Any updates on plans to make an arm64 image available?

rcfa

More and more platforms move to arm64, and more and more pfSense installations run virtualized.
e.g. it would be no problem to run a virtualized pfSense instance with dedicated NICs on a mac in a VM, except, legacy Mac excepted, they are all arm64 now.
Similarly in Oracle’s virtual server offerings, the best price/performance ratio can be found on Ampere CPU based arm64 servers.
While I understand that support for specific hardware, particularly the plethora of RasPi and other small platforms is not something that can be meaningfully supported, getting a VM image underway might be a different beast.

SteveITS

@rcfa They support ARM on Amazon: https://docs.netgate.com/pfsense/en/latest/solutions/aws-vpn-appliance/

I have no insight into Netgate's plans of course, but so far ARM support has been for Plus so I don't expect a CE ARM version if that's what you're asking.

stephenw10

Mmm, no plans for ARM CE images any time soon.

rcfa

@stephenw10 Pity. I’m pretty much completely moving away from x86. All the macs are now arm64 based, so all VMs will be arm64, too.

My portable travel router will be based on an OrangePi 5 Plus (8 core CPU with NPU, 32GB RAM, 256GB eMCC, optional NVMe with up to 8TB, WiFi7/BT5.4 card, 2x2.5GB NICs) all the size slightly bigger than a deck of cards.
There’s nothing even close in the x86 space to match that.

Literally the only x86 hardware still in use is the Netgate MBT-4220 which is getting old (I had two, one bit the dust), and a free ancient Dell server my colocation provided donated to me, after my Netgate box died. Both are really getting old, and it’s just a question of time until they die.

I absolutely love pfSense, been using it since the very early days, maybe 2006 or 2007 (wanted to install monowall, then discovered pfSense), so I hate to be forced to give it up, but intel won’t be an option going forward. Too expensive, too power hungry, and not where the rest of my infrastructure is moving towards. x86 architecture had a good run, but it’s clearly well past its zenith.

OpnSense seems to have some experimental builds available, there’s IPFire (but that has significant shortcomings, like demanding a minimum of two NICs, which contradicts part of my use case (just one NIC plus several VPNs).

stephenw10

Well things can change.

But the issue with ARM is that you need images for every individual platform and that adds significant work maintaining then. And for CE that's almost impossible to justify. Currently at least.

rcfa

@stephenw10 Well, I’d say a "simple" UEFI boot variant would suffice. It would then be up to others to implement the required two-stage booting e.g. from RasPi boot nonsense into a UEFI environment from which then the standard boot takes over.

A UEFI boot image would allow an installation in VMs. Also, more and more platforms on arm64 start moving away from proprietary boot methods and towards UEFI.

This approach could also be used, if need be, to make a minimal host OS install, and pass NICs with virtio to a machine. On a device like described above, the virtualization overhead is negligible, and it would take e.g. driver issues out of the equation, since these would would be handled by the host OS.

Just thinking out loud…
…hate the idea of having to switch to another platform…
…so anything that would get the ball rolling.

Heck, there are also realy neat "trinkets" barely bigger than two RJ-45 sockets, that have multicore arm64 CPUs, 16GB RAM, an SSD slot (2230), HDMI and USB port. These things are almost keychain pendant size. Would make awesome travel routers…
…yes, not enterprise stuff, for the most part, except maybe for pre-configured road-warrior VPNs, but so much neat stuff in the arm64 space.

tinfoilmatt

@rcfa said in Any updates on plans to make an arm64 image available?:

I absolutely love pfSense, been using it since the very early days, maybe 2006 or 2007 (wanted to install monowall, then discovered pfSense), so I hate to be forced to give it up, but intel won’t be an option going forward.

OpnSense seems to have some experimental builds available, there’s IPFire (but that has significant shortcomings, like demanding a minimum of two NICs, which contradicts part of my use case (just one NIC plus several VPNs).

Obligatory 'don't cut off your nose to spite your face' suggestion aside... hope you're prepared to be 'that guy' offering this ultimatum to software projects for at least the next decade or so!

We all get it (for awhile now). ARM's not going anywhere. I too find myself using and implementing more and more ARM-based platforms where appropriate (but still mostly sans so-called 'Apple Silicone').

stephenw10

@rcfa said in Any updates on plans to make an arm64 image available?:

Well, I’d say a "simple" UEFI boot variant would suffice

It's not as simple as that. Look at the number of images for OpenWRT for example.

We are able to use one pfSense image for the 1100 and 2100 because they share a lot of hardware but we still have to maintain separate uboot versions and dtb files for each.

rcfa

@stephenw10 Hm, how difficult would be be to have something like a differential install? What I mean: install a minimal freeBSD first, and then have an installer that transmutates the install into pfSense. That way, all the system/boot specific aspects are taken from FreeBSD: if FreeBSD supports a platform, it works, otherwise it won’t. And then the installer modifies whatever it needs to, to get pfSense set up.

I undestand the complexities with bunch of different hardware, so I’m thinking how one could keep things for the pfSense team minimal.