Installing pfSense on Sophos XG 105 rev. 2

CLEsports

@gtj The XG 105 Rev2 spec sheet lists an Intel Atom Baytrail Dual Core (1.46 GHz) with 2gb of RAM and 64gb SSD. Looking at Intel's page, it's probably either an Atom E3815 or E3826

gtj

@clesports said in Installing pfSense on Sophos XG 105 rev. 2:

@gtj The XG 105 Rev2 spec sheet lists an Intel Atom Baytrail Dual Core (1.46 GHz) with 2gb of RAM and 64gb SSD. Looking at Intel's page, it's probably either an Atom E3815 or E3826

Thank you so much for the input. It's probably an E3826 judging by various info spread across the internet.
The thing is how does this compare in real life with the AMD GX-412TC, the processor that feature most PC Engines boards?

I know the AMD should be superior on paper featuring 4 cores instead of 2 of the Intel but the AMD is clocked only at 1Ghz.

gtj

Hello

I just bought an xg105 and have successfully installed pfsense following the guide above.

However it seems like have trouble assigning the interfaces. The auto feature won't work for WAN.

Which LAN ports you use for what?

Is there any particular trick with setting those up?

stephenw10

The auto-detect feature cannot work with some NICs, it's dependent on the PHY reporting,

Just assign the NICs manually then check at the command line to make sure you know whoch ports they are. Plug in an active cable, run ifconfig, see which NIC is active. You can always reassign them at any time.

Steve

gtj

@stephenw10 said in Installing pfSense on Sophos XG 105 rev. 2:

The auto-detect feature cannot work with some NICs, it's dependent on the PHY reporting,

Just assign the NICs manually then check at the command line to make sure you know whoch ports they are. Plug in an active cable, run ifconfig, see which NIC is active. You can always reassign them at any time.

Steve

Thank you so much Steve.
I'll give these suggestions a go.

gtj

@stephenw10 said in Installing pfSense on Sophos XG 105 rev. 2:

The auto-detect feature cannot work with some NICs, it's dependent on the PHY reporting,

Just assign the NICs manually then check at the command line to make sure you know whoch ports they are. Plug in an active cable, run ifconfig, see which NIC is active. You can always reassign them at any time.

Steve

Hey Steve,

I was able to assign the interfaces eventually (thank you!) and I can now see them within the WebGUI too. However, the WAN interface doesn't look like it's actually connected despite both of them show as ''up''. (WAN IP shows 0.0.0.0)
LAN is obviously working as I can navigate and tweak anything I want within pfsense.

For testing purposes, I loaded onto this box a pfsense configuration which I currently use with my main APU2C4 pfsense built but again WAN is 0.0.0.0

In the diagnostics tab I cannot ping any hosts so I guess there's no connection with the outside world. I assumed that loading an existing configuration to a new installation would instantly work but that's not the case here.

What am I doing wrong? Is there anything I'll have to check or change that I'm missing?

stephenw10

@gtj said in Installing pfSense on Sophos XG 105 rev. 2:

WAN IP shows 0.0.0.0

Usually that means it's configured as DHCP but cannot pull a lease, is that the case?

What is it connected to? Check the dhcp logs for dhclient entries.

Steve

gtj

@stephenw10 said in Installing pfSense on Sophos XG 105 rev. 2:

@gtj said in Installing pfSense on Sophos XG 105 rev. 2:

WAN IP shows 0.0.0.0

Usually that means it's configured as DHCP but cannot pull a lease, is that the case?

What is it connected to? Check the dhcp logs for dhclient entries.

Steve

It is Indeed but so is my Backup configuration I loaded from the man pfsense router. That one connects to the web no problem.

stephenw10

So what is it connected to?

If it's a cable modem is that locked to the MAC of the other pfSense WAN?

gtj

@stephenw10 said in Installing pfSense on Sophos XG 105 rev. 2:

So what is it connected to?

If it's a cable modem is that locked to the MAC of the other pfSense WAN?

It is a cable modem from those all in one devices the ISPs provide. I want to use it as a modem with PPPoE passthrough and use pfsense to handle the routing and WiFi.

stephenw10

Well I would try spoofing the WAN MAC address to the same as the old device then.

You could also connect it to some other device with a DHCP server in it to check it will pull a dhcp lease at all.

CCPFLDN

@gtj Most ISP modems will issue the Public IP to the MAC address of the device that is connected when it is turned on. You can't then swap it for another router because it will have a different MAC, as the Public IP has been issued to that MAC.

On some ISPs (E.g Virgin Media in the UK) it is a simple fix; you just have to restart the modem between switching routers (so the modem doesn't go through it's boot process with the old router connected).

On other ISPs there may be some different processes, e.g notifying them of the MAC address manually. In that case MAC spoofing is your only option.

gtj

Thanks for your invaluable help guys.
I will try either restarting the modem or spoofing the MAC address.

My ISP modem is indeed a Virgin UK superhub but in this instance, I'm trying to prepare a fresh pfsense installation to move it to my parents house in Greece when I go there in July.

From what I gathered the connection there is a 100/10 cable PSTN with a Speedport Entry 2i modem/router .

By spoofing it within the WAN settings of pfsense, do you mean that I have to manually set the MAC address which corresponds to the Sophos Igb0 I have assigned as WAN port?

CCPFLDN

@gtj Well it sounds like the issue you have is that you didn't restart the Virgin Cable Modem when you switched the routers? so you won't need to do any spoofing, but if you did, yes you would be setting the WAN MAC to match the WAN MAC of the router that you swapped out.

gtj

@ccpfldn said in Installing pfSense on Sophos XG 105 rev. 2:

@gtj Well it sounds like the issue you have is that you didn't restart the Virgin Cable Modem when you switched the routers? so you won't need to do any spoofing, but if you did, yes you would be setting the WAN MAC to match the WAN MAC of the router that you swapped out.

No I haven't indeed. So I presume when I revert back to my main APU2C4 pfsense I'll have to restart the modem again prior to connecting the router back?

What baffles me is that in my current main APU pfsense I also can't see the WAN MAC address under WAN settings. The space is empty like it's the case with the Sophos one.

CCPFLDN

@gtj That's correct yes. The Virgin Media Superhub in modem mode can only issue one Public IP at a time to one MAC address at a time, and must be restarted in order to change the connected device.

You will have to follow a process every time you switch between routers or the second one you connect will be unable to obtain an IP, as you have found out.

This has actually been the case for about 20 years with all the previous generations of Ambit Cable modem they provided back when they were NTL/Telewest and it applies to some other ISPs around the world as well.

I go through the process methodically with any ISP provided device, disconnecting the old router, turning the ISP modem off for 10 seconds, then back on and waiting for it to boot up before connecting the new router just to make sure it can't lock to any other device.

gtj

@ccpfldn said in Installing pfSense on Sophos XG 105 rev. 2:

@gtj That's correct yes. The Virgin Media Superhub in modem mode can only issue one Public IP at a time to one MAC address at a time, and must be restarted in order to change the connected device.

You will have to follow a process every time you switch between routers or the second one you connect will be unable to obtain an IP, as you have found out.

This has actually been the case for about 20 years with all the previous generations of Ambit Cable modem they provided back when they were NTL/Telewest and it applies to some other ISPs around the world as well.

I go through the process methodically with any ISP provided device, disconnecting the old router, turning the ISP modem off for 10 seconds, then back on and waiting for it to boot up before connecting the new router just to make sure it can't lock to any other device.

Thank you so much for the detailed and comprehensive response. Much appreciated!

Hope the same will apply to the other modem overseas.

deanfourie

I just got my hands on a Sophos XG106 and looking at getting pfSense installed. I got it for nothing so getting pfSense installed on it would be a great bounus.

First thing i've noticed is, I dont get anything from the HDMI port, no signal whatsoever.

Is it possible to do this entire process via serial?

Thanks

CLEsports

@deanfourie Yes, it's possible to install pfSense using only the serial port. Use 115200 for the speed on the COM port for pfSense. If you want to get into the BIOS on your Sophos box for any reason, use 38400

deanfourie

@clesports Excellent, thanks.

Are there any tricks or catches I should know about.

eg. How to enter BIOS?, if the install hangs etc.

Also, does this work for all sophos models including the XG and XGS models do we know?

Thanks