Installing pfSense on a PC Engines APU2

Featured

The APU2 came in and now I can install pfSense and share the knowledge.

First things first. The APU2 does not have a Video Out such as VGA or HDMI. It’s a headless System that uses RS-232 to run it until pfSense is installed. The options for this is to use either a DB9 Null Modem Cable if the System you’re going to connect has Serial/RS-232 or use a modern USB to Serial Cable.

For this install the Host Machine is my Desktop running Debian Linux. I am also using a USB to Serial Cable Adapter. It uses the CH341-UART chip. Keep in mind you will need a DB9 Null Modem Adapter, a simple Gender Changer Adapter isn’t going to work. for the connection software wise I am going to use GNU Screen.

We need to download pfSense. Make sure to follow the image below.

After it downloads uncompress the file and use dd (DiskDump) to write to a USB Thumb Drive. The Thumb Drive shows up as /dev/sdc but this varies system to system. If anything insert the Thumb Drive and run sudo dmesg and it should show up last and will say /dev/sd* whatever the * is is the Thumb Drive, could be sdb, sdc, sdd and so on.

For my System I issued this command.

sudo dd if=~/Desktop/pfSense-CE-memstick-serial.img of=/dev/sdc

While it was writing to the Thumb Drive I gathered the rest of the equipment together. Do not power on the APU2 just yet. When the Thumb Drive is ready plug it into the APU2. Launch GNU Screen with this command. Remember I am using a USB 2 Serial Adapter so yours might differ.

screen /dev/ttyUSB0 115200

With Screen running you can now power on the APU2. When you turn it on you should see Text pop up in the window. Select F10 to bring up the Boot Menu and select the Thumb Drive. It will take a couple of minutes to load up but it should go directly into the Installer. From there just follow the prompts and install pfSense like you would on a typical PC.

When finished installing you’ll need to reboot the APU2 and this time hit F10 again and select Manage Payload. This will bring you to a BIOS setup and just tell it to boot from whatever Media you installed pfSense onto. If you skip this part then it will only Boot into MemTest86.

After that it should work and you can then start programming it via the Web UI.

Here is a couple of shots of my APU2.

So far I am impressed. I plan installing it this Weekend and see how it goes.

Featured

S-100 Z80 Progress

I didn’t like the first revision of the Schematic so I redid the whole thing. I came across a Z80 Trainer made by Dr. Baker and used that as the basis of the new Schematic. I also used the circuit for the VT132 Project for a Terminal VGA and USB Keyboard.

Control Panel
CPU and Clock
RAM and ROM
IO Board
Serial Terminal for Video and Keyboard

These are not final. I need to review these and make sure everything is in the right order. I also need to import the S-100 BUS.

Featured

New CCTV System

I decided to buy the CCTV equipment. I bought a Reolink 5MP Pan Tilt Zoom Camera for the Driveway and a Reolink 5MP with Audio Turret Camera for the Lanai. My Boss let me buy a Hikvision Door Bell at cost and it was on sale from the distributor for $98.00. It’s the only one I can find that has ONVIF currently. I also have a couple of Hikvision IP Cameras I will use for Indoor use.

For now I plan to use MicroSD Cards for recording and push it to Shinobi that is running on the Home Assistant Server. For now I will use a TP-Link 5 Port PoE Switch. I really don’t see adding anymore Cameras since the placements I have chosen should cover everything. Except one area that has the A/C unit.

I am a bit worried since I heard A/C unit thefts are on arise in my area but I got that covered. I traded a A/C Tech 25ft of Coax for 25ft of outdoor rated cable used for A/C systems so I can make a dummy line that connects to the Alarm Panel so when someone cuts it the Alarm goes off, I have it programmed as a Duress so the Central Station sends out the Cops without Verification. Also used longer Tapcons to attach the unit into the Cement Pad. I also stripped out the Nut Driver portion of the Tapcons so the only way to get them out is with a Flat Head or a Cutting Wheel. Besides the Driveway Camera and Lanai Camera would catch anyone going to the side of the House anyway.

Anyway, back on topic here. I will probably run the Cabling to the Master Closet or Garage and then run a Single Line to the Living Room since the TV stand is getting full. Since the pfSense box has one more open port I can dedicate that to the CCTV and give access to Home Assistant.

I already got a friend that wants to buy my old Analog DVR and I will probably give the Ring to my Mother.

Featured

Lost art of Cable Management – Cable Lacing

Used in Telcom, NASA and Avionics a almost lost art of Cable Management called Cable Lacing. Instead of using Zip Ties or Tape a Waxed Coated Cotton String is used for the whole length of a Wire Rack or Wire Harness/Bundle.

In my honest opinion this looks a lot cleaner and better then a hundred Zip Ties and doesn’t leave a sticky residue like Tape does. It’s also pretty darn cheap, just don’t buy the “Electronics Grade” stuff. The 1mm size that is used for Jewelry is cheaper and it is the exact same stuff. You can also use thinner stuff but you’ll have to double wrap the bundle.

I found a little Video on YouTube that covers how to do it. The man in the Video has a terrible accent but you just to need to watch rather then listen.

A few Tips I have with this Method. Have the knots closer then what I have in the example photo. If the Cabling is running flat then you can get away with knots further away but when you go into turns and twists you want the knots closer or it will look like this.

Just like anything new you will be slow and it will look like crap but with practice it will look better and you’ll get much faster.

Featured

Fresh install Debian 10 Linux

When I install Linux I end up spending a lot of time tweaking it the way I like it. No matter the Distribution I end up doing stuff like this. Mostly because Out of the Box is for the novice user. Most end Linux users do the same thing.

I typically start with just the base install to make sure all of my hardware is in working order such as Chipset, CPU Microcode, Networking and USB. Easier to catch the issues when it’s a plain Command Line Interface. Also much easier to redo the install to Unstable if the Kernel is too old to see brand new hardware. Unstable isn’t really Unstable, it’s just newer Software that is still experimental. For a example Ubuntu uses a mixture of Unstable and LTR (Long Term Release).

When partitioning I keep things simple and use a single Partition for everything. Now if I am doing this to a system that has Multiple Hard Drives I’ll move things around such as putting the /home directory onto a different drive. Back in the day I use to toss in a old drive just to be used for SWAP but these days I see no performance gains. A EXT4 Partition is just find and no need to go into the world of ZFS and GPT since ZFS eats RAM and GPT will bite you in the ass in the end.

After I verify everything is working I’ll edit the APT sources file and add the contrib and non-free entries, update the mirrors and upgrade. Install Xorg and whatever Window Manager I want. Currently I am giving KDE Plasma a spin and it has a few nice features but I like using the Awesome WM.

Before anything else I once again verify my Video and Audio is working correctly. I’ll run the glxgears program or just look at the OpenGL Information. To test Audio I’ll just load something up in YouTube, a few times in the past the Audio would work fine within the Window Manager but YouTube, Steam and VLC would be deaf. So if YouTube works then there shouldn’t be issues with anything else.

Now I can start adding my custom tweaks and such.

I add my user to the sudoers file and make sure the hostname for the system is final. Also install ntp if Xorg’s install didn’t include it.

su
apt install binutiles sudo ntp ufw fish vlc
nano /etc/sudoers


under root’s entry add
[username] ALL=(ALL:ALL) ALL
Save and exit.

exit

I start by changing the Command Line Shell. Debian uses a modified version of BASH called DASH. Works alright but after you start playing with other types of Shells you end up staying away from it. I use to use Zsh but I converted to FISH. After installing fish I then issue chsh -s /usr/bin/fish then launch it. From there I go into ~/.config/fish and edit the config.fish file and add my alias entries.

alias ls="ls -lahp"
alias dir="ls -lahp"
alias shutdown="sudo shutdown now"
alias reboot="sudo reboot"
alias update="sudo apt update"
alias upgrade="sudo apt upgrade"
alias purge="sudo apt autoremove"
alias edit="nano"
alias G="grep"
alias S="sudo"

After tweaking commands to my liking I’ll add more software I attend to use such as Htop, Bleachbit, Guake, and KDE Connect.

Over time I end up installing neofetch, screen, Arduino IDE, Sublime Text and GCC, Firefox and vBox.

Once in a blue moon I’ll screw up and spend a good few hours fixing it or just end up reinstalling everything.

Featured

Limit Unwanted Network Connections

I’m slowly putting together a Network Administration suite for the Raspberry Pi. Came across a little jewel called Evil Limiter. It’s a Python 3 Script that can do a ARP scan of a Network and give you a IP Address on the Network that you know shouldn’t be there or you have a User sucking up too much Bandwidth. So instead of Deauthing the user you can Throttle or even Block the User. For a example you can Limit a User to 100Kbit/sec or even totally block them.

This could be handy for enforcing say the Kids Internet usage during the Spring/Summer Break or even at work when Steve should be working on a report but is too busy watching Netflix or YouTube.

Now this tool is considered a DoS (Denial of Service) Attack so be careful how you use it and deploy it.

Featured

Building a Z80 Computer

Every hardcore Electronics Engineer and Computer Nerd has a bucket list and there is a Homebrew Retro Computer on that list. I could cheat and buy a RC2014 kit but building it from total scratch is even better.

Now you just don’t order/buy/find the parts and slap it all together. You have to study up on the subject. There is a PDF floating around called “Build your own Z80 Computer” by Steve Ciarcia. Then you have Grant Searle’s Website that is loaded with tons of Schematics and ideas for a minimal chip count Z80 running BASIC and CP/M.

To start off the build I am going to build a curd version of the Zeta256 and branch off of that by adding memory, UART, ROM and so forth.

DIY Smart Doorbell – Camera

The little IP Camera I bought was a dud. Worked for five minutes then stopped. I touched it and was very hot to the touch. So The Camera is going back.

So it looks like I am going back to the Pi Camera. I’ve been looking at some ONVIF addons for the Pi so I can sync the Camera to a NVR. The best one I found was RPOS.

Looking at the GitHub page looked a bit scary to get RPOS working but I found a few guides that make it easy.

So until the Camera shows up I can start on getting the Pi setup with it’s basic stuff and get Mumble running.

You and your Internet Connection

Lets begin with this. WiFi is not the Internet. It is a two way Radio that sends Radio Frequencies to transmit and receive Data on your Home Network. Granted the WiFi Radios are built into the Modem the Internet Provider issued you but it’s not the Internet.

With the COVID-19 and crap going on people have been working from Home and have noticed their Internet isn’t that fast. Honestly it is fast but since you and hundreds of employees have to connect to a central Server remotely it does make things slower on that front.

However, if you have a bunch of Family members trying to do stuff on the Internet as you’re trying to work then yea your Internet Connection could be on the slow side. Also the Home Network traffic can impact on the performance as well. I can go on and on with ways to speed up your Home Network but what it comes down to is the connection from your Internet Provider. I ask people all the time when they complain about something my company installed “How fast is the speed your Internet Service Provider giving you?” I always get “The fastest they have!” nine times out of ten it’s not. Either they’re too cheap or they don’t know what fast is. Most people attend to get the bottom of the barrel deal and it will vary from 60 to 25 Mbp/sec. It all depends how far they are from the Node, time of day and the area. Plenty of times I have had to disconnect a Home Network by going into the Modem, turn off the WiFi and just connect my Laptop to their modem with a 3FT Patch Cable so I can run a couple of speed tests since I don’t have the nifty signal testers Comcast and ATT have.

Keep in mind when you’re paying for a package from your Provider it is not going to be that exact speed. You’re looking at a plus or minus of 20% of the speed. Kinda like when you buy a new compact car that claims it can go 40 miles to the gallon, It’s an average of 10% to 20% out of a thousand that will get that 40MPG.

So put it this way. Say you’re a family of four and you ditched Cable and have more then two TVs that stream video content, you and possibly your spouse are working from Home then you would need at least 150Mbp/sec if not more.

If you have DSL then you’re outta luck unless you sign up to a different provider. If you’re in the boonies you still have options such as Viasat, Starlink and maybe even a Cellular Hotspot. Granted it’s not fiber but anything beats 6 to 12 Mbp/sec. After all DSL runs on a old Analog POTs line.
If the Kids are home when you’re trying to work and you really need all the speed for that lame Zoom call then make the kids go play outside. If they’re too young for that there are toys that don’t require the Internet you know.

Speaking of DSL, you know people are constantly calling their ISP to complain how slow it is. A lot and it is causing the people at the ISP call center to loose their Jobs. I’m not going to name off the ISP but they do this to their call center employees. A customer calls Tech Support and complain how slow their DSL service is. The Tech Support employee can only do minor troubleshooting and end up telling you it is what it is because the customer is trying to stream 4K video and Work from Home. After the call there is a optional survey not towards the company but towards the employee. No matter how it’s directed towards the company the employee gets the black mark if it is a bad survey. To make matters worse is if that customer calls back Tech Support with in a two weeks for any reason that employee helped that customer the first time around with in the two weeks gets a black mark. After a certain percentage the employee is fired. I know six people that work there and are scared they might loose their Job.

So before you spend a cent on your Home Network you need to figure out how fast your Internet Connection is. I recommend doing a couple of speed tests but do it with a Ethernet Connection. I use fast.com and speedtest.net. I highly doubt you know how to turn off the WiFi on your ISP issued Modem so have everyone not use the WiFi for ten minutes. Do not use the speed test from your ISP’s Website. They typically will just tell you the speed of your package deal.

Keep in mind when a ISP sells you on a package they are only using two devices as a reference. So if they say 25Mbp/sec is good and you have four devices then go for the next package above. What I mean by devices are the bandwidth hogs such as TVs, Tablets, CCTV and Computers. Most small IoT Devices such as smart lighting and sensors don’t put much of a impact on a Internet Connection.

Old School Scope based Serial Terminal – Driver Board

The parts showed up yesterday for the CRT Driver Board.
Digikey screwed up and sent half of the Resistors 1/8watt. The bags they came in said 1/4watt. I doubled checked and yea they sent the wrong ones. However they were typical values and I had them in stock.

Right now I am waiting on a Variac so I can properly test the Power Transformer. It’s never been powered up since I have had it and the Scope it was in was pretty beat up.

In the meantime I ordered some 22AWG strain Silicone Wire for the CRT Socket. The Datasheet for the wire can handle 600V at 3A. The 5UP1 CRT uses around 600mA for the Heater and the CRT probably consumes 1A. For the High Voltage Anode1 and Anode2 I have some Wire that can handle 1000V.

DIY Smart Doorbell – Parts Ordered and thoughts

The parts are ordered.

I decided to move this project to a high priority because the Wife wants a Camera at the Front Door.

The Mini IP Camera should be here today and everything else should be here on the 27th.

In the meantime I found a GitHub Project that is a Mumble-Web Client that uses HTML5 so I could possibly modify it to have a RSTP Feed to the Camera. Sadly the Demo on the Github page doesn’t work so I have no idea what it looks like or how it works.

I could deploy the Mumble Server on the Home Assistant Server but I want to see if the Pi can cope with the work load. If I have too many issues such as latency then I could make the HA Server host the Mumble Server.

As an option since I am in the Garage a lot and I can’t hear the Doorbell Chime when I am in the Garage I may include a HA Script or Scene to have Alexa alert me via Home Assistant. Or I could program a Light to pulse/flash.

DIY Smart Doorbell – Planning

Here is the target of the build.

Size:
I need to fit everything into a Double Gang Electrical Box.

Raspberry Pi:
I was leaning to use a Pi Zero and use a USB to Ethernet Adapter and I also found a little Circuit that uses GPIO18 and GPIO19 as a Audio Out but it looks like it would be easier to use a full size Pi. To make this a All in one unit I need to make it small as possible.

Relays:
The typical Relay Modules won’t work due to the size, not to mention they’re overkill. I was looking at these Kemet 3V Relays. However I plan to use a beefy Power Supply with this and I could use 12 Volt Switching Relays that I already have in stock.

Audio:
I need 9-12 Volts for the Amplifier I plan to use. Speaking of the Amplifier I plan to use the good old TDA2030A. From my experience the Audio is always garbage when it comes to these Smart Video Doorbells. The Speaker I was thinking to use a single Speaker that can handle 3W and around 8Ohms. I can bridge the Left and Right Channels with a couple of resistors to make it a Mono Audio Speaker.

Power:
Doorbells don’t exactly do justice for powering Video Doorbells. A lot of times you have to end up replacing the Transformer to a higher VA rating. When I was leaning on the Pi Zero I was thinking of Power Consumption but it looks like I will need some Power. I plan to use a 12 Volt Power Source around 6A or more then use a Buck Converter to power the Pi at 5V. Since I already have CAT5e running around for the previous Doorbell System I can use the unused Pairs for Power. However I would need to run another CAT5e for Networking. Since I plan to have a IP Camera mixed in with this I could run two Cables or just split one Cable and make it run 10/100.

Or I can see if I can tap into the Camera’s PoE or use the Power from the Doorbell for the 12V stuff and just get 5V to the Pi from a 5V source.

Camera:
I have a little el-cheapo 3MP IP Camera on the way. I want to see if I power it via PoE will it output 12 Volts from the DC Barrel Jack. If it does I might be able to use that as my 12 Volt Power Source and then just worry about getting 5V to the Pi. One less part would be needed and will give more room in the Box. I went with a separate Camera because I want to easily push the Video to my CCTV NVR. I can still access the Camera from RTSP.

Mic:
Nothing Special for this, Might give this one a try.

Button:
I need to figure out a way to make a Push Button a multi use button. As in it is pressed the chime goes off then connects the Mic and Speaker. Could probably be all handled in Software.

PIR Sensor:
I have a bunch of these laying around. They’re a bit on the big side but on the final product I’ll probably use a Mini one.

DIY Smart Doorbell

My Hikvision Doorbell has failed me. I tried everything and had my Son that is a Electrician take a look and I didn’t screw up the wiring. So for now I have a typical Doorbell Switch. I had replaced the Transformer with a 40VA and even ran new Cabling as well.

So since I have CAT5e Cable ran to the Doorbell Switch and Transformer Location I can easily build a Smart Doorbell.

Specs:
Motion Alerts.
Notify when some one rings the Bell.
Two Way Talk.
Video.

I was thinking to use a Raspberry Pi with the Camera module. I wonder if there is a way to make it use ONVIF? If anything I could use this Camera.
Have the Pi work with a Relay to hit the Indoor Chime, PIR for Motion and two way voice with Mumble or Matrix.

Idea for Home Assistant Scene Controller

There are many ways to make a Scene Controller for Home Assistant. You could use a Phone, Tablet or go completely hardcore and use a Pi and make a Control Panel Like I did before. Well how about one you can put into a Wall Switch Box?

In some Homes you’ll have a couple of Light Switches that do nothing. For a example in a Livingroom where the Light Fixture location is made for a Ceiling Fan but you don’t plan to Install a Ceiling Fan. That extra Switch controls a Switch Leg to control either the Fan or Light. Well you can use that Switch location as a Scene Controller.

For the Power Source we need a Power Supply to Take that 110 Line Voltage to something that can Power a ESP8266 Module. HI-Link has a nifty little Device model HLK-PM03 that works well for this. You can use a ESP-12e as the Micro Controller and you’re halfway there.

With Tactile Buttons or even better a DIY Membrane Keypad on the face. You could use Touch Sensors but you can only fit so many on a Single Gang Switch. Program the ESP8266 with ESPHome to sense changes in the GPIO state to send a signal to Home Assistant to control a Scene.

Takeover a Alert360 DVR

A friend bought a House and it had a Alert360 CCTV System. He called me to see if I could break into it and change the info so he can use it. The previous Home Owner wouldn’t return his Phone Calls about it.

Just looking at the DVR I was able to see it was a Hikvision with a Alert360 Sticker on it. I hooked up a Monitor and Mouse and was greeted with a Lock Draw Pattern and I tried a few random ones and nothing. I pulled out the Laptop and used the SADP Tool and exported the file Hikvision requires to give you a Key to unlock it and I got a Email back saying “Nope, contact your Vendor”.

I kept trying the Unlock Pattern. Keep in mind you have to Power Cycle the DVR after four tries. It gives you Six tries before it totally locks you out. I finally found the Pattern.

0   0---0
|   |   |
0   0   0
|       |
0---0---0

Start from the Top Left and down three. Right two, up two, left one then down one.

After entry I was able to Factory Default it. I programmed it and now the fun part. Adopting it to Hik-Connect. Alert360 has a App called Alert360 Video but it is a much older version of Hik-Connect and doesn’t have the bells and whistles such as the Doorbell and such. I had to go under Platform Access and change the Cloud URL to custom and put in dev.us.hik-connect.com and Power Cycled it. When it came back up it said it was online. Scanned the QR Code and it was on the Phone. I tried to use the default Cloud URL but it said the DVR was linked already.

In all it’s not a bad System for a OEM Hikvision. It’s Analog but is able to be used with IP as well. Hikvision calls this a Tribird.

So If you have a Alert360 CCTV System you can give that Unlock Pattern a try and switch it over to Hik-Connect and have full control over the System and also add more equipment such as IP Cameras, Doorbell and whatever.

Sadly my friend also has a 2GIG Alarm Panel and I can’t get into it. He is going to get a Honeywell Lyric. 2GIG Sensors work on Honeywell Lyric so he can save some money there.

Max2Play for Whole Home Audio

In my quest to find the proper HiFi System for the Raspberry Pi I was starting to loose hope and came across Max2Play.

It’s super easy to setup and uses a Logitech Emulated SqueezeBox. I didn’t have a Pi3+ laying around but a Pi2 and the HiFiBerry works fine on it. So if it works with my setup it should work fine on the Pis I deployed last week.

I got SoundCloud, YouTube, Tune-In and Spotify working on it. Sadly Pandora doesn’t work but it seems it’s more of Pandora’s fault. It seems a lot of the DIY HiFi Systems are having issues with Pandora and attend to fallback on Spotify more. The App I chose to use to control the System is called Squeezer.

For SqueezeBox you don’t have to buy a licence for Max2Play.

Another nifty thing for this is it works in Home Assistant as well.

Old School Scope based Serial Terminal

Last year I built a little circuit that lets you use the X-Y Function of a Oscilloscope as a Serial Terminal. I have been wanting to buy a dedicated X-Y Vector Scope for a while but the prices are out of the range I am willing to spend. A few years ago I found this site that has a nifty little circuit for a “TV-to-scope” and it has been used for those Oscilloscope Clocks.

I got a 5UP1 CRT I kept from a broken Heathkit Scope along with the Power Transformer and CRT Socket. In the Notes it says the 5UP1 works but it’s dim and doesn’t work for the TV-to-scope but I am not trying to pass a NTSC signal into it.

I bought the PCB from here last week and it showed up yesterday, I bought the parts this morning.

The case isn’t going to be anything special for now. Probably just a Wooden Box until I get some decent tools to make a proper case for it.

I am hoping for this to be the main Terminal Screen for the S-100 Z80 Project.