@dobby_ you're saying someone in the apple forums could give advice regarding pfsense/freebsd on a mbp? I guess it doesn't hurt to take a look there.

Thanks

Is it possible to install Pfsense's latest version on Dell
PowerEdge XE2420?

pfSense 2.6+ (Plus) is able to get over an LAB license
for a probe or test installation!

Is it possible to install TNSR on these servers?
TSNR is able to get over an LAB license for a probe or test
installation too!

So you will be able to test out and if it is running fine for you
you might be getting a real license then!

@abdenour said in Intel IBM PRO 1000 PT Dual Port Server Adapter 39Y6127 FRU 39Y6128:

@stephenw10 said in Intel IBM PRO 1000 PT Dual Port Server Adapter 39Y6127 FRU 39Y6128:

Yes, I would expect it to be.

Thank you

Intel FreeBSD EM driver
Scroll down and find your adapter is well supported by the em driver. If you comes into trouble you should perhaps have a look for an original Intel firmware image, you could
try to flash on this card.

@dobby_

Fixed just now. Meant one thing, wrote another.

I also think the Win11 thing is going to be good for Unix in general. I can buy cheap Gen6 HW, drop a friendly version of Linux on it and give to someone who just surfs the web. A reasonably safe, faster than it needs to be PC that requires little up keep.

We have no guide for upgrading/replacing/installing M.2
NVMe drives on our 4100/6100 models.

And what is with the sg4100 box if he is getting not rid of the problem at all? He can´t install then a M.2 SSD but must buy another box or can put it on the dump or whatever? I mean
for sure it might like you say that then the warranty is broken
but if the eMMC storage is perhaps damaged he can´t use the box also not any more.

I have 1gb fiber up & down. Current consumer grade
mesh system shows consistent 950-ish speeds at the
wire.

The consumer grade router comes often sorted with an ASIC or an FPGA and is only routing not more! It is doing
SPI and NAT and that`s it. pfSense is a firewall and on top
it can be turned into a fully UTM device with captive portal
and voucher system over sms if needed. So if you say today you will 100 % know what you will be installing and using or how much you will turn it into "something" including ids and pfblocker-ng rules it might be the best
to work two different roads;

You will get nearly the use case you know before
that all is matching and running fine for you. You will be buying a "diy" rig (pfSense box) that comes with much power in backgrounbd you and be able to push it up if needed with ram, ssd and wifi or LTE if needed.
Squid & SquidGuard, ClamAV, IDS, pfBlocker-ng, firewall, = UTM

If I’m understanding you correctly I would be better
served with more cores over clock speed and 8-16gb
RAM plus some hard drive space?
With not using PPPoE, yes of course this might be the best solution for you in my eyes, because;

you will be able to balance the wan queues over the CPU cores, so they count. If you need more ram you should be able to insert it fast If you need a greater ssd space you will be able set it up if you need wifi with captive portal for your clients you will be able to realize it. you turn on more rules and lists for suricata snort or pfblocker-ng you have not problems at all!

As noted a few posts up I had a Mac Mini drop in my
lap and would at least like to try to use it to help keep
my costs low. However, getting a reliable and fast
working device over cost savings.

Make sure that the usb port to ethernet adapter is not your wan, it is often reasigning and then you will be
really p****d by configuring it new.

The Mac Mini is a dual core i7 4578U @ 3.0ghz
with 16gb DDR3 and a 256gb SSD. Based on what
you said my concern is I need a quad core or more.

3,0 GHz CPU 4C / 4T or 4C / 8T 8 - 16 GB 64 GB - xyz GB/TB (M.2 / miniPCIe slot) able to add 2 WiFi cards

Would be my setup in your situation based on what you were telling here around.

So this is what you will see it is nice to go only with the things you need pfSense such suricata, firewall and and and, for this they are selling appliances, being sure you will be on the save site or you will be setting up your own rig, you should be better sorted using the two way;

near by the point all is running build a box with much backspace horse power.

What I was getting out of this forum actual I mean, if
netgate is able to offer you a box matching your needs go with it, if not or you will be unsure you should buy supermicro C3000 board with much ECC Ram and a mSATA to come closer to your needs, if not able go with an used E3-xxxxv5 and a miniITX board with one or two PCIe slots and ecc ram and M.2 or mSATA with it you will never fail in 80% of all cases, all other cases are greater companies with many more employees and services running.

@usofa1984 I have another thread and someone had made a comment about Wireguard and not trusting it yet. I asked for a deeper explanation but got no response. I am thinking this may be why.

I’m new and still learning but to my inexperience this screams use in a test environment or for non-sensitive transmissions. Of course if they weren’t sensitive then you probably wouldn’t be using VPN.

Hoping others will chime in.

Okay, so I'm now on 22.09-DEVELOPMENT and the I225 is working correctly! Thanks!

@stephenw10 That is right, Suricata FTW ?

Glad to know I can same some money and go with a lower tier processor like the 1600af and still meet my end goal! A 5900/5950 would have been expensive. Thanks for confirming.

Get your hands on an used server with Intel Atom C3000
4C/8C/12C/16C or get an used Intel Xeon E3-xxxx v5(L).

For §100 - $150 you may be better of using the TSNR with an Lab or Home license free of charge.

For servers with internet connect you may be better sorted
with a DMZ then VLANs.

It's possible but it's hard to recommend. Any separate access point will be better.

Steve

@stephenw10
Ok, thanks a lot!
I will try with another NIC.
Regards,
Damián

Not easily. The available kmod package looks to be at 1.12.2 still.

@hangmansnoose001380 I got CH341A programmer. Do you have access to orginal bios m470 to? Can you please send me PM? Thank you.

@sledge do you have something you can run a VM on? I have a VM on my synology ds918+ nas running ubuntu - installed the VM there.. Doesn't use a lot of resources, its only got 1gig of ram assigned to it, ec.

vm.jpg

Its best if its something you can leave running 24/7 like a nas you have anyway.

controller.jpg

Just updated the APs to the latest 6.2.33 beta firmware this morning - the flexHD is just playing with, don't really have a use for it - it was the AP that was over at my son's house til he updated to fiber connection, so he is just using the isp device now.

There might be if it has some issue. Check the logs for anything that looks out of place.

Enable Coretemp temperature monitoring if you have not already and make sure it's not running ludicrously hot. It will also log temps in Status > Monitoring.

The fact it isn't showing you a crash report after it reboots starts to point to a hardware issue.

Steve

hi,
here we can find some refurbished Dell EMC SD-WAN Edge 620, for a very interesting price. But i don't know if they are "unlocked", they say in the description that "No DNOS Installed", and "Supports Native Linux OS provided by the VNF partners. Supports KVM or ESXi hypervisors".
so do you think that we can easily install pfsense on it ?

EDIT:
on a deleted message in reddit someone said :

Dell EMC SD-WAN Edge 604 is a C3758 CPU It uses the same Motherboard as the VEP-1445.

However if you change the OS, it will boot loop. You must install the BIOS from the VEP-1445 onto the SD WAN if you want your own OS.

To Flash the BIOS you need to first flash the Dell Recovery OS from the VEP-1445 to the eMMC of the SD-WAN. Once booted to the recovery OS you can then flash BIOS.

EDIT 2 :
look at that : https://www.etb-tech.com/dell-emc-vep1425-switch6-x-1gb-rj45-2-x-10gb-sfp-sw02212.html

Licenses Installed : OPNsense 19.7.10.1 Installed

It's the physical layer part of the NIC. See: https://en.wikipedia.org/wiki/Physical_layer#PHY

I would look on the FreeBSD forums or mailing lists for reports of using that board. Or that CPU and PHY combo.

Steve

Turns out the issue was the terminal emulator, was using securecrt which prevented the new page display. Putty worked just fine.

@wkn yes both switch and cables are checked ok

It's hard to recommend anything other that an Intel NIC. I would be looking at something X520 based.

Sure, you can make the script setup the switch in 802.1q mode and use VLANs to access each port individually. Or some combination of ports in different VLANs etc.

I'm not aware of anything specific but there are quite a few hardware variations. Disabling hardware checksum offloading is an easy test with pretty much no drawbacks.

Steve

@stephenw10 Yeah, right!
I think I'll return it, yes.

Yeah it seems that driver is linked to the kernel in a closer way than others.

When we move to a newer FreeBSD version you should get that patch anyway.

Steve

@madheff23 we did get the VDSL modules working, and they are working well.
The key trick for us on the 2100 was actaully the pfSense version - we needed to update (we were running 2.4.5x).

We didn't need to do any specific VLAN tagging on our service (i.e. ISP didn't require), but in the case where we do need to pass a VLAN tagged traffic, we created a vlan interface on top of the WAN interface.

I haven't got round to writing the documentation on doing that yet; I will get to it but in the meantime happy if you DM me and we can work it through together.

@stephenw10

Thank u Steve but those script seems to be too complicated for me to understand how to apply them. I have decided purchase 4 of Noctua NF A4x20 PWM 4 Pins fans. Hope it would help reducing the noisy fan from XTM5 unit

@makdonalds said in Pfsense 2.6 on Asus Chromebox 2 problem:

FW:MrChromebox-4.14

If it's running that (Coreboot) it's x86.

The error sounds similar to some other UEFI console issues we've seen.

Steve

Probably not. That looks like a PIC controller which could be running some custom code. It might require a significant reverse engineering effort.

Try disabling lcdproc and opening the USB serial port at the command line. You might at least be able to determine the serial baud rate it's operating at which would help you test other drivers. There might be some other clues there.

Steve

Same suggestion; connect re0 to re1 directly as a test and make sure the link comes up at 1G.

Steve

Any Intel X500 series NIC should be pretty well supported at this point. I've personally used the X520-DA2 without issues.

Steve

@gabacho4

pfSense is using FreeBSD
|---> Intel QAT Driver is supporting ChaCha-Poly
|--->CryptoDev system is using the driver
|---> WireGuard is using the CryptoDev system
|---> DPDK was used to code the WireGuard packet

@stephenw10 Thanks, saw the loader.conf.local stuff after I wrote that post, thanks for the reminder! I also didn't know you could pkg add - when pkg install realtek-re-kmod didn't work, I just hacked my way forward. Thanks for all the info!

Well try it and see if you have the hardware. The most difficult part of that is probably going to be setting up dual booting with OpenWRT and pfSense. I'm not sure I've ever seen anyone do that.

That's the renamed Netasq U30S right? So the same applies here with the unsupported switch?

Steve

@daemonix

Compex WLE200NX is able to get new for ~30 € and clone from other countries (same chip) will be able to get for ~10 €
so if you will be able to get hands on, it will be the best choice for you to insert WiFi in the SG-1100.

The Squid/Squiduard hangout was @jimp

@cool_corona said in Hardware for Firewalling and routing 200 Vlan at 2x100Gbps ?:

Sorry but at that speed you need consultants. Not a forum...

This was the best answer given here as I see it right.

Network part and devices

Mellanox InfiniBand 100 and 200 GBit/s solution Mellanox Ethernet 100 and 200 GBit/s solution

DPI part and devices

Corero SmartWall DPI solution
(up to 160 GBit/s) starting at ~$250.000,00

Firewall, routing and inspecting part

PaloAlto 5450

So you may see, products are all available on the market
and for sure only for brainstorming it might be also good to ask here and there in a forum.

Dobby