[Work In Progress] OPNsense Ported into ARM Devices

[chemlud]

...ordered an Odroid today, dedicated for a NAS upgrade, but... ;-)

[chemlud]

PS: I have some raspi 3 here, but no image. ;-)

Tried to download the raspi 2 image, but I'm trapped in "Wait 5 sec for download to start" and then nothing happenz... (allowed nearly all scripts for this page, except the Google stuff). Btw, do you have SHA256 for me to verify the download? :)

Many thanks in advance...

[Antaris]

Good news. I also have SBC, but still not supported by BSD.
It's a Libre Computer Tritium H5 2GB:

https://libre.computer/2019/02/07/linux-4-19-lts-images-for-tritium/

It only have support on Ubuntu, Debian and Armbian for now.

Looks like a great device with crypto support. Not sure if FreeBSD already have a supported device that has the same hardware. If they do, maybe can port it's uboot into Tritium.

According to their wiki they have one supported:
https://wiki.freebsd.org/FreeBSD/arm/Allwinner/H5

https://www.friendlyarm.com/index.php?route=product/product&path=69&product_id=220

[nekoprog]

PS: I have some raspi 3 here, but no image. ;-)

Tried to download the raspi 2 image, but I'm trapped in "Wait 5 sec for download to start" and then nothing happenz... (allowed nearly all scripts for this page, except the Google stuff). Btw, do you have SHA256 for me to verify the download? :)

Many thanks in advance...

My free hosting server wont allow upload more than 100MB, thus I grab some anon upload service for that image and no SHA256, sorry. Will try reupload using google drive this weekend. What is the model of your odroid? If I have some spare time, I will help with compiling RPI3 and odroid image.

UPDATE: New download link and checksum added.

According to their wiki they have one supported:
https://wiki.freebsd.org/FreeBSD/arm/Allwinner/H5

https://www.friendlyarm.com/index.php?route=product/product&path=69&product_id=220

It will take some time to test and it may or may not working, but I do my best to try.


If anyone using OPNsense on RPI2 right now and would like to update, you can edit /usr/local/etc/pkg/repos/OPNsense.conf like this.

Code Select Expand


OPNsense: {
  fingerprints: "/usr/local/etc/pkg/fingerprints/OPNsense",
  url: "http://neko.progr.am/pieSense/${ABI}/19.1/latest",
  signature_type: "NONE",
  mirror_type: "NONE",
  priority: 11,
  enabled: yes
}

These changes to file is not permanent, will have to edit again if error when checking for updates.

[chemlud]

Many thanks, download working now (this time I had to allow Google scripts definitely ;-) )!

Will burn an SDcard and boot asap...

https://wiki.odroid.com/odroid-xu4/odroid-xu4

...but I had a look yesterday evening, apparently no FreeBSD support for this yet. NAS I will do with Ubuntu or Debian.

___

PS: My download gives

sha256sum opnsense-openssl-arm-armv6-rpi2.img.xz

048cf798130084379cfbbff0908cc84ed3c06b6d4ffc0191f8fbe55a477d5471  opnsense-openssl-arm-armv6-rpi2.img.xz

i.e. all lower case characters ;-)

___

PPS: Tried to expand the .xz, but with bunzip2 I get

Code Select Expand

bunzip2: opnsense-openssl-arm-armv6-rpi2.img.xz is not a bzip2 file.


and Ark (on linux) ends with file sizes much lower than the packed file. Did you use a Windows tool to compress?

[nekoprog]

Many thanks, download working now (this time I had to allow Google scripts definitely ;-) )!

Will burn an SDcard and boot asap...

https://wiki.odroid.com/odroid-xu4/odroid-xu4

...but I had a look yesterday evening, apparently no FreeBSD support for this yet. NAS I will do with Ubuntu or Debian.

___

PS: My download gives

sha256sum opnsense-openssl-arm-armv6-rpi2.img.xz

048cf798130084379cfbbff0908cc84ed3c06b6d4ffc0191f8fbe55a477d5471  opnsense-openssl-arm-armv6-rpi2.img.xz

i.e. all lower case characters ;-)

___

PPS: Tried to expand the .xz, but with bunzip2 I get

Code Select Expand

bunzip2: opnsense-openssl-arm-armv6-rpi2.img.xz is not a bzip2 file.


and Ark (on linux) ends with file sizes much lower than the packed file. Did you use a Windows tool to compress?

From your error, looks like your tools don't support xz, try install xz first and extract it with xz -dkv *.xz. How to install xz varies among distros, you need to google that.

Xz is by default installed on freebsd.

[chemlud]

Strange, xz is installed (xz 5.2.4), but I get:

Code Select Expand

tar -xf opnsense-openssl-arm-armv6-rpi2.img.xz
tar: This does not look like a tar archive
tar: Skipping to next header
tar: Exiting with failure status due to previous errors


...never had such problems to burn a raspi image, am I too stupid? :-D

[nekoprog]

Strange, xz is installed (xz 5.2.4), but I get:

Code Select Expand

tar -xf opnsense-openssl-arm-armv6-rpi2.img.xz
tar: This does not look like a tar archive
tar: Skipping to next header
tar: Exiting with failure status due to previous errors


...never had such problems to burn a raspi image, am I too stupid? :-D

Maybe  ;D
Wrong console command, hence error. Try xz -dkv *.xz.

[chemlud]

Maybe  ;D

Bold! :-D ...this time it worked. 3.0 GB image file. Burning now...

PS: Booting successfully. I added an USB RJ45 interface, just to have two interfaces. Will have a look at the GUI soon.

Anything necessary to use the whole SD-card?

Which setup do you use for suricata?

[nekoprog]

Anything necessary to use the whole SD-card?

Which setup do you use for suricata?

I use this for claiming all free spaces in microsd Resizing and Growing Disks.
For suricata, I use default settings with DROP for tor and current events. Could activate all of them, but RPI2 will not respond for a few minutes. Too many works I guess even with swap file enabled.

Adds new PR for Orange Pi PC2, was going to add NanoPi K1 Plus too, but no official uboot defconfig for that device. Need to create defconfig first then create slave file for u-boot-nanopi-k1-plus on Ports.

[chemlud]

...and you figured out the correct boot options for raspi 3 if I understand the link to GIThub correctly? :-D

[nekoprog]

...and you figured out the correct boot options for raspi 3 if I understand the link to GIThub correctly? :-D

Found the correct address for RPI3 from here and add Odroid XU3/XU4 configs too, lets hope Franco approve that PR, and I can test building image for Odroid XU4.  ;D

[chemlud]

...don't worry to much about the Odroid, it's my birthday present, likely that I don't get my fingers at it before mid of May :-D

PS: Did you every try the serial console on Pin 14/15 + ground (at least available in Raspbian) of the GPIO? I have a special USB adapter for raspis...

https://www.raspberrypi.org/documentation/usage/gpio/

[bobbythomas]

I'd like to thank nekoprog for the work done with the ARM ports. Very useful and robust now. :)

Next step is actually the long-promised BPI image and then come 20.1 we'll have to see what we can do when i386 is being dropped from our supported list...


Cheers,
Franco

I have a Banana Pi board lying around here, if you are looking for someone to test the new image please let me know.

Regards,
Bobby Thomas

[chemlud]

FWIW the serial port on the raspi is functional... :-D

Don't try with somefink home-bake, you need a special serial-USB adapter for the raspi, as the ports can only take 3.3V or something like that...