pfSense 2.4.3 on a Zotac CI327 Nano: How To



  • Like an idiot, I bought a piece of hardware before researching here to see if worked ok. lol
    So, after many hours researching here, and quite a few time performing impact tests of my wall with my forehead, I was finally able to get pfSense installed and passing traffic.
    I probably ended up duplicating effort needlessly, as I am just not very familiar with FreeBSD, and have never needed to modify my pfSense installation media before this. But I will record what I did. Worst case, you might end up doing some extra typing. :)

    Hardware: Zotax ZBox CI327 Nano, 2GB RAM, SATA HDD

    Here's a step-by-step of how I was able to get it running.

    1. Flash BIOS to most recent version: 2K180116
    2. Revert BIOS to defaults (labeled as Optimized Defaults)
    3. Change these BIOS settings:
         Features > CPU Configuration:
              Active Processor Cores = Disabled
              Intel Virt Tech = Disabled
              VT-d = Disabled
         Features > CPU Configuration > CPU Power Management Configuration:
              C-States = Disabled
         Features > USB Configuration:
              XHCI Hand-off = Disabled
         Power:
              Enable ACPI Auto Configuration = Disabled
              Enable Hibernation = Disabled
              ACPI Sleep State = Suspend Disabled
              Deep Sleep S5 support = Disabled
         Boot:
              Boot Mode = Legacy
    
    1. Save settings and reboot
    2. Download the pfSense 2.4.3 memstick image
    3. Write the memstick image to your USB flash drive
    4. Put the following settings into the file /boot/loader.conf
    kern.cam.boot_delay=10000
    hint.hpet.0.clock=0
    hw.sdhci.enable_msi=0
    hint.sdhci_pci.0.disabled=1
    hint.sdhci_pci.1.disabled=1
    debug.acpi.disabled="hostres"
    kern.geom.raid.enable="0"
    if_re_load="YES"
    
    1. Download the latest Realtek driver for the NICs.0_1531670258067_if_re.ko.zip
    2. Extract the file it_re.ko from the downloaded zip file, and place it into /boot/kernel/
    3. Create the file /usr/local/etc/rc.d/SDfix.sh
    4. Put the following line into the file:
    usbconfig -u 0 -a 3 power_off
    
    1. Boot into the installation media and install pfSense using whatever settings you choose
    2. After installation, reboot.
    3. Once the boot menu pops up, hit 3 to enter the shell
    4. Enter the command:
    set hint.hpet.0.clock=0
    
    1. Then go back into the menu and hit 1 to boot into multi-user mode
    2. pfSense should boot up completely, although with some weird errors
    3. Hit 8 to enter the shell
    4. Plug in the USB flash drive and mount the main partition

    Use this command to find the proper device and partition

    gpart show da*
    

    (On my system, it was da1p3)
    and then, I created a mountpoint /mtn/usbtemp
    use this command to mount the partition

    mount -t ufs /dev/da1p3 /mnt/usbtemp
    
    1. Once mounted, copy the files that you created previously, to your new pfSense system
    cp /mnt/usbtemp/boot/kernel/if_re.ko /boot/kernel/
    cp /mnt/usbtemp/usr/local/etc/rc.d/SDfix.sh /usr/local/rc.d/
    chmod 555 /usr/local/rc.d/SDfix.sh
    chmod 555 /boot/kernel/if_re.ko
    
    1. Add the lines from step #7 into the existing /boot/loader.conf file, taking care not to duplicate lines.
    2. Exit the shell
    3. Shutdown the device
    4. Remove the USB flash drive.
      The device should boot properly now and pass traffic.

    I still need to perform throughput tests, and will pass my results when complete.
    I hope this helps someone else out there avoid some migraines!

    *EDIT: corrected the Realtek driver file name from io_re.ko to if_re.ko


  • Netgate Administrator

    You should put custom loader settings in /boot/loader.conf.local otherwise they may be overwritten.

    You can probably run that usbconfig command using a shellcmd rather than a script. That too might be overwritten.
    https://www.netgate.com/docs/pfsense/development/executing-commands-at-boot-time.html#shellcmd-option

    You might be able to do that with a USB quirk.

    Steve



  • @stephenw10
    Thanks! yeah, I tried that. I put all of those settings into the /boot/loader.conf.local file... and the system froze at the HPET point of booting up. To prevent that, you have to use the hint.hpet.0.clock=0 setting. But it was already IN the proper file. So I put it into the /boot/loader.conf file and BLAMMO! It works.

    I understand that it isn't what the docs tell you to do, but... it is the only way that worked for me. Believe me, I spent hours going over the docs, trying to find out what I was doing wrong. But, it wasn't until i configured things exactly the way that I posted that the router started booting up properly.

    Go figure.

    Mine is not to question why, mine is but to figure out a way to make the bugger run. :)