Difference between revisions of "Network appliances"
m (→Hardware Compatibility List: Shuttle DS437)
(Added PC Engines ALIX 3C)
|Line 59:||Line 59:|
| June 14, 2018
| June 14, 2018
| [[#Partaker I5|Details]]
| [[#Partaker I5|Details]]
| PC Engines APU2C4
| PC Engines APU2C4
Revision as of 12:23, 26 January 2019
This page is for sharing info about hardware appliances and build a Hardware Compatibility List.
I had hard time finding hardware to build a VYOS network appliance so I started this page. Please add your own hardware reference.
Hardware Compatibility List
|Appliance||Form factor||CPU||Ethernet||Wifi||Expansion||VGA||VyOS Version||Status||Install out of the box?||Install date||Details|
|Acrosser AND-J190N1||MiniBox||Celeron J1900||6xIntel GB||Option||2xMiniPCIe||Internal header||1.1.7||OK||No/easy||11/20/2016||Details|
|Protectli FW10408||5.2 x 4.9 x 1.5 inches||Celeron J1900||4xIntel||Option||Yes||22.214.171.124||OK||May 15, 2017||Details|
|Partaker I5||5.2 x 4.9 x 1.5 inches||Celeron J1900||4x Intel 82583V||Option||Yes||1.1.8||OK||Yes||June 14, 2018||Details|
|PC Engines ALIX 3C||4 x 6 inches (100 x 160 mm)||AMD Geode LX800 at 500Mhz||1 x Via VT6105M||Option||2 x miniPCI||No||1.1.8||OK||17/01/2019|
|PC Engines APU2C4||6 x 6 inches (152.4 x 152.4 mm)||AMD GX-412TC||3 x Intel i210AT GB||Option||2 x miniPCIe||No||1.1.8||OK||No||03/31/2018||Details|
|PC Engines APU1D4||6 x 6 inches (152.4 x 152.4 mm)||AMD G series T40E||3 x Realtek RTL8111E GB||Option||2 x miniPCIe||No||1.2.0-rc9||OK||No||11/30/2018||Details|
|Shuttle XPC Slim DS437||200(L) x 165(W) x 39,5(h) mm||Intel Celeron 1037U dual core||2x Realtek 8111G||1x Realtek 8188CE 802.11b/g/n||1x Full size Mini-PCIE (m-SATA support), 1x Half size Mini-PCIE for WLAN module||No / HDMI / DVI-I||1.2.0-rc11||OK||Yes||Jan 17, 2019||Details|
|Supermicro A2SDi-2C-HLN4F||6.7" x 6.7" (17.02cm x 17.02cm)||Intel® Atom™ Processor C3338.||4 x Intel® C3000 SoC||Option||1 PCI-E 3.0 up to x4||Yes||1.2.0-EPA2||OK||Yes||01/05/2019||Details|
|Qotom Q355G4||187 x 115 x 52mm (LHW)||Core i5-5200U series||4x Intel I211-AT GbE||Option||1x miniPCIe, 1x mSATA, 1x SATA||Yes / HDMI||1.2.0||OK||Yes||06-01-2019||Details|
11/22/2016. This microbox network appliance was build to create OpenVPN bridges. It can saturate a 100Mbps link.
It is a small (serial console only) PC with 6 Gb LAN http://www.acrosser.com/upload/AND-J190_J180N1-2.pdf
You may have to add your own RAM and HDD/SSD. There is no VGA connector. But Acrosser provides a DB25 adapter for the VGA header on the motherboard (not used).
First thing you want to do is getting a more user friendly console to configure BIOS. Default VT100 brings a lot of issues. Configure VT100+ instead.
For practical issues change speed from 115200 to 9600. 9600 is the default speed at which both linux kernel and VyOS will reconfigure the serial port when loading.
Connect to serial (115200bps). Power on the appliance and press Del in the console when requested to enter BIOS settings.
Advanced > Serial Port Console Redirection > Console Redirection Settings:
- Terminal Type : VT100+
- Bits per second : 9600
Then save, reboot and change serial speed to 9600 on your client.
Some options have to be changed for VyOS to boot correctly. With XHCI enabled the installer can’t access the USB key. Enable EHCI instead.
Reboot inside the BIOS,
Chipset > South Bridge > USB Configuration:
- Disable XHCI
- Enable USB 2.0 (EHCI) Support
Create a VyOS bootable USB key. I Used the 64bits iso (VyOS 1.1.7) and live usb installer (http://www.linuxliveusb.com/)
I'm not sure if it helps the process but I changed default option to live-serial (line “default xxxx”) on the USB key under syslinux/syslinux.cfg.
I connected the key to one black USB port on the back and powered on. The first VyOS screen has some readability issues. Press enter to continue.
Then VyOS should boot and you can perform the "install image"
May 15, 2017. I purchased the "Protectli Firewall micro appliance with 4x Gigabit Intel LAN Ports with 4GB RAM / 8GB mSATA" as a turnkey pfSense firewall appliance. After playing with pfSense some, I replaced pfSense with Vyos 126.96.36.199. It was a completely straightforward install. I prepared a Vyos live boot USB image, plugged it into one of the two USB ports on the device, plugged a USB keyboard into the other and a VGA monitor to the VGA connector, and booted right up into Vyos.
- Write the official ISO to a USB drive of some sort.
- Plug in VGA, power, USB keyboard, and USB drive.
- Press the "SW" button on the front (this is the power button; I don't know what "SW" is supposed to mean).
- Begin rapidly pressing Delete on the keyboard. The boot prompt is very quick, but with a few tries you should be able to get into the BIOS.
- Chipset > South Bridge > USB Configuration: set XHCI to Disabled and USB 2.0 (EHCI) to Enabled. Without doing this, the USB drive won't boot.
- Boot to the VyOS installer and install as usual.
- Warning the interface labels on my device are backwards; the left-most "LAN4" port is eth0 and the right-most "LAN1" port is eth3.
PC Engines APU2C4
For more detail about hardware spec, check here.
Installation for Version 1.1.7 not for 1.2.x
Before being able to install on apu2, you need to modify the official iso image because VyOS by default use 9600 baud rate for serial console, but apu2 bios is fixed to 115200. Without modification, you can not see booting messages. The following is steps on how to modify iso image.
- Download & mount iso image to a folder
$ mount -o loop vyos-1.1.7-amd64.iso /tmp/iso
- Copy all contents to another folder for modification
$ cp -a /tmp/iso/* /tmp/iso2
isolinux/isolinux.cfgto the following
serial 0 115200 console 0 timeout 50 display boot.txt prompt 1 ... label live linux /live/vmlinuz append console=ttyS0,115200n8 console=tty0 quiet initrd=/live/initrd.img boot=live nopersistent noautologin nonetworking nouser hostname=vyos label live-console linux /live/vmlinuz append quiet initrd=/live/initrd.img boot=live nopersistent noautologin nonetworking nouser hostname=vyos label live-serial linux /live/vmlinuz append console=ttyS0,115200n8 quiet initrd=/live/initrd.img boot=live nopersistent noautologin nonetworking nouser hostname=vyos label live-debug linux /live/vmlinuz append console=ttyS0,115200n8 console=tty0 debug verbose initrd=/live/initrd.img boot=live nopersistent noautologin nonetworking nouser hostname=vyos
console needs to be set to 0 since apu2 bios seems to forward console messages to serial console, which will mess up the screen.
- Mount the root filesystem to another folder
$ sudo mount -o loop /tmp/iso/live/filesystem.squashfs /tmp/root
- Copy all files & folders under
/tmp/rootto another folder for modification
$ sudo cp -a /tmp/root/* /tmp/root2
/tmp/root2/opt/vyatta/etc/config.boot.default, replace all matchings of string 9600 with 115200.
- Regenerate filesystem image
$ sudo mksquashfs /tmp/root2 /tmp/iso2/live/filesystem.squashfs -noappend
- Regenerate iso image
$ cd /tmp $ sudo mkisofs -o vyos-out.iso -b isolinux/isolinux.bin -c isolinux/boot.cat \ -no-emul-boot -boot-load-size 4 -boot-info-table -iso-level 3 -J \ /tmp/iso2 $ sudo isohybrid vyos-out.iso
Now you can use modified iso image to boot apu2 board.
Because I found VyOS can not detect my Transcend USB stick, I use SD card to boot the machine. There is also report that VyOS can't detect USB stick on APU, so it's recommended to use SD card instead of USB stick to create boot disk.
- Dump iso image to SD card
$ sudo dd if=vyos-out.iso of=/dev/mmcblk0 bs=1M
PC Engines APU1D4
Follow the steps above for 1.1.7 on APU2. To make the disk compatible with the APU1D4, I had to change isolinux to syslinux like so. Insert this step before "Regenerate the ISO image"
$ sudo cp -arv isolinux/ syslinux $ cd syslinux/ $ sudo mv isolinux.bin syslinux.bin $ sudo mv isolinux.cfg syslinux.cfg
I was able to boot of a USB stick written in DD mode from Rufus. Once the bootloader worked, I had to type "live" to launch vyos because the config above didn't have a default.
The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC adresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli.
There are a number of other options, but they all seem to be close to Intel reference designs, with added features like more serial ports, more network interfaces and the likes. Because they don't deviate too much from standard designs all the hardware is well-supported by mainline. It accepts one LPDDR3 SO-DIMM, but chances are that if you need more than that, you'll also want something even beefier than an i5. There are options for antenna holes, and SIM slots, so you could in theory add an LTE/Cell modem (not tested so far).
The chassis is a U-shaped alu extrusion with removable I/O plates and removable bottom plate. Cooling is completely passive with a heatsink on the SoC with internal and external fins, a flat interface surface, thermal pad on top of that, which then directly attaches to the chassis, which has fins as well. It comes with mounting hardware and rubber feet, so you could place it like a desktop model or mount it on a VESA mount, or even wall mount it with the provided mounting plate. The closing plate doubles as internal 2.5" mounting place for an HDD or SSD, and comes supplied with a small SATA cable and SATA power cable. Power supply is a 12VDC barrel jack, and included switching power supply. (which is why SATA power regulation is on-board) Internally it has a NUC-board-style on-board 12V input header as well, the molex locking style.
There are WDT options and auto-boot on power enable, which is great for remote setups. Firmware is reasonably secure (no backdoors found, BootGuard is enabled in enforcement mode, which is good but also means no coreboot option), yet has most options available to configure (so it's not locked out like most firmwares are).
An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode.