You might try ifconfig -vvvvvvm ix0 which I recently found gives a bit more info. Yes, really, 6 vs on the cable I had! 5 seemed enough for others.
Otherwise I'd try a packet capture and see if you have bad fragmentation or packet dupes/resends etc. Maybe try dsiabling pfscrub in Systsem > Advanced > Firewall&NAT, see if that makes any difference.
@clachankid said in ZTE MF683:
/usr/local/sbin/usb_modeswitch -v 0x19d2 -p 0x2000 -V 0x19d2 -p 0x0157 -I -W
trying to use one of these modems as well 4 years later after this post...
built on Wed Dec 12 07:40:18 EST 2018
ugen0.2: <ZTE,Incorporated T-Mobile Rocket 4G> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (500mA)
bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0200
bDeviceClass = 0x0000 <Probed by interface class>
bDeviceSubClass = 0x0000
bDeviceProtocol = 0x0000
bMaxPacketSize0 = 0x0040
idVendor = 0x19d2
idProduct = 0x0157
bcdDevice = 0x0000
iManufacturer = 0x0003 <ZTE,Incorporated>
iProduct = 0x0002 <T-Mobile Rocket 4G>
iSerialNumber = 0x0004 <MF6830TMOD010000>
bNumConfigurations = 0x0001
doesn't seem like this is recognized by the u3g driver ... I don't see any sign of that in the dmesg ...
Thank you both of you for your advices.
Actually this server has either broadcom or intel NIC
I concluded the study by recommending choosing the one with Intel NIC.
I hope there will be no problem during the installation and the configuration.
@stephenw10 100% agree. That is literally the predicament I am in. For now, I VLAN to a PC who has a top of the line CPU in it (overkill really) which would probably do gigabit OpenVPN, but given my internet connection is 100/40, the box above seems like it will be perfect for the cupboard.
Sadly not at least on the 1u version. The only fan was a cpu blower designed to pull from the cpu and motherboard and push the heat out which you can clock down but still noisey. I did buy some 1u silent Gelid fans as supermicro are always generous with connecting fans but still did not work well. The other issue is the very noisy (although labelled as silent) 1u PSU.
I've been on the periphery with pfsense for a while now so did not know that "aes-ni must have compatibility" was pushed back. I went out last year and dropped £200 on one of the fanless and silent qotom boxed. ALthough am very happy with it as against running a vm.
I agree with #stephenw10 in that you should confirm the WAN speeds first. Only then can you check if your PfSense can pass that level of traffic.
FYI, for reference, I did some testing on ESXi today using a couple of virtual switches inside:
Test 1: Windows 7 (4 core 4GB) --> Virtual switch --> Centos 7.5 (4 core 4GB)
Iperf3 gives me 13Gbps across the v-switch. (therefore the Iperf client & server Virt-machines have plenty of CPU & RAM.
Test 2: Windows 7 (4 core 8GB) --> Virt-SW-1 --> PfSense (4 core 4GB) --> Virt-Sw-2 --> Centos 7.5 (4 core 4GB)
Iperf3 now only gives 2.5Gbps E2E through PfSense even with 4 Xeon & 8GB ram assigned to PfSense. Tried this with both E1000 and VMX3 virtual NICs but result is the same.
Now I'm wondering what I need to tweak inside PF to get better throughput, or if this is a limitation of PF in ESXi environment ?
Yes, disable off loading if only as a test. It's something that can cause asymmetric throughput like that.
Testing to or from pfSense is still not a good test though. Through it is far better.
You can try testing with more processes. The igb NICs can use multiple queue. Maybe try -P 4.
Also check the CPU usage when you're testing with top -aSH. See if you're hitting a limit with one core.
Yeah I would also expect better throughput from an APU2 than an APU1.
I have not tried swapping cables yet, but will add that to my testing when I have an opportunity. I didn't (still don't) see iperf3 in the available packages list, otherwise I would have installed it. I am assuming from your note that if I do pkg install iperf3 from the command line it will be there and install.
Checking the interface status shows In/Out Errors 0/0 and Collisions 0 for both WAN and LAN interfaces. This has been up for 23 days since the last reboot.
@stephenw10 said in New setup (and a new user):
Yes it will.
You could use a USB device but a separate AP will be far better in almost every respect.
I'll go with the separate AP then.
More eyes on this can't hurt.
Indeed WG loads a driver for the switch device and then configure it to accept the individual VLANs on the three igb NICs.
It would be good to get a second opinion on connecting the switch serial console header internally if you can try that.
If we can get any access to the switch that might help. It seem unlikely we would ever get a FreeBSD driver for the switch devise but if we can configure it via serial then we would only need an igb driver that recognises the phy (or lack thereof).
Was it blocked UDP packets?
Did you see some Cores pegged at 100% during that time?
What is the crash you see with LRO enabled? We usually recommend leaving that disabled though for just this reason, it can be unstable.
Ah, nice. So something there is set to fixed speed/duplex and was causing pfSense to fall back to it's default connection type.
It would be better to have everything set to autoselect but some ISP still seem to insist on using fixed.
I appreciate your work on this as I own an HP t5730 on which I would like to install pfsense. Since your last post, the older versions prior to 2.4 have been removed from the pfsense download site.
So, I am unclear whether there is a way to directly install the current nanoBSD version on the HP t5730 or if there is a workaround (finding an old version of pfsense elsewhere and then upgrading in accord with the instructions you have provided, installing a current version to a computer, modifying it to fit on the HP 1 GB flash and "dding" it to a USB drive and then installing that, or...).
Thanks in advance for advice.
There's a separate thread for it: https://forum.netgate.com/topic/136614/watchguard-firebox-m440/
But the short answer is no.
The igb driver does not attach to the other 3 ports because the PHY used is not recognised.
The switch IC is connected to the CPU only via an unknown PCI device. It looks to have a serial console for some kind (the switch) but we never saw any output from it. It looked like there might be a resistor missing.
Please post in the other thread if you wish to discuss further.
@dlucas46 said in Wrong readings on CPU temperature (Atom D525):
You could correct the issue but it would require you to rebuild the coretemp kernel module.
I had to do a similar thing when I replaced the CPU in my Watchguard with a xeon.
The coretemp module code is very basic and if your CPU has the same ID as another model the wrong tjmax value gets set. If you change the code you can compile the module and load it at boot to override the coretemp module from the kernel.
You will then have the correct temps reported.
That would be too much of an effort for me as this box is just a stand in, before i can buy something new. It is at least eight years old and was pulled from the shelf because i needed a quick solution.
Also my programming skills are virtually non existent
@grimson That is a good point. The main reason I'm asking now is the potential addition of the 10G switch in the near future. I'm trying to figure out if it will be solely an isolated storage switch or it I want to route it. I only have one pcie slot in my router. So, if I add a SFP+ card, I would like to get one that has the greatest chance of also working with a fiber WAN.
There is a method to artificially disable the AES-NI detection of openssl by setting OPENSSL_ia32cap="~0x200000200000000" to disable AES-NI usage for testing.
## Automatic AES-NI detection
$ openssl speed -elapsed -evp aes-128-cbc
## Disable AES-NI detection
$ OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc
You could pass 300Mbps with a Pentium4 so you will have zero issues doing it with a Haswell i5.
Somethings are still single threaded and hence single core speed matters for them. OpenVPN or Snort for example. But I would expect that CPU to do either of those things at 300Mbps just fine.
The 4.5mins does seem suspiciously like that watchdog reference but I would still expect to see output during that point.
No output at all on the VGA port even after resetting the CMOS doesn't look good to be honest. This is a C2000 SoC with everything that implies.
Connecting to the serial port usually requires a USB to serial adapter and a null-modem cable. But you can get adapters that are both those things combined.
Thanks Steve, Very good point on being on the same subnet. I have another think how to divide things up, I also have several low speed Wifi IOT devices which be better not on the subnet as he PC's. It's always the same with home networks and computers - pick one only Speed, power consumption, future proof. I think the Asus H110T is good board but not expandable, A board with more network ports or a PCIe slot would be better longer term. Thanks for point things out that I didn't think of !
How about a used Dell Optiplex 9020 SFF ?
4 core i7 (up fo 3.9 GHZ) with , 8GB RAM + 120GB SSD, plus a Win10 license for 350$AU
Add a chinese knock-off i350-T4 network card for 60$AU.
The i5 version is available for only 270$...
I run the i7 version with ESXi and 16GB RAM. It handles a 50/20 NBN connection withoit breaking a sweat... I have tried OVPN and could achieve 45Mbit/sec during the day.
At night times my provider or NBN starts dropping UDP packets and VPN throughput becomes unusable at 1.5 MBit/sec. Back to 45 again after 11pm.
Not in the last 3 days!
Still needs an lcdproc driver. It's probably more complex that other displays since it can do full graphics not just characters.
However it also appears to have a much simpler mode since you can just send text at it and it will display something.
This was due to vlans and switch config being erased. If you're restoring a configuration to this device, make sure to either backup the vlan's before restore from the factory image, or recreate them manually. Make sure on the restore you select the box about the switch config.
Sounds like either a bad power supply or some sort of power problem on the board.
Try a differenr 12V PSU if you have one. Not much you can do about a board fault. If you have any expansion cards on it you can try removing them to see if one of those is at fault.
@stephenw10 Did quite a bit of research with settings, tweaking them over and over again. Also installed other firewall/router OS distributions to isolate whether the problem was with PFSense itself, or is a hardware limitation on these boxes.
Long story short - I can safely say the Qotom J1900 cannot pass gigabit down/up in a practical, real world situation. The bottleneck isn't the CPU, but the PCIe lanes.
Having said that, I've no real practical application of a Gigabit up/down connection today - so putting this on the backburner and living with whatever >500mbps I'm getting, until I decide to upgrade this box.
That is certainly odd, I've not seen that here on anything. However it looks like just cosmetic issue.
You could open a bug report for it. We'd need to replicate it though and it doesn't look like you're doing anything unique which might make that difficult.