A while back I found a Kerio NG300 network appliance on the 'Free Stuff' shelf at my local maker space. It appears that someone was doing a hardware refresh as various other network appliances, firewalls, and servers appeared there over several weeks. I grabbed the NG300 as I was looking to move on from the simple Linux NAT gateway I was running in a VM at home. It appeared perfect for the job as it had 4 Ethernet ports, a console port, and two USB ports on the front. The power supply was helpfully provided as well. I hoped that it wouldn't be too difficult to make it suit my needs. Originally these retailed for ~$1100 CAD.
Looking inside
Getting it home and getting the covers off revealed what looked like a custom x86 motherboard. Present was 4GB of SDRAM in a SODIMM socket and a 30GB SATA SSD. A miniPICe connector was populated but empty, presumably for the WiFi version. There were several unpopulated connectors for more Ethernet ports, an extra COM port and a CompactFlash socket. While adding the connectors for the COM port and CompactFlash might work, the additional Ethernet ports were also missing magnetics and other components and it would be unlikely they would function if added. Overall it was looking like I'd be able to use the NG300 as a quite nice home router.
Getting access
What was not present, either internally or externally, was a monitor connector. There had to be some way to access the BIOS in the board and configure it. After digging through the manual I found that the BIOS was accessible via the console port at 115200. The Linux console was also accessible at 9600. That just left the question of what was the pin-out of the console port? The manual was not helpful in this case and while some searching revealed several console pin-outs, none were for the Kerio. Whipping out the multimeter and probing about revealed that pins 4 & 5 of the console port were grounded. This resembled a Cisco console port, which should be wired as shown in the following table:
| 8P8C Plug | Signal | DB9F Socket |
|---|---|---|
| 1 | CTS | 8 |
| 2 | DSR | 6 |
| 3 | RX | 2 |
| 4 | GND | 5 |
| 5 | GND | 5 |
| 6 | TX | 3 |
| 7 | DTR | 4 |
| 8 | RTS | 7 |
It was worth a shot to make up a cable and see. After popping out to my local electronics supplier for some parts and sacrificing a patch cable I (hopefully) had a suitable console cable. Alas, it didn't work, my memory of DB9 RS323 connectors is not what it once was. It's been a long time since I've made a serial cable. Wiring up the cable correctly and running picocom -b 115200 /dev/ttyS0 got me access to the BIOS, as well as GRUB.
Changing the baud rate to 9600 presented a Linux login prompt. Unfortunately, I didn't know the password. Changing the kernel boot parameters to include init=/bin/sh didn't dump to a shell as expected. Drastic measures were called for. After whipping the drive out and sticking it in a USB caddy, a quick mount, clear of the root password, and unmount solved the issue. Full system access had been obtained.
Kerio NG300 hardware details
Now it was possible to see what was really present in the NG300.
~ # cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 77
model name : Intel(R) Atom(TM) CPU C2558 @ 2.41GHz
stepping : 8
microcode : 0x121
cpu MHz : 2416.764
cache size : 1024 KB
physical id : 0
siblings : 4
core id : 0
cpu cores : 4
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 11
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx
fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl
xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr
pdcm sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes rdrand lahf_lm 3dnowprefetch arat epb
dtherm tpr_shadow vnmi flexpriority ept vpid tsc_adjust smep erms
bogomips : 4833.52
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:
Quad core Intel Atom C2558, 64-bit capable. Nice.
~ # uname -a
Linux control 3.16.0-k4-kerio-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u3~kerio4.1 (2019-07-30) x86_64 GNU/Linux
Kernel version's a bit old, but 64 bit.
~ # mii-tool -v
eth0: no link
product info: vendor 00:50:43, model 42 rev 2
basic mode: autonegotiation enabled
basic status: no link
capabilities: 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
eth1: no link
product info: vendor 00:50:43, model 42 rev 2
basic mode: autonegotiation enabled
basic status: no link
capabilities: 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
eth2: no link
product info: vendor 00:50:43, model 42 rev 2
basic mode: autonegotiation enabled
basic status: no link
capabilities: 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
eth3: no link
product info: vendor 00:50:43, model 42 rev 2
basic mode: autonegotiation enabled
basic status: no link
capabilities: 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
4 independent, gigabit capable Ethernet interfaces. Sweet!
This platform will work nicely for what I want to do with it and allow for other capabilities later on if required. For all intents and purposes it's a generic PC, which will make configuration easier. If it was ARM based there could be some issues in getting the bootloader and peripherals working without access to the original build environment or binary blobs.
Router features
I want my router to have the following features:
- IPv6 and IPv4 address management and routing.
- Decent firewall.
- Support for DMZ, VLANs, and Guest networks.
- Wifi Access Point.
- VPN endpoint for accessing home network.
I'd also like to integrate some of the features from Pi-hole, namely the advertising and tracking blocking.
The next article will cover the creation of a root filesystem and Linux kernel.