@stephenw10 correct i dont need any of these and my internet works. i just wanted to learn from you in case something like that happens here in Hawaii.
Thank you again for everything and for the knowledge you taught me in this case.

Thx, that worked.

09ce9608-39b9-4d67-a970-078bb743482f-image.png

@stephenw10 hello, we once again checked the BGP settings on cisco, noticed a couple of parameters related to the announcing the default route, transferred these parameters to pfsense and everything worked, thanks for trying to help me.

@rcoleman-netgate
I just finished the reinstall a few minutes ago but still having the same issues. The HA sync is not working and it's required to restart the php-fpm in the backup node every 20-25 minutes

I found information in the following link
https://redmine.pfsense.org/issues/11583

I'm going to check and let you know how it goes

🤞

Sure just go to Interfaces > Assignments and set the WAN to mvneta0. By default it's configured as mvneta2.
https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/io-ports.html#routed-ethernet

You will have to unassign OPT1 or use mvneta2 for that instead.

Steve

Yes, that's what it shows.

I don't use Darkstat personally beyond testing it's functionality.

@stephenw10
I put the swap there for emergencies, but it's really never used. I can increase the memory.

I wonder, is there a way to delay the starting of snort? Because it all works eventually without any intervention. (Obviously the crash didn't think so) It seems to be too much going on at startup.

EDIT: Although, now that I think of it, I'm not sure I want Snort off at all.

Thanks for your help! I will bump the memory.

Thanks to everyone for the suggestions, it eventually turned out this was just cable internet provider doing what it does. Customer complains, they turn the speed up for a few days, and it shows a bit over 200Mbps , then over the course of another 2 weeks or so it drops back to under 100Mbps. Customer makes another call, tech shows up, they turn the speed up again for a while and say everything's OK, rinse & repeat. I went ahead and did the upgrade to pfSense 2.6.0-Release to stay current, but both pfSense and the hardware it's on are working perfectly, everything else was typical ISP shenanigans.

It would be much better if the ISP did route the /29 to you via the WAN IP. A much more flexible setup. You might want to contact them and ask if they can do that.

Steve

@shaddow said in pfSense Crash at a randem time and wont fully reboot:

Enable the ALTQ support for hn NICs

That only does anything for hn(4) NICs so Hyper-V or Azure. It doesn't matter here.

pfSense only sees the Xen NIC so changing it from Intel to Realtek would only make any difference if you enabled hardware pass through.

Check the output of: ifconfig -vm xn0
Make sure the hardware off-loading options are actually disabled.

Steve

@nimrod said in CPU Temp stuck at 27.9C:

But setting PL1 and PL2 affect how turbo works, and how much power is being used. Setting them at 10W/12W - which they really should have been at the factory - temps are now down to 40'sC with "max battery" set in BIOS or mid 50'sC with "max performance battery". I don't think I'm going to even look at "max performance" again, it's doing what I need.

Please tell me where are those settings located, and i will check tomorrow at site. I have similar issue with overheating but the unit is in the rack case that has 120mm fan blowing right above it. Last time i was playing with Topton, except for options to disable VT-d and turbo function, there were no other settings i could adjust. Also, if you can, please tell me whats the exact model and bios bios version.

The bios version is 5.19, and the model I have is this one. This has one of these Bluetech boards.

As for the settings, there's a fair bit I've collated from various different sources.

In the BIOS, Advanced, CPU, Power Management, View/Configure Turbo Options.

Set Power Limit 1 Override Enabled
Set Power Limit 1 as 10000 (10W)
Set Power Limit 2 Override Enabled
Set Power Limit 2 as 12000 (12W)

CPU VR Settings, sett PSYS PMax Power at 176.

Go into Acoustic Noise Mitigation, and enable.

Set Slow Slew Rate for VccIn Domain to [Fast/16]

And then set C States enabled.

I also enabled ACPI, but I haven't noted down where that was.

In tunables in pfSense,

hw.acpi.cpu.cx_lowest=C3
hw.ibrs_disable=1
machdep.hwpstate_pkg_ctrl=0
dev.cpu.0.cx_lowest=C3
dev.cpu.1.cx_lowest=C3
dev.cpu.2.cx_lowest=C3
dev.cpu.3.cx_lowest=C3

I completely understand. Im not bashing Topton or any other device, but you literally get what you pay for.

Oh definitely. I've paid much more for much worse, though, especially in the modem-router and load balancer/fallover arena.

Keep in mind that Netgate 4100 comes with QAT support, so it can not be even compared with those cheaper devices.

Not something that I need. I don't run VPNs or anything like that. I use pfSense as a router that can actually do IPv6, with fallover to 4G when NBN goes AWOL, and filtering with pfBlocker and Suricata.

Also, you should have gone with Yanling if Netgate is not an option. They are the OEM for Protectli. And those devices are well made with proper support and bios updates.

A four-port with a J3160, 8GB of memory and 120GB hard drive is about twice the price of the Topton N5105 based one after I've purchased the memory and drive. It's tough to justify. Performance wise they're not even close! Single core and multicore, it's a third of the processing grunt for twice the price. Looking at the benchmarks that wouldn't be much better than the GX-412TC that's in the PCEngine board it's replacing. I'd just keep using the PCEngines APU4 board.

Thank you very much, I will try with the script. Thank you again for your help.

Yeah, that. It really shouldn't be causing a restriction.

Check the Status > Interfaces page for errors on the NICs.

Try running at the command line: top -HaSP
Then run a test and make sure no CPU core is pegged at 100%.

Steve

Any reason you're not running 2.6.0?

The base date are set at compile time I believe which is why it's reporting that. It shouldn't make any real difference though other than maybe a little longer to sync.

Steve

@tux4000 While your issue is solved, just wanted to add for those searching in the future that on all my customer sites, all unifi devices report to a digital ocean linux 'box' running the controller software. I have pfSense FWs and pfSense+ on netgate appliances, a varied mix. No tweaking of any kind ever needed on the firewall, as all traffic is outbound (from firewall's perspective).

The only exception was human error before I put the controller on DO when controller and device were on separate VLANs (w/out rules). After that, I no longer used local controllers.

@stephenw10 If only there was some kind of video on youtube by netgate that can give an example on modifying the config.xml when porting it over to new hardware 😁

The speed drop is because when the client is on VLAN1 that traffic is all moving through the switch. When it moves to VLAN2 pfSense has to route all that between the interfaces. That's expected.

Steve

@johnpoz I ditched HAProxy and went to Traefik and all is working now. :)