How to Enable LAN Bridge with pfSense®

Overview

This article covers how to enable a LAN bridge in pfSense®. LAN bridges act as a switch using the optional ports on the Vault. While not optimal compared to using a separate physical switch, it works if needed.

Note: If the port being used for the web interface is added to the bridge, then physical access to the unit will be necessary.

How to Create a LAN Bridge in pfSense®

In this example we will be assigning the LAN interface to a bridge utilizing the Vaults additional ports, OPT1 and OPT2. The idea of this example can be used across all the Vault models with small variation.

  • Access the webGUI. The default IP address: 192.168.1.1, username: admin, password: pfsense
  • Verify the Vaults optional interfaces(OPT1, OPT2, etc) are assigned with default settings.
  • To assign simply click Add next to the port you wish to assign. Click Save.
pfSense® Interface Assignment Menu
  • To enable the each interface, click the on the interface label(OPT1,OPT2,etc) in the left column.
  • Click Enable, leave all other settings default. Save and Apply Changes
pfSense® Interface Configuration Menu
  • In the Interfaces menu select the Bridges tab and click Add
  • Select OPT1 and OPT2 using Ctrl+Click. Don’t select the LAN interface. Click Save.
Bridge Configuration Menu
  • Navigate back to the Interface Assignments tab and change the LAN interface port to BRDIGE0
  • Note: At this point once the settings are saved the web interface connection will be lost. Swap the Ethernet connection to one of the optional ports(OPT1,OPT2) added into the bridge to regain access
Assigning BRIDGE0
  • Assign the port previously used as LAN to OPT3 and enable it as done in the steps earlier
  • Navigate back to the Bridges menu and add(Ctrl+Click) OPT3. Save
  • Navigate to System > Advanced > System Tunables
  • Select net.link.bridge.pfil_member and change its value to 0. Save
  • Select net.link.bridge.pfil_bridge and change its value to 1. Save
  • Click Apply Changes at the top
  • Reboot
  • Verify bridged ports are functioning

At this point you should have a functioning LAN bridge in pfSense®. If you need additional assistance, please feel free to reach out: support@protectli.com.

How to Enable LAN Bridge with OPNsense

Overview

This article covers how to enable a LAN bridge in OPNsense. LAN bridges act as a switch using the optional ports on the Vault. While not optimal compared to using a separate physical switch, it works if needed.

Note: This will require physical access to the Vault if the port being used to access the web interface is added into the bridge.

How to Create a LAN Bridge in OPNsense

In this example we will be assigning the LAN interface to a bridge containing the Vaults additional ports, OPT1 and OPT2. The idea of this example can be used across all the Vault models with small variation.

  • Access the web interface. The default IP address: 192.168.1.1, username: root, password: opnsense
  • Verify the Vaults optional interfaces(OPT1, OPT2, etc.) are assigned with default settings. They can be assigned by clicking the ‘+‘ then Save
OPNsense Interface Assignment Menu (FW4A)
  • Under the Interfaces tree open the OPT1 menu
  • Check Enable Interface leave all settings default
  • Click Save then Apply changes a the top
  • Repeat on additional interfaces to be included in the bridge
OPNsense Interface Menu
  • Under the Interfaces tree select Other Types, then Bridge
  • Click Add and select OPT1, OPT2, etc then click Save
OPNsense Bridge Menu
  • Under the Interfaces tree select Assignments
  • Change the LAN interface to bridge0 and click Save

Note: At this point access to the web interface will be lost. Plug into either port OPT1 or OPT2 to regain access.

OPNsense Assignments Menu
  • In the Assignments menu add the port(em1) which was previously assigned to LAN. Click Save
  • Verify OPT3 is now assigned
  • Enable OPT3 with default settings. Save and Apply Changes
  • Navigate back to the Bridge menu and edit bridge0. Add OPT3 and Save
  • Verify the LAN port now has web interface access
  • Navigate to System > Settings > Tunables
  • Locate net.link.bridge.pfil_member and change its setting from Default to 0. Save and Apply Changes
  • Locate(directly below the previous setting) net.link.bridge.pfil_bridge and change the setting from Default to 1. Save and Apply Changes
System Tunables Menu
  • Reboot
  • Verify bridged ports are functioning

At this point you should now have a functioning LAN bridge in OPNsense. If you need additional assistance, please feel free to reach out: support@protectli.com.

How to Install FreeBSD 12.0 on the Vault

Overview

As of writing this article FreeBSD 12.0 has a bug affecting the network interfaces on several models of Vaults. Here is a link to the bug report https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235147. The workaround is fairly straightforward and can be done either during install or after.

Note: FreeBSD also inherited a bug from 11.2 which affects the FW1,FW2, and FW4A model Vaults. The workaround is simply changing the BIOS to UEFI. We have an article covering that here.

To Install FreeBSD 12.0 follow the FreeBSD 11.2 install guide (link) with the caveat below.

During a install

  • At the end of the install a “Manual Configuration” window opens
  • Select ‘Yes
  • Verify the command line is present
  • Edit the loader configuration file using the following command
# vi /boot/loader.conf
  • Verify loader.conf opens with a few lines already in place
  • Hit the ‘i‘ key to enable the insert function and ‘return‘ to make a new line
  • Add the following to the new, blank line
hw.pci.enable_msix=0
  • Hit ‘ESC‘ key
  • Type :wq to write the file and quit
  • Verify the command line prompt is present, then exit
# exit
  • Reboot the Vault
  • Verify the system boots into FreeBSD and the network interfaces now function as they should

Post-install

  • Verify FreeBSD boots and login
  • Verify the command line is present
  • Edit loader configuration file using the following command
# vi /boot/loader.conf
  • Verify loader.conf opens with a few lines already there
  • Hit the ‘i‘ key to enable the insert function and ‘return‘ to make a new line
  • Add the following to the new, blank line
hw.pci.enable_msix=0
  • Hit ‘ESC‘ key
  • Type ‘:wq‘ to write the file and quit
  • Verify the command line prompt is displayed and reboot
# reboot
  • Verify the system boots into FreeBSD and the network interfaces now function as they should

If you experience any issues, please feel free to reach out to us at: support@protectli.com.

pfSense® Optional Port Configuration

Overview

This article covers how to activate the Vaults optional ports in pfSense® with our supplied configuration files. We have included configuration files in the table at the bottom of the page. These configuration files have the ports assigned and functioning with default firewall rules and DHCP enabled.

Note: These configuration files have the default admin password retained. The additional ports assigned use default firewall rules, same as what pfSense® configures for the LAN port.

How to Restore a Config File

  • Verify pfSense® has been installed correctly
  • Verify the correct configuration file has been downloaded from the table below and pfSense® will be able to access it
  • Log into the WebGUI. This is 192.168.1.1 by default.
  • The default pfSense® login user is ‘admin’ and password is ‘pfsense’
  • Verify the Setup Wizard is displayed
  • Click Diagnostics on the top of the GUI
  • From the drop-down menu click Backup & Restore
pfSense® Setup Wizard page
  • Click Choose File
  • Select the appropriate config, click open
  • Click Restore Configuration
pfSense® Backup & Restore page
  • Verify the Vault reboots
  • Log back into the WebGUI with the default credentials
  • Verify OPT1 and OPT2 (OPT3 /OPT4 additionally on the FW6x) now appear on the Interfaces widget
pfSense® WebGUI
  • It is now recommended to change the default ‘admin’ password
  • Verify the newly assigned ports are functioning and DHCP is handing out IP addresses

If you experience any issues, please feel free to reach out: support@protectli.com.

Configuration Files

ModelpfSense® VersionNotesDownloadRelease
FW12.4.4Enabled:
OPT1, OPT2
DHCP
Thermal Monitoring

Default Firewall Rules
config-pfSense.Basic-FW1-190614.xmlJune 14th, 2019
FW4A2.4.4Enabled:
OPT1, OPT2
DHCP
Thermal Monitoring
AES-NI

Default Firewall Rules
config-pfSense.Basic-FW4A-190614.xmlJune 14th, 2019
FW4B2.4.4Enabled:
OPT1, OPT2
DHCP
Thermal Monitoring
AES-NI

Default Firewall Rules
config-pfSense.Basic-FW4B-190614.xmlJune 14th, 2019
FW6(A,B,C)2.4.4Enabled:
OPT1, OPT2, OPT3, OPT4
DHCP
Thermal Monitoring
AES-NI

Default Firewall Rules
config-pfSense.Basic-FW6-190614.xmlJune 14th, 2019

How to Rescue ClearOS and CentOS

Rescue Procedure Overview

There is a documented bug in CentOS 7-1804 and ClearOS 7 that causes a kernel panic (crash) on some systems at reboot. I Information and a workaround are available at: https://bugs.centos.org/view.php?id=14779 . This bug affects the FW1, FW2, and FW4A versions of The Vault. If the newly installed CentOS or ClearOS is affected by the known issue, it can be “rescued”. “Rescue” means that the new installation can be configured to avoid this bug. See the section below for instructions to alleviate the issue.

Performing rescue on ClearOS and CentOS

Follow the instructions below to rescue the system from the known issue with ClearOS 7 and CentOS 7

  • Reboot the system from the Installation USB
  • Select Troubleshooting
  • Select Rescue ClearOS
  • Verify the system boots up
  • Verify the rescue options are displayed
  • Select “1” to continue
  • Verify the system is mounted at /mnt/sysimage
  • Hit Enter to get a shell
  • Verify the shell is at the prompt sh-4.2#
  • Use the the following command to change directory to /mnt/sysimage/etc/modprobe.d
  • sh-4.2# cd /mnt/sysimage/etc/modprobe.d/
  • Edit/Create the file snd.conf
  • Add the following line to snd.conf “blacklist snd-hdmi-lpe-audio”
  • Save the file
  • Verify the new config file with the following command:
  • sh-4.2# more snd.conf
  • Reboot the system with the following command
  • sh-4.2# reboot
  • Verify the system boots from the mSATA
  • Verify the system boots successfully
  • Continue the installation from the point of the failure and verify it completes successfully

If you experience any issues, please feel free to reach out: support@protectli.com.

How to Install ESXi on the Vault

ESXi Overview

ESXi is the VMware hypervisor for deploying multiple virtual machines on capable barebone hardware. This article describes how to install ESXi 6.7 on the Vault. The specific version used in this test is 6.7 Update 1. ESXi 6.7 has been successfully installed on all of the Vault platforms. The FW1, FW2 and FW4A require a workaround during installation. See the table at the bottom of this article for more details and a link to the workaround instructions. There is another article for previous versions of ESXi available at this link.

Verify Hardware Recommendations

VMware recommends a minimum of 4 GB of RAM.  Our test installation used 8 GB.  Additional ESXi 6.7 Hardware Requirements can be found at this link.

Install ESXi

Obtain the Installation Image

To gain access you will need to register with VMware. ESXi can be downloaded for free here https://my.vmware.com/web/vmware/evalcenter?p=free-esxi6.

ESXi Download Page

As of writing this article, The Vault has been tested with version 6.7. Unless advised to the contrary, we recommend downloading the latest available version.

Burn the Installation image to a USB Drive

The easiest way to transfer the installation image to a USB drive is by using software called “Rufus” on Windows or “Etcher” on Apple OSX. See this link for detailed instructions on how to create a bootable USB drive using Rufus or Etcher.

Note: If using the Vault FW1x, FW2x, or FW4x, be sure to use a USB stick and the USB keyboard with a plug that is relatively skinny.  The 2 USB ports on the Vault are very close to each other and if either the USB stick or the USB keyboard plug is too wide, you will not be able to plug both in at the same time, which will prevent you from doing the installation.

Install the Operating System on the Vault

  • Verify the Vault is powered down
  • Verify the monitor is connected
  • Verify the USB keyboard is plugged in (you can skip this spet if you are using the serial installer)
  • Verify the USB drive is plugged into the Vault
  • Connect the Vault to the network via the WAN port that is connected to a DHCP enabled switch
  • Power on and verify the Vault boots to the USB
  • Follow the on screen installation instructions
  • When installation is complete, the Vault will reboot and the IP address will be displayed on the ESXi console
  • To access the ESXi management console, browse to “http://<IP address>/ui” Example http://192.168.1.107/ui
  • Login with User: root and Password: created during installation
  • Verify the ESXi dashboard is displayed

ESXi 6.7 Dashboard

At this point, ESXi 6.7 is up and running on the Vault. It must now be configured for the specific Virtual Machines as desired for deployment. As always, if you experience any issues, please feel free to reach out to support@protectli.com

Optional SSD on the FW6 Vault

The FW6 series of the Vault ships with a SATA cable, SATA power cable, and 2.5″ drive mount to support an optional SSD drive (we recommend using an SSD drive, not a spinning hard drive). Adding an optional 2.5″ drive requires no software or BIOS modifications. See the screenshot below for an example of an additional 250GB drive that has been added to a FW6 with ESXi 6.7 installed.

ESXi with optional 2.5″ SSD

BIOS Compatibility

The table below shows the compatibility of tested releases of ESXi and BIOS on each of the Vaults.


VaultESXi VersionBIOS - LegacyBIOS - UEFIBIOS - coreboot
FW16.7WorkaroundNot testedN/A
FW26.7WorkaroundNot testedN/A
FW2B6.7TestedTestedTested
FW4A6.7WorkaroundNot testedN/A
FW4B6.7TestedTestedTested
FW6A6.7TestedTestedN/A
FW6B6.7TestedTestedN/A
FW6C6.7TestedTestedN/A


How to Install pfSense® CE 2.4 on the Vault

pfSense® CE Overview

pfSense® CE is an open source routing and firewall software which is based on FreeBSD. It has a variety of packages easily downloaded and configurable within the GUI itself. https://www.pfsense.org/getting-started/

Note: pfSense® CE is open source software developed for the benefit of the community.  If you are using pfSense® CE with the Vault, please consider supporting the pfSense project. https://www.pfsense.org/get-involved

Note: pfSense® CE will require hardware encryption support, specifically Intel AES-NI, starting with version 2.5. This was announced at https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html. Subsequently, there was an announcement that AES-NI will NOT be a requirement in version 2.5 https://www.netgate.com/blog/pfsense-2-5-0-development-snapshots-now-available.html However, it may be a requirement in the future. The Vault FW1 and FW2 (J1800 based CPU) series DO NOT support AES-NI. The Vault FW2B, FW4A, FW4B and FW6 series DO support AES-NI.

Note: pfSense® CE version 2.4.4 is now available. A previous article was published at this link regarding an important issue and workaround in pfSense® CE version 2.4.4 due to the fact that it is based on FreeBSD 11.2 . Both of these issues can be resolved by setting BIOS to UEFI mode on the Vault. This article supersedes that one and following the instructions below eliminates the need to refer to the previous article. See the BIOS Compatibility table at the bottom of this article for more information.

Verify Hardware Recommendations

pfSense® CE has good documentation regarding hardware recommendations on their web site. See https://docs.netgate.com/pfsense/en/latest/book/hardware/minimum-hardware-requirements.html to verify that  the proper memory and storage is available for the intended application.

Install pfSense® CE

Obtain the Installation Image and Uncompress it

There are two ways to install pfSense® CE on the Vault.  Because the Vault has a COM (serial console) port, users can install pfSense® CE using only the COM port, OR, users can install pfSense® CE the more ‘traditional’ way by using a VGA or HDMI monitor, along with a USB keyboard.

  • The easiest way to install pfSense® CE that is most likely to be error-free is with a VGA (FW1, FW2, FW4A series) or HDMI (FW2B, FW4B, FW6 series) monitor and a USB keyboard, using the VGA version of the installer
  • If the user chooses to install pfSense® CE with the serial console port on the Vault, the user MUST use the serial version of the installer.
  • If the user encounters an issue whereby the installation appears to stop and not proceed, please double check to ensure you’re using the correct version of the pfSense® CE installer with your chosen installation method.

The pfSense® CE installation image (IMG) can be downloaded from https://www.pfsense.org/download/. The same image can be used to install pfSense® CE on any of the Vault platforms. It is important to choose the correct options when downloading the image including “Version”, “Architecture”, “Installer”, and “Console.”  The proper selections are as follows for installing the Vault using a VGA monitor and USB Keyboard:

Version: The latest available (2.4.4 as of this edit)

Architecture: AMD64 (64 bit)

Console: VGA or Serial as needed (see note above; VGA or HDMI monitor = VGA installer; COM port  = serial installer)

Installer: USB Memstick Installer


pfSense® CE Download Page

Your download should begin immediately and when it is completed you should have a compressed IMG file (an example file name is: pfSense-CE-memstick-2.4.4-RELEASE-amd64.img.gz) downloaded that is ~800MB in size.

Now that the compressed image file has been downloaded, you will need to use a program like “7zip” or “winzip” on Windows to decompress the file.  The resulting file should look the same, except that the file name will now end in “.img” instead of “.img.gz”.

Burn the installation image to a USB drive

The easiest way to transfer the installation image to a USB drive is by using software called “Rufus” on Windows or “Etcher” on Mac OSX. See this link for  detailed instructions on how to create a bootable USB drive using Rufus or Etcher.

Note: If installing using a VGA monitor and USB keyboard on a Vault FW1x, FW2x, or FW4x, be sure to use a USB stick and a USB keyboard with a plug that is relatively skinny.  The 2 USB ports on the Vault are very close to each other and if either the USB stick or the USB keyboard plug is too wide, you will not be able to plug both in at the same time, which will prevent you from doing the installation.

Verify the BIOS mode

Note: There is an important issue and workaround in pfSense® CE version 2.4.4 due to the fact that it is based on FreeBSD 11.2. See this link. The issue affects the FW1, FW2, and FW4A platforms. See the BIOS Compatibility table at the bottom of this article. If UEFI is required, follow the steps below to set UEFI mode.

  • Verify the Vault is powered down
  • Verify the monitor is connected
  • Verify the USB keyboard is plugged in (you can skip this step if you are using the serial installer)
  • While powering up the Vault, press “DEL” key and verify that it boots to the BIOS.
BIOS Main
  • Select “Advanced” tab
Advanced Tab
  • Select “CSM Configuration”
Advanced->CSM
  • Select “Boot option filter”
Boot Option Filter
  • Select “UEFI only”
  • Press RETURN then “F4” to save and exit the BIOS
  • Power off the unit

Install the Operating System on the Vault

  • Insert the USB installation drive into the USB port on the Vault
  • While powering up the Vault, press “F11” key and verify that it boots to the BIOS boot options screen.

NOTE: If using the serial installer, F11 commonly will not show the boot options menu.  In this case, use the “DEL” key to enter the BIOS.  In the BIOS, a specific boot device can be chosen from the last, or rightmost tab.

  • Select the USB drive UEFI partition to boot from if UEFI was configured, else just select the USB drive
  • Verify the Vault boots and begins the installation process
  • Follow the on screen installation prompts to install pfSense® CE

For detailed installation information, see the procedures presented on the pfSense® CE website at this link.


pfSense® CE Dashboard

For more detailed configuration instructions, the documentation page at: https://docs.netgate.com/pfsense/en/latest/index.html

Once rebooted, the Vault should be up and running. Follow any on screen instructions for logging in to pfSense® CE.  

If you experience any issues, please feel free to reach out: support@protectli.com.

BIOS Compatibility

The table below shows the compatibility of tested releases of pfSense® CE and BIOS on each of the Vaults.

VaultpfSense® CE VersionBIOS - LegacyBIOS - UEFIBIOS - coreboot
FW12.4.4Fail, Use UEFITestedN/A
FW22.4.4Fail, Use UEFITestedN/A
FW2B2.4.4TestedTestedTested
FW4A2.4.4Fail, Use UEFITestedN/A
FW4B2.4.4TestedTestedTested
FW6A2.4.4TestedTestedN/A
FW6B2.4.4TestedTestedN/A
FW6C2.4.4TestedTestedN/A
FW12.4.3TestedTestedN/A
FW22.4.3TestedTestedN/A
FW2B2.4.3TestedTestedTested
FW4A2.4.3TestedTestedN/A
FW4B2.4.3TestedTestedTested
FW6A2.4.3TestedTestedN/A
FW6B2.4.3TestedTestedN/A
FW6C2.4.3TestedTestedN/A

How to Install FreeBSD 11.2 on The Vault

FreeBSD 11.2 Overview

FreeBSD is an open source Linux operating system that has been successfully installed on all of the Vault platforms. The FreeBSD home page is at www.freebsd.org This article will describe installation of a recent version.

FreeBSD 11.2 Issues

With the release of FreeBSD 11.2, one of the kernel defaults was changed such that some of the Vaults do not automatically boot up correctly during installation via USB and also after subsequent bootups from mSATA. This issue is described exactly in the FreeBSD forum at this link: https://forums.freebsd.org/threads/install-freezes-at-consoles-efi-consoles.61243

The symptom of the affected Vaults is that during boot, the console will freeze at a “Booting” message and never get any further. The system is actually booting, but there is no console I/O.

A bug has been filed regarding this issue at this link: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230172  and it includes a workaround, specifically Comment 10 in the bug.

The FreeBSD bug affects the FW1, FW2, and FW4A platforms, but not the FW2B, FW4B, and FW6 platforms.

When this article was originally written, the workaround instructions were described below in “FreeBSD 11.2 Console Instructions”. However, a simpler solution has been  found and tested. Following the instructions linked in “Verify the BIOS mode” will solve the issue and it is not required to follow “FreeBSD 11.2 Console Instructions” at the bottom of the page.

Verify Hardware Recommendations

FreeBSD has minimal hardware requirements for basic system. Refer to this link for hardware compatibility. https://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/hardware.html

Install FreeBSD 11.2

Obtain the Installation Image and Uncompress it

The FreeBSD installation image can be downloaded from https://www.freebsd.org/where.html. It is important to make sure the correct image file for USB memory stick is selected as shown in the image below.

Version: 11.2

Architecture: AMD64 (64-bit)

Install type: “memstick.img”

FreeBSD Main Install Page
FreeBSD Memory Stick Image File

Burn the installation image to a USB drive

The easiest way to transfer the installation image to a USB drive is by using software called “Rufus” on Windows or “Etcher” on Mac OSX. See this link for  detailed instructions on how to create a bootable USB drive using Rufus or Etcher.

Note: If installing using a VGA monitor and USB keyboard on a Vault FW1x, FW2x, or FW4x, be sure to use a USB stick and a USB keyboard with a plug that is relatively skinny.  The 2 USB ports on the Vault are very close to each other and if either the USB stick or the USB keyboard plug is too wide, you will not be able to plug both in at the same time, which will prevent you from doing the installation.

Verify the BIOS mode

As mentioned above there is a simple fix to the bug introduced in 11.2. By changing the BIOS mode to UEFI the issue is resolved. See the Knowledge Base article which gives step by step instructions linked here.

Install the Operating System on The Vault

Once the FreeBSD installation image is properly copied to the USB drive, it is ready to be installed on the Vault.

  • Verify the Vault is powered down.
  • Verify the monitor is connected.
  • Verify the USB keyboard is plugged in.
  • Verify an Ethernet connection is in the “WAN” port that is connected to a DHCP server.
  • Insert the USB install drive into the other USB port on the Vault.
  • While powering up the Vault, press “F11” key and hold it down until it boots to the BIOS and you see the boot options screen.
  • Select the USB drive to boot from.
  • Verify the Vault boots to the FreeBSD installation
  • Select “Install” and answer prompts for “Keyboard Mapping” and “Hostname”
  • When prompted for system options, leave defaults
  • Configure networking to get files from the internet. Recommend “em0”, “IPv4”, and “DHCP”.
  • Select FreeBSD site for download
  • Select ZFS (Auto) for the filesystem
  • Select “Install”, “Stripe”, “ada0” (with space bar).
  • Continue the installation and when prompted set “Password”, “Timezone”, “Date”, and “Time”.
  • When prompted for “Services” and “Security”, recommend the defaults.
  • When prompted for “Users”, add additional users if desired.
  • Continue the installation and verify that it completes successfully.
  • Reboot the system and verify the it boots to FreeBSD

FreeBSD has a “Handbook” which covers this and much more in-depth at this link https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/

At this point, FreeBSD should be up and running on The Vault. However, If you experience any issues, please feel free to reach out to us at: support@protectli.com.

FreeBSD 11.2 Console Bug Instructions

If UEFI is not an option, the bug workaround is summarized below.

  • Download the FreeBSD 11.2 installer (amd64, memstick) image
  • Create a bootable USB as described at this link
  • Install the image from the USB
  • Verify the FreeBSD installation menu appears
  • Select the space bar to pause the boot
  • Select “3” to go to the Loader prompt
  • Verify the prompt “OK” appears
  • Type “set kern.vty=sc”, RET
  • Type “boot”
  • Verify the system continues to boot up normally
  • Install FreeBSD as described at the link above

At this point, FreeBSD has been installed on the mSATA. However, the same issue regarding the console with the USB boot will be present now that the system is booting from the mSATA.

  • Select “Reboot” and verify the system boots from the mSATA drive with the new installation
  • Follow the same instructions above to set the console parameter
  • Verify the FreeBSD boot menu appears
  • Select the space bar to pause the boot
  • Select “3” to go to the Loader prompt
  • Verify the prompt “OK” appears
  • Type “set kern.vty=sc”, RET
  • Type “boot”
  • Verify the system continues to boot up normally to FreeBSD
  • Login as “root” with the “password” that was set during installation

At this point, FreeBSD is available for use during this session. However, we want to configure the system to permanently fix the console issue so that manual intervention is not required every time it boots.

  • Change Directory to /boot, type “cd /boot”
  • Verify the file “loader.conf” is present, type “ls loader.conf”
  • For safety sake, copy “loader.conf” to another file for backup, type “cp loader.conf loader.conf.orig”
  • Edit loader.conf using a text editor such as “vi”
  • Add the following line in loader.conf, kern.vty=”sc”, enclosing quotes around “sc”
  • Save the file and exit
  • Type “reboot”
  • Verify the system reboots successfully without hanging at the console

FreeBSD BIOS Compatibility

The table below shows the compatibility of tested releases of FreeBSD and BIOS on each of the Vaults.

VaultFreeBSD VersionBIOS - LegacyBIOS - UEFIBIOS - coreboot
FW111.2Fail, Use UEFITestedN/A
FW211.2Fail, Use UEFITestedN/A
FW2B11.2TestedTestedNot Tested
FW4A11.2Fail, Use UEFITestedN/A
FW4B11.2TestedTestedNot Tested
FW6A11.2TestedTestedN/A
FW6B11.2TestedTestedN/A
FW6C11.2TestedTestedN/A

How to install ClearOS on the Vault

ClearOS Overview

According to the ClearOS home page at https://www.clearos.com:

“ClearOS is an open source software platform that leverages the open source model to deliver a simplified, low cost hybrid IT experience for SMBs. The value of ClearOS is the integration of free open source technologies making it easier to use. By not charging for open source, ClearOS focuses on the value SMBs gain from the integration so SMBs only pay for the products and services they need and value.”

Note: ClearOS has a known bug that affects some Vaults. Previously suggested was a workaround which is located here. Instead, we now recommend changing BIOS to UEFI to alleviate this issue. The UEFI guide is located at this link.

Verify Hardware Recommendations

ClearOS has good documentation regarding hardware recommendations on their web site. Be sure to review this link to verify that  the proper memory and storage is available for the intended application.

Install ClearOS

Obtain the Installation Image and Uncompress it

The ClearOS download page is located at https://www.clearos.com/products/purchase/clearos-downloads.

There are multiple versions of ClearOS at different price points. In order to test ClearOS compatibility with The Vault, we used the ClearOS 7 Community Edition.

clearOS Download Page

Burn the installation image to a USB drive

The easiest way to transfer the installation image to a USB drive is by using software called “Rufus” on Windows or “Etcher” on Apple OSX. See this link for detailed instructions on how to create a bootable USB drive using Rufus or Etcher.

Rufus will ask if you want to burn in “ISO image mode” or “DD image mode”. Use the recommended default of “ISO image mode”

Note: If using the Vault FW1x, FW2x, or FW4x, be sure to use a USB stick and the USB keyboard with a plug that is relatively skinny.  The 2 USB ports on the Vault are very close to each other and if either the USB stick or the USB keyboard plug is too wide, you will not be able to plug both in at the same time, which will prevent you from doing the installation.

Install ClearOS on The Vault

  • Verify that the Vault is powered down
  • Verify that the VGA or HDMI monitor is connected
  • Verify that the USB keyboard is plugged in
  • Insert the USB install drive into the another USB port on the Vault
  • While powering up the Vault, press “F11” key and hold it down until it boots to the BIOS and you see the boot options screen
  • Select the USB drive to boot from
  • Select Install ClearOS
  • Verify that the Vault boots and begins the installation process
  • Follow the installation prompts for language, keyboard, etc.
  • Verify the Installation summary is displayed
  • If desired, select Date & Time and set them appropriately
  • In this example, the Software Selection is the “Minimum Install”
  • Select System->Installation Destination
  • Select the mSATA SSD
  • Select DONE
  • If there is not enough space for the installation a window, will pop up. Select Reclaim space
  • Follow the prompts to delete old partitions and reclaim space
  • Select Begin Installation
  • While installation begins, select Root Password
  • Set the root password
  • Verify the installation continues and completes
  • Reboot
  • Verify the system boots to GUI with instructions to browse to the web interface, for example https://192.168.41.154:81
  • Browse to the address displayed in the console
  • Verify the login page is displayed
  • Login as “root” with password that was set during the installation process
  • Verify the Wizard is displayed
  • Follow the prompts to
    • Select the Server Mode
    • Network Settings
    • Registration
    • Configuration
    • Marketplace
    • System->Dashboard
  • ClearOS is now successfully installed on The Vault

ClearOS has a comprehensive user guide which covers in-depth configurations located here
https://www.clearos.com/resources/documentation/clearos/index:userguide7

Example ClearOS Dashboard

At this point, ClearOS should be up and running on The Vault.  However, if you experience any issues, please feel free to reach out to us at: support@protectli.com.


ClearOS BIOS Compatibility

The table below shows the compatibility of tested releases of ClearOS and BIOS on each of the Vaults.



VaultClearOS Version BIOS - LegacyBIOS - UEFIBIOS - coreboot
FW1ClearOS 7.6.0Fail, Use UEFITestedN/A
FW2ClearOS 7.6.0Fail, Use UEFITestedN/A
FW2BClearOS 7.6.0TestedTestedNot Tested
FW4AClearOS 7.6.0Fail, Use UEFITestedN/A
FW4BClearOS 7.6.0TestedTestedNot Tested
FW6AClearOS 7.6.0TestedTestedN/A
FW6BClearOS 7.6.0TestedTestedN/A
FW6CClearOS 7.6.0TestedTestedN/A

How to Install OpenBSD on The Vault

OpenBSD Overview

OpenBSD is a common open source UNIX-like operating system. Information regarding OpenBSD can be found on the home page at openbsd.org.

Download OpenBSD

OpenBSD is highly configurable and there are multiple versions of OpenBSD and multiple system targets so it is important to get the correct installation file. OpenBSD can be downloaded from one of many mirrors. The mirrors are available at https://www.openbsd.org/ftp.html.

Follow these steps to download OpenBSD for the Vault:

  • Select a mirror
  • Select the version of OpenBSD (6.3 was tested for this installation)
  • Select “amd64” for 64 bit
  • Select “install63.fs” where “fs” includes the “file sets” which are OpenBSD core OS files
  • Verify that an image such as “install63.fs” is downloaded that is about ~400 MB

Burn the installation image to a USB drive

The easiest way to transfer the installation image to a USB drive is by using software called “Rufus” on Windows or “Etcher” on Apple OSX. See this link for detailed instructions on how to create a bootable USB drive using Rufus or Etcher.

Install OpenBSD on The Vault

  • Verify that the Vault is powered down
  • Verify that the VGA or HDMI monitor is connected
  • Verify that the USB keyboard is plugged in
  • Insert the USB install drive into the another USB port on the Vault
  • While powering up the Vault, press “F11” key and hold it down until it boots to the BIOS and you see the boot options screen
  • Select the USB drive to boot from
  • Verify that the Vault boots and begins the installation process
  • Follow the installation prompts, in many cases the defaults are the desired response
  • Select (I) for Installation
  • Select the keyboard
  • Enter the Hostname
  • Select the Network Interface (em0 is “WAN” on the Vault)
  • Configure Network Interface for DHCP, Static IP as desired
  • Configure additional Network Interfaces as desired
  • Set the root password
  • Enable sshd as desired
  • Recommend not starting Xwindows at installation
  • Recommend not changing console at installation
  • Recommend not adding users at installation
  • Allow root ssh login as desired
  • Set timezone
  • At available disks, Which disk is the root disk? hit “?” to verify the disks, sd0 should be the mSATA SSD, sd1 should be the USB
  • Select the root disk [sd0]
  • Select (W)hole disk
  • Select (A)uto layout
  • Initialize disk, select “done”
  • Install the sets, Location of sets, select “disk”
  • Is disk partition already mounted?, select “no”
  • Select install media, “sd1”
  • Select sd1 partition with install sets, select “a” (the largest partition displayed)
  • Pathname to the sets, select default “6.3/amd64”
  • Set name(s), select “done”
  • If prompted for SHA256.sig, continue without verification
  • Verify all sets are installed
  • Select “done”
  • Continue and verify successful installation
  • Reboot
  • Verify system boots to the login prompt
  • Login as “root” with the password set during installation
  • OpenBSD is now successfully installed on The Vault

System Compatibility

The table below shows the latest tested release of OpenBSD on each of the Vaults.

VaultLatest Version Tested
FW1OpenBSD 6.3
FW2OpenBSD 6.3
FW2BOpenBSD 6.3
FW4AOpenBSD 6.3
FW4BOpenBSD 6.3
FW6AOpenBSD 6.3
FW6BOpenBSD 6.3
FW6COpenBSD 6.3

At this point, OpenBSD should be up and running on The Vault.  However, if you experience any issues, please feel free to reach out to us at: support@protectli.com.