ruled out. this issue is duplicated now even in the manufacturer

@tleadley Holy crap, somehow pkg, pkg-static and pkg2ng in /usr/local/sbin all got overwritten and showed zero bytes. I was just lucky enough to have access to one of my other SG3100's and copied the files over. I ran the repair process once again and we are good to go, no factory reset required.

@viragomann thanks dude! :)

Ok so everything appears normal again.

The issue I believe is related to the igb driver.

I had it set to use 2 queues, configured in loader.conf.local, after I reverted it to single queue mode the issues went as fast as they came. I dont know what the default is now days.

Some may remember setting the driver to two queues on some igb hardware used to cause kernel panics, but then that got fixed in FreeBSD, so the dual queue mode does have a history of problems. If anyone else has these symptoms and they using igb, then this might be a place to look.

The variable is 'hw.igb.num_queues'.

<Lightbulb goes off!>

Thank you!

@jimp
/root/.profile appeared to be a generic FreeBSD file. I replaced it with one from a working pfsense install and things appear to be back to normal. Thanks!

I'm a bit embarrassed. Tried to delete this, but seems I don't have permission to do so.
Incase anyone is having similar issues..... REBOOT.

All I needed to do was reboot the workstations and they were working perfectly with the pfsense as the gateway.

The Q6600 will not pass 10Gbps in any test.

I have tested one at 2.6Gbps in a simple iperf test. I would expect it to be OK at 1.3Gbps of regular traffic. Though the PPPoE means it restricted to a single receive queue for each of those connections. If you have em NICs those are single queue anyway.

Steve

@cenriq
Sure why not?

What hardware are you installing on?

What pfSense version are you installing? What exact installer image?

Steve

@viragomann said in My backup ALIX box not working, Netate box is fine:

vlans

Thanks, but no luck.

After altering the XML file from the Netgate box I got this error:
XML error: VLANGROUP at line 332 cannot occur more than once

I had already tried this last week and got the same error. I edited the conf file to remove the VLANGROUP and regained access to the system.

Using the Ping tool in the PFSense GUI if I ping Google it works from the WAN side but when LAN is chosen it comes up with No route to host.

What brick wall are the packets hitting? This makes no sense.

Some final updates before I leave this thread alone...

The thread linked to by Rico has been undergoing lots of activity and is very useful (readers of this thread should check it out).

I have had further problems with the qlogic driver, but they are now gone. Basically, once you configure the MTU manually on the interface, the issue goes away.

The first time you do it, you have to wait for multi-user mode to happen, then open up the second virtual console (Ctrl+alt+f2), login, and go to a shell (option 8). In the shell, bring the interface down:
ifconfig ql0 down
Then set the MTU. You can set it to 1500 or 9000, depending on your preferences. Most likely you'll want it at 9000 eventually.
ifconfig ql0 mtu 9000
ifconfig ql0 up

This should get rid of the console going crazy and allow the interface to work. Then you can get into the web interface and configure the MTU for that interface via the web gui. Don't forget to do this step.

Unfortunately, I can't get anywhere near 10gbps performance on this card. The best I've been able to do after lots of tuning (sysctl, tunables, loader.conf.local) is 4gbps, which only worked for a bit and then it went back. It's difficult to figure out why; it's not a card issue probably. It's most likely the hardware and the config (as well as the other end of the connection). I've got it connected to a 10G module in a Brocade FLS624.

There is a known freeBSD bug that causes the MTU issue - I expect it will get patched in pfsense before long. For now, the above fix should work.

Next I would do a packet capture on your LAN for anything going on for address 192.168.1.2

Then do some attempted surfing and see if the traffic is actually making it to the LAN port. If it is do the same for the PPPoE/WAN interface.

Ydrfff @ Any FB stuff on a Fwall

I'd go for FreeRadius on another machine, and then set pfSense to use the external Freeradius

/Bingo

@stephenw10 said in HP Qlogic NC523SFP Driver install Freebsd 11 pfsense kernal recompile:

Yeah, those are not boot loader commands.

You might be able to run them as early shellcmds either directly or call a shell script:
https://docs.netgate.com/pfsense/en/latest/development/executing-commands-at-boot-time.html

They have to be run with the cable actually disconnected? Not just DOWN the interface?

You are probably right, but I did not yet try that. Also I will try to find the source file with the bugs on FreeBSD, change the lines with the bugs, compile the file and than copy the new file to pfSense.
I will keep you informed about both solutions

Maarten

If it doesn't show in pciconf there's nothing pfSense can do. It's almost certainly a hypervisor problem.
You could check the bootlog in case there is a PCI error of some kind.

Steve

In case I didn't try for the process abruptly because pfsense restored all my packages they are currently working, but even after days following the re-installation notice I had to follow the process indicated by the pfsense pop up to stop the process and test reinstall manually, but even so when I try to reinstall any service that is working it is prevented by the log I passed above.
I did the same process that was indicated in a clean pfsense installation and the same problem occurred.
This also prevents you from uninstalling any services.

Online with pfblockering, snort and detailed interface rules. I love pfsense!

That is a layer 2 issue. Either that NIC is not passed through to pfSense correctly or the ONT is rejecting the MAC address. Rebooting would normally reset that bit not always.

Try some other device using the public IP directly. If that also fails and the Netgear is the only thing that works you will need to spoof the MAC address or call the ISP and have them reset it.

Steve