Building a small form factor pfSense Router

About a year ago, I was looking around at building a pfSense server to replace my Netgear Nighthawk as I was bringing in some new hardware and wanted to create a couple of VLANs and setup some more advanced routing and such.

I did some research and stumbled across the apu1c4 which seemed like it would be perfect for my needs. pcengines also carries all the other components including case to build a very small device with a lot of power. Note that the below guide walks through the setup specifically with a machine running OS X 10.10. Instructions for writing the pfSense image for other Operating Systems can be found here while instructions for consoling to the device from other Operating Systems can be found here.

Components

Here is a list of all the components you would need to order:

  • One of either the apu1d (2GB of memory) or the apu1d4 (4GB of memory)
  • One power adapter (Note that PC Engines makes adapters for the EU and UK
  • One case (They do have other colors available however black is recommended by manufacturer for heat reasons)
  • One mSata SSD Drive (16GB) or larger depending on your use case (storing large amounts of logs for example)
  • One Null Modem cable
  • One USB to Serial cable (this one I know works with OS X)

Building the server

  1. Follow this guide here which shows how to install the head spreader and insert the board into the bottom of the case. (Ensure you first remove the hex screws on the serial port)
  2. Install the mSATA drive by inserting it into the socket on the board.
  3. Close the case, and screw the hex nuts back in.

Installation

  1. Download a copy of pfSense here. When prompted choose AMD64 for the Architecture, Live CD with Installer (on USB Memstick) for the Platform, and Serial for the console.
  2. Using diskutil list find your usb device. In the below example, I have inserted a 16GB USB drive.
  3. In the above output, you can see that my usb drive is at /dev/disk4. We need to unmount disk4s1 however before we can write to the device.
  4. We can now dd our pfSense install image to our thumb drive. Note that instead of using /dev/disk4. We are using /dev/rdisk4. In short /dev/rdisk will allow more direct access to the USB device and thus much better performance for writing our image.
  5. Plugin your USB to Serial Adapter, and connect the serial cable to the adapter and to the serial port on the pfSense box.
  6. Plugin your USB drive that has the pfSense image into the pfSense box.
  7. From terminal run ioreg -c IOSerialBSDClient | grep usb which show your usb to serial cable connected. If it doesnt, check that you don’t need special drivers installed.
  8. The output from the above command should show you an IODialinDevice such as /dev/tty.usbserial
  9. In Terminal run the following to attach to the console device
  10. Connect the power cord to the pfSense box.
  11. After a minute or two the device should boot and you can start configuring the device following this guide here.
  12. Port mapping is from left to right. re0, re1, re2 respectively.

Connecting a chromecast to a wireless network that has a captive portal

In September I rented a large house in the Poconos that to my surprise required users to go through a captive portal before being able to access the internet. This is certainly common in hotel networks, and these days most consumer routers even offer this functionality although in my experience its rare to see it utilized. I’d say of the 3-4 dozen houses we have rented i’ve seen it maybe 2 or three times. Regardless, one thing I love to always have in my backpack is a spare chromecast as its great for streaming media from plex or netflix while on the go.

One thing that became immediately apparent was that the chromecast lacks the ability for the user to provide any type of input so if you run into a captive portal your out of luck. However there are a couple of ways to make this work. First, I would not recommend following the below steps to get your chromecast working if you are on a hotel network. While it will work (although they may restrict certain kinds of traffic) you open yourself up to having any other user also connected to the network. Most likely someone would start playing something random and screw with you. For this though there is still a solution. Look into getting a travel router. This would also easily work for the scenario above as well.

However, if you dont want to spend any coin and happen to have a *nix laptop handy theres an easy way to make this work. Temporarily spoof your chromecast’s MAC address on your laptop, auth with the captive portal, turn wifi off, reset your MAC back to factory setting, and use your phone to join the chromecast to the network.

I’ll show you how to do this for OS X.

First, record your current MAC Address by typing the following:

Copy ether 3c:15:c2:b8:ad:be to your notepad

in terminal, type the following:

This will change your MAC address. Then run the following commands

Now, reconnect to the wifi network, and auth with the captive portal

Once thats done, turn off your wifi card again and use your phone to go through the normal setup to put a chromecast on the network. This time it should properly connect.

Run the following to reset your MAC address to its original

All done!