path: root/electronics/soekris.page

Notes on the [Soekris net6501](http://soekris.com/products/net6501.html)
router; see also the [official
wiki](http://wiki.soekris.info/Category:Net6501).

# The Hardware

The onboad gigabit ethernet controllers are the [Intel
82574L](http://ark.intel.com/products/36920/Intel-82574IT-Gigabit-Ethernet-Controller),
which use the e1000e driver on linux (not e1000).

More info about the Atom e6xx CPU and co-processor
[here](http://ark.intel.com/products/52493/Intel-Atom-Processor-E640-(512K-Cache-1_00-GHz)#iid=3796)
and
[here](http://www.intel.com/p/en_US/embedded/hwsw/hardware/atom-e6xx/overview).

Firmware updates are available from the [soekris
website](http://soekris.com/downloads.html).

The miniPCIe WiFi card I have for use with this device is the Intel 4965AGN.

When specifying the boot device on the bootloader command line (accessible over
the serial port), the ordering is:

    0x80 = primary drive
    0x81 = secondary drive
    0x82 = tertiary drive
    0x83 = quaternary drive
    0x84 = quinary drive (etc.)
    0xF0 = PXE boot (netboot)
    0xFF = stop and go to comBIOS prompt

The connector ordering (labeled on the PCB) is:

    1. SATA Port 0 (J1)
    2. SATA Port 1 (J2)
    3. PCI Express connector (J3)
    4. PCI Express riser (J4)
    5. mSATA 0 socket (J5)
    6. mSATA 1 socket (J6)
    7. external USB connector (JP3)
    8. internal USB connector (JP5)

# Installing Debian wheezy on a SATA disk

See old [debian 5.0
directions](http://wiki.soekris.info/Installing_Debian_Linux_5.0) on the
Soekris wiki.

The procedure is to boot from a debian stable USB stick, partition the SATA
disk and install stable on to that, then boot into the stable image and do a
distupgrade to testing (wheezy).

To get the syslinux-based USB stick to boot correctly, need to edit
txt.cfg and set the console and partition settings:

    default install
    label install
        menu label ^Install
        menu default
        kernel linux
        append vga=normal initrd=initrd.gz -- quiet console=ttyS0,38400 earlyprint=serial,ttyS0,38400

Boot with serial console set to 38400 baud. In the soekris bootloader, select
USB stick device:

    > boot 81

Start up the installer. Wait for it to detect all drives and load components;
ignore the kernel module warning. Ignore the no ethernet card warning. At that
point "Go Back" which brings up the system menu.

# Installing pfSense on a SATA disk

*See also [FreeBSD 8 on Soekris
net6501](http://www.macfreek.nl/memory/FreeBSD_9_on_Soekris_net6501)*

These directions assume your host/work machine is linux and that you have a
serial console connection to the soekris (eg, USB adapter and minicom).

Grab a "memstick-serial" snapshot image from
[snapshots.pfsense.org](http://snapshots.pfsense.org/FreeBSD_RELENG_8_3/i386/pfSense_HEAD/livecd_installer/?C=M;O=D),
flash it to a USB stick:

    $ dd if=pfSense-memstick-serial-2.1-DEVELOPMENT-i386-20120720-0129.img of=/dev/sdb

Boot with serial console set to 38400 baud. In the soekris bootloader, select
USB stick device:

    > boot 81

Switch serial console to 9600 baud. Terminal output from the pfSense bootloader
will be clunky/garbled, wait for it to try to draw, maybe press enter a couple
times. When the kernel actually loads the output will be clearer.

After kernel loads, system will ask if you want to do install or boot.
I recommend that you do a boot, with basic configuration, then enable SSH and
complete the installation over a network session, as the ncurses installer
interface will be much easier to read. You can enable SSH and start the
installer from the terminal prompt that appears on every terminal session.

Hopefully the install is self-explanitory. I created a 4GB "low-level"/slice
partition for pfSense (which got split into a 3GB partition and a 1GB swap
partition), a 16GB Linux/ext2 kFreeBSD partition (didn't create filesystem
yet), and the rest of the space as another Linux/ext2 partition; depending on
your use case and disk type you probably want to do something different.  I
selected embedded kernel.

## Install kFreeBSD in pfSense

To get debian/kFreeBSD running in a jail within pfSense, first the pfSense
userland needs to be updated to a full FreeBSD 8.3 install.

Starting from a functional pfSense 2.1 install, login to the web console and
enable SSH access. We will copy over sysinstall and dependancies from a FreeBSD
8.3 LiveCD. From this point on DO NOT reboot until the end. 

Mount and copy over all the libraries required for sysinstall from FreeBSD 8.3
.iso (try ldd /usr/sbin/sysinstall to get a list):

    scp libdialog* libncurses* libutil* libftpio* libdevinfo* root@192.168.1.1:/usr/lib/
    scp sysinstall root@192.168.1.1:sysinstall8

Run this sysinstall. Go to options and set "Release Name    8.3-RELEASE" (not
-p3). Install the base, ports collection, and system kernel source (/src/sys).

Before rebooting, use the pfSense web interface to upgrade to the most recent
development image; this will revert to the pfSense version of the kernel and
configuration, but doesn't remove the vanilla FreeBSD userland stuff.

Now, reboot and hope everything comes back up with no disk errors.

A few modules need to be installed to support kFreeBSD. Go to
/usr/src/sys/modules, and for each of the following, enter the directory and
make && make install: 

    linux
    linprocfs
    fdescfs
    linsysfs
    tmpfs
    ext2fs

``pkg_add -r`` any desired packages. I also installed a linux_base, not sure if
it was necessary:

    pkg_add -r linux_base-f10

Inspect /boot/loader.conf and make sure it's sane (?).

Reboot again and hope everything comes back up with no disk errors. Then we are
ready for jail configuration.

If you want the jail filesystem to be on a seperate partition, create a linux
ext2 filesystem: 

    pkg_add -r e2fsprogs
    mke2fs /dev/ad6s2
    mount -t ext2fs /dev/ad6s2 /jail/debian/

Following directions from
[blog.vx.sk](http://blog.vx.sk/archives/22-Tutorial-Debian-GNUkFreeBSD-in-a-FreeBSD-jail.html):

    mkdir -p /jail/debian
    debootstrap wheezy /jail/debian http://cdn.debian.net/debian

The probably took a long time.

Add rc.conf.debian to /root/:

    jail_enable="YES"
    jail_list="debian"
    jail_debian_rootdir="/jail/debian"
    jail_debian_hostname="guest0.rooter.is"
    jail_debian_ip="127.0.0.1"
    jail_debian_devfs_enable="YES"
    jail_debian_exec_start="/etc/init.d/rc 3"
    jail_debian_flags="-l -u root"

Add start_debian.sh to /root/ to get the jail up and running:

    #/bin/sh
    kldload linux fdescfs linprocfs linsysfs tmpfs
    mount -t ext2fs /dev/ad6s2 /jail/debian/
    mount -t linprocfs linprocfs /jail/debian/proc
    mount -t linsysfs linsysfs /jail/debian/sys
    mount -t tmpfs tmpfs /jail/debian/lib/init/rw
    ifconfig em1 alias 192.168.1.201/32
    cp /root/rc.conf.debian /etc/rc.conf
    /etc/rc.d/jail start debian
    jls

Run that script, then try running bash in the jail:

    [2.1-BETA0][root@rooter0.rooter.is]/usr/src/sys/modules/tmpfs(42): jexec 1 /bin/bash
    root@debian0:/# uname -a
    GNU/kFreeBSD debian0.rooter.is 8.3-RELEASE-p3 FreeBSD 8.3-RELEASE-p3 #1: Wed Jul 18 19:29:09 EDT 2012     root@FreeBSD_8.3_pfSense_2.1.snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_wrap.8.i386 i386 i386 Genuine Intel(R) CPU        @ 1.00GHz GNU/kFreeBSD

Horray!

To allow ping from inside kFreeBSD, add "security.jail.allow_raw_sockets=1" to
/etc/sysctl.conf in pfSense. There are some other tips and gotchas on the
[FreeBSD wiki](http://wiki.freebsd.org/Jails).