Can I connect two Alix2d13 pfsense via Serial Console or connect to my server?



  • Hi Everyone,

    In order to minimize trips to data center and avoid the pricey parking tickets here in Toronto, I want to either connect each pair of my pfsense Alix2d13 boxes to each other via console for remote management. I have the following questions:

    1- Is it okay and easily doable to remote manage the two pfSense from each other? I understand the console port is used in "server" mode where it accepts connection but can it also work as a client to connect to other box? My exposure to Serial Console management is really low and I only know that minicom is used for this.

    2- Do I have to install minicom on the two boxes? Where should I look for the configs?

    3- My other option is to connect Serial Console of pfSense to either USB (Serial to USB Converter head) of my SuperMicro server or to the Serial Console of SuperMicro server. That way I can control both server and pfsense in case one or the other is down.
    All my servers have access to internet from two different pfSense routers so this way no matter what risky config change I make, I will still be able to get remote access right?

    4- It seems one of my pfSense went down over-night. Is ther a package I can install to instruct pfSense to restart in case a problem happens or some sort of other back-door when it's stuck and I am over-seas? Though, in this case it maybe a power failure as pfSense never has gone down on both HTTPs and SSH and VPN on me before. I have all three service running for access.

    5- Is it possible to implement CARP using only two public IP addresses?

    Thanks for your detailed explanations :-)



  • 4. What SM board are you using? The X7SPA-H has a hardware watchdog that can be enabled in the BIOS. I'm not sure how one would enable the driver in pfsense for it, but I imagine it's doable.



  • Hi,

    Thanks for the input. I do have watchdog in the BIOS but what exactly does the watchdog do?
    and I guess by driver you meant the "watchdog" driver to go on pfSense? What would the driver be called?

    How about my other questions :-)

    thanks



  • Most hardware watchdogs will reset the hardware if you don't "pat" it at some interval. The watchdog driver is usually just a kernel module, I think, that pats the dog at a regular interval. It's a type of dead man's switch. I looked into it briefly, but there was no obvious way to enable it in pfsense at the time I was looking at it.

    I don't know a lot about serial consoles in pfsense. Obviously one console cannot act as both client and server at the same time, and the first serial port on the board will default to server. So if you connected the two boards with a null modem cable, then perhaps you could log into one, disable the serial console, then run minicom on that port to access the other box. This is all theoretical and I can't speak to the feasibility of it.

    If your boards have a second serial connector or if you can make a USB/serial converter to run on them, then that might be the easier way to go. Then you still need a minicom-like program to install on pfsense. Again, I'm not much help here.


  • Rebel Alliance Developer Netgate

    1- You cannot use the serial port on the ALIX to connect to another system. It can only be used for console access from a client. It cannot be a client.

    2- No, on 2.0 you can just use "tip" like "tip com2" or "tip ucom1" depending on what serial port you are connected to. For 1.2.3 you may need to copy "tip" from a full FreeBSD install, or try to pkg_add -r minicom, but minicom is probably overkill.

    3- The USB to Serial way should work, though. You could even use the USB ports on the ALIX to do that. My USB to Serial adapter is detected and used fine by my ALIX.

    4- The box will already restart if there is a software panic (which is rare, but can happen), you probably saw a power loss or connectivity loss.

    5- No, you need three. One for each box and then the shared CARP VIP.


  • Rebel Alliance Developer Netgate

    ALIX has a watchdog but we shut it off because it will reboot the box with a sustained high CPU load, it can't distinguish it from a failure.

    You can find this change and revert it if you want to try:

    
    commit 1a479479f397973257592f32c5c7adc8cd088a82
    Author: Scott Ullrich <sullrich@gmail.com>Date:   Mon Jun 22 12:30:53 2009 -0400
    
        Disable watchdogd until we can workaround its brain-dead-eness
    
    diff --git a/etc/inc/system.inc b/etc/inc/system.inc
    index 77082bc..968747e 100644
    --- a/etc/inc/system.inc
    +++ b/etc/inc/system.inc
    @@ -1150,6 +1150,7 @@ function system_enable_arp_wrong_if() {
    
     function enable_watchdog() {
            global $config;
    +       return;
            $install_watchdog = false;
            $supported_watchdogs = array("Geode");
            $file = file_get_contents("/var/log/dmesg.boot");
    @@ -1165,4 +1166,4 @@ function enable_watchdog() {
            }
     }</sullrich@gmail.com> 
    


  • Amazing info. Thanks guys.

    -Bruce


Locked