Hardware

• 

  Official pfSense hardware board
  • ivor

  1
  0
  Votes
  1
  Posts
  11856
  Views

  No one has replied

• C

  Low throughput over LAGG with 1Gb clients
  • cursixx

  17
  0
  Votes
  17
  Posts
  161
  Views

  C

  I have some updated info. I created a new vlan on the cisco switch and setup two etherchannels. One for the pfsense wan and one for the modem and put them both on the that vlan. basically a "WAN" bridge between the two devices I also added a gig port to the new vlan as well. This way I can test speeds between the modem and/or pfsense WAN side. My test computer picked up a public ip on the WAN vlan and ran some iperf tests for ingress and egress to an inside client. That produced 970Mbps both ways with no dupes or other problems in the packet capture. So I feel this rules out any issues with my inside network and pfsense. Running a speed test across the etherchannel to the cable modem from a 1Gb connection I was able to reproduce the exact same issue I had with low throughput. I even used new cables and tested them with my fluke to be sure. So it seems like this is an issue with modem+lacp or firmware. If it was a modem firmware problem I'm SOL anyways. I'm little burned out on it right now so I'll come back in a few days and keep working at it. I have Mikrotik a could try, maybe a windows computer with a LAGG directly connected to the modem.
• C

  ZTE MF683
  • clachankid

  3
  0
  Votes
  3
  Posts
  551
  Views

  G

  so I fixed this. I plugged the modem into a win box, connected to the serial port then AT+ZCDRUN=E this enters the modem into the download mode disabling the drives altogether. (AT+ZCDRUN=8 did NOT work for me) this is being saved in the nvram. plugged it back in, worked right away ! -- ugen0.2: <ZTE,Incorporated T-Mobile Rocket 4G> at usbus0 u3g0 on uhub0 u3g0: <ZTE,Incorporated T-Mobile Rocket 4G, class 0/0, rev 2.00/0.00, addr 30> on usbus0 u3g0: Found 3 ports.
• S

  Unable to hit 1Gbps connection through Bell PPPOE. Can't figure out bottleneck.
  • Slither13

  8
  0
  Votes
  8
  Posts
  141
  Views

  

  You might try ifconfig -vvvvvvm ix0 which I recently found gives a bit more info. Yes, really, 6 vs on the cable I had! 5 seemed enough for others. Otherwise I'd try a packet capture and see if you have bad fragmentation or packet dupes/resends etc. Maybe try dsiabling pfscrub in Systsem > Advanced > Firewall&NAT, see if that makes any difference. Steve
• D

  PC Engines apu2 experiences
  • dugeem

  223
  0
  Votes
  223
  Posts
  65197
  Views

  V

  @kevindd992002 no
• U

  DELL EMC POWEREDGE R640 Network Card - pfSense
  • user24

  4
  0
  Votes
  4
  Posts
  69
  Views

  U

  Thank you both of you for your advices. Actually this server has either broadcom or intel NIC I concluded the study by recommending choosing the one with Intel NIC. I hope there will be no problem during the installation and the configuration.
• L

  How does this compare with the SG-5100?
  • Larrikin

  9
  0
  Votes
  9
  Posts
  255
  Views

  L

  @stephenw10 100% agree. That is literally the predicament I am in. For now, I VLAN to a PC who has a top of the line CPU in it (overkill really) which would probably do gigabit OpenVPN, but given my internet connection is 100/40, the box above seems like it will be perfect for the cupboard.
• P

  Suggest Intel dual nic card
  • patrick0525

  2
  0
  Votes
  2
  Posts
  140
  Views

  K

  look this https://www.pcengines.ch/apu2.htm
• C

  Crashes on APU2
  • Cypher100

  7
  0
  Votes
  7
  Posts
  132
  Views

  C

  I will also give v4.024 a shot, and update here if any crashes occur.
• A

  MBT-2220 expected temperature? (Tjunction)
  • ay

  2
  0
  Votes
  2
  Posts
  71
  Views

  

  That doesn't seem way out. [2.4.5-DEVELOPMENT][root@2220.stevew.lan]/root: sysctl dev.cpu.0.temperature dev.cpu.0.temperature: 57.0C That's at idle pretty much. Steve
• S

  Anyone have pfSense installed on Stonesoft / Stonegate hardware?
  • steveharman

  9
  0
  Votes
  9
  Posts
  503
  Views

  F

  Sadly not at least on the 1u version. The only fan was a cpu blower designed to pull from the cpu and motherboard and push the heat out which you can clock down but still noisey. I did buy some 1u silent Gelid fans as supermicro are always generous with connecting fans but still did not work well. The other issue is the very noisy (although labelled as silent) 1u PSU. I've been on the periphery with pfsense for a while now so did not know that "aes-ni must have compatibility" was pushed back. I went out last year and dropped £200 on one of the fanless and silent qotom boxed. ALthough am very happy with it as against running a vm. Cheers
• M

  gatePROTECT GPA-250, Worth the trouble?
  • Mr1070

  6
  0
  Votes
  6
  Posts
  160
  Views

  

  Only thing I found was this: But they may have updated it and kept the numbering. Steve
• T

  Will this work at gigabit speeds?
  pfsense hardware newbie intel newbuild • • tscolin

  2
  0
  Votes
  2
  Posts
  175
  Views

  

  Like an i3-8100t? Then yes. Easily. Steve
• N

  pfSense on Watchguard M370
  • networkBob

  5
  0
  Votes
  5
  Posts
  189
  Views

  

  The maximum attachment size is 2MB so you might need to resize the image first. Steve
• K

  What is the maximum throughput my setup can do ?
  • Kartoff

  11
  0
  Votes
  11
  Posts
  461
  Views

  P

  I agree with #stephenw10 in that you should confirm the WAN speeds first. Only then can you check if your PfSense can pass that level of traffic. FYI, for reference, I did some testing on ESXi today using a couple of virtual switches inside: Test 1: Windows 7 (4 core 4GB) --> Virtual switch --> Centos 7.5 (4 core 4GB) Iperf3 gives me 13Gbps across the v-switch. (therefore the Iperf client & server Virt-machines have plenty of CPU & RAM. Test 2: Windows 7 (4 core 8GB) --> Virt-SW-1 --> PfSense (4 core 4GB) --> Virt-Sw-2 --> Centos 7.5 (4 core 4GB) Iperf3 now only gives 2.5Gbps E2E through PfSense even with 4 Xeon & 8GB ram assigned to PfSense. Tried this with both E1000 and VMX3 virtual NICs but result is the same. Now I'm wondering what I need to tweak inside PF to get better throughput, or if this is a limitation of PF in ESXi environment ?
• V

  New build AMD A6 6310.
  • vesko

  3
  0
  Votes
  3
  Posts
  169
  Views

  V

  @stephenw10 Thank you very much for your help. I will buy it next week and start configure.Very happy with the your answer :).
• L

  APU2 iperf speed anomaly
  • LeftCoastGeek

  4
  0
  Votes
  4
  Posts
  157
  Views

  

  Yes, disable off loading if only as a test. It's something that can cause asymmetric throughput like that. Testing to or from pfSense is still not a good test though. Through it is far better. You can try testing with more processes. The igb NICs can use multiple queue. Maybe try -P 4. Also check the CPU usage when you're testing with top -aSH. See if you're hitting a limit with one core. Yeah I would also expect better throughput from an APU2 than an APU1. Steve
• J

  Asymetric internet speed problem
  • jeffboyce

  6
  0
  Votes
  6
  Posts
  124
  Views

  J

  I have not tried swapping cables yet, but will add that to my testing when I have an opportunity. I didn't (still don't) see iperf3 in the available packages list, otherwise I would have installed it. I am assuming from your note that if I do pkg install iperf3 from the command line it will be there and install. Checking the interface status shows In/Out Errors 0/0 and Collisions 0 for both WAN and LAN interfaces. This has been up for 23 days since the last reboot. Jeff
• W

  New setup (and a new user)
  • wirdo

  3
  0
  Votes
  3
  Posts
  188
  Views

  W

  @stephenw10 said in New setup (and a new user): Yes it will. You could use a USB device but a separate AP will be far better in almost every respect. Steve Thanks Steve. I'll go with the separate AP then.
• 

  Installing pfSense on Meraki MX-70
  • ghostshell

  18
  0
  Votes
  18
  Posts
  3935
  Views

  A

  Thank you
• R

  Set gop using SSH or Web Interface
  • rfx88

  3
  0
  Votes
  3
  Posts
  78
  Views

  R

  I just came to the same conclusion. You are correct! gop set 1 in /boot/loader.conf.local solved my problem!
• 

  Watchguard Firebox M440
  • stephenw10

  131
  0
  Votes
  131
  Posts
  3336
  Views

  

  More eyes on this can't hurt. Indeed WG loads a driver for the switch device and then configure it to accept the individual VLANs on the three igb NICs. It would be good to get a second opinion on connecting the switch serial console header internally if you can try that. If we can get any access to the switch that might help. It seem unlikely we would ever get a FreeBSD driver for the switch devise but if we can configure it via serial then we would only need an igb driver that recognises the phy (or lack thereof). Steve
• W

  PFSense crashes with TCP Segmentation Offload or Large Receive Offload Enabled
  • willk

  2
  0
  Votes
  2
  Posts
  103
  Views

  

  Was it blocked UDP packets? Did you see some Cores pegged at 100% during that time? What is the crash you see with LRO enabled? We usually recommend leaving that disabled though for just this reason, it can be unstable. Steve
• S

  APU3c4 Slow Upload
  • SBTech

  4
  0
  Votes
  4
  Posts
  170
  Views

  

  Ah, nice. So something there is set to fixed speed/duplex and was causing pfSense to fall back to it's default connection type. It would be better to have everything set to autoselect but some ISP still seem to insist on using fixed. Steve
• R

  Successful Install on HP t5730 Thin Client
  • robi

  23
  0
  Votes
  23
  Posts
  10215
  Views

  S

  Hi @robi, I appreciate your work on this as I own an HP t5730 on which I would like to install pfsense. Since your last post, the older versions prior to 2.4 have been removed from the pfsense download site. So, I am unclear whether there is a way to directly install the current nanoBSD version on the HP t5730 or if there is a workaround (finding an old version of pfsense elsewhere and then upgrading in accord with the instructions you have provided, installing a current version to a computer, modifying it to fit on the HP 1 GB flash and "dding" it to a USB drive and then installing that, or...). Thanks in advance for advice. stevesr0
• R

  Watchguard Firebox M400
  • revsie

  162
  0
  Votes
  162
  Posts
  13408
  Views

  

  There's a separate thread for it: https://forum.netgate.com/topic/136614/watchguard-firebox-m440/ But the short answer is no. The igb driver does not attach to the other 3 ports because the PHY used is not recognised. The switch IC is connected to the CPU only via an unknown PCI device. It looks to have a serial console for some kind (the switch) but we never saw any output from it. It looked like there might be a resistor missing. Please post in the other thread if you wish to discuss further. Steve
• A

  Wrong readings on CPU temperature (Atom D525)
  • AWeidner

  6
  0
  Votes
  6
  Posts
  198
  Views

  A

  @dlucas46 said in Wrong readings on CPU temperature (Atom D525): @aweidner You could correct the issue but it would require you to rebuild the coretemp kernel module. I had to do a similar thing when I replaced the CPU in my Watchguard with a xeon. The coretemp module code is very basic and if your CPU has the same ID as another model the wrong tjmax value gets set. If you change the code you can compile the module and load it at boot to override the coretemp module from the kernel. You will then have the correct temps reported. That would be too much of an effort for me as this box is just a stand in, before i can buy something new. It is at least eight years old and was pulled from the shelf because i needed a quick solution. Also my programming skills are virtually non existent
• M

  1G/10G SFP+ card
  • mouseskowitz

  3
  0
  Votes
  3
  Posts
  160
  Views

  M

  @grimson That is a good point. The main reason I'm asking now is the potential addition of the 10G switch in the near future. I'm trying to figure out if it will be solely an isolated storage switch or it I want to route it. I only have one pcie slot in my router. So, if I add a SFP+ card, I would like to get one that has the greatest chance of also working with a fiber WAN.
• T

  pfsense 2.4.4 with AES-NI, no difference?
  • TheNorthern_Light

  4
  0
  Votes
  4
  Posts
  440
  Views

  L

  There is a method to artificially disable the AES-NI detection of openssl by setting OPENSSL_ia32cap="~0x200000200000000" to disable AES-NI usage for testing. ## Automatic AES-NI detection $ openssl speed -elapsed -evp aes-128-cbc ## Disable AES-NI detection $ OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc
• T

  Building a Multi-Wan Balancer
  • tycho7286

  4
  0
  Votes
  4
  Posts
  220
  Views

  

  You could pass 300Mbps with a Pentium4 so you will have zero issues doing it with a Haswell i5. Somethings are still single threaded and hence single core speed matters for them. OpenVPN or Snort for example. But I would expect that CPU to do either of those things at 300Mbps just fine. Steve
• A

  Pfsense continuously rebooting each four and a half minutes
  • anonymouse

  10
  0
  Votes
  10
  Posts
  237
  Views

  

  The 4.5mins does seem suspiciously like that watchdog reference but I would still expect to see output during that point. No output at all on the VGA port even after resetting the CMOS doesn't look good to be honest. This is a C2000 SoC with everything that implies. Connecting to the serial port usually requires a USB to serial adapter and a null-modem cable. But you can get adapters that are both those things combined. https://www.netgate.com/docs/pfsense/hardware/connecting-to-the-serial-console.html Steve
• 

  Asus H110T
  • randombits

  9
  0
  Votes
  9
  Posts
  333
  Views

  

  Thanks Steve, Very good point on being on the same subnet. I have another think how to divide things up, I also have several low speed Wifi IOT devices which be better not on the subnet as he PC's. It's always the same with home networks and computers - pick one only Speed, power consumption, future proof. I think the Asus H110T is good board but not expandable, A board with more network ports or a PCIe slot would be better longer term. Thanks for point things out that I didn't think of !
• R

  PFSense box won't boot with i350-t4
  i350-t4 i350 firmware • • romulusrodent

  6
  0
  Votes
  6
  Posts
  260
  Views

  

  Wow, nice. I'll try to avoid that I think! Glad to see you found a solution though. Steve
• P

  [SOLVED][XG1537] CPU-load jumped up, but no culprit to be found
  • pfImprudence

  6
  0
  Votes
  6
  Posts
  355
  Views

  P

  Thanks again! In the meantime, the problem resolved itself, but it's important to know stuff like that can happen :)
• L

  3rd party appliance equivalent to SG-5100 or better
  • Larrikin

  13
  0
  Votes
  13
  Posts
  565
  Views

  G

  How about a used Dell Optiplex 9020 SFF ? https://www.ebay.com.au/itm/Dell-OptiPlex-9020-SFF-Core-i7-4770-3-4GHz-8GB-Ram-128GB-SSD-Win-10-P/253373075009?hash=item3afe364e41:g:1-UAAOSwlAZaT41m 4 core i7 (up fo 3.9 GHZ) with , 8GB RAM + 120GB SSD, plus a Win10 license for 350$AU Add a chinese knock-off i350-T4 network card for 60$AU. The i5 version is available for only 270$... I run the i7 version with ESXi and 16GB RAM. It handles a 50/20 NBN connection withoit breaking a sweat... I have tried OVPN and could achieve 45Mbit/sec during the day. At night times my provider or NBN starts dropping UDP packets and VPN throughput becomes unusable at 1.5 MBit/sec. Back to 45 again after 11pm.
• M

  Checkpoint T-120U (4200) LCD Screen
  • mfwade

  6
  0
  Votes
  6
  Posts
  700
  Views

  

  Not in the last 3 days! Still needs an lcdproc driver. It's probably more complex that other displays since it can do full graphics not just characters. However it also appears to have a much simpler mode since you can just send text at it and it will display something. Steve
• L

  SG-1100 Don't Restore Config!!
  • LostInIgnorance

  2
  0
  Votes
  2
  Posts
  197
  Views

  L

  Fix is: This was due to vlans and switch config being erased. If you're restoring a configuration to this device, make sure to either backup the vlan's before restore from the factory image, or recreate them manually. Make sure on the restore you select the box about the switch config.
• B

  ALIX APUBoard - only "clicking" noises
  • bgs-gi

  2
  0
  Votes
  2
  Posts
  119
  Views

  

  Sounds like either a bad power supply or some sort of power problem on the board. Try a differenr 12V PSU if you have one. Not much you can do about a board fault. If you have any expansion cards on it you can try removing them to see if one of those is at fault. Steve
• B

  Poor performance on igb driver
  • bdaniel7

  42
  0
  Votes
  42
  Posts
  2766
  Views

  N

  @stephenw10 Did quite a bit of research with settings, tweaking them over and over again. Also installed other firewall/router OS distributions to isolate whether the problem was with PFSense itself, or is a hardware limitation on these boxes. Long story short - I can safely say the Qotom J1900 cannot pass gigabit down/up in a practical, real world situation. The bottleneck isn't the CPU, but the PCIe lanes. Having said that, I've no real practical application of a Gigabit up/down connection today - so putting this on the backburner and living with whatever >500mbps I'm getting, until I decide to upgrade this box.
• T

  Odd traffic graph
  • tsmialek

  4
  0
  Votes
  4
  Posts
  162
  Views

  

  That is certainly odd, I've not seen that here on anything. However it looks like just cosmetic issue. You could open a bug report for it. We'd need to replicate it though and it doesn't look like you're doing anything unique which might make that difficult. Steve