Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to run pfsense on below-spec hardware (basic use only)

    Scheduled Pinned Locked Moved Hardware
    16 Posts 8 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      Ulysses_
      last edited by

      Used to run pfsense on a 433 MHz Celeron with 386 MB of memory until recently. New versions do not allow installation. If I promise I won't do anything demanding in cpu or ram, just basic use as a firewall/gateway, is there a way to disable the hardware check at installation? Perhaps by editing the CD?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        What versions are you referring to?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by

          It won't run because the code is not compiled to run on that hardware. It's not some artificial limitation.

          1 Reply Last reply Reply Quote 0
          • U
            Ulysses_
            last edited by

            Version 2.2.2 works. Some version a year or so later did not.

            1 Reply Last reply Reply Quote 0
            • U
              Ulysses_
              last edited by

              What if it were not that particular hardware, can't you say where the hardware check is done and ways to disable it?

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                There is no check. It runs or it doesn't. It's not a conspiracy.

                The latest versions (2.4.0+) are 64-bit only.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  Even really old versions had 64 bit versions.. So yeah if you download the 64 bit version its not going to run on 32bit hardware.. If I recall correctly I think it was 2.0 when it split to have 32 and 64 bit downloads.. That came out in what this time 2011 or so.. like 6 years ago..

                  But yeas as stated the 2.4 stuff is 64bit only.. But 2.3.4p1 prob run on your OLD 32bit gear just fine.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • F
                    FranciscoFranco
                    last edited by

                    I am wondering how this dnsmasq bug  plays out with regards to the 2.3.x branches.
                    It is the last to support 32bit CPU and it was assumed this latest version was to be the last release in 2.3.x.

                    People on 32bits could find themselves SOL. Maybe 2.3.4-p2 will emerge with newer dnsmasq. That don't sound right for a patch though.

                    1 Reply Last reply Reply Quote 0
                    • U
                      Ulysses_
                      last edited by

                      Were they forced to stop building 32bit for technical reasons or was it a management decision?

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        i386 is dead. It will not be revived. The reasons are moot.

                        You can run the current production version, 2.3.4-p1 on i386.

                        If you are having trouble installing that on ancient hardware, I suggest you check out the installation and booting troubleshooting documents on https://docs.pfsense.org/.

                        Many things have changed in recent years and you might need to tweak something to get your particular hardware running.

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • U
                          Ulysses_
                          last edited by

                          People can still get the source code, set the 32bit flag somewhere in the build configuration, and attempt a 32bit build. Are there technical reasons why this is not possible, or is it just a management choice?

                          1 Reply Last reply Reply Quote 0
                          • D
                            doktornotor Banned
                            last edited by

                            The technical reasons are that it's a giant waste of time and resources. Dude, you can get a perfectly capable amd64 hardware with AES-NI for ~100 USD. http://pcengines.ch/newshop.php?c=4

                            1 Reply Last reply Reply Quote 0
                            • F
                              FranciscoFranco
                              last edited by

                              @Ulysses_:

                              People can still get the source code, set the 32bit flag somewhere in the build configuration, and attempt a 32bit build. Are there technical reasons why this is not possible, or is it just a management choice?

                              Well the primary technical reason is EFI. There is no 32-bit EFI on FreeBSD.
                              So to support EFI they had to ditch 32-bit mode.
                              This is just a guess on my part.

                              Keeping all the versions had to be burdensome. To ditch NanoBSD was extreme in my opinion.

                              1 Reply Last reply Reply Quote 0
                              • K
                                kpa
                                last edited by

                                It's a pfSense specific decision, FreeBSD hasn't made any plans yet on abandoning i386 because there's still plenty of i386 only hardware that is usable and works fine with the latest versions of FreeBSD.

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  What actual error are you seeing here?

                                  The specs on that machine are woefully low by modern standards and the power consumption is very high in comparison but it's not far of an ALIX and that will run 2.3.4.

                                  Steve

                                  1 Reply Last reply Reply Quote 0
                                  • ?
                                    Guest
                                    last edited by

                                    Used to run pfsense on a 433 MHz Celeron with 386 MB of memory until recently.

                                    Perhaps the memory system is to low, the actual version will be running well, but in the near future the
                                    support of the entire hardware will be changing step by step and so it might be a better thing to change
                                    now, and go with 64Bit hardware that comes with AES-NI support too. So you might be able to run it likes
                                    now for years without any issues.

                                    What if it were not that particular hardware, can't you say where the hardware check is done and ways to disable it?

                                    There will be not a switch to disable or enable it! As I personally know it, it was announced here in that forum or over the blog
                                    on the netgate website, the following changes will be coming with the new version 2.4 and above;

                                    • No 32Bit support anymore, only 64Bit hardware will be supported
                                      (but we got ARM support for two devices (at the moment) therefore or instead of)
                                    • No NanoBSD support anymore
                                      (pfSense version 3.0 will be written totally new from ground and this is also very hard work and to the cost of much time)
                                    • AES-NI is a must be or must have option and not a can be or should be option
                                      (Over the change of using Phyton over PHP and perhaps other things get also changed too)

                                    Were they forced to stop building 32bit for technical reasons or was it a management decision?

                                    Who should be pressing them to do so? But handling all, I mean, 32Bit and 64Bit, NanoBSD, rewriting version 3.0
                                    totally new from scratch, AES-NI support, QAT, netmap-fwd and tryfwd or fast-fwd, failure and bug hunting, ARM
                                    support, might be a bit to much at one time, perhaps this can be differ or changing at one days back who knows,
                                    but I personally think it is more the lag of time to realize that all.

                                    For a firewall only unit, with low power demands, you has more then one option at this time.
                                    Official with support:

                                    • SG-2220
                                    • SG-1000
                                    • SG-3100
                                      Alternatives well known and working:
                                    • APU2C4
                                    • Lanner units
                                    • Scope7 units
                                    • Qotom Intel i3
                                    • AxiomTek units

                                    I personally would have a look for the SG-1000 or SG-3100 or APU2C4 as a replacement here.

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.