NanoBSD on WRAP

Starting with pfSense 1.2.3, the embedded device images are now based on NanoBSD. This switch gives reliable upgrade support without the need to completely reflash, and the ability to run packages on embedded routers.

However, this support comes at a price. Unfortunately, the BIOS on the PC Engines WRAP is not currently able to support the booting method used by NanoBSD, and is not capable of booting from the secondary slice used for upgrades. This means that the pfSense 1.2.3 or 2.0 embedded image will not even boot on a WRAP without some additional work.

If you try to boot pfSense 1.2.3 or 2.0 on a WRAP without modifying the image or the CF, you will likely be greeted by a long string of ######## after the boot menu.

Limitations

Before going into the "hows" of making pfSense 1.2.3 or 2.0 work on a WRAP, there are a few points of which you must be aware when running pfSense 1.2.3 or 2.0 on your WRAP.

1. Upgrades will not work. The second slice is basically wasted space, not able to be used for booting.[1]
2. While packages are available, keep the limited resources of the WRAP in mind. With only 128MB RAM and 266MHz to work with, do not go crazy with package installations. Some low-end requirement packages like Avahi or the Dashboard should work fine, however.

Booting NanoBSD on WRAP

In order to boot NanoBSD on a WRAP you must change the boot method from packet to nopacket. This can be done in one of two ways, but either method involves using a FreeBSD system or spare, non-production, pfSense box.

Alter the .img File Before Writing

The first method involves changing the image before writing to the CF. This method is useful if you are going to be writing out several CF cards and do not want to alter them all individually. You can also copy over a config when doing this method as described in Modifying Embedded. Parts of these instructions have been borrowed from that article.

First, download and decompress the .img.gz file. This will leave you will a large .img file that is the full size of the target CF size, be sure you have enough space on your system to store it!

# gunzip pfSense-1.2.3.NanoBSD-2G.full.img.gz

Load the image onto an md(4) device. The mdconfig command will return the id of the next available md device, like so:

# mdconfig -f pfSense-1.2.3.NanoBSD-2G.full.img
md0

N.B.: When using -f, options "-a -t vnode" are assumed and are not needed.

(Optional) Confirm that the md device is present as expected:

# mdconfig -lv
md0     vnode     1.9G  /home/jim/pfSense-1.2.3.NanoBSD-2G.full.img

Now change the booting method used by the image:

# boot0cfg -o nopacket /dev/md0

And remove the md device. Since we had md0 above, the unit number is 0.

# mdconfig -d -u 0

Now you can write the image to CF as usual. You may want to compress the image with gzip again if you will be writing the image on a separate system.

Alter the CF after it has been written

First, plug the CF to which you wrote out a pfSense 1.2.3 or 2.0 image. If you are using a USB card reader the device will likely be da0, but check your system log or dmesg to be sure.

Now change the booting method used by the image:

# boot0cfg -o nopacket /dev/da0

Unplug the card and put it back in the WRAP. It should now boot.

Download a premoddified image

Premoddified images for 2.0 and 2.0.1 can be found on http://may.nu/pfSense Use on your own risk and with no guarantee that they are working.

[1] Some crafty users might alter the fstab and mount this partition and use it for extra storage space if needed since it cannot be used for upgrades or booting, but as with other such modifications, this is unsupported and not generally recommended.