VirtualBox (host mode) was quite recently ported to FreeBSD, some bits are still missing particular network support. So I spent the last couple of days hacking on it and how have a working implementation that supports bridged adapters.

Update 10 Sep: The patches have been committed upstreams.
Update 9 Sep: working vboxnetadp and patchset sent upstreams.
Update: Re-written to use netgraph, now works on FreeBSD 7 and 8

Patches can be found at

http://www.shapeshifter.se/pub/patches/virtualbox/vbox-freebsd-netif-20090908.patch
http://www.shapeshifter.se/pub/patches/virtualbox/vbox-freebsd-vboxnetadp-20090908.patch
http://www.shapeshifter.se/pub/patches/virtualbox/vbox-freebsd-vboxnetflt-20090908.patch
http://www.shapeshifter.se/pub/patches/virtualbox/Config.kmk-20090908.patch
http://www.shapeshifter.se/pub/patches/virtualbox/src-VBox-HostDrivers-Makefile.kmk-20090908.patch

Additional patches to test with the 3.0.51.r22226 version in FreeBSD ports.

http://www.shapeshifter.se/pub/patches/virtualbox/Config.kmk-r22226-20090908.patch
http://www.shapeshifter.se/pub/patches/virtualbox/virtualbox-port-20090907.patch
http://www.shapeshifter.se/pub/patches/virtualbox/ConsoleImpl2.cpp.patch

Re-install VirtualBox through ports using the following commands

Apply/compile with
cd /usr/ports/emulators/virtualbox
make clean patch
mkdir work/virtualbox-3.0.51r22226/src/VBox/HostDrivers/VBoxNetFlt/freebsd
mkdir work/virtualbox-3.0.51r22226/src/VBox/HostDrivers/VBoxNetAdp/freebsd
patch < virtualbox-port-20090907.patch
patch -d work/virtualbox-3.0.51r22226/Config.kmk-r22226-20090908.patch
patch -d work/virtualbox-3.0.51r22226/ConsoleImpl2.cpp.patch
patch -d work/virtualbox-3.0.51r22226/src-VBox-HostDrivers-Makefile.kmk-20090908.patch
patch -d work/virtualbox-3.0.51r22226/vbox-freebsd-netif-20090908.patch
patch -d work/virtualbox-3.0.51r22226/vbox-freebsd-vboxnetadp-20090908.patch
patch -d work/virtualbox-3.0.51r22226/vbox-freebsd-vboxnetflt-20090908.patch
make install

In VirtualBox network settings, under "Bridged Adapter" you should now see your available network interfaces. Select the one connected to your network and boot your virtual machine. It should now be connected to your local network as any other machine.

Host only adapter mode can be used to create a virtual network with multiple guests, it creates a special vboxnetX adapter on the host. You'll have to do normal routing between this interface to get outside connectivity.

In addition to vboxdrv.ko you'll have to load vboxnetflt.ko and vboxnetadp.ko too.

kldload /boot/modules/vboxnetflt.ko
kldload /boot/modules/vboxnetadp.ko

A bit late, but here is the first beta of the Option HSDPA driver for FreeBSD 8. It’s more or less completely rewritten and there are some visible changes to the interface.

Because ucom(4) has matured it can now be utilized instead of mucking around directly with the TTY layer. This results in that the device names in /dev has changed and are now longer called /dev/HSO*, instead they follow the standard ucom names of cuaU*.

The new USB stack attach USB devices per USB interface instead of per USB device, so it’s possible to get both a cuaU0 and cuaU1 device (instead of just cuaU0.0 and cuaU0.1). The number of found serial ports can be read through sysctl.

The packet interface is now exposed as a raw interface instead of emulating an Ethernet device (I seriously wonder why I did that…).

The driver switches automatically from install-cd mode to modem mode, there is no longer any need for manual switching through devd. Please remove the option-icon.conf file from your /usr/local/etc/devd directory.
This can be disabled by setting hw.usb.uhso.auto_switch to 0

And last, I’ve renamed the driver to uhso to reflect its USB nature.

Download: uhso-20091122.tar.gz – Add support for iCON 505, fix probing of devices with dynamic number of interfaces, add new custom attach messages based on the port type.

Download: uhsoctl-beta-20090820.tar.gz – uhsoctl connection utility, similar to old hsoctl

Download: uhso-beta-20090812.tar.gz – Minor bug fix and reworked sysctl nodes.

Download: uhso-beta-20090723.tar.gz – No longer PTP interface (completely useless), fixed (hopefully) CDC notification on modem port, added several new device IDs. Thanks to Iain Hibbert for this!

Download: uhso-beta-20090722.tar.gz – Bug fixes that should improve RX speed.

Download: uhso-beta-20090720.tar.gz

If you own an Option device, please leave a comment (or send a mail) with its full name and USB device ID.

I’m particularly interested in the following devices iCON 031, iCON 210, iCON 315, iCON 322, iCON 401, iCON 431, iCON 451, iCON 452, iCON 505.

If you’re running FreeBSD 8 and own an Option device, please mail me the output of

usbconfig -u X -a Y dump_device_desc
usbconfig -u X -a Y dump_all_config_desc

where X and Y (5 and 2 below) can be obtained through usbconfig

# usbconfig
...
ugen5.2: <Globetrotter HSDPA Modem Option N.V.> at usbus5, cfg=0 md=HOST spd=FULL (12Mbps) pwr=ON

This driver has been tested with a Globesurfer iCON 7.2, iCON 255, iCON 505

Quick setup for manual connection
uhsoctl works as before!

Look up the serial ports

# sysctl dev.uhso
dev.uhso.0.netif: uhso0
dev.uhso.0.type: Network/Serial
dev.uhso.0.ports: 2
dev.uhso.0.port.control.tty: cuaU0.0
dev.uhso.0.port.control.desc: Control
dev.uhso.0.port.application.tty: cuaU0.1
dev.uhso.0.port.application.desc: Application
...
dev.uhso.1.type: Serial
dev.uhso.1.ports: 1
dev.uhso.1.port.diagnostic.tty: cuaU1
dev.uhso.1.port.diagnostic.desc: Diagnostic

Open /dev/cuaU0.0 in a terminal application, for example minicom. Issue the following commands to establish a connection.

AT+CPIN="1234" # Your PIN
OK

AT_OWANCALL=1,1,1
OK

AT_OWANDATA=1
_OWANDATA: 1, 95.209.79.126, 0.0.0.0, 80.251.201.177, 80.251.201.178, 0.0.0.0, 0.0.0.0, 72000

If you haven’t configured a PDP context with your providers APN, please see the hso page.

Configure the interface and set a default route

# ifconfig uhso0 95.209.79.126
# route add default -interface uhso0

Getting FreeBSD to connect to a Windows VPN using PPTP (who designed that protocol anyway?) is not the most pleasant experience, but at least it’s doable.

The most competent console tool for this in FreeBSD is probably Mpd5. It’s quite easy to work with but you’ll need to get all the details right otherwise it just won’t work.

The following mpd.conf configuration file worked for me and allowed me to successfully connect to a Windows VPN. One of the keys were to disable EAP, this particular VPN server just plain refused to work with it enabled

default:
    load vpn
vpn:
    create bundle static B1
    # Create a default route (use a net/mask to create specific routes)
    set iface route default
    # Script to execute on connect (custom routes etc)
    # set iface up-script /usr/local/etc/route-up.sh
    # Accept any IP-address
    set ipcp ranges 0.0.0.0/0 0.0.0.0/0
    # Microsoft Point-to-Point Compression, only enable if you have a really fast machine
    # set bundle enable compression
    set ccp yes mppc
    set mppc yes e40
    set mppc yes e56
    set mppc yes e128
    create link static L1 pptp
    set link action bundle B1
    # Replace with you credentials or use the mpd.secret file
    set auth authname USERNAME
    set auth password SECRET
    set link max-redial 0
    set link mtu 1460
    set link keep-alive 20 75
    # Hostname/IP of the VPN server
    set pptp peer vpn.example.com
    set pptp disable windowing
    set link no eap

Save it to a file, say mpd.conf in /usr/local/etc/mpd.conf and simply run mpd5 mpd.conf and with some luck you’ll be connected the the VPN.

The order of the statements are important. As they only apply to the current selected link (create link) or bundle (create bundle). Keep this in mind when editing.

Windows logon name

If you’re connecting to a Windows network you’ll probably need to use “DOMAIN\\username” as the authname (with the quotes and double backslash).

Firewall and NAT issues

The PPTP protocol is far from ideal. If you’re behind NAT chances are you won’t be able to do multiple PPTP connections to the same VPN server from within your LAN.

You’ll also need to allow the GRE protocol through, with Free/OpenBSD pf (packet filter) the following line is enough (you still won’t be able to do simultaneous connections to the same server though)

pass out on $ext_if proto gre from ($ext_if) to any keep state

Replace $ext_if with your external network interface.

New release of hso(4), FreeBSD driver for Option iCON branded 3G/HSDPA devices.

Changes to hso(4)

• Support for the new TTY layer, driver now works with 7.0 upto todays 8.0-CURRENT.
• Device IDs for Option GlobeTrotter HSUPA and Option GMT382 added.
• Minor performance and stability issues have been addressed.

Changes to hsoctl(1)

• hsoctl now forks into background upon a successful connection, the old behvaior can be obtained with -n flag. Disconnection is possible by executing hsoctl -d hso0.  While running in background, important information is logged to syslog.  Complete daemonization is also possible with the -b flag.
• Use of AT+CGREG in addition to AT+CREG to detect network registration (for service plans where voice calls are disabled).
• resolv.conf handling have been improved, only nameserver entries are changed, other content is left intact. A bug that sometimes caused garbled data to be prepended to resolv.conf have also been addressed.  The resolv.conf path can be altered with the -r flag, disable resolv.conf with -r /dev/null.
• hsoctl does now gracefully terminate upon unexpected device removal.
• Default route installation have been improved.

The code can be obtained from the hso page, the update should hit the ports tree soon (comms/hso-kmod).

Speed test from a rural location. Values are in bits/s, so that’s almost 300 kB/s downstream and around 40 kB/s upstream. Hopefully downstream is slightly better from a more urban location.

hso(4) speedtest

I recently had to replace the system disk in a FreeBSD machine (SMART self-tests failed, better be safe than sorry), this is my recipe for an “online” replacement. I did this in multi-user mode with all services shut down.

Read the rest of this entry »