Why no VGA/Keyboard for Embedded?



  • I've seen multiple postings asking about this, and I have to wonder - why the apparent resistance to having a direct console in the Embedded version? I have trouble imagining it would be code size - m0n0wall can run off a 16MB CF and it has the VGA/keyboard console. It would appear that there are some of us who are trying to recycle an existing PC (in my case, old thin clients) into pfSense systems and find the serial console cumbersome - especially if the intent is for someone less technically savvy to actually use the unit.

    I understand that those running certain embedded hardware must have the serial console and I don't have a problem with that remaining the default, if there could be some reasonable way to configure pfSense to start up in direct console mode. (And such a configuration should "stick" through upgrades!)

    Usually when there's a question about this, the response is along the lines of "that's just the way it is" … I would appreciate an actual explanation of the issue(s), if possible.


  • Rebel Alliance Developer Netgate

    You can build custom images yourself that include VGA, but as far as I'm aware, there is no motive to support such images officially.

    http://devwiki.pfsense.org/NanobsdVGA



  • At least with 1.2.3, you can rewrite the bootloader with the normal one after you write the image to a CF card.  I end up having to do this with my Lanner FW-7520 due to a bug in the serial console version of the bootloader that hangs the system.  I still end up using a serial console but the BIOS is redirecting all the VGA/keyboard to/from the serial.  To pfsense, it's behaving like a monitor/keyboard.



  • To be clear, rewritting the bootloader gets you a text-mode VGA console (not framebuffer mode, just plain 80x25 mode).  I never tried using virtual consoles since I don't have a need for them with pfsense.



  • @kc8apf:

    To be clear, rewritting the bootloader gets you a text-mode VGA console (not framebuffer mode, just plain 80x25 mode).  I never tried using virtual consoles since I don't have a need for them with pfsense.

    Sounds fine to me - may I ask if you have a reference on how to rewrite the bootloader? I have some experience with linux, but virtually none with FreeBSD outside of pfSense.



  • @jimp:

    You can build custom images yourself that include VGA, but as far as I'm aware, there is no motive to support such images officially.

    http://devwiki.pfsense.org/NanobsdVGA

    Thanks for the link; I tried to do this in a VMware virtual machine and couldn't get it working. If I try again, I'll keep this in mind.

    But you touch on my core question - why isn't there a motive to include this? If it were to horrendously break something or egregiously bloat the code, that I could understand… but neither appears to be the case.



  • Give the Hacom CF images a try.  I think they patched them accordingly.  Now whether they removed any drivers that don't correspond to their hardware, I don't know.  You may also have to live with the "Hacom" branding.
    http://www.hacom.net/catalog/pub/pfsense



  • I would very much like to see a version of nanobsd that supports a keyboard/monitor.  I think a poll of nanobsd users would show strong support for adding this version.  I have lots of small form factor PC running m0n0wall that I would like to convert to pfSense but I really don't want to give up my keyboard and monitor support just yet.  Is it really all the hard to create and maintain one more version or is there another reason it doesn't exist.

    Roy…



  • @kc8apf:

    At least with 1.2.3, you can rewrite the bootloader with the normal one after you write the image to a CF card.  I end up having to do this with my Lanner FW-7520 due to a bug in the serial console version of the bootloader that hangs the system.  I still end up using a serial console but the BIOS is redirecting all the VGA/keyboard to/from the serial.  To pfsense, it's behaving like a monitor/keyboard.

    It's not really a bug. I'm also using Lanner devices, and, with me too, the embedded wasn't booting out of the box. When doing an "fdisk /MBR" in dos, the device was booting. After checking the content of the MBR, I noticed that the code was using BIOS interrupts to write to COM1. This is where it hangs basically. To fix this, all you need is to go into your BIOS and make sure that the console redirection is not set to "Always Enabled".



  • @valnar:

    Give the Hacom CF images a try.  I think they patched them accordingly.  Now whether they removed any drivers that don't correspond to their hardware, I don't know.  You may also have to live with the "Hacom" branding.
    http://www.hacom.net/catalog/pub/pfsense

    Indeed, that's what I used to use - but with changes in the hardware they offer, they're no longer doing the 512MB image that I need; the smallest is 1GB now. Some of the thin clients I convert don't use CF, but less commonly available (and more expensive) modules that plug directly onto the IDE motherboard header, and often there isn't room for an IDE-to-CF adapter. I could buy new modules - but frankly they can cost more than I paid for the rest of the machine! Some of these boxes based on 600-800MHz Via C3's are crazy cheap used and work beautifully as pfSense boxes with a dual-port ethernet card added.

    I'd prefer to stay with pfSense - but given the choice between having to spend the money or switch the non-CF machines to m0n0wall - m0n0wall wins. Especially with the Hacom branding issue. And that's why I brought this up; I'd like to know the thinking behind not including VGA/Keyboard in the embedded version, and not get a handwave "that's just the way it is." For a project as well thought out as pfSense - there's got to be a reason.



  • I have to agree, no VGA/keyboard on the embedded images is a major hassle…  :(



  • It would seem the developers really don't give a rat's ass as they won't even take the time to answer any questions as to why this is not supported.

    Roy…


  • Rebel Alliance Developer Netgate

    The NanoBSD images are really intended for embedded devices, nearly all of which lack VGA. It also saves some resources by not having it loaded. Plus there are devices which do not have VGA that flake out if VGA is in the kernel, I believe.

    It would also require supporting normal and VGA-enabled nanobsd in every image size, which gets really hairy. Plus people would be confused and inevitably end up loading the wrong image for their hardware.

    If you really need VGA, use the full install. You can still edit /etc/platform to trick it into believing it is "nanobsd" so packages will still work but the fs will be kept ro. Upgrades would be broken but you could edit /etc/platform turn it back into a full install and then repeat the change after.

    It's not worth bothering with in 99% of cases because serial ports work fine for most people.



  • @rpsmith:

    It would seem the developers really don't give a rat's ass as they won't even take the time to answer any questions as to why this is not supported.

    Not exactly the best way to get what you want from people who largely donate their time. There is a feature request open on this:
    http://redmine.pfsense.org/issues/214

    Serial consoles are fragile things, as is the build system. If you want to dedicate a few dozen hours of your time to adding this and testing it on a wide variety of hardware, knock yourself out, we welcome it. If you want to throw some cash at it, we welcome that too. Otherwise, you can kindly ask for it and we'll consider it at some point. It's not a priority. Money and/or contributed development efforts change priorities. Bitching does not.



  • Thank you both for the reply.  Not being a coder or even a BSD guy, I really can't contribute code but I would gladly contribute $100 to the cause and if the other folks that would like to see this added do the same that might entice someone who is a coder.

    BTW, I very much appreciate all the hard work from all the contributors and I apologize for that "give a rat's ass" comment.  I should have waited a few more minutes before I decided to click on the "Post" button.

    Roy…



  • @jimp:

    The NanoBSD images are really intended for embedded devices, nearly all of which lack VGA. It also saves some resources by not having it loaded. Plus there are devices which do not have VGA that flake out if VGA is in the kernel, I believe.

    It would also require supporting normal and VGA-enabled nanobsd in every image size, which gets really hairy. Plus people would be confused and inevitably end up loading the wrong image for their hardware.

    If you really need VGA, use the full install. You can still edit /etc/platform to trick it into believing it is "nanobsd" so packages will still work but the fs will be kept ro. Upgrades would be broken but you could edit /etc/platform turn it back into a full install and then repeat the change after.

    It's not worth bothering with in 99% of cases because serial ports work fine for most people.

    Does this mean the the old unsupported "embedded" hack still works?

    If that's the case I think it would be enough for most users who want an embedded image with VGA/Keyboard support.

    I've been running pfSense 1.2.1-beta using the embedded hack for years without any problems but I've hesitated when it comes to upgrading since I didn't know if the embedded hack still worked on 1.2.3 / 2.0.



  • jimp/cmb: Thank you for the explanations. I wasn't aware that some embedded hardware that lacks VGA can freak out if VGA support is included in the kernel. That in itself is a reason I can fully understand for leaving it out, without even having to go into other problems it might cause with producing/supporting builds.



  • m0n0wall has no problems running on embedded/serial and PC/VGA and it is also freebsd based.  I really believe this and the PPTP limitations are both fixable but the folks doing all the heavy lifting evidently don't think it's worth the effort.  Fine, I can live with that.  It's just a real shame that a really great firewall like pfSense seems to be missing two very basic feature.

    Roy…


  • Rebel Alliance Developer Netgate

    @rpsmith:

    m0n0wall has no problems running on embedded/serial and PC/VGA and it is also freebsd based.  I really believe this and the PPTP limitations are both fixable but the folks doing all the heavy lifting evidently don't think it's worth the effort.  Fine, I can live with that.  It's just a real shame that a really great firewall like pfSense seems to be missing two very basic feature.

    Roy…

    Yes, VGA on NanoBSD is possible. There is even code in the builder for it if you want to setup your own builder and use it. It's not exactly rocket science, but there may be some voodoo involved. It's just not officially supported.

    As for PPTP, if it were an easy fix, it would have been done long ago. m0n0wall uses ipfilter, not pf. ipfilter has its own built-in PPTP proxy, pf doesn't. If you want to help, contribute something (code, cash, beer, whatever) instead of posting whiny comments.

    On some things, comparing m0n0 and pfSense is valid; On many others, it's apples and oranges.



  • Thanks for the reply jimp.  I'll probable just stick with m0n0wall for now.

    BTW, I have contributed both hardware and money on more than one occasion to both pfSense and m0n0wall and will continue to support both projects.  And yes, you may even hear me whine from time to time but please feel free to ignore it.  :)

    Thanks again for all your hard work!

    Roy…


Locked