OPNSense & NanoPi R4S (RK3399)

[Kuroko]

Hello everyone,

friendlyarm recently released NanoPi R4S, it comes with an RK3399 chip and dual gigabit ethernet port, looks decent for a home firewall. So I am wondering if possible to run opnsense on it...

Link: https://www.friendlyarm.com/index.php?route=product/product&product_id=284

[tsgan]

It should work, see:

https://forum.opnsense.org/index.php?topic=12186.msg94969#msg94969

[spikerguy]

Thank you for creating a working image of opnsense for R4S.

I have used it to make an image for R4S 1Gb - DDR3 version.

I have posted it on Friendlyarm Forum
Here: https://www.friendlyarm.com/Forum/viewtopic.php?f=61&t=3474
So both there version have good support for it now.

[cheese_sticks]

Any way to get the code for that? Tried running the compiled img and it doesn't boot.

[spikerguy]

Which Code ?

Here is Crochet repo by @sleepwalker
https://github.com/S199pWa1k9r/crochet

Using OpnSense on R4S Since a month now and everything seems to work fine.
Upgrading it to 21.1 now.

[Huinen]

Hi!

I'm using your image and it works great. I tested many things and I think the board is awesome. Only things I miss is Suricata and the clamav antivirus. Good job anyway!

I would like to learn howto use crochet but being a newbie I don't know where to start. I can't see a directory for this board on github. Did  you use another board as base to launch the crochet script? 

[spikerguy]

Hello,

You're welcome.  I had pinged suricata on twitter and they responded with aarch64  pkg will come in future.

I have tried clamav its not very smooth.  Sergey have built opnsense 21.1 image for me already, I have to convert it to R4S image but as my R4s is being used in production I cannot test it yet, while I will order another one for testing.

All these images are work of sergey.  Yes we used Edge-v before but now he have HoneyComb board to build pkgs and images.  I think R4S support is not pushed to crochet yet.  Thanks for informing.

[Nikotine]

Hi, I've flashed the 4gb version from https://mirror.fkardame.com/Linux/Images/FriendlyArm/NanoPi%20R4s/ on a Nanopi r4s 4gb, but I don't believe it runs.
It's hard to troubleshoot without a hdmi output.
Is the SYS led supposed to stay on if it successfully boots, because mine doesn't?
When I connect to the lan port, I don't get an IP address.

[cheese_sticks]

Hi, I've flashed the 4gb version from https://mirror.fkardame.com/Linux/Images/FriendlyArm/NanoPi%20R4s/ on a Nanopi r4s 4gb, but I don't believe it runs.

I'm having the same problem. Tried it with another image @tsgan sent me and it also didn't boot. Connected via serial and there's nothing.

What is needed to build crochet for this? Do I just compile a generic and set it up at boot via serial or do I need to build some files for it? If custom files are needed, it'd be very helpful to get what's been used for the other model and this one so I can make minor changes rather than build the entire thing as this isn't really something I have experience with.

[Huinen]

I used Balena-etcher to write the 1Gb version image provided by SpikerGuy and it works really well.

https://mirror.fkardame.com/Linux/Images/FriendlyArm/NanoPi%20R4s/

The pwr led should stay red. Mine, at least, stays red all the time. Others are off.
After writing the image to the SD you should be able to access via HTTP to the LAN port. Be carefull, because the IP is 192.168.111.10/24, wich is not OPNSenses default one. Also the WAN port IP is 192.168.1.230. I did check both IPs mouting the UFS filesystem on the Image provided by Ganbold. Remember to put you computers IP also in the same network.

To use chrochet you need first a Freebsd Operating system (unless you want to crosscompile). I think that the easyest way is to install a Virtual machine with FreeBSD and then download crochet from Github. After that you should launch the script. The problem here,  as i stated in my previous post, is that there is not a dedicated directory for the NanoPi R4s in crochet.

Here is a little guide about using crochet for another board that might help you.

http://minix-i2c.blogspot.com/2013/09/building-custom-freebsd-sd-card-image.html 

[Nikotine]

I used Raspberry Pi Imager, but that shouldn't matter.

I have dhcp enabled on my laptop.
When connecting to the LAN port, I get an 169.254.x.x address, so rubbish.
Should I manually set the ip address and gateway?

[Huinen]

You should set your IP manually since the DHCPv4 is not active in the image. Gateway is not mandatory to reach the device if you are in the same subnet.

[Nikotine]

Wanted to report back that these settings allowed me to ping Opnsense and get access to the web interface:
IP: 192.168.111.20
MASK: 255.255.255.0 (or 24 on Windows 10)
GW: 192.168.111.10

[Nikotine]

So with this being an unofficial release (meaning not natively supported), I assume that updating doesn't work?

I also can't seem to find plugins to install, I get this message:

Code Select Expand

Firmware status check was aborted internally. Please try again.

Also this:

Code Select Expand

root@nanopi-r4s:~ # pkg update -f
Updating HardenedBSD repository catalogue...
pkg: http://pkgs.hardenedbsd.org/HardenedBSD/pkg/FreeBSD:13:aarch64/meta.txz: Not Found
repository HardenedBSD has no meta file, using default settings
pkg: http://pkgs.hardenedbsd.org/HardenedBSD/pkg/FreeBSD:13:aarch64/packagesite.txz: Not Found
Unable to update repository HardenedBSD
Updating FreeBSD repository catalogue...
pkg: http://pkg.kubsu.ru/FreeBSD:13:aarch64/20.7/meta.txz: Not Found
repository FreeBSD has no meta file, using default settings
pkg: http://pkg.kubsu.ru/FreeBSD:13:aarch64/20.7/packagesite.txz: Not Found
Unable to update repository FreeBSD
Error updating repositories!


[Nikotine]

Hi Huinen, does updating or installing plugins work for you?