PFSense on a DEC3840 (Netboard A20)
-
@stephenw10 after some tweaking in the bios and using a sata m.2 drive, i am able to get OPNSense installed, but PFSense still hangs...
-
If you install from ISO in a VM you would need to at least enable the serial console there before moving the drive across.
Are you sure you used the memstick serial image when you booted on it directly?
Are you connected to it at 115200bps?It may have an uncommon serial port location. Check what loader values opn puts on there. They may be enabling the console on com2 for example.
Steve
-
@stephenw10 Yes i am positive I used the memstick serial version of the image, I created a build stick multiple times on different thumb drives, same issue.
Yes I have putty set to com6 115200 8n1.
I found this link showing what OPNSense is using for a serial connection, it looks pretty similar to PFSense's documentation:
https://docs.opnsense.org/manual/how-tos/serial_access.html
https://docs.netgate.com/pfsense/en/latest/hardware/connect-to-console.html
-
Both of those are are for generic serial consoles. But, for example, out RCC-VE devices from some years ago require a special installer because the console there in on com2.
The output you're seeing there implies that device also requires some custom loader values because as soon as it loads the default values it stops showing anything.If there is anything special required it would be in /boot/loader.conf or /boot/loader.conf.local in the opn install.
Steve
-
@stephenw10 forgive me, but what is the best way to view the contents of a img file?
After writing to a thumb drive, i am unable to see the contents of it.
-
I would install from it, then check the loader files in the resulting install.
Steve
-
@stephenw10 below is the opnsense loader.conf after a serial install. do you notice anything that PFSense does differently?
############################################################## This file was auto-generated using the rc.loader facility. In order to deploy a custom change to this installation, please use /boot/loader.conf.local as it is not rewritten, or better yet use System: Settings: Tunables from the GUI. ############################################################## loader_brand="opnsense" loader_logo="hourglass" loader_menu_title="" autoboot_delay="3" - Vital modules that are not in FreeBSD's GENERIC - configuration will be loaded on boot, which makes - races with individual module's settings impossible. carp_load="YES" if_bridge_load="YES" if_enc_load="YES" if_gif_load="YES" if_gre_load="YES" if_lagg_load="YES" if_tap_load="YES" if_tun_load="YES" if_vlan_load="YES" pf_load="YES" pflog_load="YES" pfsync_load="YES" - dynamically generated console settings follow comconsole_speed="115200" #boot_multicons boot_serial="YES" #kern.vty console="comconsole" - dynamically generated tunables settings follow hw.ibrs_disable="0" hw.ixl.enable_head_writeback="0" hw.syscons.kbd_reboot="0" hw.uart.console="io:0x3f8,br:115200" kern.ipc.maxsockbuf="4262144" kern.randompid="347" net.enc.in.ipsec_bpf_mask="2" net.enc.in.ipsec_filter_mask="2" net.enc.out.ipsec_bpf_mask="1" net.enc.out.ipsec_filter_mask="1" net.inet.icmp.drop_redirect="1" net.inet.icmp.icmplim="0" net.inet.icmp.log_redirect="0" net.inet.icmp.reply_from_interface="1" net.inet.ip.accept_sourceroute="0" net.inet.ip.intr_queue_maxlen="1000" net.inet.ip.portrange.first="1024" net.inet.ip.random_id="1" net.inet.ip.redirect="0" net.inet.ip.sourceroute="0" net.inet.tcp.blackhole="2" net.inet.tcp.delayed_ack="0" net.inet.tcp.drop_synfin="1" net.inet.tcp.log_debug="0" net.inet.tcp.recvspace="65228" net.inet.tcp.sendspace="65228" net.inet.tcp.syncookies="1" net.inet.tcp.tso="1" net.inet.udp.blackhole="1" net.inet.udp.checksum="1" net.inet.udp.maxdgram="57344" net.inet6.ip6.prefer_tempaddr="0" net.inet6.ip6.redirect="1" net.inet6.ip6.use_tempaddr="0" net.link.bridge.pfil_bridge="0" net.link.bridge.pfil_local_phys="0" net.link.bridge.pfil_member="1" net.link.bridge.pfil_onlyip="0" net.link.tap.user_open="1" net.local.dgram.maxdgram="8192" security.bsd.see_other_gids="0" security.bsd.see_other_uids="0" vfs.read_max="32" vm.pmap.pti="1"
-
The only thing there is this:
hw.uart.console="io:0x3f8,br:115200"
But that's the expected default value.
Is there a loader.conf.local?
-
@stephenw10 these are all the files that begin with "loader", i dont see a loader.conf.local
-
What's in device.hints? You can see it's loading that too.
Steve
-
# $FreeBSD$ hint.fdc.0.at="isa" hint.fdc.0.port="0x3F0" hint.fdc.0.irq="6" hint.fdc.0.drq="2" hint.fd.0.at="fdc0" hint.fd.0.drive="0" hint.fd.1.at="fdc0" hint.fd.1.drive="1" hint.atkbdc.0.at="isa" hint.atkbdc.0.port="0x060" hint.atkbd.0.at="atkbdc" hint.atkbd.0.irq="1" hint.psm.0.at="atkbdc" hint.psm.0.irq="12" hint.sc.0.at="isa" hint.sc.0.flags="0x100" hint.uart.0.at="isa" hint.uart.0.port="0x3F8" hint.uart.0.flags="0x10" hint.uart.0.irq="4" hint.uart.1.at="isa" hint.uart.1.port="0x2F8" hint.uart.1.irq="3" hint.ppc.0.at="isa" hint.ppc.0.irq="7" hint.atrtc.0.at="isa" hint.atrtc.0.port="0x70" hint.atrtc.0.irq="8" hint.attimer.0.at="isa" hint.attimer.0.port="0x40" hint.attimer.0.irq="0" hint.acpi_throttle.0.disabled="1" hint.p4tcc.0.disabled="1"
-
Hmm, nothing unusual there either.....
-
@stephenw10 do you have any other idea why the installer won't load? Is there any bios settings i should look for? Is there anyway to do a more verbose install?
-
You can interrupt the boot loader just before it gets to that point and force it to boot verbose at the prompt:
OK> boot -v
What NICs does that have?
If you install to the SSD in something else then move that across before the first boot it will come up normally if there is a profile for the NICs. So you would be able to hit the webgui even if the console doesn't work.Steve
-
@stephenw10 It has 4 Intel I210s and 2 AMD SFP+ ports. OPNSense looks like it load the ax drivers for them. Does PFSense support those? I can try disabling them in the bios for the PF install.
I installed pf on a donor machine and put the drive in the DEC3840, same issue. It hangs on loading the kernel. I tried disabling the SFP+ ports as well, no change in outcome.
-
@stephenw10 Also, looks like there is another loader.conf in the /boot/defaults directory:
Not sure if it shows anything else there...
-
Yeah, if it didn't have drivers for the ax NICs it should still boot completely with igb0 as WAN and igb1 as LAN. Assuming you didn't configure any interfaces on the install box before moving it.
In that case this looks like not a console problem at all bit actually hanging booting the kernel for some reason. Might be time to check the FreeBSD forum for anything known for that CPU/platform. Or dig in the OPN code when they introduced it for any defaults they changed.
Steve
-
@stephenw10 I contacted the Manufacturer of this appliance, they said the following:
"We don't support pfSense, in order to gain pfSense support you likely need to compile your own kernel at least for the 10gbps drivers to work, the serial console might have issues as well as the Epyc is only supported correctly in the current FreeBSD source if I'm correct.
You can always give it a try to downgrade to pfSense, but we can't really help you on that front.If you're tech savvy enough, I don't mind sharing some of the upstream FreeBSD code references you will likely need in your kernel, just let me know in that case."
is any of that helpful in pointing me in the right direction?
-
Certainly support for the AMD SoC axgbe driver is not in FreeBSD 12 so that would require a back-port which is unlikely.
https://github.com/freebsd/freebsd-src/commit/7113afc84c0b68f1e531dbd6d57d024d868d11c0Surprising it would require anything for serial console support but...
This maybe: https://bsdimp.blogspot.com/2018/07/how-to-get-memory-mapped-serial-console.htmlIf that was the case though I'd expect to see a loader value for it and the only one they have are the default values.
Can you see the console location in the OPN boot log?
Steve
-
@stephenw10 the dmesg | grep tty didnt return anything in the serial console. In the /dev/ directory i do see quite a few "tty*" files. Only one was changed since i logged in, that was "ttyu0", see below...
Is this what you meant?