[resolved] pfsense-beta-102 netboot hangs @ "Lan configuration …"

Tenzen · Mar 27, 2007, 9:00 PM

I'm sure we could argue this point all day long until we're both blue in the face

Well, we can agree there :-)

I just don't see the point of a PXE boot based installer for the embedded platform, pop it open and replace the flash card.

Neither do I. I'm not doing that.

this was a FULL install from CD over the wire, not an embedded install.

Exactly my situation.

FULL install. Goal – over the wire.

I am NOT by any stretch wed to the idea of tftp, nfs, or any particular technology.

Frankly, It matters not one whit to me what technology is used :-)

What I am interested in doing is getting pfSense installed onto a Soekris Net4801 that has a 'real' HardDrive in it -- no CF, no MicroDive, but a 40GB IDE Drive -- without opening the box.

I can do that handily with 'full' FreeBSD. I can't with pfSense. And the detail provided above is my attempt at helping to identify what's causing the problem.

Sure, the FreeBSD install via tftp/pxeboot/nfs is 'messy' ... BUT, if fulfills the purpose, can be easily scripted, and requires nothing more than Power/Serial/Ethernet cables to be attached.

If the pfSense-install-over-the-wire is already possible, I've neither found the detail how to do it, nor have I come across anyone (yet) that can provide it.

But, again, to be clear, I am not currently using, nor do I intend to use, a CF-based/Embedded-pfSense install. The folks at #pfsense did too good of a job arguing that I "needed" packages -- and it was made clear that that requires a FullInstall. :-)

Regards.

sullrich · Mar 23, 2007, 11:23 PM

What I would do in your situation is tar up the pfSense contents, then create a script that runs from a standard FreeBSD netboot. The script would partition/fdisk, install the MBR and then explode the tar gzipped contents on the new system and reboot.

This will be a LOT easier than trying to get pfSense to netboot I suspect.

billm · Mar 23, 2007, 11:34 PM

pfSense will netboot, I've done it. I may even still have working configs somewhere - it's how I did a full install on my hacom. I do remember having all sorts of issues making it work on the soekris, but I was trying to do something slightly different. At this point I don't recall what the workaround was, but it had something to do with the dhcp server AND the default config.xml agreeing - this is where the full install worked better as there is no default config.xml on the cdrom (if I remember correctly) so I was able to change which nic the WAN was on. Or it may have been the fact that our default config.xml uses sis0/1 which is there on a Soekris box and isn't there on the hacom unit (fxp's) so first time setup was triggered. Again, it's been a while, it does work though.

–Bill

Tenzen · Mar 27, 2007, 9:01 PM

Hi Scott,

@sullrich:

What I would do in your situation is tar up the pfSense contents

Easy enough.

then create a script that runs from a standard FreeBSD netboot. The script would partition/fdisk, install the MBR and then explode the tar gzipped contents on the new system and reboot.

Clear, in principle. Have no idea how to do that, as yet. So, off to read FreeBSD 'stuff'.

If there's a pfsense wiki/doc/list/forum reference that someone knows about, a pointer would be appreciated.

Thanks for the suggestion

billm · Mar 24, 2007, 4:52 PM

I believe the following worked for netbooting the cdrom…don't quote me on it though.

dhcpd.conf:


# hacom
host pxe2 {
        hardware ethernet 00:40:f4:47:e7:d5;
        fixed-address 192.168.69.102;
        next-server 192.168.69.80;
        filename "pfsense/boot/pxeboot";
        option root-path "/usr/local/tftpboot/pfsense/";
        option routers 192.168.69.1;
}

in /usr/local/tftpboot/pfsense/cf/conf/config.xml I had


        <interfaces><lan><if>fxp0</if>
                        <ipaddr>192.168.69.102</ipaddr>
                        <subnet>24</subnet>
                        <media></media>
                        <mediaopt></mediaopt>
                        <bandwidth>100</bandwidth>
                        <bandwidthtype>Mb</bandwidthtype></lan></interfaces>

and pxe2 resolved to
maradns config:


pxe2.%          fqdn4           192.168.69.102

Tenzen · Mar 27, 2007, 9:02 PM

Hi Bill,

Bingo!

Once I figured out that I needed to make the change in:

/private/pfSense_tftpboot/conf.default/config.xml

rather than

/private/pfSense_tftpboot/cf/conf/config.xml

which, looking at the path, I suppose, makes sense …

Changing:


        <interfaces><lan><if>fxp0</if>
---                     <ipaddr>192.168.1.1</ipaddr>
+++                  <ipaddr>10.0.0.10</ipaddr></lan></interfaces>

where, as in your example, "10.0.0.10" is the ip Addr assigned to the LAN port in dhcpd.conf, on reboot, I see:

Starting syslog...done.
...
Configuring LAN interface...done.            <----- WE'RE PAST THIS PROBLEM!
Configuring WAN interface...done.
Configuring OPT interfaces...done.
Configuring CARP interfaces...done.
Syncing system time before startup...done.
Configuring firewall......done.
Starting webConfigurator...done.
Starting DNS forwarder...done.
Starting DHCP service...done.
Setting up microcode and tx/rx offloading...done.
Starting FTP helpers...done.
Generating RRD graphs...done.
Starting DHCP service...done.
Starting OpenNTP time client...done.
Starting CRON... done.
Bootup complete

So that issue seems to have gotten fixed (!?).

If I now open a broser, and nav to:

http://10.0.0.10

with credentials "admin/pfsense", I see:

http://img48.imageshack.us/img48/7258/untitledun9.jpg

Which, I gather, is what I should see! :-)

I'll try the install itself later today.

Thanks!

hoba · Mar 24, 2007, 6:34 PM

Maybe you can dump your setup into a vmware-preinstallation environment now so others can use it easily too ;D

Tenzen · Mar 24, 2007, 10:00 PM

@hoba:

Maybe you can dump your setup into a vmware-preinstallation environment now so others can use it easily too ;D

I'm doing "this" on/with a PowerBook G4. No VM* to speak of.

Assuming all goes well, I'll gladly post my step-by-step notes.

Once I 'bless' the setup, and delegate to the techie-types, perhaps they can cobble something up on/for VM*.

–Tenzen

Tenzen · Mar 24, 2007, 10:26 PM

Now that I've netbooted pfsense to the point I can see the pfSense web interface at http://10.0.0.10, how, exactly do I go about INSTALLING the system TO the Net4801's local HDD?

Is that done via the web interface? Poking around, I suspect, perhaps not.

At the serial console, however, the output currently 'sits' at:


...
Starting DNS forwarder...done.
Starting DHCP service...done.
Setting up microcode and tx/rx offloading...done.
Starting FTP helpers...done.
Generating RRD graphs...done.
Starting DHCP service...done.
Starting OpenNTP time client...done.
Starting CRON... done.
Bootup complete

and goes no further. Is this as expected? Or have I stumbled on my 'next issue'?

Thanks.

–Tenzen

sullrich · Mar 24, 2007, 10:29 PM

You have stumbled upon your next issue. The console should auto login and you should be presented with a menu.

hoba · Mar 24, 2007, 10:30 PM

You want to turn on the serial console at system>advanced. You will have an option 99 at the shellmenu to install it. This also can be done via ssh btw (enable it at system>advanced) and wait until the keygeneration has finished.

Tenzen · Mar 24, 2007, 11:15 PM

@sullrich:

You have stumbled upon your next issue. The console should auto login and you should be presented with a menu.

Well, rats. I have discovered mention of the "shell menu" in the docs, which I guess is what you're referring to – and I'm not seeing.

@hoba:

You want to turn on the serial console at system>advanced. You will have an option 99 at the shellmenu to install it. This also can be done via ssh btw (enable it at system>advanced) and wait until the keygeneration has finished.

Here's an interface problem. I can't select any of the items from the System menu. If I hover over it, it drops down, but if I move cursor down to attempt to select any item, the menu vanishes, and a submenu of other items appears. This is only true of the System Menu. Other menus seem to be fine.

Instead, manually entering URL:

http://10.0.0.10/system_advanced.php

At the web interface, check/select/save to ENABLE both:

	Enable Serial Console
		This will enable the first serial port with 9600/8/N/1
		Note: This will disable the internal video card/keyboard

	Secure Shell
		Enable Secure Shell
		SSH port

Then, from shell @ pc,

ssh -l admin 10.0.0.10
Password: "pfsense"

Login is successful, and I now see the expected "shell menu".

*** Welcome to pfSense 1.0.1-SNAPSHOT-03-23-2007-cdrom on pfSense ***

  LAN*                     ->   sis0    ->      10.0.0.10
  WAN*                     ->   sis1    ->      10.0.0.20(DHCP)

 pfSense console setup 
***********************
 0)  Logout (SSH only)
 1)  Assign Interfaces
...
99)  Install pfSense to a hard drive/memory drive, etc.

Selecting Option==99 takes me into the pfSense installer …

Following the step-by-step instructions at:

http://doc.pfsense.org/index.php/Chapter_3:_Installing_pfSense#Installing_pfSense_to_harddrive

works without a hitch. Finally, selecting the "<reboot>" option, the Net4801 reboots.

Checking console output, I see:


...
ad0: 38154MB <hts541040g9at00 mb2oa60a="">at ata0-master UDMA33
Trying to mount root from ufs:/dev/ad0s1a

     ___
 ___/ f \
/ p \___/ Sense
\___/   \
    \___/

Welcome to pfSense 1.0.1-SNAPSHOT-03-23-2007 on the 'pfSense' platform...
...</hts541040g9at00>

so it's booting from the HDD.

Output now successfully continues to:

pfSense console setup 
***********************
 0)  Logout (SSH only)
 1)  Assign Interfaces
 2)  Set LAN IP address
 3)  Reset webConfigurator password
 4)  Reset to factory defaults
 5)  Reboot system
 6)  Halt system
 7)  Ping host
 8)  Shell
 9)  PFtop
10)  Filter Logs
11)  Restart webConfigurator

Enter an option:

and, checking in a browser, I do see the pfsense interface. For reference, the System menu is till acting-up … but otherwise, I think I've managed to get it done!

Thanks.

--Tenzen</reboot>

billm · Mar 27, 2007, 2:11 AM

Might be your browser. I think IE7 has issues with the NerveCenter theme…that and people that increase their font size :)

--Bill

Tenzen · Mar 27, 2007, 2:54 AM

Hi Bill,

@billm:

Might be your browser. I think IE7 has issues with the NerveCenter theme…that and people that increase their font size :)

Actually, that was addressed/resolved here: http://forum.pfsense.org/index.php/board,23.0.html

Summary – The problem's "minimum font size". I can't, well won't turn it off. So, I switched themes.

-- Tenzen

mmlenz · Apr 3, 2007, 6:50 PM

I can think of a good reason why it would be nice to get netboot working. Because the freebsd boot loader is complete shit and won't let you boot via any USB devices that I've found. The concept of tearing open a machine just so I can install an operating system is unsettling. The world has enough hobby firewall projects. Don't get me wrong though, I adore pfSense I've been using it since the dot releases. I even bribed Bill into getting the initial RR-LB stuff working ;)

hoba · Apr 3, 2007, 7:05 PM

It actually is nice for installing appliance hardware like 19" units without cdroms or small desktop appliance. Also is nice for developing and testing things. no need to reflash/replug all the time. just let the unit netboot a new image to test things. I bet there are other reasons one could think of as well.Just be openminded ;)

Cry Havok · Apr 5, 2007, 12:40 PM

Yup, I'm building one of the FX5620 boxes and it doesn't have a CDROM and I don't have a USB one to boot from. While I can pull the disk and built it elsewhere, it's a lot of effort compared to doing a netboot from a trusted interface.