Upgrade pfSense 2.2.6 to 2.3.1_5

Because I’m doing night-school, I don’t have that much free time any more. That’s why my pfSense firewall was still running on version 2.2.6. But now it’s school holidays, so let’s upgrade 🙂

Below some screenshots of the upgrade process…

pfSense version 2.2.6 is running:


Start the update process:





After reboot:





Update to version 2.3.1_5:




Everything went without a problem 🙂


So, finally I’m running the latest version of pfSense…

Voyage Linux on a ALIX 2D13 with USB HD

My normal desktop PC was always on – doing some tasks in the background – but the noisy fan was annoying me. And because I had a spare ALIX 2D13 lying around that was doing nothing but gathering dust, I was wondering if I could switch some tasks from my normal PC to this ALIX 2D13 and only switch my normal PC on when needed.

A CompactFlash (CF) card is used as storage/boot device on the ALIX 2D13, but for the things I had in mind, more storage is needed. For this reason I’ve connected a little USB HD to the USB port of the ALIX 2D13.


On the software side, I’ve installed voyage linux on the CF card. Voyage Linux is a Debian derived distribution, which is nice because I know how to configure Debian GNU/Linux.

On the USB HD, I’ve created some partitions. Then I’ve added the following to /etc/fstab of the ALIX 2D13:

/dev/sdb1       none            swap    	sw              		0       0
/dev/sdb2	/root		btrfs           defaults,compress,noatime       0       1
/dev/sdb3	/var		btrfs           defaults,compress,noatime       0       2
/dev/sdb4	/home           btrfs   	defaults,compress,noatime       0       3

After setting up certain things like SSH access, fetchmail, postfix, … , I have now a minimal little computer that can do some tasks in the background like fetching and sorting my email and downloading podcasts and so on.

My normal PC is now off most of the time, which is not only good for my ears, but also for my electricity bill 🙂

Upgrade pfsense 2.1.5 to 2.2.2

My firewall is a ALIX2D13 with pfsense. And, shame on me, I was still running pfsense 2.1.5. I don’t have to work today, so, time to upgrade.

Before starting the upgrade process, I opened the case of my ALIX2D13 and removed the CF-card.


Then, I’ve put the CF card in a USB card reader to make a backup with ‘dd’. Just to be safe, in case the upgrade process fails, I can easily switch back to the old version.


After the backup was ready, I’ve started the upgrade process, which worked without any problems. Finally my firewall is back up to date 🙂


PIC18f1320 and DS18B20 temperature sensor

Due to personal reasons, it has been a long time since I’ve done something with electronics. Time to start again and have some fun 🙂

Like you can see on the picture below, I’m experimenting with a pic18f1320, a DS18B20 temperature sensor (1-wire connection) and HD44780 display on a breadboard.


Because of the 1-wire connection the electronic schematic is not very complex.


I’ve written the pic-program in assembly (gputils/gpasm):

; ---------------------------------------------------------------------------
; µC = PIC18F1320 
; ---------------------------------------------------------------------------
	LIST P=18F1320
	#include <p18f1320.inc>

; ---------------------------------------------------------------------------
; Configuration
; ---------------------------------------------------------------------------
    	CONFIG OSC 	= INTIO2	; Internal RC, OSC1 as RA7, OSC2 as RA6
	CONFIG WDT 	= OFF		; Watchdog Timer
	CONFIG BOR 	= OFF		; Brown-Out Reset
	CONFIG LVP 	= OFF		; Low Voltage ICSP
	CONFIG DEBUG 	= OFF		; Background Debugger Enable

; ---------------------------------------------------------------------------
; Define LCD pins
; ---------------------------------------------------------------------------
	#DEFINE RS 	PORTA, 4    	; RS line of LCD
        #DEFINE E  	PORTA, 6    	; E line of LCD
	#DEFINE D5 	PORTA, 1        ; D4-D7 of LCD

; ---------------------------------------------------------------------------
; DEFINE DS18B20 pin
; ---------------------------------------------------------------------------

; ---------------------------------------------------------------------------
; MACRO's DS18B20
; ---------------
; 	See <http://www.maximintegrated.com/en/app-notes/index.mvp/id/2420>
; ---------------------------------------------------------------------------
OW_HIZ: MACRO  	; Force the DQ line into a high impedance state.
         	BSF    TRISB, DQ        ; Make DQ pin High Z

OW_LO:  MACRO  	; Force the DQ line to a logic low.
         	BCF    PORTB, DQ        ; Clear the DQ bit
         	BCF    TRISB, DQ        ; Make DQ pin an output

         	; Delay for TIME µs.
         	; Variable time must be in multiples of 5µs.
         	MOVLW  (TIME/5) - 1      ; 1µs to process
         	MOVWF  TMP0              ; 1µs to process
         	CALL   WAIT5U            ; 2µs to process

; ---------------------------------------------------------------------------
; MACRO wait ms
; ---------------------------------------------------------------------------
		; Delay for TIME ms
		movlw  TIME
		call   Wachtms

; ---------------------------------------------------------------------------
; ---------------------------------------------------------------------------
EStrobe MACRO                  		; Strobe the "E" Bit
         	bsf    E
         	bcf    E

PRINT   MACRO  	var          		; load TBLPTR with string address
         	movlw  upper(var)   	; for LCD display
         	movwf  TBLPTRU
         	movlw  high(var)
         	movwf  TBLPTRH
         	movlw  low(var)
         	movwf  TBLPTRL
         	call   printstr

; ---------------------------------------------------------------------------
; Variables
; ---------------------------------------------------------------------------
	cblock	0x00
		; conv numbers --> char
		; temp.display
		; DS18B20

; ---------------------------------------------------------------------------
; ---------------------------------------------------------------------------
	movlw 	B'01100000'		; FREQ = 4Mhz
    	movwf 	OSCCON

	CLRF 	PORTA			; Initialize PORTA by clearing output
	CLRF 	PORTB 			; Initialize PORTB by clearing output
					; data latches
	MOVLW 	0x7F 			; Set RB's & RA's as
	MOVWF 	ADCON1 			; digital I/O pins

	movwf 	TRISA			; PORTA = OUTPUT
        movwf 	TRISB                   ; PORTB = OUTPUT

	WAITms	10			; Wait a few ms

	call	initlcd			; setup LCD display

        call 	cls			; clear LCD display
        movlw 	H'80'			; goto line 1
        call 	SendINS
	PRINT 	jan			; PRINT jan
        BTFSS   PDBYTE,0
        BRA     RETRY			; Retry when there is no pulse of DS18B20
        MOVLW   H'CC'			; DS18B20 : Skip ROM
        CALL    DSTXBYTE
        MOVLW   H'44'			; DS18B20 : Convert Temp
        CALL    DSTXBYTE

	WAIT 	D'800'			; Wait 800 µs 

        BTFSS   PDBYTE,0
        BRA     RETRY			; Retry when there is no pulse of DS18B20
        MOVLW   H'CC'			; DS18B20 : Skip ROM
        CALL    DSTXBYTE
        MOVLW   H'BE'			; DS18B20 : Read ScratchPad
        CALL    DSTXBYTE

        movlw 	H'94'			; goto line 3
        call 	SendINS

        CALL 	DSRXBYTE		; Read LTEMP (in IOBYTE)
        movff 	IOBYTE, MEM		; MEM = LTEMP

        ; IOBYTE = HTEMP					       ;
   	; MEM    = LTEMP					       ;
	; BTW, we assume that we never meassure negative temperatures  ;
	clrf 	fraction           	; fraction = 0
        bcf 	STATUS, C           	; clear carry flag
        rrcf 	MEM, f
        rrcf 	fraction, f
        rrcf 	MEM, f
        rrcf 	fraction, f         	; MEM = MEM/16 , fraction
        rrcf 	MEM, f
        rrcf 	fraction, f
        rrcf 	MEM, f
        rrcf 	fraction, f
        swapf 	fraction, f
        swapf 	IOBYTE, w         	; W = IOBYTE * 16
        iorwf 	MEM, w            	; W = HTEMP+LTEMP
        call 	DispDec			; PRINT XX
	movlw   "."
        call    SendCHAR		; PRINT .

	; Calculate .X                                                 ;
	; ------------                                                 ;
	; 	See DS18B20.gnumeric 				       ;
	clrw				; XX.0
	btfsc   fraction, 3		; If bit 3 = 1 then
	ADDLW	D'5'			; W = W + 5
	btfsc	fraction, 2		; If bit 2 = 1 then
	ADDLW	D'3'			; W = W + 3
	btfsc	fraction, 1		; If bit 1 = 1 then
	ADDLW	D'1'			; W = W + 1
	btfss 	fraction, 0		; If bit 0 = 1 
	bra	ready			; and bit 2 <> 1 then
	btfss	fraction, 2 		; W = W + 1
	call 	SendASCII		; PRINT after .

	call 	Wacht1s

	goto 	lus

; ---------------------------------------------------------------------------
; LCD subroutine init/cls
; ---------------------------------------------------------------------------
	WAITms	D'40'
        bcf    	RS         		; send an 8 bit instruction
        movlw  	0x03             	; Reset Command
        call   	NybbleOut       	; Send the Nybble
        WAITms	D'5'            	; Wait 5 msecs before Sending Again
        WAIT	D'160'			; Wait 160 usecs before Sending 2nd Time
        WAIT	D'160'          	; Wait 160 usecs before Sending 3rd Time
        bcf    	RS               	; send an 8 bit instruction
        movlw  	0x02             	; Set 4 Bit Mode
        call   	NybbleOut
        WAIT	D'160'
        movlw  	0x028            	; 4 bit, 2 Line, 5x7 font
        call   	SendINS
        movlw  	0x010            	; display shift off
        call   	SendINS
        movlw  	0x006            	; increment cursor
        call   	SendINS
        movlw  	0x00C            	; display on cursor off
        call   	SendINS
        movlw  	0x001            	; Clear the Display RAM
        call   	SendINS
        WAITms	D'5'            	; Note, Can take up to 4.1 msecs

; ---------------------------------------------------------------------------
; LCD subroutine print string
; ---------------------------------------------------------------------------
	movf   	TABLAT, w       	; get characters 
        btfsc  	STATUS, Z       	; if character = 0 then ...
        return				;                       ... exit
	call	SendCHAR      		; display character 
        tblrd*+				; TABLAT = next character
        bra    	printstr		; repeat

; ---------------------------------------------------------------------------
;                  Change binary nbr in bin to BCD                     
; ---------------------------------------------------------------------------
binary_to_bcd:                  	; by Scott Dattalo
         clrf 	hundreds
         swapf 	bin, W
         addwf 	bin, W
         andlw 	B'00001111'
         addlw 	0x16
         addlw 	0x06
         addlw 	0x06
         addlw 	-0x06
         btfsc 	bin,4
         addlw 	0x16 - 1 + 0x6
         addlw 	-0x06
         btfsc 	bin,5
         addlw 	0x30
         btfsc 	bin, 6
         addlw 	0x60
         btfsc 	bin,7
         addlw 	0x20
         addlw 	0x60
         rlcf 	hundreds, f
         btfss 	hundreds, 0
         addlw 	-0x60
         movwf 	tens_and_ones
         btfsc 	bin,7
         incf 	hundreds, f

; ---------------------------------------------------------------------------
;                Display binary value in W in decimal  
; ---------------------------------------------------------------------------
         movwf 	bin
         call 	binary_to_bcd
         ; movf hundreds, W      	; Hondertallen zijn niet nodig 
         ; call SendASCII
         swapf 	tens_and_ones, W
         andlw 	H'F'
         call 	SendASCII
         movf 	tens_and_ones, W
         andlw 	H'F'
         call 	SendASCII

; ---------------------------------------------------------------------------
;              Send the character in W out to the LCD                  
; ---------------------------------------------------------------------------
         addlw '0'              	; Send nbr as ASCII character
SendCHAR                        	; Send the Character to the LCD
         movwf  Temp            	; Save the Temporary Value
         swapf  Temp, w         	; Send the High Nybble
         bsf    RS              	; RS = 1
         call   NybbleOut
         movf   Temp, w         	; Send the Low Nybble
         bsf    RS
         call   NybbleOut

;              Send an instruction in W out to the LCD                 
SendINS                        		; Send the Instruction to the LCD
        movwf  Temp            		; Save the Temporary Value
        swapf  Temp, w         		; Send the High Nybble
        bcf    RS              		; RS = 0
        call   NybbleOut
        movf   Temp, w         		; Send the Low Nybble
        bcf    RS
        call   NybbleOut

;              Send the nibble in W out to the LCD                     
NybbleOut                       	; Send a Nybble to the LCD
        movwf   dummy           	; dummy = W
        bcf     D7        		; D7....D4 = dummy[3:0] 
        bcf     D6
        bcf     D5
        bcf     D4
        btfsc   dummy, 3
        bsf     D7
        btfsc   dummy, 2
        bsf     D6
        btfsc   dummy, 1
        bsf     D5
        btfsc   dummy, 0
        bsf     D4
	EStrobe                		; Strobe out the LCD Data
        WAIT	D'160'       		; delay for 160 usec

; Delay routines                                                       
	WAITms	D'250'
	WAITms	D'250'
	WAITms	D'250'
	WAITms	D'250'

        movwf   delay
	WAIT 	D'1000'			; WAIT 1000µs = 1ms
        decfsz  delay, F
        goto    w2

; ---------------------------------------------------------------------------
; Subroutines DS18B20
;	see <http://www.maximintegrated.com/en/app-notes/index.mvp/id/2420>
; ---------------------------------------------------------------------------
        ;This takes 5µs to complete
        NOP                             ; 1µs to process
        NOP                             ; 1µs to process
        DECFSZ 	TMP0,F          	; 1µs if not zero or 2µs if zero
        GOTO 	WAIT5U                  ; 2µs to process
        RETLW 0                         ; 2µs to process

        OW_HIZ                          ; Start with the line high
        CLRF    PDBYTE                  ; Clear the PD byte
        WAIT    .500                    ; Drive Low for 500µs
        WAIT    .70                     ; Release line and wait 70µs for PD Pulse
        BTFSS   PORTB,DQ                ; Read for a PD Pulse
        INCF    PDBYTE,F                ; Set PDBYTE to 1 if get a PD Pulse
        WAIT    .430                    ; Wait 430µs after PD Pulse
        RETLW   0

DSTXBYTE:                               ; Byte to send starts in W
        MOVWF	IOBYTE           	; We send it from IOBYTE
        MOVLW   .8
        MOVWF   COUNT            	; Set COUNT equal to 8 to count the bits
        NOP                             ; Drive the line low for 3µs
        BTFSC   STATUS,C                ; Check the LSB of IOBYTE for 1 or 0
        BSF     TRISB,DQ                ; HiZ the line  if LSB is 1
        WAIT    .60                     ; Continue driving line for 60µs
        OW_HIZ                          ; Release the line for pullup
        NOP                             ; Recovery time of 2µs
        DECFSZ  COUNT,F                 ; Decrement the bit counter
        GOTO    DSTXLP
        RETLW   0

DSRXBYTE:                               ; Byte read is stored in IOBYTE
        MOVLW   .8
        MOVWF   COUNT                   ; Set COUNT equal to 8 to count the bits
        NOP                            	; Bring DQ low for 6µs
        NOP                             ; Change to HiZ and Wait 4µs
        MOVF	PORTB,W                 ; Read DQ
        ANDLW   1<<DQ                   ; Mask off the DQ bit
        ADDLW   .255                    ; C = 1 if DQ = 1: C = 0 if DQ = 0
        RRCF    IOBYTE,F                ; Shift C into IOBYTE
        WAIT    .50                     ; Wait 50µs to end of time slot
        DECFSZ  COUNT,F                 ; Decrement the bit counter
        GOTO    DSRXLP
        RETLW   0

; ---------------------------------------------------------------------------
; Strings used in the program
; ---------------------------------------------------------------------------
jan	 db " - Jan Wagemakers - ",0

; ---------------------------------------------------------------------------
; ---------------------------------------------------------------------------

OpenVPN pfSense <-> android

I was looking for a way to setup a VPN between my android-device and my home network which is connected to the internet by pfSense (on a ALIX2D13).

Because I have not enough knowledge to setup it by myself, I was googling for information and found a very good written step by step article at https://www.highlnk.com/2013/12/configuring-openvpn-on-pfsense/.

The only problem was that on the client side this article doesn’t talk about android. Luckily the setup on android is not that difficult with the OpenVPN Client Export Utility. Just select Android.


On the android-device it’s just a matter of installing OpenVPN for android and importing the configuration file by selecting the file symbol.


After that, it just works™ 🙂



Mails lost in Cyberspace

A few days ago I noticed that mails send to my sister and brother got lost in cyberspace 🙁

I didn’t get a notice that these mails weren’t delivered. In my log’s everything looks just fine. But the mails never arrived at the computers of my sister and brother. Although, sending mail to my other brother or my own @gmail-address works just fine. Strange ???

The common factor is that my sister and brother are using the same ISP (belgacom @skynet.be). So, it seems that belgacom was blocking my mails for some reason.

After trying several things, I’ve found a solution to send mails @skynet.be without a problem.

To write e-mail I make use of mutt as my E-Mail Client. Mutt delivers the mail to the postfix mail server. Postfix delivers the mail to the mailserver of my ISP. Of course my internet connection is protected with a firewall.


When I look at the headers of e-mails send to myself, I see this:

Received: from amd64 (unknown [])
        by csmtp5.one.com (Postfix) with ESMTPA id 01AFD40133F70;
        Thu,  9 May 2013 15:00:25 +0000 (UTC)
Received: from amd64 ([UNAVAILABLE]. [])
        by (trex/4.8.64);
        Thu, 09 May 2013 14:59:10 GMT
Received: by amd64 (Postfix, from userid 1000)
        id B50091436E; Thu,  9 May 2013 17:00:25 +0200 (CEST)

The line Received: by amd64 (Postfix, from userid 1000) is added by postfix running at my local PC (amd64) to show that it has received an email of userid 1000.

So, I was thinking, what if I remove that line? Maybe belgacom doesn’t like the fact that I’m running a mailserver at my local machine?

This is what I have done:

  • In /etc/postfix/mail.cf I have uncomment this line header_checks = regexp:/etc/postfix/header_checks.
  • Created the file /etc/postfix/header_checks with the content /^Received: by amd64 .*from userid [0-9]+\)/ IGNORE

With this, the line Received: by amd64 (Postfix, from userid 1000) is removed from the headers:

Received: from amd64 (unknown [])
	by csmtp7.one.com (Postfix) with ESMTPA id 9CFA8C0006042;
	Fri, 10 May 2013 15:15:09 +0000 (UTC)
Received: from amd64 ([UNAVAILABLE]. [])
	by (trex/4.8.64);
	Fri, 10 May 2013 15:13:50 GMT

After these changes, I was able to send e-mail to my sister and brother again 🙂

Coïncidence? Or is Belgacom really blocking mails because of that one line?

Raspberry Pi -> Fonera relay control

So, now that I have a Raspberry Pi and a hacked fonera with 4 relays, it’s time to let the Raspberry Pi control the relays of the fonera. This can be done by logging in to the Fonera with ssh and giving some commands.

Of course, having to type these commands everytime you want to switch a relay on or off is cumbersome and useless for automatisation.

Luckily there is an interesting tool available Expect (apt-get install expect).

With expect, I’ve created a small script named gpio.sh that I can use to remotely control the relays of my hacked fonera.

#!/usr/bin/expect -f

set ip
set user	root
set passwd 	averysecretpasswd

set gpio	""
set relay  	[lindex $argv 0]
set onoff 	[lindex $argv 1]

# Translate relay to gpio
# -----------------------

if { "$relay" == "1" } {
	set gpio 3

if { "$relay" == "2" } {
        set gpio 4

if { "$relay" == "3" } {
        set gpio 1

if { "$relay" == "4" } {
        set gpio 7

# Default is switch relay off
# ---------------------------

if { "$onoff" == "" } {
	set onoff 0

# Check if port is valid, if not -> error
# ---------------------------------------

if { "$gpio" == "" } {
        puts "Usage : gpio.sh relay \[1\]\n"

# Put some info on the screen
# ---------------------------

puts "Send $onoff to relay/gpio $relay/$gpio\n"

# Check if $ip is alive, if not -> error

spawn ping -c 1 -W 1 $ip
expect -re "100%"	{
	puts "No connection to $ip"

# ----

set timeout 10
spawn ssh $user@$ip
expect -re "password" 	{send "$passwd\r"}
expect -re "#"		{send "echo 1 > /proc/gpio/$gpio\_dir\r"}
expect -re "#"		{send "echo $onoff > /proc/gpio/$gpio\_out\r"}
expect -re "#"		{send "exit\r"}
close $spawn_id

To switch relay 1 on, I just type ./gpio.sh 1 1.
To switch it off, I type ./gpio.sh 1 0.
Expect does all the magic like entering the password and ”typing” the right commands.

Fonera relay control

In my previous post I’ve described how to access the serial port of a Fonera 2100 by using a Raspberry Pi with minicom. Being able to access the serial port makes it very easy to flash DD-WRT on the Fonera because according to these instructions we can skip to Step 6.

Following these instructions I’ve flashed my Fonera with DD-WRT v24 (05/20/08) std – build 9517M.

Then, I have put my DD-WRT-Fonera in Client Bridge mode following these instructions. I’ve also enabled SSH, so I can login over the network.

The interesting part is that the fonera has some free GPIO pins, that can be controlled by software. For example:

set GPIO3 to output : echo 1 > /proc/gpio/3_dir
GPIO3 = on (3.3V)   : echo 1 > /proc/gpio/3_out
GPIO3 = off         : echo 0 > /proc/gpio/3_out  

set GPIO4 to output : echo 1 > /proc/gpio/4_dir
GPIO3 = on (3.3V)   : echo 1 > /proc/gpio/4_out
GPIO3 = off         : echo 0 > /proc/gpio/4_out  

set GPIO1 to output : echo 1 > /proc/gpio/1_dir
GPIO3 = on (3.3V)   : echo 1 > /proc/gpio/1_out
GPIO3 = off         : echo 0 > /proc/gpio/1_out  

set GPIO7 to output : echo 1 > /proc/gpio/7_dir
GPIO3 = on (3.3V)   : echo 1 > /proc/gpio/7_out
GPIO3 = off         : echo 0 > /proc/gpio/7_out

To finish this story, I’ve ordered a 4-Channel Relay board at dx.com and connected it to the Fonera.

Although the voltage output of the Fonera GPIO’s is 3.3V this works very well.

Use a Raspberry Pi to hack la Fonera 2100

Now that I have a great pfSense box with Wi-Fi, I don’t need my Fonera 2100 anymore. So, why not try to do something interesting with it? 😉

At http://www.dd-wrt.com/wiki/index.php/LaFonera_Hardware_Serial-Cable-Port you can read how to access the serial console on the Fonera.

The serial port of the fonera uses 3.3V instead of the normal RS-232 voltage levels. Because of that, you need some level converters to connect the Fonera to a normal serial port.

But, the Raspberry Pi also has a serial port which operates at 3.3V. This means that you can connect the serial port of a Raspberry Pi and la Fonera without the need of a level shifter.



With a serial communication program like minicom it is now possible to access the Fonera.

starting minicom -b 9600 -D /dev/ttyAMA0

minicom : fonera booting

Start a program at boot up

I have no keyboard and display connected to my Raspberry Pi (running Raspbian), but log in to it over the network by using ssh.

Now, I wanted to automatically start a program when the Raspberry Pi boots up, but also be able to see the console output of that program when needed.

To accomplish that, I’ve done the following:

  • sudo apt-get install mingetty
  • sudo apt-get install screen
  • Edit /etc/inittab, and changed the part with getty’s to autologin on tty3 with mingetty as user pi
# /sbin/getty invocations for the runlevels.
# The "id" field MUST be the same as the last
# characters of the device (after "tty").
# Format:
#  :::
# Note that on most Debian systems tty7 is used by the X Window System,
# so if you want to add more getty's go ahead but skip tty7 if you run X.
1:2345:respawn:/sbin/getty --noclear 38400 tty1 
2:23:respawn:/sbin/getty 38400 tty2
#3:23:respawn:/sbin/getty 38400 tty3
#4:23:respawn:/sbin/getty 38400 tty4
#5:23:respawn:/sbin/getty 38400 tty5
#6:23:respawn:/sbin/getty 38400 tty6
T:23:respawn:/sbin/mingetty --autologin=pi tty3
  • Add the following to /home/pi/.profile, to autostart a program when user pi login on tty3
if [ -z "$DISPLAY" ] && [ $(tty) == /dev/tty3 ]; then
	screen -d -m /home/pi/tstat

So, when the Raspberry Pi boots, user pi will automatically log in and run the program tstat. Because tstat is started with screen, I can log in with ssh and run screen -R to see the output of tstat and press ctrl-a d to exit screen, but leave tstat running.

login and typing screen -R

output of tstat

After pressing ctrl-a d