Noob hardware questions for Soekris low power appliance



  • Hey guys…

    I'm working on a hardware purchase for a new firewall for home use.  My primary drivers for selecting this equipment are equipment longevity/reliability, passive cooling, size, and electrical consumption.  It'll be running openvpn for windows machines, IPSEC VPN for Android and iOS, serving up my 15 meg cablemodem connection, and running a captive wireless portal for guests.  And maybe a few other things like SFTP/FTPS for file transfers to family.  Here's the hardware I was considering.  I wanted to see if anyone could spot any problems with using PFSense on this since this is my first foray into using PFSense.  I have an extensive Linux background so I'm comfortable giving it a try, but I'm not at all familiar with the hardware support of the various BSD's/versions, so any comments or suggestions are welcome.

    Base board:
    Soekris net6501-50 Board and 1 Slot Standard Case (1 GHZ, 1 gig mem, 4x Intel 82574IT Gigabit Ethernet ports)
    Power Supply, 12V, 3.0A

    Wireless:
    Mini PCI Express to PCI-E Wireless Adapter
    http://www.amazon.com/Mini-PCI--Wireless-Card-Antennas/dp/B005Q751BA/ref=sr_1_2?s=electronics&ie=UTF8&qid=1325128978&sr=1-2
    This way I can replace/upgrade the wireless card.

    Intel 6200 IEEE 802.11n (draft) Wi-Fi Adapter
    http://www.amazon.com/Intel-802-11n-draft-Wi-Fi-Adapter/dp/B0036BJN12/ref=sr_1_2?s=electronics&ie=UTF8&qid=1325123160&sr=1-2
    I read that 802.11n isn't supported yet in 2.0, not sure if that is still true or not in 2.1, I haven't read that far yet.  If not, will this card work in B/G modes?  The antennas are only 2.4GHZ.  Can I disable the 5GHZ band in PFSense?  Open to suggestions for the wireless.

    Disk:
    Intel 310 Series 40GB mSATA mSATA (mini PCIe form factor) MLC Enterprise Solid State Disk
    http://www.newegg.com/Product/Product.aspx?Item=N82E16820167039

    The disk alternative is that the board is capable of booting from a USB stick.  I could get a low profile USB and boot/run from that, which would save $100.  From what I've read in the forums that should work ok for now.  I'll probably go SSD or USB though for the power and cooling savings over traditional spinning disk, and it keeps this entire system to zero moving parts.

    Comments welcome!  Thanks!



  • The Intel 6200 is not n the supported hardware list (http://www.freebsd.org/releases/8.1R/hardware.html). Most of the supported Intel WiFi adapters are not supported for operation in Access Point mode.

    802.11n is not yet supported in FreeBSD/pfSense though some 802.11n capable WiFi NICs will operate in "802.11g compatibility" mode. The Tenda W311U and and TP-Link TL-WN321G are both supported WiFi USB NICs capable of operating in AP mode. External 802.11n APs are also available quite economically.

    It would probably be worthwhile searching the pfSense forums for reports on the net-6501. If I recall correctly some people have had problems installing pfSense on them.



  • How do I know which ones are supported in access point mode?  The hardware compatibility list doesn't say anything about that.


  • Netgate Administrator

    I'm not sure how up to date this is but it's probably the best source of information:

    https://docs.google.com/spreadsheet/ccc?key=0AojFUXcbH0ROdHgwYkFHbkRUdV9hVWljVWl5SXkxbFE&hl=en#gid=1

    Steve



  • @skreien:

    How do I know which ones are supported in access point mode?  The hardware compatibility list doesn't say anything about that.

    The hardware compatibility list tells you the names of drivers for WiFi devices. The man page for the driver (see http://www.freebsd.org/cgi/man.cgi) gives the modes supported by the corresponding driver.

    I believe you might not find a man page for the run driver. It supports AP mode. (I have a run device and use AP mode on it.)

    The web page Steve linked to is probably a better resource in its likely to provide some starting points more quickly than grinding through the man pages.

    A difficulty in this area is that many of the suppliers of WiFi devices change chipsets in their devices without changing model numbers. This makes it a bit of a challenge for someone wanting to buy a supported device.

    My previous reply gave a couple of USB WiFi NICS which I have used on pfSense in AP mode.


  • Rebel Alliance Developer Netgate

    I compiled the information from all of the man pages (and some from driver source!) to build the spreadsheet that stephenw10 linked. It's as accurate as I could make it for 2.0/2.0.1

    The first tab has the drivers and what modes they support, the second tab has the drivers and what part numbers/models are supposed to work with those drivers. That part is probably the least accurate, as companies love to rearrange those or re-use model numbers while changing hardware.

    I'll have to update or re-do that for pfSense 2.1 when we switch to FreeBSD 9, but I'm not sure it will change a while lot.



  • Thanks guys, I appreciate the feedback.

    I did search the boards, I haven't found any problems with the 6501 except as it relates to USB booting, and I found a few posts where that was working also now that the BIOS has been updated, so I think I'm ok there.

    Based on the excellent info compiled by jimp I'm leaning towards the Dlink DWA-556 as its readily available and well supported by the ath driver.  I've seen multiple posts where some of the newer atheros chipsets aren't supported, so I'd really like some recommendations on some currently shipping BGN cards that are known working.  Preferably atheros based as those seem to be the best supported.  I'm not a big fan of Dlink cards though, had several bad experiences with performance on them, so if there are any other suggestions for known working atheros based cards I'm open to suggestions.  In the meantime I'll look at jimps info closer when I have more time tonight.

    Thanks!



  • @skreien:

    I'd really like some recommendations on some currently shipping BGN cards that are known working.

    Lets narrow the problem space a little: PCI-Express? USB? PCI? (PCI with bus adapter?) PCMCIA? (PCMCIA with bus adapter?) Any other requirements (e.g. optional external antenna)?

    Regarding "currently shipping cards known working": many (probably most) suppliers of WiFi cards quietly change the chipset, even the brand of chipset without changing the model number of the card. I might suggest a DLink xyz on the grounds that the one I bought six months ago works fine but, in the meantime, DLink has changed the xyz from Atheros chipset (supported in pfSense) to TI chipset (unsupported in pfSense). See the discussion on the TP-Link WN422G in this forum for one particular example.

    802.11N support isn't really present in pfSense 2.0 or 2.0.1. Some chipsets that support 802.11N work in pfSense in 802.11G compatible mode, others maybe not. If you really need 802.11N now you would be better off with an external AP.

    If you don't mind paying a bit extra you could ask a vendor selling pfSense appliances for a device known to work with pfSense 2.0 and state up front you expect to return or exchange it if it doesn't work.

    The approach I took a few years back (and still take) is to purchase cheap adapters that have been known to use supported chipsets, keep clear of the big suppliers (Netgear, DLink, Linksys, BELKIN) because they have a record of changing chipsets without changing model number, and take my chances. TP-Link devices have given me good service. The chipset in the WN321G (USB) changed some time ago from a supported Ralink chipset to a supported Ralink chipset (different pfSense driver) that needed a small pfSense tweak to get working so that change didn't inconvenience me greatly. The PCI TP-Link card I bought has Atheros chipset and it has worked fine but seems to be no longer available and I haven't tried its replacement.

    I'm happy to make some more specific suggestions when I see some more details of your constraints.



  • Yeah, I saw that about the suppliers changing chipsets.  That's why I'm putting in some effort up front to try and find a card that I know will work so I don't have to mess around with it or do returns.

    It has to work in the Soekris Net6501, so my limitations are either PCI Express X1 or mini PCI Express.  And I want the ability to do multiple SSID's also so I can have my normal wireless network and a simultaneous guest network, which is why I wanted the Atheros chipset.  I don't really want a USB as those tend to have more transmit signal loss or less sensitive receive antennas, IE less range, or not have the multiple radios.  I was originally looking for mini PCI but I haven't seen a mini PCI to PCI Express X1 adapter card like the PCI Express to mini PCI Express like the one in my first post, so I've got to be PCI express format.  Otherwise it'd be somewhat easier.  Seems like the majority of mini/PCI Express cards are N or some version including N which I know doesn't work, so between that and PCI Express I'm having a difficult time finding a good card.



  • There are mini PCI Express cards on Ebay based on Atheros AR5006EXS chipset for about US$12. This post (http://forums.freebsd.org/archive/index.php/t-6816.html) in 2009 suggests the chipset probably works in FreeBSD 8 and hence probably works in pfSense. (To what extent is the AR5006EXS the same as AR5006?) Does it support multi-APs?
    It doesn't appear to have 802.11N support so that removes a possible complication.

    Worth a try? If you try it, please report back on the outcome.



  • OK, after more research I found several posts about AR9280 support working on FreeBSD 8.1.  I also found a page where the Ubiquiti SR71-E (AR9280) is listed as working well, although that page was in the development branch.  Unfortunately there was no date on that particular page but I found several references to regression testing of fixes to AR9280 support in 8.1 RC series which indicates support came prior to 8.1.  It's also ABGN.  Sounds like that's a good place to start.

    If I'm going to take my best shot and try one I might as well try one that's got N support in the hardware so I don't have to replace the card when PFSense 2.1 comes out.  In the meantime I can use BG modes.

    I'm assuming I can disable the 5 GHZ band radios in PFSense?



  • OK, so now I have all my hardware and have it assembled and on my desk.  I'm REALLY struggling with the install however.  I can't use the memstick installer because it requires VGA, and there is no option I can find on the nanobsd images to install to hard drive.  I currently have no way of hooking up a CDROM, and even if I could I can't install that way either because of the lack of video card.  I found a post that says how to enable the serial console of the memstick, but I have no way to mount the FS to make the modifications.  The only way I can get it working currently is to write one of the nanobsd images to a USB stick, then boot/run from that, which I don't really want to do.

    How do I do a serial install to a hard drive via USB with no VGA???  Thanks!


  • Rebel Alliance Developer Netgate

    Several scenarios are laid out here:

    http://doc.pfsense.org/index.php/Full_install_on_Netgate_Hamakua

    (It says Hamakua but it works on any non-VGA system for a full install)



  • I saw that… For a project that supports embedded hardware, to have to take the hard disk out and put it in a full computer to do the install seems awfully complicated when all I need is install media that supports serial console.  I thought I had to be missing something.


  • Rebel Alliance Developer Netgate

    As that kind of hardware gets more common we will probably work on supporting that more. It wasn't until just a few weeks ago that the Soekris net6501 even supported booting from USB, and the Hamakua didn't as far as I'm aware, so even if we had worked on a way to make that function, we didn't have a way to test it.



  • Took a while, but I finally have most things running.  I ordered the wrong disk adapter board at first… there's a difference between Micro SATA and mSATA.  Go figure.  Fantastic naming convention there by the way.  Not confusing at all.  I found the correct one on the second try and did the full install in a computer, remounted the SSD on the Soekris box, then fired it up.  Worked like a charm.

    I finally configured the wireless in the last hour, and though I have barely used it yet I have succesfully connected and browsed a few web pages using the Ubiquiti SR71-E as the wireless card.  So I can confirm that works.  Or has so far, anyway.  I am only running it in G mode, NOT N or A modes as I don't have any wireless hardware that runs those two modes to test with.

    I have OpenVPN setup and was able to successfully send traffic across the tunnel one time out of 10 attempts so far... I haven't tried again since that one success.  I did notice that while I was able to successfully connect prior to that success, I wasn't able to pass traffic across the VPN connection until I did a full reboot on the firewall.  Obviously something is not loading correctly.  I spent two nights working on it, and finally out of desperation I tried a restart and it just starts working.  YEAH!!!!

    To do:
    TX Power setting, I'm not sure what to set that at, so I'm reading up on that.
    IPSEC VPN from my android tablet: so far have been unable to make any connection at all.


Locked