This is the same family as the Citrix SD-WAN 110 but in a metal housing and with more ethernet ports. A bunch of these have started to show up on ebay in the UK. The hardware specs are as follows:
Intel Atom C3338 dual core CPU 1.5 GHz
4 GB DDR4 ram
16 GB sata DOM
64 GB msata SSD
4x I211 gigabit NIC (requires jumper move to disable bypass)
2x X553 gigabit NIC
2x SFP (not usable with OpenWrt)
Sierra Wireless 4G/LTE card
TPM 2.0 module
2x USB 3.0 ports
empty m.2 slot for a wireless card
fanless / passively cooled
The Citrix OS boots from the msata SSD with recovery files stored on the sata DOM. I could login to the webinterface at 192.168.100.1 by setting a static ip on my laptop. There are a few local configuration options but it seems like these devices are mostly configured remotely from some management / cloud interface.
The OpenWrt install is fairly straightforward:
Prepare a USB stick with an OpenWrt x86/64 image and plug it into the device
Connect serial console with 9600 baud
Power on the device and press del to enter the bios
Change boot from legacy to UEFI and adjust boot order to USB key, sata DOM, hard drive
Save bios changes and reset
Let device boot from USB
Change console to 115200 baud for OpenWrt
Connect ethernet cable to the MGMT port and access OpenWrt at 192.168.1.1
Download/copy OpenWrt EFI image to /tmp and then write to the sata DOM
Power off the device and remove the USB stick
Power back on and the device now runs OpenWrt
Caveats / issues:
Port 1 and 2 are by default in bypass mode and not usable. Unfortunately there is no setting in the bios to override the bypass. Some of the files in the Citrix OS mention a watchdog and kernel module so I'm not sure if this can be replicated in OpenWrt to override the bypass. (bypass can be disabled by a jumper, see next post)
The 2 SFP ports are shared with 2 ethernet ports. Based on a quick look in the Citrix OS this also requires some kernel modules and gpios to be able to switch from ethernet to SFP. I'm not sure if that is possible to replicate in OpenWrt.
So with some basic configuring and the movement of a jumper (see next post) this can be used as a 6 port OpenWrt router/firewall with a builtin 4G/LTE connection and 64GB additional storage space.
Some more exploring of the original OS shows that it is based on Debian with kernel 3.16. The software seems to run on multiple models so it is difficult to know which parts are applicable to this specific device. There are a few special kernel modules included: bpctl_mod.ko, caswell-bpgen3.ko, gpio-nuvoton.ko and wdt-nuvoton.ko
I've loaded the w83627hf_wdt kmod and a few others and this results in a watchdog being recognised in dmesg.
[ 27.125888] w83627hf_wdt: WDT driver for NCT6779 Super I/O chip initialising
[ 27.133108] w83627hf_wdt: initialized. timeout=60 sec (nowayout=0)
[ 27.139933] i2c_dev: i2c /dev entries driver
[ 27.148346] i801_smbus 0000:00:1f.4: enabling device (0000 -> 0003)
[ 27.154776] i801_smbus 0000:00:1f.4: SPD Write Disable is set
[ 27.160585] i801_smbus 0000:00:1f.4: SMBus using PCI interrupt
[ 27.166908] i2c i2c-0: 1/4 memory slots populated (from DMI)
[ 27.172938] i2c i2c-0: Successfully instantiated SPD at 0x50
In the Citrix OS there is a function sfp_ctl.sh which allows the software to switch between ethernet port and sfp. The function depends on both the gpio-nuvoton.ko and wdt-nuvoton.ko modules. It looks like the nuvoton watchdog is recognised with w83627hf_wdt kmod but I can't find any nuvoton related gpio kmods in OpenWrt. So it looks like enabling the 2 sfp ports is a dead end for now.
The bpctl_mod.ko and caswell-bpgen3.ko file names make it look like these modules are related to the bypass ports. Since those modules are specific to this (caswell produced) hardware it is unlikely to ever find a driver to make the bypass work. So I think 4 working Gbit ports is the maximum for now. (see edit below, bypass can be disabled by a jumper!)
Apparently others have run into the same issue as well
After a bit more messing around I've found a way to disable the bypass and make 2 more ports available under OpenWrt. One of the jumpers needs to be moved to a different position as indicated in the image below. This disables the bypass even when the device is powered off.
I bought one of these a while back.
Still haven't started playing with, but you just saved me some time trying to figure out if it could be done via software.
Figuring out these kind of things is part of the challenge / fun when buying odd 2nd hand hardware. Publishing it on the forum will hopefully help others and give these devices a second life in someone's home (lab). It is not the most powerful x86 router by today’s standards but should be more than capable enough for most use cases.
Official support from Citrix has ended at the end of 2025 so that explains why they are showing up more on the 2nd hand market. Although most prices are still quite high for unsupported systems in my opinion.
