Yes, use SSD. Any recent SSD should have a write count far exceeding what you can do to it with pfSense in any sane configuration.

If you are concerned, re-using an older SSD perhaps, you can still opt to move /var and /tmp to ramdrives significantly reducing writes.

Steve

Padlock is only supported on Via CPUs, unless you are running that you will see it look for and not find that hardware at boot.

https://en.wikipedia.org/wiki/VIA_Technologies#VIA_PadLock

Steve

@psulions5:

I tried the memstick image, the iso, and OS version 2.3.3, and 2.4 alpha.  I remember getting this thing to boot into the actual install once, but since then, it just won't.  Pretty annoying really :(

Im using the VGA console with a keyboard etc.

I hope its not to late, but in another thread a user with a Supermicro board was installing pfSense and it runs fine for him, but only after
doing some thing before, such as;

BIOS Update to 1.0b
If there is one available please do it also for your board Installing pfSense 2.4-BETA please
Please use the 64Bit memstick usb image and from there then a fresh and full installation on a mSATA or SSD. After installing and assigning the NICs and then please reboot!
Only after the reboot all NICs are shown up and showing also the right speed!(1GB/10GbE)

Here is the full forum threat about that. I bought a Supermicro 5018D-FN8T: The Chronicles

@Aethrios:

Now, the PVID settings I have on the switch give me some pause: I can only set one PVID per port, even if the port is used in more than one VLAN. Clearly, port 3 (pfSense) is a member of both the WAN and LAN VLANS, so I'm under the impression that it needs to be configured with a PVID of both 2 and 3, in order to properly pass frames between the different ports. Also, I've tried setting the untagged modem port ( 8 ) to a PVID of 2, since it's on VLAN_2. I believe this is correct?

The PVID setting simply controls what the port does with untagged traffic that passes into the port (traffic coming into the switch from a connected device).  If you want untagged traffic on a port in say, VLAN 50 (my VLAN number is arbitrary) you set the PVID to 50 and set the port untagged in VLAN 50. That would handle a client device that is unaware of VLANs.  The PVID makes sure any traffic entering the port that doesn't already have a VLAN tag gets tagged as 50, and the untagged setting in VLAN 50 makes sure that any VLAN 50 traffic passing through the switch will exit the port, removing the tag in the process.  You can only have one PVID per port.

Hope that makes sense.

Hi

I'm running an APU2C4 on a 300mbps link. I'm running Snort, Squid, Squidguard and lightsquid.

There's often 3 of us watching Netflix or Amazon or streaming some other media - including 4k, or a mix of that and online gaming.

The only time it struggled was with AV turned on, otherwise it's normally running fine without stressing the CPU or memory. It's such a tiny box, it's easy to keep out of the way, does get warm though :)

•2 LAN connections
•1 WAN connection
•1 Wifi connection
•300$ budget (maximum)

ISP line is 100Mbp/s

No additional packages required

For that point all several, smaller and greater appliances will be matching well!
If you really don´t need any packets and the internet line will be longer only 100 MBit/s it could also really be that
the SG-1000 will be enough for you! It is able to get here in Germany for only ~189 Euro, but over >150 MBit/s it
should be then the SG-2200 for sure. But adding then WiFi internally would be not the best thing regarding to the
heat inside of the case.

As an replacement for the ALIX Board you could also be getting happy with the APU2C4 but together with a mSATA
and WiFi Kit (card & antennas) you will be surely breaking the $300 with ease, not to much but a bit more you should
be counting for that.

Thanks to all for their replies and help!

Thank your for your replies and confirmation. I will look at SG-2220 again and see if there are any deals available in UK.

Thanks all, it's done after reboot and lets blug sfp with fibrer on SFTP+ port.

But I need the full speed for the basic stuff like: snort, squid, pfBlockerNG, maybe HAVP, SquidGuard, Darkstat

This means then to be a fully featured UTM device, and there fore you may need perhaps a little bit more horse power and RAM
on top of this. The APU2C4 is not really powerful enough to handle that amount of things.

I was curious if that little apu can handle so many plugins :) I can max out the RAM and I would go for an SSD for fast caching.

Jetway NF9HG-2930 & 8 BG RAM & 120 GB mSATA would be nice to serve that network load, not ot much but powerful enough.
All in all ~350 Euros I would think about.

I've been toying with going with my ISP's Gig package (1Gig down/50Mbps up),

Are you using PPPoE together with that 1 GBit/s Internet account? If not, then you may fine with the SG-4860 unit
from the pfSense store! Another user named gonzopancho was talking about nearly routing 1 GBit/s at the WAN
interface and +/- 500 MBit/s together with IPsec VPN. So I would say ask at first your ISP for that!

The SG-4860 is matching the Intel C2558, ass I am right informed.

Yeah, I'm just gonna pretend my account was hacked and that wasn't me.  ::)

The XG-1540, XG-1541 and C2758 all have 4 ports by default, but are expandable. We did do rack ears for 7551 too at one point.
And I concur 6 is 4+.  ;D

Steve

@pfBasic:

Yeah I use PIA VPN, those tests are synthetic and don't necessarily represent real world performance. You can run those commands in SSH.

But the performance you are getting is definitely a configuration issue.

I get 160Mbps real world usage on a J3355 and PIA VPN and the CPU isn't even working hard.

Granted, a J3355 will be faster than a J3455 with OpenVPN but you should still hey WAY faster than .5 Mbps.

Post up your settings and we'll try to get your VPN straightened out.

Thank you

I made a new post here on pfsense since I didnt want to hijack this thread. https://forum.pfsense.org/index.php?topic=129193.0

I ran the test in SSH:

256 cbc = 11.724s = 272.9Mbps
256 gcm = 11.329s = 282.5Mbps

128 cbc = 11.573s = 276.5Mbps
128 gcm = 11.094s = 288,4Mbps

pfsense 2.4b
Asrock J3455-ITX
2x4GB HyperX DDR3L 1866MHz
2x16GB SanDisk Ultra Fit

Mmm, hard to say how Squid could cause that.

I guess the peak bandwidth could be higher on the LAN from cached data. Not sure what you could do though.

Steve

@fatgump:

The dashboard report max as 2501MHZ.

I wouldn't expect the dashboard to dynamically report the current CPU frequency.  I expect that your CPU is working as intended and you're just not seeing the results indicated in the dashboard.