pfSense® CE 2.4.4 on The Vault

Overview

pfSense® CE  is a free network firewall distribution, based on the FreeBSD operating system that has been successfully installed on all of the Vault platforms. This link describes how to install pfSense® CE 2.4 on the Vault. pfSense® CE 2.4.4 is based on FreeBSD 11.2. There is a known issue in FreeBSD 11.2 that causes console I/O not to work on some systems. The symptom is that the console will appear frozen with the message "Booting" on the screen. The unit is actually booting, but the console is frozen. This issue and the workaround for FreeBSD 11.2 were originally described at this link. The Vault FW1, FW2, and FW4A series are affected by this issue. The FW2B, FW4B, and FW6 series are not affected. This issue only affects the pfSense® CE 2.4.4 "Console VGA" installation image. It does not affect the pfSense® CE 2.4.4 "Console Serial".  This article will describe how to fix the issue in pfSense® CE 2.4.4. However, a simpler workaround has been found by changing the BIOS config. Those instructions are available at this link.

Upgrading to pfSense® CE 2.4.4

If you are upgrading to pfSense® CE 2.4.4 from a previous version, use the following steps before upgrading to pfSense® CE 2.4.4 in order to prevent the issue from occurring due to the upgrade.

• Verify that the system boots up correctly with pfSense® CE
• Select Diagnostics->Edit File

Edit File

• Verify the Edit File Window appears
• On the file line, type "/boot/loader.conf" to edit that file
• Select the "Load" button
• Verify the file /boot/loader.conf appears in the page

/boot/loader.conf

• Add the following line as shown below.  The location of the line is not important.  Your "/boot/loader.conf" screen may have more or fewer lines than the screenshot below, which is okay.

kern.vty="sc"

pfSense 'edit file'

• Select Save
• Browse to the pfSense® CE Dashboard.
• Under System Information->Version, verify "Version 2.4.4 is available"

Dashboard

• Select the Download icon
• Confirm version 2.4.4

Confirm Update

• Verify the System Update begins

System Update

• Verify System Update completes successfully and the system reboots

System Update Complete

• Verify the system reboots to pfSense® CE 2.4.4 and now it does not freeze with the "Booting…" message on the console
• If the console still freezes, then it is likely due to a typo while editing /boot/loader.conf. Although it appears the system is frozen, it still boots. Once it boots, the system ban be accessed via the web GUI. Login via the web GUI and follow the file edit instructions above. Alternatively, the file can be edited via SSH or by using the instructions below for a new installation starting at "Booting from mSATA".

Installing  pfSense® CE 2.4.4

If you are installing a new instance of pfSense® CE 2.4.4 from a USB memstick, there are more steps involved. The same issue that affects the system will affect the boot device, so the workaround must be applied multiple times.

Installing from Memstick

• Download the pfSense® CE 2.4.4 installer (amd64, memstick, VGA) image from this link
• Create a bootable USB as described at this link
• Install the image from the USB
• Verify the installation menu appears
• Select the space bar to pause the boot
• Select "3" to go to the Loader prompt
• Verify the prompt "OK" appears
• Type set kern.vty=sc and press return or enter
• Type "boot" and press return or enter
• Verify the system continues to boot up normally
• Install pfSense® CE 2.4.4 as described at the link above

At this point, pfSense® CE 2.4.4 has been installed on the mSATA. However, the same issue regarding the console with the USB boot will be present now that the system is booting from the mSATA.

Booting from mSATA

• Select "Reboot" and verify the system boots from the mSATA drive with the new installation
• Follow the same instructions above to set the console parameter
• Verify the pfSense® CE 2.4.4 boot menu appears
• Select the space bar to pause the boot
• Select "3" to go to the Loader prompt
• Verify the prompt "OK" appears
• Type set kern.vty=sc and press return or enter
• Type "boot" and press return or enter
• Verify the system reboots to pfSense® CE 2.4.4 and now it does not freeze with the "Booting…" message on the console

At this point, pfSense® CE 2.4.4 is available for use during this session. However, we want to configure the system to permanently fix the console issue so that manual intervention is not required every time it boots. Use the instructions for Edit File at the top of this article to edit /boot/loader.conf permanently. Verify pfSense® CE 2.4.4 now boots successfully from the mSATA.

Now pfSense® CE 2.4.4 should be successfully installed on The Vault.  However, if you experience any issues, please feel free to reach out to us at: support@protectli.com.