Would like to setup a Dual Boot with pfsense on a Lap top.

mr_bobo

I haven't done it myself but from what I've gathered from other people dual booting FreeBSD and Windows7 believe you would want to install FreeBSD first anyway, then Windows, and use a 3rd party boot loader like Grub2 or GAG to boot them. If pfSense demands use of the whole HD it may not be possible.

wallabybob

If the CPU is suitable run pfSense in a Virtual Machine.

wallabybob

@stephenw10:

Please correct me if there's some fundamental reason it can't be done.

I suspect if you have sufficient knowledge, cunning and persistence it can be done.

How about installing to a USB stick or CF card or other "additional" drive and dual booting by changing the boot device from the BIOS?

My ranking in expected "ease" (easiest fist):
1. Install pfSense to an additional drive.
2. Install pfSense to a Virtual Machine on the laptop.
3. create single combo drive with Windows and pfSense

Clear-Pixel

Before creating the post I did run across the note as ptt quoted, but I continued my search assuming it can be done.
Googling around a bit I ran across different methods which the Freebsd community are using to create dual boot systems.

I do realize that pfsense is a custom build based on Freebsd and may have some slightly different menu install options etc?
I have not studied the various methods yet listed in the links above. Maybe someone out there has already jumped though
the hoops and found which method or methods works best?

The laptop is the HP Elite 8530p which is outfitted with the Intel T9400 and 4GB Ram. It is overkill for pf + add-ons but running
a VM I think it only opens up additional points of attack to potentially bypass pfsense.

I will be running (Single GB Nic) vlans with a 3 layer Cisco switch which I hope doesn't open the door to unnecessary vulnerabilities/Hacks/attacks?

matguy

While it might not help you, I have to ask: why?

Maybe there's another option to this scenario.

stephenw10

I have a laptop that dual boots Win XP and FreeBSD. That's no problem the FreeBSD installer takes care of it for you. The pfSense installer does not. You would most likely have to do it manually.
If I were trying to do this I would boot the Nano+VGA image from a USB stick as Wallabybob suggested.

Steve

Clear-Pixel

While it might not help you, I have to ask: why?

Call it being frugal…

This is for my home office and I can remove the firewall temporally if needed. A emergency and need a laptop on the road, it would be setup for a dual boot to windows 7.

huramentzefix

@wallabybob:

@stephenw10:

Please correct me if there's some fundamental reason it can't be done.

I suspect if you have sufficient knowledge, cunning and persistence it can be done.

How about installing to a USB stick or CF card or other "additional" drive and dual booting by changing the boot device from the BIOS?

My ranking in expected "ease" (easiest fist):
1. Install pfSense to an additional drive.
2. Install pfSense to a Virtual Machine on the laptop.
3. create single combo drive with Windows and pfSense

I have no knowledge abot linux whatsoever and have done it. I have if I remember correctly 10 partitions or so on my HD. I have XP, ubuntu, some other linux distribution which is for a usb stick normally installed, and pfsense.
It let me install it onto a partition, I didn't have to delete the entire hard drive.
It wipes out the boot loader and nothing will start anymore but I just started from the ubuntu CD and did the grub2 auto fix option.
it won't find pfsense but it can just be added manually and then be started just like any other operating system.
and i have never dealt with linux in dept. i just read dummy guidance notes and had them guiding me and it worked.

1. partition your HD
2. format your pfsense partition with ubuntu or anything that boots
(I had XP and ubuntu installed before I installed pfsense and it only kills the grub2 bootloader. You will find the pfsense bootloader only booting pfsense. but after fixing grub2 and entering manually the pfsense partition you can have as many operating systems beside pfsense as you want)
3. install pfsense into this partition
4. install windows (not sure that windows 7 & 8 works like that)
5. install ubuntu or anything else you want, if you don't want anything else then just install grub2
6. manually configure grub 2 for the pfsense partition
7. i read grub2 can boot into other bootloaders in a chain, so anything is possible i guess

MyDogHobbes

I know this is very old, but it came up first when I searched so maybe others will benefit.

THIS APPLIES TO UEFI AND GPT ONLY - I HAVE NOT TRIED BIOS AND MBR

Getting multi boot with pfSense.

First: Install Ubuntu. Either create a partition and install other if you're adding to a windows installation, or install erasing whole disk, if there's no Windows to bother about, or you're on a VM. Some key things for Ubuntu.
gksu. Just try to run it, you'll be told how to install. This lets you run Nautilus (file manager) as root, AND any gedit instances invoked from it. (gksu nautilus & in terminal. '&' leaves a working terminal open.)
chromium. Brings all your bookmarks etc into ubuntu. Install from Ubuntu software launcher.
vm tools. (If you're using VM-Ware) Install from management menu; extract to desktop; move to the extracted folder on desktop with root nautilus (see above) and install by ./vm-install.pl from a root terminal invoked from nautilus. Do not follow suggestion to use open source version it seems not to work. Accept all other suggestions. This allows you to cut and paste from Windows e.g. the file in the fourth section.
GParted. Install from ubuntu software launcher. Note this is available on the 'live CD' option of ubuntu installer, but the installed version does not. You will need a live CD version to edit the partitions of the OS you are using.

Second: Use gparted to trim the ubuntu ext4 partition and move the swap next to this trimmed partition leaving an empty space. To follow instructions below you'll need around 15GB free, though you could probably get away with less.

Third: Install pfSense. The iso file, or CDROM are easy, just set your machine to boot from them. If you use a USB stick you must download the right version, then extract it and load it to a USB using rufus. NOTE, the USB will NOT be recognised by windows, but your UEFI BIOS will boot from it. pfSense docs say that you must use the whole disk, and the standard FreeBSD install question about using the whole disk or a partion is not present in pfSense (and their FAQ says you can't multiboot), HOWEVER there is still the option of manually setting up the partions. Use it, and select 'CREATE'. This will put the partions you next set up in the empty space set up in step 2 above. For the first 'create' you define the partion as 'FreeBSD-ufs', set the size as '10GB', and mountpoint is '/'. You can give it a name if you wish, naming helps identify the partition in GParted. NOTE: NO spaces in the size: 10GB. Hit 'OK'. You'll be asked if you want a boot partion - of course you do! Now use 'create' again, define the final partition as 'FreeBSD-swap', mountpoint is blank, and size '4GB'. Again you can name it if you wish. Hit OK, then carry on installing. You'll be asked to reboot, and here's a problem. The grub bootloader from your Ubuntu install has no idea about your new pfSense installation.

Fourth: Open Ubuntu. root run Nautilus. Move to and open /etc/grub.d/40_custom. Do not overwrite anything and add the section below: -

menuentry "pfSense" {
set root=(hd0,gpt4)
chainloader /efi/BOOT/BOOTX64.efi
}

Save, then from terminal sudo update-grub. DON'T FORGET. Note that 'hd0' above is the FIRST hard disk, 'gpt4' is the 4th gpt partition (after EFi System partition, ext4, linux-swap if you just have ubuntu on the disk). If you have windows it will use at least 4 additional partitions. Check where the FreeBSD efi partition is using gparted, it's the second EFI and 200 MB. The path after 'chainloader' can be verified if you mount the fourth partition (or whichever one it is). Use sudo mount /dev/sda4 /mnt. Drill into the mounted partition to find the .efi file, ignore the 'mnt' part of the path. If you go looking to customize how grub appears you'll come across 'grub-customizer'. Don't use it. It changes stuff that's hard for a noob to fix. You may want to edit /etc/default/grub instead to ensure the grub menu displays. Do this by changing this line '#GRUB_HIDDEN_TIMEOUT=5' (the '#' is new, and the 5 was 0)

Some useful web-sites: -

https://forum.pfsense.org/index.php?topic=56033.0 questions about dual booting with pfSense
https://www.freebsd.org/doc/handbook/bsdinstall-partitioning.html FreeBSD partitions
http://www.rodsbooks.com/refind/installing.html Info about installing refind, an alterative boot manager which finds FreeBSD and pfSense but is a a bit ugly.
https://www.gnu.org/software/grub/manual/legacy/Command_002dline-and-menu-entry-commands.html#Command_002dline-and-menu-entry-commands grub commands
https://www.howtogeek.com/196655/how-to-configure-the-grub2-boot-loaders-settings/ editing /etc/default/grub
https://forums.freebsd.org/threads/dual-booting-of-ubuntu-10-10-and-freebsd.23101/ First pointer about dual booting FreeBSD
https://askubuntu.com/questions/666631/how-can-i-dual-boot-windows-10-and-ubuntu-on-a-uefi-hp-notebook Dual boot windows 10 and Ubuntu.

2RTzC5KbQGH4aG

Going to spoil the party, here, but to anyone looking to install pfSense you need to be aware that this software is obviously a wind-up: in very simple terms a firewall is intended to work concurrently alongside one or more operating systems ...and this software is supposed to be installed on a HDD with exclusive use of that HDD. Think about it. - What you have is one single firewall on a HDD (after a considerable amount of configuration and messing around) and nothing else, with absolutely no means of using an operating system alongside of it short of forcing the issue with partition workarounds.

If anyone wants to challenge this I would ask them how (for the sake of a much larger number of everyday users) a person would use the software (after burning to a DVD) to protect an installation of Windows 7 or 10 ...without resorting to the workarounds and kludges given by other users, and taking into account that the OS and pfSense would be on seperate partitions with, thus, no interaction between them possible?

bingo600

@2RTzC5KbQGH4aG
Strong opinion from a 1'st poster.

I use pfSense for enterprise firewall'ing , and have absolutely no problem with it being the sole OS installed on my HW.

In fact i'd be even more of a "Grumpy Old Man" , if i ever found out that one of my sites had done something like that.

If you need a Test/Toy pfSense it's easy to boot up in VMvare or Vbox.

But for my use i have the budget to buy a few extra real HW boxes, that reflect my real HW on the remote sites. That is what a real test system should look like. Even for my home usage i bought an Extra Box as "cold spare".

Dual booting ... why ?
If you dual boot you can't use the other OS'es at the same time.
Just fire a VM up under Vbox , and be done with it.

Edit: Your username is a strange combo ... Are you a troll bot
/Bingo

stephenw10

Mmm, this is either a troll or you have misunderstood the purpose of pfSense entirely.

If you are trying to protect a Windows install using pfSense on the same hardware you are doing it wrong. It's technically possible if you used virtualisation.

The only reason you would ever install it dual-boot like this would be for testing.

Steve

coffeecup25

Thinking this through logically, why would you want to?

A dual boot system puts or more operating systems on a PC with each running individually. As opposed to a VM which allows many to run at once.

A router is 24/7. When in PC mode the router does not exist on a dual boot system. A 24/7 PC with virtual machines running allows everything to run at once.

However, that brings up security issues which are a different discussion.

johnpoz

The only sort of dual boot that would really make any sense for pfsense box would be able to boot previous version on failed update. Or something in new version wasn't working how you need it to work.

Some routers/switches support such an option..

But dual booting normal OS or a Firewall distro doesn't really make a lot of sense at all.

stephenw10

Yup, you might dual boot 2.5 and 2.4.5p1 for example. I could imagine dual booting pfSense with CentOS or something just to test hardware compatibility.

I suspect our friend above didn't read the right docs, thought it was a software firewall for Windows and attempted to install it as such resulting in much frustration. They would not be the first.

Steve

AKEGEC

@stephenw10 said in Would like to setup a Dual Boot with pfsense on a Lap top.:

Mmm, this is either a troll or you have misunderstood the purpose of pfSense entirely.

@Steve , We should give him the benefit of the doubt and maybe he (a good person) had a really bad day.
But there are also bad people who enjoys the suffering of others.

2RTzC5KbQGH4aG

The point that I was trying to make was that of the pointlessness of having a firewall on a HDD and nothing else. Why would anyone bother with that? - The whole idea, surely, of a software firewall is to run it alongside the operating system, not to stick it on a seperate HDD.

...but playing along with the curious argument that the firewall is actually supposed to be all alone on a HDD, what then? - How can it possibly protect anything when it is sat there with no operating system and absolutely nothing to protect?

Reading between the lines of the replies received thus far, though (thanks, - they are appreciated), I get the impression that, possibly, the idea is to use pfSense, once installed, as a pass-through device; effectively turning a spare HDD into the equivalent of a hardware router and then using that as a bridge device between the internet and the local network. Would that be correct?

stephenw10

Exactly that. pfSense is a router/firewall. It replaces whatever router you may have currently, Netgear, Cisco etc. It can be run on a standard PC with two NICs but also runs on more specialist hardware like this.

Also see: https://www.pfsense.org/getting-started/

Steve

2RTzC5KbQGH4aG

@stephenw10 Thanks, but that, to me, seems to be a hellishly complex (and expensive) way to implement a network filter. At least I now understand what pfSense are trying to do with their software, because no-one (reviewer, website, or weblogger) makes it at all clear how to implement it or that it comes with a minimum requirement of 2 NICs and a HDD (or equivalent).

stephenw10

You don't actually need two NICs, you can use VLANs with one NIC and a managed switch.
Or install it in a VM as discussed above.
It really depends on what you're trying to do. Filter traffic for a whole office of PCs? Setup a VPN to allow all those PCs to connect to some remote site? It would be crazy to try to do that with software firewalls and VPN connections on each PC.

Steve