Zotac C1327 not a good choice for 2.4

  • Just a warning for those who may be considering a Zotac C1327 for running pfSense:

    I was able to run 2.3 on my Zotac C1327 without issues, but when I tried the stable version of 2.4.0 throughput dropped significantly and RTT times went way up. It was really bad on my VPN: speed dropped to 20% of normal and RTT times were about 3x.

    When 2.4.1 came out I decided to try again, but this time it hung during boot. I tried both updating 2.3.5 in place and installing a clean copy from a USB stick. They both hung at the same step in the boot sequence.

    So I tried the latest version of OPNsense. It booted OK, and throughput on the WAN was close to nominal, but throughput on the VPN was terrible.

    I finally gave in and bought a Protectli E3845 Vault with Intel NICs. Huge difference. Both OPNsense and pfSense 2.4.1 work great on this box – throughput is as good or better than 2.3 on the Zotac.

    I suspect the main problem is the Realtek driver supplied with newer versions of FreeBSD, with errors causing the low throughput. It's possible that updating the RealTek driver would solve the problem, but I'm not going to spend time trying that. Also, the significantly worse VPN throughput might be an indication of some sort of crypto or BIOS incompatibility.

    Bottom line, I wouldn't buy a Zotac box for pfSense. A few extra dollars for the Protectli are well worth it.

  • Install realtek v1.94 driver to solve that particular problem. For more info check this thread: https://forum.pfsense.org/index.php?topic=140150.0
    TheNarc is the fellow who compiled the driver and made the binaries available for download. Get it, unzip it. You'll end up with a if_re.ko file. Check its SHA to ensure that there is no corruption in the file.

    Start your Zotac. Once it's up and running upload the driver file if_re.ko in the directory "/boot/kernel/".
    You may use WinSCP or any remote file management software.

    Then add the line if_re_load="YES" to the file "/boot/loader.conf.local".
    Reboot pfsense. When it's up, start a console shell ( #8 ) and check with the command "kldstat" which should show if_re.ko as loaded.

    Obviously here you have to trust TheNarc's compilation as much as you trust the obscure software engineer's coding ability who wrote the source code to begin with.

    Regarding your negative assertion: Zotac CI327 has 2 gigabit ethernet RTL8111 circuits, which has been around for quite a few years.
    It is rock solid and it is one of the most OEM'd gigabit ethernet chip on the planet. You are going to find it in high end as well as mid-range products, including under the hood of your car's on-board computer. Its derivatives are practically in every gigabit switch under proprietary markings and licensed to every big name router company out there.

    Contrary to some "opinions" in the pfsense and FreeBSD forums Realtek's hardware has always been at par and sometimes even superior to the competition in many areas. The fact that their BSD drivers lag behind in quality is as much BSD's shortcoming as Realtek's. This is also true for Intel. Any and all Intel components including their ethernet chips are buggier on BSD than other operating systems. The root issue is not the hardware but the finger pointing about who is responsible about the low level device drivers. But this is something well outside of the scope of pfsense and this forum.
    My point in mentioning it to you is that there is no need to call for the fire engines on Zotac!

    You probably have other problems with Zotac's CI327, like the timer interrupts, the SD card reader because BSD do not support (properly) those components. Run a search for Zotac CI327 and you will find info about how to fix them. Then you will be happy with your CI327.

  • Realtek NICs are shit. Also, Protectli is just a rebranded MiniSys computer with 100 bucks slapped on top of the price.

  • We tried 2.4.3 on Zotac CI327 and found no problems once pFsense was running. In order to boot we had to disable "Monitor M-Wait" in BIOS.
    The only "problem" we are left with is this: the Zotac CI327 will refuse to boot WITHOUT a display attached! The Zotac website is sadly devoid of any useful docuementation regarding this, and we're sure there must be a BIOS setting to "continue boot on error" (or similar). Does anyone know?

  • Sounds like the same problem some shuttle PCs have :(

  • I'm seeing similar performance issues to what peppersass describes on my CI327. I'm currently running 2.4.2, but I saw similar on 2.4.0, 2.4.1 & 2.4.2. I tried running it both from an upgrade and a fresh install using the saved config I was running under 2.3.4.

    internetservices - it sounds like you're running a nightly development release of pfSense. Did you happen to check your performance before upgrading from 2.4.x to 2.4.3? Was that your reason for upgrading? Just wondering if I should try upgrading or just falling back to see if I can get back to where I was. One of the things I was hoping to see with the upgrade was better OpenVPN performance, but I'll be happy to get back to where I was when running 2.3.x.

    Thanks very much in advance.

  • Maybe at some point the firmware for the C1327 gets updated and this problem will go away.

  • Before throwing out that C1327 try…


    CHECK Disable hardware checksum offload
    CHECK Disable hardware TCP segmentation offload
    CHECK Disable hardware large receive offload

Log in to reply