Want pfSense 1.2 installed on PC Engines ALIX.2c3 platform to for home router duty and provisioning of a Polycom IP430 phone. The former is trivial, the latter requires some minor abuse.
Setting DHCP Option-66 for Polycom Phone
Cannot use pfSense next-server option, as this cannot handle a string (e.g. URL). Need to manually specify the necessary option to send to Polycom phone. pfSense 1.2-RC5 has dhcpd version is “isc-dhcp-V3.0.5″
We want something like this in /var/dhcpd/etc/dhcpd.conf
if exists dhcp-parameter-request-list {
# Always send the option-66 (next-server), specified in hex
option dhcp-parameter-request-list = concat(option dhcp-parameter-request-list,42);
}
option next-server code 66 = text;
option next-server "http://gw1.local/mnt/da0/polycom/";
- Inspirational DHCP option request list extension seen at http://syslinux.zytor.com/pxe.php
Settle for abusing the next-server configuration by injecting some additional configuration statements using next-server in dhcpd.conf
192.168.2.1;}
option next-server code 66 = text;
option next-server "http://gw1.local/mnt/da0/polycom/";
subnet 127.0.0.0 netmask 255.255.255.0 {
option ntp-servers 127.0.0.1
Ensure the filename parameter is not blank (value is not important). This results in
subnet 192.168.2.0 netmask 255.255.255.0 {
pool {
range 192.168.2.129 192.168.2.254;
}
option routers 192.168.2.1;
option domain-name-servers 192.168.2.1;
option ntp-servers 192.168.2.1;
next-server 192.168.2.1;} option next-server code 66 = text; option next-server "http://gw1.local/mnt/da0/polycom/"; subnet 127.0.0.0 netmask 255.255.255.0 { option
ntp-servers 127.0.0.1;
filename "must_not_be_blank";
}
This only works because there are no scope options set after next-server that we care about (e.g. the filename option is not even in the correct scope). Obviously it would be better if pfSense provided direct support for custom DHCP options.
Distribute Phone Config via HTTP
Want to provide firmware and configuration files through the pfSense HTTPD (lighttpd). pfSense includes filesystem support for FAT, so this is trivial.
- Following config.xml chunk mounts first USB disk under /var/mnt/da0.and runs autorun.sh script, if present. Place shellcmd element in pfsense->system
test -c /dev/da0 && test -z "`mount | grep /dev/da0`" && mkdir -p /var/mnt/da0 && mount -t msdosfs -o ro /dev/da0 /var/mnt/da0 && logger -t shellcmd "Mounted /dev/da0 on /var/mnt/da0" test -x /var/mnt/da0/autorun.sh && logger -t shellcmd "Executing /var/mnt/da0/autorun.sh" && . /var/mnt/da0/autorun.sh
- Script to copy contents of /usr/local/www to a RAM disk and add a symlink to the mounted USB disk. The alternative is remastering the pfSense loopback filesystem (called autorun.sh)
#!/bin/sh # This is a rough shell script to copy the pfSense Web UI contents to a ram # disk and add a symlink to the mounted flash drive mounted under /var/mnt/da0 # # This is necessary for pfSense 1.2 embedded as /usr/local/www is mounted # read-only, making it impossible to add the symlink without replicating or # moving the entire tree under /usr/local/www. For pfSense 1.2-RC5 the size of # this data are less than 6MB and the ALIX platform has 256MB of ram, so the # trade is acceptable. # # If the size of the Web UI grows it may be necessary to use fixed storage or # remaster the root loopback file to include the link # WEBROOT=/usr/local/www MD_NUM=10 MD_DEV=/dev/md$MD_NUM # if ram disk is larger than kernel max heap size then system will panic # only after available heap is consumed. Use -o reserve to ensure size # is not larger than available heap space (pre-allocates requested size) mdconfig -a -t malloc -s 16m -u $MD_NUM -o compress # format and mount ram disk newfs -O 2 -o space -n $MD_DEV mount $MD_DEV /mnt # copy should fail if insufficient space is available cp -R $WEBROOT/* /mnt/ && ( # add symlink to flash drive (this is the point of this script) mkdir /mnt/mnt ln -s /var/mnt/da0 /mnt/mnt/ umount /mnt # if user upgrades system there will be issues, mounting ram disk # read-only should bring these issue to light before too many bad # things happen mount -o ro $MD_DEV $WEBROOT logger -t autorun.sh "Mounted $MD_DEV on /usr/local/www" ) && return # reaching this point implies that copy failed (likely due to insufficient # ram disk size), so clean up and terminate umount /mnt && mdconfig -d -u 10
0 Responses to “pfSense 1.2 on ALIX”