Much time after I bought my APU1D4 I could install pfSense on it and I’d like to share some notes about this process with you. Let’s start with router hardware specifications:
Mainboard: APU ALIX Engines APU.1D4
CPU: 1 GHz AMD G-Series T40E APU Dual core
RAM: 4GB DDR3
Network: 3 x 1 Gbps Ethernet ports
Compex WLE200NX a/b/g/n miniPCI Express radio card
2 x Wireless LAN omni antennas 2dBi 802.11 b and g with RP SMA connector (Reverse Polarity) for indoor use
Ports: 1 x mSATA, 1 x SD Card, 2 x Mini PCIe, 1 x SATA
Storage: Transcend 32 GB mSATA Solid State Drive, MSA370PCEngines link
The first and best advice which a friend of mine give me to finish successfully pfSense installation (if you’re not a Network Engineer like me) was: draw LAN-WAN network schema on a paper (or in your computer). Once you’re happy with your design you’ll have the first step to achieve your target.
After reading a lot of web pages I decide enable DMZ on my FTTH ISP router pointing to my internal pfSense IP address, this approach was the simplest way to access from The Internet to my LAN because my FTTH has an ONT integrated in the same box, NOT in a separated one.
The installation process was simple I just followed these instructions:
$ gunzip -c pfSense-CE-2.4.2-RELEASE-4g-amd64-nanobsd.img.gz | sudo dd of=/dev/sdc bs=4M 0+121433 records in 0+121433 records out 3989970432 bytes (4.0 GB, 3.7 GiB) copied, 26.8437 s, 149 MB/s # fdisk -l /dev/sdc Disk /dev/sdc: 3.7 GiB, 3989970432 bytes, 7792911 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x90909090 Device Boot Start End Sectors Size Id Type /dev/sdc1 * 63 3844511 3844449 1.9G a5 FreeBSD /dev/sdc2 3844575 7689023 3844449 1.9G a5 FreeBSD /dev/sdc3 7689024 7791839 102816 50.2M a5 FreeBSD
The device in which I write the pfSense image it was a SD card, /dev/sdc in my case.
Once pfSense is installed I just want to mention that I used the following wire to connect with router, also notice that the wire has to be null RS232 modem.
To connect to APU I use the following command:
# minicom -D /dev/ttyS0 -b 115200
With pfSense installed I continued my reading about these topics and I found this option OPNsense which would a great alternative to pfSense but I haven’t much free time so at least for a while I’m going to continue with pfSense.
Considering how to connect from Internet to my LAN I had to decide if I was going to use VPN or SSH. Due to performance reasons I’ve chosen SSH access using RSA keys but when I’ll have time I would like to setup a VPN access also and take my own timing comparing two solutions. You could also take a look to this blog entry to know better the differences between VPN and SSH.
The external access it’s needed to be able to boot through iLO interface of my HP G8 Microserver, once I setup RSA keys properly I have to use I a command like this one:
$ ssh -p NON_PRIVILEGED_PORT -l PFSENSE_USER -L OTHER_NON_PRIVILEGED_PORT:iLO_INTERNAL_IP_ADDRESS:443 DYNAMIC_HOSTNAME
DYNAMIC_HOSTNAME: is the public name (hostname, thanks to noip.com) associated with my dynamic public IP address associated to the ISP FTTH router which I’m using.
I also have configured my FTTH router with an embedded client so this
Once SSH session is opened you can browser to web login page from the client SSH computer using the following URL:
Obviously this setup is a personal choice and it depends completely on my hardware, but I hope you find this approach useful in some way to cover your needs.
That’s all, folks!
“Persistence is the twin sister of excellence. One is a matter of quality; the other, a matter of time”
— Marabel Morgan.