Installing pfSense on brand new hardware – no drivers?
-
So my little pfSense box that I've been using is no longer fit for use because it only has a single on-board NIC, and thus I've been using a USB NIC for WAN… but that's starting to exhibit strange behavior (randomly dropping WAN IP) that, after searching, appears to be at least somewhat endemic to USB NICs.
I figured I'd build a shiny new box to replace it (this needs to happen sooner rather than later, because my fiancee needs the internet connection to be stable for our VoIP phone so she can make doctors' calls for her brother who was just diagnosed with cancer), but am running into a speed bump that (to me) is about the size of Mount Everest.
After doing some brief research on hardware while I was at work today, I settled on the Gigabyte GA-Z87N-WIFI to serve as the heart of the system. I couldn't find much about the specific chipsets of the NICs, but knew that Intel and Atheros were pretty well-supported in terms of pfSense drivers, and this was the only mini-ITX board with dual NICs that my local Microcenter carried, so it seemed like a decent choice. Unfortunately, now that I'm home and trying to get pfSense running, I'm stuck in a setup loop.
When I fire up pfSense, it tells me
Valid interfaces are: usbus00 (up) usbus10 (up)before prompting about VLANs. I say no to the VLAN question, and then am asked about my WAN interface. I have tried pfx0, alc0, em0, en0, ue0, and a couple others that I thought might apply to either the Intel or Atheros interface, but none of them work. When I try the auto-detect on either interface, that doesn't work either – "No link-up detected".
Staring intently at the motherboard, I found the Atheros chip, marked "8161-8L3A" -- this seems to indicate the AR8161 chipset. I have also found what I believe to be the Intel chip, marked "WG1217V" -- a Google reveals many non-English pages that have just enough Latin characters to suggest that this is indeed the Intel ethernet chipset. Is there any way to get drivers for this beast, or should I just accept defeat, pack everything back up, and get a "canned" router?
-
Please describe your current pfsense box. It may still be suitable with VLANs if its memory, processor, speed are up to your requirements.
-
Wi-Fi 802.11 b/g/n, supporting 2.4 GHz Single-Band
Bluetooth 4.0, 3.0+HS, 2.1+EDR
Don't expect those to work as advertised.Don't waste your money on USB3 too much either - Its a pain.
I'm also not sure about that Atheros LAN port.
-
Please describe your current pfsense box. It may still be suitable with VLANs if its memory, processor, speed are up to your requirements.
It's an Intel Atom D525 based system, with one built-in ethernet port that uses the ue driver. I think it has 2GB RAM and is running the nanoBSD 4G image.
Wi-Fi 802.11 b/g/n, supporting 2.4 GHz Single-Band
Bluetooth 4.0, 3.0+HS, 2.1+EDR
Don't expect those to work as advertised.Don't waste your money on USB3 too much either - Its a pain.
I'm also not sure about that Atheros LAN port.
I don't care about the BT at all, and as long as I can get 802.11g on the wireless (which is Intel-based) I'm happy. Worst case scenario, I can rip the wireless card out of my current pfSense box and slap it in this one (assuming I get everything else running), as the wireless in this mobo is via mini PCIe.
Most of the specs of the mobo I don't really care about; I just needed SFF (mini-ITX) and dual NIC – this was the only one my local store carried that fit the bill.
-
The best way to get painless out-of-the-box function is to buy a board with with all usb2 and no usb3. Simple SATAII drive interfaces, one or two built-in INTEL NIC ports and then add a 2 port Intel PCIe GB network card to that for cheap.
Then get yourself a nice Wireless AP and plug into the switch on your LAN.
Thats a nice piece of hardware you found, but not for your purposes.
I do like the Ultra Durable line of boards though. Maybe buy an older one (for cheap) on ebay that won't push the limits of pfsense drivers.
-
I just re-read the original post… You have this already?
So, we are in salvage the board mode then?You are doing a full install on HDD or SSD with live CD?
(Since you have this already I think it might be able to be made to work fine with a few settings changes - maybe)
-
Correct – I need to either find a way to make this work, or find a way to make the old box work... or pack everything back up, take it back to the store, and get a vanilla router.
-
OK - You said you had it up to the part where you needed to assign interfaces. Can you get it to that point again? Then get yourself a piece of paper and a pen.
While its sitting there asking you which interfaces you need to set up, you need to plug a cat5 port into your existing router or switch. Then plug the cable into each port on the new machine also, one at a time. Watch the screen on pfsense. It will tell you which interface name went up and then down. Those are the two ports interface names to use. Keep track of which one you want to be LAN and WAN also.
Let me know when you are done there.
-
I tried that – I plugged and unplugged back and forth between both ports, and it just sits at the "Enter the WAN interface name or 'a' for auto-detection" prompt. Similarly, when I try auto-detection (leaving cables unplugged until prompted), it doesn't detect any link up event.
-
I'd box it up send it back if possible. If not, there is further checking that can be done in the BIOS.
I'd go into the bios and check the advanced setting and the onboard devices (Every bios is slightly different)
I'd deactivate USB3 if possible. Default to SATAII if possible. Also make sure the network cards are turned on.
I've had several instances where boards ship with most features turned off.
Let me know how that goes. Also, you are using version 2.1 right?
-
Looks like I might be boxing it up…
I can't disable USB3 or change the SATA mode (only enable/disable each port; I have all the unused ports disabled). I've tried turning on EVERYTHING remotely network-related in the peripherals section, which is resulting in a ludicrously slow boot time because now it's trying to boot on PXE (and timing out of course). We'll see what road this leads down...
-
Can you open your current D525 box and post a pic here of the board in the case its sitting in. I want to know if there is space for add-on NIC in either a PCI or PCIe slot and if the case will accommodate it. A D525 is a nice bit of kit and is very capable as a pfsense router/firewall.
-
No dice on the boot with options, still doesn't detect any link state change. The NIC status LEDs blink periodically, so there's at least a physical connection… but can't get much beyond that.
http://imgur.com/bbjmjH6.jpg for my Atom box -- don't see any room for a second NIC in there :(
-
Thats completely OK - I already know the best way to deal with this, but question… What kind of throughput do you need? How fast is your internet?
Also, what kind of packages do you need to run?
(I like that box - Its really nice - How is that kingspec SSD working out for you?)
-
I think our internet connection is 50mbit down/15mbit up, though we're considering upgrading in the (nearish) future.
As far as packages, I'm running pretty near stock. The main features of pfSense I'm concerned with are OpenVPN, and I also run a guest AP (which I throttle, to discourage freeloading neighbors from torrenting etc while allowing legit houseguests to check their e-mail or surf the web). The only package I've actually installed is the File Manager, more out of personal curiosity than anything else.
The Kingspec SSD has been running quite well – on this box I'm running the nanobsd 1g image, so theoretically there's ~15GB of space for the SSD to use for wear-leveling :D
-
OK - Your current box is very nice and more than you need for your application. I notice you have wireless on that box. Does that work well for you?
As far as getting you a wired LAN and WAN, all you need is a small managed VLAN capable switch and you will be all set. Then you will have LAN and WAN ports to spare (-; How fast is your port on the box? Is is GB or 10/100?
-
Gigabyte GA-Z87N-WIFI :
Uh, that's an Intel i217v which isn't supported.
I don't believe that Atheros chip is supported either. They're both really new relatively speaking.afaik nobody has the i2xx series working yet. If you're deadset on using that GB board, just stick a ~20$ nc360t in it until the appropriate drivers are ready.
-
Yeah - But returning the mobo and just buying a vlan switch is so cost effective and flexible… Will work sooooooo well also.
-
It's GigE… would this switch do? http://www.microcenter.com/product/393070/JetStream_8-Port_10-100-1000_Gigabit_Managed_Ethernet_Switch_with_2_SFP_Slots
The wireless has worked fine for me... we don't do a whole lot on wireless (mostly web surfing and e-mail... our most demanding application is probably YouTube), and the guest AP thing is nice to have.
afaik nobody has the i2xx series working yet. If you're deadset on using that GB board, just stick a ~20$ nc360t in it until the appropriate drivers are ready.
Unfortunately said NIC is not available locally, and I need a solution ASAP (see OP). The cheapest equivalent @ Microcenter is $156, and that's on top of the ~$250 I've already spent on this new hardware.
-
TL-SG3210 - Ohhhhhh yeah. That will do it. Looks like a nice small switch.
I'm sure you can conquer VLANs in a a hour or two then you will be all set.