What is OPNsense/apu1d?
OPNsense is a distribution of FreeBSD that is designed to function as a router. An apu1d4 is a bare board computer with a dual core 1Ghz AMD64, 4GB of RAM, and three gigabit Ethernet adapters which is manufactured by PC Engines. Together they make a very full featured yet inexpensive router/firewall.
About this post
I will be explaining how to get OPNsense running on the apu1d4. There is nothing groundbreaking in this post, I'm just laying it all out in one place. I will be using an Ubuntu Linux (15.10) workstation, but you could use another OS if that is what you have access to. I will be showing you the commands as I typed them (/dev/sdb1, /dev/sdb, /dev/ttyUSB0, etc). You will obviously need to substitute your specific device and file paths, but I find it easier to read in this format. However, it is vitally important that you choose the correct device path when you run dd or you could wipe one of your hard-drives.
- apu1d4 (with enclosure and AC adapter)
- A boot drive of at least 1GB for the apu1d4. This can be an SD card, USB thumb-drive, or mSATA SSD. I found a 32GB mSATA for $24.
- A USB thumb-drive of at least 1GB to use as installation media.
- A null modem serial cable (most likely with a female DB-9 on both ends)
- An RS-232 serial port (I like my TRENDnet TU-S9)
Assemble the apu1d4
The case is a vital cooling component for the adu1d4. Carefully follow the instructions here. You will also want to install and sd-card or mSATA SSD if you plan to use them as your boot drive.
Flashing the installation image to a thumb-drive
Go to the OPNsense website and download the latest stable version (16.1 as of today). Select the image that ends in
-serial-amd64.img.bz2 for the apu1d4. The image will be compressed with bzip2. Decompress it:
$ bunzip2 OPNsense-16.1-OpenSSL-serial-amd64.img.bz2
Next plug in your USB thumb-drive. The USB thumb-drive will most likely be auto-mounted and you will need to unmount it. There are lots of ways to figure out which partition(s) to unmount, one ways is to tail /var/log/syslog while you plug in the USB thumb-drive:
$ tail -f /var/log/syslog | grep Mounted Feb 1 19:22:38 tabor-xps13 udisksd: Mounted /dev/sdb1 at /media/tkelly/BRILLIG on behalf of uid 1000
Now unmount the partition(s) and use dd to flash the img file to the thumb-drive. Note that while we unmount the partition /dev/sdb1 (or whatever partition(s) your OS mounted) we dd to the device /dev/sdb. Be extra careful to dd to the correct device on your system or you could end up overwriting one of your hard-drives.
$ umount /dev/sdb1 $ sudo dd bs=4M if=OPNsense-16.1-OpenSSL-serial-amd64.img of=/dev/sdb 191+1 records in 191+1 records out 802004992 bytes (802 MB) copied, 112.311 s, 7.1 MB/s
Installing OPNsense on the apu1d4
Connect your null modem serial cable between your workstation and the apu1d4 and connect to it. The apu1d4's RS-232 interface runs 115200bps 8N1. My preferred solution is screen.
$ sudo screen /dev/ttyUSB0 115200
Now, with the installation thumb-drive plugged in, plug in the power to the apu1d. If you do nothing at all it will boot into an ncurses installation interface. When prompted with the following screens select the listed option:
- Configure Console -->
Accept these settings
- Select Task -->
- Select a disk to continue (
ada0in my case) -->
- When prompted to Reboot remove the installation media and select
The apu1d will now reboot. Of note, OPNsense will inform you of the default username and password.
*DEFAULT Username*: root *DEFAULT Password*: opnsense
At this point you will be presented with a few more options. I chose to answer them as follows:
- Do you want to set up VLANs now [y|n]? -->
- Enter the WAN interface name or 'a' for auto-detection -->
- Enter the LAN interface name or 'a' for auto-detection -->
- Enter the Optional 1 interface name or 'a' for auto-detection -->
- When present with Enter the Optional 2 interface name or 'a' for auto-detection just hit Enter to signify
nothing, since you are out of Ethernet adapters.
OPNsense will now remind you of your choices:
The interfaces will be assigned as follows: WAN -> re0 LAN -> re1 OPT1 -> re2
Finally when asked Do you want to proceed [y|n]? answer
y. At this point OPNsense will boot into normal operational mode. You can now login with the default username (root) and password (opnsense) which was noted earlier. At this point you will probably want to choose
6 to Halt system so that you can relocate the apu1d. You can exit screen by pressing
a while holding down
CTRL, then press
k. When asked Really kill this window [y\/n] enter