Some final updates before I leave this thread alone...

The thread linked to by Rico has been undergoing lots of activity and is very useful (readers of this thread should check it out).

I have had further problems with the qlogic driver, but they are now gone. Basically, once you configure the MTU manually on the interface, the issue goes away.

The first time you do it, you have to wait for multi-user mode to happen, then open up the second virtual console (Ctrl+alt+f2), login, and go to a shell (option 8). In the shell, bring the interface down:
ifconfig ql0 down
Then set the MTU. You can set it to 1500 or 9000, depending on your preferences. Most likely you'll want it at 9000 eventually.
ifconfig ql0 mtu 9000
ifconfig ql0 up

This should get rid of the console going crazy and allow the interface to work. Then you can get into the web interface and configure the MTU for that interface via the web gui. Don't forget to do this step.

Unfortunately, I can't get anywhere near 10gbps performance on this card. The best I've been able to do after lots of tuning (sysctl, tunables, loader.conf.local) is 4gbps, which only worked for a bit and then it went back. It's difficult to figure out why; it's not a card issue probably. It's most likely the hardware and the config (as well as the other end of the connection). I've got it connected to a 10G module in a Brocade FLS624.

There is a known freeBSD bug that causes the MTU issue - I expect it will get patched in pfsense before long. For now, the above fix should work.

Next I would do a packet capture on your LAN for anything going on for address 192.168.1.2

Then do some attempted surfing and see if the traffic is actually making it to the LAN port. If it is do the same for the PPPoE/WAN interface.

Ydrfff @ Any FB stuff on a Fwall

I'd go for FreeRadius on another machine, and then set pfSense to use the external Freeradius

/Bingo

@stephenw10 said in HP Qlogic NC523SFP Driver install Freebsd 11 pfsense kernal recompile:

Yeah, those are not boot loader commands.

You might be able to run them as early shellcmds either directly or call a shell script:
https://docs.netgate.com/pfsense/en/latest/development/executing-commands-at-boot-time.html

They have to be run with the cable actually disconnected? Not just DOWN the interface?

You are probably right, but I did not yet try that. Also I will try to find the source file with the bugs on FreeBSD, change the lines with the bugs, compile the file and than copy the new file to pfSense.
I will keep you informed about both solutions

Maarten

If it doesn't show in pciconf there's nothing pfSense can do. It's almost certainly a hypervisor problem.
You could check the bootlog in case there is a PCI error of some kind.

Steve

In case I didn't try for the process abruptly because pfsense restored all my packages they are currently working, but even after days following the re-installation notice I had to follow the process indicated by the pfsense pop up to stop the process and test reinstall manually, but even so when I try to reinstall any service that is working it is prevented by the log I passed above.
I did the same process that was indicated in a clean pfsense installation and the same problem occurred.
This also prevents you from uninstalling any services.

Online with pfblockering, snort and detailed interface rules. I love pfsense!

That is a layer 2 issue. Either that NIC is not passed through to pfSense correctly or the ONT is rejecting the MAC address. Rebooting would normally reset that bit not always.

Try some other device using the public IP directly. If that also fails and the Netgear is the only thing that works you will need to spoof the MAC address or call the ISP and have them reset it.

Steve

Bad route maybe?

Can pfSense itself access other sites directly? It's not showing a DNS error there.

Steve

@ProfessorManhattan said in Using NVME on pfSense Server that Does Not Support Booting from NVME:

Maybe I can at least /tmp on the NVME?

it makes no sense to speed up "temp" in particular

Even with hundreds of users, the storage needs of pfSense / FreeBSD OP system are very little (only logs)

it is one of the "unicums" of FresBSD, it has little storage space and works

many colleague run from SD card

speed at boot is significant if NVME, but if you can't "boot from NVME" it is not an advantage

+++edit (like):

07b524da-3a6b-4ace-958a-66ba698bea94-image.png

@Harold-cardozo

it's a strange logic, so you have to try both (I vote for enable)
if you use balenaE then both exist, if Rufus can be set this way

https://docs.netgate.com/pfsense/en/latest/book/install/perform-install.html

See https://redmine.pfsense.org/issues/10781

@viragomann I had disabled the firewalls

.... and let me guess : the LAN network of pfSense is also 192.168.1.0/24 . pfSense using 192.168.1.1 on it's LAN ?

So, your router sees 191.168.1.1 as it's getway on its WAN, and uses 192.168.1.1 on its LAN ....
You know it's a router, and yet you treat it as a switch (?!). You are breaking very rudimentary RFC rules here. The router can't route between identical networks.

The real issue is : you do want to use a router after a router (although it is possible - remap your TPLINK to 192.168.2.1/24 on it's LAN, use it's WAN interface to connect to a pfSense LAN, and thinks start somewhat to work).

What you probably want : that your TPLINK starts to have as a (simple) Access Point. In that case, hook it up to pfSense using one of it's LAN interfaces. Stop DHCP (you do not want to have tow DHCP servers on the same network !!) and stop the firewall, stop DNS services. Attribute an IP like 192.168.1.2 to your TPLINK (and set DNS to 192.168.1.1 and gateway == pfSense to 192.168.1.1 == pfSense).

@FreeMindedCH said in RAM Disk Settings:

What RAM disk sizes would you recommend for a Netgate SG-2440?
Any idea why the very same installation does not show this behaviour an a PCEngines APU?

Hi,

Why would you want to use a RAM disk?
is it very important to have in your system....?

in front of me a colleague described very well why it is not advisable to use
(especially if you have little physical RAM in your system, such as 2 or 4GB on the APU MOBO)

here is a great and detailed description of @bmeeks:

https://forum.netgate.com/topic/155220/swap-usage

"Using RAM disks will make your problem orders of magnitude worse! Do you know what swap is for and what it actually is?

Swap memory is a type of temporary RAM. When there is not enough physical RAM to hold the information the currently running processes are using, the operating system will cycle currently idle sections of RAM out to a special file on the disk. So any currently loaded process that happens to be sleeping or otherwise not actively using CPU at that exact instant can have some or all of its data removed from RAM and written to the swap file on disk to free up RAM for use by another active process. Then, when that sleeping process "wakes up" and starts execution again, the operating system reads its data from the swap file and copies it back into RAM. This is an extremely slow set of processes compared to keeping the data in RAM the whole time. So usage of swap is basically to be avoided. When you start using swap, things are going to get very slow very fast.

A RAM disk uses part of RAM to hold data that is normally written to disk. So you would be taking up even more precious RAM to act as a disk drive and thus increase the operating system's need to use the swap file. You leave the OS even less free RAM to use for processes since a RAM disk reserves some RAM to be a disk drive. RAM disks today are generally a bad idea on pfSense. I suggest you avoid using them altogether.

As @DaddyGo mentioned, you are using some memory intensive packages. 4 GB of RAM is really not all that much for the packages you have. Are you sure you really need Squid? With the widespread use of HTTPS today, the utility of caching with Squid is reduced unless you are using some type of MITM. Squid can use a lot of disk space, too. The ntopng package can also be quite resource intensive as an Snort. So together, all those packages can give your firewall a real workout with only 4 GB of RAM available. That's why your firewall is resorting to use swap space, and it is having trouble even with that. This is because swap space is configured during pfSense installation and is a fixed size. Your error messages indicate you are exhausting your swap file space."

Maybe I'm overcomplicating things.

If the switch is mirroring the port connecting the router to the switch (thereby capturing all traffic from the router), will it even get an IP from the router and does it even need one set as a static IP? I've not seen any data from Snort for alerts in >48 hours which has me wondering. However, when I ran a packet capture, it seems to be capturing all packets.

If it wasn't 64-bit it couldn't even have made it that far, it would have had an exec format error much earlier in the boot process before loading the kernel.

okk, but its solved now :)