pfSense 2.4: Router-on-a-Stick

The following guide explains how to install pfSense® software version 2.4 on a single Ethernet port Minnowboard Turbot and configuring it as a router-on-a-stick.

Requirements:

  • USB stick with pfSense version 2.4 installer. Note, UEFI is supported starting with pfSense version 2.4 onward, earlier pfSense versions will not boot.

  • 8 - 16 GB microSD card. This guide will cover installing pfSense on microSD, however using a SATA hard drive or mSATA (via a lure) will also work.

  • Layer 2 switch configured with two ports using VLAN’s 10 and 20. Third port configured as trunk.

  • USB to serial adapter (for console output). You can also use an HDMI cable instead of FTDI.

  • Minnowboard Turbot single Ethernet port version.

Note

Minnowboards have a HDMI output as well as console output via UART pins. For this guide we’ll be using console output however it applies to HDMI / monitor output as well.

This guide assumes the switch is configured with the following layout:

  • VLAN 10 port - used for WAN, connected to upstream modem.

  • VLAN 20 port - used for LAN, connected to clients.

  • TRUNK port - connected to Minnowboard Turbot

Steps:

  1. Navigate to the pfSense Download Page to download pfSense. Choose the 2.4.x version or later, AMD64 (64-bit), USB Memstick Installer, and Serial (if you are using the UART pins). Choose the mirror of your choice (generally the one closest to you).

    Note

    If you are using HDMI, select VGA instead of Serial.

  2. Write the downloaded image to a USB memstick (thumbdrive).

    See also

    Visit Writing an OS Installation Image to Flash Media for instructions on creating a USB thumbdrive.

  3. Connect USB serial adapter’s GND, RXD, TXD pins to UART.

    Warning

    If using USB serial adapter with the power pin plugged in, do not connect the Minnowboard power supply, it will damage the board.

  4. Plug in the USB thumbdrive with pfSense installer to USB 3.0 port on the Minnowboard.

  5. Insert the microSD card into the microSD slot.

  6. Connect Minnowboard ethernet to your previously configured switch port with VLAN 10 and VLAN 20 tags.

  7. Connect WAN to your VLAN 10 tagged switch port and connect LAN client to VLAN 20 tagged switch port.

  8. Power on the unit and press DEL to enter Minnowboard UEFI setup.

    ../_images/install-pfsense-01.png
  9. On UEFI setup select Boot Manager and press enter.

  10. Select EFI USB Device and press enter to start pfSense boot.

  11. Wait for pfSense to boot automatically.

  12. When prompted for appropriate terminal type select xterm.

    ../_images/install-pfsense-05.png
  13. Once pfSense setup starts, choose Accept on the Copyright and distribution notice.

  14. Follow the default selections to install pfSense on the microSD.

  15. On the Welcome screen, select Install to install pfSense.

  16. On the Keymap Selection screen, choose Continue with the default keymap and press enter.

  17. On the partitioning screen, keep the default Auto (UFS) Guided Disk Setup selection and press enter.

  18. Wait for installation to complete and choose Reboot.

  19. After pfSense is installed setup will complete and reboot. Once again press DEL to enter setup and go to Boot Maintenance Manager.

    ../_images/install-pfsense-11.png
  20. Select Change Boot Order.

  21. Change the order and move EFI Misc Device to list top. Press enter to save and return to the previous screen.

    ../_images/install-pfsense-13.png
  22. Select Continue from the main EFI setup screen and wait for pfSense to boot. From now on, the microSD will boot by default.

  23. At first post-install boot we will configure VLAN’s. Confirm re0 is listed as a valid interface continue and confirm with Y to set up VLAN’s now.

    ../_images/install-pfsense-15.png
  24. In order to assign interfaces we must first create two VLAN’s, VLAN 10 (WAN) and VLAN 20 (LAN). Enter re0 when prompted for a parent interface name.

    ../_images/install-pfsense-16.png
  25. Enter 10 as VLAN tag to add WAN interface.

    ../_images/install-pfsense-17.png
  26. Enter 20 as VLAN tag to add LAN interface.

    ../_images/install-pfsense-18.png
  27. Once VLAN 10 and VLAN 20 are created assign WAN and LAN to previously created VLAN’s. Assign re0.10 to WAN and re0.20 to LAN.

    ../_images/install-pfsense-19.png
  28. Review the assigned interfaces, make sure it matches the screenshot and press Y to continue pfSense boot.

    ../_images/install-pfsense-20.png
  29. pfSense will complete bootup and if every step was followed correctly, your WAN should have an external IP.

    ../_images/install-pfsense-21.png
  30. Verify interfaces are correctly assigned by opening a browser and navigating to the default 192.168.1.1 IP address.

    ../_images/install-pfsense-22.png
  31. Under Interfaces > Interface Assignments confirm VLAN 10 on re0 is assigned as WAN and VLAN 20 on re0 is assigned as LAN.

    ../_images/install-pfsense-23.png
  32. In order to limit microSD card wear, we recommend enabling RAM disks. Navigate to System > Advanced > Miscellaneous and select Use RAM Disks.

    ../_images/install-pfsense-24.png