I've been using FreeBSD jails for a while, and was looking for a simple way to create jail filesystems.   After some reading, I came up with this simple script which creates full FreeBSD filesystems.   The filesystem can then be used via jail.conf.

#!/bin/bash
JAILNAME=$1
echo "kjail "$1
JAIL_HOME=/tank/kjail/
FTP=http://ftp.freebsd.org/pub/FreeBSD/releases/amd64/11.1-RELEASE/
# 
# get packages
#
if [ ! -f $JAIL_HOME/packages/doc.txz ]; then
        wget $FTP/doc.txz -O $JAIL_HOME/packages/doc.txz
        wget $FTP/base.txz -O $JAIL_HOME/packages/base.txz
        wget $FTP/kernel.txz -O $JAIL_HOME/packages/kernel.txz
        wget $FTP/lib32.txz -O $JAIL_HOME/packages/lib32.txz
fi
#
# make jail
#
mkdir -p $JAIL_HOME/$JAILNAME
tar zxvf $JAIL_HOME/packages/doc.txz -C $JAIL_HOME/$JAILNAME
tar zxvf $JAIL_HOME/packages/base.txz -C $JAIL_HOME/$JAILNAME
tar zxvf $JAIL_HOME/packages/kernel.txz -C $JAIL_HOME/$JAILNAME
tar zxvf $JAIL_HOME/packages/lib32.txz -C $JAIL_HOME/$JAILNAME

I've been trying forever to get a mobile IPSec connection up between my OS X laptop and pfsense.   Finally, thanks to this outstanding blog post, it works.  I'm especially excited that it works with the default OS X and Android VPN clients.

My pfsense config closely mirrors the one specified by Mike Murray

pfsense

Phase 1

Key Exchange version: Auto
Internet Protocol: V4
Interface: <my ISP>

Authentication Method: Mutual PSK + Xauth
Negotiation Mode: Aggressive
My identifier: My IP Address
Peer identifier Distinguished Name: <my vpn name>
Pre-Shared Key: <my key>

Encryption Algorithm: AES 256
Hash Algorithm: SHA1
DH Group: 2
Lifetime (Seconds): 28800

Disable rekey: unchecked
Responder Only: checked
NAT Traversal: Forced
Dead Peer Detection: checked
Delay: 10
Max failures: 5

Phase 2

Mode Tunnel: IPv4
Local Network Network: 0.0.0.0/0
NAT/BINAT translation: None

Protocol: ESP
Encryption Algorithms: AES Auto
Hash Algorithms: SHA1
PFS key: group off
Lifetime: 3600

Mobile Cilents

IKE Extensions: checked
User Authentication: Local Database
Group Authentication: system

Virtual Address Pool: checked.  192.168.76.0 / 27

Virtual IPv6 Address Pool: unchecked
Network List: unchecked
Save Xauth Password checked
DNS Default Domain: checked  khubla.local

Split DNS unchecked
DNS Servers checked
192.168.75.1
8.8.8.8.

WINS Servers: unchecked
Phase2 PFS Group: unchecked
Login Banner unchecked

OS X

Add VPN and choose VPN Type "Cisco IPSEC".  Use the Group Name specified in Phase 1 "Peer identifier Distinguished Name"

Android

Add VPN and choose "IPSec VPN with pre-shared keys and XAuth authentication".     Use the IPSEC Identifier specified in Phase 1 "Peer identifier Distinguished Name"

I have a number of disks in my FreeBSD box which exist only as backups of data.  I prefer that they not be mounted all the time, but instead mounted on use.  They are 2x internal SATA disks and an external USB3 disk.   This blog post explains how they are set up to auto-mount.

Firstly, my /etc/fstab entry for these disks looks like this:

/dev/ada5p1     /mnt/backup1    ufs     rw,noauto,noexec,nosuid,late            0       0
/dev/ada6p1     /mnt/backup2    ufs     rw,noauto,noexec,nosuid,late            0       0
/dev/da0p1      /mnt/usb1       ufs     rw,noauto,noexec,nosuid,late            0       0

All three disks are ufs, and noauto.

Next, my /etc/amd.conf

[ global ]
restart_mounts =   yes
unmount_on_exit=  yes

and my amd.map

# $FreeBSD: releng/10.3/etc/amd.map 164015 2006-11-06 01:42:11Z obrien $
#
*               opts:=rw,grpid,resvport,vers=3,proto=tcp,nosuid,nodev
localhost            type:=auto;fs:=${map};pref:=${key}/
localhost/backup1      type:=program;fs:=/mnt/backup1;\
                        mount:="/sbin/mount mount /mnt/backup1";\
                        unmount:="/sbin/umount umount /mnt/backup1"
localhost/backup2      type:=program;fs:=/mnt/backup2;\
                        mount:="/sbin/mount mount /mnt/backup2";\
                        unmount:="/sbin/umount umount /mnt/backup2"
localhost/usb1      type:=program;fs:=/mnt/usb1;\
                        mount:="/sbin/mount mount /mnt/usb1";\
                        unmount:="/sbin/umount umount /mnt/usb1"

In /etc/rc.conf, we need to start amd, and the portmapper:

portmap_enable="YES"
portmap_flags="-h 127.0.0.1"
amd_enable="YES"
amd_flags="-a /.amd_mnt -l /var/log/amd /host /etc/amd.map"

Some printers, like the one I have (HP 8600 Pro), have "Print-to-Folder" capability.   Unfortunately, I have no Windows server, only a FreeBSD box to print to.  I can mount folders from the FreeBSD box on my MacBook.. if I can get files to scan there.   So, to do that, I need a Samba on my FreeBSD box.  To install SMB on FreeBSD:

pkg install samba36

Then, I need a smb.conf in /usr/local/etc, that exports a folder, like this:

[global]

workgroup = khubla.local
server string = Samba Server
security = user

hosts allow = 192.168.77.
max log size = 50

passdb backend = smbpasswd

domain master = yes

; wins support = yes

[public]
 comment = Public
 path = /tank/home/public/public/
 public = yes
 writable = yes
 printable = no

So, this will expose a SMB share at smb://bernice/public.  Next I need a user account.  Firstly, a FreeBSD account:

pw useradd -n hpprinter -s /bin/csh -m
passwd hpprinter

Then the samba account

smbpasswd -a hpprinter

Finally, start samba

service samba onestart

 I can now configure the share in the printer.  The UNC path is:

\\bernice.khubla.local\public

I've updated the u-boot bootloader for Crochet-FreeBSD Wandboard to 2014-10, from 2014-07.  The updated image is here, and the boot log is here.

This build is for FreeBSD-11, Alpha 2.

Binary image, and bootlog.