What's new

pfSense - Netgate RCE-V 2440 thread

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

sfx2000

Part of the Furniture
Going to self moderate a few of posts here - in any event, it's an impressive box already for internal testing w/Centos, and with pfSense 2.3 going RC on 4/1...
 
Basic platform

RCC-VE 2440 SYSTEM SPECIFICATION
  • 2 core Intel Atom C2358 CPU, 1.7 GHz
  • Standard Mini-ITX board 170x170mm form factor
  • 4 GB DDR3L Non ECC Memory on board
  • 8 GB eMMC flash on board
  • 4x RJ-45 1 GbE Intel Ethernet ports, Intel i350 (i354 on-die)
  • Black Anoidized Enclosure with 5 SMA/RP-SMA sized antenna cutouts
  • 1 mini-SATA (mSATA) connector
  • 1 SATA II connector
  • 2x full length mPCIe slots, one with micro-SIM. Also supports half length cards.
  • 2x USB 2.0 Host ports
  • 1 Mini-USB Serial Console Port
  • Reset Pushbutton
  • Power/Status/SATA activity LEDs
  • Front Panel Header
  • Coin cell holder for RTC backup battery
  • 12 VDC Power Input Connector (call for ATX availability and MOQ)
  • Coreboot boot loader
  • AC/DC Auto-Ranging Switching Power Adapter
    • Input Voltage: 90 ~ 264 VAC
    • Output Voltage: 12 VDC
    • Current Output (Max): 4.16A
    • Power (Watts): 50W
  • Fanless operation from 0°C to 55°C ambient temperature.
  • Enclosure size: 1.5" tall x 6.8" deep x 7" wide
  • FCC, CE Class B, IC Class A
  • RoHS Compliant
ADI_Netgate_HW_plan_Rangley.png


sg-2440.png
 
Keeping in mind this is the smaller box - the RCE-V 2440

Code:
# head -26 /proc/cpuinfo ; echo ; head -5 /proc/meminfo ; echo; uname -a ; echo
processor    : 0
vendor_id    : GenuineIntel
cpu family    : 6
model        : 77
model name    : Intel(R) Atom(TM) CPU  C2358  @ 1.74GHz
stepping    : 8
microcode    : 0x125
cpu MHz        : 1400.000
cache size    : 1024 KB
physical id    : 0
siblings    : 2
core id        : 0
cpu cores    : 2
apicid        : 0
initial apicid    : 0
fpu        : yes
fpu_exception    : yes
cpuid level    : 11
wp        : yes
flags        : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes rdrand lahf_lm 3dnowprefetch arat epb dtherm tpr_shadow vnmi flexpriority ept vpid tsc_adjust smep erms
bogomips    : 3500.14
clflush size    : 64
cache_alignment    : 64
address sizes    : 36 bits physical, 48 bits virtual
power management:

MemTotal:        3878540 kB
MemFree:         3469676 kB
MemAvailable:    3575880 kB
Buffers:            1696 kB
Cached:           270976 kB

Linux localhost.localdomain 3.10.0-327.13.1.el7.x86_64 #1 SMP Thu Mar 31 16:04:38 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

# lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                2
On-line CPU(s) list:   0,1
Thread(s) per core:    1
Core(s) per socket:    2
Socket(s):             1
NUMA node(s):          1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 77
Model name:            Intel(R) Atom(TM) CPU  C2358  @ 1.74GHz
Stepping:              8
CPU MHz:               1400.000
BogoMIPS:              3500.14
Virtualization:        VT-x
L1d cache:             24K
L1i cache:             32K
L2 cache:              1024K
NUMA node0 CPU(s):     0,1

# lspci
00:00.0 Host bridge: Intel Corporation Atom processor C2000 SoC Transaction Router (rev 02)
00:01.0 PCI bridge: Intel Corporation Atom processor C2000 PCIe Root Port 1 (rev 02)
00:02.0 PCI bridge: Intel Corporation Atom processor C2000 PCIe Root Port 2 (rev 02)
00:03.0 PCI bridge: Intel Corporation Atom processor C2000 PCIe Root Port 3 (rev 02)
00:04.0 PCI bridge: Intel Corporation Atom processor C2000 PCIe Root Port 4 (rev 02)
00:0b.0 Co-processor: Intel Corporation Atom processor C2000 QAT (rev 02)
00:0e.0 Host bridge: Intel Corporation Atom processor C2000 RAS (rev 02)
00:0f.0 IOMMU: Intel Corporation Atom processor C2000 RCEC (rev 02)
00:13.0 System peripheral: Intel Corporation Atom processor C2000 SMBus 2.0 (rev 02)
00:14.0 Ethernet controller: Intel Corporation Ethernet Connection I354 (rev 03)
00:14.1 Ethernet controller: Intel Corporation Ethernet Connection I354 (rev 03)
00:14.2 Ethernet controller: Intel Corporation Ethernet Connection I354 (rev 03)
00:14.3 Ethernet controller: Intel Corporation Ethernet Connection I354 (rev 03)
00:16.0 USB controller: Intel Corporation Atom processor C2000 USB Enhanced Host Controller (rev 02)
00:17.0 SATA controller: Intel Corporation Atom processor C2000 AHCI SATA2 Controller (rev 02)
00:18.0 SATA controller: Intel Corporation Atom processor C2000 AHCI SATA3 Controller (rev 02)
00:1f.0 ISA bridge: Intel Corporation Atom processor C2000 PCU (rev 02)
00:1f.3 SMBus: Intel Corporation Atom processor C2000 PCU SMBus (rev 02)

# lsusb
Bus 001 Device 002: ID 8087:07db Intel Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 0424:2240 Standard Microsystems Corp.
 
A couple of live shots...

iPhone 5s and business card for scale - the other is sitting on top of the QNAP TS-453Pro NAS box - nice fit ;)


IMG_1041-1.JPG
IMG_1043.JPG
 
So, letting it soak for the weekend - and then we'll investigate pfSense 2.3 RC (released 4/1/2016) as a replacement for the current router...

WiFi AP's - FWIW - got multiple Apple Airport Extreme AC's, and as AP's they're extremely stable - if I didn't have the Airports, I'd have to dig into alternates there...
 
So, letting it soak for the weekend - and then we'll investigate pfSense 2.3 RC (released 4/1/2016) as a replacement for the current router...

WiFi AP's - FWIW - got multiple Apple Airport Extreme AC's, and as AP's they're extremely stable - if I didn't have the Airports, I'd have to dig into alternates there...

I just upgraded my pfsense router to 2.3RC. It's very nice, and the upgrade went smooth. Some of the packages are not available yet, like ntop_ng, but those are coming as soon.
 
Tell me more...Tell me more...Tell me more... :)

It's still in soak/burn-in mode for now - so far, so good with the Centos 7 as included with this order... been solid so far...

Should also note that while the Store suggested a 4GB RAM/4GB eMMC config, I can confirm that my box as shipped has an 8GB eMMC...

Code:
[sfx@blaster ~]$ df -h

Filesystem      Size  Used Avail Use% Mounted on
/dev/sda3       6.1G  1.2G  5.0G  19% /
devtmpfs        1.9G     0  1.9G   0% /dev
tmpfs           1.9G     0  1.9G   0% /dev/shm
tmpfs           1.9G  8.4M  1.9G   1% /run
tmpfs           1.9G     0  1.9G   0% /sys/fs/cgroup
/dev/sda1       497M  141M  356M  29% /boot
tmpfs           379M     0  379M   0% /run/user/1000
 
I am excited for pfSense 2.3.

Finally they are migrating away from the cryptic bootstrap setup to a reasonably straight-forward overlay on top of FreeBSD, apparently very similar to just another pkg in the FreeBSD ports/pkg system.


sfx: do you have any intentions to use squid, snort, etc?
 
sfx: do you have any intentions to use squid, snort, etc?

At some point, maybe, but I've already got some tools on other boxes - I'm just really looking for stability and security at the moment on the router side of the house...

(many router/AP vendors prioritize convenience, features, performance, and stability/security take a back seat - my opinion is that security should be first, stability second, and performance will result - and many "features" in the current crop of AC1900+ class routers lead to instability, and convenience leads to security issues)
 
Ok - it's flashed now with pfSense 2.2.6 after soaking the weekend... I decided to do 2.2.6 rather than the 2.3RC, based on the community boards and comments there.

Stability is more important than features - not just for me, but my "customers" on my LAN/WLAN that depend on services being up.

Changing out the router - which is the core of not only my basic home network, but also I'm very dependent on my network supporting my telecommuting - busy writing a MOP (Method of Procedure) outlining exactly what steps are taken, and how to roll back if things don't work...

A good MOP - a well written MOP should be able to allow anyone to follow the steps needed - not just the writer...
 
Well - first run didn't go very well - couldn't get a local address...

lots of angry eyes on me...

:(
 
So we roll back to the original network config, and try again tomorrow...
 
Didn´t clients on the local network get an IP address from the DHCP server on pfSense?

Bunch of things, rolled back configs and started over - some issues with getting a WAN lease (I'm DHCP on Cable Modem) - working now...

Will post more in a bit..
 
Not sure what modem you are using, but watch out for the Arris Surfboard DHCP bug. If your provider drops connection, the Arris will auto assign a private IP (10.1.100.1) to the router and make the lease virtually permanent. Cant get a real IP from the provider after that without all kinds of PIA.

I just got bit by that and gave up and bought a different brand of modem.
 
Ok, got a bit of a break...

A couple of links to print out and keep handy.... first one is getting pfSense on to a disk, and installing on the RCE-VE-2440, the second walks thru how to initially set up pfSense.

pfSense 2.2.6 (ADI Community Version)
Getting Started

The ADI Community Image is purpose built for the 2440, but it's not exactly the same, or so I'm told, as the SG-2440 firmware installed on the pfSense branded version.

Things to have handy;

1GB USB Thumb Drive - you'll need this for the software image...
USB to Mini-USB cable - this is for the console, and you will be using this a bit during setup
Ethernet Patch Cable
PC/Mac with terminal software - I used Linux and Screen as a serial console terminal (e.g. "Screen /ttyUSB0 115200")
Ethernet Switch - remember, the ports on the 2440 are NIC's as configured, can reconfigure later*

* unlike consumer Routers, where the LAN ports are hooked up to a switch, these are not, they're straight forward Intel Gigabit NIC cards

The big thing is to sort out what ports one wants where for LAN and WAN - the labels outside the box map back into igb interfaces within pfSense, so ETH0 is IGB0 and so forth - I have mine mapped as IGB0 to the WAN, and IGB1 to the LAN side

Since I already have WiFi in the house, I repurposed an Airport Extreme AC as an AP (configured as Bridge, and Airports when configured as such, the WAN/LAN ports are acting as an unmanaged 4 port switch)

CableModem <---> WAN/IGB0/ETH0 on the 2440 LAN/IGB1/ETH1 <----> WAN port on AP Extreme (bridged) <---> Ethernet Switch to rest of LAN

For me, I had to kick the Cable Modem a couple of times to get a valid DHCP lease from the ISP, first time it didn't take, second time after a hard reset (and waiting 5 mins for it to reprovision itself) - then things were ok (Moto SB6141)

Couple of other tips once things are up and running - Enable “AES-NI-based CPU acceleration” and “Intel Core CPU on-die thermal sensor” in “System: Advanced: Miscellaneous”

And this should help folks visualize how to connect things up if replacing a consumer router - again, unlike consumer gear where one has a Router on the WAN side talking to a Switch on the LAN side - the 2440 w/pfSense is a router only..

pfsense.jpg
 
Performance wise - well, it's really hard to keep confirmation bias from creeping in, so I'll keep this light for now

  • It's no faster or slower than the Router/AP I had in place before dropping in the 2440
  • It hasn't crashed
  • Passively cooled, it's running 42C as reported by the CPU's on-die measurement - ambient temp today is around 74F
  • Under load, it's pulling about 9W of power according to my UPS's power display - so between the CableModem, the 2440, my QNAP TS-453Pro NAS, and the Airport Extreme AC as a WAP, I'm running about 55W total

Subjectively - under load, it does seem to hold up better, not seeing the WAN traffic slow downs I observed with the Airport Extreme AC as a Router when running multiple video streams and a lot of general traffic
Latency seems to be a bit better, but hard to quantify that at the moment

Again - it's really important to plan, and I would suggest a step by step, and set aside a couple of hours when the WAN is not needed - if things go right, pfSense on this box can be installed and configured in about 10 minutes, but set aside the time for debug/troubleshooting, and also the first round of setup (port forwards, traffic shaping, etc)
 
Good to here you have pfsense running. You may want to try the traffic shaper like CODELQ. It is real easy to turn on. My pfsense has been rock steady without issues. I had a little trouble running the DNS resolver and my wife's iPhone 6 the first day. I quickly switched to the DNS forwarder and DNS works well. I added some firewall rules to lock down DNS to only my ISP DNS. No other DNS will play now. I also turned on NTP on pfsense for my Cisco devices.

pfsense seems like a nice router package. I tried adding snort the first couple of days of using pfsense. I configured it 2 different ways using the pfsense guide and a web guide. I realized I was not very good with snort and it was going to require a lot of maintenance and support so I reinstalled pfsense without snort.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top