So maybe mbuf should be set to 1000000?

On boards with soldered onBoard RAM or memory you could not go higher in the amount of RAM,
because it is soldered on the boards!!! So be careful with this number (1.000.000) perhaps you
might be beginning with 100.000 or less, for not ending in a booting loop if the RAM amount is
to small after changing the mbuf size. On boards with an DIMM or S0-DIMM socket this would
be not a problem, because you will be able to change or high up also the amount of the entire RAM.

Gotta say, I don't mind supporting the project but I would be remiss if I didn't mention for others considering it that when you order from teh store you should expect some delay since I imagine they are drop-shipping it.

Mine sat in fulfillment for 3 business days then shipped yesterday. So now the device I paid extra to get 2 day shipping on will be in transit for 5 days. I get this is that time of year and the holidays screw up online commerce royally. Just was hoping that since I ordered this after Christmas they'd see we were on a short week and try to get my order processed so I could get it this week.

Oh well…  :(

I do 500Mbps on mine with IPSec!

@daileycomputer:

I've got a Netgate RCC-VE 2440 with a 128MB mSata. I installed the Netgate ADI image. There's no package manager in the web interface.

Which image?

@irj972:

having spent time configuring a AP9617/AP9630 for NUT and auto shutdown of several servers etc, I suspect a plug in adapter like that will turn into the least of your problems! The APC line are well supported and definitely worth another look.

hehe, is that hard? :D

I have the same problem. I am running a 5 years old AMD64 box (AMD Athlon 64 X2 Dual Core Processor 4800+) on a ASUS motherboard. I have two NICs one of which is an Intel Pro 100/1000 and the other a Marvell Semiconductors Yukon 100/1000. I have not yet created any custom firewall rules. When the install was fresh I could run PFSense for a few seconds to a few minutes before Pfsense stopped serving requests. The first trouble-shooting thing I did was to turn off any equipment that might compete for DHCP addressing, but to no avail.

After realising that the Gateway-log was full of error messages such as those below I stumbled up on this topic.

Dec 30 09:16:08  apinger: Could not bind socket on address(90.226.210.126) for monitoring address 90.226.210.1(WAN_DHCP) with error Can't assign requested address Dec 30 09:16:09  apinger: Could not bind socket on address(90.226.210.126) for monitoring address 90.226.210.1(WAN_DHCP) with error Can't assign requested address Dec 30 09:16:10  apinger: Could not bind socket on address(90.226.210.126) for monitoring address 90.226.210.1(WAN_DHCP) with error Can't assign requested address Dec 30 09:16:11  apinger: Could not bind socket on address(90.226.210.126) for monitoring address 90.226.210.1(WAN_DHCP) with error Can't assign requested address Dec 30 09:16:12  apinger: Could not bind socket on address(90.226.210.126) for monitoring address 90.226.210.1(WAN_DHCP) with error Can't assign requested address Dec 30 09:16:13  apinger: Could not bind socket on address(90.226.210.126) for monitoring address 90.226.210.1(WAN_DHCP) with error Can't assign requested address Dec 30 09:16:14  apinger: Could not bind socket on address(90.226.210.126) for monitoring address 90.226.210.1(WAN_DHCP) with error Can't assign requested address Dec 30 09:16:15  apinger: Could not bind socket on address(90.226.210.126) for monitoring address 90.226.210.1(WAN_DHCP) with error Can't assign requested address Dec 30 09:16:16  apinger: Could not bind socket on address(90.226.210.126) for monitoring address 90.226.210.1(WAN_DHCP) with error Can't assign requested address Dec 30 09:17:48  apinger: Starting Alarm Pinger, apinger(26023) Dec 30 09:36:25  apinger: Starting Alarm Pinger, apinger(21795)

Starting out I had put the LAN Interface on the Marvell card, but that caused the Web Configurator to become unresponsive as soon as the link went down. Then I switched the interfaces (so that the WAN Interface uses the Marvell NIC) with the somewhat positive result that I could at least reboot the system remotely when the link dropped as it kept doing after a few minutes after rebooting.

After checking "Disable hardware TCP segmentation offload" in System -> Advanced, Networking tab as advised by David_W in the thread https://forum.pfsense.org/index.php?topic=96325.15, uptime increased from minutes to hours (at least in some cases, but sometimes it is minutes still).

I have now also tried the changing the System: Advanced: System Tuneable net.net.tcp.tso variable from 1 to 0 as advised by julicravo, but that made the system more unstable as changing that variable caused the system to stop serving request just a few minutes after rebooting. I must admit though that it is somewhat hard to tell if the net.net.tcp.so made any difference for the better or worse.

Right now I am running my WAN on the onboard ethernet and my LAN on the 1 GB Intel Pro NIC and this configuration works great.

I believe there is a bug in the FreeBSD Marvell driver. I will replace the Marvell card with an Intel. Will pfsense auto-detect if I switch NICs and install the proper drivers by itself?

You might be using squid as a proxy server with user authentication to work it out.

I am planning to go with the A1SRi-2758F, as so far I understood it works with pfsense.

Im not in a big hurry for this project so I am taking all steps easy. I just finished making the list of all hardware (combined with what I can easily order).
So next step is truly ordering it and then I can continue.

Wont be days, but I will. :)

First thank you for taking the time to reply to my thread, secondly I really didn't appreciate the condescending tone your entire post oozed with. I could be reading into it however you came off incredibly crass.

This is owed to the circumstance that the english and american language are not my mother spoken language
is, and there fore I have not so good english language skills and very often peoples are responding the they
mean the entire tone is rude or not well formed. I don´t know their German language skills but I am pretty
sure they will also not even hit the point they want in my language.

The hardware which I am referring to is in the link below;
http://store.netgate.com/ADI/RCC-VE-4860.aspx

The ADI and pfSense store hardware are fully identically and it can be told it is like from the same house.
And this is an open secret for the most peoples here in the forum. One is sold with CentOS and one is sold
with pfSense to support the entire project.

Same motherboard and functionality from what I can tell in terms of hardware (minus wifi as the 4860 1U page does not state it comes with it).

If you have a rack, you must not mount this SG-4860 box, you should also be able to insert it on a shelf inside
I really think there are not problems with this.

They'll all show some interrupt usage, that's part of how computers work. If your hardware's significantly oversized, especially CPU, relative to the amount of traffic you're pushing, it's probably a fraction of a percent. It's perfectly normal to have more interrupt load than that though, including well beyond what you're seeing if you start pushing a lot more traffic.

The interrupt load itself wasn't a problem with your Realtek NICs. Some of those NICs just fall apart under load, and the interrupt load increasing is just what happens when your NICs are under more load.

I would go with a single enterprise class SSD vs. a RAID array of spinners; no moving parts, less heat, better reliability, lower power usage, and longer runtime on UPS.

@StuBoy:

I am new to pfSense, but built my system on this hardware …

http://linitx.com/product/linitx-apu-1d-4gb-3nicusbrtc-pfsense-msata-firewall-kit-red/14243

It's been rock solid, only consuming 6w of power.

Stu

It´s a PC Engines APU1D4 board and really fine for pfSense, but now one month before the upgrade Board APU2
is coming out, I would more tending to wait this month or two, to get my hands on the APU2B4 board with;

ECC RAM AES-NI support Intel NIC based LAN Ports Quad CPU Cores @1,0GHz same case and dimensions

Do you have any old hardware to sacrifice to the cause?

Really if all you are doing is experimenting, even an old laptop will suffice

I have the ASRock J1900 with a dual intel nic (x2 PCI)  and w/ careful trimming of the back of the x1 slot have had it working just fine for nearly 1 year.

I am getting 1U system NDis 166 . it has 8gb ram 64gb ssd. i7 2620M cpu. dual intel nic.

It would be fast and rally powerful, but how fast is only guesswork and mostly pending on the different
configuration.

how good it is for pfsense wrt to vpn (no other pakeges would be running ) ? what could  be its throughput ?

Again the throughput is pending and related to the whole configuration, offered services, used protocols
and installed packages.

Jimp,

There's an issue with the hardware (SSD) because fsck just doesn't work.

Thank you for the reply.

Edit: I just looked up Supermicro's D-1548 offering. They have nothing yet. In case I am ready to pull the trigger before they actually come up with something, should I just get the 1528? I don't think my Internet speeds will goto to even 100Mbps in the next 5 years. So my only concern is openVPN over the fibre line.

Anyone?

pfSense store SG-2220 or SG-2440 units should do the job RCC-VE Desktop: Atom C2000 series units are also able to realize what you want Intel Celeron J1900 or N2930 units should do this job perhaps also fanless on top PC Engines APU1d4 or APU2B4 (Q1/2016) are also good enough and fanless on top

What if you disable snort?