Posted on Tuesday, October 16, 2018



I have a need for a router in my new network setup.  I chatted with a friend of mine who is an expert in this area.  I was thinking about buying a router and then flashing it with some opensource software to control it.

He immediately tried to turn me off of this idea.  He said the current state of router hardware is not to be trusted… Even if you can flash the software there still may be hardware that can be hacked or is outright malicious. 


His solution…  use pfsense and either install it on an old PC or buy a dedicated small pc engine to run it.




I decided to go the pc engine route.

I ordered an apu2c4  PC Engine (specs https://www.pcengines.ch/apu2c4.htm )

I purchase it from minibox for $170.  I also bought an enclosure and a power adapter.



I also bought an mSata hard drive on amazon

Then I bought a USB to DB9F serial with USB cable directly from pcengine (did not want to have to deal with a bad cable)



All in all I spent ~$300 ($70 of that for the HD…)

Now I need to get it all set up.


Prepping and turning it on


There is a little assembly required for this.  The PC Engine does not have its heatsink attached, you need to attach it.

Here is a link to the how to document https://www.pcengines.ch/apucool.htm

And here is what I did



Heat sink is on the back of the package J








Here is the back of the heatsink and two blue thermal pads for sticking to CPU





Here is the CPU I need to put the heatsink on.  Other models have a second chip you need to put a sink on this one just has the one.






Remove one side of the sticky blue pad and put it on the CPU.






Now remove the stick from the top part.





Now put it on top and let them attach.

I think at this point it’s a good idea to put it in the enclosure, which will allow the pad to rest on the bottom of the enclosure (I think…)

But I have an issue the enclosure I have needs a little tweaking to work with this board.





Install the mSata Drive





Now plug it in J

I heard a beep J

Next step connect to it and install pfsense.




Download putty


Head over to https://www.putty.org/



Download and install the putty tool.




Open up the putty tool


Unplug the power from the board and plug in the USB to COM cable.






Now set the putty tool to the following




/dev/ttyUSB0
115200
And select Serial.




Click Open


If you get an error, like I did




OK I am having issues on mine let me see if I can solve it…




Fix issues


Open Device manager







In device manager go to View and make sure Show Hidden Devices is enabled.











In theory it should show up under Ports (Com & LPT)

But for some reason I have mine show up in Other devices.
I think I need to install a driver






Download it






Run installer




Bam I can see it now!


Try again


/dev/ttyUSB0
115200
And select Serial.






Still a failure




COM5?




COM5 at 9600





Progress!




Now plug it in and watch the console.



Some progress its talking but something is not correct.


Go to the device manager and right click on the device and select properties




Unplugging, restarting putty and trying these options








Select Port settings






Set speed to 115200




Open up putty again and select Serial at the bottom and set the settings like this.





Select Session, Serial and click Open








Hey that looks like something!





Looks like its running some test, hey it has CPU temp nice







If I unplug and plug it back in and press F10 at the right time



I can see that it does see my drive


Now I need to make a bootable USB drive with pfsense installer.




Create USB Bootable drive


Get a  USB that you can completely wipe.





I am selecting 2.4.4, 64 bit, USB memory installer and Serial. 


I am going to be using cygwin (linux on windows) to make a bootable usb drive

First check the checksum




  > sha256sum /cygdrive/c/Users/patman/Downloads/pfSense-CE-memstick-serial-2.4.4-RELEASE-amd64.img.gz





And that matches the site ed5c64d4850d4399cb4384a0ffeee0c0efb3910425608a6fb5a7c6566119d457

J

Now to make a bootable disk


First see how cygwin sees the usb stick, run this command


  > cat /proc/partitions




There it is sdd


Now I can use that with the dd command to create a bootable usb disk.

Here is the command (I am going to intentionally make this command incorrect because when you run it … it will wipe out your disk and you don’t want to wipe out your main drive!  So Be cautious)



  > gzip -dc /cygdrive/c/Users/patman/Downloads/pfSense-CE-memstick-serial-2.4.4-RELEASE-amd64.img.gz  | dd of=/dev/sddsdd bs=1M





Oops permission denied…

I need to run as root (Adminstrator)





Right click on cygwin and run as administrator.




Wahoo


 



If I open the drive I see all this gook.
Now let me  plug it into the


Bring up putty again

 






Press F10 then select the USB Drive.  Which happens to be 1.  Press 1!





Doing something




Wahoo click enter







Click Enter to accept license





Select Install pfsend and hit enter




Use the default keyboard and just hit enter








Used Guided Disk Setup and click enter







Entire disk




DOS Partition






Review and  select Finish and enter Enter



Commit!











Checksum failure..


OK starting all over again and trying a different dd setting.




  > gzip -dc /cygdrive/c/Users/patman/Downloads/pfSense-CE-memstick-serial-2.4.4-RELEASE-amd64.img.gz  | dd of=/dev/sddsdd obs=64k







Run through the entire process again




Hey it got further J







Select No








Reboot




Type in exit and press enter










I think I have something…

OK I think its booting off USB.
Let me unplug the power, unplug the USB and start it all up again





Wahoo


I plugged an Ethernet cord from my laptop to the middle Ethernet on the box

Then opened GUI





Defaults

Username        admin
Password         pfsense




Boom


Let me do something





Click on System --> Advanced




Click on Miscellaneous





Select the AMD thermal sensor





Click Save on Bottom







Go back to main page.



And I can see the temperature!


Ok lots more to come as I figure out how pfsense on this dedicated pcengine box.

No comments:

Post a Comment