@tdale:

Thanks! I'm out getting lunch right now when I get back I'll try that. I'm taking it down to the datacenter tonight I'm trying to figure this out before then haha.

If you can't figure it out in time, just take a ton of pictures. If needed, take the whole display unit out and disassemble it and take pictures of everything.

USB Ethernet adapters are bad, don't use them. If you must: get a supported one but don't expect high reliability or speed. Desktop users often don't notice problems because the way they use it often doesn't show much problems. Firewalls/gateways have a different usage pattern and different needs, so the same hardware might not work as well as you think. On top of that, the drivers are often lacking and have firmwares missing (which is what you currently might be experiencing – the chip [ not made by microsoft ] probable is functioning in a basic 100Mbit mode because the driver in FreeBSD can't or won't load the chip firmware via USB into the adapter to enable the extra functions).

@cyberlocc:

there is a pretty big diffrence from a core 2 quad at 3.5ghz and a kaby lake Xeon at 3.5ghz.

No kidding.  That guide is ancient.  ~150 users/nodes shouldn't be a problem even with the most basic of hardware (that otherwise meets your 1Gbps requirements).  I'm serving that many nodes with virtual machines that have 1GB of RAM.

@Waqar.UK:

@iormangund:

True, it is a lot, but I have yet to find a decent small fanless equivalent other than a shuttle ds77u. At least that has intel nic and aes passmark score over 1k.

Thanks to advice from this forum you can build an i5 for cheaper.

The part that's causing me the issue though with building one is the motherboard, all ones I have found that would be perfect for the job would need a bios update for kabylake, and I don't have a skylake chip to do a bios update with.

Emailed some manufacturers asking if the boards in question will post with a kabylake for an update but no response yet. (I know I could just get a standard board, but if i'm building my own I want ipmi and at least 2 intel nics, ie Jetway NF592-Q170. No kabylake compatible boards that don't need a bios update that fit that afaik)

I have a XTM 535 and interested in it as well.

Now that XTM 53X are dropping in price as network engineers are upgrading to newer hardware, a good opportunity to revisit the new generation of XTM 5 series of routers. XTM 515, 525, 535, 545.

Thanks for suggestions guys.

I will contact netgate also for models and support.

Thank you.

^That.

When 2.4 is released the Core-e will essentially be obsolete though there will be security updates for 2.3.X for some time should it be required.

Even if that were not the case all of those boxes are now very old with likely many many thousands of hours on them and the component failure rates to match.

As much fun as I had with those boxes I could not recommend anyone does so now if they have another choice.  ;)

Steve

Jus got new record

IPSec AES-256-CGM - 326 Mbit/s


Update for anyone interested, the EVGA SuperNOVA 750 G3 PSU did not arrive on time Saturday by 8 PM as promised and paid for, so I called FedEx and asked that they return the package before delivery.  Got confirmation that Amazon would provide a full refund so I ordered what I hope is a correctly sized power supply.

Remove EVGA SuperNOVA 750 G3 PSU -$140.85
Add FSP Group 700W PMBus V1.2 $179.99
New Total:  $930.84

I will probably continue my search for a cheaper alternative that supports AES and use this particular system for something that can actually use the horse power.  Right now the Watchguard XTM is working great!

Y-ASK

@Routerb:

Can this be done?

In short: No.

All-in-one with internal VDSL2 Modem is not easily possible and Wifi is, as you already pointed out, better served from an external AP.

@Routerb:

Internal Wifi or am I better off just adding UBIQUITI ACCESS POINT

external AP.

@Routerb:

Failover 3G/4G

checked. Use an external 3G/4G modem, aka stick.

@Routerb:

VDSL2 support

nope, not in a single box.
Unless you find a working VDSL2 modem that fits into an internal PCI-what-have-you slot.

@Routerb:

OS PFsense

checked.

@Routerb:

All build into a minipc fanless device

dreamer.

@Routerb:

VOIP port

define your needs, this is usually just another ethernet port. If you're talking POTS then no.

This has been discussed several times before on other threads. My experience with a cheap ebay i350-T4 has been very positive since I bought it. Stable as a rock and appropriately fast - and as far as I can tell it's using genuine SoC's.

https://forum.pfsense.org/index.php?topic=74158.msg569894#msg569894

"i agree and i already do this…. unfortunately only wireless n"

Does this support guest??  Ie vlans?  What are you currently running for your external AP?  How many do you have?

If what you want is guest or multiple wifi networks that you can segment then yes get a external AP that supports vlans is what your after.. Why not take the opportunity to update your current external AP that only does N to something that does AC, shoot for that matter AC wave 2 ;)

OK, thank you.

Hi,
in the past i had used some USB wifi devices with RALINK RT5370 chipset. Most of them work in AP mode, but some won't do this very long.  ;) They run very hot and died after some days/weeks.
And also only 54 Mbit!

So i prefer to use an external AP!

best regards
Dirk

@ivor:

Why dedicated hypervisor running only pfSense?

I already have another hypervisor running my other projects.

I understand not all motherboards do PCIe passthrough well. Does anyone have experience with this?

As long as your CPU and motherboard supports VT-d, you're good.

Really? I thought it needed IOMMU support, which some people have had trouble with.

If this is your only concern, 2.4 is a better choice as it supports ZFS.

Config backups and restore is a great way to get back online after bad configuration. You can always restore recent config from the console (option 15). These are automatically made every time you make a change within the GUI. Because of that, I believe you may be overthinking it with virtualization :)

Hmm, maybe. I have a friend that does a virtualized setup so he can easily test multiple pfSenses snapshots and that like. I also might be doing some custom modifications to pfSense so I would like having separate installs under a hypervisor as well.

Most x86 hardware except for super embedded platforms supports virtualization as I can gather, just concerned about PCIe passthrough.

Thanks

Yeah we did get a bit carried away looking for the LED control.  ;)

However the IP390 is a 32bit platform so it will not be supported by 2.4 anyway. There will be security updates for 2.3.X for some time after 2.4 is released though.

I'd advise you just get a 2/4GB CF card and run Nano with that for now.

Steve

I think but am not sure PT is a server class card, CT is definitely desktop class.

Also 500MB is megabytes not megabits ;)  Plenty of capacity for a gigabit card.

@Balanga:

How do I tell what protocols my modem supports?

Assuming you have one of the popular Huawei LTE modems like 3272/3276/3372 the rule is very simple:

with 21.X firmware you have a choice of RAS (PPP) and NDIS (network card) with 22.X firmware you have a NAT router (HiLink)

All I want to do is get my Modem to act as an NDIS device. Do any of those protocols equate to NDIS?

Here is an example with E3276:

AT^SETPORT=? ^SETPORT:1: 3G MODEM ^SETPORT:2: 3G PCUI ^SETPORT:3: 3G DIAG ^SETPORT:5: 3G GPS ^SETPORT:A: BLUE TOOTH ^SETPORT:16: NCM ^SETPORT:A1: CDROM ^SETPORT:A2: SD ^SETPORT:10: 4G MODEM ^SETPORT:12: 4G PCUI ^SETPORT:13: 4G DIAG ^SETPORT:14: 4G GPS this is what modem supports AT^SETPORT?                                                                    ^SETPORT:FF;10,12,16 this is what I have active
This combination or composition as I referred to it earlier affects USB device PID which is presented to a host system and used by the device driver. In the example provided earlier this corresponds to "idProduct = 0x1506".

So 'FF' means I don't need anything before the driver installed, 10 is PPP interface, 12 is a COM port used for commands (PC User Interface), 16 is a network card.
3g driver in pfSense will pick first two.

There is no native support for NDIS in pfSense, some people were successful using custom scripts to bring the connection up.

using ppp, I need a Userid and password. I don't have these and can get online without in other environments.

In most cases you can leave those fields empty or put whatever you want in the username field.
Some carriers may require the phonenumber to be used as username with no password.

Indeed there's no 802.11ac support in FreeBSD and hence pfSense at this time.

Additionally there is no M.2 socket in the SG-4860. There are mPCIe slots you can use though.

Older Atheros based cards will work such as the one we previously stocked:
http://webcache.googleusercontent.com/search?q=cache:BGgZhXcr-o4J:store.netgate.com/APU-wireless.aspx

Generally though you can usually get better coverage by using an external access point.

Steve