pfSense Gold Subscription

Author Topic: Zotac C1327 not a good choice for 2.4  (Read 357 times)

0 Members and 1 Guest are viewing this topic.

Offline peppersass

  • Jr. Member
  • **
  • Posts: 36
  • Karma: +0/-0
    • View Profile
Zotac C1327 not a good choice for 2.4
« on: November 23, 2017, 02:59:17 am »
Just a warning for those who may be considering a Zotac C1327 for running pfSense:

I was able to run 2.3 on my Zotac C1327 without issues, but when I tried the stable version of 2.4.0 throughput dropped significantly and RTT times went way up. It was really bad on my VPN: speed dropped to 20% of normal and RTT times were about 3x.

When 2.4.1 came out I decided to try again, but this time it hung during boot. I tried both updating 2.3.5 in place and installing a clean copy from a USB stick. They both hung at the same step in the boot sequence.

So I tried the latest version of OPNsense. It booted OK, and throughput on the WAN was close to nominal, but throughput on the VPN was terrible.

I finally gave in and bought a Protectli E3845 Vault with Intel NICs. Huge difference. Both OPNsense and pfSense 2.4.1 work great on this box -- throughput is as good or better than 2.3 on the Zotac.

I suspect the main problem is the Realtek driver supplied with newer versions of FreeBSD, with errors causing the low throughput. It's possible that updating the RealTek driver would solve the problem, but I'm not going to spend time trying that. Also, the significantly worse VPN throughput might be an indication of some sort of crypto or BIOS incompatibility.

Bottom line, I wouldn't buy a Zotac box for pfSense. A few extra dollars for the Protectli are well worth it.


  • Guest
Re: Zotac C1327 not a good choice for 2.4
« Reply #1 on: November 23, 2017, 08:20:58 am »
Install realtek v1.94 driver to solve that particular problem. For more info check this thread:
TheNarc is the fellow who compiled the driver and made the binaries available for download. Get it, unzip it. You'll end up with a if_re.ko file. Check its SHA to ensure that there is no corruption in the file.

Start your Zotac. Once it's up and running upload the driver file if_re.ko in the directory "/boot/kernel/".
You may use WinSCP or any remote file management software.

Then add the line if_re_load="YES" to the file "/boot/loader.conf.local".
Reboot pfsense. When it's up, start a console shell ( #8 ) and check with the command "kldstat" which should show if_re.ko as loaded.

Obviously here you have to trust TheNarc's compilation as much as you trust the obscure software engineer's coding ability who wrote the source code to begin with.

Regarding your negative assertion: Zotac CI327 has 2 gigabit ethernet RTL8111 circuits, which has been around for quite a few years.
It is rock solid and it is one of the most OEM'd gigabit ethernet chip on the planet. You are going to find it in high end as well as mid-range products, including under the hood of your car's on-board computer. Its derivatives are practically in every gigabit switch under proprietary markings and licensed to every big name router company out there.

Contrary to some "opinions" in the pfsense and FreeBSD forums Realtek's hardware has always been at par and sometimes even superior to the competition in many areas. The fact that their BSD drivers lag behind in quality is as much BSD's shortcoming as Realtek's. This is also true for Intel. Any and all Intel components including their ethernet chips are buggier on BSD than other operating systems. The root issue is not the hardware but the finger pointing about who is responsible about the low level device drivers. But this is something well outside of the scope of pfsense and this forum.
My point in mentioning it to you is that there is no need to call for the fire engines on Zotac!

You probably have other problems with Zotac's CI327, like the timer interrupts, the SD card reader because BSD do not support (properly) those components. Run a search for Zotac CI327 and you will find info about how to fix them. Then you will be happy with your CI327.

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 645
  • Karma: +52/-1
    • View Profile
Re: Zotac C1327 not a good choice for 2.4
« Reply #2 on: November 23, 2017, 08:55:22 am »
Realtek NICs are shit. Also, Protectli is just a rebranded MiniSys computer with 100 bucks slapped on top of the price.

Offline internetservices

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Zotac C1327 not a good choice for 2.4
« Reply #3 on: December 06, 2017, 11:04:51 am »
We tried 2.4.3 on Zotac CI327 and found no problems once pFsense was running. In order to boot we had to disable "Monitor M-Wait" in BIOS.
The only "problem" we are left with is this: the Zotac CI327 will refuse to boot WITHOUT a display attached! The Zotac website is sadly devoid of any useful docuementation regarding this, and we're sure there must be a BIOS setting to "continue boot on error" (or similar). Does anyone know?