How to run pfsense on below-spec hardware (basic use only)



  • Used to run pfsense on a 433 MHz Celeron with 386 MB of memory until recently. New versions do not allow installation. If I promise I won't do anything demanding in cpu or ram, just basic use as a firewall/gateway, is there a way to disable the hardware check at installation? Perhaps by editing the CD?


  • Netgate

    What versions are you referring to?



  • It won't run because the code is not compiled to run on that hardware. It's not some artificial limitation.



  • Version 2.2.2 works. Some version a year or so later did not.



  • What if it were not that particular hardware, can't you say where the hardware check is done and ways to disable it?


  • Netgate

    There is no check. It runs or it doesn't. It's not a conspiracy.

    The latest versions (2.4.0+) are 64-bit only.


  • Rebel Alliance Global Moderator

    Even really old versions had 64 bit versions.. So yeah if you download the 64 bit version its not going to run on 32bit hardware.. If I recall correctly I think it was 2.0 when it split to have 32 and 64 bit downloads.. That came out in what this time 2011 or so.. like 6 years ago..

    But yeas as stated the 2.4 stuff is 64bit only.. But 2.3.4p1 prob run on your OLD 32bit gear just fine.



  • I am wondering how this dnsmasq bug  plays out with regards to the 2.3.x branches.
    It is the last to support 32bit CPU and it was assumed this latest version was to be the last release in 2.3.x.

    People on 32bits could find themselves SOL. Maybe 2.3.4-p2 will emerge with newer dnsmasq. That don't sound right for a patch though.



  • Were they forced to stop building 32bit for technical reasons or was it a management decision?


  • Netgate

    i386 is dead. It will not be revived. The reasons are moot.

    You can run the current production version, 2.3.4-p1 on i386.

    If you are having trouble installing that on ancient hardware, I suggest you check out the installation and booting troubleshooting documents on https://docs.pfsense.org/.

    Many things have changed in recent years and you might need to tweak something to get your particular hardware running.



  • People can still get the source code, set the 32bit flag somewhere in the build configuration, and attempt a 32bit build. Are there technical reasons why this is not possible, or is it just a management choice?


  • Banned

    The technical reasons are that it's a giant waste of time and resources. Dude, you can get a perfectly capable amd64 hardware with AES-NI for ~100 USD. http://pcengines.ch/newshop.php?c=4



  • @Ulysses_:

    People can still get the source code, set the 32bit flag somewhere in the build configuration, and attempt a 32bit build. Are there technical reasons why this is not possible, or is it just a management choice?

    Well the primary technical reason is EFI. There is no 32-bit EFI on FreeBSD.
    So to support EFI they had to ditch 32-bit mode.
    This is just a guess on my part.

    Keeping all the versions had to be burdensome. To ditch NanoBSD was extreme in my opinion.



  • It's a pfSense specific decision, FreeBSD hasn't made any plans yet on abandoning i386 because there's still plenty of i386 only hardware that is usable and works fine with the latest versions of FreeBSD.


  • Netgate Administrator

    What actual error are you seeing here?

    The specs on that machine are woefully low by modern standards and the power consumption is very high in comparison but it's not far of an ALIX and that will run 2.3.4.

    Steve



  • Used to run pfsense on a 433 MHz Celeron with 386 MB of memory until recently.

    Perhaps the memory system is to low, the actual version will be running well, but in the near future the
    support of the entire hardware will be changing step by step and so it might be a better thing to change
    now, and go with 64Bit hardware that comes with AES-NI support too. So you might be able to run it likes
    now for years without any issues.

    What if it were not that particular hardware, can't you say where the hardware check is done and ways to disable it?

    There will be not a switch to disable or enable it! As I personally know it, it was announced here in that forum or over the blog
    on the netgate website, the following changes will be coming with the new version 2.4 and above;

    • No 32Bit support anymore, only 64Bit hardware will be supported
      (but we got ARM support for two devices (at the moment) therefore or instead of)
    • No NanoBSD support anymore
      (pfSense version 3.0 will be written totally new from ground and this is also very hard work and to the cost of much time)
    • AES-NI is a must be or must have option and not a can be or should be option
      (Over the change of using Phyton over PHP and perhaps other things get also changed too)

    Were they forced to stop building 32bit for technical reasons or was it a management decision?

    Who should be pressing them to do so? But handling all, I mean, 32Bit and 64Bit, NanoBSD, rewriting version 3.0
    totally new from scratch, AES-NI support, QAT, netmap-fwd and tryfwd or fast-fwd, failure and bug hunting, ARM
    support, might be a bit to much at one time, perhaps this can be differ or changing at one days back who knows,
    but I personally think it is more the lag of time to realize that all.

    For a firewall only unit, with low power demands, you has more then one option at this time.
    Official with support:

    • SG-2220
    • SG-1000
    • SG-3100
      Alternatives well known and working:
    • APU2C4
    • Lanner units
    • Scope7 units
    • Qotom Intel i3
    • AxiomTek units

    I personally would have a look for the SG-1000 or SG-3100 or APU2C4 as a replacement here.