Well, for a start I now have an AES-NI mini-pc with pfsense running as main router. :)

There are still some processes in pfSense that are thread-locked or do not scale well across cores and those benefit from faster CPU speed.

If you run a number if things though, VPN, snort, squid etc, those can use separate cores so you would some benefit there.

The sweet spot there depends what you're running but 4 fast cores is pretty good for a default setup.

Steve

Probably not.

It depends exactly what that box is doing though. For example pfSense can do ML-PPP itself:
https://doc.pfsense.org/index.php/Multi-Link_PPP_(MP/MLPPP)

Steve

By lying and increasing my subnet size from /29 to /24 on the LAN2 I have avoided duplicate interface addresses on LAN2 and WAN2. At least traffic is now flowing…

@Gertjan:

This is the key word :

Cannot allocate memory

Also check drive space and disk allocations.

If needed, stop en remove the "memory eaters" (packages - and I'm not talking about the cron - or note package here  ;))

Hi Gertjan,

that's not a Problem of mine. The Server has a CPU Load from 3-4 Percent and a low Mem usage.
I found out that the Message and the Problem happen, if a Gateway has Packetloss and it's marked as down. Than the Error is generated. Also if the GW is coming up again. I think this is a bug that has been checked.
As workaround i disabled the gateway-check. Than nothing error happen.

Hi,

Probably freebsd kernel hints file.

See what dmesg has to say.

@SammyWoo:

Looked at the diagram more closely and this is impossible as pfsense is on the same subnet as the laptop.  Bad mask(s) or the Switch is hooked up/configured wrong.

the answer was here

https://forum.pfsense.org/index.php?topic=132528.msg730834#msg730834

the device is kinda defective as shown

Int 1 –-> ibg0
Int 2 ---> ibg2
Int 3 ---> ibg3
Int 4 ---> ibg1

this is the port config of the device..this is why it didnt work because it wasnt the correct port.

"100% True !! I totally agree, I bet even all free DNS's are in it to. "

Then why don't you just resolve.. Are the root servers in in on too?  When you resolve you ask the roots for the NS of the domain your looking for, then you directly act the authoritative ns for that domain.. You do not forward all your queries to some specific name servers..

And you can limit your queries to the roots for only the specifics.. Ie you don't ask root for www.domain.com you ask for .com ns, then you ask .com ns for domain.com - but I found this to be very problematic with many domains that do delegation, etc.. microsoft technet had all kinds of problems if I recall.

there was a whole thread about turning this feature on..

qname-minimisation

If your interested in such a thing.

That makes sense…didn’t think of that.  Thank you!

ETA:  That was the issue...the 4 port NIC now occupies igb0 through igb3 and the onboards start with igb4.  Thanks again!

Hi kshays,

If you had no 3rd NIC on your pfsense you would tag all VLAN's on the LAN NIC and on the switch uplink port (trunk).

You would then untag/tag ports on your switch as per requirements. In your example you would:

Switch Port 1 - Tag VLAN1 & 3 (as it's carrying both Secure WiFi and Guest VLAN traffic to the ASUS RT)
Switch Port 2 & 3 - Untag VLAN1

I hope this makes sense.

SJT.

Well am glad u were able to resolve this with easily replaceable NICs and not some embedded soldered on NICs.  There are some system/advance/network parameters that users can turn off to deal with problematic NICs to try things out as alternative.

????

What do you mean pfSense server?  PfSense is a firewall/router, that can also do things like DHCP and DNS servers.  If you have multiple sites connecting to it, what will you use as a firewall on those sites?

@dotdash

Thanks for the info. I have search only last night and after a long many hours found my potential solution. I will have to test today. I will also be searching the virtualization forum also for alternatives.

Unlikely it's related to a software reboot. It'll probably come back if/when your phone starts charging again or so.

Yeah this seems to be related to https://redmine.pfsense.org/issues/8360

With that !/

So you have computer on pfsense wan, and you want to get to stuff behind pfsense NAT to lan.. Then you would have to port forward..  If you do not want to port forward, and use pfsense as a downstream router/firewall without nat.. Then unless you do host routing on devices on what becomes a transit network your going to have a bad time with asymmetrical routing.

To use pfsense as a downstream firewall/router or just router and not nat then pfsense needs to be connected to the upstream router via a transit network that no hosts are on so that you remove asymmetrical routing..

If you want to do what your doing with pfsense NATing between wan and its lan which is what it does out of the box.. .Then you would setup port forward for what ports you want to hit on 192.168.2.2, and haave your 192.168.1.2 computer hit pfsense wan IP at 192.168.1.100:port to get get forwarded to 192.168.2.2

transitnetwork.png
transitnetwork.png_thumb