Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Package realtek-re-kmod198 for pfSense 2.8.0 (amd64)

    Scheduled Pinned Locked Moved Hardware
    40 Posts 7 Posters 10.6k Views 9 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • zeroepochZ Offline
      zeroepoch @SpunkThing
      last edited by

      Hi @SpunkThing,

      Thanks for sharing your story. It helps relieve some of my past frustration knowing I'm not the only one who experienced this issue and a bit of joy that maybe I can help out a fellow user.

      The issues you were having with the WAN connection going down after a few minutes (sometimes within a few seconds) is the EXACT same experience I was having. From what I found online and from my own experiments you can disable IPv6 on all interfaces and that works okay (or maybe as a workaround to recover), but I wanted to keep IPv6 enabled. I believe there is some bug in IPv6 receive checksum offloading causing the problem. With ifconfig I was able to disable transmit checksum offloading for IPv6, but none of the others (TX/RX IPv4 also remained on). Since I couldn't get these turned off I figured my only solution was to go back to the older working driver. Or, stay on pfSense 2.7.2 which also wasn't great as a solution and further motivated me. 1.98.00 was quite solid on pfSense 2.7.2 so figured it should be as solid on 2.8.0. I can say it's been about 24 hours now and it seems as solid as before. Getting 2100+ mbps as expected from Comcast during a speed test, 130 MB/s recently on Steam, and iperf3 shows 2.3 gbps send and receive with up to 4 parallel connections (2.3 is combined between them). So the load issue doesn't appear to be a problem now, which wasn't and issue earlier after I switched to realtek-re-kmod originally.

      It’s a pre-compiled package ready to install, so just place it in the root directory or somewhere else on a pfSense machine and execute the install command, simple as that? After removing the previous driver, of course.

      Yep, at least for x86 64-bit (amd64) systems. Just remove the previous realtek driver, install this new package directly from your local filesystem and reboot. The /boot/loader.conf.local changes are needed for both drivers, so leave those in place.

      Almost seems to easy, but hey if it works for you it might just be what pfSense 2.8.0 needs right now. I’m a little scared of running a driver or similar bit of software that doesn’t come out of an official repo, but if that’s what it takes, then why not?

      I feel the exact same way taking a package by someone else that's not from an official source, which is why I wanted to share some of the build process I went through in case someone wants to try for themselves to be sure of the origin, or needs to do some debugging, or upgrade to the next pfSense version. I'll be honest that I'm not a FreeBSD expert and this VM was the first time I've run FreeBSD besides pfSense. I mostly relied on my reasonably extensive experience with Linux and some kernel development. I have another network driver bug on Linux related to WOL I'm going to be seeing if I can fix, which is an Aquantia NIC (sorry a bit of an aside, but giving a little background why I thought I might be able to figure this out over a night/weekend).

      In terms of compatibility I gave it the best chance I know of. Using the same ABI compatibility version (1500029) as the kernel pfSense 2.8.0 is running. Although it's not the exact same commit so I can't be 100% sure, more like 90% sure. I'm feeling more like 95% sure now since it's been about 24 hours and it's been stable.

      SpunkThingS 1 Reply Last reply Reply Quote 0
      • SpunkThingS Offline
        SpunkThing @zeroepoch
        last edited by

        Hi again @zeroepoch

        First of all thank you for your quick reply and additional clarification!

        Another funny thing is that you mentioned disabling IPv6 system-wide might help some. Haven't seen that suggestion anywhere else so far so of course I went ahead and disabled it.
        Up until about 2 hours ago it was enabled even though I'm not using IPv6, possibly something to do with too much log-spam when that checkbox was ticked.
        I had/have per-interface no-log IPv6 block rules to avoid flooding the logs.

        Maybe that's a backwards way of doing things and feel free to tell me if so. 😆

        Anyway, disabling IPv6 seemed like a sensible and harmless way to test if things improve so I fired up my BT client. It's been running for a little over two hours at the time of writing, meanwhile YouTube is playing continually and there's no obvious signs of anything going awry so far. Granted, I did tweak a few settings in my BT client such as maximum number of total and per-torrent connections and I haven't hit speeds over 200Mbps yet. I've seen my poor old scrap machine choke on less though, so you may just be on to something here! (I say that with a moderate amount of caution, hehe, don't want to jinx it already)

        As for the more technical details you mentioned, I'd love to get into that but my knowledge of networking is limited at best. But the more I read the more I learn, and that is never a bad thing!

        I did also read that the 1.98 was pretty solid on 2.7.2 so that's where my hunt started. Just couldn't find any pre-compiled packages and assumed there wouldn't be any until this crossed my path. And I have to say, I'm rather curious now.

        You also mentioned the latest driver (1100.00) performs poorly, what do you mean by that? Lower throughput, higher latency, packet loss?
        But it did "work" for you, right? For me it made the entire system unusable as the WAN interface just wouldn't stay up for more than a couple of minutes at a time.
        Possibly a driver-hardware mismatch? I assumed these Realtek drivers were a one fits all package but that's based on absolutely nothing.

        Besides that my knowledge of the inner workings of BSD is laughable at best and far, far worse than that of Linux. And I manage to regularly break things there even afters years of using it. 😊
        So it could have easily been an error on my part that caused the driver not to work at all.
        I did have several attempts at it and may have even tried to install the 1.97 or 1.98 driver by using links to older FreeBSD repos. Can't quite remember everything I've tried, but the end result after hours and hours of monkying around was a system that was unrecoverable by conventional means. 😂

        Ended up just biting the bullet, did a full reset and and used the configuration backup from just before this carnage started.

        Pretty impressive speeds btw! If that doesn't do one of those Realtek NICs in it'll probably work just fine.
        Out of curiosity - have you tried testing with something that creates a large number of states / simultaneous connections?
        I had a feeling / suspicion that this may contribute even more to interface flapping (forgive me if I’m using that terminology the wrong way…) and/or gateways downright flat-lining.

        And… Ha! Ha! Ha! Just as I was writing that last sentence YouTube stopped playing and a message on the forum popped up saying something like ‘it looks like you lost your connection’. ...I did indeed! 🤣

        Sure enough the same thing happened again. It did take a lot longer than what I was used to, but at the same time it happened while my BitTorrent client hadn’t been doing much of anything for some time by the time I was writing that. About 30-35 active connections with a total upload speed of less than 100Mbps. That's nothing, so I'm not sure what caused this gateway slapper.

        I had a quick peek in the logs, the States Summary page and checked states per interface.
        No idea if there’s any relation but the computer I’m currently using looked as if it was bombarding the firewall with DNS queries. A few other connected devices also showed more states than I’d expect to see considering they weren’t actively using the internet.

        Could just be a coincidence, perhaps the result of the gateway suddenly crashing instead of the cause, but it stood out.
        I’ll see if I can attach some screenshots I took just after it happened. Maybe you can see something I missed or just don’t understand. If you feel like it, of course. :-)

        In any case, the idea of trying your creation is starting to appeal to me more and more.
        I'm really curious to see if there's any improvement to be had for my system after reading about your own successful testing.

        One more thing, perhaps a little off-topic but hey... How do you use iperf to perform such tests? I was thinking about trying that as well to test throughput and stability but after reading the following I'm not sure how to go about it and if there's even any value in it when you're limited to your own home network.

        https://docs.netgate.com/pfsense/en/latest/packages/iperf.html

        Guess I may be having a closer look at that shiny new driver in a little while. Seems more interesting than sleep anyway. 🤫

        SpunkThingS 1 Reply Last reply Reply Quote 0
        • SpunkThingS Offline
          SpunkThing @SpunkThing
          last edited by

          @zeroepoch

          Added a few snippets. Maybe you or somebody else can make sense of what happened there.
          As you can tell from the screenshots, just after 4 AM things went pear-shaped.
          For me looking at logs like these feels a bit like trying to read an ancient Hindu manuscript or something. Chances are I'd understand more of the latter one, but maybe there's a clue in there for somebody with a better understanding of these things.

          GW_down2.jpg

          GW_down5.jpg

          GW_down4.jpg

          GW_down3.jpg

          GW_down1.jpg

          zeroepochZ 1 Reply Last reply Reply Quote 0
          • zeroepochZ Offline
            zeroepoch @SpunkThing
            last edited by

            @SpunkThing

            I didn't do extensive testing after disabling IPv6 since the end goal was to keep IPv6 on long-term, so looked for another solution. I did notice more packet loss than expected and it appeared (my perception) at least to stall the connection more often.

            I haven't tried anything with a high number of high bandwidth connections like a large torrent. Probably at some point with 1.98.00 on pfSense 2.7.2. We have 4 people in the house all watching movies and things at the same time, and a few dozen other servers, devices, etc. According to the states status page I currently have around 1500 open connections, which to be honest surprised me quite a bit.

            One more thing, perhaps a little off-topic but hey... How do you use iperf to perform such tests? I was thinking about trying that as well to test throughput and stability but after reading the following I'm not sure how to go about it and if there's even any value in it when you're limited to your own home network.

            I installed the iperf3 package directly on the router over SSH. Used pkg install iperf3. Then ran iperf3 -s (for the server) on the router and iperf3 -c router (for the client) on my Linux desktop (there are Windows binaries as well). You can append -P #, which I typically use 4 to get the max connection speed, but it could be much higher if you want. The nice thing about iperf being peer-to-peer on your local network is you can see what your links/connections are capable of handling.

            SpunkThingS 1 Reply Last reply Reply Quote 0
            • SpunkThingS Offline
              SpunkThing @zeroepoch
              last edited by

              @zeroepoch

              Yeah, that's understandable. If you're going to use IPv6 your time would be much better spent looking for a solution wherein it it doesn't need disabling to have a functioning internet connection. That'd just be silly, hehe.

              And around 1500 open connections without something like BitTorrent running is indeed quite something. I'm a bit surprised myself to be honest.
              That's more or less the number of connections I typically see when I have a few active torrents, and quite possibly the absolute maximum that my pfSense machine will handle in it's current state.
              The WAN interface has gone down plenty of times when dealing with smaller numbers, so maybe it's a combination of the total bandwidth used and the number of connections / states (not quite sure if they're the exact same thing, going to look that up now...)

              Thanks for the quick iperf tutorial by the way! After reading that small bit of text I linked before it seemed rather pointless to perform a test like that within the confines of my own home network.
              Perhaps I just didn't quite understand what it really said, or the person who wrote it didn't really know what he was talking about. Who knows.
              I will definitely have a go at it now. Now as in - some time today.
              And since it's a lazy day anyway, might as well try out that driver you managed to put together.

              Hope it works - but even if it doesn't I appreciate people taking the time to try and come up with solutions and sharing them.
              Maybe I can do my small part by being a pfTestDummy and report back my findings.
              The worst that could happen is another irreparable pfSense installation, and if that happens I will probably just take it apart and finally give it the little upgrade that I've been postponing for months.

              I'll keep you updated on how things work out. As best I can anyway.
              Could be a couple of hours, could take more than a day if things go as did last night... 🥴

              Have a great day! Or evening, night, afternoon... whichever. Have a good one! 😁

              zeroepochZ 1 Reply Last reply Reply Quote 0
              • zeroepochZ Offline
                zeroepoch @SpunkThing
                last edited by

                @SpunkThing

                My first attempt was loading the package from freshports. Finding the extract URL was a challenge since you can't browse the package files. That reported some missing symbol I believe. Don't exactly remember now what the error was. The second attempt I built the driver using the latest commit from the FreeBSD-src repo. That complained that version didn't match, which I mentioned I had to find a close commit with matching version to fix it. In both those failed cases rather than crash it just didn't load the model and hence those network interfaces were missing.

                1 Reply Last reply Reply Quote 0
                • stephenw10S Offline
                  stephenw10 Netgate Administrator
                  last edited by stephenw10

                  From the bug it looks like it should be sufficient to simply disable hardware checksum offloading. Are you saying setting that in the webgui does not disable it for the driver?

                  TSO/LRO are disabled by default but are separate from Checksum.

                  Edit: Hmm in 25.03 at least it does appear to fail to disable RXCSUM_IPV6....

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S Offline
                    stephenw10 Netgate Administrator
                    last edited by

                    I will say I've been running that driver on an APU in 25.03 without issue for months. That's using 1G NICs though so maybe something specific to RTL8125.

                    zeroepochZ 1 Reply Last reply Reply Quote 0
                    • zeroepochZ Offline
                      zeroepoch @stephenw10
                      last edited by zeroepoch

                      @stephenw10

                      Correct, it doesn't disable checksumming even when checked in the GUI. It's not a bug in the GUI because I can't even disable it manually using ifconfig. It must work somewhere, maybe FreeBSD 14, because that's what's recommended on the bug.

                      I think it's specific to the 2.5g NICs. I had an older box with 1g Realtek NICs and it didn't need this package to function. I just had it installed for improved stability. These 2.5g NICs don't show up at all until you install this package.

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S Offline
                        stephenw10 Netgate Administrator
                        last edited by

                        You see the same thing? Only RX checksum for IPv6 is still enabled?

                        [25.03-BETA][admin@apu.stevew.lan]/root: ifconfig -vvm re0
                        re0: flags=1008803<UP,BROADCAST,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
                        	options=202018<VLAN_MTU,VLAN_HWTAGGING,WOL_MAGIC,RXCSUM_IPV6>
                        	capabilities=403c1a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,TXCSUM_IPV6>
                        	ether 00:0d:b9:37:30:10
                        	inet6 fe80::20d:b9ff:fe37:3011%re0 prefixlen 64 tentative scopeid 0x1
                        	media: Ethernet autoselect
                        	status: no carrier
                        	supported media:
                        		media autoselect
                        		media 1000baseT mediaopt full-duplex
                        		media 100baseTX mediaopt full-duplex
                        		media 100baseTX
                        		media 10baseT/UTP mediaopt full-duplex
                        		media 10baseT/UTP
                        	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
                        	drivername: re0
                        

                        Looking again though that NIC only supports TX checksum.

                        zeroepochZ 1 Reply Last reply Reply Quote 0
                        • zeroepochZ Offline
                          zeroepoch @stephenw10
                          last edited by

                          Hi @stephenw10,

                          I don't remember exactly now and it's different with the older driver I'm currently running, so I can't look it up, but I believe only TXCSUM_IPV6 was removed. For sure TXCSUM and RXCSUM were still there on 1.100.00 after running ifconfig re0 -rxcsum -txcsum -rxcsum6 -txcsum6.

                          What I get now with disable checksum offloading checked on the 1.98.00 driver is:

                          [2.8.0-RELEASE][admin@router]/root: ifconfig re0
                          re0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
                          	description: LAN
                          	options=2018<VLAN_MTU,VLAN_HWTAGGING,WOL_MAGIC>
                          	ether xx:xx:xx:xx:xx:xx
                          	inet x.x.x.x netmask 0xffffff00 broadcast x.x.x.x
                          	inet6 x::x prefixlen 64 scopeid 0x1
                          	inet6 x::x prefixlen 64 scopeid 0x1
                          	inet6 x::x prefixlen 64
                          	media: Ethernet autoselect (2500Base-T <full-duplex>)
                          	status: active
                          	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
                          

                          In this case everything checksum related was disabled as expected. The 1.100.00 driver as you are seeing as well doesn't allow clearing all the flags. The behavior appears to vary I guess depending on the particular chipset?

                          SpunkThingS 1 Reply Last reply Reply Quote 0
                          • stephenw10S Offline
                            stephenw10 Netgate Administrator
                            last edited by

                            Yeah if you run ifconfig -vm re0 it should show you what the driver thinks the hardware is capable of too.

                            zeroepochZ 1 Reply Last reply Reply Quote 0
                            • SpunkThingS Offline
                              SpunkThing @zeroepoch
                              last edited by

                              @zeroepoch

                              Took me a while but I finally have an update.

                              Unfortunately it did exactly the same as the 1.100.00 driver.
                              And to make things even stranger, both these drivers left my pfSense installation inoperable even after uninstalling them.

                              I've not got the faintest idea what kind of voodoo witchcraft sorcery stuff is at work here.
                              The first time after installing your version of the 1.98 driver the WAN interface immediately came online after the system rebooted, so I thought bingo!
                              Less than 3 minutes later it collapsed just like before.

                              The only difference is that this time it was possible to bring it back online by disabling the interface in the GUI and then enabling it again. Not every time though.

                              I noticed that in the Gateways widget there sometimes was a downward facing red arrow next to the WAN interface. When this happened it could only be brought up again by first doing ifconfig re0 up via SSH and then the GUI steps.

                              So after fiddling around for a while I decided I had enough and removed the driver, rebooted and to my shock and horror the same strange thing occurred. The WAN interface was down after booting like with the 1.100.00 driver. It could be brought up either through the GUI or ifconfig + GUI, but like before it always went down within a matter of minutes.

                              I dug up some other, more recent unused computer parts including a different NIC. Still a Realtek based one, but who knows.
                              Now putting it together and I'll do a fresh install of pfSense 2.7.2 to see how that works out.

                              Attached a few screenshots again. Maybe, hopefully there is something useful to be seen in them.
                              If you'd like any other info about my latest adventure, feel free to ask.

                              GW_down6.jpg

                              GW_down7.jpg

                              GW_down8.jpg

                              GW_down9.jpg

                              zeroepochZ 1 Reply Last reply Reply Quote 0
                              • stephenw10S Offline
                                stephenw10 Netgate Administrator
                                last edited by

                                Are you sure it's actually loading either of those drivers and not just hitting a timeout on the in-kernel driver?

                                You should see the version reported in the boot log if a module is loaded correctly.

                                SpunkThingS 1 Reply Last reply Reply Quote 0
                                • zeroepochZ Offline
                                  zeroepoch @stephenw10
                                  last edited by

                                  @stephenw10

                                  Thanks for sharing that command! I was reading online 1.99+ added support for IPv6 checksum offloading, which explains why the suggestion to disable IPv6 (set to None) on those interfaces helps somewhat.

                                  For 1.98.00 I get:

                                  capabilities=381b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,WOL_UCAST,WOL_MCAST,WOL_MAGIC>
                                  
                                  1 Reply Last reply Reply Quote 1
                                  • zeroepochZ Offline
                                    zeroepoch @SpunkThing
                                    last edited by

                                    @SpunkThing

                                    If I'm reading your output correctly (based on kern.ipc.nmbjumbo9?) you enabled jumbo frames? If not there is an additional setting you can add to /boot/loader.conf.local to fix a possible hang (if not using jumbo frames). I did the following on my system.

                                    By default, the size of allocated mbufs is enough
                                    to receive the largest Ethernet frame supported
                                    by the card.  If your memory is highly fragmented,
                                    trying to allocate contiguous pages (more than
                                    4096 bytes) may result in driver hangs.
                                    For this reason the value is tunable at boot time,
                                    e.g. if you don't need Jumbo frames you can lower
                                    the memory requirements and avoid this issue with:
                                    
                                    hw.re.max_rx_mbuf_sz="2048"
                                    

                                    My /boot/loader.conf.local looks like:

                                    if_re_load="YES"
                                    if_re_name="/boot/modules/if_re.ko"
                                    hw.re.max_rx_mbuf_sz="2048"
                                    

                                    As @stephenw10 suggested you should check dmesg to see what version was loaded.

                                    # dmesg | grep "re[0-9]: version:"
                                    ...
                                    re0: version:1.98.00
                                    re1: version:1.98.00
                                    
                                    SpunkThingS 1 Reply Last reply Reply Quote 0
                                    • SpunkThingS Offline
                                      SpunkThing @stephenw10
                                      last edited by

                                      Hi @stephenw10

                                      Seems to be the case. This screenshot was taken after installing the driver we're discussing here.

                                      Another indication, if I saw that correctly, is that there is no corresponding module in the /boot/modules directory. That's placed there only when installing an alternative driver such as this one if my observations were correct.

                                      Can't verify now as I'm in the process of installing pfSense on a 'new' system.

                                      GW_down10.jpg

                                      zeroepochZ 1 Reply Last reply Reply Quote 1
                                      • SpunkThingS Offline
                                        SpunkThing @zeroepoch
                                        last edited by

                                        @zeroepoch

                                        That's not something I would deliberately enable. At least not that I remember.
                                        Actually I think that's one of those things I used to turn off on network adapters in Windows in the old days because it caused trouble.

                                        But on the other hand I am the type that messes around with settings often while not completely understanding them. So don't rule it out completely.

                                        Anyway, as I said I'm currently working on a fresh installation of 2.7.2 and that version has always worked nicely for me, except for that one problem with the WAN going down under "heavy" loads. Suppose I'll be looking out for better NIC's if it happens again. 😅

                                        I'll restore a recent-ish configuration backup and leave it at that for the time being.

                                        I'll keep following this though if you decide to dive further into it.
                                        Very curious why both drivers were acting up on my system while they work fine for you.
                                        Could be anything, my messing in settings not being the least likely of causes... Hehehe

                                        1 Reply Last reply Reply Quote 0
                                        • zeroepochZ Offline
                                          zeroepoch @SpunkThing
                                          last edited by

                                          @SpunkThing

                                          That's right. There is no /boot/modules/if_re.ko without either of these packages being installed. It wouldn't print this message if you didn't have the driver I provided loaded, so indeed you're using the same driver as me.

                                          1 Reply Last reply Reply Quote 0
                                          • zeroepochZ Offline
                                            zeroepoch
                                            last edited by

                                            @stephenw10 any chance we can get realtek-re-kmod198 to be part of the official pfSense repo? FreeBSD made the decision to package these two versions separately because both 1.98 and 1.100 both have different bugs but each work best for different NICs.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.