Installing pfSense on Sophos XG 105 rev. 2
-
Got my hands on a rev. 2 XG 105 appliance and immediately thought this was the perfect little pfSense hardware. Low power consumption, 64GB sata SSD, 2GB ram was upgradable (up to 8GB?), E3826 aes-ni proc, 2 usb 2.0 ports, vga console, 4 gigabit ports(Intel i211). Started on this by factory defaulting the bios and popping in the latest version of pfSense via usb. drive booted up but as soon as I went to install it, the intaller crapped out at some line of command:
atkbdc0: <Keyboard controller> (i8042) at port 0x60,0x64 on isa0 atkbd0: <AT Keyboard> irq 1 onatkbdc0
My first thought was to change all settings in the bios I could think of that would be affecting the bootup. I made changes to anything and everything I could find related to pcie, cpu, storage devices, ACPI, etc.... Same results every time. interupting the boot got the db> prompt, but being new to this, it wasnt any help. I could also get it to give me a fatal trap 30 by pressing ctrl+C when booting, but no significance to me and I couldn't find anything that made sense being new to BSD. The next step was to try some loader.conf modifications and I tried setting up these commands I felt that were related to my errors. Here are the commands I used:
set hint.atkbd.0.disabled=1 set hint atkbdc.0.disabled=1
Awesome, the installer boots now, and even installs to the local drive! woohoo... wait... After pfSense starts up, no interfaces are detected. pfSense will not boot if does not detect at least one NIC. From here, I tried installing freebsd- no dice. Exact same problem. Next, I moved onto Mint, and other distros... they installed perfectly. Even with default or modified bios settings. Everything I threw at it just worked... except BSD or pfSense. I even installed Untangle... Side note- it has a nice interface, but wasn't what I was looking for(I have to admit, their install process is pretty and polished too). Back to the drawing board.. I factory reset the bios again, and reading each setting, I found the one setting that made this work. In the bios, navigate to Advanced > USB Configuration > Port 60/64 Emulation. Flip this to [Disabled.]
After making this one change, pfSense installed perfectly and even boots up. All interfaces are up and so far everything is working. Not sure why this was such an important setting for BSD to flip out, but it does make perfect sense when you review the initial garbage that the BSD boot process spit at me before abruptly rebooting. Apparently, all operating systems except FreeBSD have a tolerance for 60h/64h emulation support... or it could just be this hardware and or this bios. Anyhow, thanks for reading this ranty, and unnecessarily long post. Hopefully this will help somebody repurpose these now aging Sophos XG 105 or even a related XG/SG box with pfSense. I especially like how these little boxes are AES-NI ready and should run 2.5 when the new BSD is released.
-
Thanks for this. I've just bought the SG105 rev 2, great value little rackmount unit with a AES-NI CPU.
I tried the following:
-
Doing a fresh install from the latest PFSense USB memstick installer with default settings gets stuck in an infinite reboot loop
-
Disabling "Port 60/40 emulation" in the BIOS and trying again, results in the installer getting stuck at "Booting..." forever (no reboots, just frozen with no HDD activity). (the line above the stuck "Booting ..." says: /boot/kernel/kernel text=0x17c1930 data=0xb93d38+0x557b28 syms=[0x8+0x197400+0x8+0x197f72])
-
Picking option 3 (alter loader config) and typing
set hint.atkbd.0.disabled=1
set hint.atkbdc.0.disabled=1
boot
(This was still stuck at "Booting...".)
I found in another thread that all I had to do after the BIOS change you found was pick option 3 and type:
set kern.vty="sc"
boot(I then had to do the same every time it boots. It seems the set command doesn't actually permanently modify the loader.config file)
-
-
If anyone is trying this and have the same issue, I followed the post from @CCPFLDN and found that I only needed to do point 2 and then only needed to enter the set kern.vty="sc" command to get the OS to boot and install.
After the installation and first boot I edited the /boot/loader.conf file and added kern.vty="sc" at the bottom of the file, saved it and it is booting fine every time.
-
I've just installed PFsense 2.4.4 on a Sophos SG-105W appliance using the following method:
- Write the latest PFSense USB memstick installer (pfSense-CE-memstick-2.4.4-RELEASE-p3-amd64.img) to USB using Win32DiskImager
- Press Del to Enter BIOS
- Arrow to Advanced menu > USB Configuration > Disable "Port 60/40 emulation". This resolves the installer getting stuck at "Booting..." forever (no reboots, just frozen with no HDD activity). (the line above the stuck "Booting ..." says: /boot/kernel/kernel text=0x17c1930 data=0xb93d38+0x557b28 syms=[0x8+0x197400+0x8+0x197f72])
- Reboot, at the PFSense menu, select option 3 and type:
set kern.vty="sc" press Enter
boot press Enter - After PFsense is installed. You have an option to exit to command prompt, do this:
Type vi /boot/loader.conf then Enter
Press Insert on your keyboard to edit
Add kern.vty="sc" to the last line (Note: you don't type set here)
Type :wq then Enter
Type reboot then Enter
-
Thanks man! I had pfSense installed on a SG125 without any issues, but the hardware eventually died on me (C2000 bug). I tried installing pfSense on a spare SG105v2, but ran into the above issue everytime.. I will definitely try this out today..
-
PFSense on a Sophos SG-105W appliance is working fine with the instruction above.
It would be create, if the WLAN-Modul would work too.
In the Interface Menu: "no interface available"...Any idea how to fix this?
Thanks
-
-
Hi everyone, I also want to thank you all for your help. I managed to install pfSense on my (recently unlicensed) Sophos XG 125w (rev. 3) with the instructions in this topic. It works perfectly, except for the WLAN interface (which I don't use). Thanks!
-
it works,
perfect ! -
on Sophos XG 105 rev. 1:
Installed like @pfme summarized.
System hung when partitioning/formatting the HDD in pfsense installer.
Worked after erasing the data on hdd, where the original Sophos installation was.
I used SystemRescueCD and shred for erasing the hdd.Then it worked perfectly.
-
@klauskurz said in Installing pfSense on Sophos XG 105 rev. 2:
Sophos XG 105 rev. 1
@klauskurz specifications of Sophos XG 105 rev. 1 how? (CPU, RAM).
-
I stumbled on this thread and it peaked my interest so I picked up a used Sophos XG105 Rev 3. I changed the bios setting as noted above and flashed it right out of the box with 2.5.2 and I’m only testing at this point. I setup the LAN Net (ibg1) with a 192.168.5.1 and a Vlan (igb3) for wireless on 192.168.88.1. The problem is I wanted to use a firewall rule to block access to the Lan Net from the Wifi Vlan. I have this working on my main router, I can ping my LAN from the Vlan on the Sophos so to me that proves the FW rule is not working? anyone see this before with the Sophos? thanks in advance
-
@s762 When you ping a device in the LAN from the WIFI: Please check in the firewall, if the ping is really answered by the device in the LAN segment. Check this in the firewall packet capture or you can check this at the LAN device with wireshark or similar. It happened to me, that the ping is answered from the firewall itself, so you think the rule is not working because you get a ping reply.
-
This post is deleted! -
Hi CCPFLDN,
I bought the same device and have managed to somehow get into the bios through the EFI shell as it would not allow me to boot into the bios. I however cannot navigate within the bios. Do you know of work around for this?
Thanks
-
I have figured it for those having the same issue. It would seem that bios and install was only possible through the console and Putty via the COM port.
-
This post is deleted! -
This is hanging for me after doing set.kern.vty="sc". There isn't any indication on what the error actually is. I am trying to run this on a Sophos XG230 rev.1. I also was able to disable the port 60/40 emulation as well. I tried recreating the USB using etcher. Still no dice.
-
@nickburns Might be different as I have an XG310, but I didn't have to do the set.kern.vty or the 60/40 emulation. Are you doing the install via the COM/Console port or plugging in a keyboard and using the VGA port on the back?
Using only the COM port on the front has worked for me, USB install from Etcher using pfSense-CE-memstick-serial-2.5.2 image
-
@clesports I am doing the update via the COM port. I tried to boot from the serial image and it was just a bunch of gibberish on the screen. Then when I did the VGA I actually got the pfsense install screen. Is that normal? First time installing pfsense for me.
-
@nickburns said in Installing pfSense on Sophos XG 105 rev. 2:
@clesports I am doing the update via the COM port. I tried to boot from the serial image and it was just a bunch of gibberish on the screen. Then when I did the VGA I actually got the pfsense install screen. Is that normal? First time installing pfsense for me.
The speed you had configured on your COM port connection was probably incorrect, which is probably why you saw gibberish. If you want to see the initial BIOS screens to change settings, etc it's 38400. Once pfSense starts booting, it changes to 115200.
-
@clesports Thanks! That worked :) pfsense is up and running on my Sophos XG 230 rev.1
-
@pfme I'm stuck at point 5, only because I dont understand a lot of command line input. Could somebody possibly detail how add to the last line and what doe s the "you dont type set here" mean. Thank you in advance
-
@darkmattersz said in Installing pfSense on Sophos XG 105 rev. 2:
@pfme I'm stuck at point 5, only because I dont understand a lot of command line input. Could somebody possibly detail how add to the last line and what doe s the "you dont type set here" mean. Thank you in advance
Type what's in bold from that post (other than "Insert" meaning pressing the "Insert" key on your keyboard)
-
@clesports Thank you kindly, I understood which parts to type. I dont know how to add to the last line or how to navigate to to add. I hope this makes sense.
-
@darkmattersz said in Installing pfSense on Sophos XG 105 rev. 2:
@clesports Thank you kindly, I understood which parts to type. I dont know how to add to the last line or how to navigate to to add. I hope this makes sense.
You should be able to use the arrow keys to navigate to the bottom of the file. Then type the kern.vty line. Might need to hit the Escape key before :wq too
-
That line should go in /boot/loader.conf.local to avoid being overwritten.
You can use the Easy Editor (ee) instead of vi. ee does not require a cheat sheet.
Steve
-
@stephenw10 Thank you stephen and everyone else who chimed in !!
-
Sorry for reviving an old thread but just out of curiosity how powerful is an XG105 rev2.0 in comparison with a PC engines board?
-
@gtj The XG 105 Rev2 spec sheet lists an Intel Atom Baytrail Dual Core (1.46 GHz) with 2gb of RAM and 64gb SSD. Looking at Intel's page, it's probably either an Atom E3815 or E3826
-
@clesports said in Installing pfSense on Sophos XG 105 rev. 2:
@gtj The XG 105 Rev2 spec sheet lists an Intel Atom Baytrail Dual Core (1.46 GHz) with 2gb of RAM and 64gb SSD. Looking at Intel's page, it's probably either an Atom E3815 or E3826
Thank you so much for the input. It's probably an E3826 judging by various info spread across the internet.
The thing is how does this compare in real life with the AMD GX-412TC, the processor that feature most PC Engines boards?I know the AMD should be superior on paper featuring 4 cores instead of 2 of the Intel but the AMD is clocked only at 1Ghz.
-
Hello
I just bought an xg105 and have successfully installed pfsense following the guide above.
However it seems like have trouble assigning the interfaces. The auto feature won't work for WAN.
Which LAN ports you use for what?
Is there any particular trick with setting those up?
-
The auto-detect feature cannot work with some NICs, it's dependent on the PHY reporting,
Just assign the NICs manually then check at the command line to make sure you know whoch ports they are. Plug in an active cable, run
ifconfig
, see which NIC is active. You can always reassign them at any time.Steve
-
@stephenw10 said in Installing pfSense on Sophos XG 105 rev. 2:
The auto-detect feature cannot work with some NICs, it's dependent on the PHY reporting,
Just assign the NICs manually then check at the command line to make sure you know whoch ports they are. Plug in an active cable, run
ifconfig
, see which NIC is active. You can always reassign them at any time.Steve
Thank you so much Steve.
I'll give these suggestions a go. -
@stephenw10 said in Installing pfSense on Sophos XG 105 rev. 2:
The auto-detect feature cannot work with some NICs, it's dependent on the PHY reporting,
Just assign the NICs manually then check at the command line to make sure you know whoch ports they are. Plug in an active cable, run
ifconfig
, see which NIC is active. You can always reassign them at any time.Steve
Hey Steve,
I was able to assign the interfaces eventually (thank you!) and I can now see them within the WebGUI too. However, the WAN interface doesn't look like it's actually connected despite both of them show as ''up''. (WAN IP shows 0.0.0.0)
LAN is obviously working as I can navigate and tweak anything I want within pfsense.For testing purposes, I loaded onto this box a pfsense configuration which I currently use with my main APU2C4 pfsense built but again WAN is 0.0.0.0
In the diagnostics tab I cannot ping any hosts so I guess there's no connection with the outside world. I assumed that loading an existing configuration to a new installation would instantly work but that's not the case here.
What am I doing wrong? Is there anything I'll have to check or change that I'm missing?
-
@gtj said in Installing pfSense on Sophos XG 105 rev. 2:
WAN IP shows 0.0.0.0
Usually that means it's configured as DHCP but cannot pull a lease, is that the case?
What is it connected to? Check the dhcp logs for dhclient entries.
Steve
-
@stephenw10 said in Installing pfSense on Sophos XG 105 rev. 2:
@gtj said in Installing pfSense on Sophos XG 105 rev. 2:
WAN IP shows 0.0.0.0
Usually that means it's configured as DHCP but cannot pull a lease, is that the case?
What is it connected to? Check the dhcp logs for dhclient entries.
Steve
It is Indeed but so is my Backup configuration I loaded from the man pfsense router. That one connects to the web no problem.
-
So what is it connected to?
If it's a cable modem is that locked to the MAC of the other pfSense WAN?
-
@stephenw10 said in Installing pfSense on Sophos XG 105 rev. 2:
So what is it connected to?
If it's a cable modem is that locked to the MAC of the other pfSense WAN?
It is a cable modem from those all in one devices the ISPs provide. I want to use it as a modem with PPPoE passthrough and use pfsense to handle the routing and WiFi.
-
Well I would try spoofing the WAN MAC address to the same as the old device then.
You could also connect it to some other device with a DHCP server in it to check it will pull a dhcp lease at all.