where I can find the 1gb nano bsd image? On the snapshot server I could only find 512, 2 and 4gb images.
Andreas
July 27th, 2009 at 7:00 am
Are you considering the Plug Computers from Marvell as a possible ARM target? They have 512MB flash and 512 MB RAM but no serial. Only one ethernet but with USB more should be possible
July 27th, 2009 at 11:22 am
Indeed, you guys are great. I’ve been using m0n0wall for embedded applications for some time but it’d be nice to have pfSense available for more advanced applications.
Thanks guys!
July 27th, 2009 at 1:04 pm
Andreas: check back later, Scott has been messing with the builders all weekend, it’ll repopulate.
Dennis: if someone makes a 2 port version of those and someone does the FreeBSD portion of the work, yes, they’re on our radar. USB networking isn’t a great solution.
July 29th, 2009 at 11:39 am
W00t! This is great news! Any approximate date for official release of new embedded version? Is it stable enough to use in production as it is?
July 29th, 2009 at 11:44 am
This is still considered experimental until you see it in a production release. There are a lot of people using it with success but I wouldn’t deploy it in a critical production environment yet.
July 29th, 2009 at 8:12 pm
Just want to report good luck with the 512MB image from 072209 on an alix 2D3. Everything I needed worked wonderfully. Packet shaper with 2 lan, captive portal, etc.
Thanks
August 1st, 2009 at 10:58 am
does the new nanobsd version of pfsense support wireless usb?
August 1st, 2009 at 11:06 am
zorac: hardware support is no different than any other platform, everything FreeBSD 7.2 supports is supported.
August 4th, 2009 at 3:04 am
Howdy,
A 512 MB CF card does not sound like a problem. Lately, I can hardly find anything smaller that 1 GB. But, you did not say how much ram will be needed. That is what concerns me. Will a wrap board with 128 MB ram still be enough. Throwing away all the hardware is a bigger deal.
I am looking forward to the new release.
Good luck
August 4th, 2009 at 10:41 am
CPU and RAM requirements are no different.
Granted, since you can install packages, there are packages that can obsolete systems with 128 MB RAM, but any feature set you’re currently running on a WRAP will use the exact same resources as on the old embedded.
August 12th, 2009 at 9:36 pm
Chris,
Great presentation tonight. Thanks very much.
I’m having some trouble finding the Alix board you showed with the miniSD for VPN ?
Was wondering if you had a link you could share.
Thanks,
Dave
August 12th, 2009 at 10:43 pm
Dave: you can find all our recommended vendors here:
http://www.pfsense.org/index.php?option=com_content&task=view&id=44&Itemid=50
the boxes we had tonight at the KYOSS meeting are from vendors on that page.
The ALIX boards specifically, from Netgate.
http://www.netgate.com/index.php?cPath=60_84
August 13th, 2009 at 8:34 am
Thanks Chris. I placed an order today. It took a while to find something that was in stock!! I guess this stuff is popular !!
August 19th, 2009 at 9:55 pm
Just loaded up nanobsd version on my CF. Great Job Guys…
Is it just me or does the system seem to run allot faster. Network speed is same (as expected) but over speed of webpage and ssh seems snappier.
August 30th, 2009 at 10:21 pm
YEAH!!! Finally embedded gets some love. I have purchased several ALIX boards, kits, etc. from netgate – noticed they were sponsoring above – and currently use pfsense at home via an ALIX board. HATED that I always had to re-flash to upgrade. Can’t wait to try this.
September 4th, 2009 at 2:13 pm
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
Hello,
I tried to write one of the 2GB image to my SanDisk Ultra II 2GB but it failed close to the end like the image was a bit too large for the advertised 2GB card. Can someone confirm this? I went to the 1GB image and it worked fine, except that I lost 1GB of storage in the process.
Alphazo
—–BEGIN PGP SIGNATURE—–
iEYEAREKAAYFAkqhZvEACgkQYzj0vCQtTfvNVwCdGMkU1An2GlFcuYIsKR/2A1Vo
dSYAnReGBTZ9xPKBwJ8yyafgOV/lJwfL
=TVqp
—–END PGP SIGNATURE—–
September 4th, 2009 at 3:36 pm
Alphazo: some 2 GB cards aren’t quite 2 GB, we’re looking at shrinking all the images a bit to accommodate all cards
September 14th, 2009 at 9:03 am
What do the differences in build size signify? in other words, what’s the difference in running the 512mb build on a 512 card, vs 4GB build on a 4gb CF card?
September 14th, 2009 at 11:47 am
PMB: bigger images use a bigger partition size, which gives you more space for add ons.
October 1st, 2009 at 7:11 am
I just purchased my ALIX.2D3 but didn’t even realize that pfSense embedded didn’t support packages until now. This is really great news!
If I install the experimental build will I be able to install any package I want to? (eg. are all packages listed?)
If so, how can I tell if a package is writing too much to my CF card (thus killing it) or using too many RAM/CPU?
Thanks so much!
October 8th, 2009 at 11:12 am
I have been using PFSENSE for over 2 years now. I must say that you guys did/do a very good job. Keep it up.
October 8th, 2009 at 9:46 pm
[...] Embedded switched to nanobsd – this is explained more here. [...]
October 9th, 2009 at 9:49 am
Outstanding! Keep up the good work!
October 21st, 2009 at 3:09 am
Count me as another voice in favor of VGA/keyboard support for embedded images!
October 27th, 2009 at 3:02 pm
Just upgraded to the NanoBSD version… excellent stuff!
Btw, is there a list or site for compatible packages with embedded?
October 27th, 2009 at 6:23 pm
Joey: the list is under System->Packages. Ones not compatible with embedded are not shown.
November 10th, 2009 at 7:45 am
Chris: If possible; Please add embedded VGA. My new desktop PC has no serial/com port and I have no way to update to this new version.
December 10th, 2009 at 4:06 pm
[...] Embedded switched to nanobsd – this is a major improvement of our embedded version, and the old embedded has been discontinued. This is explained in detail here. [...]
December 10th, 2009 at 9:51 pm
So for us WRAP folks, does this still apply? http://doc.pfsense.org/index.php/NanoBSD_on_WRAP
Or is the released image already set to boot properly?
January 5th, 2011 at 5:27 pm
yes, it seems so; I followed the instructions and set up my WRAP1.D successfully, assignment of network interfaces must be done via serial interface (set to 9600 baud!)