pfSense 2.4: Router-on-a-Stick

The following guide explains how to install pfSense® software version 2.4 on a single Ethernet port Minnowboard Turbot and configuring it as a router-on-a-stick.

Requirements:

• USB stick with pfSense version 2.4 installer. Note, UEFI is supported starting with pfSense version 2.4 onward, earlier pfSense versions will not boot.

• 8 - 16 GB microSD card. This guide will cover installing pfSense on microSD, however using a SATA hard drive or mSATA (via a lure) will also work.

• Layer 2 switch configured with two ports using VLAN’s 10 and 20. Third port configured as trunk.

• USB to serial adapter (for console output). You can also use an HDMI cable instead of FTDI.

• Minnowboard Turbot single Ethernet port version.

Note

Minnowboards have a HDMI output as well as console output via UART pins. For this guide we’ll be using console output however it applies to HDMI / monitor output as well.

This guide assumes the switch is configured with the following layout:

• VLAN 10 port - used for WAN, connected to upstream modem.

• VLAN 20 port - used for LAN, connected to clients.

• TRUNK port - connected to Minnowboard Turbot

Steps:

1. Navigate to the pfSense Download Page to download pfSense. Choose the 2.4.x version or later, AMD64 (64-bit), USB Memstick Installer, and Serial (if you are using the UART pins). Choose the mirror of your choice (generally the one closest to you).

   Note

   If you are using HDMI, select VGA instead of Serial.

2. Write the downloaded image to a USB memstick (thumbdrive).

   See also

   Visit Writing an OS Installation Image to Flash Media for instructions on creating a USB thumbdrive.

3. Connect USB serial adapter’s GND, RXD, TXD pins to UART.

   Warning

   If using USB serial adapter with the power pin plugged in, do not connect the Minnowboard power supply, it will damage the board.

4. Plug in the USB thumbdrive with pfSense installer to USB 3.0 port on the Minnowboard.

5. Insert the microSD card into the microSD slot.

6. Connect Minnowboard ethernet to your previously configured switch port with VLAN 10 and VLAN 20 tags.

7. Connect WAN to your VLAN 10 tagged switch port and connect LAN client to VLAN 20 tagged switch port.

8. Power on the unit and press DEL to enter Minnowboard UEFI setup.

   

9. On UEFI setup select Boot Manager and press enter.

10. Select EFI USB Device and press enter to start pfSense boot.

11. Wait for pfSense to boot automatically.

12. When prompted for appropriate terminal type select xterm.

    

13. Once pfSense setup starts, choose Accept on the Copyright and distribution notice.

14. Follow the default selections to install pfSense on the microSD.

15. On the Welcome screen, select Install to install pfSense.

16. On the Keymap Selection screen, choose Continue with the default keymap and press enter.

17. On the partitioning screen, keep the default Auto (UFS) Guided Disk Setup selection and press enter.

18. Wait for installation to complete and choose Reboot.

19. After pfSense is installed setup will complete and reboot. Once again press DEL to enter setup and go to Boot Maintenance Manager.

    

20. Select Change Boot Order.

21. Change the order and move EFI Misc Device to list top. Press enter to save and return to the previous screen.

    

22. Select Continue from the main EFI setup screen and wait for pfSense to boot. From now on, the microSD will boot by default.

23. At first post-install boot we will configure VLAN’s. Confirm re0 is listed as a valid interface continue and confirm with Y to set up VLAN’s now.

    

24. In order to assign interfaces we must first create two VLAN’s, VLAN 10 (WAN) and VLAN 20 (LAN). Enter re0 when prompted for a parent interface name.

    

25. Enter 10 as VLAN tag to add WAN interface.

    

26. Enter 20 as VLAN tag to add LAN interface.

    

27. Once VLAN 10 and VLAN 20 are created assign WAN and LAN to previously created VLAN’s. Assign re0.10 to WAN and re0.20 to LAN.

    

28. Review the assigned interfaces, make sure it matches the screenshot and press Y to continue pfSense boot.

    

29. pfSense will complete bootup and if every step was followed correctly, your WAN should have an external IP.

    

30. Verify interfaces are correctly assigned by opening a browser and navigating to the default 192.168.1.1 IP address.

    

31. Under Interfaces > Interface Assignments confirm VLAN 10 on re0 is assigned as WAN and VLAN 20 on re0 is assigned as LAN.

    

32. In order to limit microSD card wear, we recommend enabling RAM disks. Navigate to System > Advanced > Miscellaneous and select Use RAM Disks.