Next generation of pfSense embedded now available

July 14th, 2009 by Chris Buechler

Embedded has historically been a second class citizen, with most development focus and most users ( > 80% of downloads) using full installs. Taking advantage of what a full install offers was in fact the original reason for this project, though embedded was later added. This has now changed considerably, with the introduction of the next generation of pfSense embedded. It’s been on the snapshot server for quite some time and been a work in progress for months, but now we want to alert people of its presence for wider testing. It is based on nanobsd, a standardized build methodology for FreeBSD embedded applications.

The changes it brings:

  • Reliable upgrades – Finally, no longer is there a need to re-flash your CF and restore your configuration.
  • Multiple firmware support – there are two partitions, each containing their own separate pfSense install. To test upgrades, you can upgrade the second partition, and roll back to the first if necessary.
  • Package support – packages that are suitable for an embedded platform are supported.
  • Multiple hardware architecture support – with some additional changes that are currently in the works, this will allow us to support non-x86 architectures in the future, where FreeBSD supports those architectures and specific platforms. Expect to see MIPS and ARM first, with others possible. Historically, these platforms had such limited CPU, RAM and flash that we would have been forced to spend an inordinate amount of time trimming things down, removing numerous features only to end up with a much less attractive offering. That development time is better spent elsewhere. With new MIPS and ARM platforms offering considerably more flash and RAM, this is no longer the case. Though these hardware limits are still applicable to your typical consumer grade Linksys and similar routers, they will never be supported. Specific information on supported hardware will come in the future.

There are 512 MB, and 1, 2 and 4 GB images available. The 4 GB images work fine with larger size CF cards. For now there won’t be any images larger than 4 GB, though expect that to change for 2.0.

1.2.3 embedded will be released based on nanobsd, and the old means of doing embedded will be discontinued. This means the minimum CF size for 1.2.3 embedded will be 512 MB. This is necessary because of the dual firmware support, it has to be twice as big, and we want to leave plenty of space for future upgrades.

What about my smaller than 512 MB CF card?
There isn’t an easy way to accommodate CF cards less than 512 MB. A 512 MB card can be found for under $20 USD including shipping, you’ll need to upgrade.

Download
You’ll find images in the nanobsd folders on the snapshot server.

Support
For problem reporting, please use the 1.2.3 board on the forum, or the mailing list.

Tags: ,

49 Responses to “Next generation of pfSense embedded now available”

  1. Tim Nelson Says:

    You guys never cease to amaze me. Whatever can possibly be done with FreeBSD, you guys do it. AND, you wrap a nice GUI around it. :-) Keep up the fantastic work! Maybe since this is done you could finish up that book we’ve been hearing about. ;-)

  2. Chris Buechler Says:

    Tim: book is just about done finally. ;) It’s getting finishing touches as we speak. Details as soon as I have them from the publisher.

  3. Lindley Says:

    Just a thought on publishing your own book. http://www.brianmadden.com/blogs/brianmadden/archive/2002/10/31/questions-about-my-book-publishing.aspx

  4. Chris Buechler Says:

    Reed Media is publishing it, it’s not self-published. But it’s also not the racket that Brian Madden describes, which is common to the major publishers. For niches like this, a major publisher doesn’t bring any benefits, and has the downfalls Brian mentions. I’ve done work for O’Reilly in the past, and they were good to work with. The royalty rate was a bit higher than Brian describes, but still very low, a small fraction of what we’ll get on this.

  5. Chris Buechler Says:

    For those wondering about VGA vs. serial console:

    These images are serial console only. We’re currently looking at options for building both VGA and serial, as many embedded boards have VGA and many people don’t care to use serial consoles.

  6. Marco Says:

    This makes me say just: wow. :D personally I think that pfSense is one of the key factors of Alix boards’ success…

  7. Chris Buechler Says:

    Marco: I think PC Engines feels that way too, they’ve helped us out quite a bit by equipping our developers with hardware. Also Netgate, who sells pfSense pre-installed ALIX hardware, is a huge contributor.

  8. Erik Says:

    AWESOME! Thank you so much!! Both reliable upgrades and multiple firmware support are extremely welcome features.

  9. Jens Kühnel Says:

    Great news. I will gladly through away my 128MB flash, when I can use packages now! Thanks a lot you guys are great. I already recommended you to be used on the alix platform and I will continue to do so.

    THANKS

  10. Chris Says:

    Hey!
    This is great news! I waited for these changes! Thank you so much for your effort!

    Chris

  11. Kevin Williams Says:

    I’ve been using pfSense for 3 or so years now and have nothing but good things to say — and I’ve only ever run embedded. I used to use ALIX but now have a 1GHz EPIA board and would love to use a bit of that extra beef available for some of the packages that make sense to run on embedded.

    Thanks for not leaving us behind, pfSense developers!

  12. Adam Says:

    I have several dozen firewalls that will be migrated to this over monowall in the future. The upgrade feature was a major sticking point to not being able to use the older pfsense embedded stuff.

    A big feature that pfsense has over monowall is having tcpdump part of the package so that troubleshooting is actual possible when networking issues arise.

  13. Chris Buechler Says:

    Adam: I agree, tcpdump is vital to troubleshooting issues, putting in a tap or hub or span port just isn’t reasonable in a lot of scenarios. As much as I love m0n0wall too, it makes it impossible for any sort of troubleshooting without an additional box to do the troubleshooting.

  14. blankko Says:

    Thank you for new embedded pfSense. I hesitated to get an energy efficient Alix board earlier because I relied on a few packages. This is great news. Soon my router will be running greener.

  15. Rainer Says:

    Currently, Digitec’s cheapest CF is 4 GB and 28 CHF (in Switzerland).
    Hm. How time has passed. Seems like yesterday that I bought a WRAP with (I think) 128 MB CF at EuroBSDCon 2005.
    I think I’ll order next week, to be able to update to 1.2.3 quickly (though, because of the hassle of opening the box, I went literally years without upgrading).
    If the new system means I don’t have to dismantle the ALIX anymore to upgrade – even better.

  16. S.D. Says:

    “Snapshots are offline.”.
    When will they be up again?

  17. Chris Buechler Says:

    ESX crash hosed the builders, but they’re back now. Not all the folders/versions are populated yet but will be with time.

  18. marvin Says:

    Thanks PFSense team ..now i can have my embedded and BGP package in one flash. Keep up the great work. Soon i’ll have a reason to reboot this:

    # uptime
    4:13PM up 486 days, 2:34, 2 users, load averages: 0.65, 0.36, 0.31

  19. andreas Says:

    Where I can find the 1gb nano bsd image? On the snapshot server I could only find 512, 2 and 4gb images.

    Andreas

  20. Dennis Schafroth Says:

    Are you considering the Plug Computers from Marvell as a possible ARM target? They have 512MB flash and 512 MB RAM but no serial. Only one ethernet but with USB more should be possible

  21. Wes Says:

    Indeed, you guys are great. I’ve been using m0n0wall for embedded applications for some time but it’d be nice to have pfSense available for more advanced applications.

    Thanks guys!

  22. Chris Buechler Says:

    Andreas: check back later, Scott has been messing with the builders all weekend, it’ll repopulate.

    Dennis: if someone makes a 2 port version of those and someone does the FreeBSD portion of the work, yes, they’re on our radar. USB networking isn’t a great solution.

  23. Joe Says:

    W00t! This is great news! Any approximate date for official release of new embedded version? Is it stable enough to use in production as it is?

  24. Chris Buechler Says:

    This is still considered experimental until you see it in a production release. There are a lot of people using it with success but I wouldn’t deploy it in a critical production environment yet.

  25. stompro Says:

    Just want to report good luck with the 512MB image from 072209 on an alix 2D3. Everything I needed worked wonderfully. Packet shaper with 2 lan, captive portal, etc.
    Thanks

  26. zorac Says:

    does the new nanobsd version of pfsense support wireless usb?

  27. Chris Buechler Says:

    zorac: hardware support is no different than any other platform, everything FreeBSD 7.2 supports is supported.

  28. Ralph Says:

    Howdy,
    A 512 MB CF card does not sound like a problem. Lately, I can hardly find anything smaller that 1 GB. But, you did not say how much ram will be needed. That is what concerns me. Will a wrap board with 128 MB ram still be enough. Throwing away all the hardware is a bigger deal.

    I am looking forward to the new release.
    Good luck

  29. Chris Buechler Says:

    CPU and RAM requirements are no different.

    Granted, since you can install packages, there are packages that can obsolete systems with 128 MB RAM, but any feature set you’re currently running on a WRAP will use the exact same resources as on the old embedded.

  30. Dave Vrona Says:

    Chris,

    Great presentation tonight. Thanks very much.

    I’m having some trouble finding the Alix board you showed with the miniSD for VPN ?

    Was wondering if you had a link you could share.

    Thanks,
    Dave

  31. Chris Buechler Says:

    Dave: you can find all our recommended vendors here:
    http://www.pfsense.org/index.php?option=com_content&task=view&id=44&Itemid=50

    the boxes we had tonight at the KYOSS meeting are from vendors on that page.

    The ALIX boards specifically, from Netgate.
    http://www.netgate.com/index.php?cPath=60_84

  32. Dave Vrona Says:

    Thanks Chris. I placed an order today. It took a while to find something that was in stock!! I guess this stuff is popular !!

  33. Chris Says:

    Just loaded up nanobsd version on my CF. Great Job Guys…

    Is it just me or does the system seem to run allot faster. Network speed is same (as expected) but over speed of webpage and ssh seems snappier.

  34. Dan Says:

    YEAH!!! Finally embedded gets some love. I have purchased several ALIX boards, kits, etc. from netgate – noticed they were sponsoring above – and currently use pfsense at home via an ALIX board. HATED that I always had to re-flash to upgrade. Can’t wait to try this.

  35. Alphazo Says:

    —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA512

    Hello,

    I tried to write one of the 2GB image to my SanDisk Ultra II 2GB but it failed close to the end like the image was a bit too large for the advertised 2GB card. Can someone confirm this? I went to the 1GB image and it worked fine, except that I lost 1GB of storage in the process.

    Alphazo

    —–BEGIN PGP SIGNATURE—–

    iEYEAREKAAYFAkqhZvEACgkQYzj0vCQtTfvNVwCdGMkU1An2GlFcuYIsKR/2A1Vo
    dSYAnReGBTZ9xPKBwJ8yyafgOV/lJwfL
    =TVqp
    —–END PGP SIGNATURE—–

  36. Chris Buechler Says:

    Alphazo: some 2 GB cards aren’t quite 2 GB, we’re looking at shrinking all the images a bit to accommodate all cards

  37. PMB Says:

    What do the differences in build size signify? in other words, what’s the difference in running the 512mb build on a 512 card, vs 4GB build on a 4gb CF card?

  38. Chris Buechler Says:

    PMB: bigger images use a bigger partition size, which gives you more space for add ons.

  39. John Says:

    I just purchased my ALIX.2D3 but didn’t even realize that pfSense embedded didn’t support packages until now. This is really great news!

    If I install the experimental build will I be able to install any package I want to? (eg. are all packages listed?)

    If so, how can I tell if a package is writing too much to my CF card (thus killing it) or using too many RAM/CPU?

    Thanks so much!

  40. Hakkatil Says:

    I have been using PFSENSE for over 2 years now. I must say that you guys did/do a very good job. Keep it up.

  41. pfSense Digest » Blog Archive » 1.2.3-RC3 now available! Says:

    [...] Embedded switched to nanobsd – this is explained more here. [...]

  42. John Says:

    Outstanding! Keep up the good work!

  43. George Madison Says:

    Count me as another voice in favor of VGA/keyboard support for embedded images!

  44. Joey Says:

    Just upgraded to the NanoBSD version… excellent stuff!
    Btw, is there a list or site for compatible packages with embedded?

  45. Chris Buechler Says:

    Joey: the list is under System->Packages. Ones not compatible with embedded are not shown.

  46. Pierre Says:

    Chris: If possible; Please add embedded VGA. My new desktop PC has no serial/com port and I have no way to update to this new version.

  47. pfSense Digest » Blog Archive » 1.2.3 Release Available! Says:

    [...] Embedded switched to nanobsd – this is a major improvement of our embedded version, and the old embedded has been discontinued. This is explained in detail here. [...]

  48. Stephen Waits Says:

    So for us WRAP folks, does this still apply? http://doc.pfsense.org/index.php/NanoBSD_on_WRAP

    Or is the released image already set to boot properly?

  49. Hartmut Says:

    yes, it seems so; I followed the instructions and set up my WRAP1.D successfully, assignment of network interfaces must be done via serial interface (set to 9600 baud!)

Please don’t post technical questions or off-topic comments. It is far more likely that your questions and concerns will be addressed effectively through one of our support channels.

Leave a Reply