Close

Lots of changes

A project log for pfSense Router/Firewall Install

*on a Dell Dimension E521, lol!

sarandisarandi 03/28/2020 at 04:370 Comments

It's been awhile, and for good reason - but I won't get into that here.

Shortly after my last log, I received the HDD adapter mounts and installed a 250GB HDD salvaged from my first (and only) MacBook Pro also circa 2007 (system board died, R.I.P. - now tempted to resurrect this in the name of Louis Rossmann) I got that mounted, connected, etc. and it only required a little bit of finessing to get the cables to play nice. They're still a little tighter than I'd like but it'll have to do for now.

I also looked into the USB header connections and problem was clear: the header pin sleeves were loose. I firmly reseated the sleeves and the internal USB worked fine ever since.

At least, till tonight, when I removed it altogether and reinstalled pfSense to the HDD. As with the first install I used ZFS. I first copied my old configs by exporting the xml backups via the webGUI, loaded them to a fat32 USB with a partition table as outlined here.

Basically, you have two options: have the config available on USB at install time, or do it subsequently during any boot. Since I struggled (for reasons still unclear to me) to find the above linked documentation until after the install, I did the latter.

The install-time config requires the config to be located at /conf/config.xml while the post-install config requires either /conf/config.xml or /config.xml - thinking about it now, I guess that makes sense - but it tripped me up for one boot cycle until I reread the docs.

In any case, I got the config restore to work within a few minutes and as if that wasn't enough I upgraded to 2.4.5 (via the webGUI). All in all the above took about 20 minutes to get back up and running.

The stupidest thing about all of this is that almost everything described above was simply so that I could reclaim that 32GB USB (to use as a Live Multiboot Utility/OS tool).

I also picked up two 20" monitors ($30 shipped!) and a basic but NIB gaming keyboard (for $7!) for my home office, so now I can dedicate the old KVM setup to this box for local VGA login.

The last few things to try before I swap this thing out with my current router/AP:

  1. Partition the HDD - I think there are already partitions for OS and SWAP, but it would be nice to have some isolation for logs and other files. I'll probably do this with a live USB GParted but I'm tempted to do it via SSH. 
  2. Try to get remote VPN working - though testing this will likely be tricky due to the stay-in-place stuff. I'm thinking about doing this via mobile. May have to wait.
  3. Setup and test SSH This was quick and easy.
  4. See if I can get Jails working (with zfs) to run a Unifi controller, though I cringe at the MongoDB. My concern here is typically the Unifi controller should be on the same switch as the AP - but in my case it would be up one level, same as the router itself - but I've been thinking I might be able to assign an interface to that jail and connect it to the switch... I feel like I'm getting in over my head with this one. Right now I'm running said controller on the Windows 7 laptop that replaced my aforementioned dead MBP. I would love to be powering one less device if possible and the uptime overlap would make this an obvious choice. I've alternately considered installing FreeBSD and pfSense on top, plus jails/bhyve, but I'll try the above first.

Discussions