@stephenw10 Thank you!

I don't need reboot to reconnect, just wait a moment.

@johnpoz darn. i sorted from newest to oldest and somehow replied to the first post from 2016! how bout that effort for a first post hah. whelp the info still applies and can hopefully be helpful to others using these cheap things

Another model reference.

The Sophos SG 115w (rev 2) - Intel E3827 (@ 1.74GHz), 4GB DDR3L, and 64GB SSD (SATA 6Gbps).

Bios adjustments

change boot order so usb stick is first disable the 60/40 emulation changed the comm port speed to 115200

Installed the pfSense v2.7 CE memstick build without any complaints.

eth0 = wan
eth1 = lan
eth2 = OPT1
eth3 = OPT2
ath0 = Wireless

Only issue I had with the few units was the cmos battery needed to be re-taped down, otherwise no issues.

@stephenw10 said in Chinese I226-V on 23.05.1, problems:

But... the blinkenlights.

It is indeed a tragedy, in 3 parts.

I've not even ordered the new mini-server the card is aimed at. For whatever reason it has zero native multi-gig RJ45s but does have 4x1 GbE ports that I will never use. Not sure why they bother with them; waste of PCB space on a small server.

But the lights, the blue/green lights...

☕️

Not in that mode I don't think there is. Unless the modem itself has a mgmt interface you can access. Windows almost certainly does it via an mbim interface and FreeBSD doesn't support that.

Got it, Thank you @stephenw10

You're workaround also fixed the issue for me!

The issue on my machine was not because of manual disconnects; it was when probably renewing DHCP every 24h. Sometimes it would not come back online and it would give:

« CHAT: The modem is not responding to "AT" at ModemCmd: label. »

Error in log.

power_off and power_on solved it without having to reboot the whole machine. Seems like for some reason /dev/cuaU0.2 was locked also but it doesn't appear in the logs.

Unfortunately the bios doesn't have the option to do anything with memory except enable/disable ecc. I may try disabling ecc and see if I can then use some non ecc ram I have around that I know is good.
Thanks

@pantigon did you have any luck with cx255?

Hmm, you want to add a LAGG between switch ports 2 & 3 to some other router? Not a switch?

The NICs in the M270, ix0 and ix1, are connected to switch ports 9 and 10. You can LAGG ix0 and ix1 to the internal switch if you want to but you don't really gain anything by doing so.

The biggest issue is that the internal switch can only do a load-balance LAGG, it cannot do LACP. So that makes it quite limited.

@rschell Maybe of any help or just sharing my knowledge: I found that using command stress would give me best results when it comes to testing boost speeds. In combination with using cpuset for targeting specific cores (P-cores and/or E-cores).

Installing stress:

pkg install stress rehash

Command cpuset -l 0-3 stress -c 4 would (if hyper-threading is enabled) stress both P-cores with 4 worker processes.

@stephenw10

Good morning..

No pcaps, and logs are probably still on the system.

We've had to replace the system. We've changed network card after network card, and at best this has to be static electricity damage to the motherboard. On changing network cards, no matter how many times we applied the configuration, no dice. On reboot, it's back to square one. Put back in old network cards, no problem except now even though with hardware offloading off, by next day the network is crawling to a stop, so enough milling around, We're beating a dead horse at this point. Will be ordering Netgate replacement, but in meantime, we're running CE on VM. So, I'm not sure what kind of spike or transient got through, but now it appears two switches at other locations are affected as well.

If you need to actually route 25Gbps you have a much better chance of achieving that using TNSR. You'll notice how everyone on that other thread was surprised the OP there managed it using pfSense.

Yes, if you used VLANs over a single 25G link you would need to connect that to a 25G capable switch to separate it for hosts on each.

Steve

It's fixed upstream in FreeBSD so it will be pulled into new CE builds.

so yeah, problem with the ftdi etc adapters are, as they are not "as cheaply made" as the CH340's, the plugs are not easily disassembled, my serial side is just 2 plasic halves that i was able to easily disassemble to resolder some pins to diffrent ones (to make it compatible with the APC pinout without the need for any special adapter or cable, basically adding a USB port to my apc by directly plugging the serial adapter into it)
thats not possible to archive using higher quality adapters where the plug is sealed in some kind of rubber all around.

@osvaldompf Which hardware specifically is broken? Are you asking to take the storage device out of the dead one and add it to a new one? If so it might work but you might find it easier to build a new one, mount the old drive in it (will require some leg work on your own as it's not actually supported in software) and collecting the config.xml file from the old drive and importing it into the new one.

If the hardware is vastly different it is likely the system will either not boot at all or boot and be unstable.

@stephenw10

Thanks for the reply! I ordered a 2100… (250 is ok for us)

That looks normal. It's the interrupt rate that counts and none of those are very high. The total interrupts just increase with uptime/traffic.

Steve

The 1.5Gbps restriction here is not the NIC. If the advertisement values are set it will link at 2.5 or 5G and pass that if the system is capable. There are several other threads reporting success:
https://forum.netgate.com/topic/146913/nbase-t-support-for-intel-x550/

Nice! Yeah IIRC t-rexky enabled everything that could be enabled in the BIOS setup but I don't think Speedstep/EIST was ever an option there. I had to set the bits in the BIOS directly.

@stephenw10
I believe it could be yes. But resolved on my part. Thanks again for all the help!

Where does it appear to stop booting? Does it actually not boot or just stop writing to the console?

You could force it do that every time but it would delay boot significantly. Check the script used in /etc/rc.initial.reboot.

@tman222
Thank you for your report!

@stephenw10 perfect answer, thanks. Looking for grunt here…
G

@JustCuriose

Something popped up into my mind when I saw your post :
You didn't mention the 3 letter word that Microsoft now wants to be present : TPM. A physical chip on the motherboard.
Without it, there is no direct access to Windows 11.
Its all (among others) about protecting safe booting - and protecting the boot process.

Checkout Youtube and look for Lojax. I didn't found any in-depth articles (videos) but it's pretty nasty.
On the other hand : if a boot virus is present on your system, some one had to have access to your system, with root rights, and install it. IMHO, the moment they login, the system is already considered 'dead'

Yup, pfSense CE is x86 only and most SOHO routers are not. Did you have specific hardware in mind?

@keyser Thanks for explaining this. 🙏

@stephenw10 Ok, i will think about it.
Thanks

@stephenw10 Sorry, new to this!

@Myst412 said in Watchguard Firebox M400/M500:

So I wanted to add 10gb networking to a couple of PCs and I thought since there's a PCIe slot on the M400, I could just throw a card on with a female to female pcie extender and presto chango, i'd be able to get 10GBe copper on my network for a fraction of a 4 port 10GBe switch.

@Myst412 said in Watchguard Firebox M400/M500:

Worked with a 450w atx just fine. Looking for a 200-300w flexatx.

Did this work with Fireware OS, or did you have to flash pfsense on it?

@w0w Right, the default of 7 is the result of 1 + 2 + 4 (100M/1G/10G)

It’s nice that we have the option, even if it’s a bit esoteric. Also nice that the GUI displays the link speed properly once it’s enabled

Point releases are usually for security updates or hardware support when a full release is not ready.
You can see what it included in this case here:
https://docs.netgate.com/pfsense/en/latest/releases/23-05-1.html

You can update home/lab installs.

Steve

Another way to do this now you can run the pfctl command once and use the case command to iterate over the variable I named state

#!/bin/sh state=$( pfctl -vvss ) res=1 resb=1 case "$state" in *, rule 79*) res=0 ;; esac case "$state" in *192.168.1.11*) resb=0 ;; esac if [ $res = 0 ] && [ $resb = 0 ]; then sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 50 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null gpioctl -f /dev/gpioc2 6 duty 50 >/dev/null elif [ $res = 0 ]; then sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null gpioctl -f /dev/gpioc2 6 duty 50 >/dev/null elif [ $resb = 0 ]; then sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 50 >/dev/null else sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null gpioctl -f /dev/gpioc2 7 duty 50 >/dev/null fi