Hardware

• 

  Official pfSense hardware board
  • ivor  

  1
  0
  Votes
  1
  Posts
  12081
  Views

  No one has replied

• C

  Rack Mount pfSense Router Build
  • Commander  

  8
  0
  Votes
  8
  Posts
  1022
  Views

  T

  Hi @Commander - I think you'll be quite happy with your choice. I have been running pfSense on this exact system for about two years now without any major issues -- this little box offers great performance. Let me know if you have any further questions regarding configuration or performance tweaking once you have got things setup. Hope this helps.
• P

  Support for USB wifi adapters
  • pachi  

  9
  0
  Votes
  9
  Posts
  32
  Views

  

  Do they even make 32 bit hardware any more for PC? Has to be YEARS and YEARS.. Is your PC like 10 some years old? Even the PI 3 for $35 is 64 bit cpu..
• T

  Official Realtek Driver Binary 1.95 For 2.4.4 Release
  • TheNarc  

  34
  3
  Votes
  34
  Posts
  2932
  Views

  

  I would guess no. Not much activity in the FreeBSD repo: https://github.com/pfsense/FreeBSD-src/commits/RELENG_2_5/sys/dev/re
• I

  mini ITX motherboard with multiple NICs supporting newer Intel chips with AES
  • imthenachoman  

  2
  0
  Votes
  2
  Posts
  41
  Views

  T

  Hi @imthenachoman - I'm sure you'll get a lot of different suggestions, but here's one possibility - I put something similar together recently (although it was not for pfSense): CPU - Intel i3-8100: https://www.amazon.com/Intel-8th-Core-i3-8100-Processor/dp/B0759FTRZL/ Motherboard - ASUS Prime H310I-PLUS CSM: https://www.amazon.com/dp/B07KKNLYQH NIC - Intel i340-T4 https://www.amazon.com/Intel-Ethernet-Server-Adapter-system/dp/B003M772KE/ Case: https://www.amazon.com/Silverstone-Mini-ITX-Center-Computer-Aluminum/dp/B00HJOK6F4/ This includes a pretty speedy (high clock speed) quad core CPU and mini-ITX board combined with a fairly recent Intel quad port NIC. This should have no problem passing 1Gbit (though not over OpenVPN). Of course don't have to use this particular case, was just an example of what's out there for mini-ITX. Hope this helps.
• D

  PC Engines apu2 experiences
  • dugeem  

  261
  0
  Votes
  261
  Posts
  70165
  Views

  

  @dugeem Ah, true! That was referring to the original APU, my mistake.
• I

  Will this hardware run pfSense and support 300 Mbps with IDS/IPS, DNS over TLS and pbBlockerNG
  • imthenachoman  

  8
  0
  Votes
  8
  Posts
  88
  Views

  I

  @stephenw10 Agreed. Plan is to install pfSense just to get a feel for the OS/experience. My networking knowledge is not great so if I can't figure it out then I want to know before I buy a new LAN card. I've seen some videos online with screenshots and those screenshots had many terms I don't know so I'm a little worried. Just created the USB installer so I'll see how it goes.
• S

  VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots
  • sethelyon  

  30
  0
  Votes
  30
  Posts
  72
  Views

  

  Do you see blocked traffic in the pfSense firewall log? It seems like your client has the wrong default route or no default route. It looks to have the right gateway though. Hmm...
• A

  Zotac CI323 Installation - Controller Failures
  • ac0hen  

  14
  0
  Votes
  14
  Posts
  5645
  Views

  

  @ac0hen said in Zotac CI323 Installation - Controller Failures: bsdlabel -B -r -w ada0s1 auto" command, it stops at 77% (every time).  Then a "ahcich1" Timeout on slot 21 port 0" and "(ada0:ahcich1:0:0:0):  CAM status: Command timeout With that same error?
• I

  LCDproc to work with Checkpoint LCD
  • ibysmalls  

  4
  0
  Votes
  4
  Posts
  42
  Views

  

  The port placement and LCD look like a Lanner box in which case I would expect the SDEC driver to work. That's connected via the parallel port. However almost all Checkpoints other stuff is Portwell/Caswell. That's not the EZIO LCD though. But yeah it will only run the now obsolete 2.3.5. Steve
• T

  Official Realtek Driver v1.95 Binary
  • TheNarc  

  22
  4
  Votes
  22
  Posts
  1699
  Views

  F

  I have made FreeBSD 12 package. https://drive.google.com/file/d/1Ch4Z_w7gpbrpavQ4KhPUXUzYhRyzqnye/view?usp=sharing I dont consider it my work - I have just packed it in one archive. It is stable for me on 12.0 p3 more than "sed -i -e 's/TAILQ_FOREACH/CK_STAILQ_FOREACH/g' if_re.c"
• D

  Single board computer support
  • dibun  

  9
  0
  Votes
  9
  Posts
  137
  Views

  

  And throughput? VPNs? Packages?
• T

  PSA -- Realtek Network Drivers (RTL8111) in BSD/Pfsense are Problematic
  • tcarlisle  

  1
  0
  Votes
  1
  Posts
  88
  Views

  No one has replied

• Y

  Supermicro 5018D-FN8T Tweaks
  • yorke  

  9
  0
  Votes
  9
  Posts
  238
  Views

  T

  I have been using this system for a couple years now with a symmetric 1Gbit fiber connection and it is definitely capable of passing gigabit speeds even with IDS/IPS enabled (in my case I run Snort). Here a couple more suggestions: Networking tweaks - put these four lines below in your loader.conf.local file (if you're using the SFP+ ports replace igb with ix): hw.igb.rx_process_limit="-1" hw.igb.tx_process_limit="-1" hw.igb.txd="2048" hw.igb.rxd="2048" I'd also recommend disabling flow control and energy efficient ethernet, unless you have a specific need/use for them. Another good thread with tuning tips: https://forum.netgate.com/topic/101391/loader-conf-local-tuning-for-modern-hardware/ Finally, if you disable Suricata temporarily, do you get full speed with a client behind pfSense, or does it not make a difference? Hope this helps.
• M

  pfsense on rasppery PI
  • mehdi92  

  13
  0
  Votes
  13
  Posts
  345
  Views

  M

  @stephenw10 said in pfsense on rasppery PI: You can do that with Radius accounting in pfSense but it's quite a complex setup. It also doesn't scale well to a large number of users if you have individual accounts in Freeradius. The GUI is not setup for that. Better to use a separate Radius server if you need that. It would not run well on an SG-1000, if you go that route it should be installed on larger hardware. Thanks!
• S

  Does pfSense support StarTech PCIe Gigabit Multimode SC Fiber Card?
  • Seeking Sense  

  10
  0
  Votes
  10
  Posts
  197
  Views

  

  Ah, nice so it probably was a multimode/singlemode mismatch. Good result! Steve
• M

  Incredibly Poor Performance - AMD K10 & Intel i350-T4 (igb driver)
  • menisk  

  3
  0
  Votes
  3
  Posts
  153
  Views

  M

  So I managed to solve this with a BIOS update in the end. Part of the update process was clearing the CMOS so I had to change a bunch of settings back. The only setting I know was different that I chose to leave default this time was the ACPI HPET Table option. Previously it was enabled, now it's disabled. I don't really see how this would affect performance to the extent I was seeing, so I suspect it was something in the BIOS updates that solved the issue. Also MSI interrupts are definitely slower than MSI-X, they took me down to 50mbit. For the next sod that goes googling this, the Motherboard was an ASRock N68-S3 UCC. Initial BIOS version was 1.4, updated to 1.6. I'm now running all defaults except that I've restricted my queues to 1 per NIC with the following in /boot/loader.conf.local hw.igb.num_queues=1 I'm doing this because I have a dual core CPU and 4 NICs, so I'm trying to reduce the amount of context switching. It may work fine as a default, but after the nightmare of getting it to this point I'm just going to leave it be.
• M

  4g modem info
  • mouitido  

  10
  0
  Votes
  10
  Posts
  2887
  Views

  A

  @johnminaa said in 4g modem info: I will also recommend Huawei E398 LTE USB Modem. I never owned, used or recommended it. Personally I would recommend Huawei E3372H as a replacement. Fortunately some people already posted here some receipts on using it in the different modes.
• C

  Crashes on APU2
  • Cypher100  

  10
  0
  Votes
  10
  Posts
  307
  Views

  

  Hmm, very different crash: db:0:kdb.enter.default> bt Tracing pid 0 tid 100250 td 0xfffff8001d5f0000 lz4_compress() at lz4_compress+0x761/frame 0xfffffe01205358d0 zio_compress_data() at zio_compress_data+0x8c/frame 0xfffffe0120535910 zio_write_compress() at zio_write_compress+0x21f/frame 0xfffffe0120535990 zio_execute() at zio_execute+0xac/frame 0xfffffe01205359e0 taskqueue_run_locked() at taskqueue_run_locked+0x154/frame 0xfffffe0120535a40 taskqueue_thread_loop() at taskqueue_thread_loop+0x98/frame 0xfffffe0120535a70 fork_exit() at fork_exit+0x83/frame 0xfffffe0120535ab0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0120535ab0 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- db:0:kdb.enter.default> ps Fatal trap 12: page fault while in kernel mode cpuid = 2; apic id = 02 fault virtual address = 0x1 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff8300ab51 stack pointer = 0x28:0xfffffe0120535860 frame pointer = 0x28:0xfffffe01205358d0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 0 (zio_write_issue_2) More like a hardware issue with different crashes like that. Steve
• S

  Lightning Protection w/PCIe Gigabit Multimode SC Fiber Network Card???
  • Seeking Sense  

  4
  0
  Votes
  4
  Posts
  129
  Views

  S

  @mats thanks for the reply and please forgive the long delay in responding. Thanks for the advice regarding the electrical side. Have a APC UPS powering the cable modem. The coax feeding the cable modem is run thru a surge suppressor . The pfSense box is powered by a separate APC UPS. Anything else I should consider?
• F

  Better option for $$$ than Protectcli FW6C with 16GB ram & 512GB M2?
  • fabrizior  

  11
  0
  Votes
  11
  Posts
  457
  Views

  F

  Thank you gentlemen. I appreciate your time and feedback.
• U

  Can pfsense support 5 x Intel X710-T4 quad 10gigabit RJ-45 port adapters?
  • uberwebguru  

  14
  0
  Votes
  14
  Posts
  400
  Views

  

  Good decision!
• U

  Alternatives to Netgear 10G smart managed pro switches
  • uberwebguru  

  11
  0
  Votes
  11
  Posts
  245
  Views

  U

  @stephenw10 around 24 x 10G ports
• T

  Intel X552 Onboard SFP+ No Carrier Issues
  • tman222  

  4
  0
  Votes
  4
  Posts
  101
  Views

  

  Ah, interesting. I have seen that with an incompatible SFP module but never with just the connection like that. But yes in that case simply removing the module and rebooting was not sufficient to clear the state in the NIC. It had to be completely powered down to see the correct module again. Steve
• N

  pfSense on Watchguard M370
  • networkBob  

  7
  0
  Votes
  7
  Posts
  358
  Views

  

  mSATA, they finally moved off CF then. Nice. There are some big differences to the NCA-4210 which I assume it's based on. Interesting.
• P

  Installing the Realtek PCI-e Module in PfSense / FreeBSD [Help]
  • prickly_porcupine  

  5
  0
  Votes
  5
  Posts
  132
  Views

  P

  Thanks @stephenw10 for the insight, I really appreciate it. I won't waste any more time on this.
• A

  Intel quad port NIC recomm.
  • aljames  

  5
  0
  Votes
  5
  Posts
  268
  Views

  B

  I've recently bought an Intel Pro/1000 too to test pfSense on virtual machine (Proxmox)
• B

  Returning user needs a new pfSense box!
  • bluepr0  

  15
  0
  Votes
  15
  Posts
  599
  Views

  

  I can also recommend voleatech, ordered 8 Netgate devices so far (more coming soon) and everything was smooth. -Rico
• R

  Watchguard Firebox M400
  • revsie  

  172
  0
  Votes
  172
  Posts
  16120
  Views

  

  Then any relatively cheap i3 like the 4130 will work. That will give you a faster CPU with hyperthreading and AES-NI. I think someone fitted one earlier in this thread. (edit: several people in fact) Steve
• L

  Issue with mobile broadband dongle
  • landman16  

  11
  0
  Votes
  11
  Posts
  247
  Views

  

  Ok, you will need to change it's mode. For example: http://www.draisberghof.de/usb_modeswitch/bb/viewtopic.php?t=1226 It would be better to permanently switch it which might be possible from it's interface in Windows or Mac. Otherwise if you can switch it to device ID 1C05 it should be detected: https://github.com/pfsense/FreeBSD-src/blob/ff7d4801f1b88de656e028209818ff005e8a1353/sys/dev/usb/usbdevs#L2437 Steve
• 5

  Watchguard xtm 5 issue
  • 5310  

  4
  0
  Votes
  4
  Posts
  140
  Views

  

  If you boot an image that does not use a serial console by default you won't see anything unless you have the VGA header hooked up. The XTM5 does not have a UEFI bios. It you try to boot an image that requires UEFI it won't boot. Are you trying to boot USB? Do you know the pfSense installed boots USB, you've made the required BIOS changes? Steve
• S

  Unable to hit 1Gbps connection through Bell PPPOE. Can't figure out bottleneck.
  • Slither13  

  10
  0
  Votes
  10
  Posts
  396
  Views

  

  You might have more luck with a Broadcom NIC and patched FreeBSD driver: http://www.dslreports.com/forum/r32230041-Internet-Bypassing-the-HH3K-up-to-2-5Gbps-using-a-BCM57810S-NIC I have no way of testing that myself.... Steve
• C

  Low throughput over LAGG with 1Gb clients
  • cursixx  

  17
  0
  Votes
  17
  Posts
  357
  Views

  C

  I have some updated info. I created a new vlan on the cisco switch and setup two etherchannels. One for the pfsense wan and one for the modem and put them both on the that vlan. basically a "WAN" bridge between the two devices I also added a gig port to the new vlan as well. This way I can test speeds between the modem and/or pfsense WAN side. My test computer picked up a public ip on the WAN vlan and ran some iperf tests for ingress and egress to an inside client. That produced 970Mbps both ways with no dupes or other problems in the packet capture. So I feel this rules out any issues with my inside network and pfsense. Running a speed test across the etherchannel to the cable modem from a 1Gb connection I was able to reproduce the exact same issue I had with low throughput. I even used new cables and tested them with my fluke to be sure. So it seems like this is an issue with modem+lacp or firmware. If it was a modem firmware problem I'm SOL anyways. I'm little burned out on it right now so I'll come back in a few days and keep working at it. I have Mikrotik a could try, maybe a windows computer with a LAGG directly connected to the modem.
• C

  ZTE MF683
  • clachankid  

  3
  0
  Votes
  3
  Posts
  607
  Views

  G

  so I fixed this. I plugged the modem into a win box, connected to the serial port then AT+ZCDRUN=E this enters the modem into the download mode disabling the drives altogether. (AT+ZCDRUN=8 did NOT work for me) this is being saved in the nvram. plugged it back in, worked right away ! -- ugen0.2: <ZTE,Incorporated T-Mobile Rocket 4G> at usbus0 u3g0 on uhub0 u3g0: <ZTE,Incorporated T-Mobile Rocket 4G, class 0/0, rev 2.00/0.00, addr 30> on usbus0 u3g0: Found 3 ports.
• U

  DELL EMC POWEREDGE R640 Network Card - pfSense
  • user24  

  4
  0
  Votes
  4
  Posts
  138
  Views

  U

  Thank you both of you for your advices. Actually this server has either broadcom or intel NIC I concluded the study by recommending choosing the one with Intel NIC. I hope there will be no problem during the installation and the configuration.
• L

  How does this compare with the SG-5100?
  • Larrikin  

  9
  0
  Votes
  9
  Posts
  416
  Views

  L

  @stephenw10 100% agree. That is literally the predicament I am in. For now, I VLAN to a PC who has a top of the line CPU in it (overkill really) which would probably do gigabit OpenVPN, but given my internet connection is 100/40, the box above seems like it will be perfect for the cupboard.
• P

  Suggest Intel dual nic card
  • patrick0525  

  2
  0
  Votes
  2
  Posts
  223
  Views

  K

  look this https://www.pcengines.ch/apu2.htm
• A

  MBT-2220 expected temperature? (Tjunction)
  • ay  

  2
  0
  Votes
  2
  Posts
  109
  Views

  

  That doesn't seem way out. [2.4.5-DEVELOPMENT][root@2220.stevew.lan]/root: sysctl dev.cpu.0.temperature dev.cpu.0.temperature: 57.0C That's at idle pretty much. Steve
• S

  Anyone have pfSense installed on Stonesoft / Stonegate hardware?
  • steveharman  

  9
  0
  Votes
  9
  Posts
  586
  Views

  F

  Sadly not at least on the 1u version. The only fan was a cpu blower designed to pull from the cpu and motherboard and push the heat out which you can clock down but still noisey. I did buy some 1u silent Gelid fans as supermicro are always generous with connecting fans but still did not work well. The other issue is the very noisy (although labelled as silent) 1u PSU. I've been on the periphery with pfsense for a while now so did not know that "aes-ni must have compatibility" was pushed back. I went out last year and dropped £200 on one of the fanless and silent qotom boxed. ALthough am very happy with it as against running a vm. Cheers
• M

  gatePROTECT GPA-250, Worth the trouble?
  • Mr1070  

  6
  0
  Votes
  6
  Posts
  228
  Views

  

  Only thing I found was this: But they may have updated it and kept the numbering. Steve