@Jason:

@Harvy66:

What causes more of these to get used?

@Jason:

The Intel igb driver, by default, sets up 1 queue per CPU core per NIC.

… in pfSense 2.2.    (Which is the correct default.)

@Jason:

The C2750/2758 Rangeley boxes have 8 cores & 4 NICs.

C2750 is Avoton, not Rangeley.

@Jason:

I ran into the same issue with my boxes at work which have (8) logical cores, (12) igb NICs, and (2) ix NICs.  You can either restrict the number of cores, the number of queues, or raise nmbclusters.

raising nmbclusters is, by far, the best approach here.

No idea what package you mean.

Download the i386 ISO from https://www.pfsense.org/download/ Install on some PC/laptop. Set up the primary console to serial (System - Advanced - Admin Access tab) Shut down and attach the HDD to Alix.

Site2Site is traditionally IPSecs business. You could try tinc, it's really cool.
For end users, I tend to use OpenVPN because it's no hassle to install at all. But there are other cool solutions on the rise, waiting to be audited and to be proven. I particularly like the concept of SigmaVPN, utilising djbs NaCl for secure encryption at blazing fast speeds.

In the case of OpenBSD, I also tried to deploy IPSec for end users and it did work well, too. (However, IPSec on OpenBSD is foolproof to install. I did not fiddle things out  on pfsense) If you look out for papers, IPSec is superior to all other VPNs in terms of speed, jitter and performance on bad network conditions. It has very little overhead, too. That comes in handy if you're working on the go using 3G and you used all your high speed data on your mobile plan - while OpenVPN tends to fuck the whole situation up (No productive work possible on RDP, ssh seriously delayed in comparison to IPSec), IPSec performs pretty well.

I'm however continuing testing. Hope I could help.

I builded my last box (few months ago) with the Jetway NF9N with Intel Celeron N2930 and their GEN2 4XNIC Intel Daughter card. Totaled about $220

It is working very smoothly, then again my load is very low, home environment, 1 EXSi server (3 instances),  1 NAS, 1 Workstation, handful of mobiles devices.

@def4:

sure that a fitlet X A10 is too slow? It seems to be the most powerful device on my list…
Why exactly does Soekris suck?
in case of the beagle I'd try OpenBSD... It's just a "can the hardware handle the load" thing :)

By what metric do you think the Fitlet X is the fastest system?

Soekris sucks because they release half-baked products at prices 50% higher than the competition 12 months later than everyone else and take years to fix issues, if they ever do.

Pricing is now there

https://forum.pfsense.org/index.php?topic=86793.msg492134#msg492134

@BeerCan:

Is the 4GB eMMC flash onboard used to install pfsense?  or is that for something else?

I suppose it could be.  For a full install with snort, squid, etc. you'd want a mSATA card.

No prices announced… So let's wait and see how expensive this machine is going to be.

No, I think most people in this thread were already aware of the current aes-ni support.

Steve

I recall from my dodgy memory that was fixed a while ago now, like maybe mid 2014 in an earlier 2.1.x build.

thanks for the quick answer ;) i think i will try to get a intel dual card then

@Jason:

If you PURCHASE a pfSense appliance from either source you will get the VPN add-on; cmb said that the software loads are identical.  If you DOWNLOAD a free copy of pfSense you do not get the AWS VPN add-on.

Correct.

It's in that link above.
The 2D3 (500MHz) will push ~20Mbps as long as you are using the correct cypher (AES 128bit) and have glxsb selected.
128MB though is too small to do anything useful you have issues. 256MB is the minimum.

The Alix 2D3 has a 500MHz CPU and 256MB RAM. The Dell is like a Supercomputer in comparison!

Steve

I've upgraded from 2.1.5 with squid3-dev proxy installed, to 2.2 with squid3.4 
I'm not having trouble with https sites.
I use an intel PCI-express dual card.

em0: <intel(r) 1000="" pro="" network="" connection="" 7.4.2=""> port 0xd020-0xd03f mem 0xdf5a0000-0xdf5bffff,0xdf580000-0xdf59ffff irq 16 at device 0.0 on pci1 em0: Using an MSI interrupt em1: <intel(r) 1000="" pro="" network="" connection="" 7.4.2=""> port 0xd000-0xd01f mem 0xdf540000-0xdf55ffff,0xdf520000-0xdf53ffff irq 17 at device 0.1 on pci1 em1: Using an MSI interrupt</intel(r)></intel(r)>

I also have all off-loading enabled, but I disabled the flow control.

Are you using the DNS forwarder (dnsmasq) or DNS resolver (Unbound)?
I use unbound, also as a package under 2.1.5

You mentioned the top part of the site loads in Firefox, then stops?
Have you cleared the Firefox cache?

Heper's link mentioned a reply asking for info using pciconf.
Here is my pci-express "pciconf -lv"

$ pciconf -lv hostb0@pci0:0:0:0: class=0x060000 card=0x00000000 chip=0x1f018086 rev=0x02 hdr=0x00     class      = bridge     subclass  = HOST-PCI pcib1@pci0:0:1:0: class=0x060400 card=0x1f101849 chip=0x1f108086 rev=0x02 hdr=0x01     class      = bridge     subclass  = PCI-PCI pcib2@pci0:0:3:0: class=0x060400 card=0x1f121849 chip=0x1f128086 rev=0x02 hdr=0x01     class      = bridge     subclass  = PCI-PCI hostb1@pci0:0:14:0: class=0x060000 card=0x1f141849 chip=0x1f148086 rev=0x02 hdr=0x00     class      = bridge     subclass  = HOST-PCI none0@pci0:0:15:0: class=0x080600 card=0x1f161849 chip=0x1f168086 rev=0x02 hdr=0x00     class      = base peripheral     subclass  = IOMMU none1@pci0:0:19:0: class=0x088000 card=0x1f151849 chip=0x1f158086 rev=0x02 hdr=0x00     class      = base peripheral ehci0@pci0:0:22:0: class=0x0c0320 card=0x1f2c1849 chip=0x1f2c8086 rev=0x02 hdr=0x00     class      = serial bus     subclass  = USB ahci0@pci0:0:23:0: class=0x010601 card=0x1f221849 chip=0x1f228086 rev=0x02 hdr=0x00     class      = mass storage     subclass  = SATA ahci1@pci0:0:24:0: class=0x010601 card=0x1f321849 chip=0x1f328086 rev=0x02 hdr=0x00     class      = mass storage     subclass  = SATA isab0@pci0:0:31:0: class=0x060100 card=0x1f381849 chip=0x1f388086 rev=0x02 hdr=0x00     class      = bridge     subclass  = PCI-ISA none2@pci0:0:31:3: class=0x0c0500 card=0x1f3c1849 chip=0x1f3c8086 rev=0x02 hdr=0x00     class      = serial bus     subclass  = SMBus em0@pci0:1:0:0: class=0x020000 card=0x115e8086 chip=0x105e8086 rev=0x06 hdr=0x00     class      = network     subclass  = ethernet em1@pci0:1:0:1: class=0x020000 card=0x115e8086 chip=0x105e8086 rev=0x06 hdr=0x00     class      = network     subclass  = ethernet pcib3@pci0:2:0:0: class=0x060400 card=0x860810b5 chip=0x860810b5 rev=0xba hdr=0x01     class      = bridge     subclass  = PCI-PCI pcib4@pci0:3:1:0: class=0x060400 card=0x860810b5 chip=0x860810b5 rev=0xba hdr=0x01     class      = bridge     subclass  = PCI-PCI pcib5@pci0:3:5:0: class=0x060400 card=0x860810b5 chip=0x860810b5 rev=0xba hdr=0x01     class      = bridge     subclass  = PCI-PCI pcib7@pci0:3:7:0: class=0x060400 card=0x860810b5 chip=0x860810b5 rev=0xba hdr=0x01     class      = bridge     subclass  = PCI-PCI pcib8@pci0:3:9:0: class=0x060400 card=0x860810b5 chip=0x860810b5 rev=0xba hdr=0x01     class      = bridge     subclass  = PCI-PCI pcib6@pci0:5:0:0: class=0x060400 card=0x11501a03 chip=0x11501a03 rev=0x02 hdr=0x01     class      = bridge     subclass  = PCI-PCI vgapci0@pci0:6:0:0: class=0x030000 card=0x20001849 chip=0x20001a03 rev=0x21 hdr=0x00     class      = display     subclass  = VGA igb0@pci0:7:0:0: class=0x020000 card=0x15331849 chip=0x15338086 rev=0x03 hdr=0x00     class      = network     subclass  = ethernet igb1@pci0:8:0:0: class=0x020000 card=0x15331849 chip=0x15338086 rev=0x03 hdr=0x00     class      = network     subclass  = ethernet

note*) I do not use my on-board igb0 and igb1 devices (I210, they did not work properly on v2.1.5, have not tried on v2.2)

Cleaning the disk can help in certain cases but generally only when reusing a card that had an existing partition (especially if said partition was smaller than the actual size of the card). If it's fresh, it may not be needed, but it's quick and easy and worth trying, so there's little to lose.

@antonkristensen:

picked up a used ZTE MF60 3g router today for $6

Hard to argue with that!  :)

You may be able to configure it to pass the external IP to you. Your ISP may be using Carrier Grade NAT so that might be your external IP. It's relatively common in mobile broadband.

Steve

I am working on this exact thing also.  Using a Raspberry PI and talking to my pfSense router via SNMP.  I have the basics and components all ready to go and am currently writing the main scripts.  Updates to follow.

If you're not filtering any of the traffic between vLANs, why have pfSense aware of them at all?  There is no way that a pfSense box will have anywhere near the throughput of a L3 switch if all you need is simple routing between vLANs.  In my core network at work I use a pair of Cisco Nexus 5548UP switches w/ L3 Modules and 16-port expansion cards for servers and aggregation & Nexus 2248TP Fabric Extenders for 1Gbe data center devices.

What is it that you are seeing as a performance bottleneck?

You know why I like SLC?  Because I've never had even 1 single failure with those.  Not 1.

Doesn't mean the MLC in this unit isn't also great.

the people at the freenas forum went all anti Kingston after they messed around with their part numbers. most recommend crucial now. what i used on my freenas build