Getting FreeBSD installed on the Soekris net5501

The Net5501 is an x86 based computer with decent hardware for your LAN/WAN. In my case, I needed to setup a FreeBSD based OpenVPN server. I had a vanilla net5501 with a SanDisk SDCFH2-004G HDX 4.32 4GB CF Card,.
The general installation plan was to either use PXE booting or writing to a CF card. PXE booting works like a charm with Debian, FreeBSD is another beast though. Googling abit on the Internets, I landed on Barry's page and idea of using a VM with a CF as the install target. Worked like charm.

Aside:

It's a good idea to dd your CF card image and store it for future installations/clones. You can restore this image using a command such as:

dd if=/path/to/freebsd_3919MB_SanDisk-SDCFH2-004G_HDX_4.32.dd.bz2 of=/dev/sdd

Installation:

Download the relevant freeBSD ISO

Download KVM

Configure a VM to boot off the FreeBSD ISO and the storage medium to be your compact flash card (/dev/sdx).

Install FreeBSD as usual

After installation, boot into your brand new FreeBSD

Adjust your /etct/rc.conf for Soekris network cards (sis instead of KVM's ed)

ifconfig_vr0="inet 196.1.0.129 netmask 255.255.255.192 up"

ifconfig_vr1="DHCP"

Enable a console on the serial port in /etc/ttys by editing the ttyu0 line:

ttyu0 "/usr/libexec/getty std.9600" vt100 on secure

Lastly, add the following lines to /boot/loader.conf:

comconsole_speed="9600"

console="comconsole"

Kernel compile

Install Kernel source via NFS. Please refer to the FreeBSD handbook

Create a kernel config directory

mkdir /root/kernels

Start a new kernel by editing a copy of GENERIC

cp /usr/src/sys/i386/conf/GENERIC /root/kernels/SOEKRIS.KERNEL

ln -s /usr/src/sys/i386/conf/SOEKRIS.KERNEL /root/kernels/SOEKRIS.KERNEL

Sample Config (geared for an openvpn box)

cat /root/kernels/SOEKRIS.KERNEL

#

# GENERIC -- Generic kernel configuration file for FreeBSD/i386

#

# For more information on this file, please read the config(5) manual page,

# and/or the handbook section on Kernel Configuration Files:

#

# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html

#

# The handbook is also available locally in /usr/share/doc/handbook

# if you've installed the doc distribution, otherwise always see the

# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the

# latest information.

#

# An exhaustive list of options and more detailed explanations of the

# device lines is also present in the ../../conf/NOTES and NOTES files.

# If you are in doubt as to the purpose or necessity of a line, check first

# in NOTES.

#

# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.519.2.4.2.2 2009/11/09 23:48:01 kensmith Exp $

#cpu I486_CPU

cpu I586_CPU

#cpu I686_CPU

ident SOEKRIS

#Soekris Specific

#From http://wiki.soekris.info/Installing_FreeBSD

options CPU_SOEKRIS

options CPU_ELAN

options CPU_ELAN_PPS

options CPU_ELAN_XTAL=32768000

options CPU_GEODE

#CARP

device carp

# To statically compile in device wiring instead of /boot/device.hints

#hints "GENERIC.hints" # Default places to look for devices.

# Use the following to compile in values accessible to the kernel

# through getenv() (or kenv(1) in userland). The format of the file

# is 'variable=value', see kenv(1)

#

# env "GENERIC.env"

makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols

options SCHED_ULE # ULE scheduler

options PREEMPTION # Enable kernel thread preemption

options INET # InterNETworking

options INET6 # IPv6 communications protocols

options SCTP # Stream Control Transmission Protocol

options FFS # Berkeley Fast Filesystem

options SOFTUPDATES # Enable FFS soft updates support

options UFS_ACL # Support for access control lists

#options UFS_DIRHASH # Improve performance on big directories

options UFS_GJOURNAL # Enable gjournal-based UFS journaling

options MD_ROOT # MD is a potential root device

options NFSCLIENT # Network Filesystem Client

#options NFSSERVER # Network Filesystem Server

options NFSLOCKD # Network Lock Manager

options NFS_ROOT # NFS usable as /, requires NFSCLIENT

#options MSDOSFS # MSDOS Filesystem

#options CD9660 # ISO 9660 Filesystem

options PROCFS # Process filesystem (requires PSEUDOFS)

options PSEUDOFS # Pseudo-filesystem framework

#options GEOM_PART_GPT # GUID Partition Tables.

options GEOM_LABEL # Provides labelization

options COMPAT_43TTY # BSD 4.3 TTY compat (sgtty)

options COMPAT_FREEBSD4 # Compatible with FreeBSD4

options COMPAT_FREEBSD5 # Compatible with FreeBSD5

options COMPAT_FREEBSD6 # Compatible with FreeBSD6

options COMPAT_FREEBSD7 # Compatible with FreeBSD7

#options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI

options KTRACE # ktrace(1) support

options STACK # stack(9) support

options SYSVSHM # SYSV-style shared memory

options SYSVMSG # SYSV-style message queues

options SYSVSEM # SYSV-style semaphores

options P1003_1B_SEMAPHORES # POSIX-style semaphores

options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions

options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.

options KBD_INSTALL_CDEV # install a CDEV entry in /dev

options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)

options AUDIT # Security event auditing

options MAC # TrustedBSD MAC Framework

options FLOWTABLE # per-cpu routing cache

#options KDTRACE_HOOKS # Kernel DTrace hooks

# To make an SMP kernel, the next two lines are needed

options SMP # Symmetric MultiProcessor Kernel

device apic # I/O APIC

# CPU frequency control

device cpufreq

# Bus support.

device acpi

device eisa

device pci

# Floppy drives

#device fdc

# ATA and ATAPI devices

device ata

device atadisk # ATA disk drives

#device ataraid # ATA RAID drives

#device atapicd # ATAPI CDROM drives

#device atapifd # ATAPI floppy drives

#device atapist # ATAPI tape drives

options ATA_STATIC_ID # Static device numbering

# SCSI Controllers

#device ahb # EISA AHA1742 family

#device ahc # AHA2940 and onboard AIC7xxx devices

#options AHC_REG_PRETTY_PRINT # Print register bitfields in debug

# output. Adds ~128k to driver.

#device ahd # AHA39320/29320 and onboard AIC79xx devices

#options AHD_REG_PRETTY_PRINT # Print register bitfields in debug

# output. Adds ~215k to driver.

#device amd # AMD 53C974 (Tekram DC-390(T))

#device hptiop # Highpoint RocketRaid 3xxx series

#device isp # Qlogic family

#device ispfw # Firmware for QLogic HBAs- normally a module

#device mpt # LSI-Logic MPT-Fusion

#device ncr # NCR/Symbios Logic

#device sym # NCR/Symbios Logic (newer chipsets + those of `ncr')

#device trm # Tekram DC395U/UW/F DC315U adapters

#device adv # Advansys SCSI adapters

#device adw # Advansys wide SCSI adapters

#device aha # Adaptec 154x SCSI adapters

#device aic # Adaptec 15[012]x SCSI adapters, AIC-6[23]60.

#device bt # Buslogic/Mylex MultiMaster SCSI adapters

#device ncv # NCR 53C500

#device nsp # Workbit Ninja SCSI-3

#device stg # TMC 18C30/18C50

# SCSI peripherals

device scbus # SCSI bus (required for SCSI)

#device ch # SCSI media changers

device da # Direct Access (disks)

#device sa # Sequential Access (tape etc)

#device cd # CD

#device pass # Passthrough device (direct SCSI access)

#device ses # SCSI Environmental Services (and SAF-TE)

# RAID controllers interfaced to the SCSI subsystem

#device amr # AMI MegaRAID

#device arcmsr # Areca SATA II RAID

#device asr # DPT SmartRAID V, VI and Adaptec SCSI RAID

#device ciss # Compaq Smart RAID 5*

#device dpt # DPT Smartcache III, IV - See NOTES for options

#device hptmv # Highpoint RocketRAID 182x

#device hptrr # Highpoint RocketRAID 17xx, 22xx, 23xx, 25xx

#device iir # Intel Integrated RAID

#device ips # IBM (Adaptec) ServeRAID

#device mly # Mylex AcceleRAID/eXtremeRAID

#device twa # 3ware 9000 series PATA/SATA RAID

# RAID controllers

#device aac # Adaptec FSA RAID

#device aacp # SCSI passthrough for aac (requires CAM)

#device ida # Compaq Smart RAID

#device mfi # LSI MegaRAID SAS

#device mlx # Mylex DAC960 family

#device pst # Promise Supertrak SX6000

#device twe # 3ware ATA RAID

# atkbdc0 controls both the keyboard and the PS/2 mouse

#device atkbdc # AT keyboard controller

#device atkbd # AT keyboard

#device psm # PS/2 mouse

#device kbdmux # keyboard multiplexer

#device vga # VGA video card driver

#device splash # Splash screen and screen saver support

# syscons is the default console driver, resembling an SCO console

#device sc

#device agp # support several AGP chipsets

# Power management support (see NOTES for more options)

#device apm

# Add suspend/resume support for the i8254.

device pmtimer

# PCCARD (PCMCIA) support

# PCMCIA and cardbus bridge support

#device cbb # cardbus (yenta) bridge

#device pccard # PC Card (16-bit) bus

#device cardbus # CardBus (32-bit) bus

# Serial (COM) ports

device uart # Generic UART driver

# Parallel port

#device ppc

#device ppbus # Parallel port bus (required)

#device lpt # Printer

#device plip # TCP/IP over parallel

#device ppi # Parallel port interface device

#device vpo # Requires scbus and da

# If you've got a "dumb" serial or parallel PCI card that is

# supported by the puc(4) glue driver, uncomment the following

# line to enable it (connects to sio, uart and/or ppc drivers):

#device puc

# PCI Ethernet NICs.

#device de # DEC/Intel DC21x4x (``Tulip'')

#device em # Intel PRO/1000 Gigabit Ethernet Family

#device igb # Intel PRO/1000 PCIE Server Gigabit Family

#device ixgb # Intel PRO/10GbE Ethernet Card

#device le # AMD Am7900 LANCE and Am79C9xx PCnet

#device ti # Alteon Networks Tigon I/II gigabit Ethernet

#device txp # 3Com 3cR990 (``Typhoon'')

#device vx # 3Com 3c590, 3c595 (``Vortex'')

# PCI Ethernet NICs that use the common MII bus controller code.

# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!

device miibus # MII bus support

#device ae # Attansic/Atheros L2 FastEthernet

#device age # Attansic/Atheros L1 Gigabit Ethernet

#device alc # Atheros AR8131/AR8132 Ethernet

#device ale # Atheros AR8121/AR8113/AR8114 Ethernet

#device bce # Broadcom BCM5706/BCM5708 Gigabit Ethernet

#device bfe # Broadcom BCM440x 10/100 Ethernet

#device bge # Broadcom BCM570xx Gigabit Ethernet

#device dc # DEC/Intel 21143 and various workalikes

#device et # Agere ET1310 10/100/Gigabit Ethernet

#device fxp # Intel EtherExpress PRO/100B (82557, 82558)

#device jme # JMicron JMC250 Gigabit/JMC260 Fast Ethernet

#device lge # Level 1 LXT1001 gigabit Ethernet

#device msk # Marvell/SysKonnect Yukon II Gigabit Ethernet

#device nfe # nVidia nForce MCP on-board Ethernet

#device nge # NatSemi DP83820 gigabit Ethernet

#device nve # nVidia nForce MCP on-board Ethernet Networking

#device pcn # AMD Am79C97x PCI 10/100 (precedence over 'le')

#device re # RealTek 8139C+/8169/8169S/8110S

#device rl # RealTek 8129/8139

#device sf # Adaptec AIC-6915 (``Starfire'')

#device sis # Silicon Integrated Systems SiS 900/SiS 7016

#device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet

#device ste # Sundance ST201 (D-Link DFE-550TX)

#device stge # Sundance/Tamarack TC9021 gigabit Ethernet

#device tl # Texas Instruments ThunderLAN

#device tx # SMC EtherPower II (83c170 ``EPIC'')

#device vge # VIA VT612x gigabit Ethernet

device vr # VIA Rhine, Rhine II

#device wb # Winbond W89C840F

#device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')

# ISA Ethernet NICs. pccard NICs included.

device cs # Crystal Semiconductor CS89x0 NIC

# 'device ed' requires 'device miibus'

#device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards

#device ex # Intel EtherExpress Pro/10 and Pro/10+

#device ep # Etherlink III based cards

#device fe # Fujitsu MB8696x based cards

#device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc.

#device sn # SMC's 9000 series of Ethernet chips

#device xe # Xircom pccard Ethernet

# Wireless NIC cards

#device wlan # 802.11 support

#options IEEE80211_DEBUG # enable debug msgs

#options IEEE80211_AMPDU_AGE # age frames in AMPDU reorder q's

#options IEEE80211_SUPPORT_MESH # enable 802.11s draft support

#device wlan_wep # 802.11 WEP support

#device wlan_ccmp # 802.11 CCMP support

#device wlan_tkip # 802.11 TKIP support

#device wlan_amrr # AMRR transmit rate control algorithm

#device an # Aironet 4500/4800 802.11 wireless NICs.

#device ath # Atheros pci/cardbus NIC's

#device ath_hal # pci/cardbus chip support

#options AH_SUPPORT_AR5416 # enable AR5416 tx/rx descriptors

#device ath_rate_sample # SampleRate tx rate control for ath

#device ral # Ralink Technology RT2500 wireless NICs.

#device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs.

##device wl # Older non 802.11 Wavelan wireless NIC.

# Pseudo devices.

device loop # Network loopback

device random # Entropy device

device ether # Ethernet support

device tun # Packet tunnel.

device pty # BSD-style compatibility pseudo ttys

device md # Memory "disks"

device gif # IPv6 and IPv4 tunneling

device faith # IPv6-to-IPv4 relaying (translation)

device firmware # firmware assist module

# The `bpf' device enables the Berkeley Packet Filter.

# Be aware of the administrative consequences of enabling this!

# Note that 'bpf' is required for DHCP.

device bpf # Berkeley packet filter

# USB support

device uhci # UHCI PCI->USB interface

device ohci # OHCI PCI->USB interface

device ehci # EHCI PCI->USB interface (USB 2.0)

device usb # USB Bus (required)

#device udbp # USB Double Bulk Pipe devices

#device uhid # "Human Interface Devices"

#device ukbd # Keyboard

#device ulpt # Printer

device umass # Disks/Mass storage - Requires scbus and da

#device ums # Mouse

#device rum # Ralink Technology RT2501USB wireless NICs

#device ural # Ralink Technology RT2500USB wireless NICs

#device uath # Atheros AR5523 wireless NICs

#device zyd # ZyDAS zb1211/zb1211b wireless NICs

#device urio # Diamond Rio 500 MP3 player

# USB Serial devices

#device u3g # USB-based 3G modems (Option, Huawei, Sierra)

#device uark # Technologies ARK3116 based serial adapters

#device ubsa # Belkin F5U103 and compatible serial adapters

#device uftdi # For FTDI usb serial adapters

#device uipaq # Some WinCE based devices

#device uplcom # Prolific PL-2303 serial adapters

#device uslcom # SI Labs CP2101/CP2102 serial adapters

#device uvisor # Visor and Palm devices

#device uvscom # USB serial support for DDI pocket's PHS

# USB Ethernet, requires miibus

#device aue # ADMtek USB Ethernet

#device axe # ASIX Electronics USB Ethernet

#device cdce # Generic USB over Ethernet

#device cue # CATC USB Ethernet

#device kue # Kawasaki LSI USB Ethernet

#device rue # RealTek RTL8150 USB Ethernet

#device udav # Davicom DM9601E USB

# FireWire support

#device firewire # FireWire bus code

#device sbp # SCSI over FireWire (Requires scbus and da)

#device fwe # Ethernet over FireWire (non-standard!)

#device fwip # IP over FireWire (RFC 2734,3146)

#device dcons # Dumb console driver

#device dcons_crom # Configuration ROM for dcons

Compile

mkdir -p /usr/src/sys/compile/SOEKRIS.KERNEL

/usr/sbin/config SOEKRIS.KERNEL

cd ../compile/SOEKRIS.KERNEL/

make depend && make

make install

reboot

Remember to put some decent variables into rc.conf

# cat /etc/rc.conf

# -- sysinstall generated deltas -- # Fri Feb 5 12:47:29 2010

# Created: Fri Feb 5 12:47:29 2010

# Enable network daemons for user convenience.

# Please make all changes to this file, not to /etc/defaults/rc.conf.

# This file now contains just the overrides from /etc/defaults/rc.conf.

hostname=vpn.example.net

gateway_enable="YES"

inetd_enable="NO"

keymap="us.iso"

moused_enable="YES"

sshd_enable="YES"

ipv6_enable="YES"

ifconfig_vr0="inet 1.2.3.129 netmask 255.255.255.192 up"

ifconfig_vr1="DHCP"

#Add ons

fsck_y_enable="YES"

background_fsck="NO"

#Added manually to enable firewalling

#Be aware that this allows the subnet to access the box

#firewall_enable="YES"

#firewall_type="client"

#firewall_logging="YES"

#Start SNMPD

#

#snmpd_enable="YES"

#snmpd_flags="-a"

#snmpd_conffile="/etc/snmp/snmpd.conf"

#snmptrapd_enable="YES"

#snmptrapd_flags=" -u snmp -a -p /var/run/snmptrapd.pid"