OpenBSD Journal

OpenSoekris Announcement

Contributed by jose on from the small.-functional.-stable.-secure. dept.

Ben and Ron write: While attending the 2002 Toorcon in San Diego I was introduced to my first Soekris. David Hulton (organizer of Toorcon) had asked Matt Peterson of the Bay Area Wireless users group was Asked to help deploy the network. The network had three requirements:
  1. Give the con attendees access to the internet.
  2. Give the participants who were playing root wars access to the internet.
  3. Firewall 1 & 2 from each other.
Matt had brought a few Soekris devices with him to accomplish this task. He used a NET4501 for the main gateway to the internet and to firewall the 2 different networks. He used NET4511's and NET4521's to provide wireless access to the conference areas. Matt is an avid FreeBSD user so he was using to FreeBSD as the OS on the compact flashes for the Soekris devices."

Read on for more of a project description.

"Once the devices were set up and running they remained running through out the whole con without incident. After the con was over I had to get one. Got together with a few friends and showed them this great device that we must get. (Note: Soekris provides discount on bulk purchases) After doing our group order they arrived on time.

Now, with our Soekrises in hand we had to decide what OS we were going to load. I am an OpenBSD convert so I did not want to use the FreeBSD setup that Matt had used. So off to Google ( we went in search to see if anyone else had found a way to get OpenBSD on to a compact flash for our Soekris boxes. Google did not fail us, we came across Chris Cappuccio's site . With this information in hand Mike Scott and I set off to see how it worked. We found a few things that were missing and started making changes. ( Thank GOD for a BSD License ) After a couple of weeks of tweaking here and there and trying to maintain changes I requested a project page at SourceForge and on 11/02/2002 14:49 PST it was approved. So I imported what we had at the time into CVS and rolled the first release. Over time, the development team has grown from the initial three people to eight.

Opensoekris is designed to put a minimal installation of OpenBSD on to a compact flash and have the soekris act as a GATEWAY device. By using OpenBSD it has all the functionality of PF for handling firewall and NAT functions.

Here is what it is capable of doing for you:

  • Makes an image from the version of OS that you are currently building from. (No Need to grab etxXX.tgz or baseXX.tgz anymore)
  • Has the ability to write an image so it can be duplicated to several devices, or to write the install directly to the compact flash.
  • Customize the configs before the image is created.
  • Archive configs, ssh_host keys, and kernels
  • DHCP Server, Syslogd, etc...
  • And much, much more..."

I should note that the project is located at the OpenSoekris site , and I'm actually one of the developers. We've been stalled a bit lately on outside commitments, but I have been running one of these systems for a while and been very pleased, the uptime is remarkable and the rack space is negligable. Well worth checking out.

(Comments are closed)

  1. By earx () on

    it is similar to embsd ?!!

    1. By Ben () on

      Yes, and no. It does use compact flash for installation media as well as being OpenBSD based, but as far as I know, that is where the similarity begins and ends. However, since EmBSD had dropped off the face of the earth by the time we began development we chose to use Chris Cappuccio's flashdist as a base.

      1. By Earx () on

        Good works it will help and i hope soekris motherboard will be more powerful in the future and always with a pcmcia bus to do wireless AP.

        1. By Hahaha () on

          So you are forced to spend more than using PCI card

          1. By earx () on

            right the pci prism card is a good idea but here it is not common as the pcmcia are!
            but is interesting to search a bit more...

        2. By grey () on

          With respect to more powerful soekris motherboards, Soren has begun sampling the 4801 which has a Geode cpu so is slightly beefier. Also, if you look at his roadmap he's got some faster things ahead, but he's really trying to focus on low power x86, so expectations should be set accordingly.

          There are already a number of alternatives in the embedded, compactPCI and embedded market that are quite fast, but tradeoffs abound as follows:

          Price - (e.g. look at the nice appliance geared offerings from - my last check was that they started around $500).

          Form factor - often these are just a little less than ideal, my favourite example being some of the compactPCI cards from the likes of Sure, they occupy a PCI slot, but once to add RAM, hdd, etc. you'll be taking up more than a slot of space (and if you plan on putting these in a 1U rackmount box, they just won't be too useful if you're trying to cram them into a right angle PCI bracket & still use another PCI card).

          Integration - Soren has done a rather nice job of putting just about everything on these that you'll need save for a CF card, and the amount of RAM is pretty decent, especially for the cost. Moreover, the serial BIOS is great, and for the types of applications you'd be using these devices for - much more welcome than having to deal with VGA & PS/2 ports.

          Customer Service & Target Buyers - Soren is definitely rare in his attention to the BSD's and Linux, in that that's really his original target audience. I've had nothing but good experiences with his support as well, since there's pretty much no heirarchy to deal with, that's really not going to be the case from most other sbc oriented vendors. He's able to respond pretty well to customer demands in this regard too, and recently even mentioned something about designing a more minimal & cost effective unit for those who find that the 45x1 series is overkill for a wireless AP.

          1. By earx () on

            Thanks for the information !

  2. By rankor_industries () on

    How much data went through the boxes?
    How did the boxes handle the load?
    How heavy were your pf rulesets?

    1. By Ben () on

      I am using one on a ADSL 1.5/384 circuit, it handles that just fine. Now, if I do a scp between two machines and the data passes through the soekris, ssh connections to the soekris get laggy (about 90% of the CPU time is spent dealing with interrupts). So, the max transfer rates I have ever gotten over SSH on my local network (passing through the soekris) is 1.5MB/s. However, it is more than adaquate for doing NAT or bridging for a DSL or cable modem connection.

      My PF rules do not seem to make much difference in the speed/load on the system (they're not very complicated).

      1. By Anonymous Coward () on

        irq handlers get quicker when you build for 486

        1. By Ben () on

          Build the kernel for 486? That is already done. Userland, well.. thats another matter. We haven't done that yet.

      2. By rankor_industries () on

        thanks for the answers!

  3. By Anonymous Coward () on

    I have to say the project is a welcome necessity.

  4. By Anonymous Coward () on

    You can get used old PCs at very low prices. What is the advantage of using a soekris? size only?

    1. By Ron Rosson () on

      With Soekris there are no moving parts. Which means there is no noise. The drive is the Compact Flash. People have soekris boxes mounted on poles, and configured as hostap for a wireless network.. Also they do POE ( Power over ethernet)

    2. By tedu () on

      size. and newness. i've had several pentium systems drop dead in the past year. they also use far far more power than a soekris would.

    3. By revdiablo () on

      Like the other posters mentioned, size, power consumption, and no-moving-parts are some big reasons. Another reason is... these things are just cool! They're extremely tiny, work quite well, and are just fun to play with. :)

      1. By Anonymous Coward () on

        I understand. Thanks for your answers. Now that device sounds much more interesting to me.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]