pfSense 2.4.3 on a Zotac CI327 Nano: How To

binHEX

Like an idiot, I bought a piece of hardware before researching here to see if worked ok. lol
So, after many hours researching here, and quite a few time performing impact tests of my wall with my forehead, I was finally able to get pfSense installed and passing traffic.
I probably ended up duplicating effort needlessly, as I am just not very familiar with FreeBSD, and have never needed to modify my pfSense installation media before this. But I will record what I did. Worst case, you might end up doing some extra typing. :)

Hardware: Zotax ZBox CI327 Nano, 2GB RAM, SATA HDD

Here's a step-by-step of how I was able to get it running.

1. Flash BIOS to most recent version: 2K180116
2. Revert BIOS to defaults (labeled as Optimized Defaults)
3. Change these BIOS settings:

     Features > CPU Configuration:
          Active Processor Cores = Disabled
          Intel Virt Tech = Disabled
          VT-d = Disabled
     Features > CPU Configuration > CPU Power Management Configuration:
          C-States = Disabled
     Features > USB Configuration:
          XHCI Hand-off = Disabled
     Power:
          Enable ACPI Auto Configuration = Disabled
          Enable Hibernation = Disabled
          ACPI Sleep State = Suspend Disabled
          Deep Sleep S5 support = Disabled
     Boot:
          Boot Mode = Legacy

4. Save settings and reboot
5. Download the pfSense 2.4.3 memstick image
6. Write the memstick image to your USB flash drive
7. Put the following settings into the file /boot/loader.conf

kern.cam.boot_delay=10000
hint.hpet.0.clock=0
hw.sdhci.enable_msi=0
hint.sdhci_pci.0.disabled=1
hint.sdhci_pci.1.disabled=1
debug.acpi.disabled="hostres"
kern.geom.raid.enable="0"
if_re_load="YES"

8. Download the latest Realtek driver for the NICs.0_1531670258067_if_re.ko.zip
9. Extract the file it_re.ko from the downloaded zip file, and place it into /boot/kernel/
10. Create the file /usr/local/etc/rc.d/SDfix.sh
11. Put the following line into the file:

usbconfig -u 0 -a 3 power_off

12. Boot into the installation media and install pfSense using whatever settings you choose
13. After installation, reboot.
14. Once the boot menu pops up, hit 3 to enter the shell
15. Enter the command:

set hint.hpet.0.clock=0

16. Then go back into the menu and hit 1 to boot into multi-user mode
17. pfSense should boot up completely, although with some weird errors
18. Hit 8 to enter the shell
19. Plug in the USB flash drive and mount the main partition

Use this command to find the proper device and partition

gpart show da*

(On my system, it was da1p3)
and then, I created a mountpoint /mtn/usbtemp
use this command to mount the partition

mount -t ufs /dev/da1p3 /mnt/usbtemp

20. Once mounted, copy the files that you created previously, to your new pfSense system

cp /mnt/usbtemp/boot/kernel/if_re.ko /boot/kernel/
cp /mnt/usbtemp/usr/local/etc/rc.d/SDfix.sh /usr/local/rc.d/
chmod 555 /usr/local/rc.d/SDfix.sh
chmod 555 /boot/kernel/if_re.ko

21. Add the lines from step #7 into the existing /boot/loader.conf file, taking care not to duplicate lines.
22. Exit the shell
23. Shutdown the device
24. Remove the USB flash drive.
    The device should boot properly now and pass traffic.

I still need to perform throughput tests, and will pass my results when complete.
I hope this helps someone else out there avoid some migraines!

*EDIT: corrected the Realtek driver file name from io_re.ko to if_re.ko

stephenw10

You should put custom loader settings in /boot/loader.conf.local otherwise they may be overwritten.

You can probably run that usbconfig command using a shellcmd rather than a script. That too might be overwritten.
https://www.netgate.com/docs/pfsense/development/executing-commands-at-boot-time.html#shellcmd-option

You might be able to do that with a USB quirk.

Steve

binHEX

@stephenw10
Thanks! yeah, I tried that. I put all of those settings into the /boot/loader.conf.local file... and the system froze at the HPET point of booting up. To prevent that, you have to use the hint.hpet.0.clock=0 setting. But it was already IN the proper file. So I put it into the /boot/loader.conf file and BLAMMO! It works.

I understand that it isn't what the docs tell you to do, but... it is the only way that worked for me. Believe me, I spent hours going over the docs, trying to find out what I was doing wrong. But, it wasn't until i configured things exactly the way that I posted that the router started booting up properly.

Go figure.

Mine is not to question why, mine is but to figure out a way to make the bugger run. :)

Jon8RFC

Excellent guide, thanks! I'm gathering all sources I can in the event I ever need to wipe my router, and I didn't make but one note the first time around.

Sorry to necro the thread, but would you mind uploading (to wherever is a reliable, long-term storage location) the 2K180116 BIOS if you still have it?

The latest is something I bet many home users, myself included, won't care to have:
Version 2K180426

• Updated Intel CPU microcode patch for "Spectre" issue

binHEX

@jon8rfc
Sure.
Here is a link to the 2K180116 BIOS file on Google Drive, if you don't want the one from the Zotac website with the Spectre fix.
pb325CI327_v2K180116.zip

NOTE: I guarantee nothing about this file, other than it will take up space when you download it. As with everything on the web, ALWAYS scan the file before doing anything with it.

Jon8RFC

Great, thank you!