@dobby_ said in Upgrade M.2 storage on Netgate 4100:

but if the eMMC storage is perhaps damaged he can´t use the box also not any more.

If the eMMC fails under the 12mo warranty we would most likely repair it unless there are other causes of the failure (water or electrical damage, for example). If outside of the 12mo warranty we could do an OOW repair but, at that point, they may prefer to purchase and install on their own.

The warranty is on the original hardware and for 12 months. Modification of the hardware could result in damage to these specific models (the fit is very tight). That's all I'm getting at.

Check the output of: kenv

Make sure the BIOS is current. The broken DMI table is being passed by the BIOS so ask Dell. It's probably not hurting anything though.

Steve

Unless you have a specific need/want today that can’t be itched with your current setup then I would exercise a little patience and hold off on upgrading.

Doesn’t sound like YOU are the driver. You were content and have moved up your speed package because Comcast bumped you for free or did so with minimum price increase. It seems it’s an item of convenience and not a need or desire of your own. No judgment and I don’t think this is bad necessarily. For me, understanding myself and situation helps me decide which direction I go.

I’m not a Comcast subscriber and I don’t know your specific area but on the page they tell you why their speeds aren’t guaranteed, they also divulge max 1.2gb down and 35mb up cable connections and max 2gb asymmetrical fiber connections. Sounds like you are cable and they have a bit to reach 2.5 and doubtful they will give it away for free or super cheap for a little bit of time after they reach it. IMO, the better win would be asymmetrical speed for their cable users.

Higher speed equipment comes at a premium. If you can wait until it’s more mainstream prices will reduce. Also availability and market demand is off now like so many other industries. Waiting could mean you get better equipment for less money. At the least you had the luxury of saving for your upgrade over a longer period of time.

Is it practical? I have 1gb asymmetrical fiber and redoing our network with more of a focus on upgrading security, maximizing wireless and providing hard wired access. I’m trying hard (within a budget) to get every ounce of the 1gb my ISP offers. However, if I’m being realistic I honestly believe even 1gb is a little early. Sure, there are times when it pays off but I often compare it to owning a Ferrari but traveling on a mixture of roads that all have different limitations on your max speed. A few years back I was buying a new TV (electrical storm zapped my old one and insurance was paying). I had good technology before but then 4K and even 8K units were available. I had already decided OLED was my future because of deep blacks, wide viewing angles, etc. There was a considerable price swing between a 4K and 8K unit. Ultimately I choose 4K. I believe it was a good choice. I saved money on the initial purchase and while I was maybe a smidge early on technology (most 4K content is a premium $) there is still lots of content and the premium is small overall. On the flip side, 8K content is still scarce and technology of those units continue to evolve as prices lower.

@rsherga good info to know there. I am converting a 2014 Mac Mini to a pfSense router and was toying with the thought of a VM setup. I think I will just use it as a dedicated unit.

I am reminded of a time shortly after high school, me and a buddy was cruising around in his old '68 Camaro. It was a beast and I loved that car but it had some squeaks and squawks. I asked if he heard them and he grinned, turned the radio up and said, "there, now it's fixed".

My point, I'd close the lid and live my best life.

Is it possible to install Pfsense's latest version on Dell
PowerEdge XE2420?

pfSense 2.6+ (Plus) is able to get over an LAB license
for a probe or test installation!

Is it possible to install TNSR on these servers?
TSNR is able to get over an LAB license for a probe or test
installation too!

So you will be able to test out and if it is running fine for you
you might be getting a real license then!

@abdenour said in Intel IBM PRO 1000 PT Dual Port Server Adapter 39Y6127 FRU 39Y6128:

@stephenw10 said in Intel IBM PRO 1000 PT Dual Port Server Adapter 39Y6127 FRU 39Y6128:

Yes, I would expect it to be.

Thank you

Intel FreeBSD EM driver
Scroll down and find your adapter is well supported by the em driver. If you comes into trouble you should perhaps have a look for an original Intel firmware image, you could
try to flash on this card.

I also think the Win11 thing is going to be good for Unix in general. I can buy cheap Gen6 HW, drop a friendly version of Linux on it and give to someone who just surfs the web. A reasonably safe, faster than it needs to be PC that requires little up keep.

I have 1gb fiber up & down. Current consumer grade
mesh system shows consistent 950-ish speeds at the
wire.

The consumer grade router comes often sorted with an ASIC or an FPGA and is only routing not more! It is doing
SPI and NAT and that`s it. pfSense is a firewall and on top
it can be turned into a fully UTM device with captive portal
and voucher system over sms if needed. So if you say today you will 100 % know what you will be installing and using or how much you will turn it into "something" including ids and pfblocker-ng rules it might be the best
to work two different roads;

You will get nearly the use case you know before
that all is matching and running fine for you. You will be buying a "diy" rig (pfSense box) that comes with much power in backgrounbd you and be able to push it up if needed with ram, ssd and wifi or LTE if needed.
Squid & SquidGuard, ClamAV, IDS, pfBlocker-ng, firewall, = UTM

If I’m understanding you correctly I would be better
served with more cores over clock speed and 8-16gb
RAM plus some hard drive space?
With not using PPPoE, yes of course this might be the best solution for you in my eyes, because;

you will be able to balance the wan queues over the CPU cores, so they count. If you need more ram you should be able to insert it fast If you need a greater ssd space you will be able set it up if you need wifi with captive portal for your clients you will be able to realize it. you turn on more rules and lists for suricata snort or pfblocker-ng you have not problems at all!

As noted a few posts up I had a Mac Mini drop in my
lap and would at least like to try to use it to help keep
my costs low. However, getting a reliable and fast
working device over cost savings.

Make sure that the usb port to ethernet adapter is not your wan, it is often reasigning and then you will be
really p****d by configuring it new.

The Mac Mini is a dual core i7 4578U @ 3.0ghz
with 16gb DDR3 and a 256gb SSD. Based on what
you said my concern is I need a quad core or more.

3,0 GHz CPU 4C / 4T or 4C / 8T 8 - 16 GB 64 GB - xyz GB/TB (M.2 / miniPCIe slot) able to add 2 WiFi cards

Would be my setup in your situation based on what you were telling here around.

So this is what you will see it is nice to go only with the things you need pfSense such suricata, firewall and and and, for this they are selling appliances, being sure you will be on the save site or you will be setting up your own rig, you should be better sorted using the two way;

near by the point all is running build a box with much backspace horse power.

What I was getting out of this forum actual I mean, if
netgate is able to offer you a box matching your needs go with it, if not or you will be unsure you should buy supermicro C3000 board with much ECC Ram and a mSATA to come closer to your needs, if not able go with an used E3-xxxxv5 and a miniITX board with one or two PCIe slots and ecc ram and M.2 or mSATA with it you will never fail in 80% of all cases, all other cases are greater companies with many more employees and services running.

@usofa1984 I have another thread and someone had made a comment about Wireguard and not trusting it yet. I asked for a deeper explanation but got no response. I am thinking this may be why.

I’m new and still learning but to my inexperience this screams use in a test environment or for non-sensitive transmissions. Of course if they weren’t sensitive then you probably wouldn’t be using VPN.

Hoping others will chime in.

Okay, so I'm now on 22.09-DEVELOPMENT and the I225 is working correctly! Thanks!

@stephenw10 That is right, Suricata FTW ?

Glad to know I can same some money and go with a lower tier processor like the 1600af and still meet my end goal! A 5900/5950 would have been expensive. Thanks for confirming.

Get your hands on an used server with Intel Atom C3000
4C/8C/12C/16C or get an used Intel Xeon E3-xxxx v5(L).

For §100 - $150 you may be better of using the TSNR with an Lab or Home license free of charge.

For servers with internet connect you may be better sorted
with a DMZ then VLANs.

It's possible but it's hard to recommend. Any separate access point will be better.

Steve

@stephenw10
Ok, thanks a lot!
I will try with another NIC.
Regards,
Damián

Not easily. The available kmod package looks to be at 1.12.2 still.

@hangmansnoose001380 I got CH341A programmer. Do you have access to orginal bios m470 to? Can you please send me PM? Thank you.

@sledge do you have something you can run a VM on? I have a VM on my synology ds918+ nas running ubuntu - installed the VM there.. Doesn't use a lot of resources, its only got 1gig of ram assigned to it, ec.

vm.jpg

Its best if its something you can leave running 24/7 like a nas you have anyway.

controller.jpg

Just updated the APs to the latest 6.2.33 beta firmware this morning - the flexHD is just playing with, don't really have a use for it - it was the AP that was over at my son's house til he updated to fiber connection, so he is just using the isp device now.

There might be if it has some issue. Check the logs for anything that looks out of place.

Enable Coretemp temperature monitoring if you have not already and make sure it's not running ludicrously hot. It will also log temps in Status > Monitoring.

The fact it isn't showing you a crash report after it reboots starts to point to a hardware issue.

Steve

hi,
here we can find some refurbished Dell EMC SD-WAN Edge 620, for a very interesting price. But i don't know if they are "unlocked", they say in the description that "No DNOS Installed", and "Supports Native Linux OS provided by the VNF partners. Supports KVM or ESXi hypervisors".
so do you think that we can easily install pfsense on it ?

EDIT:
on a deleted message in reddit someone said :

Dell EMC SD-WAN Edge 604 is a C3758 CPU It uses the same Motherboard as the VEP-1445.

However if you change the OS, it will boot loop. You must install the BIOS from the VEP-1445 onto the SD WAN if you want your own OS.

To Flash the BIOS you need to first flash the Dell Recovery OS from the VEP-1445 to the eMMC of the SD-WAN. Once booted to the recovery OS you can then flash BIOS.

EDIT 2 :
look at that : https://www.etb-tech.com/dell-emc-vep1425-switch6-x-1gb-rj45-2-x-10gb-sfp-sw02212.html

Licenses Installed : OPNsense 19.7.10.1 Installed

It's the physical layer part of the NIC. See: https://en.wikipedia.org/wiki/Physical_layer#PHY

I would look on the FreeBSD forums or mailing lists for reports of using that board. Or that CPU and PHY combo.

Steve

Turns out the issue was the terminal emulator, was using securecrt which prevented the new page display. Putty worked just fine.

@wkn yes both switch and cables are checked ok

It's hard to recommend anything other that an Intel NIC. I would be looking at something X520 based.

Sure, you can make the script setup the switch in 802.1q mode and use VLANs to access each port individually. Or some combination of ports in different VLANs etc.

I'm not aware of anything specific but there are quite a few hardware variations. Disabling hardware checksum offloading is an easy test with pretty much no drawbacks.

Steve

@stephenw10 Yeah, right!
I think I'll return it, yes.

Yeah it seems that driver is linked to the kernel in a closer way than others.

When we move to a newer FreeBSD version you should get that patch anyway.

Steve

@madheff23 we did get the VDSL modules working, and they are working well.
The key trick for us on the 2100 was actaully the pfSense version - we needed to update (we were running 2.4.5x).

We didn't need to do any specific VLAN tagging on our service (i.e. ISP didn't require), but in the case where we do need to pass a VLAN tagged traffic, we created a vlan interface on top of the WAN interface.

I haven't got round to writing the documentation on doing that yet; I will get to it but in the meantime happy if you DM me and we can work it through together.

@stephenw10

Thank u Steve but those script seems to be too complicated for me to understand how to apply them. I have decided purchase 4 of Noctua NF A4x20 PWM 4 Pins fans. Hope it would help reducing the noisy fan from XTM5 unit

@makdonalds said in Pfsense 2.6 on Asus Chromebox 2 problem:

FW:MrChromebox-4.14

If it's running that (Coreboot) it's x86.

The error sounds similar to some other UEFI console issues we've seen.

Steve

Probably not. That looks like a PIC controller which could be running some custom code. It might require a significant reverse engineering effort.

Try disabling lcdproc and opening the USB serial port at the command line. You might at least be able to determine the serial baud rate it's operating at which would help you test other drivers. There might be some other clues there.

Steve

Same suggestion; connect re0 to re1 directly as a test and make sure the link comes up at 1G.

Steve

Any Intel X500 series NIC should be pretty well supported at this point. I've personally used the X520-DA2 without issues.

Steve

@gabacho4

pfSense is using FreeBSD
|---> Intel QAT Driver is supporting ChaCha-Poly
|--->CryptoDev system is using the driver
|---> WireGuard is using the CryptoDev system
|---> DPDK was used to code the WireGuard packet

@stephenw10 Thanks, saw the loader.conf.local stuff after I wrote that post, thanks for the reminder! I also didn't know you could pkg add - when pkg install realtek-re-kmod didn't work, I just hacked my way forward. Thanks for all the info!

Well try it and see if you have the hardware. The most difficult part of that is probably going to be setting up dual booting with OpenWRT and pfSense. I'm not sure I've ever seen anyone do that.

That's the renamed Netasq U30S right? So the same applies here with the unsupported switch?

Steve

@daemonix

Compex WLE200NX is able to get new for ~30 € and clone from other countries (same chip) will be able to get for ~10 €
so if you will be able to get hands on, it will be the best choice for you to insert WiFi in the SG-1100.

The Squid/Squiduard hangout was @jimp