Soekris 6501 USB Flash installation

From PFSenseDocs
Jump to: navigation, search
This article was contributed or cited from an outside source. The style and formatting may not match other articles.
This article is part of the How-To series.

This Howto shows a way to install pfSense on the Soekris net6501 using the embedded image on a USB flash.

Hardware used

Prepare boot media

Image used in this how-to: pfSense-2.1.5-RELEASE-4g-i386-nanobsd.img

Copy image to USB flash according to this document: Writing Disk Images

This document only covers NanoBSD. If an internal disk such as SATA or mSATA is used, a full install may also be performed using the serial memstick images. Limitations in the bootoader mean you may need to install 2.1.5 and upgrade from there.

First boot

Insert USB flash in internal USB port

Connect null modem serial cable

pfSense 2.1.x uses a serial console speed of 9600 baud by default. pfSense 2.2 and later use 115200.

Soekris BIOS uses 19200 by default. This may be changed to match pfSense for a smoother experience.

Start the terminal client (on Windows e.g. PuTTY) and set it to 19200 8 N 1

Power on the Soekris

 POST: 0123456789bcefghipsajklnopqr,,,tvwxy
 
 
 comBIOS ver. 1.41a  20111203  Copyright (C) 2000-2011 Soekris Engineering.
 
 net6501
 
 1024 Mbyte Memory                        CPU Atom E6xx 1000 Mhz
 
 
 SATA AHCI BIOS ver. 0.6 20110902  Copyright (C) 2003-2011 Intel Corporation
 
 Controller Bus#02, Device#06, Function#00: 02 Ports
 No device found
 
 Soekris USB Expansion ROM ver. 1.01  20111203
 
 80: USB 01  SanDisk Cruzer Fit      Xlt 973-255-63  7816 Mbyte
 
 
 Initializing Intel(R) Boot Agent GE v1.3.72
 PXE 2.1 Build 089 (WfM 2.0)
 
  Slot   Vend Dev  ClassRev Cmd  Stat CL LT HT  Base1    Base2   Int
 --------------------------------------------------------------------
 00:00:0 8086 4114 06000003 0007 0000 00 00 00 00000000 00000000
 00:23:0 8086 8184 06040000 0107 0010 08 00 01 1FFF1000 A0FFA000 10
 00:24:0 8086 8185 06040000 0107 0010 08 00 01 3FFF2000 A2FFA100 11
 00:25:0 8086 8180 06040000 0107 0010 08 00 01 5FFF4000 A4FFA300 05
 00:26:0 8086 8181 06040000 0107 0010 08 00 01 0FFF1000 A5FFA500 09
 00:31:0 8086 8186 06010000 0003 0000 00 00 80 00000000 00000000
 02:02:0 8086 8804 0C031001 0106 0010 00 00 80 A0000B00 00000000 09
 02:02:1 8086 8805 0C031001 0106 0010 00 00 80 A0000C00 00000000 09
 02:02:2 8086 8806 0C031001 0106 0010 00 00 80 A0000D00 00000000 09
 02:02:3 8086 8807 0C032001 0106 0010 00 00 80 A0000E00 00000000 09
 02:06:0 8086 880B 01060101 0107 0010 00 00 00 00000000 00000000 11
 02:08:0 8086 880C 0C031001 0106 0010 00 00 80 A0004800 00000000 10
 02:08:1 8086 880D 0C031001 0106 0010 00 00 80 A0004900 00000000 10
 02:08:2 8086 880E 0C031001 0106 0010 00 00 80 A0004A00 00000000 10
 02:08:3 8086 880F 0C032001 0106 0010 00 00 80 A0004B00 00000000 10
 02:10:1 8086 8811 07000200 0107 0010 00 00 80 00001041 A0004D00 09
 02:10:2 8086 8812 07000200 0107 0010 00 00 80 00001049 A0004D10 09
 02:12:2 8086 8817 0C800000 0106 0010 00 00 80 00000000 A0005000 05
 02:12:3 8086 8818 0C090000 0106 0010 00 00 80 00000000 A0005200 05
 03:00:0 111D 803A 0604000E 0107 0010 08 00 01 3FFF2000 A2FFA100
 05:00:0 8086 10D3 02000000 0107 0010 08 00 00 A1000000 00000000 09
 06:00:0 8086 10D3 02000000 0107 0010 08 00 00 A2000000 00000000 10
 08:00:0 111D 803A 0604000E 0107 0010 08 00 01 5FFF4000 A4FFA300
 10:00:0 8086 10D3 02000000 0107 0010 08 00 00 A3000000 00000000 10
 11:00:0 8086 10D3 02000000 0107 0010 08 00 00 A4000000 00000000 11
 13:00:0 168C 0024 02800001 0107 2010 08 00 00 A5000004 00000000 09
 
  5 Seconds to automatic boot.   Press Ctrl-P for entering Monitor.

Press Ctrl-P and change console speed in BIOS

 comBIOS Monitor.   Press ? for help.
 
 > set ConSpeed=9600

Change to 9600 on the terminal client

Press reset button

 [...]
 
 ugen7.1: <Intel> at usbus7
 uhub7: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus7
 uhub5: 1 port with 1 removable, self powered
 uhub6: 1 port with 1 removable, self powered
 uhub3: 3 ports with 3 removable, self powered
 uhub7: 3 ports with 3 removable, self powered
 ugen7.2: <SanDisk> at usbus7
 umass0: <SanDisk Cruzer Fit, class 0/0, rev 2.00/1.26, addr 2> on usbus7
 SMP: AP CPU #1 Launched!
 da0 at umass-sim0 bus 0 scbus0 target 0 lun 0
 da0: <SanDisk Cruzer Fit 1.26> Removable Direct Access SCSI-5 device
 da0: 40.000MB/s transfers
 da0: 7633MB (15633408 512 byte sectors: 255H 63S/T 973C)
 GEOM: da0s1: geometry does not match label (16h,63s != 255h,63s).
 GEOM: da0s2: geometry does not match label (16h,63s != 255h,63s).
 Trying to mount root from ufs:/dev/ufs/pfsense0
 Configuring crash dumps...
 Mounting filesystems...
 Setting up embedded specific environment... done.
 
      ___
  ___/ f \
 / p \___/ Sense
 \___/   \
     \___/
 
 Welcome to pfSense 2.1.5-RELEASE  ...
 
 Creating symlinks......done.
 External config loader 1.0 is now starting... da0s3
 Launching the init system... done.
 Initializing............................ done.
 Starting device manager (devd)...done.
 Loading configuration......done.

If the boot stops at a MOUNT ROOT ERROR see #Mount Root error

Now interfaces must be assigned:
ath0 is the wireless card

 Network interface mismatch -- Running interface assignment option.
 
 Valid interfaces are:
 
 em0   00:00:24:ce:80:70   (up) Intel(R) PRO/1000 Network Connection 7.2.3
 em1   00:00:24:ce:80:71   (up) Intel(R) PRO/1000 Network Connection 7.2.3
 em2   00:00:24:ce:80:72   (up) Intel(R) PRO/1000 Network Connection 7.2.3
 em3   00:00:24:ce:80:73   (up) Intel(R) PRO/1000 Network Connection 7.2.3
 ath0  cc:b2:55:c3:58:84   (up) Atheros 5416
 
 Do you want to set up VLANs first?
 
 If you are not going to use VLANs, or only for optional interfaces, you should
 say no here and use the webConfigurator to configure VLANs later, if required.
 
 Do you want to set up VLANs now [y|n]? n

No vlans for this setup.

Assign all interfaces

 *NOTE*  pfSense requires *AT LEAST* 1 assigned interface(s) to function.
         If you do not have *AT LEAST* 1 interfaces you CANNOT continue.
 
         If you do not have at least 1 *REAL* network interface card(s)
         or one interface with multiple VLANs then pfSense
         *WILL NOT* function correctly.
 
 If you do not know the names of your interfaces, you may choose to use
 auto-detection. In that case, disconnect all interfaces now before
 hitting 'a' to initiate auto detection.
 
 Enter the WAN interface name or 'a' for auto-detection: em0
 
 Enter the LAN interface name or 'a' for auto-detection
 NOTE: this enables full Firewalling/NAT mode.
 (or nothing if finished): em1
 
 Enter the Optional 1 interface name or 'a' for auto-detection
 (or nothing if finished): em2
 
 Enter the Optional 2 interface name or 'a' for auto-detection
 (or nothing if finished): em3
 
 Enter the Optional 3 interface name or 'a' for auto-detection
 (or nothing if finished): ath0
 
 Enter the Optional 4 interface name or 'a' for auto-detection
 (or nothing if finished):
 
 The interfaces will be assigned as follows:
 
 WAN  -> em0
 LAN  -> em1
 OPT1 -> em2
 OPT2 -> em3
 OPT3 -> ath0
 
 Do you want to proceed [y|n]?y
 
 Writing configuration...done.
 Updating configuration...done.
 Cleaning backup cache...done.
 Setting up extended sysctls...done.
 Setting timezone...done.
 Starting Secure Shell Services...done.
 Setting up polling defaults...done.
 Setting up interfaces microcode...done.
 Configuring LAGG interfaces...done.
 Configuring VLAN interfaces...done.
 Configuring QinQ interfaces...done.
 Configuring WAN interface...done.
 Configuring LAN interface...done.
 Syncing OpenVPN settings...done.
 Starting syslog...done.
 Configuring firewall......done.
 Starting PFLOG...done.
 Setting up gateway monitors...done.
 Synchronizing user settings...done.
 Starting webConfigurator...done.
 Configuring CRON...done.
 Starting DHCP service...done.
 Starting DNS forwarder...done.
 Configuring firewall......done.
 Starting OpenNTP time client...done.
 Generating RRD graphs...done.
 Starting CRON... done.
 Bootup complete
 
 FreeBSD/i386 (pfSense.localdomain) (console)
 
 *** Welcome to pfSense 2.1.5-RELEASE-nanobsd (i386) on pfSense ***
 
   WAN (wan)                 -> em0        -> 192.168.10.122 (DHCP)
   LAN (lan)                 -> em1        -> 192.168.1.1
   OPT1 (opt1)               -> em2        -> NONE
   OPT2 (opt2)               -> em3        -> NONE
   OPT3 (opt3)               -> ath0_wlan0 -> NONE
 
  0) Logout (SSH only)                  8) Shell
  1) Assign Interfaces                  9) pfTop
  2) Set interface(s) IP address       10) Filter Logs
  3) Reset webConfigurator password    11) Restart webConfigurator
  4) Reset to factory defaults         12) pfSense Developer Shell
  5) Reboot system                     13) Upgrade from console
  6) Halt system                       14) Enable Secure Shell (sshd)
  7) Ping host
 
 Enter an option:

Now the Soekris box is up.

Connect a PC to Eth1 (LAN) and use a browser to access the pfSense GUI on https://192.168.1.1
Ignore the certificate error and login in with Username: admin and Password: pfsense

Go through the initial setup wizard.
(Remove the Block private networks filter on the WAN interface if on a private network, e.g. when testing)

Enable interfaces

Use the menu Interfaces and enable all OPTx interfaces.

For more descriptive interface names, change the Description to match the case label: ETHx, WIFI

To enable the wireless interface, Mode must be set to Access Point and SSID must be set.

Add firewall rules

Go to Firewall > Rules
On all OPTx interfaces add a rule to let all traffic pass (blocked by default)
Click "+" to add rule with Protocol: any

Click Apply Changes after all rules have been added.

CPU Temperature

The CPU temperature can be shown in the System Information widget on the Dashboard page

Load coretemp module

The easiest method is to enable the module from the GUI: System > Advanced, Miscellaneous tab, set Thermal Sensors to Intel Core [...], then click Save.

It can also be set to load from the shell:

 kldload coretemp
 
 sysctl -a | grep temperature
   dev.cpu.0.temperature: 75.0C
   dev.cpu.1.temperature: 75.0C
 
 /etc/rc.conf_mount_rw
 echo 'coretemp_load="YES"' >> /boot/loader.conf.local
 /etc/rc.conf_mount_ro

coretemp reports a wrong temperature for this cpu.
coretemp uses tjmax to calculate the correct temperature, and defaults to 100 if the cpu isn't recognized.
Unfortunately the Intel Atom E6xx has a tjmax of 90, which gives us a temperature which is 10°C off.

Reading temperature from BIOS

The temperature can also be read directly from the CPU register

  5 Seconds to automatic boot.   Press Ctrl-P for entering Monitor.
 comBIOS Monitor.   Press ? for help.
 
 > rm 19c
 00000000 88190000

Calculate temperature:
Digital Readout (bits 22:16): xxxxxxxx xx19xxxx
Hexadecimal 19 = Decimal 25
tjmax - readout = 90 - 25 = 65°C

References

TJUNCTION-MAX
Maximum allowed component (junction) temperature. Also referred to as TJ-MAX


Ready LED

It would be desirable to control the Ready LED from software.
Maybe a flashing Ready while booting, and steady light when finished.

There is currently no easy way to do this.

On pfSense 2.2, gpioctl may be useable.

LEDs on net6501

 Red Error LED:   I/O port 069C bit 0, 0=off, 1=on.
 Green Ready LED: I/O port 069D bit 0, 0=off, 1=on.

Mount Root error

When compiling this how-to, pfSense reported a Mount Root error.
The solution is presented here: Boot Troubleshooting#Booting_from_USB Booting from USB

ACPI

This is just cosmetics to clean up the boot log

 ACPI Error: A valid RSDP was not found (20100331/tbxfroot-309)
 ACPI: Table initialisation failed: AE_NOT_FOUND
 ACPI: Try disabling either ACPI or apic support.

Solution: http://doc.pfsense.org/index.php/Booting_Options#Disabling_ACPI

Shell

 root(1): /etc/rc.conf_mount_rw
 root(2): echo "hint.acpi.0.disabled=1" >> /boot/loader.conf.local
 root(3): /etc/rc.conf_mount_ro
 root(4): exit

Links