Dell VEP/VMWare Edge/Velo Cloud SD-WAN/VeraCloud VEP1400/VEP1400-X firewall units

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

juju

Member
Sep 29, 2021
36
1
8
Run through the latest Dell updates as documented in this thread (don't remember the exact page/post) using the micro-USB console connection. Once that is done, get the pfsense memstick image for serial console connections and burn it to USB. Boot the VEP to the USB stick and perform the installation to the onboard SSD. Do NOT attempt to install to the eMMC, that's where you've got the Dell DiagOS installation. Reboot after the installation, and you'll have a fresh box ready to go. I've done this on a 620 (aka 1425) and a 640 (aka 1445).

Expect that you will NOT have any ability to control the fan speed. I'm waiting for some Noctua AF4x10 FLX fans to arrive on Friday so I can quieten my 640.
Are you referring to this post ? # 1- 3 confused me. Do I need 2 separate usb drives for that or just one ( besides the one for the pfsense install )
 

ccie4526

Active Member
Jan 25, 2021
140
115
43
Are you referring to this post ? # 1- 3 confused me. Do I need 2 separate usb drives for that or just one ( besides the one for the pfsense install )
Yes, that one, thank you! If you don't care about looking at what is on the unit right now, then you can skip step 1 and you don't need that USB. Also, it appears to me (YMMV) that after doing the diagOS installation and then the firmware/bios update, I didn't have to worry about the watchdog reboot timer and didn't have to do the button pushing thing (step 9 in the list) on my 640.
 

blunden

Active Member
Nov 29, 2019
707
227
43
Then someone posted here in Great Deals recently about a couple of 640s on the bay for cheap ($100 vs $500+) so I decided to pick one of those up, and I've dropped that in line in place of the Opti 7010 after doing the requisite DiagOS and firmware/BIOS updates. Went back and did the same extended speedtest again and was seeing the full 2.5Gbps inbound flow, and the CPU was only at 60%. My internal network is based on a Cisco 3850-24XU, so I'm native mGig (2.5Gbps) from the cable modem into the switch, then 10G the rest of the way through to my workstation. So yeah, if you can get a 640 for $100, it's a nice upgrade from the 620. Definitely not worth $500. Planning to move my 620 onto a site with 200/20 VHDSL, so that'll be loafing around on that connection. Just wish I could get QAT functions, but that falls into the pfsense licensing BS.
What CPU is the 640 using? Is it the C3758, C3758R or some other model in the Atom C3000 lineup? Dell's spec sheet wasn't very detailed. :D

If it's one of the latter two. I would expect you to be able to route at around 9.4 Gbps since that's what my Qotom box using the C3758 can do on VyOS. Your result seems to be lower than I expected if it is indeed one of those CPUs. :confused:
 
Last edited:

ccie4526

Active Member
Jan 25, 2021
140
115
43
What CPU is the 640 using? Is it the C3758, C3758R or some other model in the Atom C3000 lineup? Dell's spec sheet wasn't very detailed. :D

If it's one of the latter two. I would expect you to be able to route at around 9.4 Gbps since that's what my Qotom box using the C3758 can do on VyOS. Your result seems to be lower than I expected if it is indeed one of those CPUs. :confused:
1730341766881.png

I'm doing a bunch of stuff with suricata on this box, so I've got much more CPU load on the unit. I'm sure that if I were just doing raw unfiltered throughput I'd hit close to the 10G throughput you describe.
 

juju

Member
Sep 29, 2021
36
1
8
Yes, that one, thank you! If you don't care about looking at what is on the unit right now, then you can skip step 1 and you don't need that USB. Also, it appears to me (YMMV) that after doing the diagOS installation and then the firmware/bios update, I didn't have to worry about the watchdog reboot timer and didn't have to do the button pushing thing (step 9 in the list) on my 640.
@ccie4526 I am getting stuck at :

8) Run ./vep1400x_ufw_2.5 interactive from within Diag OS (root/calvin). Updating the CPLD or PIC requires a reboot. New BIOS will take a long time to 'initialize'. Not to worry.

I have the file on the bootable diagos disk. The update went ok but when I try to run the updates for CPLD it says file not found. I also got pfsense to install on the 250GB disk. But cant boot cleanly intoit. It get stuck booting. I must have missed a crucial step in all this.
 

nmpu

Member
Sep 22, 2023
85
30
18
Bradenton, Florida, USA
I have the file on the bootable diagos disk. The update went ok but when I try to run the updates for CPLD it says file not found
The vep1400x_ufw_2.5 file contains all the updates. What happens if you just let it update everything?

I also got pfsense to install on the 250GB disk. But cant boot cleanly intoit. It get stuck booting. I must have missed a crucial step in all this.
I doubt an outdated CPLD would affect the boot. Did you add console=ttyS0,115200 to grub.cfg? I suspect that either the OS is booting successfully, but you just can't see any console output or the OS panics because it doesn't have a valid display. Do the links light up with an active connection?
 

juju

Member
Sep 29, 2021
36
1
8
The vep1400x_ufw_2.5 file contains all the updates. What happens if you just let it update everything?
Its the DiagOS install that goes ok - but cant run the update using the vep1400x_ufw_2.5. It says file not found. But i have it sitting on the same bootable usb drive used to run the os install.

edit: Found my error . I needed to copy the file into my root directory and run it from there. Here are the commands, in case it helps someone else:


from the diag-os prompt:
---
-- mkdir /mnt/usb
-- mount /dev/ sdb1 /mnt/usb. ( assuming the file is on partition on a usb drive at /dev/sdb1)
-- cp /mnt/usb/vep1400x_ufw_x.x /root
-- cd /root
-- ./vep1400x_ufw_x.x interactive
 
Last edited:

blunden

Active Member
Nov 29, 2019
707
227
43
View attachment 39813

I'm doing a bunch of stuff with suricata on this box, so I've got much more CPU load on the unit. I'm sure that if I were just doing raw unfiltered throughput I'd hit close to the 10G throughput you describe.
Thanks for confirming the CPU spec. :)

That explains it. Running IDS/IPS tends to decrease performance significantly.

@Mithril That previously missing detail might interest you. :)
 

shor0814

New Member
May 27, 2024
10
2
3
I purchased a 640 and waiting for it to arrive, just for clarification, is the dimensions for the 640 the same as for the 610? I want a rack mount, just need to make sure because this is the only reasonably priced rack mount I could find, and it specifies 610, but not enough detail to be sure.


Any other rack mounts being used?
 

juju

Member
Sep 29, 2021
36
1
8
I can't seem to get pfsense working on my VEP1485. Here is what I have done so far:

1. updated the bios/firmware successfully
2. installed pfsense on 256GB sata disk (no errors)
3. changed boot priority to the pfsense install disk ( tried both UEFI and the one just shows pfsense)
4. After this, I cant access the pfsense gui on the lan ip address I assigned during setup ( 192.168.10.1). I configured my laptop to be on the same subnet and manually assigned it 192.168.10.100. Looks like there is no network activity because I cant ping the pfsense lan ip or get dhcp to automatically assign an ip to my laptop if i remove the manual setup.

After the pfsense install completes, it ends up at this screen and simply sits there until I reboot the machine:

Capture3.JPG

If I reboot, I always end up here ....

Capture.JPG

I can get into diag-os prompt ok.

Capture2.JPG

Not sure where to go from here.


Edit: Problem solved. Turns out was using the wrong pfsense installer. I got it from pfsense own website ( memstick option ). That doesn't work on this ( at least on mine). There is a serial version of the installer not listed on the site. Used that and made sure in the install options of pfsense, I select GPT / UEFI + Bios partitioning. All set.
 
Last edited:

asage

New Member
Oct 26, 2024
4
0
1
I haven't completed the "restore interfaces" part yet but here's my take on what needs to be done Hacking a Velo 640 to Install OPNsense

Has anyone had success using i2c commands to control the fan in a UNIX based OS yet, like OPNsense or pfSense? I spent hours on this and cannot figure it out. In DiagOS I'm able to control the fan no problem with i2cset. In OPNsense I just don't see the device to even send it commands. I got a device to load with kldload smb but this doesn't appear to be the device I want because it doesn't have anything at 0x1b
Bash:
root@OPNsense:~ # kldload smb
smb0: <SMBus generic I/O> on smbus0
root@OPNsense:~ # smbmsg -p
Probing for devices on /dev/smb0:
Device @0x10: w
Device @0x34: rw
Device @0x60: r
Device @0x62: r
Device @0x68: r
Device @0x6a: r
Device @0x6c: rw
Device @0x6e: w
Device @0x88: rw
Device @0xa0: r
Device @0xa4: r
Somewhat related, I found that you can load a module for a watchdog in OPNsense. I already updated my BIOS so I can't really tell if it's the correct one, but the command is below. Based on the output I'm pretty sure this is the right one.
Bash:
root@OPNsense:~ # kldload ichwd
ichwd0: <Intel Atom C3000 watchdog timer> at port 0x400-0x41f iomem 0xfdc6000c-0xfdc6000f on isa0
ichwd0: ICH WDT present but disabled in BIOS or hardware
device_attach: ichwd0 attach returned 6
root@OPNsense:~ # kldload ftwd
ichwd0: <Intel Atom C3000 watchdog timer> at port 0x400-0x41f,0x1830-0x1837 iomem 0xfdc6000c-0xfdc6000f on isa0
ichwd0: ICH WDT present but disabled in BIOS or hardware
device_attach: ichwd0 attach returned 6
Using i2c in UNIX is something I have no experience with so if anyone has any suggestions on that I would love to hear it. I think if we can just find the right module to load, sending the commands shouldn't be too hard to figure out.
 
Last edited:

asage

New Member
Oct 26, 2024
4
0
1
Maybe this will help someone smarter than me? Fan speed control It's late and I didn't look at much of the code. I'll look through it some more tomorrow to see if I can find anything that stands out to me.
 

asage

New Member
Oct 26, 2024
4
0
1
I had a chance to review the code and it's using a SuperIO driver to set fan speeds. I installed the tool, but it doesn't find anything :(

Bash:
root@OPNsense:~ # superiotool
superiotool r
No Super I/O found
There is a post earlier in this thread says there is a SuperIO, but I can't seem to find any more information about it.

The board has a ton of jumpers and headers on the edges, it's pretty wild. And the fact that it also has a CPLD.. AND a PIC microcontroller.. AND a SuperIO that also has an embedded controller??? It's like they built this thing with 4-computers-in-1!

I suspect the buttons are for selecting a preset of sorts (either in the PIC or in the CPLD) and it is persistent. I would love to get some board schematics for this thing. It almost seems like this is a NUC on steroids combined with a Raspberry Pi.
@oneplane do you know anything more about the SuperIO?
 

oneplane

Well-Known Member
Jul 23, 2021
873
529
93
I had a chance to review the code and it's using a SuperIO driver to set fan speeds. I installed the tool, but it doesn't find anything :(

Bash:
root@OPNsense:~ # superiotool
superiotool r
No Super I/O found
There is a post earlier in this thread says there is a SuperIO, but I can't seem to find any more information about it.



@oneplane do you know anything more about the SuperIO?
The fans are managed by the PIC or the CPLD AFAIK. The SuperIO doesn't seem to be attached to an ISA or PCI port like it would on classic PCs, don't remember seeing an ACPI PNP entry either.

I don't have any of the devices lab-ready right now so I can't check. But since almost all devices are accessed over bespoke I2C, sideband, GPIO or SPI, I wouldn't be surprised if that's where the fans live as well.

There are some XML Files from Dell (in the DiagOS as well here on the forum) that describe the pins and what they control, I think you can find the fans in there as well.
 

asage

New Member
Oct 26, 2024
4
0
1
The fans are managed by the PIC or the CPLD AFAIK. The SuperIO doesn't seem to be attached to an ISA or PCI port like it would on classic PCs, don't remember seeing an ACPI PNP entry either.

I don't have any of the devices lab-ready right now so I can't check. But since almost all devices are accessed over bespoke I2C, sideband, GPIO or SPI, I wouldn't be surprised if that's where the fans live as well.

There are some XML Files from Dell (in the DiagOS as well here on the forum) that describe the pins and what they control, I think you can find the fans in there as well.
I have 2 of them that I'm just messing around with at the moment. If you have any suggestions, I can try it. Do you know if there are any headers that can be attached to control the TC654 with an external device? Wouldn't be hard to program a microcontroller and then either connect that to wifi or even just plug it in to the Velo with USB to control it.
 

nmpu

Member
Sep 22, 2023
85
30
18
Bradenton, Florida, USA
On the VEP1485 (680?) with no wifi, there is no way to add an extra SSD?
So you have pads for the mini-PCIe connector, but not populated? You can either swap a larger m.2 SATA drive or use external USB 3. Even with the Wi-Fi connector populated, it's only a single PCIe lane. All paths are slow.
 

blunden

Active Member
Nov 29, 2019
707
227
43
Even with the Wi-Fi connector populated, it's only a single PCIe lane. All paths are slow.
Thankfully the storage speed shouldn't matter if the intention is to use it as a router. :) As a VM host, it might though.
 

juju

Member
Sep 29, 2021
36
1
8
Thankfully the storage speed shouldn't matter if the intention is to use it as a router. :) As a VM host, it might though.
I was hoping use the 680 for proxmox. Wanted a separate onboard storage besides the one used for the proxmox OS install.This rules it out then.
 

blunden

Active Member
Nov 29, 2019
707
227
43
I was hoping use the 680 for proxmox. Wanted a separate onboard storage besides the one used for the proxmox OS install.This rules it out then.
I see. :) Yes, there sre probably better options then. I guess they simply didn't have that use case in mind during the design phase.