Tips for getting cheap used x86-based firewall with full Gbit NAT (a PC Engines APU) if you are in the US

If you buy an item that is using "ebay global shipping program" you pay customs and fees at the time of buying https://www.ebay.com/help/buying/postage-delivery/changing-delivery-address-method/international-purchases-postage?id=4057
and it's actually pretty decent and "honest".

For example, this item https://www.ebay.it/itm/224543872231?hash=item3447db94e7:g:uvMAAOSwGsRg-a1N is 30$ plus 30$ international shipping plus 19,46$ import fees with the Global Shipping Program

That's how I managed to import multiple boxes with dozens of Simplewans from the US without getting absolutely raped by customs.

At ~75-80 EUR they sadly lose quite a bit of the appeal, compared to rev 3 sophos sg/ xg devices selling for around 100 EUR with local shipping.

I've never ever used it, and it sounds pretty expensive to me, but if the shipping doesn't double with
the no of items bought, I can see it becomes tempting with an increasing number of units.

Also not really interested in buying that many whatever of the same kind, the local market's to small, it would be hard to (re)sell them.
I'm happy if the one I keep for myself is free, not really trying to make a buck.

I think the five sw301da I bought in US, ended up at ~30€/piece including shipping, VAT, tax etc, to .se.

yes I agree. It's just an example to show an item that is using global shipping program.
If I didn't do that for shipping to italy I would get 30 euro of "administrative fees" which is more or less a fixed cost, plus a VAT calculated on some strange and unknown item value (commonly item+shipping cost).

it's obviously calculated per total price so it increases if you buy multiple items. As said above this is just an example of item offering GSP, not a good item to buy

If the item didn't suck, paying only 20$ of import fees for a 30$ item isn't bad at all for Italy since as said above it's not just VAT but also "administrative fee" that is high for no reason and also the risk of getting some creative customs officer that decides the "real price" of the item is 3 times the price I actually paid so I nearly end up paying more in VAT/import fees than the item.

Also the fact that it's not going through customs at all so it's not held by customs for no reason. As another example, I only recently received a PiKVM board/case I bought as part of a kickstarter, that was shipped in december from Hong Kong and was held in customs for like 1 month and a half for no discernible reason

I had the same experience with a couple of gifts sent outside of EU. They were waiting in the customs for more than a month. Then they sent me the form to fill in, so that post office will handle the customs clearance, and after another week they arrived at home without extra charges. So I guess it was the Christmas season high workload along with the new rules that all packages from outside EU must pass customs.

I currently really have no need or purpose for yet another X86-based device (as you know ). But, oh boy, the Velocloud 520 integrating a presumably quite capable passive Atom CPU, AC wireless and an 8-port switch does sound mighty tempting.

... for $50 that is. For more than twice that price after shipping, import fees and taxes decidedly less so. I guess that's what we have to live with. US getting dirt cheap capable X86 devices, Japan getting dirt cheap capable funky consumer routers and access points, and us in the EU getting cheap-ish decommissioned "professional" firewall appliances, with pretty much no cross-pollenation.

just bought two of those 500-N, fingers X:ed

@takimata
this https://jp.mercari.com/item/m36302766611 is supported by OpenWRT ?
WTF price is lower than 17€

Someone has the hardware specs of a Velocloud 520-AC ?

So I have a VeloCloud Edge 540-AC and a 500-N now. Following are what I have discovered one the
Edge 540-AC more to follow later. I will be creating a WikiDevi entry sometime this week.

Relevant sections of bootlog:

Using coreboot

Sage_coreboot-4.0-VELOCLOUD-EDGE-01.00.00.05 Fri Apr 27 14:21:51 PDT 2018 starting...
Mainboard: Mohon Peak Version 2.0
Build: SageBios_Mohon_Peak - 292
Detected C0 stepping SOC

CPU info

Initializing CPU #0
CPU: vendor Intel device 406d8
CPU: family 06, model 4d, stepping 08
Enabling cache
CPU: Intel(R) Atom(TM) CPU  C2558  @ 2.40GHz.

Kernel booting

Booting the kernel.
[    0.000000] Initializing cgroup subsys cpuset
[    0.000000] Initializing cgroup subsys cpu
[    0.000000] Linux version 3.14.79 (ubuntu@ip-10-81-127-108) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r43222) ) #1 SMP Sat Feb 9 10:13:00 UTC 2019
[    0.000000] Command line: BOOT_IMAGE=/vmlinuz root=PARTUUID=2E18F5AA-72F9-428D-B240-A4E243F57A31 rootfstype=ext4 rootwait earlyprintk=serial,ttyS1,115200 panic_timeout=5 console=ttyS1,115200n8 noinitrd vcimg=1 crashkernel=2G-:128M

Networking probe

[    5.578189] Distributed Switch Architecture driver version 0.1
[    5.584741] eth0[0]: detected a Marvell m88e6176 switch
[    5.650064] libphy: dsa slave smi: probed
[    5.686057] igb 0000:00:14.0: added PHC on eth0
[    5.691138] igb 0000:00:14.0: Intel(R) Gigabit Ethernet Network Connection
[    5.698921] igb 0000:00:14.0: eth0: PBA No: 002100-000
[    5.704680] igb 0000:00:14.0: Using MSI-X interrupts. 4 rx queue(s), 4 tx queue(s)
[    5.814264] igb 0000:00:14.1: found custom link: 0x3558
[    5.859314] libphy: mdio-dsa: probed
[    5.863470] eth1[0]: detected a Marvell m88e6176 switch
[    5.928759] libphy: dsa slave smi: probed
[    5.966906] igb 0000:00:14.1: added PHC on eth1
[    5.971992] igb 0000:00:14.1: Intel(R) Gigabit Ethernet Network Connection
[    5.979773] igb 0000:00:14.1: eth1: PBA No: 002100-000
[    5.985525] igb 0000:00:14.1: Using MSI-X interrupts. 4 rx queue(s), 4 tx que
[    6.095016] igb 0000:00:14.2: found custom link: 0x3558
[    6.452283] igb 0000:00:14.2: added PHC on eth2
[    6.457369] igb 0000:00:14.2: Intel(R) Gigabit Ethernet Network Connection
[    6.465159] igb 0000:00:14.2: eth2: PBA No: 002100-000
[    6.470916] igb 0000:00:14.2: Using MSI-X interrupts. 4 rx queue(s), 4 tx queue(s)
[    6.480685] igb 0000:00:14.3: found custom link: 0x3558
[    6.838624] igb 0000:00:14.3: added PHC on eth3
[    6.843712] igb 0000:00:14.3: Intel(R) Gigabit Ethernet Network Connection
[    6.851501] igb 0000:00:14.3: eth3: PBA No: 002100-000
[    6.857271] igb 0000:00:14.3: Using MSI-X interrupts. 4 rx queue(s), 4 tx queue(s)
[    7.209803] igb 0000:04:00.0: added PHC on eth4
[    7.214898] igb 0000:04:00.0: Intel(R) Gigabit Ethernet Network Connection
[    7.222615] igb 0000:04:00.0: eth4: (PCIe:5.0Gb/s:Width x1) f0:8e:db:0e:11:3e
[    7.230701] igb 0000:04:00.0: eth4: PBA No: 106300-000
[    7.236466] igb 0000:04:00.0: Using MSI-X interrupts. 4 rx queue(s), 4 tx queue(s)
[    7.589170] igb 0000:04:00.1: added PHC on eth5
[    7.594264] igb 0000:04:00.1: Intel(R) Gigabit Ethernet Network Connection
[    7.601982] igb 0000:04:00.1: eth5: (PCIe:5.0Gb/s:Width x1) f0:8e:db:0e:11:3f
[    7.610068] igb 0000:04:00.1: eth5: PBA No: 106300-000
[    7.615832] igb 0000:04:00.1: Using MSI-X interrupts. 4 rx queue(s), 4 tx queue(s)

This looks like OpenWrt

[    8.759370] user: clean, 120/280000 files, 156341/1115904 blocks
Press the [f] key and hit [enter] to enter failsafe mode
Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
mounting /dev/ro[   11.815647] EXT4-fs (sda4): re-mounted. Opts: (null)
ot

I received a USB tester, but if I connect an external drive through the tester, it is connected via USB 2.0, so it is impossible to measure power properly.

More data on VeloCloud EDGE 540-AC at WikiDevi.

Thanks for posting.

When you dissect the 500-N, could you (if you've got a pair of calipers), measure the
barrel of the DC plug ?

The ones I bought come without power supply, and I need to get those locally.
12v 3.5A, center +, but the plug size is hard to see from photos, and there aren't
many of those around

It looks like 5.5mm x 2.5mm (outer x inner diameter), but one can never be sure.

About the Atom C2000 series, someone reported me that intel has admitted that there was a bug with this processor that could prevent the system from starting.

yeah, it's a know issue with them, often fixable though.

https://www.dvhardware.net/article66454.html
a new stepping was made after that...i don't know if C0 stepping is mentionned in the sticker

So basicaly how do you install a new OS on this velocloud device ?

What @takimata said, even though I actually had issues with getting an USB flash drive to boot
on my Roqos RC10. Ended up removing the drive, and dd:ing the image to it, on another computer.

I wonder if that's anything like the issue the Sophos SG1x5s have with booting from USB. You need to go into the BIOS and set Advanced > USB Configuration > Port 60/64 Emulation to "Disabled". Only found this out from the pfSense forums. But yes, pulling the drive and writing from another device works, if it's a standard SATA device. Obviously if it's mSATA or m.2 you'll need a suitable adapter or mobo slot.

See VeloCloud_EDGE_500-N for details. Mine didn't come with a power supply either. I used one I had for a Sophos XG 115 successfully.

Mine was purchased AS IS untested and the onboard SATA NAND is not recognized so it booted into EFI Shell. I was able to boot EFI X86 OpenWrt from USB, but couldn't figure out how to get network access. There is a mini-USB serial port accessible after removing the cover. The EDGE 540-AC case actually has a popout in the case to allow access to serial, the 500-N does not.

what's the barrel size of the XG115 charger then