Maybe I can save some time for others?
I was using and ASA5506X and it just deiced to up and die on me while watching Umbrella Academy. Years prior I have used both IPCop and Pfsense. Time for a new firewall and I was not very happy using an ASA in my home network.
I purchased an SG-3100 but is back ordered for many weeks. In the meantime I started researching the hardware it used and was not very pleased that it was not using an Intel processor (AES-NI support) and only had 2 GB of RAM. I could purchase the next model up, SG-5100, but this was $700! :o I cancelled the SG-3100 order
So I decided to roll my own. I bought an Asrock H470M-ITX/AC, Intel Core-i3 10100 processor, 16 GB RAM, 500 GB NVMe storage, and a Fractal Node 202 with power supply. I wanted small form factor and dual onboard NICs, I got all this for $500! ;D This is more then enough compute power to run the firewall with all the cool apps and can expand the hardware if needed?
I deiced to go with OPNsense, I am always interested in forks.
Now to share my woes with OPNsense/FreeBSD. I could not get any of the onboard NICs to be identified!
root@OPNsense:~ # pciconf -lvc
............................
none5@pci0:0:31:6: class=0x020000 card=0x0d4d1849 chip=0x0d4d8086 rev=0x00 hdr=0x00
vendor = 'Intel Corporation'
class = network
subclass = ethernet
cap 01[c8] = powerspec 3 supports D0 D3 current D0
cap 05[d0] = MSI supports 1 message, 64 bit
...........................
none6@pci0:3:0:0: class=0x020000 card=0x81681849 chip=0x812510ec rev=0x05 hdr=0x00
vendor = 'Realtek Semiconductor Co., Ltd.'
class = network
subclass = ethernet
cap 01[40] = powerspec 3 supports D0 D1 D2 D3 current D0
cap 05[50] = MSI supports 1 message, 64 bit, vector masks
cap 10[70] = PCI-Express 2 endpoint MSI 1 max data 256(256) RO
link x1(x1) speed 5.0(5.0) ASPM disabled(L0s/L1)
cap 11[b0] = MSI-X supports 32 messages
Table in map 0x20[0x0], PBA in map 0x20[0x800]
cap 03[d0] = VPD
ecap 0001[100] = AER 2 0 fatal 0 non-fatal 0 corrected
ecap 0002[148] = VC 1 max VC0
ecap 0003[168] = Serial 1 a0ce2b59a1a80000
ecap 0017[178] = TPH Requester 1
ecap 0018[204] = LTR 1
ecap 001e[20c] = unknown 1
ecap 000b[21c] = Vendor 1 ID 2
root@OPNsense:~ # strings /boot/kernel/if_em.ko | grep '7.*'
...................
7.6.1-k # Version 7.6.1-k! This driver is over 4 years old!
..................
root@OPNsense:~ # strings /boot/kernel/if_re.ko | grep '1.*'
..............
version:1.95.00 # May be just as old?
None of the driver are seen but yet my Intel dual port card uses if_em and it was working.
root@OPNsense:~ # kldstat
Id Refs Address Size Name
1 66 0x0 248da78 kernel
2 1 0x0 10250 carp.ko
3 1 0x0 f998 if_bridge.ko
4 2 0x0 72a8 bridgestp.ko
5 1 0x0 3e78 if_enc.ko
6 1 0x0 b1c0 if_gre.ko
7 1 0x0 15fe8 if_lagg.ko
8 1 0x0 8b60 if_tap.ko
9 3 0x0 582f0 pf.ko
10 1 0x0 2af8 pflog.ko
11 1 0x0 ebd0 pfsync.ko
12 1 0x0 15d20 if_iwm.ko
13 1 0x0 fb11f iwm3168fw.ko
14 1 0x0 18a0 uhid.ko
15 1 0x0 1aa0 wmt.ko
16 1 0x0 2928 ums.ko
17 1 0x0 8d50 aesni.ko
18 1 0x0 cd70 snd_uaudio.ko
19 1 0x0 4260 ng_ubt.ko
20 6 0x0 9e30 netgraph.ko
21 2 0x0 91b8 ng_hci.ko
22 3 0x0 9c0 ng_bluetooth.ko
23 1 0x0 cad0 ng_l2cap.ko
24 1 0x0 1ba00 ng_btsocket.ko
25 1 0x0 21c0 ng_socket.ko
I have tried to force unloading both if_em and if_re, both failed with some error that read they could not be found. So I tried loading them again, the message then read that the drivers were already loaded! :(
Now it is time for some Google-Fu. Luckily I found:
https://www.reddit.com/r/PFSENSE/comments/hrp7ck/asrock_b460mitx_onboard_nic_issue_with_pfsense/ Follow the links within the post for details.
As of writing OPNsense is based on FreeBSD 12.1. So I downloaded that version and used KVM to create a virtual machine to compile the drivers.
And, "Now witness the firepower of this fully armed and operational battle station!"
root@OPNsense:~ # pciconf -lvc
.......................................................
em2@pci0:0:31:6: class=0x020000 card=0x0d4d1849 chip=0x0d4d8086 rev=0x00 hdr=0x00
vendor = 'Intel Corporation'
class = network
subclass = ethernet
cap 01[c8] = powerspec 3 supports D0 D3 current D0
cap 05[d0] = MSI supports 1 message, 64 bit enabled with 1 message
........................................................
re0@pci0:3:0:0: class=0x020000 card=0x81681849 chip=0x812510ec rev=0x05 hdr=0x00
vendor = 'Realtek Semiconductor Co., Ltd.'
class = network
subclass = ethernet
cap 01[40] = powerspec 3 supports D0 D1 D2 D3 current D0
cap 05[50] = MSI supports 1 message, 64 bit, vector masks
cap 10[70] = PCI-Express 2 endpoint MSI 1 max data 256(256) RO
link x1(x1) speed 5.0(5.0) ASPM disabled(L0s/L1)
cap 11[b0] = MSI-X supports 32 messages, enabled
Table in map 0x20[0x0], PBA in map 0x20[0x800]
cap 03[d0] = VPD
ecap 0001[100] = AER 2 0 fatal 0 non-fatal 0 corrected
ecap 0002[148] = VC 1 max VC0
ecap 0003[168] = Serial 1 a0ce2b59a1a80000
ecap 0017[178] = TPH Requester 1
ecap 0018[204] = LTR 1
ecap 001e[20c] = unknown 1
ecap 000b[21c] = Vendor 1 ID 2
root@OPNsense:~ # strings /boot/kernel/if_em.ko | grep '7.*'
.......................
7.7.8
root@OPNsense:~ # strings /boot/kernel/if_re.ko | grep '1.*'
.......................
1.96.04
Maybe the v7.7.5 drivers would have resolved the issues seen with some of the Intel NICs?
From my FreeBSD VM
root@:~ # pkg search intel-em-mod
intel-em-kmod-7.7.5 Gigabit FreeBSD Base Drivers for Intel(R) Ethernet
This should be included in OPNsense, but it is not.
root@OPNsense:~ # pkg install intel-em-kmod
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'intel-em-kmod' have been found in the repositories
Maybe this can be a feature request?