Install pfSense nanobsd 2.0 to thumb drive

From pfSense Documentation
Jump to: navigation, search
This article was contributed or cited from an outside source. The style and formatting may not match other articles.
This article is part of the How-To series.


This how-to describes the steps needed to take to run pfSense from a USB thumb drive.

The instructions should also work with other non-embedded hardware.


Step 1, Download pfSense Image

Download a pfSense image from [1]. I used the pfSense-2.1.5-RELEASE-4g-amd64-nanobsd_vga.img.gz image file.

Step 2, Write image to thumb drive

See Writing Disk Images for instructions on writing the image to a drive.

Step3, Run the pfSense Install

Eject the thumb drive from the computer and plug into the computer that will run pfSense. Be sure the BIOS is set to boot from the thumb drive, then it should boot up. Follow the pfSense installation instructions to setup the NICs and other necessary items.

Step 4, Resolve USB mountroot error

To ensure the drive is mounted properly on the next boot, run the following:

echo >> /boot/loader.conf.local

The line may also be added to /boot/loader.conf.local from the GUI using Diagnostics > Edit File.

Without the above setting, on bootup an error that looks like this block of text will be encountered: [2]

     Trying to mount root from ufs:/dev/ufs/pfsense0
     If you have invalid mount options, reboot, and first try the following from
     the loader prompt:

          set vfs.root.mountfrom.options=rw

     and then remove invalid mount options from /etc/fstab.

     Loader variables:

     Manual root filesystem specification:
       <fstype>:<device>  Mount <device> using filesystem <fstype>
                       eg. ufs:/dev/ad0
                       eg. cd9660:/dev/acd0
                       This is equivalent to: mount -t cd9660 /dev/ad0 /


Reboot the device and select Option 3 (boot from USB) from the pfSense loader menu. pfSense will fully boot. Once booted, select Option 8 to go to shell.

In Shell, type the following command to make the file system writeable [3].


Then, type the following command to add a boot delay to /boot/loader.conf.local. This allows the USB devices to be fully detected before the disk mount is attempted.

echo >> /boot/loader.conf.local

Note: /boot/loader.conf.local must be used instead of /boot/loader.conf because loader.conf.local is preserved across upgrades.

The following may also need added to loader.conf.local to enable DMA mode [4], but may not be necessary for all hardware. [5])


Run the following command to To make the file system read only.


Type the following to exit shell


When back at the pfSense menu, reboot the firewall.


Thanks to the users of the pfSense Forum who have experienced and solved these issues before me. I wrote this how to after I had issues setting up pfSense on a thumb drive. After a bit of Googleing I had solutions to my problems. I linked to the various forum threads for further reading.

[Ed Note: Additional changes have been made to bring this document up-to-date and correct some information -jimp]