I backed the ZimaBoard Single Board Server project on Kickstarter in early 2021, a couple of months ago it finally arrived and the first project on the todo list was to try this as a replacement for my overkill pfSense server (Dell R210 II Server) which consumed ~100W compared to ~6W of the Zimabaord, a cost reduction of over £200 per year in electricity costs too. The ZimaBoard comes pre-installed with Casa OS on the onboard 32GB eMMC storage, but that can be overwritten with whatever software we want.
When I backed the project, I also bought an extra NIC as I needed 3 connections if I was going to have a backup WAN link, however, there isn’t a way to mount the PCIe Network Card into the ZimaBoard and keep it secured. The usual riser bracket also has to be removed as it would otherwise foul the case.
Note: This isn’t the setup I finally ended up running, but this is the journey I went on.
Here are the steps I followed to get pfSense 2.6.0 up and running on the ZimaBoard:
- Download the latest pfSense USB Image from: https://www.pfsense.org/download/
- Architecture: AMD64
- Installer: USB Memstick Installer
- Console: VGA
- Write the USB Image to a USB Flash drive using Balena Etcher (or similar)
- Attach a display and keyboard to the ZimaBoard
- Insert USB Flash drive now containing pfSense installing image
- Boot the ZimaBoard and follow the wizard to install pfSense, selecting the eMMC storage#
- The ZimaBoard supports up to 2 x SATA drives, depending on the features planned to be used on pfSense, consideration should be given to using a SATA SSD or HDD.
- After installation completes I had to enter the BIOS and change the Boot option to MMC.
Realtek Network Drivers
The two onboard NICs are identified as
Realtek PCIe GbE Family Controller and worked out of the box, though FreeBSD 12 which pfSense 2.6 is built on doesn’t include the latest drivers. The left hand NIC was
re0 and the other
The 2.5GbE network card (Realtek RTL8125B) wasn’t detected after installation and required updated Realtek drivers to be installed.
Updated 4 Dec 2022: Realtek have released driver version 197.
Update 19 Jan 2023: Realtek have released driver version 198.
Installing Realtek version 198 driver
- If there is an old driver version e.g.:
pkg delete realtek-re-kmod-196.04
fetch -v https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/realtek-re-kmod-198.00_1.pkg
- then install the driver:
pkg install -f -y realtek-re-kmod-198.00.pkg
- If not already present add the following configuration items to
- Reboot pfSense
Configuration Tweaks for pfSense
If you are planning on using pfSense as a basic firewall/router you should consider minimising the writes to the eMMC storage, though if you are planning on using additional packages like ntopng it will need more space than can be provided by a RAM Disk
- System -> Advanced -> Miscellaneous -> RAM Disk Settings:
Use RAM Disks
- Reboot pfSense.
Enable capabilities of the CPU (Intel Celeron N3450)
- System -> Advanced -> Miscellaneous -> Cryptographic & Thermal Hardware:
- Cryptographic Hardware:
AES-NI CPU-based Acceleration
- Thermal Sensors:
Intel Core* CPU on-die thermal sensor
- Cryptographic Hardware:
It’s unclear if pfSense is correctly supporting the CPU clock boost capabilities of the CPU, as it shows the clock speed as 1.1GHz. However, to give it a chance of working:
- System -> Advanced -> Miscellaneous -> Power Savings:
- Set the policies to:
I ran this configuration for several weeks and noticed I was having problems with my backup network connection (via Starlink) going offline, sometimes disabling and re-enabling the interface fixed it, sometimes a reboot of Starlink would fix it, sometime pfSense had to be rebooted.
dmesg filled upa with a stream of errors:
arpresolve: can't allocate llinfo for 100.64.0.1 on re1
re1 is the onboard GbE NICs connected to the Starlink, not the 2.5GbE NIC.
DNS errors from unbound were also being constantly logged to
May 25 22:26:18 pfsense-zimaboard unbound: [75327:3] error: recvfrom 26 failed: Protocol not available May 25 22:26:18 pfsense-zimaboard unbound: [75327:1] error: recvfrom 24 failed: Protocol not available
Given the move from the Dell R210 II server to the ZimaBoard was both a hardware move and an upgrade from pfSense 2.4 to 2.6, it’s unclear if one or the other was the cause of the problems.
I decided to stop using any of the Realtek NICs and instead take the Intel Quad port NIC (
Intel(R) PRO/1000 ET 82576 (Quad Copper) I had in the Dell server and use that. The card is significantly larger and so I also created a new wall mount to allow the Intel NIC to be secured.
Since switching to the Intel quad port NIC, I’ve not experienced any of the issues above.
BIOS & CPU Issues
- BIOS version information is corrupted
- DMI table is broken (possible cause of BIOS version info)
dmidecode -t processor -t cache # dmidecode 3.3 Scanning /dev/mem for entry point. SMBIOS 3.0.0 present. Invalid entry length (0). DMI table is broken! Stop.
- The Intel N3450 CPU has a base clock frequency of 1.1GHz with a burst frequency of 2.2GHz. However, pfSense only shows the clock running at 1.1GHz, it’s unclear if this is just cosmetic or if it really isn’t bursting.
- The speed issue seems similar to a post here on Reddit from 2019
- The supported CPU speeds listed are:
sysctl dev.cpu.0.freq_levels dev.cpu.0.freq_levels: 1101/0 1100/0 1000/0 900/0 800/0