Uh, no reason you can't use those boards in a chassis with a redundant power supply. And two hard drives.

Hi jaj,

I think I've cracked this one. The problem is the ALIX3d2 is still doing USB discovery while trying to load the pfsense config. Adding a 20 second delay to the boot up process allows the USB dongle to be found before loading the pfsense config.

To do this, I did a quick hack to rc.bootup. Connect to the pfsense Shell either via SSH or serial port.

Allow the file/system to be read/write:
[[2.2.3-RELEASE][root@gw-ext]/root: /etc/rc.conf_mount_rw

Edit the rc.bootup script to add a sleep(20) line so that boot is pauses for 20 seconds before the configuration file is loaded around line 156:
[2.2.3-RELEASE][root@gw-ext]/root: ee /etc/rc.bootup

[snip]
// Display rescue configuration option
if($g['platform'] == "cdrom")
                rescue_detect_keypress();

// Hack for 4G modem
echo "Waiting 20 seconds for USB interfaces to found.\n";
sleep(20);

echo "Loading configuration…";
parse_config_bootup();
echo "done.\n";

[snip]

Make the file/system to read only again:
[2.2.3-RELEASE][root@gw-ext]/root: /etc/rc.conf_mount_ro

Good luck!

Thank you for your reply, Derelict.

I just want to let you and everyone else know that I replaced the Realtek LAN card with an Intel PT server card, and the problem pretty much went away. Way better performance. Thanks for your help!

Realtek's NICs are too risky so no thanks.

So Shuttle DS57U the safest choice even it doesnt have Wifi module + CPU might not handle all OpenVPN sessions with 100MB/100MB fiber connection?

128-bit AES/BF is fine.

Yes, it was a bug in the quote system.
Dealt with sales directly and got the SG-8860.

Password recovery procedure is well described in the manual. Feel free to PM me your email address and I will send you the manual.

@five0va

I was reading through that earlier (while working in the data center) and am thinking of venturing down that route.

And there is no way to buy a supported SFP+ NIC? Nothing? But a 10 GBIt/s from the ISP is available?
Hm, curios, if I can pay such an ISP up-link and have a need of this. I will be also having money to buy
a sufficient NIC that is supported by pfSense.

I still got a i3-4130 laying around which I will use first for sure, anyone any experience on how much throughput I could expect on that?

2 cores @3,4 GHz could handle 1 GBit/s line easy, as I imagine it, but mostly the total other stuff on top
of usage will be narrow down the cpu power, likes, snort, squid, ….

I will only need NAT and OVPN,

And the pfSense packet filter called pf, otherwise it makes not really sense, or?

My guess its limited with its 2 cores even though got AES-NI

Handling what kind of expected throughput is here more the question, or?
What do you need and/or what kind of throughput do you expect from this cpu?

Beauty I could just upgrade to a Xeon E3 once I get to the limits of this system.

At this days the best choice and way to set up a powerful pfSense firewall, only in my opinion!
4 cpu cores @ 3,4 GHz and Intel NICs would do the best job!

2nd option get a Intel Rangeley C2XXX are those capable of getting 1 Gbit through?

With 4 or 8 cpu cores you will reach the goal, for sure, but this is also related to the circumstance
how many packets you will be also installing and running. I think better to go with the 8 core variant
the main difference would be something around $20 - $30 more for an 8 core variant.

What would be the OVPN performance since it got AES-NI and QuickAssist (if that is yet used in pfSense)

AES-NI is integrated up and running in pfSense, but as I am informed right, mostly the IPSec performance would
be benefit from this feature, correct me please if I am wrong. Intel QuickAssist Technology or QTA is so brand new that I only can imagine that they are working on it,
but there is no action at this time, and the first devices would be more their own sold appliances because
from them they know all other hardware inside, so if this would be entering the community images, we have
to wait a long time as I see it right. Too new function.

Here is a bit reading stuff about AES-NI related to OpenVPN & IPSec
Cryptographic Support
Few small words about it in the Blog
Small conversation on pipermail about it
So you will be able to build your own mind about it.

I also had a look at Mikrotik routers since the Policy Based Routing in RouterOS looks promising but I my take is, its easier to upgrade pfSense boxes.

For sure a total other kind of device/system, but;
A RB1100AHx2, CCR1016 or CCR1036 would be do this job for sure also
as I see it right.

Under pfSense Hardware Requirements the SG-2220 is not tended to
handle 1 GBit/s WAN throughput as I see it right, perhaps this platform is pretty to new to expect something from.

I think more users must be having the hands on that device and perhaps writing a review or post their
experiences.

I am using Sierra MC7700/ATT in DIP mode with good results, Although it is a internal module. It saves the headache of modeswitching the device from mass storage device. You could mount one in a miniPCIe to USB adapter with SIM like above suggestion.

Here is a cheaper bare version:
http://www.amazon.com/DN-Wireless-Adapter-Module-Testing/dp/B00T2FPC2A

Browse this board for posts by Stephenw10 (Admin): Steve has advised around 7 billion people ( ;D ) on hardware.

The G3260 will be fine on a 100Mbit connection along with Snort, Dansguardian.. etc.

@SisterOfMercy:

@invade:

mm I notice there's extra holes on the side, is it possible to move the mobo one more?

Of course the network ports stay in the same place, don't they?  ;)

I wonder what kind of chassis it is, maybe supermicro will say something about the correct riser to user, or maybe it's more suited to mATX boards.

Yeah, I thought about moving the mobo over to the right and use those other holes, until I realized that nothing would like up with the front panel any longer if I did that.  :)  I agree that those holes are used with the slightly wider mATX boards, in which case the rise I have would have worked.

The chassis is a Supermicro CSE-503L-200B and the motherboard is a Supermicro X7SPA-H-D525-B.

@harvey666

I have a high end Intel NIC and with only out of box settings,

Nice to know what exactly card you are using!

@derekdw:

B) doesn't work with this box (some msatas have issues with some devices)

Regarding mSATA & compatibility, it is just SATA with power, on a different type of connecter.  Unless some manufacturer (board or mSATA) are grossly not following the standards, any should work with any.  I have mSATA from 16GB - 512GB, from at least 7 different brands and all have worked in everything I've put them in (even mSATA -> SATA adapters).

I suspect the thought that some "mSATAs have issue with some devices" is that not everyone understands that just because it fits in the slot, does not mean that the slot supports mSATA (which you know from the 2440 you have).  The connector for mini PCI-e/mSATA has about eight different types of configuration.  These include the possibility of USB in the slot, SATA (supporting mSATA) in the slot, PCIe x 1 lane, different power options in the slot, etc.

I'm using a jetway motherboard with a 3x Intel Gig daughterboard. I have a dedicated LAN port on the motherboard and the guest port is on the duaghterboard. Both connect to a netgear managed switch. As mentioned, I have recently changed to a new managed netgear switch. This setup worked fine for a several years. While writing this however it dawned on me that while I had other interfaces working on that daughterboard, that does not mean that this interface is still in physical working order. I have moved my guest network to an open port on that same daughter board and will be testing it out.

I have 1 machine that I use for personal use running this exact same processor:  64 X2 Dual Core Processor 4200+

Seems to have no problems with my fiber connection.

Why don't you install the connection first then speed test it to see if it saturates your NICs /CPU?

Then upgrade if its not up to it?

That silverstone looks nice if you are in the USA. Unfortunately im in AUS, so >$100 for a silverstone case which should cost $30 is a bit of a joke.

Ask friendly at Yawarra.com for a slim case and a custom made front panel.
They are directly in AUS!

4 and 2 port cards where shown above, but if you want a really good and supported single port card
you can also go with a Intel server network adapter I210-T1, it is brand new and there for not really
cheap to get, but working fine for me.