PC Engines apu2 experiences
-
Hello,
I'm running APU2 Legacy firmware v4.0.33 and would like to switch to the mainline firmware.
When I bought my APU2 a few years ago I tried to do this update without success.Is there something specific to verify in order to switch from legacy to mainline firmware.
I saw in this post that I just havec to connect via SSH to my APU2 and then execute these commands (adapted to the current release):
pkg install flashrom (upload the firmware to /tmp with scp and run:) flashrom -w /tmp/apu2_v4.15.0.3.rom -p internal:boardmismatch=force Shutdown pfSense, pull the power for 10 seconds, then boot up.
Is there something else to do or should it run without any error ?
If there is an error, is it possible to rollback ?Thanks in advance,
Alex -
@kevindd992002 The apuled driver controls the three LEDs at the front of the box. I use it to provide a quick visual check of the box status.
I have a little script that runs every couple of minutes so that LED 1 shows me how hard the CPU is having to work, flashing at higher speeds as it works harder. LED 2 shows me that my main FTTN/VDSL connection is working, with solid being all ok, flashing being packet loss and no LED being connection dead. LED 3 shows me that my backup 4G connection is working and flashing the same way as my VDSL one does.
You can write a script to make the LEDs do whatever is useful to you. If you do a search for apuled.ko you'll find full instructions and a link to the driver.
-
No longer any need to use boardmismatch=force since legacy v4.0.15 or mainline v4.6.7.
So just the command
flashrom -w /tmp/apu2_v4.15.0.3.rom -p internal
(Source github.com/pcengines)
-
Hello all!
What do you think is a better wifi antenna placement for an AP2 with both 2.4 and 5 PCIe cards from an RF point of view? 2 antenna each band. Any suggestions?
One side (let's say closer to COM) takes both 2.4G antennas and the other side, closer to USB, takes the 2 5G antennas.
OR
On the back panel (the one with all the IO) takes one 2.4 and one 5G and the second antennas are 'crossed', meaning that on the side closer to the first 2.4G we place a 5G and visa versa. -
If I may suggest something, when you need more WiFi range then instead of the APU's WiFi use a few Unifi nanoHD's (access points) as they have managed to create a good roaming WiFi network.
-
@qinn I agree completely!
Just to be clear! I know the limitations but I have this setup as backup/testing.so my question is more related to all your RF expertise in relation to this case/proportions.
-
@alexouxou said in PC Engines apu2 experiences:
Hello,
I'm running APU2 Legacy firmware v4.0.33 and would like to switch to the mainline firmware.
When I bought my APU2 a few years ago I tried to do this update without success.Is there something specific to verify in order to switch from legacy to mainline firmware.
I saw in this post that I just havec to connect via SSH to my APU2 and then execute these commands (adapted to the current release):
pkg install flashrom (upload the firmware to /tmp with scp and run:) flashrom -w /tmp/apu2_v4.15.0.3.rom -p internal:boardmismatch=force Shutdown pfSense, pull the power for 10 seconds, then boot up.
Is there something else to do or should it run without any error ?
If there is an error, is it possible to rollback ?Thanks in advance,
AlexThis is what I just did
[2.6.0-RELEASE][root@pfSense.localdomain]/tmp: flashrom -p internal -w apu2_v4.15.0.3.rom --fmap -i COREBOOT flashrom v1.2 on FreeBSD 12.3-STABLE (amd64) flashrom is free software, get the source code at https://flashrom.org Using clock_gettime for delay loops (clk_id: 4, resolution: 2ns). coreboot table found at 0xcfeba000. Found chipset "AMD FCH". Enabling flash write... OK. Found Winbond flash chip "W25Q64.V" (8192 kB, SPI) mapped at physical address 0x00000000ff800000. Using region: "COREBOOT". Reading old flash chip contents... done. Erasing and writing flash chip... Erase/write done. Verifying flash... VERIFIED. [2.6.0-RELEASE][root@pfSense.localdomain]/tmp:
Then halt the system from the GUI or do
[2.6.0-RELEASE][root@pfSense.localdomain]/tmp: /etc/rc.initial.halt pfSense will shutdown and halt system. This may take a few minutes, depending on your hardware. Do you want to proceed [y|n]? y pfSense will shutdown and halt system now. Stopping package Avahi...done. Stopping /usr/local/etc/rc.d/pfb_dnsbl.sh...done. Stopping /usr/local/etc/rc.d/pfb_filter.sh...done. [2.6.0-RELEASE][root@pfSense.localdomain]/tmp: *** FINAL System shutdown message from root@pfSense.localdomain *** System going down IMMEDIATELY
Then when you checked the APU is down, so all lights are out, pull the power cord and wait for 20 seconds and then plug it back in.
-
I just saw that firmware v4.17.0.1 was released.
Interestingly, the notes say "Support for APU7 (APU3 variant with 2.5GbE i225 NICs)"
Are there specs on this board? Does it exist yet for sale? I thought the SoC on the APU couldn't go past 1Gbps?
EDIT: There is apparently an APU6 that has a 1Gb SFP slot.
-
@logan5247 said in PC Engines apu2 experiences:
Are there specs on this board? Does it exist yet for sale? I thought the SoC on the APU couldn't go past 1Gbps?
Yeah, even 1Gbps is really pushing it. I would love it if they came out with something that could push a 2.5Gbps connection but they just keep making derivations off of the same old Geode GX-412TC from 8 years ago. They'll need to come up with something, though. It goes EOL at the end of next year.
-
@stewart I dont understand, why pcengines is unable to come up with a modern more recent embedded design. They literally built their company on 1 single product. This 1 Ghz board is too weak since many years.
-
@soder said in PC Engines apu2 experiences:
@stewart I dont understand, why pcengines is unable to come up with a modern more recent embedded design. They literally built their company on 1 single product. This 1 Ghz board is too weak since many years.
While we are able to get near Gbit speeds out of it, we only use it up to 600Mbps if there's more than a few people using it. I sent them an email yesterday to see if they have plans for something new since the CPU goes EOL next year. Not sure if I'll ever hear back from them but it's at least worth checking out.
-
I just saw that firmware v4.17.0.1 was released.
It will be nice if the PC Engines company will be able
to set up one or more new series, because if all peoples
will be buying only protectly or Qotom stuff they might
be not able to realize those projects any more!!!!Interestingly, the notes say "Support for APU7
(APU3 variant with 2.5GbE i225 NICs)"Absolutely wrong, sorry for being rude in some eyes here.
PC Engines is a verry small company, found up by an swiss
engineer and on highest count there will be working at
the maximum of up to 10 peoples. They have begun with
the Alix series and now the APU series is up. Each series
will be its total own series. It was starting with APU1 and reached actual now APU6B4.The board will be also namend to their state of technical art. As an example;
APU - the board series
APU1 - APU series number (generation)
APU4D4 - APU series, 4 generation, distribution state with 4 GB of RAMA - alpha status (state) (not for us)
B - beta status (state) (for technical enthusiasts)
C - consumer ready state, ready to sell for the masses
D - distribution state or level of the board, all is fine
ready for distribution sellers with stock pile2 - 2 GB RAM
4 - 4 GB RAMAre there specs on this board?
Not available at this state as I am informed.
Does it exist yet for sale?
Please read above about what type (A-D) is for what technical state and for whom. If the APU6B4 is in beta state it must or should be reaching C or D state and on
the other hand they will work on the next generation of
the APU7.I thought the SoC on the APU couldn't go past 1Gbps?
If they, I saied if they will be using Intel Atom C3000
with 4 Cores, it might be that you will be able to see numbers witched and written by you here, again it might be able! Please don´t pin on that information.EDIT: There is apparently an APU6 that has a 1Gb
SFP slot.May be good for me and other as I see it right!
- Please think on Europe here, many ISPs are offering something like VDSL and VDSL2 and VDSL2+ so sfp
VDSL modems are verry popular in Germany, Austria, and/or Suisse.
- Please think on Europe here, many ISPs are offering something like VDSL and VDSL2 and VDSL2+ so sfp
-
@stewart
May be it goes, but they will also being up with many more
actual models APU4D4 and APU6B4 and for building up
routers and firewalls it is one of the best options regarding
to the European energy costs too! It runs often on;- MikroTik RouterOS
- pfSense
- IPFire
- OPNSense
- OpenWRT
- DD-WRT (custom build)
- fli4li & eisfair
- small servers such CentOS, Ubuntu, Debian based
- with OpenLDAP, OpenDNS, FreeRadius, IDS/IPS
(sensors or servers) such Snort, Suricata and OSSec
So you should not seeing it only from the pfSnese side
and perhaps more wide open for other things too. -
@soder
Please don´t be worry a so small company is not able to
set up many boards and/or series as Netgate or a greater
one like Supermicro. They will be setting it up for a long
time run action and a long time placement in the market
that the entire cost coming out for them too and this is
not verry often so easy as many clients will be accepting
and/or thinking off. They try out to hit a real great maximum amount of use cases to match many of their clients. And this will be not very easy as saied above.Many clients will be on the need of more RAM, many
will be seeing more CPU horse power and/or CPU cores,
some want to make it sorted with a RAM slot for 2 - 16 GB
of RAM that can be swapped over, and, and, and, and..........
Fitting all there needs, matching many use cases and hold
pay able (cheap) is not so easy that saied again. -
I dont understand, why pcengines is unable to come up with a modern more recent embedded design. They literally built their company on 1 single product. This 1 Ghz board is too weak since many years.
They are a very small company and this is their basis and
absolutely nothing should be going wrong with one series
so they will be perhaps broke. Please don´t forget this!While we are able to get near Gbit speeds out of it,
we only use it up to 600Mbps if there's more than a few > people using it.In Europe it is at this time (2022) very often to see ISPs
offering VDSL account with the maximum of 250/50 (down/up) so it is perhaps more clear to many other with
1 GBit/s why it is so popular in the western European side.I sent them an email yesterday to see if they have
plans for something new since the CPU goes EOL
next year.This will be one think they are looking for more and/or other underlaying hardware, but also with an looking eye
towards technically standards and customer wishes.4 Core CPUs
10-100-1,0-2,5-5,0 GBit/s GBe ports
Intel QAT
AES-NI- mSATA / M.2 SSD slot
- mSATA / M.2 LTE modem slot (with SIM)
- mSATA / M.2 WiFi 5/6 (acx) cards option
- Laptop RAM module option (2,4,8,16 GB ECC/nonECC)
either you need it.
Not sure if I'll ever hear back from them but it's
at least worth checking out.Again many of the forum users here, have a look from the pfSense point to this or that hardware, for sure because it is the pfSense forum, but as I am informed this hardware
will be be in any kind of usa case in game for many different things! And since Soekris was gone (broke), it
was much more peoples that are buying and using this
hardware from PC Engines.- programmers will be able to run their code on small
servers to how it performs - snort, suricata and OSSec sensors and servers
- OpenLDAP, OpenDNS, FreeRadius, DHCP and NTP Servers and/or small honeypots
- smaller NAS servers
- smaller LTE WiFi routers and/or Firewall for camping
and outdoor usage
Small OpenBSD, FreeBSD and NetBSD servers
There are dual cases for two board at the varia store
and also for one board with an added PCIe card to bring
ports and/or connectors outside. Redundant routers firewalls load balancers and, and , and... so on.At Timberwolf you may be able to buy a case that is also nice looking inside of your living room, for APU2/3 boards.
The entire use case is really high, and will be perhaps also
scaling with another CPU and amount of ram (2-16 GB)
than untangle, endian and ClearOS might be also interesting use cases for that piece of hardware for small
company and/or home (SOHO) usage. But the main argument for the one or other way is in real the colling.
Cooling this unit silent, and save over a longer time may
be the most argument for them to go with this or another
CPU. Who knows how it comes, but I for myself would wish
the the best for the catual and upcomming time. -
What is an alternative to the apu2c4 if I need to upgrade mine to handle 1Gbps (or more) Internet speeds?
-
The Netgate 4100.
-
What is an alternative to the apu2c4 if I need to
upgrade mine to handle 1Gbps (or more) Internet speeds?Since version 2.6 of pfSense it is not so easy to answer
if you are not using PPPoE the entire WAN connection
will be running over several queues and if your device is sorted with many CPU core, you can run more queues
over more CPU core for sure. So it is also pending on
the entire rest and/or other circumstances, as I see it
right. By the way if you are using PPPoE and you play
around with some settings here and there over a
weekend or so you may be see here and there also
something around 800 MBit/s - 900 MBit/s throughput
and with the overheat on top counting you will be
more near to your real 1 GBit/s as you could be.Is also not that bad as I see it right, or?
As @stephenw10 wrote the Netgate 4100 or 6100 will be
nice to do so. Or if you need some stuff to realize what the
Netgate might be not able to serve you, I will be pretty sure the entire Supermicro Intel Atom C3x58 line will
be able to route a real 1 GBit/s at the WAN for you.But with the Netgate ones you will be ensure that all
is running fine and compatible. And a pfSense+ (Plus)
or an TSNR option will be available too.I personally owns three of the APU devices, one for
pfSense+ (Plus) with lab or home license, one with MikroTik RouterOS and one with OpenWRT. For my
home lap and /or home network it is enough and I
am happy with it. -
Hello all,
Some of you may recall a number of APU2 tweaks I posted in this thread back in April 2020. I promised that when my home internet evolved to 500Mb/s I'd worry some more. Well it's happened - I now have an asymmetric HFC 500/50 service up & running (for only a modest price increment on my previous 250/25 service).
For multiple connections the APU2 throughput is fine for home use but single connections are a bit constrained - typically maximum download is around ~370Mb/s. This seems a bit lower than expected.
As always there is YAT = Yet Another Tunable In this case the ability to change the FreeBSD 12 iflib interface TX tasking via tx_abdicate tunable (see FreeBSD iflib(4) man page)
It turns out that our BSDRP friends documented the FreeBSD 12 tx_abdicate sysctl back in 2019 (not useful for the pfSense community back then as pfSense was still using FreeBSD 11) ... https://bsdrp.net/documentation/examples/forwarding_performance_lab_of_a_pc_engines_apu2#enabling_tx_abdicate_iflib_drivers
Caveats: The only known issue with tx_abdicate is if IPSEC is in use - enabling tx_abdicate may result in lower IPSEC throughput. In this case leave it disabled (ie default).
Enabling this tunable on the LAN interface yields a useful ~20% throughput boost - in my case for single connections I'm now seeing ~450 Mb/s (with no other config changes).
So a quick summary of my current APU2 tweaks:
- Upgrade APU2 BIOS to enable CPB (mainline v4.9.0.2 or later - suggest v4.16 or later)
- Add sysctl
hw.em.rx_process_limit=-1
to /boot/loader.conf.local (note the prefix change from hw.igb to hw.em) - Add following sysctls to either /boot/loader.conf.local or /etc/sysctl.conf
dev.igb.0.iflib.tx_abdicate=1 dev.igb.1.iflib.tx_abdicate=1 dev.igb.2.iflib.tx_abdicate=1
NB1 yes there is sysctl device naming inconsistency ... hw.em & dev.igb
NB2 some of you might notice the suggestion in the linked BSDRP report to disable IP redirects - this is no longer necessary due to subsequent enhancements to FreeBSD 12-STABLEAnyway for me the APU2 continues on - let's see what pfSense CE 2.7 / pfSense+ 23.01 (based on FreeBSD 14) will bring.
Enjoy!
-
Hm, that's interesting. I don't have an APU2 but they have i210 NICs which I expect to be recognised as igb. I wouldn't expect that hw.em sysctl to do anything. They are both the e1000 driver under iflib though.
Steve