OPNsense 20.1 on RaspberryPI 3

[rene_]

Hello all,

with OPNsense 20.1, FreeBSD12.1 will be the base system.

Within FreeBSD12.1 the RaspberryPI3 Board is fully supported by BSD.

Further also OPNsense is running on the pi3.

Download site: https://opnsense.rene.network/
(Please don't mirror files!)
PLEASE KEEP IN MIND:

• this is not an official OPNsense release, so there is no official support for this image!
• theres no update functionality at the moment!
• this is a git build, there will be bugs!
• this is the not yet released 20.1

Whats working

• it boots
• onboard lan adapter
• usb2lan adapters
• usb wifi adapters
• Grow rootfs on boot
• HDMI Output and usb keyboard

Whats not working:

• onboard Wifi is still not supported by FreeBSD
• Power off causes a reboot (reported by @monstermania)
• Firewall LiveView
• ...

Not confirmed:

• ...

All the best,
René

[monstermania]

Will your Image support Pi3+ too!?
I tried ipfire on my Pi3+ and it works up to a wan speed of 60 Mbit.
I think that Pi4 and Opnsense should be an interesting option for small soho firewall.

[nekoprog]

Nice, tools.git is now ready for aarch64 production with the upcoming HBSD patch. Hope that in future Deciso will sell arm-based appliances for a low cost deployment on small premises.

[rene_]

Will your Image support Pi3+ too!?
I tried ipfire on my Pi3+ and it works up to a wan speed of 60 Mbit.
I think that Pi4 and Opnsense should be an interesting option for small soho firewall.

Can't promise, but i think it should work, the boards aren't that different :-)
Does ipfire support the onboard wlan chip?

Oh yes, RPi4 looks very promising :-)

Nice, tools.git is now ready for aarch64 production with the upcoming HBSD patch. Hope that in future Deciso will sell arm-based appliances for a low cost deployment on small premises.

Nearly, when i finished i will create a pr of my tool.git modifications for openssl and miniupnpd ;-)

According  arm devices, The Marvell Armada 385 (also known as Netgate SG3100) would be a perfect Device ;-)
Still trying to port opnsense there, but it still wont boot :-(

[monstermania]

Does ipfire support the onboard wlan chip?

The wlan should work. Take a look on this:
https://wiki.ipfire.org/hardware/arm/rpi/threeplus
I don't use the wlan for my tests and i also only use an 100Mbit USB2LAN adapter.

[nekoprog]

Does SG3100 boots on normal FreeBSD or HBSD? If it doesn't maybe Netgate installed custom firmware inside. Might want to grab those firmwares from Netgate. Use the Netgate provided .dtb first to see if it works.

[rene_]

The wlan should work. Take a look on this:
https://wiki.ipfire.org/hardware/arm/rpi/threeplus
I don't use the wlan for my tests and i also only use an 100Mbit USB2LAN adapter.

well, i see .... ipfire is linux based, so the wifi is supported, sadly there still aren't wifi drivers for freebsd (bsd is not linux)
Just ordered some usb wifi sticks, lets see if they are working within opnsense ;-)
Want to try it with "Wireless WAN"

Does SG3100 boots on normal FreeBSD or HBSD? If it doesn't maybe Netgate installed custom firmware inside. Might want to grab those firmwares from Netgate. Use the Netgate provided .dtb first to see if it works.

More or less, i achieved a boot with opnsense 19.7, but there all the Mavell network drivers are missing, so i had no interfaces to assign.

On opnsense 20.1 it stops at the start of the FreeBSD System, but I didn't looked at it closer at the moment.

According the dtb files, theres a dtb file in the stock /boot folder where i cant find any sources in the internet for it, i think that is exactly that :-(

But i have to tell the kernel conf, which dtb file should be included in the kernel, and when i use the Netgate dtb file, the whole build process just crashes.
Will create a issue in github later for better debugging

[monstermania]

Just ordered some usb wifi sticks, lets see if they are working within opnsense ;-)
Want to try it with "Wireless WAN"

In the past i've using some Ralink USB wifi devices with my OPNense (RT2800 and RT5370). But not all tested devices works into ap mode!
And they work only up to 54Mbit

[rene_]

For my purpose, its enough when they support station mode :-)

Also 54 Mbit seems to be enough, because the pi cant handle much more in a openvpn tunnel.

Want to build a "Road warrior box"

[rene_]

i updated first post and added a download link

the cpu bug is fixed, all cores are recognized now.

Edit:
If anybody owns usb-(w)lan adapters, please let me know, if they are working 

[franco]

Nice work! I'm positive we'll iron out the quirks with the ports once HBSD and OPNsense patches are in the src tree.


Cheers,
Franco

[rene_]

Thanks

Will create a pr when everything is cleaned up, and changes are migrated to the make.conf

About the quirks ... We have to

Most anoying bug, is the "checking if printf survieves out of memory condition" 
Should i create an issue then for this?

[monstermania]

Hi René,
yesterday i've made a quick test with your image.
1. I can't use a USB2LAN Adapter. The chipset should be supported by FreeBSD (ax88772)
https://www.freebsd.org/cgi/man.cgi?query=axe&sektion=4
2. 'Power Off' don't work and make a reboot.
Some more testing into the next days...

best regards
Dirk

[rene_]

Hi Dirk,

thanks for testing

I added the requiered kernel modules, its currently compiling, i will upload the new image as soon as its finished.

I also found out, that some usb wlan modules are missing, i added them too, so Ralink wlan sticks should also work with the new image.


About the Poweroff, i will have a look at that, when everything else works (But mentioned it in first post, thanks for reporting)


Do you also own a RPi4?

Edit: new image is uploaded: https://opnsense.rene.network/

All the best,
René

[monstermania]

I added the requiered kernel modules, its currently compiling, i will upload the new image as soon as its finished.

I also found out, that some usb wlan modules are missing, i added them too, so Ralink wlan sticks should also work with the new image.

Do you also own a RPi4?

Sounds Great.  Especially with the ralink devices because i only get internet by wifi.
I download the nw Image right now.

Right now i don't buy a RPi4, because i only use RPi for Retro Gaming. And the RPi3 has enough Power for my 80's games.