Question about potential build pfsense/opnsense

Bahamut_X · June 16, 2021, 5:22pm

I have gotten my hands on a 1u device that I am looking to put to work as a replacement pfSense/opnSense box, so that I can have something sipping a little less power than my current one. Given that this is the first time I have ever played around with a headless only computer (management ports, serial port, 3 network jacks, but no video card out.

The device in a prior life was a Blue Coat SG S200 with an i3-4330 processor, 8 GB ram and a 16 GB SSD drive that is void of operating system. Would it be usable as is, with just some tweaks (and figuring out how to get an operating system on it), or would I be looking at replacing a component or two?

BeaverBomber · June 17, 2021, 4:41am

I don’t see why that wouldn’t work well as a Pfsense rig. Processor and RAM are more than enough. You don’t need to get an OS on it, PFsense installs with it’s own OS. If you look through the Netgate documentation there’s plenty of information on how to install it on a headless system or one with serial access.

Bahamut_X · June 17, 2021, 6:26am

The main issues I’m having is getting any access. I can’t get into bios to change boot order, so that I can boot off anything other than this 16 GB drive that’s in it. I was able to remove it and install opnsense on it via Hyper-V and giving it direct access to that drive. It boots, but gets hung up right at the end before it loads the “running” console.

easyrhino · June 20, 2021, 2:21am

In general you’d need to get in vid management or serial ports to install an is.

No idea how on this model. Hopefully a manual is available?

Bahamut_X · June 20, 2021, 2:43am

Sadly, any manual I have found online has been quite unhelpful. Even from the older posts I could dig up, apparently if the device just “lost” it’s factory installed operating system, an RMA was involved to swap out the SSD that held the OS. Since this had been erased pre-shipment, there were few command line tools available through serial console connectivity in order to do anything other than ensure the device worked.

I was able to the SSD that was originally used to house the OS into another machine and load opnSense onto it, and then pfSense, but then run into an issue of getting it to boot fully and successfully. I’m sure there is a way to get this worked out, just have to plug away at it to get it working, and then I can replace my current, way too big pfSense box with something smaller and friendlier on the power drain. (Or, can repurpose the current rig I’m using to run pfSense to run something more useful and/or entertaining).

dvgeek · June 22, 2021, 3:18am

Is it possible to access the motherboard?
If so is there any type of expansion slot, like PCI/PCIE?
If there is - put in any old graphics card temporarily and try to boot it.

Bahamut_X · June 25, 2021, 1:41am

Well, tossed in the video card (had to power down my current pfsense box as it was the only one with a spare video card that didn’t require external power, etc etc). Got it going, found out why it wasn’t exactly working (lots of errors in the boot). Extracted the 16 GB boot drive, stripped it out of its protective holding, slapped it in as the boot drive of my laptop and actually got it working… so far.

Now for a different rainy day, I’ll figure out which port is which, which port I need to use for WAN/LAN… and why 2 of the ports show up in software, but plug anything in and no link lights come up.

Or maybe one day I’ll find a good case that I can just transplant in my current pfsense rig into. Damn thing is still rock solid.

Geonovast · August 27, 2021, 8:05pm

Hello! I’m new here and only found the forums from this post, which seemed to be the only post anywhere with someone having the same problem as me.

@Bahamut_X

I found myself in the exact same position as you, with installing pfsense on the exact same machine. It wouldn’t surprise me if we got our machines from the same place. After several nights of googling things, I finally just started poking around and believe I found a way to make this work.

First, this may not matter, but I installed pfsense using the UEFI option and not ZFS, thinking maybe the machine just hates ZFS. I was able to install pfsense on the bluecoat doing this. Note I had an old graphics card plugged in and was not using the serial connection.

My machine came with some kind of proprietary software that wouldn’t boot, however I could get into diagnostics. From there I was able to disable the bypass between 2:0 and 2:1. It was temporary, of course, as it reset on a reboot as the machine is designed to fail into bypass mode. There are a bank of relays in the machine that physically connect ports 2:0 and 2:1 for the proxy bypass. The key seems to be to get the relays to stay locked in the disconnected position. This may be possible through pfsense or elsewhere in FreeBSD… but I could not find it. So I went the hardware route. However if there’s a software solution I would love to know what it is.

Inside the machine you can see the 4 relays between the NIC ports, under the PCIe expansion bay. Next to those are two small blue jumpers. One of these jumpers actually connects the relay control negative terminal to ground. Removing this jumper should disconnect the relay coil from ground, making it impossible for the board to actuate the relays.

If you go into the diagnostics that came on the machine (assuming you still can - I created a disk image from the SSD before installing pfsense on it since the thing seems to be locked in on booting from that SSD and only from the port on the board… so I was able to switch back and forth during testing by just reimaging the drive), do the command:
config bypass 2:0 off
to disable the bypass, then pull those two jumpers. Reboot the machine in pfsense, and you should be able to use the ports now.

A bit of an asterisk, however. Before figuring out the ports were actually enable, I did a lot of poking around on the board and actually managed to damage the relay controller. I had to flip my relays by applying 3.3v across the coils with the machine off. I can’t deny the possibility that I actually damaged something else that allows my machine to work the way I want it now… but at this point my best guess is just getting those relays stuck in the right spot.

I will note, though, that for some reason any change I make to the interface settings requires a reboot to take effect. I thought that odd but it seems to be working now.

Huge YMMV note on this, and I can’t guarantee any of this will work. I was in a position that if I fried the machine I wouldn’t really care. If that’s not the case for you, then you should not attempt this.

I have no idea how IPMI works so I have no thoughts on that.

Jasonb483 · October 12, 2021, 3:35am

@Geonovast how did you get into diagnostics mode mine doesn’t seam to do anything

Geonovast · October 12, 2021, 1:29pm

There’s two prompts with timers you have to catch to get into the diag mode, I don’t remember exactly what they are. I will try to remember to check next time I need to reboot the thing.

Jhunter844 · October 13, 2021, 11:48am

This product appears to be made by Symantic/Broadcom

Model: SG-S200-20-XX

I’m guessing it’s Bios/UEFI is proprietary and probably only accessible by factory and they probably do it via serial cable, telnet…something like that.

Beyond that I’m going to hazard that the broadcom nics aren’t going to work all that well with Opensense or PfSense.