Dell VEP/VMWare Edge/Velo Cloud SD-WAN/VeraCloud VEP1400/VEP1400-X firewall units

[6TTLAB]

Ok. Got into DiagOS and read through /etc/rc.local .

First interesting bit is as follows, and seems to be related to the PIC watchdog. Currently wondering if this could be a workaround to flashing the BIOS (from line 15):

# Disable PIC Watch Dog
i2cset -y 1 0x22 0 0 b
# Set PIC Watch Dog default count to 0 (offset 0x0=LSB; 0x1=MSB)
i2cset -y 1 0x24 0x0 0x0 b
sleep 1
i2cset -y 1 0x24 0x1 0x0 b

The other part is related to the NICs. Starting on line 31 is the interesting bit:

value=$(i2cget -y 1 0x31 0x0 | cut -c 3-4)
boardid=$(echo $value | xxd -r -p | xxd -b | cut -d' ' -f 2)
boardtype=$(echo $boardid | cut -c 5-8)
case ${boardtype} in
"1000"|"1010"|"1011")
    # For Gris platform reinit the Marvell phy and I350 MAC
    velo_ver=$(/opt/dellemc/diag/bin/nvramtool -r -R 0x59 | grep VeloCloud | awk '{ print $NF }')
    if [ -z $velo_ver ]; then
        :
    elif [ $velo_ver = "1" ]; then
        rm /etc/udev/rules.d/70-persistent-net.rules
        rmmod ixgbe
        i2cset -y 1 0x31 0x1 0xff
        sleep 1
        while [ -z "$(lsmod | grep igb)" ] && [ $count -le $timeout ]
        do
            echo 1 > /sys/bus/pci/rescan
            echo "Rescan PCI bus..."
            count=$(( count+1 ))
            sleep 1
        done
        modprobe ixgbe
    fi
    ;;
"1001")
    ;;
"1100"|"1101"|"1110"|"1111")
    ;;
*)
    echo "Unkown Board Type." > /dev/kmsg
    ;;
esac

In my case, board id is 00101000, which in return means that it's a VeloCloud version board. This would call for the actions in the 70-persistent-net-rules (rmmod ixgbe, i2cset -y 1 0x31 0x1 0xff, then rescan PCI bus with the newly found igb ports). Just need to figure out a way to shove this into nnSense / FreeBSD.

Note that I've got the rc.local file handy and will post it if it actually helps (granted that I'm allowed to to so, of course).

By the way, here is a screenshot of PfSense console after booting up:

*** Welcome to Netgate pfSense Plus 23.01-RELEASE (amd64) on pfSense ***

WAN (wan)       -> ix0        -> v4/DHCP4: 192.168.2.186/24
LAN (lan)       -> ix1        -> v4: 192.168.1.1/24

0) Logout (SSH only)                  9) pfTop
1) Assign Interfaces                 10) Filter Logs
2) Set interface(s) IP address       11) Restart webConfigurator
3) Reset webConfigurator password    12) PHP shell + Netgate pfSense Plus tools
4) Reset to factory defaults         13) Update from console
5) Reboot system                     14) Enable Secure Shell (sshd)
6) Halt system                       15) Restore recent configuration
7) Ping host                         16) Restart PHP-FPM
8) Shell

Enter an option:

As well as a shot of the dashboard:
View attachment 27831

Now, hunting for a way to shove those commands into FreeBSD... Stay tuned!

root@dellemc-diag-os:~#

how i can install openwrt?

 

[nmpu]

how i can install openwrt?

At this point, it's a standard 'bare-metal' x86 install. I remember using a 'live' Finnix USB boot to format and copy the OpenWrt image.

 

[6TTLAB]

At this point, it's a standard 'bare-metal' x86 install. I remember using a 'live' Finnix USB boot to format and copy the OpenWrt image.

I burned openwrt into USB, and I can only use openwrt when I start it by plugging the USB into 620.

 

[nmpu]

You're getting closer. You need to copy the image from the USB to the internal eMMC or SATA. You should have access to enough Linux tools in OpenWrt to complete the last step. You'll probably have to modify the GRUB bootloader so that you can use the serial terminal with OpenWrt. Otherwise, use an SSH terminal.

 

[6TTLAB]

You're getting closer. You need to copy the image from the USB to the internal eMMC or SATA. You should have access to enough Linux tools in OpenWrt to complete the last step. You'll probably have to modify the GRUB bootloader so that you can use the serial terminal with OpenWrt. Otherwise, use an SSH terminal.

thank you very much!!
i can't install openwrt edge 620 emmc,beacuse i can't find emmc disk on my installing.

 

[nmpu]

Did you try

fdisk -l

Here's my eMMC with DiagOS installed:

Disk /dev/mmcblk0: 14.56 GiB, 15634268160 bytes, 30535680 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: BB4E3C37-EB3E-4339-B9FB-46806859A888

Device          Start     End Sectors  Size Type
/dev/mmcblk0p1   2048  264191  262144  128M EFI System
/dev/mmcblk0p2 264192 4458495 4194304    2G Linux filesystem

 

[Mithril]

Ok, so I did some testing on my current firewall which is not this hardware but stay tuned:

Proxmox E3-1220 v3 with PFsense 2.7.2, mostly "out of the box" (no tuning). I'm passing a Solarflare SFP+ nic in (whole card, as the E3-1220 v3 seems to not do 'enough' for proper IOMMU groups on VF, sigh). I'm giving 3 cores to the VM, no limits. PFsense is running some firewall and NAT rules, no IDS or the like for this test.

Internet is "2Gb" up/down FTTH. I see about 2100Mb up/down in reality, that hits around 40-50% of 3 cores.

If I limit the CPU speed at the proxmox level I still see within 2% of 2100 until 1300Mhz, any lower and speed drops. 800Mhz (lowest I can force) is ~900Mbps
While the Atom is newer, it also has a lower clock speed. The few easy direct comparisons I could find put it at about 33-45% of the speed of the Xeon. If we extrapolate that every 100Mhz is another 240Mbps, in theory 3 cores of the Xeon could do ~6400Mbps at the rated 3.1Ghz max (lets assume steady state no turbo). So in theory if we give 3 cores of the Atom to PFsense and also pass the SFP+ (as VF or entirely):

I'd estimate the Edge 620 should do ~2.1Gb to ~2.9Gb

Seems good enough for 2Gb internet, but not enough for faster. I'm curious just how well PFsense scales to 6 or 7 cores on a Edge 640.

 

[6TTLAB]

Oh damn... those buttons sure are mysterious and finicky!

I have 1000BASE-LX and 10GBASE-LR transceivers but no copper modules at all. I was thinking of getting a 10GBASE-T copper SFP+ transceiver from Fiberstore if I do sign up for 10Gbps fiber broadband for home in the coming months.

hi bro

do you have edge 620 original image ,
i want rollback to sd-wan original edge620 original image.
thanks!

 

[6TTLAB]

Did you try

fdisk -l

Here's my eMMC with DiagOS installed:

Disk /dev/mmcblk0: 14.56 GiB, 15634268160 bytes, 30535680 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: BB4E3C37-EB3E-4339-B9FB-46806859A888

Device          Start     End Sectors  Size Type
/dev/mmcblk0p1   2048  264191  262144  128M EFI System
/dev/mmcblk0p2 264192 4458495 4194304    2G Linux filesystem

Device Start End Sectors Size Type
/dev/sda1 2048 264191 262144 128M EFI System
/dev/sda2 264192 4458495 4194304 2G Linux filesystem

Disk /dev/mmcblk0: 14.6 GiB, 15634268160 bytes, 30535680 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: FAE730BE-8EE4-40B2-B650-973A573CFE40

Device Start End Sectors Size Type
/dev/mmcblk0p1 2048 264191 262144 128M EFI System
/dev/mmcblk0p2 264192 4458495 4194304 2G Linux filesystem

 

[6TTLAB]

Hey guys, hate to jump in so late here. I've been running a VeloCloud 5X0 for a year or two running pfsense and it's been solid. I saw some ebay listings for some dell/vmware 610 units and I'm curious if you guys got past the watchdog and CSM and NIC configuration issues. I'm seeing something about little buttons/jumpers next to the physical network ports inside the unit to change configuration "presets"? If the 610 isn't worth my time, maybe the 620 will be? These look like really nice options for a small firewall which is exactly what I need.

hi bro

would you tell me how install some ios install velocloud 5X0?
how do you issue watch dog?

 

[6TTLAB]

The 620 shares the same firmware with 640/680. You're good.

Here's how I would proceed:

1) Create a USB drive with a live Linux distribution like Finnix. This will allow you to poke around the internal file systems. You will want to add console=ttyS0,115200 to grub.cfg.

2) Create a USB install from Dell Diagnostics OS V3.43.3.81-27 for VEP1400-X Switch.

3) Copy the vep1400x_ufw_2.5 file from VEP1400_UFW2.5_External.zip to one of your USB drives.

4) Apply power [12V 5A 5.5mm x 2.1mm (2.5mm for 680)]. You can manage with less than 5A. I haven't tested to see how low.

5) Connect a micro USB cable to the back of the unit and open a terminal (PuTTY) on the corresponding port.

6) Momentarily press reset. After the memory tests, press [Delete] to enter the BIOS and select your USB drive as boot.

7) Install Diag OS to the eMMC. If this fails, use your live Linux to remove any existing partitions from the eMMC and/or SATA. You may also want to create a USB drive with Diag OS. That way you could use the (tiny) 16GB eMMC for something else.

8) Run ./vep1400x_ufw_2.5 interactive from within Diag OS (root/calvin). Updating the CPLD or PIC requires a reboot. New BIOS will take a long time to 'initialize'. Not to worry.

9) Once BIOS/CPLD/PIC have been updated, press and hold the external reset button until you see Factory Reset on the console. Not sure this is actually necessary. Instead, you may need to press/hold the button inside closest to the power jack. Something triggers DXE which is what initializes all 8 network ports.

10) Reenter the BIOS (password <service tag>! ) and tweak settings. I just disabled most of the fancy stuff. You can remove the password by changing to blank.

You now have a fairly standard x86 box with no display. You may have to install your target OS to external media and then copy the image. I did that with OpenWrt. I think the easiest solution is to swap the Wi-Fi module (assuming you have one) with an NVMe. You can then install to the NVMe using a PC.

1) Create a USB drive with a live Linux distribution like Finnix. This will allow you to poke around the internal file systems. You will want to add console=ttyS0,115200 to grub.cfg.
done
2) Create a USB install from Dell Diagnostics OS V3.43.3.81-27 for VEP1400-X Switch.
done
3) Copy the vep1400x_ufw_2.5 file from VEP1400_UFW2.5_External.zip to one of your USB drives.
done
4) Apply power [12V 5A 5.5mm x 2.1mm (2.5mm for 680)]. You can manage with less than 5A. I haven't tested to see how low.
done
5) Connect a micro USB cable to the back of the unit and open a terminal (PuTTY) on the corresponding port.
done
6) Momentarily press reset. After the memory tests, press [Delete] to enter the BIOS and select your USB drive as boot.

7) Install Diag OS to the eMMC. If this fails, use your live Linux to remove any existing partitions from the eMMC and/or SATA. You may also want to create a USB drive with Diag OS. That way you could use the (tiny) 16GB eMMC for something else.
done

8) Run ./vep1400x_ufw_2.5 interactive from within Diag OS (root/calvin). Updating the CPLD or PIC requires a reboot. New BIOS will take a long time to 'initialize'. Not to worry.
done
9) Once BIOS/CPLD/PIC have been updated, press and hold the external reset button until you see Factory Reset on the console. Not sure this is actually necessary. Instead, you may need to press/hold the button inside closest to the power jack. Something triggers DXE which is what initializes all 8 network ports.
root
10) Reenter the BIOS (password <service tag>! ) and tweak settings. I just disabled most of the fancy stuff. You can remove the password by changing to blank.

You now have a fairly standard x86 box with no display. You may have to install your target OS to external media and then copy the image. I did that with OpenWrt. I think the easiest solution is to swap the Wi-Fi module (assuming you have one) with an NVMe. You can then install to the NVMe using a PC.
i awlays can't install openwrt into emmc.
can you help me? bro

 

[6TTLAB]

Panabit retained one core for software scheduling, so it did not reach a higher speed. But I believe that even if this reserved core is used, it cannot achieve a line speed of 15Mpps. The more reason I think is this C3558 CPU and its PCI-E bus. I hope some friends can remotely test edge 680
[/QUOTE
老哥 怎么把openwrt安装进620啊 折腾了好几天了 diagos安装了 ufw升级了

 

[suqianstone]

The official website of OpenWrt provides image packages, so you need to enter the Linux system or use the write disk tool after entering Winpe. I think the built-in EMMC storage or hard drive should be able to be installed. If there is a grub during boot, it may need to be adjusted to redirect the display output to the serial port.

 

[nmpu]

The official website of OpenWrt provides image packages, so you need to enter the Linux system or use the write disk tool after entering Winpe. I think the built-in EMMC storage or hard drive should be able to be installed. If there is a grub during boot, it may need to be adjusted to redirect the display output to the serial port.

Apparently, he's already managed to install to a USB stick which boots into OpenWrt. Copying to the internal devices is no different. He just needs a bootable OS that can see inside. I think he can probably use OpenWrt itself.

 

[6TTLAB]

The official website of OpenWrt provides image packages, so you need to enter the Linux system or use the write disk tool after entering Winpe. I think the built-in EMMC storage or hard drive should be able to be installed. If there is a grub during boot, it may need to be adjusted to redirect the display output to the serial port.

install openwrit into usb drive


step_1

 

[nmpu]

You need to use the dd command to copy the image/partition. sda is the internal SATA drive. sdb is your USB drive. mmcblk0 is the eMMC.

The original OpenWrt instructions show the following:

# Unpack image
gunzip openwrt-*.img.gz

# Identify disk (to replace sdX in the following command below)
lsblk

# Write image
dd if=openwrt-21.02.0-x86-64-generic-ext4-combined.img bs=1M of=/dev/sdX

If you're happy with your current USB image, you should be able to use that. The command would be:

dd if=/dev/sdb of=/dev/mmcblk0

You would then change the boot device in the BIOS.

I have not tested this as I don't want to mess with a working system. I have verified that the dd command is available in OpenWrt. It's part of BusyBox. fdisk, parted, and resize2fs are available, but may need to be installed.

 

[6TTLAB]

You need to use the dd command to copy the image/partition. sda is the internal SATA drive. sdb is your USB drive. mmcblk0 is the eMMC.

The original OpenWrt instructions show the following:

# Unpack image
gunzip openwrt-*.img.gz

# Identify disk (to replace sdX in the following command below)
lsblk

# Write image
dd if=openwrt-21.02.0-x86-64-generic-ext4-combined.img bs=1M of=/dev/sdX

If you're happy with your current USB image, you should be able to use that. The command would be:

dd if=/dev/sdb of=/dev/mmcblk0

You would then change the boot device in the BIOS.

I have not tested this as I don't want to mess with a working system. I have verified that the dd command is available in OpenWrt. It's part of BusyBox. fdisk, parted, and resize2fs are available, but may need to be installed.

thanks! bor
i had intall openwrt into sata dirve ,but can't install into emmc.
why?

 

[nmpu]

OK, so you've managed to install to USB and SATA. Are you getting an error message using dd with the eMMC? If so, I suspect you might need to copy the OpenWrt partitions 1 by 1 instead of the entire disk. Maybe the eMMC has protected partitions. I'd try deleting any existing eMMC partitions with fdisk. If they can't be deleted, then they must be used by the BIOS. There's probably enough room for both DiagOS and OpenwWrt on the eMMC. I just don't know how the BIOS detects what's bootable and whether you could use a single GRUB. Since DiagOS has an actual install, I'd get the OpenWrt image working and then go back and try to reinstall DiagOS. Maybe you don't care? DiagOS can also be run from USB.