@tman222 said in Hardware opinion with Gigabit fiber.:
Even though you already purchased the hardware I just wanted to chime in here quick as well and mention that I have been using that exact same system with a symmetric gigabit fiber connection for almost two years and have been very happy with the performance. I basically have all the things installed that you mentioned in your post, although I don't use IPSEC anymore these days. This is a very capable little box and that will even scale beyond gigabit (I have done some basic 10Gbit testing with it).
They back-ordered it so I am still on the hunt for one at a good price but thanks for the confirmation!!
I have modem Alcatel OneTouch l850v
PFSense version 2.4.4-RELEASE-p1
This modem work if load module if_urndis.ko. I copy this module from another FreeBsd installed system 11.2. This file is in /etc/boot/kernel/if_urndis.ko
After load module modem is ue0: network interface, and autoconnect to Internet.
You must disable PIN to sim card.
@toomas said in [Solved] In/out errors on LAN:
I've built a new PFSense system and I'm having some In/out errors on my LAN. Is this normal or do I have a port/cable issue? (I've already changed the cable and the error rate stayed the same).
This is my config map.
Modem -> PFsense -> 4x1Gb Lan Bridged -> 1Gb Switch/Access Point (WiFi + 4 Ethernet Ports).
I'm only using one of the LAN ports on my PFSense system out of the four available. I bridged the four ports as I intended to use more than one.
Here is the information from the affected interface, this is the Bridge. No other interface is showing any In/Out Error or Colossians.
Based on this the error rate is about 1.06%
Is this something I should be concerned about? I'm not having any issues accessing the internet, the speed is what I should be receiving and is identical to my old equipment. But obviously seeing errors of any kind is worrying with a new system, this is my first PFSense build also.
Thank you for any replies. It is much appreciated.
I can verify the errors.. if you have bridget the ports and you have unused ports enabled.. you get errors on the bridge.. just unenable the unused ports and you are good.. this is still happening in 2.3 realice version.. :)
New pfSense user here, sorry to revive an old thread but I can also verify that this is still a thing with version 2.4.4.
I bridged two of my LAN-ports today and immediately after that I began receiving output errors on the bridge-interface (with the other network cable unplugged).
FYI we just asked today to our SFR commercial if she could help us with this issue, she looked for an option on our contract / data plan and she activated the sl2sfr APN.
We now can successfully use it (Data only sim card). We'll just keep an eye on the invoice...
@tman222 That does look like a great box, but it is a bit over what I'd like to spend.
Does anybody else have any recommendations? I'd really like to start ordering some parts soon, so I can begin building. I was hoping to get it up and running before Christmas, but also don't want to just rush anything.
Thank you for time!
If you don't have ue0 then try using camcontrol to eject cd0 and da0, this might allow the stick to change mode. Alternatively you can flash a different firmware on to the stick.
check this thread here, I've written a small how-to guide for NDIS mode
Just buy a power consumption meter.
You need measurement on a daily/weekly basis, not spot measurements
As for the ups... Its nice, however consumes electricity and it won't show total consumption
As for using a clamp meter or a multimeter for power measurements, well, leave that to profesional electricians. Definitely not worth the hassle/danger.
You can use suricata other than snort for 1gbps throughput IDS. There are no GUI setting method in current pfSense for snort to fork multi processes to monitor an interface. (200mbps per snort process from Security Onion and other snort documents.)
From the information of a reddit post, XG-7100 is sure can make 1gbps IDS with suricata.
I have used suricata as IDS in a C3758 barebone and used iperf2 to test the throughput of an suricata monitored gigabit interface then got 946mbps on download.
Id be interested to see a more comprehensive breakdown of the tweaks you made and before/after results. I tweaked by old c2758 setup and am about to embark on the same on my new system. Specifically interested in the difference between hyper threading on/off.
Lool :D according to me, the newer coreboot is designed primary for new APU4 and APU5 board etc, so is possible to get errors when you upgrade lastest coreboot release on older APU2 board.
Anyway this kind of problem is only pcengines busines and not deal anything with pfsense software. So better call pcengines staff and notice to her this kind of issue. Open thread like this on pcengines forum will be better choice to figure it out.
@canadianllama Looks like we may have fixed it, we did a BIOS update, turned off legacy for the HDD in BIOS (switched it to the other option UHDI or whatever its called) . Fresh install, loaded in our backup and BAM bobs your uncle, software reboot is working.
$ mcelog --no-dmi --ascii --file mce.log
Hardware event. This is not a software error.
CPU 0 BANK 3
MISC 0 ADDR 0
STATUS fe00000000800400 MCGSTATUS 0
APICID 0 SOCKETID 0
You have a hardware problem.
Mmm, that sslspeed thread was.... um...wild!
The default settings should work well for most. Some tuning can help. The asynchronous-crypto setting in 2.4.4 can dramatically increase ipsec throughput in some situations but can also break it in some edge cases so it not enabled by default in CE.
I successfully installed pfSense on 2 DELL R320 servers this weekend to replace my WatchGuard XTM 525 (primary) and XTM 810 (backup) pfSense appliances. Now I'm ready for the next version of pfSense (2.5) that supports AES-NI.
You can do the ping if you ssh to your router, its not really much use unless your using ping to see if a device is back up after a reboot.
−A Audible. Output a bell (ASCII 0x07) character when no packet is received before the next packet is transmitted. To cater for round-trip times that are longer than the interval between transmissions, further missing packets cause a bell only if the maximum number of unreceived packets has increased.
−a Audible. Include a bell (ASCII 0x07) character in the output when any packet is received. This option is ignored if other format options are present.
Yes, the supplied injector would be easiest. Then using a PoE switch. Using a NIC that can supply PoE is not something I've ever actually seen myself. It would be interesting but almost certainly far more expensive.
I know this is kind of an old topic but... :-)
First, Thank you SO SO SO MUCH for the FreeNas Tipp ;) Saved me hours recompiling the kernel (never done that on FreeBSD).
Is anyone running LACP with these cards? I currently have pretty bad performance issues, ~1-2G throughput with a 2 link 802.1ad
@thuety said in No love for PC Engines anymore?:
APU2: AMD G-Series GX-412TC, 4 x 1200MHz
Fitlet2: Intel Celeron J3455, 4 x 1500MHz (boost 2300)
Both can have up to 4 Intel LAN
APU2 $110-130 needs a disk and a case.
Fitlet2 $160 needs RAM and a disk.
I can get an apu2 for about $150 all-in, the fitlet is at least 50% more expensive. So it's a bit faster, and a bit more expensive. If you need a bit more power it could be worth it. I don't think it's a game changer, because I don't think there are many cases where the fitlet would be fast enough if the apu2 isn't.
Hi @dajones13 ,
Not sure what our budget or connection speed is, but in terms of of your requirements I can recommend this:
Have been using this system (added SSD and 16GB RAM) with a symmetric gigabit fiber connection for about 1.5 years now without issues. Very capable little box with room for growth.
If you need more horsepower, check out this newer model:
Hope this helps.