Would like to setup a Dual Boot with pfsense on a Lap top.


  • Would like to setup a Dual Boot with pfsense on a Lap top.

    Boot Option

    • Windows 7

    • Pfsense 2.01

    Is this possible?

  • Rebel Alliance

    http://www.pfsense.org/index.php?option=com_content&task=view&id=43&Itemid=44

    Hard drive installation
    The Live CD includes an installer option to install pfSense to the hard drive on your system. This is the preferred means of running pfSense. The entire hard drive must be overwritten, dual booting with another OS is not supported.

  • Netgate Administrator

    As quoted above it is not supported and the installer will not do it.
    I'm fairly certain it could be done if you're familiar with the FreeBSD boot loader and install process. I'm not though.
    Please correct me if there's some fundamental reason it can't be done.

    Steve


  • I haven't done it myself but from what I've gathered from other people dual booting FreeBSD and Windows7 believe you would want to install FreeBSD first anyway, then Windows, and use a 3rd party boot loader like Grub2 or GAG to boot them. If pfSense demands use of the whole HD it may not be possible.


  • If the CPU is suitable run pfSense in a Virtual Machine.


  • @stephenw10:

    Please correct me if there's some fundamental reason it can't be done.

    I suspect if you have sufficient knowledge, cunning and persistence it can be done.

    How about installing to a USB stick or CF card or other "additional" drive and dual booting by changing the boot device from the BIOS?

    My ranking in expected "ease" (easiest fist):
    1. Install pfSense to an additional drive.
    2. Install pfSense to a Virtual Machine on the laptop.
    3. create single combo drive with Windows and pfSense


  • Before creating the post I did run across the note as ptt quoted, but I continued my search assuming it can be done.
    Googling around a bit I ran across different methods which the Freebsd community are using to create dual boot systems.

    I do realize that pfsense is a custom build based on Freebsd and may have some slightly different menu install options etc?
    I have not studied the various methods yet listed in the links above. Maybe someone out there has already jumped though
    the hoops and found which method or methods works best?

    The laptop is the HP Elite 8530p which is outfitted with the Intel T9400 and 4GB Ram. It is overkill for pf + add-ons but running
    a VM I think it only opens up additional points of attack to potentially bypass pfsense.

    I will be running (Single GB Nic) vlans with a 3 layer Cisco switch which I hope doesn't open the door to unnecessary vulnerabilities/Hacks/attacks?


  • While it might not help you, I have to ask: why?

    Maybe there's another option to this scenario.

  • Netgate Administrator

    I have a laptop that dual boots Win XP and FreeBSD. That's no problem the FreeBSD installer takes care of it for you. The pfSense installer does not. You would most likely have to do it manually.
    If I were trying to do this I would boot the Nano+VGA image from a USB stick as Wallabybob suggested.

    Steve


  • While it might not help you, I have to ask: why?
    

    Call it being frugal…

    This is for my home office and I can remove the firewall temporally if needed. A emergency and need a laptop on the road, it would be setup for a dual boot to windows 7.


  • @wallabybob:

    @stephenw10:

    Please correct me if there's some fundamental reason it can't be done.

    I suspect if you have sufficient knowledge, cunning and persistence it can be done.

    How about installing to a USB stick or CF card or other "additional" drive and dual booting by changing the boot device from the BIOS?

    My ranking in expected "ease" (easiest fist):
    1. Install pfSense to an additional drive.
    2. Install pfSense to a Virtual Machine on the laptop.
    3. create single combo drive with Windows and pfSense

    I have no knowledge abot linux whatsoever and have done it. I have if I remember correctly 10 partitions or so on my HD. I have XP, ubuntu, some other linux distribution which is for a usb stick normally installed, and pfsense.
    It let me install it onto a partition, I didn't have to delete the entire hard drive.
    It wipes out the boot loader and nothing will start anymore but I just started from the ubuntu CD and did the grub2 auto fix option.
    it won't find pfsense but it can just be added manually and then be started just like any other operating system.
    and i have never dealt with linux in dept. i just read dummy guidance notes and had them guiding me and it worked.

    1. partition your HD
    2. format your pfsense partition with ubuntu or anything that boots
    (I had XP and ubuntu installed before I installed  pfsense and it only kills the grub2 bootloader. You will find the pfsense bootloader only booting pfsense. but after fixing grub2 and entering manually the pfsense partition you can have as many operating systems beside pfsense as you want)
    3. install pfsense into this partition
    4. install windows (not sure that windows 7 & 8 works like that)
    5. install ubuntu or anything else you want, if you don't want anything else then just install grub2
    6. manually configure grub 2 for the pfsense partition
    7. i read grub2 can boot into other bootloaders in a chain, so anything is possible i guess


  • I know this is very old, but it came up first when I searched so maybe others will benefit.

    THIS APPLIES TO UEFI AND GPT ONLY - I HAVE NOT TRIED BIOS AND MBR

    Getting multi boot with pfSense.

    First: Install Ubuntu. Either create a partition and install other if you're adding to a windows installation, or install erasing whole disk, if there's no Windows to bother about, or you're on a VM. Some key things for Ubuntu.
    gksu. Just try to run it, you'll be told how to install. This lets you run Nautilus (file manager) as root, AND any gedit instances invoked from it. (gksu nautilus & in terminal. '&' leaves a working terminal open.)
    chromium. Brings all your bookmarks etc into ubuntu. Install from Ubuntu software launcher.
    vm tools. (If you're using VM-Ware) Install from management menu; extract to desktop; move to the extracted folder on desktop with root nautilus (see above) and install by ./vm-install.pl from a root terminal invoked from nautilus. Do not follow suggestion to use open source version it seems not to work. Accept all other suggestions. This allows you to cut and paste from Windows e.g. the file in the fourth section.
    GParted. Install from ubuntu software launcher. Note this is available on the 'live CD' option of ubuntu installer, but the installed version does not. You will need a live CD version to edit the partitions of the OS you are using.

    Second: Use gparted to trim the ubuntu ext4 partition and move the swap next to this trimmed partition leaving an empty space. To follow instructions below you'll need around 15GB free, though you could probably get away with less.

    Third: Install pfSense. The iso file, or CDROM are easy, just set your machine to boot from them. If you use a USB stick you must download the right version, then extract it and load it to a USB using rufus. NOTE, the USB will NOT be recognised by windows, but your UEFI BIOS will boot from it. pfSense docs say that you must use the whole disk, and the standard FreeBSD install question about using the whole disk or a partion is not present in pfSense (and their FAQ says you can't multiboot), HOWEVER there is still the option of manually setting up the partions. Use it, and select 'CREATE'. This will put the partions you next set up in the empty space set up in step 2 above. For the first 'create' you define the partion as 'FreeBSD-ufs', set the size as '10GB', and mountpoint is '/'. You can give it a name if you wish, naming helps identify the partition in GParted. NOTE: NO spaces in the size: 10GB. Hit 'OK'. You'll be asked if you want a boot partion - of course you do! Now use 'create' again, define the final partition as 'FreeBSD-swap', mountpoint is blank, and size '4GB'. Again you can name it if you wish. Hit OK, then carry on installing. You'll be asked to reboot, and here's a problem. The grub bootloader from your Ubuntu install has no idea about your new pfSense installation.

    Fourth: Open Ubuntu. root run Nautilus. Move to and open /etc/grub.d/40_custom. Do not overwrite anything and add the section below: -

    menuentry "pfSense" {
        set root=(hd0,gpt4)
        chainloader /efi/BOOT/BOOTX64.efi
    }

    Save, then from terminal sudo update-grub. DON'T FORGET.  Note that 'hd0' above is the FIRST hard disk, 'gpt4' is the 4th gpt partition (after EFi System partition, ext4, linux-swap if you just have ubuntu on the disk). If you have windows it will use at least 4 additional partitions. Check where the FreeBSD efi partition is using gparted, it's the second EFI and 200 MB. The path after 'chainloader' can be verified if you mount the fourth partition (or whichever one it is). Use sudo mount /dev/sda4 /mnt. Drill into the mounted partition to find the .efi file, ignore the 'mnt' part of the path. If you go looking to customize how grub appears you'll come across 'grub-customizer'. Don't use it. It changes stuff that's hard for a noob to fix. You may want to edit /etc/default/grub instead to ensure the grub menu displays. Do this by changing this line '#GRUB_HIDDEN_TIMEOUT=5' (the '#' is new, and the 5 was 0)

    Some useful web-sites: -

    https://forum.pfsense.org/index.php?topic=56033.0 questions about dual booting with pfSense
    https://www.freebsd.org/doc/handbook/bsdinstall-partitioning.html FreeBSD partitions
    http://www.rodsbooks.com/refind/installing.html Info about installing refind, an alterative boot manager which finds FreeBSD and pfSense but is a a bit ugly.
    https://www.gnu.org/software/grub/manual/legacy/Command_002dline-and-menu-entry-commands.html#Command_002dline-and-menu-entry-commands grub commands
    https://www.howtogeek.com/196655/how-to-configure-the-grub2-boot-loaders-settings/ editing /etc/default/grub
    https://forums.freebsd.org/threads/dual-booting-of-ubuntu-10-10-and-freebsd.23101/ First pointer about dual booting FreeBSD
    https://askubuntu.com/questions/666631/how-can-i-dual-boot-windows-10-and-ubuntu-on-a-uefi-hp-notebook Dual boot windows 10 and Ubuntu.


  • Going to spoil the party, here, but to anyone looking to install pfSense you need to be aware that this software is obviously a wind-up: in very simple terms a firewall is intended to work concurrently alongside one or more operating systems ...and this software is supposed to be installed on a HDD with exclusive use of that HDD. Think about it. - What you have is one single firewall on a HDD (after a considerable amount of configuration and messing around) and nothing else, with absolutely no means of using an operating system alongside of it short of forcing the issue with partition workarounds.

    If anyone wants to challenge this I would ask them how (for the sake of a much larger number of everyday users) a person would use the software (after burning to a DVD) to protect an installation of Windows 7 or 10 ...without resorting to the workarounds and kludges given by other users, and taking into account that the OS and pfSense would be on seperate partitions with, thus, no interaction between them possible?


  • @2RTzC5KbQGH4aG
    Strong opinion from a 1'st poster.

    I use pfSense for enterprise firewall'ing , and have absolutely no problem with it being the sole OS installed on my HW.

    In fact i'd be even more of a "Grumpy Old Man" , if i ever found out that one of my sites had done something like that.

    If you need a Test/Toy pfSense it's easy to boot up in VMvare or Vbox.

    But for my use i have the budget to buy a few extra real HW boxes, that reflect my real HW on the remote sites. That is what a real test system should look like. Even for my home usage i bought an Extra Box as "cold spare".

    Dual booting ... why ?
    If you dual boot you can't use the other OS'es at the same time.
    Just fire a VM up under Vbox , and be done with it.

    Edit: Your username is a strange combo ... Are you a troll bot 🎃
    /Bingo

  • Netgate Administrator

    Mmm, this is either a troll or you have misunderstood the purpose of pfSense entirely.

    If you are trying to protect a Windows install using pfSense on the same hardware you are doing it wrong. It's technically possible if you used virtualisation.

    The only reason you would ever install it dual-boot like this would be for testing.

    Steve


  • Thinking this through logically, why would you want to?

    A dual boot system puts or more operating systems on a PC with each running individually. As opposed to a VM which allows many to run at once.

    A router is 24/7. When in PC mode the router does not exist on a dual boot system. A 24/7 PC with virtual machines running allows everything to run at once.

    However, that brings up security issues which are a different discussion.

  • LAYER 8 Global Moderator

    The only sort of dual boot that would really make any sense for pfsense box would be able to boot previous version on failed update. Or something in new version wasn't working how you need it to work.

    Some routers/switches support such an option..

    bootimage.png

    But dual booting normal OS or a Firewall distro doesn't really make a lot of sense at all.

  • Netgate Administrator

    Yup, you might dual boot 2.5 and 2.4.5p1 for example. I could imagine dual booting pfSense with CentOS or something just to test hardware compatibility.

    I suspect our friend above didn't read the right docs, thought it was a software firewall for Windows and attempted to install it as such resulting in much frustration. They would not be the first. 😉

    Steve


  • @stephenw10 said in Would like to setup a Dual Boot with pfsense on a Lap top.:

    Mmm, this is either a troll or you have misunderstood the purpose of pfSense entirely.

    @Steve , We should give him the benefit of the doubt and maybe he (a good person) had a really bad day.
    But there are also bad people who enjoys the suffering of others. 🤢


  • The point that I was trying to make was that of the pointlessness of having a firewall on a HDD and nothing else. Why would anyone bother with that? - The whole idea, surely, of a software firewall is to run it alongside the operating system, not to stick it on a seperate HDD.

    ...but playing along with the curious argument that the firewall is actually supposed to be all alone on a HDD, what then? - How can it possibly protect anything when it is sat there with no operating system and absolutely nothing to protect?

    Reading between the lines of the replies received thus far, though (thanks, - they are appreciated), I get the impression that, possibly, the idea is to use pfSense, once installed, as a pass-through device; effectively turning a spare HDD into the equivalent of a hardware router and then using that as a bridge device between the internet and the local network. Would that be correct?

  • Netgate Administrator

    Exactly that. pfSense is a router/firewall. It replaces whatever router you may have currently, Netgear, Cisco etc. It can be run on a standard PC with two NICs but also runs on more specialist hardware like this.

    Also see: https://www.pfsense.org/getting-started/

    Steve


  • @stephenw10 Thanks, but that, to me, seems to be a hellishly complex (and expensive) way to implement a network filter. At least I now understand what pfSense are trying to do with their software, because no-one (reviewer, website, or weblogger) makes it at all clear how to implement it or that it comes with a minimum requirement of 2 NICs and a HDD (or equivalent).

  • Netgate Administrator

    You don't actually need two NICs, you can use VLANs with one NIC and a managed switch.
    Or install it in a VM as discussed above.
    It really depends on what you're trying to do. Filter traffic for a whole office of PCs? Setup a VPN to allow all those PCs to connect to some remote site? It would be crazy to try to do that with software firewalls and VPN connections on each PC.

    Steve


  • @stephenw10 I am still in the process of trying to patch VirtualBox sufficiently to a: get it working and, b: get it working with IPv6; so I may see about patching-in pfSense at some point, too, - thanks.

    My setup is (now) a virtual linux webserver with Windows PC. Next will be a MAC (but they do not like virtual, apparently); so depending on how things progress I will either attempt to patch-in pfSense or I will simply buy a hardware box (which would, unfortunately, have to be one of the dearer models because of my networking requirements).

  • Netgate Administrator

    I have run numerous pfSense instances in VBox with no issues. I would expect it to 'just work' there.

    Steve


  • @stephenw10 Good, - thanks, - but based on my unpleasant experiences with both VirtualBox and VMWare (especially) I do not expect the problem to be with pfSense.

  • Netgate Administrator

    Since I got a Proxmox host setup I hardly ever use VBox anymore. I can recommend that, it was a game-changer for me.

    Steve


  • @stephenw10 Looks interesting, - another installer that requires an entire install device to itself, but if there is a chance that I can run my webserver without crippled IPv6 and DNSSEC it has got to be worth a look. - Thanks.

  • Netgate Administrator

    Yeah it needs a dedicated host to run on, it's a true hypervisor.

    But that means it moves all that load off you desktop. It also means you can physically position it anywhere there is Ethernet and power so it can be big and load etc. And it can be always on to host VMs that need that.

    Steve


  • @stephenw10 said in Would like to setup a Dual Boot with pfsense on a Lap top.:

    Since I got a Proxmox host setup I hardly ever use VBox anymore. I can recommend that, it was a game-changer for me.

    Steve

    Love Proxmox, did you also use it for gaming like steam with video card pass through?

  • Netgate Administrator

    Nope! 😉

    I have it running on a virtually silent low power NUC.

    Steve


  • @stephenw10 said in Would like to setup a Dual Boot with pfsense on a Lap top.:

    Nope! 😉

    I have it running on a virtually silent low power NUC.

    Steve

    I am planning to do the same changing my server with low power server. My energy bill is unbearable.


  • @stephenw10 I have now managed to install pfSense (thanks), but it is useless unless I can run it inside of something else (not possible to get it working alongside anything), and ProxMox is the worse pile of crp I have ever tried to use. - It has to be run from the command line ...and expects to be configured via a browser(???). I am not even going to ask. - The more I explore these hypervisors the more I wonder at the seriously fcked sense of humour behind these products.

  • LAYER 8 Global Moderator

    @2RTzC5KbQGH4aG said in Would like to setup a Dual Boot with pfsense on a Lap top.:

    It has to be run from the command line ...and expects to be configured via a browser(???)

    And how else would you design a headless VM host to be managed? Which btw is exactly how pfsense is managed via a browser.. ;)

    As to run from the cmdline.. I take that to mean the box has no actual gui?? Well no shit why would I want my hypervisor to waste resources on a gui..


  • @johnpoz The point I was making is that it is a bit difficult to configure something via a browser when, as you point out, the damn thing is headless. In other words, it has been designed in such a way as to make configuring it 100% impossible short of using a second machine and having a GUI OS on one machine and ProxMox on the other.

  • LAYER 8 Global Moderator

    And when would you not have a 2nd machine on a NETWORK that you admin and want to run a VM host on.. For gosh sake you could do it from your phone ;)

    My take is you have no idea how any of this stuff is actually meant to be used.. No proxmox is a not hypervisor for a workstation.. Like vmware workstation or hyper-v you run on windows 10.

    If you want that sort of thing then you want a type 2.. Esxi and Proxmox are both type 1..

    If you want - you could install proxmox as a package with your existing linux OS.. Then it becomes more of type 2. But its really meant to be a type 1.

    If you want type 2, use virtualbox, or vmware workstation/player or hyper-v for say windows 10.. Or say KVM..

    esxi use to have a fat client you could use vs a browser.. But it has gone be dropped. You either manage esxi for example with its on control server a vserver that can run as a VM on your host or cluster of VM host. Or you if your just running a lab or small setup with 1 host, then you use a browser to manage it, etc.

    If your looking for something to just firewall your 1 pc - no pfsense is not a logical choice. It is meant to be the firewall for a network.. Not a "network" with 1 device on it ;) Connected to your isp gateway/router/modem.. While it can be done with just a modem and 1 box, hyper-v would prob be your logical choice if your machine runs windows - or you could use virtualbox.. Both are pretty simple to setup.. Not sure what your problem has been with either of those. Its pretty clickity clickity with a basic understand of the concepts at play in such a setup.

    I would suggest if you want to play with pfsense, get a box you can use as a vm host.. Say a nuc, or nas that can do virtual machines. Or some cheap box you bought on net that can run esxi or proxmox.. Then you can start with using it for your vms on that host.. And then at some point of so inclined you could use that as firewall/router for your network, which I take it at this time is your 1 PC? Or maybe a sg1100 would be a great starting box for you? Just to run pfsense..

    I have run pfsense virtually on multiple platforms over the years. But it was always a 2nd vm host on my network.. Back in the day it use to be a dual P4 setup.. Man that thing could suck some power ;) I have currently graduated to a sg4860 for my home network - and love it.. If I want to play with snapshots or betas of pfsense. I just fire them up on my nas.. Since it can run virtual machines.


  • @johnpoz I understand all that (thanks), but there is simply no way that it is working on my setup. - No problem, - I had my doubts about the feasibility of it all, and I can see that they were justified (more of the usual Linux), but obvious if you think about it: you cannot run a GUI on a command line OS, so the whole ProxyMox claim is absolute nonsense.

    I can see that pfSense would work, though, but only virtualized; although I cannot see how it could be made to work alongside anything else because it would be just one of potentially several "guests" ...and it is only possible to have one guest running at any given time (ie: whilst pfSense can be installed it is absolutely useless unless you want it solely for interfacing with a remote machine and having no local OS - pointless).

    VirtualBox is terrible and has crippled networking (especially on the IPv6 side). Also, what you are effectively saying is that ProxyMox is not a VM and cannot be used with Windows ...which makes no sense at all.

  • Netgate Administrator

    @2RTzC5KbQGH4aG said in Would like to setup a Dual Boot with pfsense on a Lap top.:

    I can see that pfSense would work, though, but only virtualized; although I cannot see how it could be made to work alongside anything else because it would be just one of potentially several "guests" ...and it is only possible to have one guest running at any given time

    That's just wrong. You can have as many VMs running as the host will support.
    Additionally you can use pfSense as a firewall for the host OS with the right virtual network setup so you don't even need more than one if that's your intention.

    Proxmox is a type 1 hypervisor intended to be installed on a dedicated machine. So, no, it's neither a VM nor can you install it in Windows.

    Use Hyper-V if you only have one machine and it's running Windows. Though if that is the case I'm not sure why you would want to run pfSense at all TBH.

    Steve

  • LAYER 8 Global Moderator

    @2RTzC5KbQGH4aG said in Would like to setup a Dual Boot with pfsense on a Lap top.:

    .and it is only possible to have one guest running at any given time

    You really need to do more research on what virtualization means.. I think your stuck in some old school mentality of dual booting..

    And while you say you understand - sorry but its clear from your statements that you don't..

    The only limitations of how many virtual machines you can run on any host comes down to the power and number of cpus it has, the amount of ram and the network connectivity... You could run hundreds of vms on a single host, if it had enough horsepower..

    I use to have 5 different vms running on my little ds918+ nas with only 8 gig of ram.. Now they were all small little vms with not much requirements.. Now I am down to just 1 that I run 24/7 but I do fire up others when want to play with stuff that all run concurrent.. Some of the other stuff that I use to run on vms, have now moved to docker containers.. I have 3 of those running 24/7 on the nas..

    And guess what - all managed via a browser, because the nas is headless - you don't connect a monitor or keyboard, etc. too it. Shoot it doesn't even have an option to connect a monitor..

    brwoser.png

    And someone just kicked off streaming something from my plex server that is also running on my nas. And also managed just via a browser.

    Notice all of that stuff running in containers, vm running, app streaming media to someone over the internet.. And the cpu and ram not all that taxed.. Even cheap small powered devices these days can support multiple vms and dockers and processes providing services via all kinds of different OSes and setups all on the same hardware.. Run 1 at a time? Yeah dude sorry but you really need to do some research on how this stuff works.. You clearly are not understanding it..

    @stephenw10

    So, no, it's neither a VM nor can you install it in Windows.

    You could if you want run proxmox as a nested hypervisor where the host machine was running windows ;)
    https://pve.proxmox.com/wiki/Proxmox_VE_inside_VirtualBox

    There are many a scenario and people that run nested hypervisors.. All you need is the box with enough umph to do it.. This really not all that uncommon to be honest.. You just need some horsepower - or lots of patience ;)

    Its common on esxi for example to run nested copy of esxi under esxi running on the host.. Back when 6.5 came out one of the bigger features of that release was that they made it much easier to do just that.. Even though they didn't officially support nested setups ;)


  • I have a "little" NUC alike Acer RevoRN76 i3-7130 , that is my "Home ESXi 6.7" - 16G Ram + 500GB SSD + 1TB HD.

    Only caveat is that it has Realtek Netcard , so i had to do a custom image.

    I am gratefull for VMware allowing for a Free Home license , where most of the ESXi API stuff is disabled. I manage it via the HTML5 console , and use Ghetto-VCB for backup.

    This little guy have given me the experience to manage our "large HP ESXi Iron" at the job (vCenter).

    The investment in my "Job future" is one of the better i have made.

    Currently running 5 x Deb10 servers on the home ESXi
    Zabbix, Pi-Hole , DLNA , VPN , Ubiquiti Controller.

    The most amazing is that ESXi shows around 260MHz cycles are used most of the time, and i have 2 x 2.7G cycles available.

    Lots of fun 😁

    Edit:

    Was so addicted, that i had to get a refurb'ed barebone
    HP Elitedesk 800 G2 - i3-6100U (2 x 2.3G) for the summerhouse , added 16G Ram + 1TB HDD

    Now running PI-Hole + 2 x VPN

    Both machines was around $175 (barebone)
    Focus was on Power usage & Fan noise - I'm happy there.

    I know i could setup my VPN on the pfSense , but this way i can totally "jail" a DEB10 VPN to a specific connection.
    DEB10 has it's own DHCP + VPN-DNS for WiFi/Lan clients , that uses the DEB10 as def-gw. Making it totally self-contained.

    And it's easy to change to some other VPN dest ... Just fire up another ExpressVPN script.

    And i had to have something to use my new toy for .. 😳

    If there wasn't a Free ESXi , i would prob. have gone for Proxmox.

    Edit2: Sorry if this is OT - But i think ESXi was easy to start with.

    /Bingo