Zotac ZBOX CI323 nano

thlunk

Just got mine all up and running. I must say, I am truly impressed with pfSense. This was my first build with pfSense and it's by far the best firewall I've used. I'm not using snort/squid or anything (yet), but I'm connected to VPN and getting ~90-100Mb. I usually get ~180Mb not on VPN, so I'm very happy with that given the cost of this box with a SSD/RAM is around ~$250. It took me a little bit to learn the GUI (which is very intuitive I must say) and figure out my firewall rules to force all traffic (except one device my wife uses for Hulu because Hulu doesn't allow connections on VPN) through the VPN, but it's all configured and working properly now.

Danrbball

I just ordered a CI323 to run pfsense and wanted to make sure everyone running it would still buy one of these devices again. I know there have been driver issues, but it appears if you limit the wan or run in a VM it's a great device.

rightnow

@IggyB:

Hey sorry, just got my main desktop up and running. I had some trouble after draining my watercooling loop, had to go out and buy a new block. then my pumps reservour cracked. etc.. lol

1. Install Kernel FreeBSD 10.3 with kernel sources.
1. Get kernel driver 1.91 from realtek site. You don't need the patch for driver, only if you're using FreeBSD 11+
2. Modify /usr/src/sys/amd64/conf/GENERIC and delete line "device re" - so if_re no longer be included in kernel itself - module will be build anyway.
3. Edit /boot/loader.conf adding line if_re_load="YES", so external module will be loaded.
4. Go to /usr/src and run "make buildkernel KERNCONF=GENERIC && make installkernel KERNCONF=GENERIC"
5. Reboot with new kernel. System should boot with open-source driver as module. kldstat will show if_re in list of modules.
6. Put Realtek's if_re.c and if_rereg.h into /usr/src/sys/dev/re
7. Build driver (cd /usr/src/sys/modules/re && make clean && make)
8. Backup /boot/kernel/if_re.ko, then cp /usr/src/sys/modules/re/if_re.ko /boot/kernel/if_re.ko && chmod 0555 /boot/kernel/if_re.ko && chown root:wheel /boot/kernel/if_re.ko
9. Reboot

Now i wasn't sure how to upload files to internet using lynx or fetch so i installed xorg server and kde on vm FreeBSD. This took a while and i had some issues with timeouts etc.
Basicly i uploaded new compiled if_re.ko to some small file hosting sites, used a tinyurl to shorten it with direct link

SSH into pfSense and used fetch to download it into /boot/kernel/
chmod 0555 /boot/kernel/if_re.ko && chown root:wheel /boot/kernel/if_re.ko

edit /boot/loader.conf in pfSense. Can do through web browser or through ssh client with vi
add line if_re_load="YES"

That should be it. Reboot and your 1.92 should be loaded. If you want to unload it just put # infront of if_re_load="YES" in /boot/loader.conf
If you're having issues compiling or uploading to web/usb stick i will be happy to upload it for you or send you somehow a already compiled one

Would it be ossible to get your compiled version? I cant get it to compile :(

all5n

@IggyB:

Hey sorry, just got my main desktop up and running. I had some trouble after draining my watercooling loop, had to go out and buy a new block. then my pumps reservour cracked. etc.. lol

1. Install Kernel FreeBSD 10.3 with kernel sources.
1. Get kernel driver 1.91 from realtek site. You don't need the patch for driver, only if you're using FreeBSD 11+
2. Modify /usr/src/sys/amd64/conf/GENERIC and delete line "device re" - so if_re no longer be included in kernel itself - module will be build anyway.
3. Edit /boot/loader.conf adding line if_re_load="YES", so external module will be loaded.
4. Go to /usr/src and run "make buildkernel KERNCONF=GENERIC && make installkernel KERNCONF=GENERIC"
5. Reboot with new kernel. System should boot with open-source driver as module. kldstat will show if_re in list of modules.
6. Put Realtek's if_re.c and if_rereg.h into /usr/src/sys/dev/re
7. Build driver (cd /usr/src/sys/modules/re && make clean && make)
8. Backup /boot/kernel/if_re.ko, then cp /usr/src/sys/modules/re/if_re.ko /boot/kernel/if_re.ko && chmod 0555 /boot/kernel/if_re.ko && chown root:wheel /boot/kernel/if_re.ko
9. Reboot

Now i wasn't sure how to upload files to internet using lynx or fetch so i installed xorg server and kde on vm FreeBSD. This took a while and i had some issues with timeouts etc.
Basicly i uploaded new compiled if_re.ko to some small file hosting sites, used a tinyurl to shorten it with direct link

SSH into pfSense and used fetch to download it into /boot/kernel/
chmod 0555 /boot/kernel/if_re.ko && chown root:wheel /boot/kernel/if_re.ko

edit /boot/loader.conf in pfSense. Can do through web browser or through ssh client with vi
add line if_re_load="YES"

That should be it. Reboot and your 1.92 should be loaded. If you want to unload it just put # infront of if_re_load="YES" in /boot/loader.conf
If you're having issues compiling or uploading to web/usb stick i will be happy to upload it for you or send you somehow a already compiled one

Thanks. I installed FreeBSD 10.3 in a virtualbox VM with the source code, and was able to re-build the kernel based on your instructions, and then build the if_re module and load that as well.

Was the purpose of re-building the kernel just to make sure the if_re.ko actually loaded/worked? Because it seems like you could just build the module (if_re.ko, steps 6-7) and copy it over to the pfsense box, add the line to loader.conf, and that's all it would take. Is there really a need really to re-build the whole kernel, now that you have proven that the re-built works?

Is it correct to assume that loading if_re.ko as a module on the pfsense box will override the version that is built into the kernel? Or does the pfsense kernel load all interfaces as modules? That would make sense. My CI323 is on the way, so dont have it to play with at the moment.

EDIT: Was able to test by installing pfsense in a virtualbox VM. The kernel seems to have loaded the module just fine, and i didnt see any other modules for the intel NICs that the virtualbox hypervisor emulates. So i think i can assume (uh oh) that the newly built if_re.ko module would override the realtek open source driver built into the kernel.

EDIT2: kldstat -v only lists the one if_re from the module, so have to assume thats the one its actually going to use.

all5n

@all5n:

@IggyB:

Hey sorry, just got my main desktop up and running. I had some trouble after draining my watercooling loop, had to go out and buy a new block. then my pumps reservour cracked. etc.. lol

1. Install Kernel FreeBSD 10.3 with kernel sources.
1. Get kernel driver 1.91 from realtek site. You don't need the patch for driver, only if you're using FreeBSD 11+
2. Modify /usr/src/sys/amd64/conf/GENERIC and delete line "device re" - so if_re no longer be included in kernel itself - module will be build anyway.
3. Edit /boot/loader.conf adding line if_re_load="YES", so external module will be loaded.
4. Go to /usr/src and run "make buildkernel KERNCONF=GENERIC && make installkernel KERNCONF=GENERIC"
5. Reboot with new kernel. System should boot with open-source driver as module. kldstat will show if_re in list of modules.
6. Put Realtek's if_re.c and if_rereg.h into /usr/src/sys/dev/re
7. Build driver (cd /usr/src/sys/modules/re && make clean && make)
8. Backup /boot/kernel/if_re.ko, then cp /usr/src/sys/modules/re/if_re.ko /boot/kernel/if_re.ko && chmod 0555 /boot/kernel/if_re.ko && chown root:wheel /boot/kernel/if_re.ko
9. Reboot

Now i wasn't sure how to upload files to internet using lynx or fetch so i installed xorg server and kde on vm FreeBSD. This took a while and i had some issues with timeouts etc.
Basicly i uploaded new compiled if_re.ko to some small file hosting sites, used a tinyurl to shorten it with direct link

SSH into pfSense and used fetch to download it into /boot/kernel/
chmod 0555 /boot/kernel/if_re.ko && chown root:wheel /boot/kernel/if_re.ko

edit /boot/loader.conf in pfSense. Can do through web browser or through ssh client with vi
add line if_re_load="YES"

That should be it. Reboot and your 1.92 should be loaded. If you want to unload it just put # infront of if_re_load="YES" in /boot/loader.conf
If you're having issues compiling or uploading to web/usb stick i will be happy to upload it for you or send you somehow a already compiled one

Thanks. I installed FreeBSD 10.3 in a virtualbox VM with the source code, and was able to re-build the kernel based on your instructions, and then build the if_re module and load that as well.

Was the purpose of re-building the kernel just to make sure the if_re.ko actually loaded/worked? Because it seems like you could just build the module (if_re.ko, steps 6-7) and copy it over to the pfsense box, add the line to loader.conf, and that's all it would take. Is there really a need really to re-build the whole kernel, now that you have proven that the re-built works?

Is it correct to assume that loading if_re.ko as a module on the pfsense box will override the version that is built into the kernel? Or does the pfsense kernel load all interfaces as modules? That would make sense. My CI323 is on the way, so dont have it to play with at the moment.

EDIT: Was able to test by installing pfsense in a virtualbox VM. The kernel seems to have loaded the module just fine, and i didnt see any other modules for the intel NICs that the virtualbox hypervisor emulates. So i think i can assume (uh oh) that the newly built if_re.ko module would override the realtek open source driver built into the kernel.

EDIT2: kldstat -v only lists the one if_re from the module, so have to assume thats the one its actually going to use.

Quick follow up on this. Got pfsense installed and the realtek driver module installed and working as per the instructions. Has worked without a hitch so far.

Don't think i am stressing the NICs too much with my 50/5 connection.

IggyB

hi
sorry haven't checked the forums in a while
for the guy who asked for it

http://s000.tinyupload.com/?file_id=67950169242632494971

that's the compiled version i use on my pfSense 2.3.2

compiled on FreeBSD 10.3

krackpot

@IggyB:

hi
sorry haven't checked the forums in a while
for the guy who asked for it

http://s000.tinyupload.com/?file_id=67950169242632494971

that's the compiled version i use on my pfSense 2.3.2

compiled on FreeBSD 10.3

I tried following your instructions, but couldn't locate the driver on Realtek's site.

I think it's the one listed under:

Network Interface Controllers
10/100/1000M Gigabit Ethernet
PCI Express <–- Is this correct?

http://www.realtek.com.tw/downloads/downloadsView.aspx?Langid=1&PNid=13&PFid=5&Level=5&Conn=4&DownTypeID=3&GetDown=false

Unix (Linux)
Apply to RTL8111H(S)/RTL8118/RTL8119i as well.
Description Version Update
FreeBSD 7.x and 8.0
1.93 2017/2/13 83k

Is the above mentioned 1.93 file under Unix/FreeBSD 7.x and 8.0 what I need to get to continue with the rest of the compile steps?

EDIT: Was able to get some help compiling the 1.93 Realtek PCI-E driver above. Seems to work without issue (so far) and I verified it was loaded.

Forsaked

There is a new generation out with an Apollo Lake processor, but still Realtek-NICs.

https://www.zotac.com/us/product/mini_pcs/ci327-nano

Rockn

I hate to hijack this thread, but can anyone explain the process for getting pfSense installed on one of these boxes? It seems to get installed and sits at the f1 prompt, but goes into a reboot loop after the install. If you want to break this out into its own thread be my guest.

Thanks

fullmetal297

Sounds like you need to change your bios from UEFI to Legacy.

@Rockn:

I hate to hijack this thread, but can anyone explain the process for getting pfSense installed on one of these boxes? It seems to get installed and sits at the f1 prompt, but goes into a reboot loop after the install. If you want to break this out into its own thread be my guest.

Thanks

messerchmidt

does 2.3.4 have the latest realtek driver update?

silvan_0172

Any update on the onboard wifi card if that works with PFsense?
I am about to pull the trigger on buying on of these, but would really like to know if the onboard wifi is recognized by Pfsense.

mleone87

I have one of these since a couple of months.

Never ever managed to get full gigabit nat perfomance.

No KVM Virtio perfomance with openwrt(750 mbits)
No Esxi VMXNET3 performance with openwrt(650 mbits)
Tried opnsense on baremetal (500 or 300 mbits)
Never tried pfsense since their lack of support for my pppoe connection

all the speeds are WAN to LAN troughput on a PPPoE FTTH connection(1000/200)

Same tests on a virtualized environment with G4560 CPU and intel nics are all full gigabit speed

TonyVI

@silvan_0172:

Any update on the onboard wifi card if that works with PFsense?
I am about to pull the trigger on buying on of these, but would really like to know if the onboard wifi is recognized by Pfsense.

Installed latest version 2.3.4 yesterday and wireless card is not recognized.

IggyB

Installed latest version 2.3.4 yesterday and wireless card is not recognized.

Add these two lines in /boot/loader.conf

legal.intel_iwi.license_ack=1
legal.intel_ipw.license_ack=1

IggyB

There is a new driver on Realtek's site v.193 with included patches. Work's on 2.3.4

If you want to compile your own on FreeBSD 10.3

1. update the driver source code:
Remove existing if_re.c from /usr/src/sys/dev/re or rename to if_re.c.org
Copy the new 1.93 dirver source code( if_re.c and if_rereg.h) into /usr/src/sys/dev/re
Remove existing Makefile from /usr/src/sys/modules/re or rename to Makefile.org
Copy the new 1.93 Makefile into /usr/src/sys/modules/re

2. build the driver:

cd /usr/src/sys/modules/re

make clean

make

3. Upload the new if_re.ko from /usr/src/sys/modules/re to your pfSense box in /boot/kernel
# cd /boot/kernel
# chmod 0555 if_re.ko
' # chown root:wheel if_re.ko
edit /boot/loader.conf in pfSense with vi
add line add line if_re_load="YES"
# reboot

Don't forget to rename old .ko module if you want to keep it or remove it

tekken4

Hi @cinnamon

are you able to compile the latest driver? not got freebsd.

thanks very much

IggyB

What pfsense ver are you using?

ermax

I have the CI327 and was also having throughput and timeout problems. I was able to resolve my problems by compiling 1.93 in a VM running FreeBSD 11. I copied the driver over to my pfSense box and no more timeouts. I disabled all the tuning options that I had previously applied and it still works fine. Before I went this route I couldn't get anything over 50MBit/Sec. Now I am maxing out my 100Mb/100Mb connection.

The process was very straight forward too. Make sure when installing FreeBSD 11 for your build environment that you select the option to install the source tree. Then do a "pkg install curl" and then follow these directions:

On Build Server:
curl -o /tmp/rtlv193.tgz http://12244.wpc.azureedge.net/8012244/drivers/rtdrivers/cn/nic/0006-rtl_bsd_drv_v193.tgz
tar -xf /tmp/rtlv193.tgz -C /tmp/

cp /tmp/rtl_bsd_drv_v193/if_re* /usr/src/sys/dev/re/
cp /tmp/rtl_bsd_drv_v193/Makefile /usr/src/sys/modules/re/
cd /usr/src/sys/modules/re/
make

scp /usr/src/sys/modules/re/if_re.ko root@<pfsenseip>:/boot/kernel/

On pfSense:
cd /boot/kernel
chmod 0555 if_re.ko
chown root:wheel if_re.ko

Add this line to /boot/loader.conf.local:
if_re_load="YES"

reboot pfsense

After reboot verify that it loaded the new driver with:
dmesg | grep re0</pfsenseip>

Edit: One other problem I had on the CI327 was boot time took forever due to it trying to access the SD card reader. I was able to resolve this by hitting ESC at the boot loader (from the install media) and then typing:


set hint.sdhci_pci.0.disabled=1
set hint.sdhci_pci.1.disabled=1
boot

Then at the end of the install it prompts you about going to a shell to make additional changes. Say yes and then add these lines to /boot/loader.conf.local:


hint.sdhci_pci.0.disabled=1
hint.sdhci_pci.1.disabled=1

This was all done on pfSense 2.4 nightly.

cristi_gh

@cinnamon:

Installed latest version 2.3.4 yesterday and wireless card is not recognized.

Add these two lines in /boot/loader.conf

legal.intel_iwi.license_ack=1
legal.intel_ipw.license_ack=1

Just added this and still doesn't work.