PFSense on a DEC3840 (Netboard A20)

bpl294

@stephenw10 after some tweaking in the bios and using a sata m.2 drive, i am able to get OPNSense installed, but PFSense still hangs...

stephenw10

If you install from ISO in a VM you would need to at least enable the serial console there before moving the drive across.

Are you sure you used the memstick serial image when you booted on it directly?
Are you connected to it at 115200bps?

It may have an uncommon serial port location. Check what loader values opn puts on there. They may be enabling the console on com2 for example.

Steve

bpl294

@stephenw10 Yes i am positive I used the memstick serial version of the image, I created a build stick multiple times on different thumb drives, same issue.

Yes I have putty set to com6 115200 8n1.

I found this link showing what OPNSense is using for a serial connection, it looks pretty similar to PFSense's documentation:

https://docs.opnsense.org/manual/how-tos/serial_access.html

https://docs.netgate.com/pfsense/en/latest/hardware/connect-to-console.html

stephenw10

Both of those are are for generic serial consoles. But, for example, out RCC-VE devices from some years ago require a special installer because the console there in on com2.
The output you're seeing there implies that device also requires some custom loader values because as soon as it loads the default values it stops showing anything.

If there is anything special required it would be in /boot/loader.conf or /boot/loader.conf.local in the opn install.

Steve

bpl294

@stephenw10 forgive me, but what is the best way to view the contents of a img file?

After writing to a thumb drive, i am unable to see the contents of it.

stephenw10

I would install from it, then check the loader files in the resulting install.

Steve

bpl294

@stephenw10 below is the opnsense loader.conf after a serial install. do you notice anything that PFSense does differently?

##############################################################
This file was auto-generated using the rc.loader facility. 
In order to deploy a custom change to this installation,   
please use /boot/loader.conf.local as it is not rewritten, 
or better yet use System: Settings: Tunables from the GUI. 
##############################################################

loader_brand="opnsense"
loader_logo="hourglass"
loader_menu_title=""

autoboot_delay="3"

- Vital modules that are not in FreeBSD's GENERIC
- configuration will be loaded on boot, which makes
- races with individual module's settings impossible.
carp_load="YES"
if_bridge_load="YES"
if_enc_load="YES"
if_gif_load="YES"
if_gre_load="YES"
if_lagg_load="YES"
if_tap_load="YES"
if_tun_load="YES"
if_vlan_load="YES"
pf_load="YES"
pflog_load="YES"
pfsync_load="YES"

- dynamically generated console settings follow
comconsole_speed="115200"
#boot_multicons
boot_serial="YES"
#kern.vty
console="comconsole"

- dynamically generated tunables settings follow
hw.ibrs_disable="0"
hw.ixl.enable_head_writeback="0"
hw.syscons.kbd_reboot="0"
hw.uart.console="io:0x3f8,br:115200"
kern.ipc.maxsockbuf="4262144"
kern.randompid="347"
net.enc.in.ipsec_bpf_mask="2"
net.enc.in.ipsec_filter_mask="2"
net.enc.out.ipsec_bpf_mask="1"
net.enc.out.ipsec_filter_mask="1"
net.inet.icmp.drop_redirect="1"
net.inet.icmp.icmplim="0"
net.inet.icmp.log_redirect="0"
net.inet.icmp.reply_from_interface="1"
net.inet.ip.accept_sourceroute="0"
net.inet.ip.intr_queue_maxlen="1000"
net.inet.ip.portrange.first="1024"
net.inet.ip.random_id="1"
net.inet.ip.redirect="0"
net.inet.ip.sourceroute="0"
net.inet.tcp.blackhole="2"
net.inet.tcp.delayed_ack="0"
net.inet.tcp.drop_synfin="1"
net.inet.tcp.log_debug="0"
net.inet.tcp.recvspace="65228"
net.inet.tcp.sendspace="65228"
net.inet.tcp.syncookies="1"
net.inet.tcp.tso="1"
net.inet.udp.blackhole="1"
net.inet.udp.checksum="1"
net.inet.udp.maxdgram="57344"
net.inet6.ip6.prefer_tempaddr="0"
net.inet6.ip6.redirect="1"
net.inet6.ip6.use_tempaddr="0"
net.link.bridge.pfil_bridge="0"
net.link.bridge.pfil_local_phys="0"
net.link.bridge.pfil_member="1"
net.link.bridge.pfil_onlyip="0"
net.link.tap.user_open="1"
net.local.dgram.maxdgram="8192"
security.bsd.see_other_gids="0"
security.bsd.see_other_uids="0"
vfs.read_max="32"
vm.pmap.pti="1"

stephenw10

The only thing there is this:

hw.uart.console="io:0x3f8,br:115200"

But that's the expected default value.

Is there a loader.conf.local?

bpl294

@stephenw10 these are all the files that begin with "loader", i dont see a loader.conf.local

stephenw10

What's in device.hints? You can see it's loading that too.

Steve

bpl294

@stephenw10

# $FreeBSD$
hint.fdc.0.at="isa"
hint.fdc.0.port="0x3F0"
hint.fdc.0.irq="6"
hint.fdc.0.drq="2"
hint.fd.0.at="fdc0"
hint.fd.0.drive="0"
hint.fd.1.at="fdc0"
hint.fd.1.drive="1"
hint.atkbdc.0.at="isa"
hint.atkbdc.0.port="0x060"
hint.atkbd.0.at="atkbdc"
hint.atkbd.0.irq="1"
hint.psm.0.at="atkbdc"
hint.psm.0.irq="12"
hint.sc.0.at="isa"
hint.sc.0.flags="0x100"
hint.uart.0.at="isa"
hint.uart.0.port="0x3F8"
hint.uart.0.flags="0x10"
hint.uart.0.irq="4"
hint.uart.1.at="isa"
hint.uart.1.port="0x2F8"
hint.uart.1.irq="3"
hint.ppc.0.at="isa"
hint.ppc.0.irq="7"
hint.atrtc.0.at="isa"
hint.atrtc.0.port="0x70"
hint.atrtc.0.irq="8"
hint.attimer.0.at="isa"
hint.attimer.0.port="0x40"
hint.attimer.0.irq="0"
hint.acpi_throttle.0.disabled="1"
hint.p4tcc.0.disabled="1"

stephenw10

Hmm, nothing unusual there either.....

bpl294

@stephenw10 do you have any other idea why the installer won't load? Is there any bios settings i should look for? Is there anyway to do a more verbose install?

stephenw10

You can interrupt the boot loader just before it gets to that point and force it to boot verbose at the prompt:

OK> boot -v

What NICs does that have?
If you install to the SSD in something else then move that across before the first boot it will come up normally if there is a profile for the NICs. So you would be able to hit the webgui even if the console doesn't work.

Steve

bpl294

@stephenw10 It has 4 Intel I210s and 2 AMD SFP+ ports. OPNSense looks like it load the ax drivers for them. Does PFSense support those? I can try disabling them in the bios for the PF install.

I installed pf on a donor machine and put the drive in the DEC3840, same issue. It hangs on loading the kernel. I tried disabling the SFP+ ports as well, no change in outcome.

bpl294

@stephenw10 Also, looks like there is another loader.conf in the /boot/defaults directory:

Not sure if it shows anything else there...

defaults_loader.txt

stephenw10

Yeah, if it didn't have drivers for the ax NICs it should still boot completely with igb0 as WAN and igb1 as LAN. Assuming you didn't configure any interfaces on the install box before moving it.

In that case this looks like not a console problem at all bit actually hanging booting the kernel for some reason. Might be time to check the FreeBSD forum for anything known for that CPU/platform. Or dig in the OPN code when they introduced it for any defaults they changed.

Steve

bpl294

@stephenw10 I contacted the Manufacturer of this appliance, they said the following:

"We don't support pfSense, in order to gain pfSense support you likely need to compile your own kernel at least for the 10gbps drivers to work, the serial console might have issues as well as the Epyc is only supported correctly in the current FreeBSD source if I'm correct.
You can always give it a try to downgrade to pfSense, but we can't really help you on that front.

If you're tech savvy enough, I don't mind sharing some of the upstream FreeBSD code references you will likely need in your kernel, just let me know in that case."

is any of that helpful in pointing me in the right direction?

stephenw10

Certainly support for the AMD SoC axgbe driver is not in FreeBSD 12 so that would require a back-port which is unlikely.
https://github.com/freebsd/freebsd-src/commit/7113afc84c0b68f1e531dbd6d57d024d868d11c0

Surprising it would require anything for serial console support but...
This maybe: https://bsdimp.blogspot.com/2018/07/how-to-get-memory-mapped-serial-console.html

If that was the case though I'd expect to see a loader value for it and the only one they have are the default values.

Can you see the console location in the OPN boot log?

Steve

bpl294

@stephenw10 the dmesg | grep tty didnt return anything in the serial console. In the /dev/ directory i do see quite a few "tty*" files. Only one was changed since i logged in, that was "ttyu0", see below...

Is this what you meant?