[talk] some pfSense, APU notes

Patrick McEvoy mcevoy.pat at gmail.com
Wed Sep 24 14:36:17 EDT 2014

George Rosamond wrote:
> Posting here someone on talk@ or via a search engine, might find it useful.
> The APU is PCEngines most recent board, replacing those well-loved Alix
> boards.  They are 64-bit, and have either 2G or 4G of RAM.  mSATA SDD,
> SD Card storage.
> http://pcengines.ch/apu.htm
> Since the APUs run hot, mounting the heat sink pad is critical.  Rumor
> has it there's a few degree cooler on the mobo if you use the black case
> as opposed to the other ones.

Should you be unlucky enough to knock your heatsink off/ need a new one,
here is the Netgate link for a replacement one. May you never need to
use this link:

If you're placing an order, add this to your order an extra heatsink:

> When flashing to the newest and latest BIOS, USB sticks were
> unsuccessful.  I used an SD card with syslinux from gooze.eu, and
> replaced the ROM file as per the most recent at the particular APU
> product description page.
> The PCEngines support forum (http://www.pcengines.info/) can seem more
> like an ugly bar fight, but hold your nose and peruse and you may find
> something useful.
> For pfSense on the APU with SD cards, I'm using the amd64-nanobsd version.
> Over serial, pfSense needs cu/tip/minicom speed at 9600, while the APU
> is set for 115200.  Setting the speed to 9600 means the BIOS information
> is missed.  Setting the speed to 115200 means pfSense seems to hang at
> the "choose a slice" stage, when it actually isn't.  On pfSense, console
> speed can be tinkered under the System tab, then Advanced, and scroll
> down to "Serial Communications."
> The usual "mount root" error can be resolved by manually mounting the
> two slices on the SD card, and adding the following to
> /boot/loader.conf.local (preferable over /boot/loader.conf)
> kern.cam.boot_delay=10000
> I recommend making sure both slices boot.  This can be done manually
> during the boot process, but can also be done through the "Diagnostics"
> tab, then "NanoBSD" in the first "Bootup Information" section.
> I'm guessing that recent pfSense upgrade problems I've been having on a
> variety of devices with flash media storage has to do with this.
> One (seemingly) stupid consideration for all devices requiring logins:
> change the default login name.  Always.  Brute forcing passwords is more
> difficult when the adversary is using the default login.
> HTH.
> g
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

More information about the talk mailing list