pfSense 2.4.3 on a Zotac CI327 Nano: How To
Like an idiot, I bought a piece of hardware before researching here to see if worked ok. lol
So, after many hours researching here, and quite a few time performing impact tests of my wall with my forehead, I was finally able to get pfSense installed and passing traffic.
I probably ended up duplicating effort needlessly, as I am just not very familiar with FreeBSD, and have never needed to modify my pfSense installation media before this. But I will record what I did. Worst case, you might end up doing some extra typing. :)
Hardware: Zotax ZBox CI327 Nano, 2GB RAM, SATA HDD
Here's a step-by-step of how I was able to get it running.
- Flash BIOS to most recent version: 2K180116
- Revert BIOS to defaults (labeled as Optimized Defaults)
- Change these BIOS settings:
Features > CPU Configuration: Active Processor Cores = Disabled Intel Virt Tech = Disabled VT-d = Disabled Features > CPU Configuration > CPU Power Management Configuration: C-States = Disabled Features > USB Configuration: XHCI Hand-off = Disabled Power: Enable ACPI Auto Configuration = Disabled Enable Hibernation = Disabled ACPI Sleep State = Suspend Disabled Deep Sleep S5 support = Disabled Boot: Boot Mode = Legacy
- Save settings and reboot
- Download the pfSense 2.4.3 memstick image
- Write the memstick image to your USB flash drive
- Put the following settings into the file /boot/loader.conf
kern.cam.boot_delay=10000 hint.hpet.0.clock=0 hw.sdhci.enable_msi=0 hint.sdhci_pci.0.disabled=1 hint.sdhci_pci.1.disabled=1 debug.acpi.disabled="hostres" kern.geom.raid.enable="0" if_re_load="YES"
- Download the latest Realtek driver for the NICs.0_1531670258067_if_re.ko.zip
- Extract the file it_re.ko from the downloaded zip file, and place it into /boot/kernel/
- Create the file /usr/local/etc/rc.d/SDfix.sh
- Put the following line into the file:
usbconfig -u 0 -a 3 power_off
- Boot into the installation media and install pfSense using whatever settings you choose
- After installation, reboot.
- Once the boot menu pops up, hit 3 to enter the shell
- Enter the command:
- Then go back into the menu and hit 1 to boot into multi-user mode
- pfSense should boot up completely, although with some weird errors
- Hit 8 to enter the shell
- Plug in the USB flash drive and mount the main partition
Use this command to find the proper device and partition
gpart show da*
(On my system, it was da1p3)
and then, I created a mountpoint /mtn/usbtemp
use this command to mount the partition
mount -t ufs /dev/da1p3 /mnt/usbtemp
- Once mounted, copy the files that you created previously, to your new pfSense system
cp /mnt/usbtemp/boot/kernel/if_re.ko /boot/kernel/ cp /mnt/usbtemp/usr/local/etc/rc.d/SDfix.sh /usr/local/rc.d/ chmod 555 /usr/local/rc.d/SDfix.sh chmod 555 /boot/kernel/if_re.ko
- Add the lines from step #7 into the existing /boot/loader.conf file, taking care not to duplicate lines.
- Exit the shell
- Shutdown the device
- Remove the USB flash drive.
The device should boot properly now and pass traffic.
I still need to perform throughput tests, and will pass my results when complete.
I hope this helps someone else out there avoid some migraines!
*EDIT: corrected the Realtek driver file name from io_re.ko to if_re.ko
You should put custom loader settings in /boot/loader.conf.local otherwise they may be overwritten.
You can probably run that usbconfig command using a shellcmd rather than a script. That too might be overwritten.
You might be able to do that with a USB quirk.
Thanks! yeah, I tried that. I put all of those settings into the /boot/loader.conf.local file... and the system froze at the HPET point of booting up. To prevent that, you have to use the hint.hpet.0.clock=0 setting. But it was already IN the proper file. So I put it into the /boot/loader.conf file and BLAMMO! It works.
I understand that it isn't what the docs tell you to do, but... it is the only way that worked for me. Believe me, I spent hours going over the docs, trying to find out what I was doing wrong. But, it wasn't until i configured things exactly the way that I posted that the router started booting up properly.
Mine is not to question why, mine is but to figure out a way to make the bugger run. :)
Excellent guide, thanks! I'm gathering all sources I can in the event I ever need to wipe my router, and I didn't make but one note the first time around.
Sorry to necro the thread, but would you mind uploading (to wherever is a reliable, long-term storage location) the 2K180116 BIOS if you still have it?
The latest is something I bet many home users, myself included, won't care to have:
- Updated Intel CPU microcode patch for "Spectre" issue
NOTE: I guarantee nothing about this file, other than it will take up space when you download it. As with everything on the web, ALWAYS scan the file before doing anything with it.
Great, thank you!