We recently updated some of our PFSense boxes and went with the APU.1D4 board for the Gigabit Ethernet ports.

Sorry if this sounds now a little bit hard to you, but there are no Intel GB LAN Ports on the PC Engines APU1d4
only the new boards from them will be sorted with Intel GB LAN Ports! (APU2B2 i211AT / APU2B4 i210AT)

We are monitoring the entire network with PRTG in our company, its working fine together with the
APC USV, Kentix sensores and pfSense also on Alix & APU Boards.

To have a workaround you might be spending money for a small RaspBerry, Banana or Orange PI and install
Linux on them together with CACTI and MRTG you might monitor this PC Engines APU device much better as
now.

Appreciate it!

The Jetway products seem to be a problem finding a supplier for but my search for Axiomtek suppliers is delivering more results.

@pwest:

i]chose the embedded kernel option, but it is possible that my selection 'didn't take' (i.e. I selected it, but the installer ignored my selection).  For me, those configuration screens suffered from ugly font problems and did not instill confidence.

It's not you.  The 2.2.4 ADI image is obviously broken.  I finally figured out on my Mac the terminal emulation for the Fkeys is broken (no matter what I pick) so I wasn't getting the BIOS boot manager - it would slip to GRUB which was annoying.  Talk about picking a dumb key for a bios boot menu - hey, the PXE boot config uses control-B - how about something more universal like, I dunno, ~~for a boot menu?!?  But I digress - I was able to get into the boot menu in PuTTY on Windows (annoying, but at least I got over that hump!)

Like you, I clearly picked the NO VGA option, yet on the post install reboot it's clearly ignoring the serial port and loading the VGA driver.

Which is beyond annoying.  I'll web in on the default 192.168.1.1 - but it's rediculous and I shouldn't have to.

Has anyone from the pfSense build team actually wrote the current ADI image to a flash drive, installed it on a 2220 and seen for themselves that IT DOESN'T WORK?

Also on the installer, it would be LOVELY if in addition to the faux GUI selection there were honest to goodness menu choices so that on a critical screen like the VGA or No VGA I could press 1 for VGA install or 2 for No VGA/Keyboard (Serial) install and KNOW that was the selection I really made to remove doubt like this.

I can't believe I've blown half my night on something that shouldn't be anywhere near this ambiguous. ~~

@BlueKobold:

If the pppoe is really and only running on only one CPU core it might be perhaps then also really
impressive what this small Atom based 8 Core CPU is delivering here in this test.

Agreed.  It's both disappointing that with PPPoE I cant get 1gb, but it is impressive to see that one of it's cores is pretty capable.

For sure there is then mostly also coming on top the application overhead and this might be different
from each OS to others for sure. You can also try out a IPFire, OpenWRT, SmoothWall or ZeroShell
and do this test once more again, then you will be sure this is not related to the used hardware, this
C2758 board is really fast and powerful.because this operating systems are not coming with the one
core problem on pppoe beside!

Yeah.  I'm pretty content with pfsense and my 700-750mbit/s :)
I've been doing alot of playing around, and the fastest i've gotten from the other end has generally been 200-250mbit/s :)  So my connection is rarely a bottleneck.  hehe.

I would like to play with different things, but I don't have extra hardware sitting around, or time to install different OSes on my router to test out.  Since this is the primarily router running the network for my entire house (and just about everything my wife and kids do is internet related) someone would kill me if our network was on and off alot.

Would be nice to hear from you what you got with another installed system that is not
coming with an multicore usage problem. But on the other hand an Atom Core is an Atom Core
and if peoples will be able to route 1 GBit/s on WAN with SPI & NAT also, only using other CPUs
it would be more tend then on the "small" Atom CPU Core, as I see it right, but with more electric
power consuming.

Intel Celeron J1900 @2,4GHz
Intel Celeron G3260 @3,2GHz
Intel Core i3 and Core i5 CPUs (not the smallest ones please)
Intel Xeon E3-12xx v3/v4 Dual or Quad Core CPU
Intel Xeon E5-2600 v3 CPUs

So if this problem would be solved out you will be happy with this C2758 as I see it right
because they are working on it, because they are selling the boards that are based on the same SoC.

I'm not sure if you remember, but i commented on something similar on the build thread for this particular router build.  I was getting 930+mb/s up and down between a host on the WAN interface and a host on the LAN interface.  So when PPPoE is NOT in play, and it's simply routing traffic, absolutely this build will route gigabit NAT speeds.

I'm actually thinking of buyinga /29 just so I can switch PPPoE to the centurylink provided router and reconfigure pfsense to just do routing through one of the external /29 ip addresses.  But realy, it's silly to pay $20/month US, just to be able to get a speedtest score showing 930Mbits vs 700-750 :)
I had a /29 with my comcast business line, but only reason why I needed that was I didn't want to deal with the hassle of a DMZ and also dynamic DNS.

pfsense makes both a firewalled off DMZ interface and dynnamic DNS updates super easy.

I'm not sad.

Err, why I can only click "thank you" once, then it disappear?…lol

Wow. Ok, it's now working.  ;D ;D ;D ;D  I can see the Realtek on board nics and now the Intel ones.  Here is an extract of the pciconf -lv output:

re0@pci0:2:0:0: class=0x020000 card=0x816810ec chip=0x816810ec rev=0x06 hdr=0x00
    class      = network
    subclass  = ethernet
re1@pci0:3:0:0: class=0x020000 card=0x816810ec chip=0x816810ec rev=0x06 hdr=0x00
    class      = network
    subclass  = ethernet
atapci0@pci0:4:0:0:    class=0x010185 card=0x2363197b chip=0x2363197b rev=0x02 hdr=0x00
    class      = mass storage
    subclass  = ATA
em0@pci0:5:4:0: class=0x020000 card=0x10768086 chip=0x10768086 rev=0x05 hdr=0x00
    class      = network
    subclass  = ethernet
em1@pci0:5:6:0: class=0x020000 card=0x10768086 chip=0x10768086 rev=0x05 hdr=0x00
    class      = network
    subclass  = ethernet
em2@pci0:5:7:0: class=0x020000 card=0x10768086 chip=0x10768086 rev=0x05 hdr=0x00
    class      = network
    subclass  = ethernet

It (unsurprisingly) was the problem most people have been having.  the board was not attached correctly!!  Man, you nearly need to brake it to get it to fit correctly.  Anyway, thanks for all your help.

Greg.

[Pfsense nic issue.txt](/public/imported_attachments/1/Pfsense nic issue.txt)

Any suggestions from anyone who has purchased hardware that handles the amount of nics I need?

Lanner is really assembling fine hardware, not cheap, but running well if it supports your favorite OS.
So please be sure at first that this appliance is supporting a native install of pfSense on it, it might not
be tending on the hardware it selfs but more on the BIOS of the Lanner appliances.

The second thing you must be really sure right supported by pfSense is the following,
the chips on the expansion modules must be supported well by pfSense otherwise you
have the needed amount of LAN ports but you will get now access through them.

If you are able to choose a Intel Xeon model by your own I would personally go with a 4 real Core
and 8 HT Core model that is not running under 3,0GHz.

Go buy using a SSD that is suitable to handle the amount of cached data if you try to use the Squid
as a caching proxy server in pfSense with ease.

All other things depends more on the installed packages and the offered or running services on the
entire device. Should it be at someday perhaps SFP+ uplinks to the DMZ and LAN Switches what then
perhaps you could have a look to get your hands on an appliance that comes with 2 PCIe slots for
upgrading it matching your needs.

In the pfSense store are also two sorts of Chelsio server grade NICs that are sorted with SFP+ ports
on the cheaper is able to handle many VLANs and offload this task from the pfSense platform to let
the CPU save much power. The more expensive one will be able to offload the entire NAT task form
the pfSense appliance. It would be not unwise to ask before buying the appliance and the cards at
the pfSense store and Lanner whats going on here with this hardware.

They are low cost, readily available..

On the first look this might be a hit, but on the second it isn´t really a gain.
There fore that this Routers comes with a small ASIC or the job will be done in
silicon and pfSense is a software firewall. This small routers are also often based
on Broadcom Chips and as Harvy66 was saying it first pfSense will be X86(_64) only.

if not what is preventing it ?

There is no Broadcom fork of pfSense and if you install pfSense and some
packets like Snort or Squid or on top HAVP these devices will be not sufficient enough.
So OpenWRT or DD-WRT will be much faster on those devices as pfSense I think.

pfsense will be awesome in arm or mips ..

Yes but there is no MIPS fork for now as I see it right, I don´t know if there will be one at some days
it could be cool because of the wide varying models from some vendors with MIPS based routers.
MIPS could be really interesting related on the well known and wide spread out
MikroTik and UBNT routers. This will be devices with much more horse power and
right sorted with enough LAN ports that will be matching right for our all needs more.
From the lowest bottom starting at ~$60 to the highest top ending with something around ~$1500.

UBNT EdgeRouter Series with ~8 models MikroTik Routers with RB433, RB435G, RB450G, RB493G, RB1200

ahaha i didn't realize there was so many "my usb nic sucks" threads here.  i guess i'll see if we have any old spare vlan switches at work.

too funny  ;D

Ok thanks !

@BlueKobold:

Then the picture from your former post is the newer one with all things on top?

Yes.

@BlueKobold:

If it is not too much for you I have also a couple of questions about this NA-342 appliance.

How much fast is your Internet connection? And how good the NA342 is handling it? How many packets you have installed? Snort, Squid, SquidGuard, DansGuardian, HAVP, SARG, Apinger,….. Can you provide a number of throughput for any kind of VPN? Are you using WiFi or did you install a mSATA?

I use the NA342 in the server center. no NAT, public IPs, VPNs, router with port filter, 50mbit symmetric, no packets installed

when transfering files via wget, there is no difference if the NA342 is in between (different network segments / VLAN / just routing).  ~ 112MB/s OpenVPN (aes-128-CBC, BSD Crypto engine) is getting full speed: 4,5MB/s (35% processor utillisation), without VPN I get also 4,5MB/s (whicht is the current bandwith 50mbit) no Wifi, no mSATA, using CF in the first and SSD in the second NA342.

br
Klaus

anyone know what the (feature) difference is between these two?

Please open both links and then read about the given features both cards are offering
and then you will find it really fast out by your self! Its only comparing against nothing
magical or mystical. The rest was told by @Keljian to you. As a short example:

full offload of the NAT function (at 10 GBit/s) full offload of the VLAN part
compared against full offload of the VLAN part

And now let us imagine that this card should be acting as a WAN Port(s)!
So you will easy find out this would be done by the more expensive card
with ease and the other is not offloading that task from the pfSense firewall.

So there are many features and functions that will be offered by the expensive one
but not by the less expensive one!

P/s: may my machine with 32 bit ( 3G ram) can set kern.ipc.nmbclusters="1000000" ?

Try it but step by step to see how the free RAM is going down and think about you will need some
for the rest entire pfSense.

i swear, i dont know kern.cam.boot_delay=131072 whre from.

And I was not recognizing the time delay time interval!

@BillBraskey:

Just to clarify, the only machine in the bunch that has the AES-NI instruction set is a dual SIX-core Xeon (3.4GHz) with 96GB RDIMMs and a SAS array.  Seems like overkill for a dedicated router/firewall.  Methinks I should virtualize pfSense and run it on a fraction of this computer….

Total overkill, virtualise away. PFsense works well virtualised.

I did not buy that item.
$400 seems a tad high for used…

The PC Engines ones shown here under the link in the next line are also not fine working, because TRIM support
is disabled by the new firmware. PC Enignes 16GB mSATA

Some older models of some vendors are also not supporting the TRIM command, so please
have a look at the tech specs. from the model you want to buy.