It was only if you didn't already have the 2014 decked out with 16GB RAM, since those RAM is soldered...in your case, hallelujah. Yes, both device and thunderbolt to Ethernet adapter used Broadcom which is not compatible with Netmap.
The thunderbolt two enclosure worked like a charm with Intel NIC, and I had no problem running Suricata on WAN and Snort on LAN both in-line mode despite that not recommended by the package maintainer. I just love the idea, and it works great as long as one is not using the same rules feed with both.
I was lucky to find the thunderbolt PCI enclosure on eBay for close to $100 used (Akitio) and if you're unable to find one, I maybe able to help you out. I believe the current version of FreeBSD should have the fan driver but could be added and recompiled although I had not done it.
I already upgraded the modem. I also found a problem with the cable coming in and fixed it - the copper wire had clipped off and was barely making a connection. My speeds are better and I now have a spare modem - I like having spare things, not hoarding.
I'm thinking of a 6 port pc with 2.5Gbit ports. 1 port will be a VLAN. The other 3 will be for the full pipe, whatever it is - likely 900 mbits for a long time. Someday I suspect 2 Gbits will be fairly common. I started out with 50 and ended up with 900 so far, and most upgrades were free and just given to me. My Shuttle DS68U will be a spare router. Sometime this year.
I'm retired and need a hobby. This one includes bragging rights.
Intel FreeBSD EM driver
Scroll down and find your adapter is well supported by the em driver. If you comes into trouble you should perhaps have a look for an original Intel firmware image, you could
try to flash on this card.
I also think the Win11 thing is going to be good for Unix in general. I can buy cheap Gen6 HW, drop a friendly version of Linux on it and give to someone who just surfs the web. A reasonably safe, faster than it needs to be PC that requires little up keep.
I have 1gb fiber up & down. Current consumer grade
mesh system shows consistent 950-ish speeds at the
The consumer grade router comes often sorted with an ASIC or an FPGA and is only routing not more! It is doing
SPI and NAT and that`s it. pfSense is a firewall and on top
it can be turned into a fully UTM device with captive portal
and voucher system over sms if needed. So if you say today you will 100 % know what you will be installing and using or how much you will turn it into "something" including ids and pfblocker-ng rules it might be the best
to work two different roads;
You will get nearly the use case you know before
that all is matching and running fine for you.
You will be buying a "diy" rig (pfSense box) that comes with much power in backgrounbd you and be able to push it up if needed with ram, ssd and wifi or LTE if needed.
Squid & SquidGuard, ClamAV, IDS, pfBlocker-ng, firewall, = UTM
If I’m understanding you correctly I would be better
served with more cores over clock speed and 8-16gb
RAM plus some hard drive space?
With not using PPPoE, yes of course this might be the best solution for you in my eyes, because;
you will be able to balance the wan queues over the CPU cores, so they count.
If you need more ram you should be able to insert it fast
If you need a greater ssd space you will be able set it up
if you need wifi with captive portal for your clients you will be able to realize it.
you turn on more rules and lists for suricata snort or pfblocker-ng you have not problems at all!
As noted a few posts up I had a Mac Mini drop in my
lap and would at least like to try to use it to help keep
my costs low. However, getting a reliable and fast
working device over cost savings.
Make sure that the usb port to ethernet adapter is not your wan, it is often reasigning and then you will be
really p****d by configuring it new.
The Mac Mini is a dual core i7 4578U @ 3.0ghz
with 16gb DDR3 and a 256gb SSD. Based on what
you said my concern is I need a quad core or more.
3,0 GHz CPU
4C / 4T or 4C / 8T
8 - 16 GB
64 GB - xyz GB/TB (M.2 / miniPCIe slot)
able to add 2 WiFi cards
Would be my setup in your situation based on what you were telling here around.
So this is what you will see it is nice to go only with the things you need pfSense such suricata, firewall and and and, for this they are selling appliances, being sure you will be on the save site or you will be setting up your own rig, you should be better sorted using the two way;
near by the point all is running
build a box with much backspace horse power.
What I was getting out of this forum actual I mean, if
netgate is able to offer you a box matching your needs go with it, if not or you will be unsure you should buy supermicro C3000 board with much ECC Ram and a mSATA to come closer to your needs, if not able go with an used E3-xxxxv5 and a miniITX board with one or two PCIe slots and ecc ram and M.2 or mSATA with it you will never fail in 80% of all cases, all other cases are greater companies with many more employees and services running.
@usofa1984 I have another thread and someone had made a comment about Wireguard and not trusting it yet. I asked for a deeper explanation but got no response. I am thinking this may be why.
I’m new and still learning but to my inexperience this screams use in a test environment or for non-sensitive transmissions. Of course if they weren’t sensitive then you probably wouldn’t be using VPN.
@sledge do you have something you can run a VM on? I have a VM on my synology ds918+ nas running ubuntu - installed the VM there.. Doesn't use a lot of resources, its only got 1gig of ram assigned to it, ec.
Its best if its something you can leave running 24/7 like a nas you have anyway.
Just updated the APs to the latest 6.2.33 beta firmware this morning - the flexHD is just playing with, don't really have a use for it - it was the AP that was over at my son's house til he updated to fiber connection, so he is just using the isp device now.
hi, here we can find some refurbished Dell EMC SD-WAN Edge 620, for a very interesting price. But i don't know if they are "unlocked", they say in the description that "No DNOS Installed", and "Supports Native Linux OS provided by the VNF partners. Supports KVM or ESXi hypervisors".
so do you think that we can easily install pfsense on it ?
on a deleted message in reddit someone said :
Dell EMC SD-WAN Edge 604 is a C3758 CPU It uses the same Motherboard as the VEP-1445.
However if you change the OS, it will boot loop. You must install the BIOS from the VEP-1445 onto the SD WAN if you want your own OS.
To Flash the BIOS you need to first flash the Dell Recovery OS from the VEP-1445 to the eMMC of the SD-WAN. Once booted to the recovery OS you can then flash BIOS.
EDIT 2 :
look at that : https://www.etb-tech.com/dell-emc-vep1425-switch6-x-1gb-rj45-2-x-10gb-sfp-sw02212.html
pfSense is using FreeBSD
|---> Intel QAT Driver is supporting ChaCha-Poly
|--->CryptoDev system is using the driver
|---> WireGuard is using the CryptoDev system
|---> DPDK was used to code the WireGuard packet
@stephenw10 Thanks, saw the loader.conf.local stuff after I wrote that post, thanks for the reminder! I also didn't know you could pkg add - when pkg install realtek-re-kmod didn't work, I just hacked my way forward. Thanks for all the info!
Compex WLE200NX is able to get new for ~30 € and clone from other countries (same chip) will be able to get for ~10 €
so if you will be able to get hands on, it will be the best choice for you to insert WiFi in the SG-1100.
Several ways here might be able to go with gaining the entire security using dump switches and/or smart ones up to real small layer3 switches.
Plain Routing (using dump switches)
If you are using the pfSense as firewall you may be able to set up on any LAN port a small or greater dump switch.
Network plugs in the wall --- patch panel --- some ports from patch panel to a dump switches --- dump switch to the pfSense firewall
So will be able to connect all WiFi APs to one Switch
Livingroom and house electric (smarthome) to another one
sons room to one switch
daughters room to one switch
and each of the switches will be connected to one LAN port of the pfSense, you may be now routing it all
through the pfSense and you work with rules.
easy to manage
but only one routing point
firewall must do the entire routing
Smart Switches (Using VLANs)
If you are using a smart switch you may be able to work with VLANs in your network and segment it in to many parts. You can now work with rules on the pfSense and
on top with ACLs on the Switch directly. The VLAN1 or VLAN0 is often so called default VLAM or management VLAN used only by the admin. After you were creating all your VLANs often you lay over another one (one over all the others) but not the VLAN1 (default) and with ACLs
you may now creating who has hands on what VLAN.
small broadcast domain
better overview over devices
better structured or segmented network
the admin owns now a management VLAN
ARP spoofing is not solved
Inter VLAN hopping is not solved
VLANs must be created and ACLs must be set up
the management VLAN can be miss used by others
Greater Smart or managed Switches VLANs, MacSec, multiple Radius auth. for each switch port
You will be setting up VLANs as before;
one management VLAN1 (default)
all other with a great one over all others
Setting up ACLs
But now you will be able to turn on MacSec, and now one is able to sniff inside of that Switch(es), you will be able to stack them (ring) to better manage them. And you will be able to set up on your pfSense the FreeRadius package or
another FreeRadius server on an RaspBerry PI or PC Engines APU1/2/3/4/6 if needed. You will be able to gain your security over installing OpenLDAP (wired clients),
FreeRadius Server with certificates, (wired and wireless clients) and now you will be able to put any device into its own VLANs by using a radius certificate and I mean not only for the wireless clients.
Building stacks (ring)
often MIBS for Nagios or PRTG
each devices will be put in the right VLAN (certificates)
MacSec is able to turn on (no sniffers)
Switch Ports with multiple certificate authentication are
not any more allowing to finger at the VLAN1 (default)
no y-cable usage and/or foreign devices in your network
much can be realized over pfSense itself or a small RaspBerry PI 2/3/4
not so cheap as the other ways
more management and admin power or work
more complicated and also a much more hit on the
entire LAN network cable (MacSec and Radius with certificates and encryption will be using much horse power)
Managed switches (greater ones)
You can be often her and in the section before getting hands on layer3 license and/or they will be also in all
other segments being sold as real layer3 switches such
the Cisco SG300 or SG350 series. You will be getting all as above mentioned but on top layer3 that let route the entire VLANs it self and free the pfSense firewall from that
workload. Often stacking modules will be also available
for such managed switches. It is often also offered some
different routing methods like RIP-2, IGMP, VRRP, OSPFv2, PIM-SM, static IP Routing, PIM-DM and others so it is more interesting what your pfSense firewall is set up
and/or using to the WAN side and the LAN side too.
Stackable, Layer3 Licences available
more routing protocols available
faster and more powerful
better connect and support to the WAN routing device
(pending on the used routing protocols there)
high electric power using
much more complicate to manage
not for all circumstances and users