IPFire 2.27 - Core Update 159 - Raspberry pi 4?

My understanding from previous conversations was that Raspberry Pi 4 was not supported in large part due to the old kernel along with the variety of patches that had been applied. Does the latest update make it possible to use a Raspberry Pi 4 given that the kernel has now been updated?

Thanks,
Craig

RPi4 is supported by the aarch64 image

1 Like

Did I miss that announcement somewhere? Can I assume with the additional power in a Pi 4, I can enable a few of the more costly features like intrusion detection?

Thanks again,
Craig

We have not got any feedback yet so it’s a bit early to announce the support.
I think it is not much tested by other users yet.

I’m not sure if IPS is working because it need a lot of CPU power.
But the Onboard nic is now in the SoC and it has USB3.0

Hey Arne!

I just have some very brief feedback since I just started loading CU159 aarch64 earlier today.

I forgot the change the serial console from on to off.
:face_with_hand_over_mouth:

And it may have caused a bunch of dracut Warnings and threw the RPi4B into the debug shell.

I have no idea if this a problem with the sd card or because I forgot to change the serial console to off.

And since I could not fix it, or reboot or shutdown and get away from dracut, I just re-flashed the same SD Card and tried again. Easy peasy!

So the moral to the story is:

• If using HDMI & USB Keyboard: edit the uENV.txt file and change SERIAL-CONSOLE=ON to OFF

I did a quick speedtest using the pakfire addon and I was pleasantly surprised at the upload/download speeds. I pay for 200Mbit/s by 10 Mbit/s and I saw 192 Mbit/s by 9.4 Mbit/s.
:grinning_face_with_smiling_eyes:

Thank you Arne for your hard work on the new kernel!! I do appreciate it!

I will add more info soon!

EDIT: added another speedtest

[root@ipfireC159RPi4B ~]# speedtest
Retrieving speedtest.net configuration...
Testing from <redacted> Cable (<redactedIP>)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by <redacted>  [36.50 km]: 16.581 ms
Testing download speed................................................................................
Download: 204.96 Mbit/s
Testing upload speed......................................................................................................
Upload: 9.89 Mbit/s


EDIT2: Turning on Intrusion Prevention System (IPS) may be too much for the RPi4B. The speedtest download drops from 200 Mbit/s to 40 Mbit/s with IPS enabled.

Keep in mind I am testing with an older version of the RPi4B with only 1 GB of RAM.

https://fireinfo.ipfire.org/profile/1fd58cbc3c2a56cfde6b39ba9a9d76ee3e7bb38b

Thank you for the clarification. A few more questions if I could…

Will a backup from a Pi 3B+ work fine with the new architecture?

I would be interested in trying to set this up while leaving the current Pi in place on the edge of my network. Does the networking support for the adapter tie to the MAC address? I’m wondering if I can set up with one USB network adapter and then switch to a different after setup? Are there any other gotchas I should consider if I try to do things this way?

Thanks again!
Craig

Also forgot to ask. How much does RAM size impact IPFire?

If you are referring to a IPFire backup you should be fine.

Read through this Wiki article about migration:


I’ve done this a few times and it all works A-OK. You need to run through setup. See the first paragraph in above Wiki.


I don’t know the real answer to this. To me the more options and add-ons you have the more RAM you’ll need.

If you are thinking to double the RAM and suddenly IPS/IDS will start working better I doubt that will help IPS/IDS. The RPi4B is just not powerful enough.

I think the minimum recommended RAM size is 2 GB. But someone else should really answer this question.

If you are just using IPFire as a firewall with no additional options like Web Proxy or IPS turned on then the minimum is 512MB with the recommended being 1GB. However if you turn on IPS them you really need something like 4GB but also with active network adaptors that can do their own processing for throughput combined with firmware that spreads the network load to the adaptors across all available cores in the cpu.

The lack of the latter two items is the usual reason people end up having big reductions in throughput rate when IPS is turned on.

https://wiki.ipfire.org/hardware/requirements

https://wiki.ipfire.org/configuration/firewall/ips/performance-considerations

Thank you. I’m not really having any issues with basic firewalling with a Pi 3b+. I’m interested in enabling IPS, but if a Pi 4b isn’t going to manage that then maybe I’m better off just leaving things as-is.

On a whim, I decided to grab a Pi 4B+ and see how things work. Unfortunately, I’m not having any luck on first boot. I’m using a serial console and I am caught in an infinite U-Boot loop. Does anyone have any suggestions on what might be going on here?

Thanks,
Craig

Please share the link to the file you use. I can give it a try on my RPI.

UPDATE: Tried the latest and found the same

U-Boot 2021.07 (Aug 09 2021 - 09:19:51 +0000) RPi4 - IPFire.org

DRAM:  7.9 GiB
RPI 4 Model B (0xd03114)
MMC:   mmcnr@7e300000: 1, emmc2@7e340000: 0
Loading Environment from FAT... *** Warning - bad CRC, using default environment

In:    serial
Out:   serial
Err:   serial
Net:   eth0: ethernet@7d580000
PCIe BRCM: link up, 5.0 Gbps x1 (SSC)
starting USB...
Bus xhci_pci: probe failed, error -110
No working controllers found
Hit any key to stop autoboot:  0 
switch to partitions #0, OK
mmc0 is current device
Scanning mmc 0:1...
Found U-Boot script /boot.scr
2451 bytes read in 13 ms (183.6 KiB/s)
## Executing script at 02400000
114 bytes read in 6 ms (18.6 KiB/s)
Load uEnv.txt...
...
Set console to ttyAMA0,115200n8
"Synchronous Abort" handler, esr 0x96000004
elr: 00000000000a51b0 lr : 00000000000a51ec (reloc)
elr: 000000003e3761b0 lr : 000000003e3761ec
x0 : 000000003df5e880 x1 : 4e184e174e164e15
x2 : 000000003df4cd90 x3 : 0000000000000016
x4 : 000000003df4ce50 x5 : 4e244e234e224e21
x6 : 0000000000000016 x7 : 000000003e3d2b38
x8 : 000000003df64870 x9 : 0000000000000008
x10: 0000000000000001 x11: 0000000000000006
x12: 000000000000205e x13: 0000000000000001
x14: 0000000000080000 x15: 000000003df40e90
x16: 000000003e380190 x17: 68897ef610278cee
x18: 000000003df4cd90 x19: 0000000000000000
x20: 0000000000000006 x21: 0000000000000006
x22: 0000000000000000 x23: 000000003df3eb48
x24: 000000003e3bafe0 x25: 000000003df648c0
x26: 0000000000304000 x27: 000000003dfe8ac0
x28: 0000000000005400 x29: 000000003df3eac0

Code: 54000061 d2800000 d65f03c0 f9400401 (b9400821) 
Resetting CPU ...

resetting ...


U-Boot 2021.07 (Aug 09 2021 - 09:19:51 +0000) RPi4 - IPFire.org

DRAM:  7.9 GiB
RPI 4 Model B (0xd03114)
MMC:   mmcnr@7e300000: 1, emmc2@7e340000: 0
Loading Environment from FAT... *** Warning - bad CRC, using default environment

In:    serial
Out:   serial
Err:   serial
Net:   eth0: ethernet@7d580000
PCIe BRCM: link up, 5.0 Gbps x1 (SSC)
starting USB...
Bus xhci_pci: probe failed, error -110
No working controllers found
Hit any key to stop autoboot:  1 

I think the kernel is not loading at the right place or the kernel file itself it not working.
Can you try an older image ? Coz I am off to sleep now.

UPDATE:

Raspberry Pi 4 Model B

RPi4 is supported since IPFire-2.27 core159 aarch64.

So this seem to be the first image.

I grabbed the flash image for aarch64 based on this thread. That is what is flashed to the SD card and showing the errors. I appreciate any input or suggestions.

(https://downloads.ipfire.org/releases/ipfire-2.x/2.27-core159/ipfire-2.27.2gb-ext4.aarch64-full-core159.img.xz)

1 Like

I should add that I also just grabbed a recent raspian image that I’m going to try just to validate I don’t have some kind of hardware issue.

Thanks for the updates. I guess at this point, I need to wait for more direction on this front. Happy to try other builds, but not sure I know how to do much more with this image.

@jon - What image did you download and use to run this successfully?

This appears to be related to firmware ordering and such. Image does not start on Raspberry Pi 4 8Gb · Issue #22 · lueschem/edi-pi · GitHub talks more about this, although I don’t really know enough about the functionality to determine next steps.

If I connect a monitor, I’m able to get further in the boot sequence. It gets to the point where it says that it is loading the kernel and then hangs at that point. It does look like the issues referenced in those issues I linked to are related. In the end, this device needs to be headless since it is normally nowhere near a monitor.

I will add that I was able to cleanly boot a recent RaspiOS image without issues, so thankfully this is not a hardware issue.

I will keep poking at this as I have time. If anyone has any suggestions or things that I should try, I’m happy to do that.

This is the filename of the image I downloaded and installed:
ipfire-2.27.2gb-ext4.aarch64-full-core159.img.xz

I grabbed it from this page:
https://www.ipfire.org/download



I am assuming you are getting these errors BEFORE you get to the IPFire setup. But I am having trouble figuring out where in the boot sequence you are seeing the issue. Can you take a few pictures?

I’m going to load up a new SD Card and image and record some video with my iPhone. Maybe we can figure out where things go sideways!

If you read back a bit, this may be due to me trying to set this all up without a monitor attached using the serial console. I’m not even getting the kernel loaded, so nowhere near IPFire setup. Do you have a monitor and keyboard connected?