I'm zonked out failing to create a pfsense bootable USB flash.
-
Hi, first post, wanting to get a feel for pfsense on an Intel 1.5ghz atom laptop.
I built a CD and that worked in my XP pro desktop. The folders where what I expected and I recognized freedos files.
I've tried everything to create a bootable flash. All I get is a removeable drive that Windows says is unformatted, doesn't show any files, and the partition media identifier is something I've never seen. the USB sticks become virtually impossible to reformat in Windoze for re-use and I have to use HP's media re-formatter tool to recover the flash.
When the laptop tries to boot from the flash stick it stays in perpetual black screen with a backslash character and flashing underscore. I've tried USB flash and SD cards in various sizes and start formats - FAT/FAT32.NTFS.EXTx - always get the same result. The first sector on the boot flash doesn't look like anything I've ever seen before either. (see attached sector editor dump).
I'm starting to wonder ig the pfsense files are something special or I cannot create bootable media using XP?
I must be doing something stupid because many have unpacked the downloads to the img file and used them o.k.
I also couldn't understand if I needed the vga or non vga version of the image file - but got the same deadend result with both. I've built bootable USb on the same XP desktop for ubuntu 14, Windows OS and other apps without problems.
[pfsense sector 1 on card.txt](/public/imported_attachments/1/pfsense sector 1 on card.txt) -
Windows can't read the filesystem you're writing out to USB flash, it's not like a CD where it has a filesystem anything can read. You don't format the card at all, the memstick image is a raw disk image that writes out everything. You need the VGA memstick for a laptop.
-
Thanks, I understand that.
Even though the stick can't be read under windoze, should't I just be able to plug in the stick to a USB port after the unreadable image has been transferred, set the bios to boot from flash and get the same menu screen and options as the CD, which is what I was expecting?
All I get is \ and a flashing underscore.
-
Yes.
If you used the memstick-serial image the console will be on the serial port so you won't see anything on the screen.
Do you not see anything at all? If you use the standard image you should see the boot loader even if the kernel doesn't load.Steve
-
OK after a nights sleep I went back, rebooted and tried another USB port which was not on an extender but on the mobo rear panel. I used the image: pfSense-memstick-2.1.5-RELEASE-i386-20140825-0744.img
That transferred to the stick and booted in the laptop to the pfsense startup menu. Even managed to get an install on to the local hard drive.
Now I think I'll hit a brick wall because the internal pcie nic is discovered as re0 but the USB NIC I thought I would try, seems to pop up on boot, but is not listed as a 'valid interface' or is discovered by 'auto detection'.
I'll search the forum for any help on using usb NIC.s and whether any work or not. Power consumption is my concern and I think that means Intel atoms around 1.6Ghz which are used a lot in small laptops and ITX boards. During setup with pfsense running in the background I noticed the laptop fan was running faster than normal and it usually does this only when Windoze apps are working hard and the OS steps up the CPU, or down if running on internal battery. This is exactly what you need for a home router which spends most of its time on idle. I hope pfsense is able to manage the CPU to keep down idle power.
Thanks for your help. I'm glad I have something to work with now.
-
What USB NIC did you try?
You'll find that USB NICs have a pretty bad reputation around here, most people will advise against using them. You may find one works fine though, many people have. If you don't have any other expansion options, netbooks usually don't, then you might consider using VLANs with an appropriate switch.If you enable powerd you will see the benfits of speedstep if your atom offers it.
Steve
-
FWIW, these http://plugable.com/products/usb2-e100 work fine plugged into Intel NUC's running pfsense 2.1x and above, got them originally for using with rapsberry pi's but as UK broadband including fiber is very slow, a 10/100 is more than ample for most needs on the WAN side.
Only time I've had problems with drivers was with earlier versions of nics (cards) where there drivers were not included in that version of freebsd that shipped with pfsense.
-
Thanks, the reason I'm trying to work with real NICs is I played around with a Netgear 600 router which I flashed with DD-WRT. On Openreach fibre I can get about 38mbs downloads and with a VPN service client on the desktop with 256 bit encryption I get around 36.5 - 37Mb/s which is o.k. My service limit is 40Mb/s.
However if I run the Netgear with VPN set up and no VPN client on the Gigabit network pc's, my download speed drops to 16Mb/s. That's pretty awful, so I assume I need more horsepower to host VPN in the router for the encryption. That's my prefered option because I will always know routing is via remote VPN servers.
I've also burned a live usb for zeroshell and at first boot on menu option 'N' show interfaces, I'm seeing ETH00 for the internal Realtek nic, ETH01 for the usb (Realtek) nic and VPN99 for the virtual nic. I'm not looking at all the nice security options yet because if my simple experiments fail to deliver good speeds whilst keeping my electricity bill down when idling, I shall go no further and keep VPN clients on the pcs.
I have more to do!
-
The encryption is quite cpu intensive on any cpu, although building specific functionality into the cpu's like we see with Intel AES http://ark.intel.com/search/advanced?AESTech=true as an example will help speed some things up, but most routers use low power chips like Arm cpu's and these generally ran/run slower than desktop cpu's. Your Netgear might have a low power cpu in it, which will mean it will slow things down like you saw with the 16Mb/s when its got to do the vpn encryption as well.
Most consumer routers are good for low level basic stuff for small numbers of users, if you want to do more cpu intensive things like vpn encryption, you will need to make sure the pfsense hw is powerful enough to do routing as well as encryption and vpn functions, plus anything else you might want it to do like using snort or proxy servers.
Zeroshell looks interesting, but what does it bring to the table thats new? I see some of the closed binaries wont go down with some security conscious people.
Interesting Zeroshell doesnt differentiate the different nic types, in pfsense your internal nic would be named something like EMx incrementing from 0 and the usb nic would be something like UEx incrementing from zero, which would make nic identification a little easier.
-
Just as an example figure an Atom D510 will push ~50Mbps of VPN traffic. That's software only.
Steve
