Successful Install on HP t5730 Thin Client



  • A quick report that pfSense 2.2-RELEASE is working perfectly on HP t5730 Thin Clients.

    • AMD Sempron 2100+ 64-bit CPU at 1GHz
    • 1GB Flash internal DOM
    • 1GB RAM
    • Broadcom Gigabit NIC
    • 20W power consumption

    It is able to run the NanoBSD image from its internal 1GB flash DOM. It's not even needed to pull it out, one can boot from a syslinux'ed USB stick and copy the image with dd from the stick to the DOM module using the box itself.

    Since it only has one Gigabit network interface, it can be used with a VLAN switch to create multiple VLAN interfaces accessible on separate ports.

    According to my tests with the new pfSense NanoBSD 2.2-RELEASE (pfSense-2.2-RELEASE-1g-amd64-nanobsd-vga.img.gz), this hardware is able to transfer data between two VLAN interfaces
    at 500-550 Mbps. I've tested both cases with traffic routed and traffic NATted using a TP-Link TL-SG2008 VLAN-capable Gigabit switch, and two Gigabit-connected Intel i5 and i7 desktop PCs. There seems to be an optimal balance between the CPU load and the network capability, as since the same physical interface is used for both inbound and outbound traffic, it would be impossible to transfer more than that - and the CPU is just enough to handle this, so no energy wasted on unused cycles.

    Using OpenVPN with default settings, achievable bandwidth inside the channel is 62Mbit/sec in both directions.
    Activating BSD cryptodev or RSAX engine allows for 66Mbit/sec in both directions.





  • Here's a tool which helps to create a bootable USB stick to copy the pfSense image into the internal flash.

    Download the 1GB NanoBSD image, and copy it to the USB stick directly, without unpacking it from the .gz archive. The tool running from the USB stick will uncompress it on the fly.
    You can also use it to first create backups of the current contents on the internal flash and restore them later.

    A USB stick with similar features can be also created with the ThinPro Demo virtual image from HP, as I described in one of my earlier posts.



  • @robi:

    According to my tests with the new pfSense NanoBSD 2.2-RELEASE (pfSense-2.2-RELEASE-1g-amd64-nanobsd-vga.img.gz), this hardware is able to transfer data between two VLAN interfaces
    at 500-550 Mbps.

    robi,

    I installed pfSense on the same Thin Client. My question is, how can you measure the max transfer speed on a pfSense box?

    Thank you



  • @gbarquero:

    @robi:

    According to my tests with the new pfSense NanoBSD 2.2-RELEASE (pfSense-2.2-RELEASE-1g-amd64-nanobsd-vga.img.gz), this hardware is able to transfer data between two VLAN interfaces
    at 500-550 Mbps.

    robi,

    I installed pfSense on the same Thin Client. My question is, how can you measure the max transfer speed on a pfSense box?

    Thank you

    LAN-LAN use iPerf between two PCs
    LAN-WAN online iPerf server and iPerf client in the LAN
    VPN-VPN both ends should be holding the same and identically hardware and then
    iPerf during two PCs through the VPN connection.



  • OK, great. I've never heard of iPerf (I am new here). I will check it out

    Thanks!



  • @gbarquero:

    OK, great. I've never heard of iPerf (I am new here). I will check it out

    Thanks!

    You can also use NetIO to do so, but this would be better to do it in another way that is not
    really and only representing the power of your hardware and/or the Internet connection you are using.



  • Here's a Windows app to measure network speed: http://www.totusoft.com/lanspeed.html
    It's not as professional as iperf, but seems to give accurate results.



  • @BlueKobold:

    LAN-WAN online iPerf server and iPerf client in the LAN

    I wouldn't recommend online servers due to the fact than public internet can introduce errors in the measurement.

    You can measure LAN-WAN throughput of the box easily with 2 PCs, connect one to the LAN side as usual, and connect one to the WAN side directly with a cable. Assign static IPs to both the WAN port of pfSense and the WAN-PC.
    For example you can have LAN network as usual 192.168.1.1/24 and for WAN use 192.168.2.1/24, WAN-PC should have perhaps 192.168.2.2.
    Don't forget to un-check on the WAN interface the block private networks option.
    Now you can measure speed by running the iperf or lanspeedtest server on the WAN-PC, and the client on your LAN PC.



  • It's not as professional as iperf, but seems to give accurate results.

    That can perhaps be and iPerf, jPerf or NetIO are not the only measuring programs
    on earth fir sure, but I don´t want to measure the power of the hardware more then
    the able to reach throughput.

    And for a LAN-WAN throughput test:

    • If you and me have or won totally identically machines, likes a Alix APU 1D4 Board and we are both
      looking for our personal throughput in our places where we are using the pfSense machines
      and then you will get something around 650 MBit/s - 700 MBit/s and me only ~450 MBit/s,
      that can be owed to our ISPs, the quality of line or pure Internet connection or and this is
      the most exiting point for me, that I am coming closer to the point that something is
      miss configured at my machines or could plain better configured or pimped (tuned)
      up likes enabling PowerD to get the same results likes you.

    Or I am able to ask my ISP whats going on!

    But if you are using your program and I am using another fancy stuff it can be also related to the
    programs we a re using, and not to run into those traps, it would be good to use even the same
    stuff for measuring the entire speed you want to know.



  • Is it possible to attach an extra dual nic on the board?
    What hardware do I need to do that?



  • You need HP part no. GZ286AA, which is a PCI/PCI-Express expansion case. It doubles the thickness of the device, offerinc a PCI or PCI-Express slot, also adding an extra serial and parrallel port.



  • Is it possible to run snort and openvpn on this. My connection is ads 5mbps down / 1mbps up.



  • Don't know about snort, but OpenVPN runs very stable on it (nanobsd 1GB image), I'm using it with more than 20 users.



  • Tested pfSense 2.3 - runs perfectly on this hardware. NanoBSD is only available in 2GB size and above from pfSense 2.3, but you can install manually on the built-in 1GB DOM disk.

    HowTo: install full pfSense from ISO or memstick pfSense as usual an 1GB disk, but please select advanced install during setup, and partition disk manually. At partition size enter * (asterisk) so that the partition fills up the whole 1GB disk space. Also when it asks for swap space, delete the swap entry from the list.
    After installation finishes, you'll have a full install ocupying only 61% of 946MiB (that's in my case using 1GB built-in DOM disks in thin clients).
    (there's some weirdness in the simple setup logic, that only creates a 700MB partition and leaves 300MB unpartitioned - that's why you should go advanced)

    To assure NanoBSD-like operation, go to System > Advanced > Miscellaneous and check "Use RAM Disks (x) Use memory file system for /tmp and /var". This will keep installed system away from flash writes.



  • HP t5730 Thin Clients can't boot the new memstick installer which appeared with pfSense 2.4. Even with the latest BIOS, tricks described in the wiki don't work either.
    But, as jimp suggested in this sticky topic, it is possible to install pfSense 2.3.4 first (as described above, but make sure you choose the 64-bit version!) and upgrade in-place to 2.4 series (option 13 from console). It still fits well on the built-in 1GB DOM disk.
    To remove redundant package files and recover some disk space contents of /root/var/cache/pkg can be deleted after upgrade. I also delete /boot/kernel.old directory with all its contents and thus the whole system will be at around 70% disk usage out of the internal flash.

    You can then create an image-backup of the DOM - this allows for re-installation later or for deployment on multiple devices, much faster than reinstalling from scratch (select reset to factory defaults from menu, and when it reboots, boot from the thinstate disk instead and make the backup - this way each restoration from image will create a factory fresh copy, with unique keys etc.).

    These thin clients are rock solid reliable. Their one thing is the BIOS battery, when it dies, they won't boot. Replace battery and you're up again for years.



  • @robi:

    These thin clients are rock solid reliable. Their one thing is the BIOS battery, when it dies, they won't boot. Replace battery and you're up again for years.

    That seems to be a somewhat common annoyance with AMD systems form that era. I have a bunch of Acer Thin/sub-SFF systems that have the same problem. Maybe it's in the chipset or something close. It makes it so the system main power comes on, but the CPU never comes out of reset.



  • As I said - just replace battery every 4 years. Zero cost compared to the service they offer.



  • In-place upgrade to 2.4.1 worked perfectly. Flash DOM disk usage (after cleanup) 70%.  8)



  • Same with 2.4.2.  8)



  • In-place upgrade to 2.4.3 works perfectly. Internal flash disk usage about the same.



  • Great post and thank you for keeping it updated.

    I think that this would be ideal for my first foray into pfSense - a quick look on ebay and a t5740 is around £30, which seemingly has moderately higher specs than the t5730.

    Given your success with this model, would you see any likley issue with using the t5740 and following your same steps?

    Appreciate your time. ;)

    Richy.



  • I don't think so. But, keep in mind, both models have one single ethernet port, so to be able to use pfSense as a router/firewall with distinct WAN and LAN ports, you'd need also a VLAN-capable switch.  ;)