FreeBSD -CURRENT on a Fanless Mini-ITX embedded board

So I got one of these:
jbc361f35

And it does actually run FreeBSD quite well.

I had hoped it would be the stand alone router/firewall for my home BUT our stupid Australian government has gone broke and I do not get Fibre To The Premise NBN but rather Fiber To The Node/Branch.

This means I had to buy an expansive VDSL2 router (they still have ADSL????) and I connect this to one of the ports and created a separate access point.

FreeBSD 11.1 wouldn’t boot and I am very short on time, so I just downloaded CURRENT and that seems to work fine.

I am currently using it as a VPN box and it allows me to connect to my DO droplet which runs a few other services such as an IRC bouncer.

The IRC bouncer works better over a VPN connection and using the firewall’s CPU to access the VPN saves my phone and tablet battery, it also allow me to connect my Windows RT device to the VPN as well.

Streaming videos at 1080p works the poor little CPU to 30% roughly and the case gets too hot without external cooling.

Pros:
1.) Runs FreeBSD perfectly including WiFi
2.) 64bit x86 machine
3.) Tiny!
4.) Low power consumption

Cons:
1.) Run too hot
2.) Pricey ($300 ~ AUD)
3.) Gutless (weak CPU)

First of all the dmesg:

Copyright (c) 1992-2018 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.

WARNING: WITNESS option enabled, expect reduced performance.
VT(vga): resolution 640x480
CPU: AMD G-T40E Processor (1000.02-MHz K8-class CPU)
  Origin="AuthenticAMD"  Id=0x500f20  Family=0x14  Model=0x2  Stepping=0
  Features=0x178bfbff
  Features2=0x802209
  AMD Features=0x2e500800
  AMD Features2=0x35ff
  SVM: NP,NRIP,NAsids=8
  TSC: P-state invariant, performance statistics
real memory  = 4294967296 (4096 MB)
avail memory = 3667877888 (3497 MB)
Event timer "LAPIC" quality 100
ACPI APIC Table: 
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s)
random: unblocking device.
Firmware Warning (ACPI): Optional FADT field Pm2ControlBlock has valid Length but zero Address: 0x0000000000000000/0x1 (20180105/tbfadt-796)
ioapic0: Changing APIC ID to 0
ioapic0  irqs 0-23 on motherboard
SMP: AP CPU #1 Launched!
Timecounter "TSC" frequency 1000022973 Hz quality 800
random: entropy device external interface
netmap: loaded module
[ath_hal] loaded
module_register_init: MOD_LOAD (vesa, 0xffffffff80ff8760, 0) error 19
kbd1 at kbdmux0
nexus0
vtvga0:  on motherboard
cryptosoft0:  on motherboard
acpi0:  on motherboard
acpi0: Power Button (fixed)
unknown: I/O range not supported
cpu0:  on acpi0
cpu1:  on acpi0
attimer0:  port 0x40-0x43 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
atrtc0:  port 0x70-0x71 irq 8 on acpi0
atrtc0: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
hpet0:  iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 550
Event timer "HPET1" frequency 14318180 Hz quality 450
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0:  port 0x808-0x80b on acpi0
pcib0:  port 0xcf8-0xcff on acpi0
pci0:  on pcib0
vgapci0:  port 0xf000-0xf0ff mem 0xc0000000-0xcfffffff,0xfeb00000-0xfeb3ffff irq 18 at device 1.0 on pci0
vgapci0: Boot video device
hdac0:  mem 0xfeb44000-0xfeb47fff irq 19 at device 1.1 on pci0
pcib1:  irq 16 at device 4.0 on pci0
pcib1: [GIANT-LOCKED]
pcib2:  irq 17 at device 5.0 on pci0
pci1:  on pcib2
re0:  port 0xe000-0xe0ff mem 0xd0104000-0xd0104fff,0xd0100000-0xd0103fff irq 17 at device 0.0 on pci1
re0: Using 1 MSI-X message
re0: Chip rev. 0x2c800000
re0: MAC rev. 0x00100000
miibus0:  on re0
rgephy0:  PHY 1 on miibus0
rgephy0:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re0: Using defaults for TSO: 65518/35/2048
re0: Ethernet address: 00:30:18:ad:4e:08
re0: netmap queues/slots: TX 1/256, RX 1/256
pcib3:  irq 19 at device 7.0 on pci0
pci2:  on pcib3
atapci0:  port 0xd040-0xd047,0xd030-0xd033,0xd020-0xd027,0xd010-0xd013,0xd000-0xd00f irq 19 at device 0.0 on pci2
ata2:  at channel 0 on atapci0
ahci0:  port 0xf140-0xf147,0xf130-0xf133,0xf120-0xf127,0xf110-0xf113,0xf100-0xf10f mem 0xfeb4f000-0xfeb4f3ff irq 19 at device 17.0 on pci0
ahci0: AHCI v1.20 with 4 3Gbps ports, Port Multiplier supported
ahci0: quirks=0x22000
ahcich0:  at channel 0 on ahci0
ahcich1:  at channel 1 on ahci0
ahcich2:  at channel 2 on ahci0
ahcich3:  at channel 3 on ahci0
ohci0:  mem 0xfeb4e000-0xfeb4efff irq 18 at device 18.0 on pci0
usbus0 on ohci0
usbus0: 12Mbps Full Speed USB v1.0
ehci0:  mem 0xfeb4d000-0xfeb4d0ff irq 17 at device 18.2 on pci0
usbus1: EHCI version 1.0
usbus1 on ehci0
usbus1: 480Mbps High Speed USB v2.0
ohci1:  mem 0xfeb4c000-0xfeb4cfff irq 18 at device 19.0 on pci0
usbus2 on ohci1
usbus2: 12Mbps Full Speed USB v1.0
ehci1:  mem 0xfeb4b000-0xfeb4b0ff irq 17 at device 19.2 on pci0
usbus3: EHCI version 1.0
usbus3 on ehci1
usbus3: 480Mbps High Spe
isa0:  on isab0
pcib4:  at device 20.4 on pci0
pci3:  on pcib4
ohci2:  mem 0xfeb4a000-0xfeb4afff irq 18 at device 20.5 on pci0
usbus4 on ohci2
usbus4: 12Mbps Full Speed USB v1.0
pcib5:  at device 21.0 on pci0
pci4:  on pcib5
ath0:  mem 0xfe900000-0xfe90ffff irq 16 at device 0.0 on pci4
[ath] AR9285E_20 detected; using XE TX gain tables
[ath] AR9285 Main LNA config: LNA2
[ath] AR9285 Alt LNA config: LNA1
[ath] LNA diversity enabled, Diversity enabled
[ath] Enabling diversity for Kite
ath0: [HT] enabling HT modes
ath0: [HT] 1 stream STBC receive enabled
ath0: [HT] 1 RX streams; 1 TX streams
ath0: AR9285 mac 192.2 RF5133 phy 14.0
ath0: 2GHz radio: 0x0000; 5GHz radio: 0x00c0
pcib6:  at device 21.1 on pci0
pci5:  on pcib6
re1:  port 0xc000-0xc0ff mem 0xd0004000-0xd0004fff,0xd0000000-0xd0003fff irq 17 at device 0.0 on pci5
re1: Using 1 MSI-X message
re1: Chip rev. 0x2c800000
re1: MAC rev. 0x00100000
miibus1:  on re1
rgephy1:  PHY 1 on miibus1
rgephy1:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re1: Using defaults for TSO: 65518/35/2048
re1: Ethernet address: 00:30:18:ad:4e:09
re1: netmap queues/slots: TX 1/256, RX 1/256
ohci3:  mem 0xfeb49000-0xfeb49fff irq 18 at device 22.0 on pci0
usbus5 on ohci3
usbus5: 12Mbps Full Speed USB v1.0
ehci2:  mem 0xfeb48000-0xfeb480ff irq 17 at device 22.2 on pci0
usbus6: EHCI version 1.0
usbus6 on ehci2
usbus6: 480Mbps High Speed USB v2.0
acpi_button0:  on acpi0
acpi_tz0:  on acpi0
atkbdc0:  port 0x60,0x64 irq 1 on acpi0
atkbd0:  irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
uart0:  port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart2:  port 0x3e8-0x3ef irq 7 on acpi0
uart3:  port 0x2e8-0x2ef irq 11 on acpi0
uart1:  port 0x2f8-0x2ff irq 3 on acpi0
Timecounters tick every 1.000 msec
hdacc0:  at cad 0 on hdac0
hdaa0:  at nid 1 on hdacc0
pcm0:  at nid 3 on hdaa0
hdacc1:  at cad 0 on hdac1
hdaa1:  at nid 1 on hdacc1
hdaa1: No presence detection support at nid 27
pcm1:  at nid 20,27 and 25,26 on hdaa1
ugen1.1:  at usbus1
ugen6.1:  at usbus6
uhub0:  on usbus1
uhub1:  on usbus6
ugen4.1:  at usbus4
ugen5.1:  at usbus5
uhub2:  on usbus4
uhub3:  on usbus5
ugen2.1:  at usbus2
ugen0.1:  at usbus0
uhub4:  on usbus2
uhub5:  on usbus0
ugen3.1:  at usbus3
uhub6:  on usbus3
uhub2: 2 ports with 2 removable, self powered
uhub3: 4 ports with 4 removable, self powered
uhub4: 5 ports with 5 removable, self powered
uhub5: 5 ports with 5 removable, self powered
uhub1: 4 ports with 4 removable, self powered
uhub0: 5 ports with 5 removable, self powered
uhub6: 5 ports with 5 removable, self powered
ugen0.2:  at usbus0
ukbd0 on uhub5
ukbd0:  on usbus0
kbd2 at ukbd0
ada0 at ahcich0 bus 0 scbus1 target 0 lun 0
ada0:  ATA8-ACS SATA 1.x device
ada0: Serial Number 081001FB0132LBG4G53A
ada0: 150.000MB/s transfers (SATA 1.x, UDMA6, PIO 8192bytes)
ada0: Command Queueing enabled
ada0: 76319MB (156301488 512 byte sectors)
WARNING: WITNESS option enabled, expect reduced performance.
Trying to mount root from ufs:/dev/ada0s1a [rw]...
wlan0: Ethernet address: dc:85:de:10:6b:c1
re0: link state changed to DOWN
re1: link state changed to DOWN
uhid0 on uhub5
uhid0:  on usbus0
pflog0: promiscuous mode enabled
re1: link state changed to UP
tun0: link state changed to UP

/etc/rc.conf

clear_tmp_enable="YES"
syslogd_flags="-ss"
sendmail_enable="NONE"
hostname="firewall"

#wireless ap stuf
#++++++++++++++++++++++++++++++++++++++++++++++++++
wlans_ath0="wlan0"              # create wireless device
create_args_wlan0="wlanmode hostap"
ifconfig_wlan0="inet 10.0.0.100 netmask 255.255.255.0 ssid deemzee mode 11g channel 1"
hostapd_enable="YES"            # start host access point daemon
dhcpd_enable="YES"
dhcpd_ifaces="wlan0"

gateway_enable="YES"            # Enable as LAN gateway

## PF firewall
pf_enable="YES"                 # Enable PF (load module if required)
pf_rules="/etc/pf.conf"         # rules definition file for pf
pf_flags=""                     # additional flags for pfctl start up
pflog_enable="YES"              # start pflogd(8)
pflog_logfile="/var/log/pflog"  # where pflogd should store the logfile
pflog_flags=""  

#+++++++++++++++++++++++++++++++++++++++++++++++++++++

ifconfig_re0="DHCP"
ifconfig_re1="DHCP"

sshd_enable="YES"
ntpdate_enable="YES"
ntpd_enable="YES"
powerd_enable="YES"

# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
bsdstats_enable="YES"

#
openvpn_enable="YES"

/etc/hostapd.conf

interface=wlan0
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=deemzee
wpa=2
wpa_passphrase=your pass
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
 

/usr/local/etc/dhcpd.conf

### Lease Times
default-lease-time 86400;
max-lease-time 86400;

### Options
authoritative;
get-lease-hostnames true;
option broadcast-address 10.0.0.255;
option routers 10.0.0.100;
option subnet-mask 255.255.255.0;
option domain-name-servers 8.8.8.8, 8.8.4.4;

### DHCP Address Bank of 100 ip addresses
subnet 10.0.0.0 netmask 255.255.255.0
  {
  range 10.0.0.1 10.0.0.99;
  }

/etc/pf.conf

 
lan_if="tun0" #OpenVPN tunnel interface
local_if="re1" #local ethernet interface
wifi_if="wlan0" #wireless interface

# options
set block-policy drop # will cause notify that a packet is not deliverable

# skip loopback
set skip on lo0

# NAT translation
nat on $lan_if from $wifi_if:network to !($lan_if) -> ($lan_if)

# default block all packets not matched below
block all

# out is fine
pass in log quick on { $local_if $lan_if $wifi_if } proto { udp tcp } from any to any port 22
pass out log quick


# pass inet4 and inet6 traffic in on wifi and lan
pass in log on { $lan_if $local_if $wifi_if } inet
pass in log on { $lan_if $local_if $wifi_if } inet6

# icmp fine
pass out log inet proto icmp from any to any keep state
pass in log quick inet proto icmp from any to any keep state

CPU usage streaming a 1080p YouTube video:

Screenshot_2018-01-31_21-13-18.png

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s