PDA

View Full Version : So I tried loading pfSense on a 4600



roveer
2017-10-28, 17:10
I picked up a 4600 on eBay to play around with. Didn't pay much. I'm in the process of trying to get the license transferred to my account and if I am unsuccessful this will just have to be a science project box (15 day trail only).

So I decided I'd try to load pfSense on the box. I made up a console cable and broke out one of my ancient laptops with a serial cable to run putty. That was all fun, cut up an old serial cable and put a RJ45 on one end. Worked great.

I then pulled the original HD and put in a small laptop hd and stuck in a pfSense memstick image on a usb key. It booted! I thought I was on my way. After the boot screen it basically locks up and won't continue. I noticed that the BIOS is locked with a password. I'm guessing (please correct me if i'm wrong), that the HD probably locks and has to do with the locked bios? Tried a few different pfSense images (i386) images, but had same result.

So can anyone lend any wisdom. If I am able to get the license transferred would I be able to get CP to unlock the bios? I've read that it can be done.

Anything else I can try or should know about the whole bios/hd thing.

Finally,

I set up R77 and tried to set up a IPSEC/VPN to a pfSense box on the same subnet. Couldn't get them to connect. After setting up a bunch of policy rules allowing vpn ports the pfSense box said it was connected but the CP box never showed a connection and no traffic would pass. Followed lots of guides, watched lots of videos but couldn't get them to connect. Any wisdom on this. If I'm not getting a connection am I missing some policy rules on the pfsense box? Tried all the same rules I put on the CP box but no joy.

One last thing. What's the wisdom on CP versions? On the 4600 I have right now it's got images for R45 and R77. Should I load a R80 image on the box?

Thanks,

Roveer

jflemingeds
2017-10-28, 19:02
My guess is the kernel isnít sending the console output to the serial port. Do a search for pfsense searial console.

laf_c
2017-10-29, 01:02
What I can tell you: many years ago I set up a site-to-site between two pfsense VMs.

Both VMs were using same NIC, labeled external and no matter what I did VPN was down. Then I found our that if I change the WAN IP addressing from 192.168.1.x/24 towards any pair of public IPs, then it will work. What's your public/Internet IP addressing for the lab?

roveer
2017-10-29, 09:55
My guess is the kernel isnít sending the console output to the serial port. Do a search for pfsense searial console.

That gives me hope! I always get so confused with pfSense builds I may have forgot to get the serial build. I'll give that a try and report back. Thanks for the tip.

Roveer

roveer
2017-10-29, 09:58
What I can tell you: many years ago I set up a site-to-site between two pfsense VMs.

Both VMs were using same NIC, labeled external and no matter what I did VPN was down. Then I found our that if I change the WAN IP addressing from 192.168.1.x/24 towards any pair of public IPs, then it will work. What's your public/Internet IP addressing for the lab?

I'm using 172.16.1.x for my public IP so that would be non-routable.

Roveer

jflemingeds
2017-10-29, 14:22
I'm using 172.16.1.x for my public IP so that would be non-routable.

Roveer

I think pfsense is very picky on the way the remote is identified in phase I. You may want to pull a ike debug to see how the checkpoint is advertising and compare with what pfsense is configured for. If i recall you can say this is the remote peer IP and this is how the remote is identified on the pfsense side.

roveer
2017-10-29, 14:34
My guess is the kernel isnít sending the console output to the serial port. Do a search for pfsense searial console.

SUCCESS!!!

You nailed it!!! I grabbed the 2.4.1 64 bit serial image and it loaded right up. Then I ran into the next problem. The port mappings don't follow whats on the front of the device. instead of going 1-4 across and 5-8 across they went one by one bottom to top. Probably following the hardware implementation and on CP gets remapped somewhere along the way.

In any event I can now play around while I wait to see if my guy shows up to transfer my CP license. Good fun..

Thanks so much for the help.

Now I'm going to set off to IPSEC/VPN my 2 pfSense devices and see what happens.

Roveer