Motherboard - Asus H110M-K
CPU - Intel Celeron G3930
Ram - 8GB HyperX Fury DDR4-2133
HD - Hitachi 5K500 250GB (from a laptop I had to turf)
Power - EVGA 500B (500w)
NIC - 2 x Intel Gigabit CT
all inside a Cooler Master N200 case
So to add to @rainer_d comment, I've recently purchased the APU2C4 as my pfsense box and frankly considering the costs I'm rather impressed. I'm have a WAN\LAN setup running Squid, Squid Guard, Suricata, PFBlockerng, and ntopng - my main focus is keeping my kids from getting into too much trouble as they start exploring the internet. Looking at the performance to energy cost, I really feel this box hits a lot of check boxes. Sadly, I'm limited in my bandwidth so I can't speak to how it handles on 1Gbps, but I've hear you can get close but I don't know if would need to limit the packages your running.
If you do end up do end up looking at the APU2 setup, here is what I came up with so far to improve performance:
Get thermal grease and stand the box vertically - Reduced my CPU temp by 10C
Avoid ClamAV, it will eat the CPUs alive with large downloads
Suricata seems to perform better than Snort, but is twice as hard to setup... but twice the trouble is twice the fun in my book. Between the multi core support and the APU2 supported inline mode, you can get IDS on without to much impact to your system.
Get the 4GB version, it's not much more and gives you lots of RAM to play with.
@derreckbercier said in Pfsense blocking Livestream:
I have a 100mb pipe that's symmetrical.
Well, it should be pretty hard to saturate that link with a typical livestream upload. How big is your audience for this livstream? If several dozens of users are trying to view the stream simultaneously with your upload, then I could see how your download link might approach saturation. That could then impact upload as the ACKs could not get come through from the livestream remote host on a timely basis.
@shiftyjoe said in Did I just overclocked my apu2c4 (AMD GX-412TC SOC)?:
I agree 100% with the heat comment, I doubted that I was getting the increased CPU speed after seeing no additional heat. As far as the marketing, I think that's where the confusion comes in. It seems like there is a number of mixed messages regarding the speed available on the GX-412TC which lead to @MarcoP comment that he might have unlocked the higher speeds that are by default disabled on APU2C4. Personally I'm going to keep poking at this to see if there is anything "extra" that can be eked out of the CPU without impacting the system too much, so any suggestions or insights would be appreciated.
Reported Speeds of GX-412TC SOC
https://www.amd.com/Documents/AMDGSeriesSOCProductBrief.pdf => Says 1.0/1.4GHZ
http://www.cpu-world.com/CPUs/Puma/AMD-G-Series GX-412TC.html => Says 1.2GHZ
http://www.pcengines.info/forums/?page=post&id=7D3ECCD1-AFFB-441C-9527-78A0B0E53074&fid=DF5ACB70-99C4-4C61-AFA6-4C0E0DB05B2A => Even on pcengines there are talks about how the CPU specs should be 1.2GHZ vs the 1.0GHZ
I know I'm late to the party, but I actually found out about this algorithm just recently as I was searching for network settings to tune for Linux hosts.
Ran some tests using TCP BBR and I have to say I'm quite impressed with the performance:
Performing a local test using Flent between two 10Gbit Linux hosts using TCP BRR and sitting on different network segments (i.e. the test was done across the firewall) resulted in more stable data transfer and lower latency. Using TCP - BBR I had no trouble pushing 14 - 16Gbit of traffic across the pfSense firewall (Flent is a bi-directional test) with latencies on average between 1 - 2 ms during the test. Using the prior (default) TCP congestion algorithm (Cubic) data transfer was less stable (more variability in bandwidth) and total bandwidth was a little lower as well. Latencies were closer to the 3 - 6ms range.
Performing a WAN test I also got better upload performance than before. I have a 1Gbit symmetric Fiber connection and using TCP BBR I saw higher upload speeds, especially over longer distances (e.g. between East Coast and West Coast). I use fq_codel to manage WAN traffic since I have 10Gbit hosts sending traffic into a 1Gbit interface -- it all seems to work quite well still with TCP BBR enabled on the hosts.
This site is pretty much directed towards pfsense, and networking with pfsense. While your topic is fine in the general section. You prob won't get many responses to such a query here. Your prob better off on a generic sort of "techy" IT site where users do more open discussion, etc.
I personally have used many tablets over the years - have zero experience with that brand.. So could give no opinion one way or the other.. Nor have you give any sort of details of what your looking for, what kind of budget your have, etc. So even if I wanted to.. How could I determine which one of their models would be best suited for your needs.
Good luck.. Maybe someone here has experience with their tablet line and could be helpful - but I doubt it.
Quick google show they have looks like 14 different tablets
So without some input from you to which one might best suit your needs and budget - I would have to say go with the highest end one.. Looks like the M5 Pro.
Adding the WAN rule will not add a port forward.
You add a port forward in Firewall > NAT, Port Forward. There you can optionally (recommended) have the port forward automatically maintain the firewall rule on WAN for you.
Yes, you need both ports forwarded.
In your case you can do a range from 5198 to 5199 and do it in one rule.
I'm running an SG-4860 at home and get nearly the same throughput as I do without VPN. I don't often have an opportunity to fully saturate the line as we have a 1g symmetric f/o connection from Cox at home. I just tried Speedtest running OpenVPN from work where we have 100m symmetric fiber on TWC and got the following:
Speedtest on TWC Fiber: 90.8/96.1
VPN to Cox at home on SG-4860: 84.3/91
little over 6% overhead/reduction due to VPN
I think this has more or less held true when I've had access to better bandwidth as well. Have never run into an issue where the 4860 is the bottleneck.
I'll nuke this thread momentarily but we have also seen these being sneaky by making a post and then a few hours later they go back and edit the post to add links. It didn't happen here, but I caught half a dozen or so instances of this yesterday and some even had replies since they initially looked legit. If you see the little pencil icon by the timestamp you can click it and see previous post revisions and the first one had no links, second one did.
They're getting fairly sophisticated. I'm guessing this new technique is a way to bypass spam checks on new posts that may not inspect edits.
Also a bunch of profile spam, but hopefully I have now cut down on that by requiring at least 5 reputation to fill in the "about" and "website" section of the profiles as well as to add a signature. I wish we could lock down post editing in a similar way but there isn't an option for that yet that I've found.
As per OP's question What VPN Services Works with Plex/ Xbox. I would like to recommend a few such as NordVPN, Express VPN, PureVPN.
I would like to refer the Best VPN for Plex as it also provides a guide on How to Watch Plex Channels with a VPN that supports Port Forwarding
I hope the guide helps.
Yes you can "bridge" interfaces to somewhat simulate a "switch" It is going to SUCK performance wise and completely over complicate the configuration. Are you filtering on each member, are you filtering just on the bridge interface, etc.
Oh did I say it SUCKS before compared to an actual switch port - right?
If you have a switch - there is ZERO reason to contemplate WASTING a very useful router interface that could be used for you know another network so you could actually firewall between your networks/vlans on your "router" vs using it as a switch port ;)
If you need/want a switch on your router/firewall - then buy hardware that actually as built in switch ports. The sg3100 for example, or the 7100.. Pretty sure their other new models coming will also include actual switch ports.
Yes you can bridge - No you have no reason to do it.. Is like you CAN if you really wanted to poke yourself in the eye with a stick.. But normally people tend to think this a bad idea.. Same goes for using router interfaces as switch ports via bridging them ;)
Well i got it to work.
installed package "ShellCmd". This package is to simply run the following command at every bootup of the router so that the arp entry is always there.
shellcmd: command: arp -s 10.0.0.254 ff:ff:ff:ff:ff:ff
where 10.0.0.254 is the broadcast IP of my network
ff:ff:ff:ff:ff:ff is the MAC broadcast address. Use this as is!
Finally setup NAT port forwarding to 10.0.0.254 and the port you want to use for WOL, eg UDP 9
"What's even more odd is that if I ping the external FDQN when connected to the VPN the packets respond back from the external IP address, so I am pretty that something on pfSense is blocking the request."
If that's true, then while connected to VPN, you should be able to browse the FQDN (public IP) of your pfSense box on port 7001, and the target webserver should be there. Unless... your work firewall is blocking port 7001 outbound. Sounds like you'll have to choose... access your internal server or be connected to work (or use a different machine). It's pretty normal to not be able to do both.
@jimp Thanks. I had gotten this sorted out.
now im banging my head against setting WOL (wake on lan) to work over WAN(internet). I have that working in my oepnwrt router but im new to pfsense so dont know much.
Is that something you know about :)
I can see number of lost packets in Wireshark analysis. The ratio between lost and all packets is something like 30/150000. PF shows 0 packet loss during the capture period. This is an example of one sample of course.
So.. even if PF detects few lost packets and wireshark displays few dozen, I can't tell which one of those is actually detected by PF. And furthermore should I be worried about lost packets detected by PF anyway?
At least some of the lost packets detected by WS I was able to link to one workstation.