An update here:

I started everything from scratch, I’ve flashed the card with the vanilla opnSense 22.1.6. I’ve booted my rockpi, but now I did not restore the previous config, to see if this is really breaking the interfaces. So, the first boot, was showing the same behavior, the LAN was assigned and working correctly, but the LAN not. So, I tried to re-assign the interfaces, but after the reassignment, the result was the same. Here is what I saw:

For some reason, it does not want to assign the WAN. Any idea, what could be the problem here?

I recommend using the WEB interface to configure the device.
Updating subversions is also easily done through the WEB interface.
Upgrading from version 21 to 22 is a big step as we move from HBSD to FreeBSD.
I don’t have usage statistics yet.
But I think that a simple upgrade from 21.7.6 to 22.1.6 through the WEB interface should be successful. Since you had 21.7.5 - it’s hard for me to predict the result.

The web interface shows, that WAN is assigned, but the console shows it is not. Also the dashboard shows it is not connected. What is also strange, the WAN port (on the device) is not showing any activity, the leds are not blinking, like when it would not be connected. I think, somehow the OS did not recognize it correctly.
When I check the ifconfig, it is saying no carrier.

And why you think, that the update will work if the vanilla install was not? I’ll try, but frankly I don’t believe … To do the update, I need to select the OpnSense for aarch64, right?

Great, the in-place upgrade worked! Thanks! Now I understand, why you thought it will work; the OS is the key as in this case was not updated.

Thanks a lot for your help guys!

Hi guys,

Should the USB port (type A) working on RockPi with the opnSense image? I’ve connected an UPS which was working on my RPI and it seems, that rockpi does not recognize the device.

@SleepWalker leepWalker @spikerguy do you have any thoughts on the above issue? Would be very good if I could use my opnsense as nuts master

Thanks!

Must work.
You can check for USB FLASH?

Hello,

I’m stuck with the new version of the ROCK PI E with the RTL8211F PHY chip.
I can’t get it work correctly, the bandwith suck and there is massive packet loss.
I updated the DTB to integrate the patch for RTL8211F timing (delay, tx and rx) (dtb missing by the way in the 22.1.9) but U-boot still use the old values and even I modify the FDT in U-boot console, the result is the same. The interface is not usable as is.

I assume I must update the bootaa64.efi file but despite my research, I don’t know how.
Could someone help me plz.
Thx.

The easiest way to substitute custom dtb is to substitute it for Mainline u-boot.

To do this, it must be written to the efi partition in the dtb/rockchip directory. For example so.
xzcat -T0 OPNsense-22.1.9-OpenSSL-aarch64-Rock-Pi-E-20220626.img.xz > rock-pi-e.img

mdconfig rock-pi-e.img
mount_msdosfs /dev/md0p1 /mnt
cp rk3328-rock-pi-e.dtb /mnt/dtb/rockchip/rk3328-rock-pi-e.dtb
sync; sync
umount /mnt
mdconfig -d -u 0

But it is better to test not on OPNsense but on FreeBSD.
You can see low Ethernet speed in OPNsense because the traffic is going through a packet filter and since it is single threaded you see low speed.
Test on FreeBSD.

I succeeded to load the right dtb with freebsd R13 but can’t run iperf3 to test bandwith.

root@rock-pi-e:~ # iperf3 -c 192.168.0.27
ld-elf.so.1: /lib/libc.so.7: version FBSD_1.7 required by /usr/local/lib/libiperf.so.0 not found

Thx

Hi @Feji

I recommend using this image

https://download.freebsd.org/releases/ISO-IMAGES/13.1/FreeBSD-13.1-RELEASE-arm64-aarch64-ROCKPRO64.img.xz

my u-boot
https://pkg.personalbsd.org/FreeBSD:13:aarch64-default/All/u-boot-rock-pi-e-2020.07.pkg

and your dtb file

Hi,

Thx for your concern.

I tried four distro and the only one with expected performance is the debian from Raxda.
The other : openwrt, opnsense and freebsd give nearly the same result, with the good dtb.
A driver issue may be ?
Cheers.

################################################
rockpie_debian_buster_server_arm64_20210824_0255-gpt

***1GB interface
rock@rockpie:/$ iperf3 -c 192.168.0.27
Connecting to host 192.168.0.27, port 5201
[ 5] local 192.168.0.33 port 52030 connected to 192.168.0.27 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 106 MBytes 884 Mbits/sec 0 221 KBytes
[ 5] 1.00-2.00 sec 108 MBytes 905 Mbits/sec 0 221 KBytes
[ 5] 2.00-3.00 sec 113 MBytes 949 Mbits/sec 0 221 KBytes
[ 5] 3.00-4.00 sec 112 MBytes 941 Mbits/sec 0 221 KBytes
[ 5] 4.00-5.00 sec 113 MBytes 944 Mbits/sec 0 221 KBytes
[ 5] 5.00-6.00 sec 113 MBytes 946 Mbits/sec 0 221 KBytes
[ 5] 6.00-7.00 sec 113 MBytes 949 Mbits/sec 0 221 KBytes
[ 5] 7.00-8.00 sec 112 MBytes 944 Mbits/sec 0 221 KBytes
[ 5] 8.00-9.00 sec 113 MBytes 947 Mbits/sec 0 221 KBytes
[ 5] 9.00-10.00 sec 113 MBytes 947 Mbits/sec 0 221 KBytes

---

[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 1.09 GBytes 935 Mbits/sec 0 sender
[ 5] 0.00-10.00 sec 1.09 GBytes 934 Mbits/sec receiver
iperf Done.

################################################
openwrt-rockchip-armv8-radxa_rock-pi-e-squashfs-sysupgrade

***1GB interface
root@OpenWrt:/# iperf3 -c 192.168.0.27
Connecting to host 192.168.0.27, port 5201
[ 5] local 192.168.0.36 port 39754 connected to 192.168.0.27 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 43.2 MBytes 362 Mbits/sec 39 35.6 KBytes
[ 5] 1.00-2.00 sec 42.9 MBytes 360 Mbits/sec 29 44.2 KBytes
[ 5] 2.00-3.00 sec 43.1 MBytes 360 Mbits/sec 30 148 KBytes
[ 5] 3.00-4.00 sec 40.6 MBytes 341 Mbits/sec 21 37.1 KBytes
[ 5] 4.00-5.00 sec 3.95 MBytes 33.1 Mbits/sec 2 117 KBytes
[ 5] 5.00-6.00 sec 78.0 MBytes 655 Mbits/sec 46 32.8 KBytes
[ 5] 6.00-7.00 sec 47.9 MBytes 402 Mbits/sec 30 64.2 KBytes
[ 5] 7.00-8.00 sec 78.4 MBytes 657 Mbits/sec 46 32.8 KBytes
[ 5] 8.00-9.00 sec 62.4 MBytes 522 Mbits/sec 39 81.3 KBytes
[ 5] 9.00-10.00 sec 56.2 MBytes 473 Mbits/sec 36 42.8 KBytes

---

[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 497 MBytes 417 Mbits/sec 318 sender
[ 5] 0.00-10.00 sec 495 MBytes 416 Mbits/sec receiver
iperf Done.

################################################
FreeBSD-13.1-RELEASE-arm64-aarch64-ROCKPRO64

***1GB interface
root@generic:~ # iperf3 -c 192.168.0.27
Connecting to host 192.168.0.27, port 5201
[ 5] local 192.168.0.29 port 64345 connected to 192.168.0.27 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 60.6 MBytes 508 Mbits/sec 22 128 KBytes
[ 5] 1.00-2.00 sec 64.8 MBytes 543 Mbits/sec 7 153 KBytes
[ 5] 2.00-3.00 sec 43.8 MBytes 368 Mbits/sec 92 164 KBytes
[ 5] 3.00-4.01 sec 70.3 MBytes 583 Mbits/sec 4 140 KBytes
[ 5] 4.01-5.00 sec 55.1 MBytes 468 Mbits/sec 48 125 KBytes
[ 5] 5.00-6.00 sec 82.8 MBytes 692 Mbits/sec 5 75.6 KBytes
[ 5] 6.00-7.00 sec 62.5 MBytes 526 Mbits/sec 22 24.2 KBytes
[ 5] 7.00-8.00 sec 89.8 KBytes 734 Kbits/sec 4 2.85 KBytes
[ 5] 8.00-9.00 sec 69.9 KBytes 572 Kbits/sec 4 8.55 KBytes
[ 5] 9.00-10.00 sec 38.5 KBytes 316 Kbits/sec 4 5.70 KBytes

---

[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 440 MBytes 369 Mbits/sec 212 sender
[ 5] 0.00-10.00 sec 440 MBytes 369 Mbits/sec receiver
iperf Done.

################################################
OPNsense-22.1.9-OpenSSL-aarch64-Rock-Pi-E-20220626

***1GB interface
root@OPNsense:~ # iperf3 -c 192.168.0.27
Connecting to host 192.168.0.27, port 5201
[ 5] local 192.168.0.29 port 53771 connected to 192.168.0.27 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 88.2 MBytes 740 Mbits/sec 18 208 KBytes
[ 5] 1.00-2.00 sec 87.0 MBytes 731 Mbits/sec 16 207 KBytes
[ 5] 2.00-3.01 sec 31.3 MBytes 260 Mbits/sec 11 5.70 KBytes
[ 5] 3.01-4.00 sec 27.1 KBytes 224 Kbits/sec 4 2.85 KBytes
[ 5] 4.00-5.00 sec 54.2 KBytes 443 Kbits/sec 4 7.13 KBytes
[ 5] 5.00-6.00 sec 57.0 KBytes 468 Kbits/sec 4 8.55 KBytes
[ 5] 6.00-7.00 sec 52.8 KBytes 431 Kbits/sec 4 7.13 KBytes
[ 5] 7.00-8.01 sec 54.2 KBytes 443 Kbits/sec 4 2.85 KBytes
[ 5] 8.01-9.00 sec 39.9 KBytes 327 Kbits/sec 4 5.70 KBytes
[ 5] 9.00-10.01 sec 11.4 KBytes 92.6 Kbits/sec 3 2.85 KBytes

---

[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.01 sec 207 MBytes 173 Mbits/sec 72 sender
[ 5] 0.00-10.01 sec 206 MBytes 173 Mbits/sec receiver
iperf Done.

The stock FreeBSD image is not tuned for maximum performance.
I think that you need to increase the frequency of the processor to the maximum in order to get the maximum speed.
Use the sysctl command to configure

Examples:

sysctl hw.model

hw.model: ARM Cortex-A53 r0p4

sysctl hw.ncpu

hw.ncpu: 6

dev.cpu.0.freq: 408

sysctl dev.cpu.0.freq_levels

dev.cpu.0.freq_levels: 1416/-1 1200/-1 1008/-1 816/-1 600/-1 408/-1

sysctl hw.temperature.CPU

hw.temperature.CPU: 46.1C

sysctl hw.temperature.GPU

hw.temperature.GPU: 46.7C

Use sysctl dev.cpu.0.freq=1500

Or service powerd onestart

In my opinion, the maximum speed of the dwc driver for RK3399
should be 900-940 Mbit / sec.
For RK3328 a little less.

root@hp:~ # iperf3 -c 192.168.1.110
Connecting to host 192.168.1.110, port 5201
[ 5] local 192.168.1.111 port 23479 connected to 192.168.1.110 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 69.9 MBytes 587 Mbits/sec 0 642 KBytes
[ 5] 1.00-2.00 sec 65.4 MBytes 548 Mbits/sec 0 642 KBytes
[ 5] 2.00-3.00 sec 67.9 MBytes 570 Mbits/sec 0 642 KBytes
[ 5] 3.00-4.00 sec 66.6 MBytes 559 Mbits/sec 0 642 KBytes
[ 5] 4.00-5.00 sec 60.4 MBytes 507 Mbits/sec 0 642 KBytes
[ 5] 5.00-6.00 sec 67.1 MBytes 562 Mbits/sec 0 642 KBytes
[ 5] 6.00-7.00 sec 67.7 MBytes 568 Mbits/sec 0 642 KBytes
[ 5] 7.00-8.00 sec 66.1 MBytes 555 Mbits/sec 0 642 KBytes
[ 5] 8.00-9.00 sec 68.3 MBytes 573 Mbits/sec 0 642 KBytes
[ 5] 9.00-10.00 sec 68.5 MBytes 575 Mbits/sec 0 642 KBytes

[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 668 MBytes 560 Mbits/sec 0 sender
[ 5] 0.00-10.01 sec 667 MBytes 559 Mbits/sec receiver

iperf Done.

Before tuning

root@hp:~ # iperf3 -c 192.168.1.110
Connecting to host 192.168.1.110, port 5201
[ 5] local 192.168.1.111 port 10397 connected to 192.168.1.110 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 113 MBytes 946 Mbits/sec 0 569 KBytes
[ 5] 1.00-2.00 sec 111 MBytes 928 Mbits/sec 0 804 KBytes
[ 5] 2.00-3.00 sec 111 MBytes 931 Mbits/sec 0 985 KBytes
[ 5] 3.00-4.00 sec 111 MBytes 934 Mbits/sec 0 1.11 MBytes
[ 5] 4.00-5.00 sec 110 MBytes 927 Mbits/sec 0 1.24 MBytes
[ 5] 5.00-6.00 sec 111 MBytes 934 Mbits/sec 0 1.36 MBytes
[ 5] 6.00-7.00 sec 110 MBytes 925 Mbits/sec 0 1.41 MBytes
[ 5] 7.00-8.00 sec 111 MBytes 930 Mbits/sec 0 1.41 MBytes
[ 5] 8.00-9.00 sec 111 MBytes 934 Mbits/sec 0 1.41 MBytes
[ 5] 9.00-10.00 sec 111 MBytes 929 Mbits/sec 0 1.41 MBytes

[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 1.08 GBytes 932 Mbits/sec 0 sender
[ 5] 0.00-10.01 sec 1.08 GBytes 930 Mbits/sec receiver

iperf Done.
root@hp:~ #

root@helios:/ # cat /etc/sysctl.conf

$FreeBSD$

This file is read when going to multi-user and its contents piped thru

sysctl'' to adjust kernel values. man 5 sysctl.conf’’ for details.

Uncomment this to prevent users from seeing information about processes that

are being run under another UID.

#security.bsd.see_other_uids=0
vfs.zfs.min_auto_ashift=12

sysctl kern.ipc.maxsockbuf

kern.ipc.maxsockbuf=5242880
kern.ipc.nmbclusters=1310720
kern.ipc.soacceptqueue=4096

sysctl net.inet.udp.recvspace

net.inet.udp.recvspace=4194304

sysctl net.inet.tcp

net.inet.tcp.sendspace=655360
net.inet.tcp.recvspace=655360
net.inet.tcp.sendbuf_max=4194304
net.inet.tcp.sendbuf_inc=1310720
net.inet.tcp.sendbuf_auto=1
net.inet.tcp.recvbuf_max=4194304
net.inet.tcp.recvbuf_auto=1

Hi @SleepWalker,

I’ll try to tune the settings but I doubt about the result IMHO. In your iperf, even if the bandwith is not maxed, there is no retry, in mine there is massive packet loss.

Cheers.

Hello Everyone,

I’m new to the Radxa community and I just bough a Radxa E25, looking to use it as a firewall, either with Opnsense or Openwrt. Unfutunately, the board is not currently supported by either OS, can someone point me in the right direction on how to customize them?

Thanks

Hi @pinky,

The Radxa E25 is the perfect router or firewall device.
Probably you can install OpenWRT on it, sinceit is based on the Linux kernel
and we have a working kernel for this device.

But personally I like OPNsense better.
Since OPNsense is based on FreeBSD, we need to add support for the Rockchip RK3568 SoC.
This work is currently underway multiple committers.
They are carried out in two directions.

1. Adding drivers to the FreeBSD kernel.
2. Creation of Tianocore EDKII UEFI for Radxa E25.

The main task now is to add support for PCIe, then network interfaces will work.
If you want to contribute to the development write me a private message.

Hi, @SleepWalker I try your newest opnsense-image for my rock-pi-e (v1.21) but dwc1 is not recognized. The (WAN, left 100Tx) port is not damaged, other distros works. LEDs are blinking, but no connection.
On Your older opnsense image (21.7) it is vice-versa, the left (WAN) port is working, but LAN is not recognized, but blinking, no connection.

Do You have an idea whats going wrong? Both ethernet ports are connected at start. I use the serial-connection via USB-CF230x, too.

The same problem with the orangepi r1+, I suppose the RK3228 is not very well supported

Thx

Version numbers are always three digits.

The exception is the last one.
Try the latest version.

OPNsense-22.7-OpenSSL-aarch64-Rock-Pi-E-20220825.img.xz

Hi,
v1.21. I buy it because of the nearly same probs with the orangepi, alias xulong r2s.

The orangepi r1+ was working; I use your image for nanopi-r2s and a whatever uboot. Then sd-card runs full, because of some misconfiguration, and after that i was not able to setup the second ethernet port ue0.

I’ll try this image today.thx

Hi,
the good news: both ethernet ports are recognized and setted up at startup.

the badly news: still no connection to opnsense. dwc0 green LED is on, orange not. ping from serial works fine. No dhcp connection over tp-link switch.
I replaced the switch… it connects. dhcp works…dwc0 only orange LED. Still no response from opnsense(?) cat5 changed, but no difference = no web-GUI

Update and ping to web is working over dwc1.

Still has no idea where the error could be…

Check the assignment of the WAN and LAN interfaces.
WEB interface available but https only on LAN port