Being responsible for managing all the critical ICT infrastructure at Simple Hardware, one day I went for the upgrade of Asus RT-AC68U running vanilla Asus firmware. I decided for the upgrade because the router behaved sometimes in a really strange manner. WAN interface was marked as down anyway the VPN was up an running. Which is a contradiction. Long story short, the Asus got bricked with the official firmware upgrade done in an official upgrade your firmware button press. No ping. All interfaces down.
With this fact the long awaited opportunity to upgrade the heart of the network infrastructure to something more enterprise grade suddenly summoned. Based on some research we decided to setup and run a PC Engines apu2e4 Internet gateway & router board. The following specifications persuaded us, that it will be capable of serving our needs:
- AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache, 28 nm process technology
- 4 GB of DDR3-1333 DRAM
- 3x Gigabit Ethernet channels with Intel i210AT
- 2x miniPCI express one with SIM socket
- 2x USB 3.0 ports
- DB9 serial port
- 152.4 x 152.4 mm (6 x 6"), passively cooled with conductive cooling from the CPU to the enclosure
- 6 to 12W consumption depending on CPU load
- Open-source coreboot firmware
The best about this Internet gateway & router board from PC Engines is the fact that you can buy all you need for around 167 EUR or an equivalent of 200 USD. See the bill of material we used for our configuration:
| Item | Manufacturer | Supplier | Price |
|---|---|---|---|
| PC Engines System Board apu2e4 | pcengines.ch | i4wifi.cz | 3563 CZK |
| PC Engines Aluminum Enclosure case1d2u | pcengines.ch | i4wifi.cz | 333 CZK |
| 12V / 2A AC-DC Adapter with Euro Plug | pcengines.ch | i4wifi.cz | 178 CZK |
| Kingston Industrial Micro SDHC 16GB Class 10 UHS-I with SD Adapter | kingston.com | czc.cz | 449 CZK |
| Axagon USB to Serial Adapter ADS-1PS | axagon.eu | czc.cz | 199 CZK |
| PremiumCord Data Cable Laplink 9F-9F | premiumcord.cz | krup.cz | 82 CZK |
For our production facility the highly critical replacement device was on my table the same day the Asus died. All parts were on stock, available immediately. This fact was also one of our decision points for PC Engines APU board. After some fight using the standard USB TTL Serial cable I have at home it quickly drove for the Axagon USB to Serial Adapter ADS-1PS and a PremiumCord Data Cable Laplink 9F-9F. With this recommended serial link setup the second boot of the open-source BIOS replacement went just smooth. Following:
so basically inserting the SDHC to the card reader slot on my computer. Running the following commands:
cd ~/downloads
wget https://frafiles.pfsense.org/mirror/downloads/pfSense-CE-2.4.5-RELEASE-p1-amd64.iso.gz
gzip -d ~/downloads/pfSense-CE-memstick-serial-2.4.5-RELEASE-p1-amd64.img.gz
sudo dd if=/dev/zero of=/dev/sda bs=1M count=1
sudo dd if=pfSense-CE-memstick-serial-2.4.5-RELEASE-p1-amd64.img of=/dev/sda bs=4M
and then inserting the SDHC in the SDHC > SD adapter back to the SD PC Engines APU board card slot I got the pfSense up and running. Being able to configure it first via the serial console with screen /dev/ttyUSB0 and then with the web interface.
Later on I spent few hours configuring the firewall, DNS, DHCP, VPN, etc. on the pfSense for our needs. The next day after the Asus router firmware upgrade failure, we had the production network infrastructure again in the best shape. I can say that we have it now in much better shape than with the stock vanilla firmware on consumer grade Asus device.
Follow the article How to fine-tune pfSense for 1Gbit throughput on APU2/APU3/APU4 1
PC Engines APU Platform
Added on the 2021-06-22 ↩︎