pfSense 2.4: Router-on-a-Stick

The following guide explains how to install pfSense® software version 2.4 on a single Ethernet port MinnowBoard Turbot and configuring it as a router-on-a-stick.

Requirements:

  • USB stick with pfSense version 2.4 installer. Note, UEFI is supported starting with pfSense version 2.4 onward, earlier pfSense software versions will not boot.

  • 8-16 GB microSD card. This guide will cover installing pfSense on microSD, however using a SATA hard drive or mSATA (via a lure) will also work.

  • Layer 2 switch configured with two ports using VLANs 10 and 20. Third port configured as trunk.

  • USB to serial adapter (for console output), or use an HDMI cable instead.

  • MinnowBoard Turbot single Ethernet port version.

Note

MinnowBoard devices have an HDMI output as well as console output via UART pins. This guide uses console output, however it applies to HDMI / monitor output as well.

This guide assumes the switch is configured with the following layout:

  • VLAN 10 port - used for WAN, connected to upstream modem.

  • VLAN 20 port - used for LAN, connected to clients.

  • TRUNK port - connected to MinnowBoard Turbot

Steps:

  1. Navigate to the pfSense Software Download Page to download pfSense software.

    Choose the AMD64 Memstick USB installer.

  2. Write the downloaded image to a USB memstick (thumb drive).

    See also

    Visit Writing an OS Installation Image to Flash Media for instructions on creating a USB thumb drive.

  3. Connect the USB serial adapter GND, RXD, TXD pins to the UART.

    Warning

    If using a USB serial adapter with the power pin plugged in, do not connect the MinnowBoard power supply, it will damage the board.

  4. Plug in the USB drive with pfSense installer to USB 3.0 port on the MinnowBoard.

  5. Insert the microSD card into the microSD slot.

  6. Connect the MinnowBoard ethernet port to the switch port with VLAN 10 and VLAN 20 tags.

  7. Connect WAN to the VLAN 10 tagged switch port and connect LAN to the VLAN 20 tagged switch port.

  8. Power on the unit and press DEL to enter MinnowBoard UEFI setup.

    ../_images/install-pfsense-01.png

  9. In UEFI setup, select Boot Manager and press Enter.

  10. Select EFI USB Device and press Enter to boot the installer.

  11. Wait for the installer to boot automatically.

  12. When prompted for a terminal type select xterm.

    ../_images/install-pfsense-05.png

  13. Once the pfSense software installation starts, choose Accept on the Copyright and distribution notice.

  14. Follow the default selections to install pfSense software on the microSD.

  15. On the Welcome screen, select Install to install pfSense software.

  16. On the Keymap Selection screen, choose Continue with the default keymap and press Enter.

  17. On the partitioning screen, keep the default Auto (UFS) Guided Disk Setup selection and press enter.

  18. Wait for installation to complete and choose Reboot.

  19. After pfSense software is installed setup will complete and reboot. Once again press DEL to enter setup and go to Boot Maintenance Manager.

    ../_images/install-pfsense-11.png

  20. Select Change Boot Order.

  21. Change the order and move EFI Misc Device to list top. Press Enter to save and return to the previous screen.

    ../_images/install-pfsense-13.png

  22. Select Continue from the main EFI setup screen and wait for pfSense software to boot. From now on, the microSD will boot by default.

  23. At first post-install boot, configure VLANs. Confirm re0 is listed as a valid interface continue and confirm with Y to set up VLANs.

    ../_images/install-pfsense-15.png

  24. To assign interfaces, first create two VLANs, VLAN 10 (WAN) and VLAN 20 (LAN). Enter re0 when prompted for a parent interface name.

    ../_images/install-pfsense-16.png

  25. Enter 10 as VLAN tag to add WAN interface.

    ../_images/install-pfsense-17.png

  26. Enter 20 as VLAN tag to add LAN interface.

    ../_images/install-pfsense-18.png

  27. Once VLAN 10 and VLAN 20 are created, assign WAN and LAN to previously created VLANs. Assign re0.10 as WAN and re0.20 as LAN.

    ../_images/install-pfsense-19.png

  28. Review the assigned interfaces, make sure the list matches the screenshot and press Y to continue booting.

    ../_images/install-pfsense-20.png

  29. pfSense software will complete booting, and if every step was followed correctly, the WAN interface should have an external IP address.

    ../_images/install-pfsense-21.png

  30. Verify interfaces are correctly assigned by opening a browser and navigating to the default 192.168.1.1 IP address.

    ../_images/install-pfsense-22.png

  31. Under Interfaces > Interface Assignments confirm VLAN 10 on re0 is assigned as WAN and VLAN 20 on re0 is assigned as LAN.

    ../_images/install-pfsense-23.png

  32. To limit microSD card wear, the best practice is to enable RAM disks. Navigate to System > Advanced > Miscellaneous and select Use RAM Disks.

    ../_images/install-pfsense-24.png