What is pfsense/apu1d?

Pfsense is a distribution of FreeBSD that is designed to function as a router. An ap1d4 is a bare board computer with a dual core 1Ghz AMD64, 4GB of RAM, and three gigabit Ethernet adapters which is manufactured by PC Engines. Together they make a very full featured yet inexpensive router/firewall.

About this post

I will be explaining how to get pfsense running on the apu1d4. There is nothing groundbreaking in this post, I'm just laying it all out in one place. I will be using an Ubuntu Linux (15.10) workstation, but you could use another OS if that is what you have access to. I will be showing you the commands as I typed them (/dev/sdb1, /dev/sdb, /dev/ttyUSB0, etc). You will obviously need to substitute your specific device and file paths, but I find it easier to read in this format. However, it is vitally important that you choose the correct device path when you run dd or you could wipe one of your hard-drives.

Materials

  • apu1d4 (with enclosure and AC adapter)
  • A boot drive of at least 1GB for the apu1d4. This can be an SD card, USB thumb-drive, or mSATA SSD.
  • A USB thumb-drive of at least 512MB to use as installation media
  • A null modem serial cable (most likely with a female DB-9 on both ends)
  • An RS-232 serial port (I like my TRENDnet TU-S9)

Assemble the apu1d4

The case is a vital cooling component for the adu1d4. Carefully follow the instructions here. You will also want to install and sd-card or mSATA SSD if you plan to use them as your boot drive.

Flashing the installation image to a thumb-drive

Go to the pfsense website and download the latest stable version (2.2.6 as of today). Select AMD64 for Computer Architecture, Live CD with Installer (on USB Memstick) for Platform, and Serial for Console. The image will be gzipped. Decompress it:

$ gunzip pfSense-memstick-serial-2.2.6-RELEASE-amd64.img.gz

Next plug in your USB thumb-drive. The USB thumb-drive will most likely be auto-mounted and you will need to unmount it. There are lots of ways to figure out which partition(s) to unmount, one ways is to tail /var/log/syslog while you plug in the USB thumb-drive:

tail -f /var/log/syslog | grep Mounted
Dec 23 16:25:02 tabor-xps13 udisksd[1197]: Mounted /dev/sdb4 at /media/tkelly/563a84d56b8b4567 on behalf of uid 1000

Now unmount the partition(s) and use dd to flash the img file to the thumb-drive. Note that while we unmount the partition /dev/sdb4 (or whatever partition(s) your OS mounted) we dd to the device /dev/sdb. Be extra careful to dd to the correct device on your system or you could end up overwriting one of your hard-drives.

$ umount /dev/sdb4
$ sudo dd bs=4M if=pfSense-memstick-serial-2.2.6-RELEASE-amd64.img of=/dev/sdb
[sudo] password for tkelly:
77+1 records in
77+1 records out
327081984 bytes (327 MB) copied, 28.5912 s, 11.4 MB/s

Installing pfsense on the apu1d4

Connect your null modem serial cable between your workstation and the apu1d4 and connect to it. The apu1d4's RS-232 interface runs 115200bps 8N1. My preferred solution is screen.

$ sudo screen /dev/ttyUSB0 115200

Now, with the installation thumb-drive plugged in, plug in the power to the apu1d. When it prompts you to press I to launch the installer enter I. It will now launch an ncurses interface. When prompted with the following screens select the listed option:

  1. Configure Console --> Accept these settings
  2. Select Task --> Quick/Easy Install
  3. Are you SURE? --> OK
  4. Install Kernel --> Embedded kernel
  5. When prompted to Reboot remove the installation media and select Reboot

The apu1d will now reboot. Of note, pfsense will inform you of the default username and password:

*DEFAULT Username*: admin
*DEFAULT Password*: pfsense

At this point you will be presented with a few more options. I chose to answer them as follows:

  1. VLANs now [y|n] --> n
  2. Enter the WAN interface name --> re0
  3. Enter the LAN interface name --> re1
  4. Enter the Optional 1 interface --> re2
  5. When present with Enter the Optional 2 interface just hit Enter to signify nothing, since you are out of Ethernet adapters.

Pfsene will now remind you of your choices:

WAN  -> re0
LAN  -> re1
OPT1 -> re2

Finally when asked Do you want to proceed [y|n]? answer y. At this point psense will boot into normal operational mode. At this point you will probably want to choose 6 to Halt system so that you can relocate the apu1d. You can exit screen by pressing a while holding down CTRL, then press k. When asked Really kill this window [y\/n] enter y.